Hello I m trying to write my first resource policy So far I Cerbos Community #help

Hello. I'm trying to write my first resource polic...

Mohsen Salahshour Majd

11/21/2024, 1:27 PM

Hello. I'm trying to write my first resource policy. So far, I've attempted to validate this yaml file. However, I get an error. Since this is my first time writing policies and generally using cerbos, I suspect I'm missing something. Help is greatly appreciated.

Copy code

apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"
  resource: "route"
  rules:
    - actions:
        - view
      effect: EFFECT_ALLOW
      roles:
        - customer
      condition:
        match:
          expr: request.resource.attr.type in ["INDEX", "SHOP_SEARCH"]

  rules:
    - actions:
        - view
      effect: EFFECT_ALLOW
      roles:
        - staff
      condition:
        match:
          expr: request.resource.attr.type in ["DASHBOARD"]

Here's the error I'm getting:

Copy code

2024-11-21T13:10:26.096Z        ERROR   cerbos.index    Index build failed      {"load_failures": [{"file":"route.yaml","error":"duplicate field definition: previous definition at [5:3]","error_details":{"kind":1,"position":{"line":15,"column":3,"path":"$.resourcePolicy.rules"},"message":"duplicate field definition: previous definition at [5:3]","context":"  12 |         match:\n  13 |           expr: request.resource.attr.type in [\"INDEX\", \"SHOP_SEARCH\"]\n  14 | \n> 15 |   rules:\n         ^\n  16 |     - actions:\n  17 |         - view\n  18 |       effect: EFFECT_ALLOW\n  19 |       "}}]}
2024-11-21T13:10:26.097Z        ERROR   cerbos.server   Failed to start server  {"error": "failed to create store: failed to build index: missing imports=0, missing scopes=0, duplicate definitions=0, load failures=1"}

oguzhan

11/21/2024, 1:29 PM

Hey @Mohsen Salahshour Majd, There is a duplicate

rules

section in your policy. I think you meant to do this:

Copy code

apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"
  resource: "route"
  rules:
    - actions:
        - view
      effect: EFFECT_ALLOW
      roles:
        - customer
      condition:
        match:
          expr: request.resource.attr.type in ["INDEX", "SHOP_SEARCH"]

    - actions:
        - view
      effect: EFFECT_ALLOW
      roles:
        - staff
      condition:
        match:
          expr: request.resource.attr.type in ["DASHBOARD"]

Mohsen Salahshour Majd

11/21/2024, 1:30 PM

Ah... thank you

cerbie 1

Mohsen Salahshour Majd

11/21/2024, 1:40 PM

It successfully recognized my policy. Thanks

🙌🏻 1

4 Views

Open in Slack

Previous Next