Installing templates
Topaz includes some built-in templates to make it easy to get started.
A template references three types of artifacts:
- an authorization policy
- a domain model (in the form of a manifest file)
- sample data (e.g. users, groups, objects, relationships)
Listing templates
topaz templates list
lists the set of available templates.
Example:
topaz templates list
NAME DESCRIPTION DOCUMENTATION
peoplefinder Corporate directory end-to-end sample https://docs.aserto.com/docs/getting-started/peoplefinder/peoplefinder-overview
todo Todo application end-to-end sample https://docs.aserto.com/docs/quickstarts/todo/overview
simple-rbac Simple RBAC authorization template https://docs.aserto.com/docs/quickstarts/simple-rbac/overview
gdrive Authorization template for nested folders and documents https://docs.aserto.com/docs/quickstarts/gdrive/overview
slack Authorization template for workspaces and channels https://docs.aserto.com/docs/quickstarts/slack/overview
github Authorization template for repositories, organizations and teams. https://docs.aserto.com/docs/quickstarts/github/overview
...
Installing a template
topaz templates install
installs a template. Note that this will replace the existing manifest and remove all existing data!
Example:
topaz templates install todo
Installing this template will completely reset your topaz configuration.
Do you want to continue? (y/N) y
>>> stopping topaz...
>>> configure policy
certs directory: /Users/ogazitt/.config/topaz/certs
FILE ACTION
gateway.crt skipped, file already exists
gateway-ca.crt skipped, file already exists
gateway.key skipped, file already exists
grpc.crt skipped, file already exists
grpc-ca.crt skipped, file already exists
grpc.key skipped, file already exists
policy name: todo
>>> starting topaz...
db6ed35bede626edbc0692a30d9294b88e726f678ed96be9a5aa03117a08a5a7
WARNING: delete manifest resets all directory state, including relation and object data
>>> delete manifest
>>> set manifest from /Users/ogazitt/.config/topaz/model/manifest.yaml
>>> importing data from /Users/ogazitt/.config/topaz/data
object types skipped
permissions skipped
relation types skipped
objects 19
relations 20
Artifacts
This command installs the following artifacts in $HOME/.config/topaz/
:
tree $HOME/.config/topaz
/Users/ogazitt/.config/topaz
├── certs
│ ├── gateway-ca.crt
│ ├── gateway.crt
│ ├── gateway.key
│ ├── grpc-ca.crt
│ ├── grpc.crt
│ └── grpc.key
├── cfg
│ └── config.yaml
├── data
│ ├── citadel_objects.json
│ └── citadel_relations.json
├── db
│ └── directory.db
└── model
└── manifest.yaml
certs/
contains a set of generated self-signed certificates for Topaz.cfg/config.yaml
contains a Topaz configuration file which references the sample Todo policy image. A policy image is an OCI image that contains an OPA policy. For the Todo template, this is the public GHCR imageghcr.io/aserto-policies/policy-todo:latest
. The source code for the policy image can be found here.data/
contains the objects and relations for the Todo template - in this case, a set of 5 users and 4 groups that are based on the "Rick & Morty" cartoon.db/directory.db
contains the embedded database which houses the model and data.model/manifest.yaml
contains the manifest file which describes the domain model.
Additional actions
Besides laying down the artifacts mentioned, installing the Todo template invoked the following actions:
- started Topaz in daemon (background) mode (see starting Topaz).
- set the manifest found in
model/manifest.yaml
(see setting the manifest). - imported the objects and relations found in
data/
(see importing data). - opened a browser window to the Topaz console (see the console).