https://cerbos.dev logo
Join Slack
Powered by
Hello All, I hope everyone is great. Has anyone tr...
# help
a
Hello All, I hope everyone is great. Has anyone tried out this project to implement cerbos w AWS cognito?
a
Hey good to hear from you again! We have a full tutorial for using Cerbos with Cognito - https://cerbos.dev/blog/using-aws-cognito-with-cerbos-how-to Hopefully that will be a good guide to get you started
🙂 1
a
Hi Alex, how have you been? I was following this tutorial, but stuck w the installation process. The installation crashes due to this issue: 
ModuleNotFoundError: No module named 'pip._vendor.html5lib' inside wrapper
I followed the solutions offered here and here
c
Hey Asma. Are you using the 
pw
script?
a
Hi Charith, hope you are doing well. Yes I am using the 
pw
script. I used this command to install 
./pw install
ping
c
Hmm.. I am not sure what the issue is then. Pw installs its own Python interpreter in a virtual environment so it should be a clean one
What is your global Python version?
a
its 3.9.5
c
a
Does the global python matter?
Or do I just update the version in my venv?
c
Honestly, I am not absolutely sure. The 
pw
script is a Python script itself so it probably uses the global Python interpreter during bootstrap to setup the virtual env and other things. IIRC, Python 3.10 had some backward incompatible changes so that could be why you're getting those errors.
a
I see, I am not too keen on updating my python (global) as it might break other things
but let me check
c
You can have a local installation of Python without upgrading the global one
a
I see.
So, is there any way I can use Cerbos without having a dependency on this Python app?
a
Yes you can use the python SDK directly https://github.com/cerbos/cerbos-sdk-python
This sample app is just an example of using Cerbos along with AWS Cognito
a
Our team is not in favour of using an app interfacing Cerbos / React Web client to determine authorization
a
a
Do we have support for Javascript or Java? Also, how will the deployment part of it should be managed? We already have Cerbos as a sidecar in our polyglot system so we're looking for more seamless options.
a
Yes! You can find all the SDKs here https://cerbos.dev/ecosystem
A sidecar is our recommend approach
a
a
Our Javascript SDK comes with a client-side version now also 
@cerbos/http
a
Really? Just asking out of curiosity, what value does the Python Client with the Fast API add to cerbos?
a
Depends where you need to make authorization checks - we support many backends aswell as calling dirctly
If your backend if a python+fastapi app - you can use the python SDK if your backend is node you can use the JS SDK etc
a
Is the JS sdk compatible with React JS ?
a
Yup you can use it in any JS app
a
We can just forego the backend that way
Great, thanks!
a
Depending on your usecase, you likely will need to check permissions in the backend also
a
Right, thanks for the help @Alex Olivier (Cerbos) @Charith (Cerbos)
👍 1
Hi again, I was wondering if I could test multiple actions against the same role and resource via the JS SDK 
@cerbos/http
Copy code
import { HTTP } from "@cerbos/http";

const cerbos = new HTTP("<http://localhost:3592>");

await cerbos.isAllowed({
  principal: { id: "<mailto:user@example.com|user@example.com>", roles: ["USER"] },
  resource: { kind: "document", id: "1" },
  action: "view",
}); // => true
I tried by passing 
actions
as an array 
["eat", "sleep", "repeat"]
Is there any documentation for this SDK besides the readme on github?
a
If you use the checkResource method you can pass in a list of actions
a
I'm more eager using the SDK since its less work and is clean-looking
a
Yes that method is part of the SDK
Cerbos.checkResource
a
@Alex Olivier (Cerbos) so there's no method that checks against multiple resources?
Like the 
/api/check_resource_batch
a
Copy code
const decision = await cerbos.checkResources({
  principal: { id: "<mailto:user@example.com|user@example.com>", roles: ["USER"] },
  resources: [
    {
      resource: { kind: "document", id: "1" },
      actions: ["view", "edit"],
    },
    {
      resource: { kind: "image", id: "1" },
      actions: ["delete"],
    },
  ],
});

decision.isAllowed({
  resource: { kind: "document", id: "1" },
  action: "view",
}); // => true
8 Views
Open in Slack
PreviousNext
Powered by