Hi all, given the recommendation about logging

cerbosCallId

in the application logs. How would I access this by using the Java SDK

check

method. It seems it does only return the actual results, not any other response data. Any suggestions on this topic?

Cerbos API responses include a

cerbosCallId

field that contains the unique identifier under which the request was logged to the audit log (if enabled) and the Cerbos activity log. It is recommended that applications log this ID as part of their activity logs too so that those log entries can be joined together with Cerbos logs during log analysis to build a complete picture of the authorization decisions.

public CheckResult check(Principal principal, Resource resource, String... actions) {
    Request.AuxData ad =
        this.auxData.map(AuxData::toAuxData).orElseGet(Request.AuxData::getDefaultInstance);
    Request.CheckResourcesRequest request =
        Request.CheckResourcesRequest.newBuilder()
            .setRequestId(RequestId.generate())
            .setPrincipal(principal.toPrincipal())
            .setAuxData(ad)
            .addResources(
                Request.CheckResourcesRequest.ResourceEntry.newBuilder()
                    .setResource(resource.toResource())
                    .addAllActions(Arrays.asList(actions))
                    .build())
            .build();

    try {
      Response.CheckResourcesResponse response = withClient().checkResources(request);
      if (response.getResultsCount() == 1) {
        return new CheckResult(response.getResults(0));
      }
      return new CheckResult(null);
    } catch (StatusRuntimeException sre) {
      throw new CerbosException(sre.getStatus(), sre.getCause());
    }
  }

Hey. Yeah, this is an oversight in the

check

method. We'll fix that soon. If you use the

batch

method, you can get the call ID by calling.

getRaw().getCerbosCallId()

.

Great, thanks for the quick response