Hello I was hoping someone could help me understand why I m Cerbos Community #help

Hello! I was hoping someone could help me underst...

Mitch

05/08/2024, 9:54 PM

Hello! I was hoping someone could help me understand why I'm getting a

more than one YAML document detected

error when running tests with cerbos?

👍🏼 1

Mitch

05/08/2024, 9:58 PM

I just added different versions for a resource policy with scopes and now I'm getting this error.

Dennis (Cerbos)

05/08/2024, 10:22 PM

This is not supported yet. https://github.com/cerbos/cerbos/issues/1094

Andrew Haines (Cerbos)

05/09/2024, 8:55 AM

If you don't actually have multiple YAML documents in a single file, it could also be a bug we found in the parser: https://github.com/cerbos/cerbos/issues/2118. We just released Cerbos 0.36.0 with a fix for that.

Mitch

05/09/2024, 1:47 PM

Thank you @Dennis (Cerbos) and @Aram Andreasyan. I don't understand how to define policies with scopes, if "this isn't supported" so I think I may have a missunderstanding of how this all works. Here is my file structure:

Mitch

05/09/2024, 1:49 PM

My understanding with

Scopes

is that you need to define a policy with the assigned scope if you wanted different rules for that scope. You'll see here, I have three policies for

taskResource

. The empty scope is

taskResource.yaml

, the

exec

scope is the

taskResource_exec.yaml

file and the

exec.manager

scope is the

taskResource_manager.yaml

file. Something with the

taskResource_manager.yaml

file is causing the error to pop up because it goes away if I comment out the contents of that file.

Mitch

05/09/2024, 1:49 PM

So, first, am I understand how to setup scopes correctly?

Andrew Haines (Cerbos)

05/09/2024, 1:50 PM

Yes, that looks fine. It's probably an issue with YAML syntax in

taskResource_manager.yaml

- due to the bug I linked, unfortunately sometimes the parser reports

more than one YAML document detected

when the issue is actually something different

Mitch

05/09/2024, 1:51 PM

AHHHHH. Okay @Andrew Haines (Cerbos). Thank you for that. Let me see if I can recreate the issue and remove the sensitive policy stuff out of the file...

Mitch

05/09/2024, 1:56 PM

You were right @Aram Andreasyan. Thank you so much for pointing me in the right direction. It has something to do with the complicated condition logic I have in there for that scope. I'll try to modify it and see if I can get past the error.

🙌🏼 1

Andrew Haines (Cerbos)

05/09/2024, 1:59 PM

Sometimes it helps to write conditions like this:

Copy code

expr: >
  some complicated expression

The block scalar syntax

helps avoid issues with YAML special characters

Mitch

05/09/2024, 2:01 PM

I was writing it like this:

Copy code

expr: >
(
  Condition A &&
  Condition B
)

and I think the indentation was causing issues. I consolidated the same logic to get rid of the weird indentation with the parenthesis and it works now.

👍🏼 1

Andrew Haines (Cerbos)

05/09/2024, 3:16 PM

Looks like the fix for the issue above wasn't sufficient to catch this case, so we still get the same

more than one YAML document detected

error in the current release. I've raised a new issue: https://github.com/cerbos/cerbos/issues/2146

🙌 1

2 Views

Open in Slack

Previous Next