Skip to main content

Runtime Flow

When the edge authorizer has been bootstrapped it will transition to the runtime flow:

In this state, it will spin up two timer-based background tasks: The first is the discovery updates flow, which executes the discovery request described above to retrieve configuration updates. These updates include updates of the policy in case of a new version as well as configuration changes for the plugins, concretely the edge directory plugin. When a new policy version is available, the policy will be downloaded and applied to the authorizer.

A second time-based background task will synchronize the identity data from the central directory to the edge authorizer when the edge directory plugin is enabled. By default, directory synchronization is turned off and can be enabled in the Aserto console.

Runtime configuration#

The runtime configuration is automatically retrieved from the control plane and is not persisted. The example below shows the resolved runtime configuration of the edge authorizer.

---logging:  prod: true  log_level: info
directory_service:  path: /app/db/directory.db
api:  grpc:    connection_timeout_seconds: 2    listen_address: ''    certs:      tls_key_path: '/app/certs/grpc.key'      tls_cert_path: '/app/certs/grpc.crt'      tls_ca_cert_path: '/app/certs/grpc-ca.crt'  gateway:    listen_address: ''    allowed_origins:      - https://*    certs:      tls_key_path: '/app/certs/gateway.key'      tls_cert_path: '/app/certs/gateway.crt'      tls_ca_cert_path: '/app/certs/gateway-ca.crt'  health:    listen_address: ''
opa:  discovery:    bundles:      '<POLICY_ID>':        persist: false        polling:          max_delay_seconds: 120          min_delay_seconds: 60        resource: '<POLICY_ID>/bundle.tar.gz'        service: aserto-bundler        signing:        size_limit_bytes: 0    plugins:      aserto_edge:        addr:        apikey: '<REDACTED directory API key>'        enabled: false        insecure: false        page_size: 100        sync_interval: 60        timeout: 10    services:      aserto-bundler:        credentials:          bearer:            token: '<REDACTED> registry download API key'        response_header_timeout_seconds: 60        url:<TENANT_ID>/
decision_logger:  enabled: false