https://cerbos.dev logo
#help
Title
# help
b

Bojan Delic

03/30/2023, 12:44 PM
Hi. Is AuxData only related to JWT? I have some additional data that I would like to provide for policy evaluation and AuxData seems like it is the place, but all I can find is JWT related info. Of course, I can add additional info in resource or principal attributes, but it does not logically belong to them, so I am wondering if there is recommended way to do this? Thanks.
c

Charith (Cerbos)

03/30/2023, 1:04 PM
AuxData is currently only for JWTs. The reason we don't support additional free-form data in there is because then it adds an extra dimension making it a bit more difficult to decide where data should go. Your colleagues might have different ideas to yours and design their policies differently and then it starts to get messy. So we only support free-form data under principal or resource only. In practice, most data points at least have a passing relationship to either the principal or the resource so we sacrifice a bit of purity for simplicity.
b

Bojan Delic

03/30/2023, 1:07 PM
I see, it does make sense. I mean, I can always redefine what “resource” encapsulates, but I was hoping there is something I am missing in documentation. Thanks. Maybe on a similar note - is there a way to statically provide some data to be used in policies? E.g. having a list of map of values that would be available in expressions. Values I have in mind are static, do not change often and not that small (e.g. 50 to 100 key-value pairs) so it seems a bit wasteful to send them on each request for policy evaluation.
c

Charith (Cerbos)

03/30/2023, 1:16 PM
You can define global variables in the policy definition that can then be referenced by the conditions in that policy. There's currently no way to have global, static data visible to all policies though.
b

Bojan Delic

03/30/2023, 2:43 PM
Ok, that might work. I was thinking more along the lines of having separate YAML or JSON file and loading it in policy where needed, but for this use case I can probably make it work like this. Thanks.
20 Views