Ayesha
08/23/2023, 7:20 PMoguzhan
Admin API
and cerbosctl
(cerbosctl uses Admin API behind-the-scenes).
In order to use Admin API
or cerbosctl
, it is required to enable Admin API
within the Cerbos configuration;
---
server:
httpListenAddr: ":3592"
grpcListenAddr: ":3593"
adminAPI:
enabled: true # this enables Admin API
adminCredentials: # optional part, should be provided for security reasons in a production environment
passwordHash: JDJ5JDEwJEdEOVFzZDE2VVhoVkR0N2VkUFBVM09nalc0QnNZaC9xc2E4bS9mcUJJcEZXenp5OUpjMi91Cgo= # bcrypt hashed, base64 encoded 'cerbosAdmin' which is also the default
username: cerbos # if not provided, default is cerbos
Other configuration parameters and what they do
Admin API
has an Add/Update Policies endpoint, and cerbosctl
has the cerbosctl put command to fullfil the requirement.Ayesha
08/24/2023, 6:13 PMAyesha
08/24/2023, 6:20 PMoguzhan
cerbosctl
running in the container doesn’t have access to the directory ./docker/policies
, it doesn’t work.
As a solution you may install the cerbosctl
to your host machine.
https://docs.cerbos.dev/cerbos/latest/installation/binary