Hi all, a principal policy I created against creat...
# helpa
Ankit Khosla
11/23/2022, 2:16 PMHi all, a principal policy I created against create action is returning
falsetrueOwner has full access over manager and store_manager Copy code
apiVersion: api.cerbos.dev/v1
principalPolicy:
version: default
principal: owner
rules:
- resource: manager
actions:
- action: "*"
effect: EFFECT_ALLOW
condition:
match:
expr: R.attr.clientNumber == P.attr.clientNumber
- resource: store_manager
actions:
- action: "*"
effect: EFFECT_ALLOW
condition:
match:
expr: R.attr.clientNumber == P.attr.clientNumber Copy code
{
"principal": {
"id": "owner",
"roles": [
"OWNER"
],
"attr": {
"clientNumber": 1234
}
},
"resource": {
"kind": "manager",
"id": "1",
"attr": {
"clientNumber": 1234
}
},
"action": "CREATE"
}c
Charith (Cerbos)
11/23/2022, 2:25 PM
It works with a curl request as well so I am not sure what's wrong. Can you paste your request code snippet here please.
a
Ankit Khosla
11/23/2022, 4:36 PMHi @Charith (Cerbos) I’ve provided the request body, and created a small node server connected to cerbos along with docker-compose.
a
Andrew Haines (Cerbos)
11/24/2022, 9:21 AM
Hi Ankit, one difference between the SDK and the raw API is that the principal and request attributes are passed in via
attributesattrAndrew Haines (Cerbos)
11/24/2022, 9:27 AM
I tried with this request body and got
true Copy code
{
"principal": {
"id": "owner",
"roles": [
"OWNER"
],
"attributes": {
"clientNumber": 1234
}
},
"resource": {
"kind": "manager",
"id": "1",
"attributes": {
"clientNumber": 1234
}
},
"action": "CREATE"
}a
Ankit Khosla
11/24/2022, 10:53 AMAh, got it. Thanks! @Andrew Haines (Cerbos). Would be great if we add
attributesa
Andrew Haines (Cerbos)
11/24/2022, 10:54 AM
Good call, will do!
Andrew Haines (Cerbos)
11/24/2022, 11:54 AM
Done, thanks for the suggestion 🙂 https://github.com/cerbos/cerbos-sdk-javascript/pull/358
5 Views