https://cerbos.dev logo
#help
Title
# help
b

Brandon Choe

12/01/2023, 1:39 AM
can variables be used as constants? or is there some way to have constants?
Copy code
# yaml-language-server: $schema=<https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json>
apiVersion: api.cerbos.dev/v1
description: Common variables
exportVariables:
  name: common_variables 
  definitions:
    foo: "bar"
d

Dennis (Cerbos)

12/01/2023, 1:42 AM
Yes, certainly. Are you getting an error?
I mean variables can be used as constants.
b

Brandon Choe

12/01/2023, 1:44 AM
yeah I'm getting the following
Copy code
failed to get check for [machine.default]: policy compilation error: 11 compilation errors:\ncommon_variables.yaml: Invalid expression in variable 'MACHINE_ACCESS_RESTRICTED' (failed to compile `RESTRICTED` [undeclared reference to 'RESTRICTED' (in container '')])
file looks like this
Copy code
# yaml-language-server: $schema=<https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json>
apiVersion: api.cerbos.dev/v1
description: Common variables
exportVariables:
  name: common_variables 
  definitions:
    MACHINE_ACCESS_RESTRICTED: "RESTRICTED"
actually, give me a second
no yeah it's still happening
d

Dennis (Cerbos)

12/01/2023, 1:48 AM
Interesting. Can you try wrapping the value in single quotes instead?
b

Brandon Choe

12/01/2023, 1:49 AM
same thing
Copy code
failed to get check for [machine.default]: policy compilation error: 10 compilation errors:\ncommon_variables.yaml: Invalid expression in variable 'MACHINE_ACCESS_RESTRICTED' (failed to compile `RESTRICTED` [undeclared reference to 'RESTRICTED' (in container '')])
d

Dennis (Cerbos)

12/01/2023, 1:51 AM
It seems to take
RESTRICTED
as the name of another variable. 🤔
b

Brandon Choe

12/01/2023, 1:55 AM
do you have an example of constant variables? I couldn't find one in the docs
d

Dennis (Cerbos)

12/01/2023, 1:57 AM
Seems like a bug, but this workaround works:
string("RESTRICTED")
MACHINE_ACCESS_RESTRICTED: string("RESTRICTED")
b

Brandon Choe

12/01/2023, 1:58 AM
that worked!
thank you for the help!
d

Dennis (Cerbos)

12/01/2023, 1:59 AM
No problem. We will investigate the bug. Thanks for reporting.
🙌 1
a

Andrew Haines (Cerbos)

12/04/2023, 12:09 PM
I don't think this is a bug actually, this is because variables are CEL expressions (the same as conditions). The quotes are part of the YAML syntax there and not part of the expression, so this is interpreted as a CEL expression
RESTRICTED
which won't compile. To get a valid CEL expression that evaluates to the desired string, you can also wrap it with parentheses
("RESTRICTED")
, double the quotes
'"RESTRICTED"'
, or use the YAML block scalar syntax
Copy code
MACHINE_ACCESS_RESTRICTED: >
  "RESTRICTED"
b

Brandon Choe

12/04/2023, 6:47 PM
I see! thanks for the explanation!
👍🏼 1
5 Views