d

    david

    5 days ago
    Hello everyone 👋 . Is it reasonable to use resource scopes as DDD-like “bounded contexts”? i.e. each microservice has its own scope so that resources with the same name (but different meaning) can exist within each?
    Charith (Cerbos)

    Charith (Cerbos)

    5 days ago
    Yes, you can do that. You could also use the
    version
    field in the policies to achieve the same thing.
    d

    david

    5 days ago
    so the version field could be
    serviceA.v1
    ?
    I guess the context could be included in the resource name too
    serviceA:resourceB
    ?
    Charith (Cerbos)

    Charith (Cerbos)

    5 days ago
    I think the
    version
    can be just
    serviceA
    and you can just call the resource
    resourceB
    . So, in effect you are asking Cerbos what a user can do with the
    serviceA
    version of resource
    resourceB
    . If you're using the sidecar model, you can even configure the default policy version used by Cerbos for that particular service. (https://docs.cerbos.dev/cerbos/latest/configuration/engine.html)
    Of course, I am assuming that resources are completely independent of each other. if your resources need to have a base set of rules that are then overridden per service, use scopes.
    d

    david

    5 days ago
    Ok, a few things to think about - many thanks for your ideas 🙂