Cerbos Python Demo

This project demonstrates how to work with Cerbos in Python projects.

It shows how Cerbos enforces access rules on a holiday request created by an employee named Harry.

Requirements

• Minimum Python version supported by this demo is 3.10

⚠️ If you're completely new to Cerbos make sure to check the How it works videos! ⚠️

Run the demo

Clone this repository:

git clone https://github.com/cerbos/demo-python.git 
cd demo-python

⚠️ If you are using Docker Desktop on a Mac, and have not installed symlinks during installation also run this:

sudo ln -s "$HOME/.docker/run/docker.sock" /var/run/docker.sock

Run the following command to launch the demo:

./pw demo

That's all!

The demo script (main.py) starts a new Cerbos container with the policies from the policies directory and sends requests for a set of different principals and resources to demonstrate how policy evaluation works.

Now try deleting the condition block attached to the direct_manager derived role (line 23-28 in derived_roles_1.yml) and run the ./pw demo command again.

Amanda, who was previously disallowed from viewing or approving Harry’s leave requests should now be allowed to do those actions.

Do you understand why?

Read more about Cerbos on our comprehensive documentation or join the friendly Cerbos Slack Community to ask questions.

Feel free to get creative and edit policies to test how even more complex use-cases would turn out.

Demo Video

Watch the demo with commentary:

Cerbos Python Demo (GitHub) - Watch Video

Playground

Launch the policy from this demo in the playground. Play with it to see how Cerbos behaves.