Peter Cummings
01/19/2024, 11:57 AMif allowed, err := cerbosClient.IsAllowed(context.TODO(), user, resource, action);
Well the resource and action get "auto-registered" in the "policy definition" so that I can go back at a later time, or another team member can focus on that as the developer develops, and so that I can ensure that no resource or action get missed or overlooked?Charith (Cerbos)
--verbose
flag is provided, the test output for failing tests show the actual execution trace the Cerbos engine went through and you can see when there are no policies that match the request or when there are no rules that match the given action and so on.
The audit logs do keep track of every request that comes through. However, I don't think it's very practical to comb through that to discover the unimplemented bits. So, my recommendation is to use the tests instead.Peter Cummings
01/20/2024, 10:24 AM