The cpln apply command is used to automate the management of Control Plane resources using JSON or YAML metadata as input.
This automation can be used for:
Using cpln apply
is a good way to leverage the CLI in an idempotent manner.
The usage, limitations, and example templates are described below.
Using the CLI, the apply
command is called by executing:
copycpln apply --file FILE_NAME [OPTIONS]
The FILE_NAME
is the path for the file and it can be either a JSON or YAML file containing the resource metadata.
To apply an Identity, a Volume Set or a Workload resource you need to specify a GVC in one of the following methods.
Specify a gvc
within your cpln profile. This will add the gvc
to the session context of the profile and will be refered to as the default gvc
when executing any future command including the cpln apply
command.
copycpln profile update PROFILE_NAME --gvc GVC_NAME
Specify a --gvc
flag to the apply
command. This will pass the gvc
as an option and will override the default gvc
that is defined in the session context of the profile.
copycpln apply --file FILE_NAME --gvc GVC_NAME
Specify a gvc
property in the resource definition in the file you wish to apply.
copykind: identityname: example-identitydescription: example-descriptiontags: {}gvc: example-gvc
Click here to view the CLI reference page for the apply
command.
The CLI has the ability to convert K8s resources into Control Plane resources. By passing the --k8s true
option to the apply
command, the K8s resources will be converted and applied.
copycpln apply --file FILE_NAME --k8s true
The apply
command will use the logic of the CLI convert command and then apply the output.
In case you would like to pass Control Plane resources through stdin
(Standard Input), use the following command.
copyCONTROL_PLANE_RESOURCES | cpln apply --file -
The console has the ability to upload a JSON or YAML file or accept a resource definition in JSON or YAML as input. The functionality is the same
as using the CLI. To start applying, click the cpln apply
button in the upper right corner of the console. A modal will be
displayed containing the upload instructions.
The cpln apply modal provides the ability to specify in which org
and gvc
a resource will be executed. The default is your currently selected org
and gvc
.
A file or an input containing an Identity, a Volume Set or a Workload resource will be executed in the scope of the specified gvc
in the cpln apply modal. In case a gvc
is defined within a resource, the resource will be executed in the scope of that gvc
.
The apply command can accept a YAML file containing multiple resources. Each resource must be separated using ---.
If a resource has a reference to another resource (e.g., a workload refers to a GVC), the referenced resource must be defined in the same file ONLY in case it does not already exist at Control Plane.
If the name of an exisiting resource is changed, the cpln apply
command will create a new resource.
NOTE: Any orphaned resources will need to be manually deleted.
cpln apply
command from the CLI or console does not output the config data.Samples of existing resources can be generated using the console or the CLI. These samples can assist when defining resources for your application.
Using the console:
Using the CLI:
cpln gvc get GVC_NAME -o yaml-slim --org ORG_NAME
will output the GVC_NAME as YAML.The json-slim
and yaml-slim
format options will output only the necessary values needed for a subsequent call to the cpln apply
command.
The apply
command can be used to manage Control Plane resources as part of a CI/CD pipeline.
Refer to the GitOps CLI documentation for additional information.
The examples below can be used as templates when creating your own metadata files.
These files can be download here.
copy{"kind": "gvc","name": "example-gvc","description": "example-gvc description","tags": {"tag1": "value1"},"spec": {"pullSecretLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],"staticPlacement": {"locationLinks": ["/org/ORG_NAME/location/aws-eu-central-1","/org/ORG_NAME/location/aws-us-west-2","/org/ORG_NAME/location/azure-eastus2","/org/ORG_NAME/location/gcp-us-east1"]}}}
copykind: gvcname: example-gvcdescription: example-gvc descriptiontags:tag1: value1spec:pullSecretLinks:- /org/ORG_NAME/secret/SECRET_NAMEstaticPlacement:locationLinks:- /org/ORG_NAME/location/aws-eu-central-1- /org/ORG_NAME/location/aws-us-west-2- /org/ORG_NAME/location/azure-eastus2- /org/ORG_NAME/location/gcp-us-east1
copy{"kind": "cloudaccount","name": "example-aws-cloud-account","description": "example-aws-cloud-account description","tags": {},"provider": "aws","data": {"roleArn": "ROLE_ARN"}}
copykind: cloudaccountname: example-aws-cloud-accountdescription: example-aws-cloud-account descriptiontags: {}provider: awsdata:roleArn: "ROLE_ARN"
copy{"kind": "cloudaccount","name": "example-azure-cloud-account","description": "example-azure-cloud-account description","tags": {},"provider": "azure","data": {"secretLink": "/org/ORG_NAME/secret/AZURE_SECRET"}}
copykind: cloudaccountname: example-azure-cloud-accountdescription: example-azure-cloud-account descriptiontags: {}provider: azuredata:secretLink: /org/ORG_NAME/secret/AZURE_SECRET
copy{"kind": "cloudaccount","name": "example-gcp-cloud-account","description": "example-gcp-cloud-account description","tags": {},"provider": "gcp","data": {"projectId": "PROJECT_ID"}}
copykind: cloudaccountname: example-gcp-cloud-accountdescription: example-gcp-cloud-account descriptiontags: {}provider: gcpdata:projectId: PROJECT_ID
copy{"kind": "cloudaccount","name": "example-ngs-cloud-account","description": "example-ngs-cloud-account description","provider": "ngs","data": {"secretLink": "/org/ORG_NAME/secret/NATS_SECRET"},}
copykind: cloudaccountname: example-ngs-cloud-accountdescription: example-ngs-cloud-account descriptiontags: {}provider: ngsdata:secretLink: /org/ORG_NAME/secret/NATS_SECRET
copy{"kind": "domain","name": "sub.example.com","description": "domain description","tags": {}}
copykind: domainname: sub.example.comdescription: domain descriptiontags: {}
copy{"kind": "secret","name": "example-aws-secret","description": "example-aws-secret description","tags": {},"type": "aws","data": {"accessKey": "AKIAIOSFODNN7EXAMPLE","roleArn": "arn:awskey","secretKey": "AKIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY","externalId": "EXTERNAL_ID"}}
copykind: secretname: example-aws-secretdescription: example-aws-secret descriptiontags: {}type: awsdata:accessKey: AKIAIOSFODNN7EXAMPLEroleArn: "arn:awskey"secretKey: AKIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYexternalId: EXTERNAL_ID
copy{"kind": "secret","name": "example-azure-connector-secret","description": "example-azure-connector-secret description","tags": {},"type": "azure-connector","data": {"code": "CODE","url": "URL"}}
copykind: secretname: example-azure-connector-secretdescription: example-azure-connector-secret descriptiontags: {}type: azure-connectordata:code: CODEurl: "URL"
copy{"kind": "secret","name": "example-azure-sdk-secret","description": "example-azure-sdk-secret","tags": {},"type": "azure-sdk","data": "{\"subscriptionId\":\"2cd8674e-4f89-4a1f-b420-7a1361b46ef7\",\"tenantId\":\"292f5674-c8b0-488b-9ff8-6d30d77f38d9\",\"clientId\":\"649846ce-d862-49d5-a5eb-7d5aad90f54e\",\"clientSecret\":\"cpln\"}"}
copykind: secretname: example-azure-sdk-secretdescription: example-azure-sdk-secrettags: {}type: azure-sdkdata: >-{"subscriptionId":"2cd8674e-4f89-4a1f-b420-7a1361b46ef7","tenantId":"292f5674-c8b0-488b-9ff8-6d30d77f38d9","clientId":"649846ce-d862-49d5-a5eb-7d5aad90f54e","clientSecret":"cpln"}
copy{"kind": "secret","name": "example-dictionary-secret","description": "example-dictionary-secret description","tags": {},"type": "dictionary","data": {"key01": "value01","key02": "value02"}}
copykind: secretname: example-dictionary-secretdescription: example-dictionary-secret descriptiontags: {}type: dictionarydata:key01: value01key02: value02
copy{"kind": "secret","name": "example-docker-secret","description": "example-docker-secret description","tags": {},"type": "docker","data": "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"USERNAME\",\"password\":\"PASSWORD\"}}}"}
copykind: secretname: example-docker-secretdescription: example-docker-secret descriptiontags: {}type: dockerdata: >-{"auths":{"https://index.docker.io/v1/":{"username":"USERNAME","password":"PASSWORD"}}}
copy{"kind": "secret","name": "example-ecr-secret","description": "example-ecr-secret description","tags": {},"type": "ecr","data": {"accessKey": "AKIA_ACCESS_KEY","repos": ["015716931711.dkr.ecr.us-west-2.amazonaws.com/repo"],"secretKey": "SECRET_KEY","externalId": "EXTERNAL_ID"}}
copykind: secretname: example-ecr-secretdescription: example-ecr-secret descriptiontags: {}data:accessKey: AKIA_ACCESS_KEYrepos:- 015716931711.dkr.ecr.us-west-2.amazonaws.com/reposecretKey: SECRET_KEYexternalId: EXTERNAL_ID
copy{"kind": "secret","name": "example-gcp-secret","description": "example-gcp-secret description","tags": {},"type": "gcp","data": "{\"type\":\"gcp\",\"project_id\":\"cpln12345\",\"private_key_id\":\"pvt_key\",\"private_key\":\"key\",\"client_email\":\"support@cpln.io\",\"client_id\":\"12744\",\"auth_uri\":\"cloud.google.com\",\"token_uri\":\"token.cloud.google.com\",\"auth_provider_x509_cert_url\":\"cert.google.com\",\"client_x509_cert_url\":\"cert.google.com\"}"}
copykind: secretname: example-gcp-secretdescription: example-gcp-secret descriptiontags: {}type: gcpdata: >-{"type":"gcp","project_id":"cpln12345","private_key_id":"pvt_key","private_key":"key","client_email":"support@cpln.io","client_id":"12744","auth_uri":"cloud.google.com","token_uri":"token.cloud.google.com","auth_provider_x509_cert_url":"cert.google.com","client_x509_cert_url":"cert.google.com"}
NOTE: The example below uses a self-signed certificate. Do not use for production.
copy{"kind": "secret","name": "example-keypair-secret","description": "example-keypair-secret description","tags": {},"type": "keypair","data": {"passphrase": "cpln","publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVyExI0uvRmwCAKFHiv\nbaAcPMcKJDa6f6TtaVo2p8jyfEhVwDTmR3FUrDDZAjh0Q8G/Up8Ob3+IJafNymCO\nBhUKou+8ie7guqsbU9JrT0Zos1k/pd0aVfnAR0EpW3es/7fdkWUszU0uweeEj22m\nXMlLplnqqoYOGAhuNMqGsZwBr36Bxq9EeB2O79QsAFDNkPVg7xIaYKn32j69o0Zr\nryYI8xqOYYy5Dw6CX+++YYLYiR/PkLYJTVAsxXeqyltCfb3Iv7vN5HrfoYBhndr3\nNxBPkcIJZeh3Z+QzfJ5U+bB5fP/aOsEk5bPbtLzylj2KnOOM/ZxXJtOcu0xtJLd3\nXwIDAQAB\n-----END PUBLIC KEY-----\n","secretKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,9A26BB15304B18E7\n\nZdBgMExsvIJEsIFDMQ02xh4nDnhXEGUNu7LiWIZjn9WS6QB2jApyOFOBWmp0lK6L\ndIJ+Mb8wMeHtkiKS6ZbYeea8M29kwEejZRnKl1Wq0EFycdwbONtbcbjzF+tQGEBT\ngQQgkY7wjDWl8HwjFEA+NUuitzi6uI2xWlQpFdUrmqJAZCbxNFa0aM8nW6jnitvP\n616ps3HjLnWCjoyqS4hWxiWmt+VE3KruPnUVVV7bWlzc6jnoZcSaeqeaoQrNKguH\nte2iBIMdY/uldb7Ik2Kxr2+kBRmV4YNkp1EelNi/m39VcoUHJLk1jLldzuINhbi2\nIRqYZe4EEMSYdb3TkSosXa64Sz7jMBz5AxlA0n78FKlB9G5FAxaXcVYNQIlvzCbw\nuXPbQd/UYKUuEI1Yn8OmGBN5xcOdgWz8hfyxA2Hq1tmo1XN6snavGe7TKbZd70N+\n1yFbclB2T1z8fPcLwUZUxOl4g2DoMMHIzCSPaIe/otT8389k4H6hEulLis4lW0p3\nqopL5kdpxmSGgXsX6q6CUFb/0cw9HskNT3zbzKLx2MzjFCo93IB07UxPwkCD2kb1\nsLKMcpTC8a0vLaTVNYgDX7wW/YjBrCokaqk0z1whuN6iSReOtvmu5ybrq1Ksg8UQ\nyvCSScM/+muKi+gbEOskQs4Ph3ZLHqAX3/XYoyBcFnPNxVHTIa5Dcju6h5gl1/uY\n6tkRsHDr0Lzy8pd6jjf/ApPf9ypCuxKUO1q8PzPg2E4bmEFxc8zOB2NLvfPgFrUR\n0Sbkapv/6x6nNRw75cu69c5we/atip6wst8J1MSU0fTqb6bZ3TF2pDyNEOkdkvoZ\nYZ0r3hUytdT0pImoDLKoyy17mtHLLApzHyIgmR3cqtSt07ncmC5lyEBcZBrQXMa8\naZeOr8iUWQE/q+4BvoxeKsOD6ttKuFnrgl0rmMnYQsSyLJOPizrU4L1d1HMIKswm\niW+Rg7xlWmQg95m8XEWTjAb3tuNz/tGXC7Qa88HvC7YfyG69yM61oPsT83YnxcBT\nC/X67lSFTYguFa3HgDZpjGq7Hc/Q7nhaoqNMEs01O6jbcmrue8IIa2FH1tTwPN0W\nD7JefjCQjEghue2mjc0fovOGe9A9jvWf+gJHF3vRtFa67uQiQxge9zUzpHyVNpOj\nVe0y0HvibNTd6TSCArctJpIcwpjO3MTT5LBJ1p/8v4b4+knEKD2c69jumNbKGbWr\nWjq39M/MGNUO5SbZMO3gFCt6fgtXkOktH9pJ9iOQpYKgl7QTe2qQygfWkIm0EZRN\n6EaQdNNKgENWicpKyKQ4BxoY1LYAHFHJ95VisLf3KmmOF5MwajADZQT/yth3gvht\nxx21b9iudcgq/CRccSvfIPIWZKi6oaqNIXK+E3DQd40TUopLsBWzacTZn9maSZtW\nRyAY1TkRn1qDR2soyhBcihrX5PZ83jnOlM3XTdfF1784g8zB9ooDnK7mUKueH1W3\nhWFADMUF7uaBbo5EZ9sE+dFPzWPJLhu2j67a1iHmByqEvFY64lzq7VwwU/GE8JdA\n85oEkhg1ZEPJp3OYTQfPI/CC/2fc93Exf6wmaXuss8AHehuGcKQniOZmFOKOBprv\n-----END RSA PRIVATE KEY-----"}}
NOTE: The example below uses a self-signed certificate. Do not use for production.
copykind: secretname: example-keypair-secretdescription: example-keypair-secret secrettags: {}type: keypairdata:passphrase: cplnpublicKey: |-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVyExI0uvRmwCAKFHivbaAcPMcKJDa6f6TtaVo2p8jyfEhVwDTmR3FUrDDZAjh0Q8G/Up8Ob3+IJafNymCOBhUKou+8ie7guqsbU9JrT0Zos1k/pd0aVfnAR0EpW3es/7fdkWUszU0uweeEj22mXMlLplnqqoYOGAhuNMqGsZwBr36Bxq9EeB2O79QsAFDNkPVg7xIaYKn32j69o0ZrryYI8xqOYYy5Dw6CX+++YYLYiR/PkLYJTVAsxXeqyltCfb3Iv7vN5HrfoYBhndr3NxBPkcIJZeh3Z+QzfJ5U+bB5fP/aOsEk5bPbtLzylj2KnOOM/ZxXJtOcu0xtJLd3XwIDAQAB-----END PUBLIC KEY-----secretKey: |------BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,9A26BB15304B18E7ZdBgMExsvIJEsIFDMQ02xh4nDnhXEGUNu7LiWIZjn9WS6QB2jApyOFOBWmp0lK6LdIJ+Mb8wMeHtkiKS6ZbYeea8M29kwEejZRnKl1Wq0EFycdwbONtbcbjzF+tQGEBTgQQgkY7wjDWl8HwjFEA+NUuitzi6uI2xWlQpFdUrmqJAZCbxNFa0aM8nW6jnitvP616ps3HjLnWCjoyqS4hWxiWmt+VE3KruPnUVVV7bWlzc6jnoZcSaeqeaoQrNKguHte2iBIMdY/uldb7Ik2Kxr2+kBRmV4YNkp1EelNi/m39VcoUHJLk1jLldzuINhbi2IRqYZe4EEMSYdb3TkSosXa64Sz7jMBz5AxlA0n78FKlB9G5FAxaXcVYNQIlvzCbwuXPbQd/UYKUuEI1Yn8OmGBN5xcOdgWz8hfyxA2Hq1tmo1XN6snavGe7TKbZd70N+1yFbclB2T1z8fPcLwUZUxOl4g2DoMMHIzCSPaIe/otT8389k4H6hEulLis4lW0p3qopL5kdpxmSGgXsX6q6CUFb/0cw9HskNT3zbzKLx2MzjFCo93IB07UxPwkCD2kb1sLKMcpTC8a0vLaTVNYgDX7wW/YjBrCokaqk0z1whuN6iSReOtvmu5ybrq1Ksg8UQyvCSScM/+muKi+gbEOskQs4Ph3ZLHqAX3/XYoyBcFnPNxVHTIa5Dcju6h5gl1/uY6tkRsHDr0Lzy8pd6jjf/ApPf9ypCuxKUO1q8PzPg2E4bmEFxc8zOB2NLvfPgFrUR0Sbkapv/6x6nNRw75cu69c5we/atip6wst8J1MSU0fTqb6bZ3TF2pDyNEOkdkvoZYZ0r3hUytdT0pImoDLKoyy17mtHLLApzHyIgmR3cqtSt07ncmC5lyEBcZBrQXMa8aZeOr8iUWQE/q+4BvoxeKsOD6ttKuFnrgl0rmMnYQsSyLJOPizrU4L1d1HMIKswmiW+Rg7xlWmQg95m8XEWTjAb3tuNz/tGXC7Qa88HvC7YfyG69yM61oPsT83YnxcBTC/X67lSFTYguFa3HgDZpjGq7Hc/Q7nhaoqNMEs01O6jbcmrue8IIa2FH1tTwPN0WD7JefjCQjEghue2mjc0fovOGe9A9jvWf+gJHF3vRtFa67uQiQxge9zUzpHyVNpOjVe0y0HvibNTd6TSCArctJpIcwpjO3MTT5LBJ1p/8v4b4+knEKD2c69jumNbKGbWrWjq39M/MGNUO5SbZMO3gFCt6fgtXkOktH9pJ9iOQpYKgl7QTe2qQygfWkIm0EZRN6EaQdNNKgENWicpKyKQ4BxoY1LYAHFHJ95VisLf3KmmOF5MwajADZQT/yth3gvhtxx21b9iudcgq/CRccSvfIPIWZKi6oaqNIXK+E3DQd40TUopLsBWzacTZn9maSZtWRyAY1TkRn1qDR2soyhBcihrX5PZ83jnOlM3XTdfF1784g8zB9ooDnK7mUKueH1W3hWFADMUF7uaBbo5EZ9sE+dFPzWPJLhu2j67a1iHmByqEvFY64lzq7VwwU/GE8JdA85oEkhg1ZEPJp3OYTQfPI/CC/2fc93Exf6wmaXuss8AHehuGcKQniOZmFOKOBprv-----END RSA PRIVATE KEY-----
copy{"kind": "secret","name": "example-opaque-secret","description": "example-opaque-secret","tags": {},"type": "opaque","data": {"encoding": "plain","payload": "sample payload"}}
copykind: secretname: example-opaque-secretdescription: example-opaque-secret descriptiontags: {}type: opaquedata:encoding: plainpayload: sample payload
copy{"kind": "secret","name": "example-tls-secret","description": "example-tls-secret description","tags": {},"type": "tls","data": {"cert": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t","chain": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t","key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBzN2jRf9ouoF4\nXG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvN\nrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWn\npvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88IN\nbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBi\nL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/l\njq0e1j69AgMBAAECggEAPGhrPZV4A2D/MlE9AhLMRYh7wd4w4tHiEWUOG0kank/g\nZhc0iK5WQmbq31y34GXHhInsThpCs5AIYFh3HSXwjS2udsKRQKxmDjH4nzldp2uX\n3w9Aoiy29GP4wZoCyRBGUZxfH1cQhOazXgrBm6vbPZRldD4nMer0R+BIamWEsIYD\nYjDj1pT0noLUSeqoLmGxSQ4DNIBQVZB/T8ziMcEzl6bhprT0QrapJSyD2CtA8tH1\nZ8cyhmyE0CUvSkV4K2ecvVukWBJvrAYc6euPAnkS5LJrQotI5+3jJO2QawOlL6Uw\nrFWBpgBrCgbzquMRpDCQ/J9/GDYaZjim4YdonboBgQKBgQD7jx3CVnG4LDz198am\nspmPwKCW1ke6PhlG7zf3YR00xg9vPBYiy4obb1Jg6em1wr+iZ0dEt8fimeZXewBf\nLzlrR8T1Or0eLzfbn+GlLIKGKhn2pKB/i1iolkfIonchqXRk9WNx+PzjgUqiYWRC\n/1tH2BsODlVrzKL2lnbWKNIFdQKBgQDFOLedpMeYemLhrsU1TXGt1xTxAbWvOCyt\nvig/huyz4SQENXyu3ImPzxIxpTHxKhUaXo/qFXn0jhqnf0LfWI4nbQUbkivb5BPr\nKY9aj7XwwsY4MXW5C12Qi0lIwHOWCmfzvyS7TCMqnQb7sT4Mjmm4ydEbiI1TjlFJ\nD/RFxzcDKQKBgQCehPcJyZNrrWTU0sh5rz4ZWhdYNbuJXyxqiMBJwQa4hL6hJ8oD\nLyPeWe4daAmAIjLEUjSU1wK8hqKiKb54PLgAJH+20MbvyG14lm2Iul2d0dX+mIsT\nFGpQAjNF+Sr9KV1RaVi7L12ct5KidKDLn0KUKVgTKXEmtxNSNEq6dYqzKQKBgDI8\nzljzvnwSwNloIYgAYDK+FPGHU/Z8QrVHOQ1lmyn+8aO41DfeqZPeVW4b/GrII3QC\nHnqsWdJ32EZOXoRyFFPqq2BojY+Hu6MthPy2msvncYKi5q/qOz00nchQbaEMqYon\naH3lWRfjxAGdFocwR7HwhrmSwR1FpWMNE1Yq9tJxAoGBANc0nZSy5ZlTiMWdRrTt\ngFc9N/jz8OL6qLrJtX2Axyv7Vv8H/gbDg4olLR+Io38M0S1WwEHsaIJLIvJ6msjl\n/LlseAW6oiO6jzhWEr0VQSLkuJn45hG/uy7t19SDuNR7W5NuEr0YbWd6fZEpR7RR\nS1hFKnRRcrVqA+HjWnZ//BGi\n-----END PRIVATE KEY-----"}}
copykind: secretname: example-tls-secretdescription: example-tls-secret descriptiontags: {}type: tlsdata:cert: |------BEGIN CERTIFICATE-----MIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcxEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5pbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTALBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlvMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1UdDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9Ly8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQArsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4ChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qDwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdDu2ZCis/EwXsqRJPkIPnL-----END CERTIFICATE-----chain: |------BEGIN CERTIFICATE-----MIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcxEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5pbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTALBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlvMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1UdDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9Ly8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQArsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4ChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qDwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdDu2ZCis/EwXsqRJPkIPnL-----END CERTIFICATE-----key: |------BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAECggEAPGhrPZV4A2D/MlE9AhLMRYh7wd4w4tHiEWUOG0kank/gZhc0iK5WQmbq31y34GXHhInsThpCs5AIYFh3HSXwjS2udsKRQKxmDjH4nzldp2uX3w9Aoiy29GP4wZoCyRBGUZxfH1cQhOazXgrBm6vbPZRldD4nMer0R+BIamWEsIYDYjDj1pT0noLUSeqoLmGxSQ4DNIBQVZB/T8ziMcEzl6bhprT0QrapJSyD2CtA8tH1Z8cyhmyE0CUvSkV4K2ecvVukWBJvrAYc6euPAnkS5LJrQotI5+3jJO2QawOlL6UwrFWBpgBrCgbzquMRpDCQ/J9/GDYaZjim4YdonboBgQKBgQD7jx3CVnG4LDz198amspmPwKCW1ke6PhlG7zf3YR00xg9vPBYiy4obb1Jg6em1wr+iZ0dEt8fimeZXewBfLzlrR8T1Or0eLzfbn+GlLIKGKhn2pKB/i1iolkfIonchqXRk9WNx+PzjgUqiYWRC/1tH2BsODlVrzKL2lnbWKNIFdQKBgQDFOLedpMeYemLhrsU1TXGt1xTxAbWvOCytvig/huyz4SQENXyu3ImPzxIxpTHxKhUaXo/qFXn0jhqnf0LfWI4nbQUbkivb5BPrKY9aj7XwwsY4MXW5C12Qi0lIwHOWCmfzvyS7TCMqnQb7sT4Mjmm4ydEbiI1TjlFJD/RFxzcDKQKBgQCehPcJyZNrrWTU0sh5rz4ZWhdYNbuJXyxqiMBJwQa4hL6hJ8oDLyPeWe4daAmAIjLEUjSU1wK8hqKiKb54PLgAJH+20MbvyG14lm2Iul2d0dX+mIsTFGpQAjNF+Sr9KV1RaVi7L12ct5KidKDLn0KUKVgTKXEmtxNSNEq6dYqzKQKBgDI8zljzvnwSwNloIYgAYDK+FPGHU/Z8QrVHOQ1lmyn+8aO41DfeqZPeVW4b/GrII3QCHnqsWdJ32EZOXoRyFFPqq2BojY+Hu6MthPy2msvncYKi5q/qOz00nchQbaEMqYonaH3lWRfjxAGdFocwR7HwhrmSwR1FpWMNE1Yq9tJxAoGBANc0nZSy5ZlTiMWdRrTtgFc9N/jz8OL6qLrJtX2Axyv7Vv8H/gbDg4olLR+Io38M0S1WwEHsaIJLIvJ6msjl/LlseAW6oiO6jzhWEr0VQSLkuJn45hG/uy7t19SDuNR7W5NuEr0YbWd6fZEpR7RRS1hFKnRRcrVqA+HjWnZ//BGi-----END PRIVATE KEY-----
copy{"kind": "secret","name": "example-username-secret","description": "example-username-secret description","tags": {},"type": "userpass","data": {"encoding": "plain","password": "PASSWORD","username": "USERNAME"}}
copykind: secretname: sample-usernamedescription: sample-usernametags: {}type: userpassdata:encoding: plainpassword: PASSWORDusername: USERNAME
See the Group Query Rules reference page for details on how to create a query.
copy{"kind": "group","name": "example-group","description": "example-group description","tags": {},"memberLinks": ["/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME","/org/ORG_NAME/user/USER_EMAIL","/org/ORG_NAME/user/USER_EMAIL"],"memberQuery": {"kind": "user","fetch": "items","spec": {"match": "all","terms": [{"op": "=","tag": "test-tag","value": "test-value"}]}}}
copykind: groupname: example-groupdescription: example-group descriptiontags: {}memberLinks:- /org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME- /org/ORG_NAME/user/USER_EMAIL- /org/ORG_NAME/user/USER_EMAILmemberQuery:kind: userfetch: itemsspec:match: allterms:- op: "="tag: testvalue: "1234"
The first example shows a policy for an explict secret ('targetLinks') that contain a binding for all four of the principal types with the 'edit' and 'manage' permissions.
The second example shows a policy that targets all secrets within the org. When the target key is set to all
, the targetLinks
and
targetQuery
properties are not evaluated.
Each 'targetKind' has its own unique set of binding permissions. The permissions can be obtained by:
cpln secret permissions
), orcopy{"kind": "policy","name": "example-policy-explicit","description": "example-policy description","tags": {},"targetKind": "secret","bindings": [{"permissions": ["edit", "manage"],"principalLinks": ["/org/ORG_NAME/group/GROUP_NAME","/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME","/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME","/org/ORG_NAME/user/USER_EMAIL"]}],"targetLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],"targetQuery": {"kind": "secret","fetch": "items","spec": {"match": "all","terms": [{"op": "=","tag": "example-tag","value": "example-value"}]}}}
copykind: policyname: example-policy-explicitdescription: example-policy descriptiontags: {}origin: defaultbindings:- permissions:- edit- manageprincipalLinks:- /org/ORG_NAME/group/GROUP_NAME- /org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME- /org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME- /org/ORG_NAME/user/USER_EMAILtargetKind: secrettargetLinks:- /org/ORG_NAME/secret/SECRET_NAMEtargetQuery:kind: secretfetch: itemsspec:match: allterms:- op: "="tag: example-tagvalue: example-value
copy{"kind": "policy","name": "example-policy-all","description": "example-policy-all description","tags": {},"targetKind": "secret","target": "all","bindings": [{"permissions": ["edit", "manage"],"principalLinks": ["/org/ORG_NAME/group/GROUP_NAME","/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME","/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME","/org/ORG_NAME/user/USER_EMAIL"]}]}
copykind: policyname: example-policy-alldescription: example-policy-all descriptiontags: {}targetKind: secrettarget: allbindings:- permissions:- edit- manageprincipalLinks:- /org/terraform-test-org/group/test- /org/terraform-test-org/gvc/toolbox-gvc/identity/tbd- /org/terraform-test-org/serviceaccount/tbd- /org/terraform-test-org/user/eric@controlplane.com