Skip to main content

Managing the Edge Authorizer

Deploying the Edge Authorizer

Aserto's Edge Authorizer is a Topaz instance and is available as a Docker container that you can run locally either in its own container or as a sidecar.

The CLI provides a management experience for Edge Authorizers.

note

The Edge Authorizer requires docker to be installed and running. To install Docker on a Mac or Linux system: brew install --cask docker

To use the CLI you need to first login to your Aserto account.

You can then pull down the latest Topaz docker image.

aserto developer install

Configuring

To configure the Edge Authorizer to connect to the Aserto Control Plane, use the following command. Note that EDGE_AUTHORIZER_CONNECTION_ID is the connection ID of an Edge Authorizer that you created in the Aserto console.

aserto developer configure <POLICY_INSTANCE_NAME> --edge-authorizer=<EDGE_AUTHORIZER_CONNECTION_ID> [--decision-logging]

Starting

Finall you can docker run a container running an Edge Authorizer with the peoplefinder policy configuration, writing the decision logs to /tmp/decision-logs:

aserto developer start peoplefinder --data-path=/tmp/decision-logs

These additional commands allow managing the Edge Authorizer instance.

aserto developer status   # displays the running status of the authorizer
aserto developer stop # stops the authorizer
aserto developer update # updates the authorizer image to :latest

Once the Edge Authorizer is deployed it needs to be connected to the Aserto Control Plane. To do this, see the Edge Authorizers section.