https://cerbos.dev logo
#help
Title
# help
s

sdktr

03/09/2023, 3:02 PM
Is there a way for SDK clients to specify which (git)branch of the cerbos policies we want to evaluate? #cicd #dev
a

Alex Olivier (Cerbos)

03/09/2023, 3:09 PM
Hey, You define the branch in the PDP configuration rather than the SDK level. https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#git-driver eg
Copy code
storage:
  driver: "git"
  git:
    protocol: https
    url: <https://github.com/cerbos/policy-test.git>
    branch: main
    subDir: policies
p

Peter Franzen

03/09/2023, 6:42 PM
Yeah we're doing this by having a Cerbos server per branch (dev, qa, prod, etc.).
s

sdktr

03/09/2023, 6:46 PM
Thanks @Peter Franzen , thats the usecase I’m hinting at. During dev, use the sdk for testing the policy-in-the-making by hinting the feature_branch in the request
c

Charith (Cerbos)

03/09/2023, 6:55 PM
Are you talking about testing in an environment where you don't have access to the Cerbos installation? For local development, some of our SDKs provide test harnesses where you can launch a Cerbos instance with a set of policies. You can also use `cerbos run` to run your tests against an ephemeral Cerbos instance. While you can't switch the branch at runtime, you can use the policy
version
field to mark your in-development policies as
dev
,
staging
or whatever else. Any policy that's not
version: default
requires an explicit opt-in in the request.
2 Views