A random question / thought, we currently use Typescript to generate strongly-typed permission strings. When authoring policies, is there a way to make those strings available to Cerbos? Is JSON Schema the best direction there?
s
Steve High (NTWRK)
12/12/2022, 4:02 PM
I have an example in Go that does just that...I imagine the typescript variant wouldnt be too much different since the implementation is just bitmasks
Steve High (NTWRK)
12/12/2022, 4:03 PM
i'd be happy to share that if you'd like
🙌 1
r
Ryan Killeen
12/12/2022, 4:42 PM
Happy to take a look at anything you're willing to share!
Ryan Killeen
12/16/2022, 10:47 PM
@Steve High (NTWRK) I'm seeing now that Principal schemas are really only used to validate requests, have you found a way to make them useful in editing of policies?
Ryan Killeen
12/16/2022, 10:49 PM
Essentially I have an attribute on the principal that can be one or more strongly typed strings in a union, and I'd love to make that available to people writing policies. Not sure if that's feasible atm?
Some way to extend the available policy schema would go a long way
c
Charith (Cerbos)
12/17/2022, 10:07 AM
That's an interesting idea. The difficult bit here is that during policy editing, the principal/resource attributes are not really YAML fields that can be described with a schema. They are part of the CEL expression, which is essentially a string as far as any editor is concerned. We do want to be able to validate those expressions too but it'll probably take us a little while longer to come up with a good enough solution that works for everybody.