Title
#help
r

Ryan Killeen

10/25/2022, 5:43 PM
Hey! Looking to run Cerbos in
docker-compose
and attempting to set a config for it, I can't seem to set the server config's yaml file through docker env variables. Is there a recommended approach here? yaml in the thread!
5:43 PM
Docker compose:
services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.21.0|ghcr.io/cerbos/cerbos:0.21.0>
    volumes:
      - '../authz-policies:/policies'
    ports:
      - '3592:3592'
      - '3593:3593'
    environment:
      - CERBOS_CONFIG=/conf.yaml
5:44 PM
conf.yaml
lives at
/authz-policies/conf.yaml
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

10/25/2022, 5:48 PM
At a glance would the path be
/policies/conf.yaml
?
5:49 PM
Also the default config file in the container is:
---
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"

storage:
  driver: "disk"
  disk:
    directory: /policies
    watchForChanges: true
so you don’t need to set a conf file unless you need to set extra options
r

Ryan Killeen

10/25/2022, 5:50 PM
I'm attempting to set the admin API to true atm, I'll make sure my paths are right!
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

10/25/2022, 5:50 PM
here is an example from a sample project
cerbos:
    image: <http://ghcr.io/cerbos/cerbos:latest|ghcr.io/cerbos/cerbos:latest>
    ports:
      - "3592:3592"
      - "3593:3593"
    expose:
      - '3592'
      - '3593'
    volumes:
      - ./cerbos/policies:/policies
    restart: unless-stopped
5:53 PM
if you want to change that, mount the conf file in the container and then set the
CERBOS_CONFIG="/path-to-conf.yaml"
r

Ryan Killeen

10/25/2022, 5:54 PM
The simple path adjustment appears to do the trick, but now I'm receiving an error. Error and config below:
5:55 PM
{"file":"config.yaml","error":"failed to unmarshal JSON: proto: (line 1:2): unknown field \"server\""}
seems to be the key error.
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

10/25/2022, 5:55 PM
ah yes - the config file can’t be in the same directory as the policies (it will try to read it as a policy file)
5:57 PM
/mountedDir
/mountedDir/config.yaml
/mountedDir/policies/....policyfiles....
r

Ryan Killeen

10/25/2022, 6:10 PM
I see, essentially I landed on
cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.21.0|ghcr.io/cerbos/cerbos:0.21.0>
    volumes:
      - '../authz-policies/config.yaml:/root/config.yaml'
      - '../authz-policies/policies:/policies'
    ports:
      - '3592:3592'
      - '3593:3593'
    environment:
      - CERBOS_CONFIG=/root/config.yaml
6:10 PM
Thanks for the guidance!
6:37 PM
Sorry, follow up question! I'm successfully authenticating the admin api now, but getting the following error from
cerbosctl
when running
docker run -it <http://ghcr.io/cerbos/cerbosctl:0.21.0|ghcr.io/cerbos/cerbosctl:0.21.0> \
    --server=localhost:3593 \
    --username=... \
    --password=... \
   --plaintext \
    decisions
Audit log backend does not support querying
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

10/25/2022, 6:38 PM
Which audit backend have you set in your config? https://docs.cerbos.dev/cerbos/latest/configuration/audit.html
6:39 PM
The local one needs to be enabled for querying
r

Ryan Killeen

10/25/2022, 6:39 PM
Of course haha, makes sense. Thanks!
Alex Olivier (Cerbos)

Alex Olivier (Cerbos)

10/25/2022, 6:41 PM
we can make that error clearer - shall raise an issue