Hi, for principal policies, the documentation says...
# communityv
Viet Au
08/15/2022, 10:15 AMHi, for principal policies, the documentation says that wildcard for a resource is supported, but if I use wildcard "*" for a resource it is rejected.
a
Alex Olivier (Cerbos)
08/15/2022, 10:31 AM
Checking now
Alex Olivier (Cerbos)
08/15/2022, 10:34 AM
I’ve setup this quick example and it seems to be working as I understand it - is this what you are trying?
https://play.cerbos.dev/p/MQHR3nVZ62fa2089L6i5XFqoGl7ctOg8
v
Viet Au
08/15/2022, 10:58 AMIf you change the resource to a wildcard "*", this error occurs.
Failed to read: invalid Policy.PrincipalPolicy: embedded message failed validation | caused by: invalid PrincipalPolicy.Rules[0]: embedded message failed validation | caused by: invalid PrincipalRule.Resource: value does not match regex pattern "^[[:alpha:]][[:word:]\\@\\.\\-/]*(\\:[[:alpha:]][[:word:]\\@\\.\\-/]*)*$"c
Charith (Cerbos)
08/15/2022, 11:04 AM
Yeah, I think the validation pattern is overly strict here. It's probably because we originally intended to only support segmented wildcards like
engineering:change_request:*v
Viet Au
08/15/2022, 11:30 AMOK thanks for that. Do you intend to relax this check?
c
Charith (Cerbos)
08/15/2022, 11:33 AM
Already working on it 🙂 https://github.com/cerbos/cerbos/pull/1166
4 Views