v

    Viet Au

    1 month ago
    Hi, for principal policies, the documentation says that wildcard for a resource is supported, but if I use wildcard "*" for a resource it is rejected.
    Alex Olivier (Cerbos)

    Alex Olivier (Cerbos)

    1 month ago
    Checking now
    I’ve setup this quick example and it seems to be working as I understand it - is this what you are trying? https://play.cerbos.dev/p/MQHR3nVZ62fa2089L6i5XFqoGl7ctOg8
    v

    Viet Au

    1 month ago
    If you change the resource to a wildcard "*", this error occurs.
    Failed to read: invalid Policy.PrincipalPolicy: embedded message failed validation | caused by: invalid PrincipalPolicy.Rules[0]: embedded message failed validation | caused by: invalid PrincipalRule.Resource: value does not match regex pattern "^[[:alpha:]][[:word:]\\@\\.\\-/]*(\\:[[:alpha:]][[:word:]\\@\\.\\-/]*)*$"
    Charith (Cerbos)

    Charith (Cerbos)

    1 month ago
    Yeah, I think the validation pattern is overly strict here. It's probably because we originally intended to only support segmented wildcards like
    engineering:change_request:*
    . I don't see why it has to be that way though.
    v

    Viet Au

    1 month ago
    OK thanks for that. Do you intend to relax this check?
    Charith (Cerbos)

    Charith (Cerbos)

    1 month ago