do you have an example of how to add an audit block to the c Cerbos Community #help

Join Slack

do you have an example of how to add an audit bloc...

# help

Maggie Walker

01/05/2023, 6:47 PM

do you have an example of how to add an audit block to the conf yaml file only if the env is dev?

Charith (Cerbos)

01/05/2023, 6:49 PM

Are you using Helm to deploy Cerbos?

Maggie Walker

01/05/2023, 6:59 PM

I am not

Maggie Walker

01/05/2023, 6:59 PM

what is Helm, lol

Maggie Walker

01/05/2023, 7:00 PM

we have a jenkins pipeline building our docker image and deploying it

Charith (Cerbos)

01/05/2023, 7:11 PM

Helm is a popular way to deploy to Kubernetes. It allows you to customize the deployment for each environment. But, since you're not using that, I can suggest two options. Option 1: Use an environment variable to flip

audit.enabled

config field. So you would have your config file looking something like the following and launch your container with

-e AUDIT_ENABLED=true

in dev.

Copy code

audit:
  enabled: ${AUDIT_ENABLED}

Option 2: Add

--set=audit.enabled=true

as an argument to the docker

ARGS

field or your container launch script

Maggie Walker

01/05/2023, 7:31 PM

ok awesome, and otherwise will I be fine to keep the backend and file attributes even when audit.enabled = false?:

Copy code

audit:
  enabled: ${AUDIT_ENABLED}
  decisionLogsEnabled: ${DECISION_LOGS_ENABLED}
  backend: file
  file:
      path: stdout

Charith (Cerbos)

01/05/2023, 7:37 PM

Yes, absolutely. They're only used if

enabled

is true.

Maggie Walker

01/05/2023, 7:37 PM

cool, i'll let you know how it goes!

Maggie Walker

01/06/2023, 4:54 PM

Working great @Charith (Cerbos)!

3 Views

Open in Slack

Previous Next