Creating and managing Aserto configurations
The Aserto CLI provides a convenient way to target its commands at a particular tenant and policy instance. These are known as "configs".
The Aserto CLI leverages Topaz configurations, which can be used to target local configurations. It also adds a convenient way to target remote configurations: these are policy instances that are managed by the Aserto SaaS platform.
To access these configurations, be sure to login first.
Aserto configuration commands
For a full listing, type aserto config.
Usage: aserto config <command> [flags]
configuration commands
Commands:
config use use a topaz configuration
config new create new configuration
config list list configurations
config rename rename configuration
config delete delete configuration
config info display configuration information
Flags:
-h, --help Show context-sensitive help.
-c, --config=STRING name or path of configuration file
-v, --verbosity Use to increase output verbosity.
--tenant=STRING tenant id override ($ASERTO_TENANT_ID)
Listing available configurations
If you are not logged in, the list will display you available Topaz configuration files. Once you've logged in, you will see your available tenants in this list.
Example:
aserto config list
NAME CONFIG
tenant1.aserto.com 7dxc1dscb-8541-11ee-8530-00fde8f8691a
tenant2.aserto.com c8x4x115-28cb-11rf-b88b-009az7b104e6
gdrive gdrive.yaml
peoplefinder peoplefinder.yaml
todo todo.yaml
Selecting a configuration
Running aserto config use <name>, you can select the configuration that will be used by the CLI.
Please note that for local topaz configurations, some of the remote Aserto CLI commands will not be available.
Once you selected a configuration if you run an aserto config list you should see your selection marked as:
Example:
aserto config use tenant1.aserto.com
aserto config list
NAME CONFIG
* tenant1.aserto.com 7dxc1dscb-8541-11ee-8530-00fde8f8691a
tenant2.aserto.com c8x4x115-28cb-11rf-b88b-009az7b104e6
gdrive gdrive.yaml
peoplefinder peoplefinder.yaml
todo todo.yaml
Please note that the aserto config rename, aserto config delete and aserto config info are meant for interacting with you local Topaz configurations only.
For more details regarding these commands, see the Topaz Configuration Docs.
Issuing commands to remote instances
Once you've selected an Aserto tenant as your current configuration, you can use the Connections, Policies, Decision Logs, and Control Plane commands, targeting that tenant.
In addition, all of the Directory and Authorizer commands will target that specific tenant.
Creating an Edge Authorizer configuration
Edge Authorizers are Topaz instances that are managed by the Aserto Control Plane.
Creating an Edge Authorizer configuration allows you to mirror a policy and directory in an Aserto Tenant, but run these locally - either on your workstation, as a microservice, or as a sidecar.
Refer to the Edge Authorizer CLI docs to learn how to use the aserto config new command to create an Edge Authorizer configuration that mirrors one of your policies in your Aserto Tenant.