{"id":18715114,"url":"https://github.com/cerbos/example-cerbos-policy-repository","last_synced_at":"2025-11-10T05:30:14.494Z","repository":{"id":156155212,"uuid":"632855473","full_name":"cerbos/example-cerbos-policy-repository","owner":"cerbos","description":"A template repo for storing Cerbos policies","archived":false,"fork":false,"pushed_at":"2024-08-08T16:57:00.000Z","size":11,"stargazers_count":2,"open_issues_count":0,"forks_count":22,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-02-16T20:32:42.236Z","etag":null,"topics":["abac","authorization","cerbos","iam","policy","rbac"],"latest_commit_sha":null,"homepage":"https://cerbos.dev","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cerbos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-26T09:14:24.000Z","updated_at":"2024-08-08T16:52:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"90e64b7d-4f7f-4bc4-8cea-d0b6d62b8758","html_url":"https://github.com/cerbos/example-cerbos-policy-repository","commit_stats":null,"previous_names":["cerbos/example-cerbos-policy-repository"],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fexample-cerbos-policy-repository","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fexample-cerbos-policy-repository/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fexample-cerbos-policy-repository/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fexample-cerbos-policy-repository/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cerbos","download_url":"https://codeload.github.com/cerbos/example-cerbos-policy-repository/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239576743,"owners_count":19662114,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","authorization","cerbos","iam","policy","rbac"],"created_at":"2024-11-07T13:07:36.749Z","updated_at":"2025-11-10T05:30:14.359Z","avatar_url":"https://github.com/cerbos.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Getting started with basic CRUD policies\n\n## What's in this repository?\n\n### Policies\n\n[Resource policies](https://docs.cerbos.dev/cerbos/latest/resource_policies.html) define rules for actions that can be performed on a given resource.\n\n[`basicResource.yaml`](./basicResource.yaml) defines a resource policy for the kind `basicResource`, with _create_, _read_, _update_ and _delete_ actions. This policy expects a principal to have either the `ADMIN` or `USER` role.\n\nA `basicResource` is expected to have two attributes, `ownerId` and `isPublished`, which are used in the policy to make decisions about which actions should be permitted.\n\n### Attribute schemas\n\n[Attribute schemas](https://docs.cerbos.dev/cerbos/latest/schemas.html) are optional JSON schemas that are used by the Cerbos PDP at request time to validate the incoming request having all the required data to make a correct authorization decision.\nThe server configuration can be set to either give a warning or reject the request if the input doesn't conform to these schemas.\n\n[`\\_schemas/principal.json`](./_schemas/principal.json) defines a schema for the principals, while [`\\_schemas/basicResource.json`](./_schemas/basicResource.json) defines a schema for the `basicResource` objects.\n\n### Tests\n\n[`basicResource_test.yaml`](./basicResource_test.yaml) defines a [test suite](https://docs.cerbos.dev/cerbos/latest/compile.html#testing) and related test data that checks that the permissions are implemented as expected.\n\n### Cerbos Policy Decision Point (PDP) configuration\n\n[`.cerbos.yaml`](./.cerbos.yaml) is used to configure a Cerbos PDP server container to load the policies from disk.\n\n### Cerbos Hub configuration\n\n[`.cerbos-hub.yaml`](./.cerbos-hub.yaml) is used to configure a [Cerbos Hub](https://cerbos.dev/next) workspace to compile policy bundles from commits matching the configured labels, to be deployed to connected Cerbos PDP instances.\n\n## Running locally\n\nA straightforward way to run Cerbos is via a [container](https://docs.cerbos.dev/cerbos/latest/installation/container.html), an example of which is shown below. [See the documentation](https://docs.cerbos.dev/cerbos/latest/installation/binary.html) for other ways to install and run Cerbos locally.\n\n### Compile and test\n\nVerify that the policies are correct by using the [compile](https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#compile) command.\n\n```\ndocker run --rm -it \\\n  -v $(pwd):/basic-crud \\\n  ghcr.io/cerbos/cerbos:latest \\\n  compile --verbose /basic-crud\n```\n\n### PDP server\n\nLaunch a PDP server by running the [server](https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#server) command.\n\n```\ndocker run --rm --name cerbos \\\n -v $(pwd):/basic-crud \\\n -p 3592:3592 \\\n -p 3593:3593 \\\n ghcr.io/cerbos/cerbos:latest \\\n server --config=/basic-crud/.cerbos.yaml\n```\n\nThe API documentation can then be found at [http://localhost:3592](http://localhost:3592).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fexample-cerbos-policy-repository","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcerbos%2Fexample-cerbos-policy-repository","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fexample-cerbos-policy-repository/lists"}