https://cerbos.dev logo
#help
Title
# help
m

Mohan Prasath

01/28/2023, 6:07 AM
Hello all, Getting an incorrect response from
/api/check/resources
API. In the policy, we defined the
role CDO
can access resource
dealership_referral_api
with the action
read and edit
. But when we validate the request using
/api/check/resources
API, sometimes we get "EFFECT_ALLOW" and sometimes we get "EFFECT_DENY". I've given the setup, configuration, and screenshot below. Kindly help me to resolve this issue. Deployed cerbos on lambda - API Gateway URL cerbos-config:
Copy code
auxData:
  jwt:
    disableVerification: true
server:
  adminAPI:
    enabled: true
    adminCredentials:
      username: <USER_NAME>
      passwordHash: <PASSWORD>
  playgroundEnabled: true
storage:
  driver: "mysql"
  mysql:
    dsn: "user:password@tcp(host:3306)/db_name"
d

Dennis (Cerbos)

01/29/2023, 10:41 PM
1. How often do you get EFFECT_DENY? 2. Do you see anything interesting in the log when you get EFFECT_DENY? I ran a few tests using the above endpoint. I sent 500+ requests in total and got EFFECT_ALLOW every time… except one. I don’t know what the response was. It might be EFFECT_DENY or an error. I added more error handling to my script, but no luck - it is always EFFECT_ALLOW since then. I refrained from sending too many requests to the endpoint minding your cloud cost.
v

Vignesh Sankaran

02/02/2023, 8:47 AM
We are also unable to reproduce the same error. Maybe some response cache issue or something else. However we have moved to Production and awaiting for similar reportings from the users or the logs. It has been 2 days and no issues so far. Will keep tracking this in our product.
2 Views