https://cerbos.dev logo
Powered by
Title
a

ANILA SOMAN

05/09/2023, 11:06 AM
Hi - can I get any sample/demo code which is using git as storage method?
c

Charith (Cerbos)

05/09/2023, 11:11 AM
We have a few examples of how to configure the git driver at https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#git-driver. Is there something that's not working/unclear?
a

ANILA SOMAN

05/09/2023, 11:18 AM
@Charith (Cerbos) cerbos: error: failed to create store: failed to clone from https://github.com/an1l4/git-test-cerbos.git to //tmp/work/policies: couldn't find remote ref "refs/heads/main"
c

Charith (Cerbos)

05/09/2023, 11:20 AM
Sounds like you have a different default branch. Is it called 
master
by any chance? If the default branch is not 
main
you have to specify it explicitly using the 
branch
config field.
Yep, the repo you linked has a 
master
branch. So, you need to set 
branch: master
in the Cerbos git config section.
a

ANILA SOMAN

05/09/2023, 11:24 AM
yh thanks for pointing out that error
cerbos: error: failed to create store: failed to stat policies: stat //tmp/work/policies/policies: no such file or directory
repo is cloning now but getting the above error
{"log.level":"error","@timestamp":"2023-05-09T11:24:04.816Z","log.logger":"cerbos.git.store","message":"Failed to initialize git store","dir":"//tmp/work/policies","error":"failed to stat policies: stat //tmp/work/policies/policies: no such file or directory"}
c

Charith (Cerbos)

05/09/2023, 11:25 AM
Remove the 
subDir: policies
config line because you don't have a directory named policies in the repo
a

ANILA SOMAN

05/09/2023, 11:33 AM
🙌 Thanks @Charith (Cerbos) working now 👍
@Charith (Cerbos) tried to add policy using go sdk
{
  "error": "failed to send batch [0,1): rpc error: code = Unimplemented desc = Configured store is not mutable"
}
getting this error
c

Charith (Cerbos)

05/09/2023, 11:37 AM
You can't add policies to a git store using the Admin API. You have to use the standard git workflow of committing and pushing to the git repository.
a

ANILA SOMAN

05/09/2023, 11:42 AM
@Charith (Cerbos) Thanks for the update
some more doubts needs to clarify
we need to view the audit. is there any reference using go sdk?
c

Charith (Cerbos)

05/09/2023, 11:48 AM
Well, if you use the 
local
audit sink, you can query the audit log using the SDK: https://pkg.go.dev/github.com/cerbos/cerbos/client#GrpcAdminClient.AuditLogs. We don't have an example for it though.
a

ANILA SOMAN

05/09/2023, 11:53 AM
@Charith (Cerbos) Thank you so much🙌
@Charith (Cerbos) Is multiple git repos supported ?
we have multiple services
c

Charith (Cerbos)

05/09/2023, 12:08 PM
No, each Cerbos instance is connected to a single repo. Typically people would use a monorepo for the purpose you're describing. If you really must have separate repos, then you could set up a Cerbos instance per repo and put them all behind a proxy with different paths configured for each service-specific Cerbos instance.
The other option is to configure 
blob
storage for Cerbos using a S3/GCS bucket and having a CI stage where all your different git repos publish their policies to that bucket.
a

ANILA SOMAN

05/09/2023, 2:44 PM
hi @Charith (Cerbos) why this error is coming cerbos: error: failed to create store: failed to clone from https://github.com/an1l4/git-test-cerbos.git to //tmp/work/policies: Get "https://github.com/an1l4/git-test-cerbos.git/info/refs?service=git-upload-pack": context deadline exceeded
c

Charith (Cerbos)

05/09/2023, 3:07 PM
It's timing out. Probably because of the degraded service from GitHub today. https://www.githubstatus.com/incidents/f0mhbz9xn497
4 Views
#communityJoin Slack
Powered by