So far, we've only interacted with a multi-tenant hosted version of the Aserto Authorizer. But there are other deployment models:
- Developing locally against an "all-in-one" version of the Aserto Authorizer, referred to as the OneBox
- Deploying the Aserto Authorizer as a sidecar in the same kubernetes pod as the calling service
- Deploying the Aserto Authorizer as another microservice in the same subnet as the other microservices in your application
These scenarios all use the open-source
aserto-one docker image, which is a containerized version of the
Aserto authorization system, which can either be run independently with no connection to the Aserto control
plane, or can be connected to the Aserto control plane to automatically receive policy changes, user attribute
changes, and push decision logs back to the control plane.
The OneBox requires
docker to be installed and running.
To install Docker:
brew install --cask docker
To get started with the OneBox, you can pull it down using the Aserto CLI.
If you haven't yet, you can install it using
brew on Mac or Linux.
brew tap aserto-dev/tap && brew install aserto
:::Note For Windows (or if you want to download it as a zip file), refer to the CLI installation page. :::
Login to your Aserto account:
You can use the CLI to install and run a local authorizer on your desktop.
The following command will pull down the latest
aserto-one docker image.
aserto developer install
The next command will pull down the configuration for a policy that you've set up in the console, using
the name you gave it (in our case,
aserto developer configure peoplefinder
The following command will
docker run a local container with the
peoplefinder policy configuration:
aserto developer start peoplefinder
You can use the next command to open a browser window that shows a local version of the console, to see what policies and users the local authorizer has. It also has a Rego playground and an API explorer that allow you to experiment with the Aserto authorization system.
aserto developer console # will show you what the local authorizer is running
The next few commands help manage the
aserto-one docker instance and image.
aserto developer status # displays the running status of the authorizeraserto developer stop # stops the authorizeraserto developer update # updates the authorizer image to :latest
Explore how the PeopleFinder sample uses the Aserto express SDK and React SDK to inject authorization into the application’s API, and conditionally render UI elements based on the “visible” and “enabled” attributes of the policy.