Skip to main content

Warrant Edge Agent

The Warrant Edge Agent is a lightweight service that can process Warrant access check requests. It can be deployed in any cloud environment to minimize the latency of access check requests from services using Warrant to enforce authorization. The Edge Agent serves access check requests from a local cache and connects to stream.warrant.dev to receive updates as access rules are modified in order to keep its cache up-to-date.

Deploy the Edge Agent

Agents can be deployed on Docker or Kubernetes, with support for more platforms coming soon. Select a deployment option below and follow the steps to get the agent running. If there's a platform you'd like us to support, drop us a note.

1. Pull the Docker image

docker pull warrantdev/edge-agent

2. Configure the agent properties

Create a file named agent.properties to configure the agent. Add the following properties, filling out your own values for each:

# agent.properties
API_KEY=[your api key]
DATASTORE=[memory | redis]

Supported options for the DATASTORE property are redis and memory (default). It's not recommended to run the edge agent with the memory option in production.

For more information on the properties, take a look at our reference.

3. Start the docker container

From the directory where you created agent.properties, start the docker container with the following command, using the --env-file flag to pass in the properties file:

docker run --name edge-agent --env-file agent.properties warrantdev/edge-agent

Local Testing

To run the agent image locally with a local Redis instance, set REDIS_HOSTNAME in your properties file to host.docker.internal.

If you are running the agent on your local machine, include the --network host flag:

docker run --name edge-agent --env-file agent.properties --network host warrantdev/edge-agent

If you are running the agent on Apple Silicon, include the --platform linux/amd64 flag:

docker run --name edge-agent --env-file agent.properties --platform linux/amd64 warrantdev/edge-agent

Once deployed, the edge agent will take a few moments to initialize its local cache and connect to stream.warrant.dev to receive updates as your access model changes. After the agent is initialized, it will be able to serve requests at /v2/authorize.

Configure the SDK

Configure the Warrant server-side SDK you're using to send access check requests to a your Edge Agent by overriding the authorize endpoint.

import { Client as Warrant } from "@warrantdev/warrant-node";

const warrant = new Warrant({
  apiKey: "your-api-key",
  authorizeEndpoint: "your-edge-agent-address", // ex: http://localhost:3000
});

After configuring the authorization endpoint, all access check requests made by the Warrant server-side SDK will go to your agent.

Caching Options

The Edge Agent must be configured with a datastore in order to cache access rules. The agent currently supports redis and a default in-memory cache.

In-memory (default)

The default in-memory cache is great for setting up and testing out the edge agent but is not recommended for production usage.

Redis

The agent can be configured to cache access rules using Redis. To configure the agent to use Redis, set the DATASTORE property to redis and provide the following properties:

REDIS_HOSTNAME
REDIS_PASSWORD (optional)
REDIS_PORT (optional)

Properties Reference

PropertyRequired?Description
API_KEYYesWarrant API key used to link your agent to your Warrant account
DATASTORENoThe type of datastore to configure the agent with
REDIS_HOSTNAMENoIP address or host name of the Redis server
REDIS_PORTNoThe port on which Redis is listening (defaults to 6379)
REDIS_PASSWORDNoPassword to use when connecting to the Redis server