Skip to main content

Installing a local authorizer running as a docker container

So far, we've only interacted with a multi-tenant hosted version of the Aserto Authorizer. But there are other deployment models:

  • Developing locally against a containerized version of the Aserto Authorizer, referred to as the Sidecar
  • Deploying the Aserto Authorizer as a sidecar in the same kubernetes pod as the calling service
  • Deploying the Aserto Authorizer as another microservice in the same subnet as the other microservices in your application

These scenarios all use the open-source sidecar docker image, which is a containerized version of the Aserto authorization system, which can either be run independently with no connection to the Aserto control plane, or can be connected to the Aserto Control Plane to automatically receive policy changes, user attribute changes, and push decision logs back to the Control Plane.

note

The Sidecar requires docker to be installed and running. To install Docker: brew install --cask docker

To get started with the Sidecar, you can pull it down using the Aserto CLI.

If you haven't yet, you can install it using brew on Mac or Linux.

brew tap aserto-dev/tap && brew install aserto

:::Note For Windows (or if you want to download it as a zip file), refer to the CLI installation page. :::

Sign in to your Aserto account:

aserto login

You can use the CLI to install and run a local authorizer on your desktop.

The following command will pull down the latest sidecar docker image.

aserto developer install

The next command will pull down the configuration for a policy that you've set up in the console, using the name you gave it (in our case, peoplefinder).

aserto developer configure peoplefinder

The following command will docker run a local container with the peoplefinder policy configuration, writing the decision logs to /tmp/decision-logs:

aserto developer start peoplefinder --data-path=/tmp/decision-logs

The next few commands help manage the sidecar docker instance and image.

aserto developer status   # displays the running status of the authorizer
aserto developer stop     # stops the authorizer
aserto developer update   # updates the authorizer image to :latest

Next Steps

Explore how the PeopleFinder sample uses the Aserto express SDK and React SDK to inject authorization into the application’s API, and conditionally render UI elements based on the visible and enabled attributes of the policy.