https://cerbos.dev logo
#community
Title
# community
p

Peter Cummings

01/19/2024, 11:57 AM
👋 Hi everyone! - Quick question, if I want to just develop now, and worry about authorizations later and Implement
Copy code
if allowed, err := cerbosClient.IsAllowed(context.TODO(), user, resource, action);
Well the resource and action get "auto-registered" in the "policy definition" so that I can go back at a later time, or another team member can focus on that as the developer develops, and so that I can ensure that no resource or action get missed or overlooked?
c

Charith (Cerbos)

01/19/2024, 12:22 PM
Hi. If I understand you correctly, you're asking whether Cerbos keeps track of unknown resources and actions? Well, not specifically. The way to achieve what you want is through the Cerbos policy test framework, If you keep your test definitions up-to-date with all the actions and policies you've used in your code, you can later run the tests and fix the ones that fail due to missing policy definitions or action rules. When the
--verbose
flag is provided, the test output for failing tests show the actual execution trace the Cerbos engine went through and you can see when there are no policies that match the request or when there are no rules that match the given action and so on. The audit logs do keep track of every request that comes through. However, I don't think it's very practical to comb through that to discover the unimplemented bits. So, my recommendation is to use the tests instead.
p

Peter Cummings

01/20/2024, 10:24 AM
That makes sense
3 Views