https://cerbos.dev logo
Title
d

david

09/20/2022, 8:00 AM
Hello everyone 👋 . Is it reasonable to use resource scopes as DDD-like “bounded contexts”? i.e. each microservice has its own scope so that resources with the same name (but different meaning) can exist within each?
c

Charith (Cerbos)

09/20/2022, 8:07 AM
Yes, you can do that. You could also use the
version
field in the policies to achieve the same thing.
d

david

09/20/2022, 8:17 AM
so the version field could be
serviceA.v1
?
I guess the context could be included in the resource name too
serviceA:resourceB
?
c

Charith (Cerbos)

09/20/2022, 8:24 AM
I think the
version
can be just
serviceA
and you can just call the resource
resourceB
. So, in effect you are asking Cerbos what a user can do with the
serviceA
version of resource
resourceB
. If you're using the sidecar model, you can even configure the default policy version used by Cerbos for that particular service. (https://docs.cerbos.dev/cerbos/latest/configuration/engine.html)
Of course, I am assuming that resources are completely independent of each other. if your resources need to have a base set of rules that are then overridden per service, use scopes.
d

david

09/20/2022, 8:39 AM
Ok, a few things to think about - many thanks for your ideas 🙂