• t

    TS

    3 months ago
    Hi, I'm trying to deploy cerbos server to a cluster following your example but I'm getting this error. I just changed the repo URL, branch (it exists in remote), and subDir. I created a personal access token with repo scope
    t
    Dennis (Cerbos)
    58 replies
    Copy to Clipboard
  • Topi Hernández Mares

    Topi Hernández Mares

    3 months ago
    Hello again! I'm having a weird behavior with the Python SDK, let me try to explain it here. I'm getting the following error, but only in a specific scenario:
    RuntimeError("Cannot send a request, as the client has been closed.")
    This only happens when I make two or more requests to Cerbos with the SDK
    Topi Hernández Mares
    Charith (Cerbos)
    11 replies
    Copy to Clipboard
  • Topi Hernández Mares

    Topi Hernández Mares

    2 months ago
    Hi, me again! I'm getting a strange behavior with Cerbos. Every now and then, a request to Cerbos get's "lost". I make a call to the API with the Python SDK and get the following error:
    The read operation timed out
    . I thought that increasing the
    timeout_secs
    param in the client could fix this issue, but id didn't. I enabled audit logs on my Cerbos container to see if there is any error in that side, but I discovered that whenever I get the error
    The read operation timed out
    , I don't get any logs, not even the one about
    Handled Request
    Topi Hernández Mares
    Charith (Cerbos)
    +1
    36 replies
    Copy to Clipboard
  • d

    david

    2 months ago
    Hello 👋 . I am currently evaluating Cerbos against our authz requirements and Im trying to understand how I would write a request/policy to filter a potentially large amount of resources that are hierarchically organized. As an example: a directory structure of fixed depth (2 levels) where each depth of folder can have its own permissions and also the file nodes can have their own permissions. The system would require a way to filter the list of files to just those “viewable” or “editable” by the user. I see some examples in the playground, but they appear to deal with small quantities of resources, and also the documentation indicates that up to 50 (a default) resources can be included in a request. Are there any other examples? Or maybe a policy pattern for handling this scenario? Thanks !
    d
    Alex Olivier (Cerbos)
    4 replies
    Copy to Clipboard
  • Steve High (NTWRK)

    Steve High (NTWRK)

    2 months ago
    Hello There I'm doing some bare metal dev and am running cerbos as a standalone (installed via homebrew). I was able to work through some of the TLS issues, but now when I make calls, I am getting this:
    "request failed: rpc error: code = Unimplemented desc = unknown method CheckResources for service cerbos.svc.v1.CerbosService
    I installed the standalone a few days ago, and it looks like it's the latest version. Homebrew thinks I am on
    v0.19.0
    . WHen I run
    cerbos -v
    , it returns
    0.7.0
    . Just wanna make sure this is a goreleaser hiccup, or if i am actually on an old version. I'll try building from source and see if there's a difference
    Steve High (NTWRK)
    Charith (Cerbos)
    12 replies
    Copy to Clipboard
  • d

    david

    2 months ago
    Is there an equivalent to
    c, err := client.New(*cerbosAddr, client.WithTLSInsecure())
    for the Javascript GRPC client? i.e. use TLS, but allow insecure.
    d
    Alex Olivier (Cerbos)
    +1
    7 replies
    Copy to Clipboard
  • m

    Ming Fang

    2 months ago
    can you please add bash to the docker image? it's virtually important to support it without being able to shell in to debug
    m
    1 replies
    Copy to Clipboard
  • g

    Gabi Zarhin

    1 month ago
    Hello there(…) 🙂 We are considering creating an authorization mechanism in our application using Cerbos. part of the policy we characterized defines that a user has a permission for a certain resource (A), if he has said permission to a resource (B) that contains it (A) i.e. its parent, grand-parent and so on. As far as i understood from the documentation, there is a way for defining such hierarchy for principals (derived roles), but the question is if there is a proper way of doing that for resources as well? for example: a user has “write” access to a file if he has “write” access to the folder containing the file? thanks very much in advanced 🙂
    g
    Charith (Cerbos)
    2 replies
    Copy to Clipboard
  • Dennis (Cerbos)

    Dennis (Cerbos)

    1 month ago
    The request can contain multiple resources, so the response will contain multiple decisions. The resource ID helps to identify the decision for the given resource.
    Dennis (Cerbos)
    Jesum Yip
    10 replies
    Copy to Clipboard
  • a

    Asma Rahim

    1 month ago
    Hello All, I hope everyone is great. Has anyone tried out this project to implement cerbos w AWS cognito?
    a
    Alex Olivier (Cerbos)
    +1
    48 replies
    Copy to Clipboard