Skip to main content

Managing the Edge Authorizer

Deploying the Edge Authorizer

Aserto's Edge Authorizer is a Topaz instance and is available as a Docker container that you can run locally either in its own container or as a sidecar.

The CLI provides a management experience for Edge Authorizers.

note

The Edge Authorizer requires docker to be installed and running. To install Docker on a Mac or Linux system: brew install --cask docker

To use the CLI you need to first login to your Aserto account.

You can then pull down the latest Topaz docker image.

aserto install

Selecting the tenant

To select the tenant from which to configure an Edge Authorizer, refer to the Config documentation.

Configuring an Edge Authorizer to connect to the Control Plane

To configure the Edge Authorizer to connect to the Aserto Control Plane, use the following command. Note that EDGE_AUTHORIZER_CONNECTION_ID is the connection ID of an Edge Authorizer that you created in the Aserto console.

aserto config new -n <POLICY_INSTANCE_NAME> --edge-authorizer=<EDGE_AUTHORIZER_CONNECTION_ID> [--decision-logging]

This will create a new local Topaz configuration, which will instruct Topaz to connect to the control plane using the downloaded certificates and create a mutual TLS connection with the control plane.

To enable decision logs to be collected and forwarded to the Aserto Control Plane, use the --decision-logging option of the aserto config new command.

Selecting the new configuration to run

Once you configure an edge authorizer you should be able to see the configuration file in the aserto config list command results.

From there you need to select the configuration file to be able to manage the authorizer using the aserto config use <POLICY_INSTANCE_NAME> command.

Starting an Edge Authorizer

Finall you can docker run a container running an Edge Authorizer with the created policy configuration:

aserto start

These additional commands allow managing the Edge Authorizer instance.

aserto status   # displays the running status of the authorizer
aserto stop     # stops the authorizer
aserto update   # updates the authorizer image to :latest

For more details about the edge authorizer configuration see the Edge Authorizers section.