Title
#community
v

Viet Au

08/15/2022, 10:15 AM
Hi, for principal policies, the documentation says that wildcard for a resource is supported, but if I use wildcard "*" for a resource it is rejected.
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

08/15/2022, 10:31 AM
Checking now
10:34 AM
I’ve setup this quick example and it seems to be working as I understand it - is this what you are trying? https://play.cerbos.dev/p/MQHR3nVZ62fa2089L6i5XFqoGl7ctOg8
v

Viet Au

08/15/2022, 10:58 AM
If you change the resource to a wildcard "*", this error occurs.
Failed to read: invalid Policy.PrincipalPolicy: embedded message failed validation | caused by: invalid PrincipalPolicy.Rules[0]: embedded message failed validation | caused by: invalid PrincipalRule.Resource: value does not match regex pattern "^[[:alpha:]][[:word:]\\@\\.\\-/]*(\\:[[:alpha:]][[:word:]\\@\\.\\-/]*)*$"
Charith (Cerbos)

Charith (Cerbos)

08/15/2022, 11:04 AM
Yeah, I think the validation pattern is overly strict here. It's probably because we originally intended to only support segmented wildcards like
engineering:change_request:*
. I don't see why it has to be that way though.
v

Viet Au

08/15/2022, 11:30 AM
OK thanks for that. Do you intend to relax this check?
Charith (Cerbos)

Charith (Cerbos)

08/15/2022, 11:33 AM