Hi <@U0283CHN8NA> I knew about Cerbos via Nurul fr...
# communityc
Chaiwa Berian
05/26/2022, 1:08 PMHi @Emre (Cerbos) I knew about Cerbos via Nurul from Prisma. I have this kind of auth flow to be implemented but now I am curious to know: Is Cerbos only for authorization and then I can build the user tables in my app and do authentication there?
a
Alex Olivier (Cerbos)
05/26/2022, 1:11 PM
Hey!
Yes this is a very common model where the users and their roles are stored in your application (and thus you can build a UI around) - and then these are passed in principal object to Cerbos for use in authorization policies.
Here is an example of an express app using Prisma and Cerbos https://github.com/cerbos/express-prisma-cerbos/
c
Chaiwa Berian
05/26/2022, 1:13 PMOk thanks, let me check out the docs for more understanding. I will revert ASAP!
š 1
Chaiwa Berian
05/26/2022, 1:54 PMHi @Alex Olivier (Cerbos) I am going through the Prisma-Cerbos example but I am getting this error when I attempt to start Cerbos via `sudo docker run -i -t -p 3592:3592 -v $(pwd)/config:/config -v $(pwd)/policies:/policies ghcr.io/cerbos/cerbos:0.6.0 server --config=/config/config.yaml`:
Copy code
/policies <http://ghcr.io/cerbos/cerbos:0.6.0|ghcr.io/cerbos/cerbos:0.6.0> server --config=/config/config.yaml
[sudo] password for chaiwa:
Unable to find image '<http://ghcr.io/cerbos/cerbos:0.6.0|ghcr.io/cerbos/cerbos:0.6.0>' locally
0.6.0: Pulling from cerbos/cerbos
b49b96595fd4: Pull complete
9411f38bb959: Pull complete
ae4da295c61e: Pull complete
5dbfc77bfac5: Pull complete
Digest: sha256:d7e72e0b13d53297591bc9c1bfe9318afa0ee8582f5f878411e57e54f7560712
Status: Downloaded newer image for <http://ghcr.io/cerbos/cerbos:0.6.0|ghcr.io/cerbos/cerbos:0.6.0>
2022-05-26T13:48:43.262Z INFO cerbos.server maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined
2022-05-26T13:48:43.263Z INFO cerbos.server maxprocs: No GOMAXPROCS change to reset
ERROR: failed to create store: unknown storage driver []a
Alex Olivier (Cerbos)
05/26/2022, 2:00 PM
Ah i was trying to work out where the out version number from, I realise that articles formatting is abit off and the YAML has lost its indent leading to this error.
Your config.yaml file should be formatted like this.
Copy code
server:
httpListenAddr: ":3592"
storage:
driver: "disk"
disk:
directory: /policies
watchForChanges: true Copy code
sudo docker run -i -t -p 3592:3592 \
-v $(pwd)/config:/config \
-v $(pwd)/policies:/policies \
<http://ghcr.io/cerbos/cerbos:latest|ghcr.io/cerbos/cerbos:latest> \
server --config=/config/conf.yamlc
Chaiwa Berian
05/26/2022, 2:00 PMRunning it the second time works. I guess I had removed the
---a
Alex Olivier (Cerbos)
05/26/2022, 2:03 PM
Did the above work?
c
Chaiwa Berian
05/26/2022, 2:05 PMYes it did but with that
--- Copy code
---
server:
httpListenAddr: ":3592"
storage:
driver: "disk" # Valid values are "disk" or "git"
disk: # Only required if "driver" is "disk"
directory: /policies
watchForChanges: trueš 1
a
Alex Olivier (Cerbos)
05/26/2022, 2:09 PM
Iād recommend using the
<http://ghcr.io/cerbos/cerbos:latest|ghcr.io/cerbos/cerbos:latest><http://ghcr.io/cerbos/cerbos:0.16.0|ghcr.io/cerbos/cerbos:0.16.0>0.6.0š 1
c
Chaiwa Berian
05/26/2022, 2:48 PMHi @Alex Olivier (Cerbos) , I now have a quick sense of what is going on. Quick one: In the scenario I shared above, if I used Cerbos for authorization would you recommend I do away with
RolePermissionPermissiona
Alex Olivier (Cerbos)
05/26/2022, 2:49 PM
Yes you can take that and model it in resource policies. Have you seen our playground? It has examples for some common scenarios and lets you experiment right in browser https://play.cerbos.dev/
c
Chaiwa Berian
05/26/2022, 2:50 PMOn it!
8 Views