William Vitali
12/16/2022, 4:58 PM---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
version: "default"
importDerivedRoles:
- common_roles
resource: "candidate:object"
rules:
- actions: ['*']
effect: EFFECT_ALLOW
derivedRoles:
- admin_africa
condition:
match:
expr: request.resource.attr.continents == "africa"
But if I replace the last line with expr: "africa" in request.resource.attr.continents
then I have the error {"log.level":"warn","@timestamp":"2022-12-16T16:55:20.233Z","log.logger":"cerbos.dir.watch","message":"Failed to read policy from file","dir":"/policies","file":"resource_candidate.yaml","error":"failed to convert YAML to JSON: yaml: line 14: did not find expected key"}
Does anybody know why I can't use the "in" keyword here ?Alex Olivier (Cerbos)
12/16/2022, 5:01 PM"
the following will work though:
---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
version: "default"
importDerivedRoles:
- common_roles
resource: "candidate:object"
rules:
- actions: ['*']
effect: EFFECT_ALLOW
derivedRoles:
- admin_africa
condition:
match:
expr: >
"africa" in request.resource.attr.continents
William Vitali
12/16/2022, 5:03 PMAlex Olivier (Cerbos)
12/16/2022, 5:04 PM