Skip to main content

Sending a command via the CLI

The aserto CLI can be used to send commands to Edge Authorizer instances.

Required information

Once logged in, the aserto CLI already has the Tenant ID and authorization information to communicate with the relay endpoint. You will need to determine the registered instance ID. You can either do this via the console, or via the CLI.

aserto control-plane list-instance-registrations

This returns a JSON array with all the Topaz instances that have registered with the control plane, in the following format:

"id": "0c0607e8-3689-491f-b42f-f9eb24409abb",
"info": {
"policy_id": "a4966ba0-b626-11ec-810f-018dbb604591",
"policy_label": "todo",
"remote_host": "29f48f6dc3f1",
"connection_id": "bc1bbfe2-20c8-11ee-9069-031f1f3ef1c7",
"certificate_id": "7a:b9:5c:b9:31:4c:81:00:8a:97:5b:c4:f7:1d:4e:02:b8:40:b1:e4",
"policy_name": "todo"

The id field is the one that's required to send control plane commands to the instance.

Available commands

Two commands are available to send to connected Edge Authorizers:

  • Discovery: this short-circuits the OPA Discovery timer and forces an immediate download of a policy image.
  • Sync Edge Directory: this short-circuits the Directory timer and forces an immediate sync of any new manifest or data in the Central Directory.

Discovery (Sync Policy Instance)

aserto control-plane discovery <Instance-ID>

A successful call will return nothing.

Sync Edge Directory

aserto control-plane edge-dir-sync <Instance-ID>

A successful call will return nothing.