can variables be used as constants? or is there some way to have constants?

# yaml-language-server: $schema=<https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json>
apiVersion: api.cerbos.dev/v1
description: Common variables
exportVariables:
  name: common_variables 
  definitions:
    foo: "bar"

Yes, certainly. Are you getting an error?

yeah I'm getting the following

failed to get check for [machine.default]: policy compilation error: 11 compilation errors:\ncommon_variables.yaml: Invalid expression in variable 'MACHINE_ACCESS_RESTRICTED' (failed to compile `RESTRICTED` [undeclared reference to 'RESTRICTED' (in container '')])

Interesting. Can you try wrapping the value in single quotes instead?

same thing

failed to get check for [machine.default]: policy compilation error: 10 compilation errors:\ncommon_variables.yaml: Invalid expression in variable 'MACHINE_ACCESS_RESTRICTED' (failed to compile `RESTRICTED` [undeclared reference to 'RESTRICTED' (in container '')])

It seems to take

RESTRICTED

as the name of another variable. 🤔

do you have an example of constant variables? I couldn't find one in the docs

Seems like a bug, but this workaround works:

string("RESTRICTED")

that worked!

No problem. We will investigate the bug. Thanks for reporting.

I don't think this is a bug actually, this is because variables are CEL expressions (the same as conditions). The quotes are part of the YAML syntax there and not part of the expression, so this is interpreted as a CEL expression

RESTRICTED

which won't compile. To get a valid CEL expression that evaluates to the desired string, you can also wrap it with parentheses

("RESTRICTED")

, double the quotes

'"RESTRICTED"'

, or use the YAML block scalar syntax

MACHINE_ACCESS_RESTRICTED: >
  "RESTRICTED"

I see! thanks for the explanation!