https://cerbos.dev logo
#help
Title
# help
d

Dmitry Meyerson

05/15/2023, 7:06 PM
hi all - thank for your help so far, if there a way to use s.think like regex to define a resource policy where derived role naming choices/convention can be leveraged - example in thread
Copy code
apiVersion: api.cerbos.dev/v1
description: progA specific resources
resourcePolicy:
  version: default
  importDerivedRoles:
  - common_roles_based_on_locale_and_groups
  resource: progA
  rules:
  - actions:
    - GET:(.+)
    effect: EFFECT_ALLOW
    derivedRoles:
    - {capture_group}-READ
maybe @Emre (Cerbos) or @Dennis (Cerbos)
( the above is non-working psuedo-code to help illustrate my question)
Copy code
apiVersion: api.cerbos.dev/v1
description: progA specific resources
resourcePolicy:
  version: default
  importDerivedRoles:
  - common_roles_based_on_locale_and_groups
  resource: progA
  rules:
  - actions:
    - GET:some_program
    effect: EFFECT_ALLOW
    derivedRoles:
    - {some_program}-READ
same thing w/out pretending to use regex
c

Charith (Cerbos)

05/16/2023, 8:11 AM
Hi, please don't
@
mention individuals because there are people from lots of different timezones here. When you post a question someone from the team will answer you as soon as they can. To answer your question, no, policies don't support regexes and capture groups. You'd have to use a templating tool as discussed in another thread to generate a policy with all the possible combinations.
d

Dmitry Meyerson

05/16/2023, 4:01 PM
ok - thanks - will stop @ing
4 Views