https://cerbos.dev logo
Powered by
Title
j

Jesum Yip

01/30/2023, 2:20 AM
cerbos' CEL runtime doesn't support macros? i'm trying to search for a value in this array. i'm looking for a condition where "org_id" = "abc123" in that array. 
"orgs": [	
		{
			"org_id" : "xxxxxxxxxxxxxxxxxx",
			"org_name" : "xxxxxxxxxxxxxxxxx"
		},
		{
			"org_id" : "xxxxxxxxxxxxxxxxxx",
			"org_name" : "xxxxxxxxxxxxxxxxx"
		}
	]
so far i've tried 
- expr: > 
    request.aux_data.jwt.org_info.orgs.exists_one(org_id, "abc123")
and 
cerbos compile
throws an error
d

Dennis (Cerbos)

01/30/2023, 2:24 AM
Cerbos conditions do support macros. 
has
, 
map
, 
filter
and alike are all macros. Which API are you using? What’s your condition expression?
Please try this: 
- expr: > 
    request.aux_data.jwt.org_info.orgs.exists_one(t, t.org_id == "abc123")
j

Jesum Yip

01/30/2023, 2:27 AM
oh my god
let me try that
i can't find any good CEL tutorials /e xamples
d

Dennis (Cerbos)

01/30/2023, 2:29 AM
Did you know cerbos has REPL to try CEL expressions?
j

Jesum Yip

01/30/2023, 2:29 AM
no i didn't
any docs on that?
d

Dennis (Cerbos)

01/30/2023, 2:29 AM
Check the link https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#repl
j

Jesum Yip

01/30/2023, 2:34 AM
very nice
d

Dennis (Cerbos)

01/30/2023, 2:36 AM
Regarding CEL examples. I think this page https://docs.cerbos.dev/cerbos/latest/policies/conditions.html is a good starting point, which hopefully is enough for most Cerbos use cases. Then there’s an official intro and the language definition but the latter is quite verbose.
Did the fix work out for you?
j

Jesum Yip

01/30/2023, 2:37 AM
yes it does
thank you so much
i'll try to read up more on CEL
the language definition part is not 100% clear to me but i'll try out more experiments
d

Dennis (Cerbos)

01/30/2023, 2:37 AM
Yes, it is quite complicated.
I think revisiting Cerbos docs page about conditions and experimenting with REPL will do the trick.
No worries, I’m happy to help.
j

Jesum Yip

01/30/2023, 2:57 AM
@Dennis (Cerbos) in a test suite, is this how i would represent the orgs structure from above? 
auxData:
    validJWT:
      jwt:
        org_info: { 
            default_org_id: "some value",
            orgs: [ 
                { org_id : "abc123" }, 
                { org_id : "def456" }
            ]
        } 
        aud: [ "my audience" ]
d

Dennis (Cerbos)

01/30/2023, 3:03 AM
Missing comma after the last 
}
. Otherwise looks good
Oops. This is yaml. No comma
j

Jesum Yip

01/30/2023, 3:43 AM
everything works beautifully now. 🥰
so elegant. 🙂
:gratitude-thank-you:
#helpJoin Slack
Powered by