Hi there We’re having trouble adding/replacing conditions for the policy the problem is: • the policy exists • i add 2 conditions • i retrieve the policy - it has 2 conditions • i update policy and send these same conditions again • get the policy - now we have 4 duplicated conditions • …. • send 2 conditions again and there are now 6, 8, 12 … from what i see there’s no way to provide a unique reference that Cerbos can distinguish them am i doing sth wrong or is it Cerbos issue?

Hey@Roman Levytskyi! Where do you keep the policies and how do you update the policies?

We keep on Postgres Update through admin api Js client

Thanks, I will take a look at this and let you know.

Thanks

When you update the retrieved policy, do you modify the conditions of the rule in any way? Can you share some snippet of code to describe how you modify the conditions (if you are)? I guess when you retrieve the policy, you are appending some conditions to a rule in the policy. Is it correct?

nope, what I’m doing, I’m constructing the same exact policy every time and pass it to

addOrUpdatePolicies

method

When a request is sent to AddOrUpdatePolicies RPC, Cerbos checks the policy ID (

<kind>.<name>.<version>/<scope>

) of the policy to determine whether to add a new policy or update an existing policy. If a policy with the same policy ID exists, it updates (basically overwrites) the policy in the database. Given that you are constructing the same exact policy, I’d expect you to see same policy being updated without any additions. Unfortunately, I couldn’t manage to reproduce the same problem for now. Is it possible for you to log the policy that you are passing to

addOrUpdatePolicies

function to see if it is what you expect?

I’ll send you an example shortly

No problem at all, happy to help cerbie