Repl details -- vars:
```request = {
"resource":...
# helpb
Bradey Wood
11/13/2023, 5:12 PMRepl details -- vars:
Copy code
request = {
"resource": {
"kind": "mua:app",
"id": "ioi"
},
"principal": {
"id": "ioi_user",
"roles": [
"user"
],
"attr": {
"appsEnabled": [
"ioi"
]
}
}
} Copy code
-> :rules
Conditional rules in 'resource.mua_app.vtemplate'
[#0]
actions:
- access
condition:
match:
expr: R.id in P.attr.appsEnabled
effect: EFFECT_ALLOW
roles:
- '*'
-> :exec #0
└──R.id in P.attr.appsEnabled [true] Copy code
cerbos compile policies --verbose --run=app
Test results
├──view deal (resource_policies/ECM/deal_test.yaml) [SKIPPED]
└─┬access app (resource_policies/MUA/app_test.yaml) [1 FAILED]
└─┬app enabled users can access the relevant app
└─┬ioi_enabled
└─┬ioi
└─┬access [FAILED]
└──OUTCOME: expected: EFFECT_ALLOW, actual: EFFECT_DENY
TRACES
access app - ioi_enabled.ioi.access
action=access
activated
effect → deny
No matching policies
16 tests executed [15 SKIPPED] [1 FAILED]
cerbos: error: tests failedc
Charith (Cerbos)
11/13/2023, 5:15 PM
I think it's because you haven't defined
policyVersion: templateCharith (Cerbos)
11/13/2023, 5:16 PM
If the
policyVersiondefaultdefault🙏 1
b
Bradey Wood
11/13/2023, 5:18 PMgot it! I was doing something stupid!
Bradey Wood
11/13/2023, 5:18 PMthanks!
🙇 1