https://cerbos.dev logo
#help
Title
# help
k

Karl Azzam

01/11/2024, 12:34 AM
is it possible to have a resource rule where we can compare the path parameter to one of the jwt claim values. i.e. the path parameter for this request = foo, the claim user = foo would be valid.
d

Dennis (Cerbos)

01/11/2024, 12:45 AM
1. You can pass the path parameter as a resource/principal attribute. 2. The rule can compare the attribute value with the claim value.
k

Karl Azzam

01/11/2024, 1:09 AM
hmm can you give an example for part 1 please
lets say the resource path is /api/v1/get/{pathParam}
d

Dennis (Cerbos)

01/11/2024, 1:30 AM
Which programming language are you using?
for your service
k

Karl Azzam

01/11/2024, 1:40 AM
kotlin
d

Dennis (Cerbos)

01/11/2024, 1:49 AM
Sorry, I’m not a Java/Kotlin dev, but here’s an example from the Cerbos Java SDK readme:
Copy code
CheckResult result=client.check(
    Principal.newInstance("john","employee")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB")),
    Resource.newInstance("leave_request","xx125")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB"))
        .withAttribute("owner",stringValue("john")),
    "view:public","approve");

if(result.isAllowed("approve")){ // returns true if `approve` action is allowed
    ...
}
You need to use the
withAttribute
method to add a resource attribute with the path parameter value. How you read it depends on your web framework.
k

Karl Azzam

01/11/2024, 1:52 AM
currently all we do is call cerbos via grpc to get a decision, if decision is not equal to EFFECT_ALLOW, return a 401
running it as a sidecar container for each kotlin backend service
we do all the condition logic in the resource policy yaml via the rules, i was looking more so on how to add a rule that checks the query path param and compares to the claim value. What im really stuck on is getting the query path param value
i said query param, meant path path sorry
d

Dennis (Cerbos)

01/11/2024, 2:00 AM
So a Kotlin backend service receives a request (R), and then it sends an authorisation request (A) to Cerbos PDP. Are you asking how to read the path parameter of the request R?
k

Karl Azzam

01/11/2024, 2:01 AM
correct
inside a resource policy yaml
d

Dennis (Cerbos)

01/11/2024, 2:01 AM
I see. No, sorry, it’s not possible.
k

Karl Azzam

01/11/2024, 2:01 AM
gotcha, thanks!