how does everyone handle promoting cerbos policies...
# help
how does everyone handle promoting cerbos policies to production? let's say we are using gitlab (or github / doesn't really matter) 1. have a set of test suites and policies checked into your git repo together 2. triggers a cd/ci pipeline job to run in git which basically runs
cerbos compile
with the
parameter. 3. #2 completes with exit code 0 - great, everything checks out. 4. then what do you do next? in your git actions / ci, do you
git clone
git add
git commit
git push
to another repo / folder that the production version of cerbos is watching so that it will get the set of policies from #1?
so do you have
folder in your repo together with
? and then you run the test suites against the
folder and when testing passes, you copy all of them into
i would imagine
should be a complete mirror of each other.
how do you handle naming your policy versions then?
policies both in
have the same policy version values?
The typical workflow is to develop your policies in a branch. When you want to promote them, create a pull request and let the CI checks run. Merge to your production branch on success (the branch that Cerbos is configured to watch) and Cerbos should automatically pick those changes up if you have enabled polling.