b

    B Cerkezi

    1 month ago
    Hey 👋 , I have been evaluating the tool today - looks really cool! One basic question: when using the principal attributes as a condition expression I can't get the "in" operator to work? here is the code:
    ---
    apiVersion: api.cerbos.dev/v1
    resourcePolicy:
      resource: album
      version: default
      rules:
        - actions: ['view']
          effect: EFFECT_ALLOW
          roles:
            - editor
          condition:
            match:
              expr: 'test' in request.principal.attr.products
    and response
    failed to convert YAML to JSON: yaml: line 12: did not find expected key
    Alex Olivier (Cerbos)

    Alex Olivier (Cerbos)

    1 month ago
    Hey, There is an issue with using
    '
    at the start of an expression - you can break out onto a new line as follows which works
    ---
    apiVersion: api.cerbos.dev/v1
    resourcePolicy:
      resource: album
      version: default
      rules:
        - actions: ['view']
          effect: EFFECT_ALLOW
          roles:
            - editor
          condition:
            match:
              expr: >
                'test' in request.principal.attr.products
    b

    B Cerkezi

    1 month ago
    ah great - thanks for the quick response