Hi all, a principal policy I created against create action is returning

false

inside the node app. But, the same policy when tested in playground is returning

true

for create action.

Owner has full access over manager and store_manager

apiVersion: api.cerbos.dev/v1
principalPolicy:
  version: default
  principal: owner
  rules:
    - resource: manager
      actions:
        - action: "*"
          effect: EFFECT_ALLOW
          condition:
            match:
              expr: R.attr.clientNumber == P.attr.clientNumber
    - resource: store_manager
      actions:
        - action: "*"
          effect: EFFECT_ALLOW
          condition:
            match:
              expr: R.attr.clientNumber == P.attr.clientNumber

Request body:

{
  "principal": {
    "id": "owner",
    "roles": [
      "OWNER"
    ],
    "attr": {
      "clientNumber": 1234
    }
  },
  "resource": {
    "kind": "manager",
    "id": "1",
    "attr": {
      "clientNumber": 1234
    }
  },
  "action": "CREATE"
}

It works with a curl request as well so I am not sure what's wrong. Can you paste your request code snippet here please.

Hi @Charith (Cerbos) I’ve provided the request body. I’ve created a small node server connected to cerbos along with docker-compose.

Hi Ankit, one difference between the SDK and the raw API is that the principal and request attributes are passed in via

attributes

rather than

attr

. So the request body needs to be slightly altered to work with the Node.js app.

Ah, got it. Thanks! @Andrew Haines (Cerbos). Would be great if we add

attributes

in this example. https://github.com/cerbos/cerbos-sdk-javascript/tree/main/packages/grpc#example-usage

Good call, will do!