Hello all I am facing an issue here and can t seem to find w Cerbos Community #help

Hello all, I am facing an issue here and can't see...

William Vitali

12/16/2022, 4:58 PM

Hello all, I am facing an issue here and can't seem to find why. I am using version 0.23.1 This policy works :

Copy code

---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"
  importDerivedRoles:
    - common_roles
  resource: "candidate:object"
  rules:
    - actions: ['*']
      effect: EFFECT_ALLOW
      derivedRoles:
        - admin_africa
      condition:
        match:
          expr: request.resource.attr.continents == "africa"

But if I replace the last line with

expr: "africa" in request.resource.attr.continents

then I have the error {"log.level":"warn","@timestamp":"2022-12-16T165520.233Z","log.logger":"cerbos.dir.watch","message":"Failed to read policy from file","dir":"/policies","file":"resource_candidate.yaml","error":"failed to convert YAML to JSON: yaml: line 14: did not find expected key"} Does anybody know why I can't use the "in" keyword here ?

Alex Olivier (Cerbos)

12/16/2022, 5:01 PM

Hey this is a YAML escaping edge case - a line can’t begin with

the following will work though:

Copy code

---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"
  importDerivedRoles:
    - common_roles
  resource: "candidate:object"
  rules:
    - actions: ['*']
      effect: EFFECT_ALLOW
      derivedRoles:
        - admin_africa
      condition:
        match:
          expr: >
            "africa" in request.resource.attr.continents

William Vitali

12/16/2022, 5:03 PM

aah perfect thank you ! 🙏

Alex Olivier (Cerbos)

12/16/2022, 5:04 PM

You aren’t the first to run into this - we are planning to get some linting around it soon

2 Views

Open in Slack

Previous Next