Sending a command via the CLI
The aserto
CLI can be used to send commands to Edge Authorizer instances.
Required information
Once logged in, the aserto
CLI already has the Tenant ID and authorization information to communicate with the relay
endpoint.
You will need to determine the registered instance ID. You can either do this via the console, or via the CLI.
aserto control-plane list instances
This returns a JSON array with all the Topaz instances that have registered with the control plane, in the following format:
[
{
"id": "0c0607e8-3689-491f-b42f-f9eb24409abb",
"info": {
"policy_id": "a4966ba0-b626-11ec-810f-018dbb604591",
"policy_label": "todo",
"remote_host": "29f48f6dc3f1",
"connection_id": "bc1bbfe2-20c8-11ee-9069-031f1f3ef1c7",
"certificate_id": "7a:b9:5c:b9:31:4c:81:00:8a:97:5b:c4:f7:1d:4e:02:b8:40:b1:e4",
"policy_name": "todo"
}
},
...
]
The id
field is the one that's required to send control plane commands to the instance.
Available commands
Two commands are available to send to connected Edge Authorizers:
- Discovery: this short-circuits the OPA Discovery timer and forces an immediate download of a policy image.
- Sync Edge Directory: this short-circuits the Directory timer and forces an immediate sync of any new manifest or data in the Central Directory.
Discovery (Sync Policy Instance)
aserto control-plane exec discovery <Instance-ID>
A successful call returns nothing.
Sync Edge Directory
aserto control-plane exec edge-sync <Instance-ID>
A successful call returns nothing.