https://cerbos.dev logo
#help
Title
# help
b

Bradey Wood

11/13/2023, 5:12 PM
Repl details -- vars:
Copy code
request = {
  "resource": {
    "kind": "mua:app",
    "id": "ioi"
  },
  "principal": {
    "id": "ioi_user",
    "roles": [
      "user"
    ],
    "attr": {
      "appsEnabled": [
        "ioi"
      ]
    }
  }
}
Rules:
Copy code
-> :rules
Conditional rules in 'resource.mua_app.vtemplate'

[#0]
    actions:
    - access
    condition:
      match:
        expr: R.id in P.attr.appsEnabled
    effect: EFFECT_ALLOW
    roles:
    - '*'


-> :exec #0
└──R.id in P.attr.appsEnabled [true]
Tests:
Copy code
cerbos compile policies --verbose --run=app

Test results
├──view deal (resource_policies/ECM/deal_test.yaml) [SKIPPED]
└─┬access app (resource_policies/MUA/app_test.yaml) [1 FAILED]
  └─┬app enabled users can access the relevant app
    └─┬ioi_enabled
      └─┬ioi
        └─┬access [FAILED]
          └──OUTCOME: expected: EFFECT_ALLOW, actual: EFFECT_DENY


TRACES
access app - ioi_enabled.ioi.access
  action=access
    activated
    effect → deny
    No matching policies

16 tests executed [15 SKIPPED] [1 FAILED]
cerbos: error: tests failed
c

Charith (Cerbos)

11/13/2023, 5:15 PM
I think it's because you haven't defined
policyVersion: template
in your resource definitions for the tests
If the
policyVersion
is not defined, Cerbos looks for policies with version
default
. In your case, there's no
default
policy.
🙏 1
b

Bradey Wood

11/13/2023, 5:18 PM
got it! I was doing something stupid!
thanks!
🙇 1