cerbos' CEL runtime doesn't support macros? i'm tr...
# helpj
Jesum Yip
01/30/2023, 2:20 AMcerbos' CEL runtime doesn't support macros? i'm trying to search for a value in this array. i'm looking for a condition where "org_id" = "abc123" in that array.
Copy code
"orgs": [
{
"org_id" : "xxxxxxxxxxxxxxxxxx",
"org_name" : "xxxxxxxxxxxxxxxxx"
},
{
"org_id" : "xxxxxxxxxxxxxxxxxx",
"org_name" : "xxxxxxxxxxxxxxxxx"
}
]Jesum Yip
01/30/2023, 2:23 AMso far i've tried
Copy code
- expr: >
request.aux_data.jwt.org_info.orgs.exists_one(org_id, "abc123")cerbos compiled
Dennis (Cerbos)
01/30/2023, 2:24 AM
Cerbos conditions do support macros. What’s your condition expression?
hasmapfilterDennis (Cerbos)
01/30/2023, 2:27 AM
Please try this:
Copy code
- expr: >
request.aux_data.jwt.org_info.orgs.exists_one(t, t.org_id == "abc123")j
Jesum Yip
01/30/2023, 2:27 AMoh my god
Jesum Yip
01/30/2023, 2:27 AMlet me try that
Jesum Yip
01/30/2023, 2:28 AMi can't find any good CEL tutorials /e xamples
d
Dennis (Cerbos)
01/30/2023, 2:29 AM
Did you know cerbos has REPL to try CEL expressions?
j
Jesum Yip
01/30/2023, 2:29 AMno i didn't
Jesum Yip
01/30/2023, 2:29 AMany docs on that?
d
Dennis (Cerbos)
01/30/2023, 2:29 AM
Check the link https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#repl
j
Jesum Yip
01/30/2023, 2:34 AMvery nice
d
Dennis (Cerbos)
01/30/2023, 2:36 AM
Regarding CEL examples. I think this page https://docs.cerbos.dev/cerbos/latest/policies/conditions.html is a good starting point, which hopefully is enough for most Cerbos use cases. Then there’s an official intro and the language definition but the latter is quite verbose.
Dennis (Cerbos)
01/30/2023, 2:37 AM
Did the fix work out for you?
j
Jesum Yip
01/30/2023, 2:37 AMyes it does
Jesum Yip
01/30/2023, 2:37 AMthank you so much
Jesum Yip
01/30/2023, 2:37 AMi'll try to read up more on CEL
Jesum Yip
01/30/2023, 2:37 AMthe language definition part is not 100% clear to me but i'll try out more experiments
d
Dennis (Cerbos)
01/30/2023, 2:37 AM
Yes, it is quite complicated.
Dennis (Cerbos)
01/30/2023, 2:38 AM
I think revisiting Cerbos docs page about conditions and experimenting with REPL will do the trick.
Dennis (Cerbos)
01/30/2023, 2:39 AM
No worries, I’m happy to help.
j
Jesum Yip
01/30/2023, 2:57 AM@Dennis (Cerbos) in a test suite, is this how i would represent the orgs structure from above?
Copy code
auxData:
validJWT:
jwt:
org_info: {
default_org_id: "some value",
orgs: [
{ org_id : "abc123" },
{ org_id : "def456" }
]
}
aud: [ "my audience" ]d
Dennis (Cerbos)
01/30/2023, 3:03 AM
Missing comma after the last
}Dennis (Cerbos)
01/30/2023, 3:04 AM
Oops. This is yaml. No comma
j
Jesum Yip
01/30/2023, 3:43 AMeverything works beautifully now. 🥰
Jesum Yip
01/30/2023, 3:44 AMso elegant. 🙂
Jesum Yip
01/30/2023, 3:44 AMgratitude thank you