https://cerbos.dev logo
#help
Title
# help
j

Jesum Yip

01/31/2023, 1:37 AM
how does everyone handle promoting cerbos policies to production? let's say we are using gitlab (or github / doesn't really matter) 1. have a set of test suites and policies checked into your git repo together 2. triggers a cd/ci pipeline job to run in git which basically runs
cerbos compile
with the
--tests
parameter. 3. #2 completes with exit code 0 - great, everything checks out. 4. then what do you do next? in your git actions / ci, do you
git clone
,
git add
,
git commit
,
git push
to another repo / folder that the production version of cerbos is watching so that it will get the set of policies from #1?
so do you have
/prod_policies
folder in your repo together with
/beta_policies
? and then you run the test suites against the
/beta_policies
folder and when testing passes, you copy all of them into
/prod_policies
?
i would imagine
/prod_policies
and
/beta_policies
should be a complete mirror of each other.
how do you handle naming your policy versions then?
policies both in
prod_policies
and
beta_policies
have the same policy version values?
c

Charith (Cerbos)

01/31/2023, 9:26 AM
The typical workflow is to develop your policies in a branch. When you want to promote them, create a pull request and let the CI checks run. Merge to your production branch on success (the branch that Cerbos is configured to watch) and Cerbos should automatically pick those changes up if you have enabled polling.
2 Views