--- apiVersion: api.cerbos.dev/v1 resourcePolicy: resource: album version: default rules: - actions: ['view'] effect: EFFECT_ALLOW roles: - editor condition: match: expr: 'test' in request.principal.attr.products
failed to convert YAML to JSON: yaml: line 12: did not find expected key
(from the docs, and of course, updated with paths to my policies and tests locally) just an FYI, that the
docker run -i -t \ -v /path/to/policy/dir:/policies \ -v /path/to/test/dir:/tests \ <http://ghcr.io/cerbos/cerbos:0.20.0|ghcr.io/cerbos/cerbos:0.20.0> compile --tests=/tests /policies
flag is invalid? getting this error:
cerbos: error: unknown flag --format
, a policy for
) 2. Scopes (
) 3. A mix of the two? Is it right to say that scope should be resource agnostic, and preferred for things like multi-tenancy? What are the trade-offs of modeling it in one manner or another? What sort of litmus would you use to pick? I appreciate any insight you might provide! Thanks again for a great intro to the community today
kind: config, scope: 'config.products'
-- specifically I get stuck in
the error comes from here
and I get
/Users/walk003/orchard/collab/mwalker/cerbos/demo-python/.pyprojectx/pyprojectx/0.9.9-py3.8/bin/python3 -Im ensurepip --upgrade --default-pip
I'm working in a new M1 macbook, and I've heard there's funkiness with python/pip + M1 -- have you all encountered anything similar?
zsh: killed -Im ensurepip --upgrade --default-pip
condition: match: any: of: - expr: R.attr.status == "PENDING_APPROVAL" - expr: "GB" in R.attr.geographies - expr: P.attr.geography == "GB"
but just getting
condition: match: expr: "name" in request.resource.attr
Failed to read: failed to convert YAML to JSON: yaml: line 28: did not find expected key