I am having trouble with Cerbos finding my schema files. Probably something dumb I’m missing but I’m out of ideas. When I turn on schema enforcement in the conf.yaml I receive an error that Cerbos can’t find the configured schama files. My $PWD looks like this:

.
├── README.md
├── _schemas
│   ├── desk.json
│   ├── entry.json
│   └── principal.json
├── conf.yaml
├── policies
│   ├── derived_roles
│   │   └── my_roles.yaml
│   └── resource
│       ├── desk.yaml
│       └── entry.yaml
├── start.sh
└── tests
    ├── desk_test.yaml
    ├── entry_test.yaml
    └── testdata
        ├── principals.yaml
        └── resources.yaml

My docker command looks like this:

docker run --rm --name cerbos -p 3592:3592 -p 3593:3593 -v $PWD:/blah <http://ghcr.io/cerbos/cerbos:latest|ghcr.io/cerbos/cerbos:latest> server --config=/blah/conf.yaml

My policy looks like this:

apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: default
  resource: entry
  importDerivedRoles:
    - my_roles
  rules:
    - actions:
        - "entry:read"
      effect: EFFECT_ALLOW
      derivedRoles:
        - employee
      condition:
        match:
          any:
            of:
              - expr: P.attr.employee_id == R.attr.employee_id
              - expr: R.attr.location_id in P.attr.permissions.filter(x, P.attr.permissions[x].exists(y, y == "entry.read_all"))

    - actions:
        - "entry:read"
      effect: EFFECT_ALLOW
      derivedRoles:
        - global_admin
        - location_admin
        - receptionist

  schemas:
    principalSchema:
      ref: cerbos:///principal.json
    resourceSchema:
      ref: cerbos:///entry.json

Hi. I am guessing that the main issue is that you have your

conf.yaml

file in the directory that Cerbos is looking for policies. If you move your

tests

and

_schemas

directories under the

policies

directory and configure Cerbos storage dir to

policies

, I think it will work.

cool will try that thanks