cpln apply

Overview

The CLI apply command is used to automate the management of Control Plane resources using JSON or YAML metadata as input.

This automation can be used for:

TIP

Using cpln apply is a good way to leverage the CLI in an idempotent manner.

The usage, limitations, and example templates are described below.

Using the CLI

Using the CLI, the apply command is called by executing:

copy
cpln apply --file FILE_NAME [OPTIONS]

The FILE_NAME can be either a JSON or YAML file containing the resource metadata.

A file containing an Identity or Workload resource requires the --gvc flag.

Click here to view the CLI reference page for the apply command.

Using the Console

The console has the ability to upload a JSON or YAML file and process it using cpln apply. The functionality is the same as using the CLI. To upload the file, click the cpln apply button in the upper right corner of the console. A modal will be displayed containing the upload instructions.

A file containing an Identity or Workload resource will be executed in the scope of the currently selected GVC.

Multiple Resources

The apply command can accept a YAML file containing multiple resources. Each resource must be separated using ---.

If a resource has a reference to another resource (e.g., a workload refers to a GVC), the referenced resource must be defined in its own file and processed in order.

Renaming of Resources

If the name of an exisiting resource is changed, the cpln apply command will create a new resource.

NOTE: Any orphaned resources will need to be manually deleted.

Limitations

  • To create an agent, use the console or the CLI agent command to obtain the bootstrap config data. Using the cpln apply command from the CLI or console does not output the config data.
  • Before creating a cloud account, additional configuration is required at the target cloud provider. Refer to the Create Cloud Account guide for instructions.
  • Before creating a domain, the required DNS entries must exist. Refer to the Configure a Domain guide for instructions.

Generate Sample Input

Samples of existing resources can be generated using the console or the CLI. These samples can assist when defining resources for your application.

Using the console:

  • After selecting a resource, there will be an Export pull down button in the upper right corner.
  • Select JSON or YAML to download the file.

Using the CLI:

  • Using the get command for each resource, the -o flag can output the resource as JSON or YAML.
  • For example: The command cpln gvc get GVC_NAME -o yaml --org ORG_NAME will output the GVC_NAME as YAML.

Use in GitOps

The apply command can be used to manage Control Plane resources as part of a CI/CD pipeline.

Refer to the GitOps CLI documentation for additional information.

Example Templates

The examples below can be used as templates when creating your own metadata files.

These files can be download here.

GVC

GVC Reference Page


GVC - JSON
copy
{
"kind": "gvc",
"name": "example-gvc",
"description": "example-gvc description",
"tags": {
"tag1": "value1"
},
"spec": {
"pullSecretLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],
"staticPlacement": {
"locationLinks": [
"/org/ORG_NAME/location/aws-eu-central-1",
"/org/ORG_NAME/location/aws-us-west-2",
"/org/ORG_NAME/location/azure-eastus2",
"/org/ORG_NAME/location/gcp-us-east1"
]
}
}
}
GVC - YAML
copy
kind: gvc
name: example-gvc
description: example-gvc description
tags:
tag1: value1
spec:
pullSecretLinks:
- /org/ORG_NAME/secret/SECRET_NAME
staticPlacement:
locationLinks:
- /org/ORG_NAME/location/aws-eu-central-1
- /org/ORG_NAME/location/aws-us-west-2
- /org/ORG_NAME/location/azure-eastus2
- /org/ORG_NAME/location/gcp-us-east1

Cloud Accounts

Cloud Accounts Reference Page


Cloud Account - AWS - JSON
copy
{
"kind": "cloudaccount",
"name": "example-aws-cloud-account",
"description": "example-aws-cloud-account description",
"tags": {},
"provider": "aws",
"data": {
"roleArn": "ROLE_ARN"
}
}
Cloud Account - AWS - YAML
copy
kind: cloudaccount
name: example-aws-cloud-account
description: example-aws-cloud-account description
tags: {}
provider: aws
data:
roleArn: "ROLE_ARN"
Cloud Account - Azure - JSON
copy
{
"kind": "cloudaccount",
"name": "example-azure-cloud-account",
"description": "example-azure-cloud-account description",
"tags": {},
"provider": "azure",
"data": {
"secretLink": "/org/ORG_NAME/secret/AZURE_SECRET"
}
}
Cloud Account - Azure - YAML
copy
kind: cloudaccount
name: example-azure-cloud-account
description: example-azure-cloud-account description
tags: {}
provider: azure
data:
secretLink: /org/ORG_NAME/secret/AZURE_SECRET
Cloud Account - GCP - JSON
copy
{
"kind": "cloudaccount",
"name": "example-gcp-cloud-account",
"description": "example-gcp-cloud-account description",
"tags": {},
"provider": "gcp",
"data": {
"projectId": "PROJECT_ID"
}
}
Cloud Account - GCP - YAML
copy
kind: cloudaccount
name: example-gcp-cloud-account
description: example-gcp-cloud-account description
tags: {}
provider: gcp
data:
projectId: PROJECT_ID

Domains

Domain Reference Page


Domain - JSON
copy
{
"kind": "domain",
"name": "sub.example.com",
"description": "domain description",
"tags": {}
}
Domain - YAML
copy
kind: domain
name: sub.example.com
description: domain description
tags: {}

Secrets

Secrets Reference Page


Secret - AWS - JSON
copy
{
"kind": "secret",
"name": "example-aws-secret",
"description": "example-aws-secret description",
"tags": {},
"type": "aws",
"data": {
"accessKey": "AKIAIOSFODNN7EXAMPLE",
"roleArn": "arn:awskey",
"secretKey": "AKIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
}
Secret - AWS - YAML
copy
kind: secret
name: example-aws-secret
description: example-aws-secret description
tags: {}
type: aws
data:
accessKey: AKIAIOSFODNN7EXAMPLE
roleArn: "arn:awskey"
secretKey: AKIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Secret - Azure Connector - JSON
copy
{
"kind": "secret",
"name": "example-azure-connector-secret",
"description": "example-azure-connector-secret description",
"tags": {},
"type": "azure-connector",
"data": {
"code": "CODE",
"url": "URL"
}
}
Secret - Azure Connector - YAML
copy
kind: secret
name: example-azure-connector-secret
description: example-azure-connector-secret description
tags: {}
type: azure-connector
data:
code: CODE
url: "URL"
Secret - Azure-SDK - JSON
copy
{
"kind": "secret",
"name": "example-azure-sdk-secret",
"description": "example-azure-sdk-secret",
"tags": {},
"type": "azure-sdk",
"data": "{\"subscriptionId\":\"2cd8674e-4f89-4a1f-b420-7a1361b46ef7\",\"tenantId\":\"292f5674-c8b0-488b-9ff8-6d30d77f38d9\",\"clientId\":\"649846ce-d862-49d5-a5eb-7d5aad90f54e\",\"clientSecret\":\"cpln\"}"
}
Secret - Azure-SDK - YAML
copy
kind: secret
name: example-azure-sdk-secret
description: example-azure-sdk-secret
tags: {}
type: azure-sdk
data: >-
{"subscriptionId":"2cd8674e-4f89-4a1f-b420-7a1361b46ef7","tenantId":"292f5674-c8b0-488b-9ff8-6d30d77f38d9","clientId":"649846ce-d862-49d5-a5eb-7d5aad90f54e","clientSecret":"cpln"}
Secret - Dictionary - JSON
copy
{
"kind": "secret",
"name": "example-dictionary-secret",
"description": "example-dictionary-secret description",
"tags": {},
"type": "dictionary",
"data": {
"key01": "value01",
"key02": "value02"
}
}
Secret - Dictionary - YAML
copy
kind: secret
name: example-dictionary-secret
description: example-dictionary-secret description
tags: {}
type: dictionary
data:
key01: value01
key02: value02
Secret - Docker - JSON
copy
{
"kind": "secret",
"name": "example-docker-secret",
"description": "example-docker-secret description",
"tags": {},
"type": "docker",
"data": "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"USERNAME\",\"password\":\"PASSWORD\"}}}"
}
Secret - Docker - YAML
copy
kind: secret
name: example-docker-secret
description: example-docker-secret description
tags: {}
type: docker
data: >-
{"auths":{"https://index.docker.io/v1/":{"username":"USERNAME","password":"PASSWORD"}}}
Secret - ECR - JSON
copy
{
"kind": "secret",
"name": "example-ecr-secret",
"description": "example-ecr-secret description",
"tags": {},
"type": "ecr",
"data": {
"accessKey": "AKIA_ACCESS_KEY",
"repos": ["015716931711.dkr.ecr.us-west-2.amazonaws.com/repo"],
"secretKey": "SECRET_KEY"
}
}
Secret - ECR - YAML
copy
kind: secret
name: example-ecr-secret
description: example-ecr-secret description
tags: {}
data:
accessKey: AKIA_ACCESS_KEY
repos:
- 015716931711.dkr.ecr.us-west-2.amazonaws.com/repo
secretKey: SECRET_KEY
Secret - GCP - JSON
copy
{
"kind": "secret",
"name": "example-gcp-secret",
"description": "example-gcp-secret description",
"tags": {},
"type": "gcp",
"data": "{\"type\":\"gcp\",\"project_id\":\"cpln12345\",\"private_key_id\":\"pvt_key\",\"private_key\":\"key\",\"client_email\":\"support@cpln.io\",\"client_id\":\"12744\",\"auth_uri\":\"cloud.google.com\",\"token_uri\":\"token.cloud.google.com\",\"auth_provider_x509_cert_url\":\"cert.google.com\",\"client_x509_cert_url\":\"cert.google.com\"}"
}
Secret - GCP - YAML
copy
kind: secret
name: example-gcp-secret
description: example-gcp-secret description
tags: {}
type: gcp
data: >-
{"type":"gcp","project_id":"cpln12345","private_key_id":"pvt_key","private_key":"key","client_email":"support@cpln.io","client_id":"12744","auth_uri":"cloud.google.com","token_uri":"token.cloud.google.com","auth_provider_x509_cert_url":"cert.google.com","client_x509_cert_url":"cert.google.com"}
Secret - KeyPair - JSON

NOTE: The example below uses a self-signed certificate. Do not use for production.

copy
{
"kind": "secret",
"name": "example-keypair-secret",
"description": "example-keypair-secret description",
"tags": {},
"type": "keypair",
"data": {
"passphrase": "cpln",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVyExI0uvRmwCAKFHiv\nbaAcPMcKJDa6f6TtaVo2p8jyfEhVwDTmR3FUrDDZAjh0Q8G/Up8Ob3+IJafNymCO\nBhUKou+8ie7guqsbU9JrT0Zos1k/pd0aVfnAR0EpW3es/7fdkWUszU0uweeEj22m\nXMlLplnqqoYOGAhuNMqGsZwBr36Bxq9EeB2O79QsAFDNkPVg7xIaYKn32j69o0Zr\nryYI8xqOYYy5Dw6CX+++YYLYiR/PkLYJTVAsxXeqyltCfb3Iv7vN5HrfoYBhndr3\nNxBPkcIJZeh3Z+QzfJ5U+bB5fP/aOsEk5bPbtLzylj2KnOOM/ZxXJtOcu0xtJLd3\nXwIDAQAB\n-----END PUBLIC KEY-----\n",
"secretKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,9A26BB15304B18E7\n\nZdBgMExsvIJEsIFDMQ02xh4nDnhXEGUNu7LiWIZjn9WS6QB2jApyOFOBWmp0lK6L\ndIJ+Mb8wMeHtkiKS6ZbYeea8M29kwEejZRnKl1Wq0EFycdwbONtbcbjzF+tQGEBT\ngQQgkY7wjDWl8HwjFEA+NUuitzi6uI2xWlQpFdUrmqJAZCbxNFa0aM8nW6jnitvP\n616ps3HjLnWCjoyqS4hWxiWmt+VE3KruPnUVVV7bWlzc6jnoZcSaeqeaoQrNKguH\nte2iBIMdY/uldb7Ik2Kxr2+kBRmV4YNkp1EelNi/m39VcoUHJLk1jLldzuINhbi2\nIRqYZe4EEMSYdb3TkSosXa64Sz7jMBz5AxlA0n78FKlB9G5FAxaXcVYNQIlvzCbw\nuXPbQd/UYKUuEI1Yn8OmGBN5xcOdgWz8hfyxA2Hq1tmo1XN6snavGe7TKbZd70N+\n1yFbclB2T1z8fPcLwUZUxOl4g2DoMMHIzCSPaIe/otT8389k4H6hEulLis4lW0p3\nqopL5kdpxmSGgXsX6q6CUFb/0cw9HskNT3zbzKLx2MzjFCo93IB07UxPwkCD2kb1\nsLKMcpTC8a0vLaTVNYgDX7wW/YjBrCokaqk0z1whuN6iSReOtvmu5ybrq1Ksg8UQ\nyvCSScM/+muKi+gbEOskQs4Ph3ZLHqAX3/XYoyBcFnPNxVHTIa5Dcju6h5gl1/uY\n6tkRsHDr0Lzy8pd6jjf/ApPf9ypCuxKUO1q8PzPg2E4bmEFxc8zOB2NLvfPgFrUR\n0Sbkapv/6x6nNRw75cu69c5we/atip6wst8J1MSU0fTqb6bZ3TF2pDyNEOkdkvoZ\nYZ0r3hUytdT0pImoDLKoyy17mtHLLApzHyIgmR3cqtSt07ncmC5lyEBcZBrQXMa8\naZeOr8iUWQE/q+4BvoxeKsOD6ttKuFnrgl0rmMnYQsSyLJOPizrU4L1d1HMIKswm\niW+Rg7xlWmQg95m8XEWTjAb3tuNz/tGXC7Qa88HvC7YfyG69yM61oPsT83YnxcBT\nC/X67lSFTYguFa3HgDZpjGq7Hc/Q7nhaoqNMEs01O6jbcmrue8IIa2FH1tTwPN0W\nD7JefjCQjEghue2mjc0fovOGe9A9jvWf+gJHF3vRtFa67uQiQxge9zUzpHyVNpOj\nVe0y0HvibNTd6TSCArctJpIcwpjO3MTT5LBJ1p/8v4b4+knEKD2c69jumNbKGbWr\nWjq39M/MGNUO5SbZMO3gFCt6fgtXkOktH9pJ9iOQpYKgl7QTe2qQygfWkIm0EZRN\n6EaQdNNKgENWicpKyKQ4BxoY1LYAHFHJ95VisLf3KmmOF5MwajADZQT/yth3gvht\nxx21b9iudcgq/CRccSvfIPIWZKi6oaqNIXK+E3DQd40TUopLsBWzacTZn9maSZtW\nRyAY1TkRn1qDR2soyhBcihrX5PZ83jnOlM3XTdfF1784g8zB9ooDnK7mUKueH1W3\nhWFADMUF7uaBbo5EZ9sE+dFPzWPJLhu2j67a1iHmByqEvFY64lzq7VwwU/GE8JdA\n85oEkhg1ZEPJp3OYTQfPI/CC/2fc93Exf6wmaXuss8AHehuGcKQniOZmFOKOBprv\n-----END RSA PRIVATE KEY-----"
}
}
Secret - KeyPair - YAML

NOTE: The example below uses a self-signed certificate. Do not use for production.

copy
kind: secret
name: example-keypair-secret
description: example-keypair-secret secret
tags: {}
type: keypair
data:
passphrase: cpln
publicKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVyExI0uvRmwCAKFHiv
baAcPMcKJDa6f6TtaVo2p8jyfEhVwDTmR3FUrDDZAjh0Q8G/Up8Ob3+IJafNymCO
BhUKou+8ie7guqsbU9JrT0Zos1k/pd0aVfnAR0EpW3es/7fdkWUszU0uweeEj22m
XMlLplnqqoYOGAhuNMqGsZwBr36Bxq9EeB2O79QsAFDNkPVg7xIaYKn32j69o0Zr
ryYI8xqOYYy5Dw6CX+++YYLYiR/PkLYJTVAsxXeqyltCfb3Iv7vN5HrfoYBhndr3
NxBPkcIJZeh3Z+QzfJ5U+bB5fP/aOsEk5bPbtLzylj2KnOOM/ZxXJtOcu0xtJLd3
XwIDAQAB
-----END PUBLIC KEY-----
secretKey: |-
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9A26BB15304B18E7
ZdBgMExsvIJEsIFDMQ02xh4nDnhXEGUNu7LiWIZjn9WS6QB2jApyOFOBWmp0lK6L
dIJ+Mb8wMeHtkiKS6ZbYeea8M29kwEejZRnKl1Wq0EFycdwbONtbcbjzF+tQGEBT
gQQgkY7wjDWl8HwjFEA+NUuitzi6uI2xWlQpFdUrmqJAZCbxNFa0aM8nW6jnitvP
616ps3HjLnWCjoyqS4hWxiWmt+VE3KruPnUVVV7bWlzc6jnoZcSaeqeaoQrNKguH
te2iBIMdY/uldb7Ik2Kxr2+kBRmV4YNkp1EelNi/m39VcoUHJLk1jLldzuINhbi2
IRqYZe4EEMSYdb3TkSosXa64Sz7jMBz5AxlA0n78FKlB9G5FAxaXcVYNQIlvzCbw
uXPbQd/UYKUuEI1Yn8OmGBN5xcOdgWz8hfyxA2Hq1tmo1XN6snavGe7TKbZd70N+
1yFbclB2T1z8fPcLwUZUxOl4g2DoMMHIzCSPaIe/otT8389k4H6hEulLis4lW0p3
qopL5kdpxmSGgXsX6q6CUFb/0cw9HskNT3zbzKLx2MzjFCo93IB07UxPwkCD2kb1
sLKMcpTC8a0vLaTVNYgDX7wW/YjBrCokaqk0z1whuN6iSReOtvmu5ybrq1Ksg8UQ
yvCSScM/+muKi+gbEOskQs4Ph3ZLHqAX3/XYoyBcFnPNxVHTIa5Dcju6h5gl1/uY
6tkRsHDr0Lzy8pd6jjf/ApPf9ypCuxKUO1q8PzPg2E4bmEFxc8zOB2NLvfPgFrUR
0Sbkapv/6x6nNRw75cu69c5we/atip6wst8J1MSU0fTqb6bZ3TF2pDyNEOkdkvoZ
YZ0r3hUytdT0pImoDLKoyy17mtHLLApzHyIgmR3cqtSt07ncmC5lyEBcZBrQXMa8
aZeOr8iUWQE/q+4BvoxeKsOD6ttKuFnrgl0rmMnYQsSyLJOPizrU4L1d1HMIKswm
iW+Rg7xlWmQg95m8XEWTjAb3tuNz/tGXC7Qa88HvC7YfyG69yM61oPsT83YnxcBT
C/X67lSFTYguFa3HgDZpjGq7Hc/Q7nhaoqNMEs01O6jbcmrue8IIa2FH1tTwPN0W
D7JefjCQjEghue2mjc0fovOGe9A9jvWf+gJHF3vRtFa67uQiQxge9zUzpHyVNpOj
Ve0y0HvibNTd6TSCArctJpIcwpjO3MTT5LBJ1p/8v4b4+knEKD2c69jumNbKGbWr
Wjq39M/MGNUO5SbZMO3gFCt6fgtXkOktH9pJ9iOQpYKgl7QTe2qQygfWkIm0EZRN
6EaQdNNKgENWicpKyKQ4BxoY1LYAHFHJ95VisLf3KmmOF5MwajADZQT/yth3gvht
xx21b9iudcgq/CRccSvfIPIWZKi6oaqNIXK+E3DQd40TUopLsBWzacTZn9maSZtW
RyAY1TkRn1qDR2soyhBcihrX5PZ83jnOlM3XTdfF1784g8zB9ooDnK7mUKueH1W3
hWFADMUF7uaBbo5EZ9sE+dFPzWPJLhu2j67a1iHmByqEvFY64lzq7VwwU/GE8JdA
85oEkhg1ZEPJp3OYTQfPI/CC/2fc93Exf6wmaXuss8AHehuGcKQniOZmFOKOBprv
-----END RSA PRIVATE KEY-----
Secret - Opaque - JSON
copy
{
"kind": "secret",
"name": "example-opaque-secret",
"description": "example-opaque-secret",
"tags": {},
"type": "opaque",
"data": {
"encoding": "plain",
"payload": "sample payload"
}
}
Secret - Opaque - YAML
copy
kind: secret
name: example-opaque-secret
description: example-opaque-secret description
tags: {}
type: opaque
data:
encoding: plain
payload: sample payload
Secret - TLS - JSON
copy
{
"kind": "secret",
"name": "example-tls-secret",
"description": "example-tls-secret description",
"tags": {},
"type": "tls",
"data": {
"cert": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t",
"chain": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t",
"key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBzN2jRf9ouoF4\nXG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvN\nrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWn\npvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88IN\nbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBi\nL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/l\njq0e1j69AgMBAAECggEAPGhrPZV4A2D/MlE9AhLMRYh7wd4w4tHiEWUOG0kank/g\nZhc0iK5WQmbq31y34GXHhInsThpCs5AIYFh3HSXwjS2udsKRQKxmDjH4nzldp2uX\n3w9Aoiy29GP4wZoCyRBGUZxfH1cQhOazXgrBm6vbPZRldD4nMer0R+BIamWEsIYD\nYjDj1pT0noLUSeqoLmGxSQ4DNIBQVZB/T8ziMcEzl6bhprT0QrapJSyD2CtA8tH1\nZ8cyhmyE0CUvSkV4K2ecvVukWBJvrAYc6euPAnkS5LJrQotI5+3jJO2QawOlL6Uw\nrFWBpgBrCgbzquMRpDCQ/J9/GDYaZjim4YdonboBgQKBgQD7jx3CVnG4LDz198am\nspmPwKCW1ke6PhlG7zf3YR00xg9vPBYiy4obb1Jg6em1wr+iZ0dEt8fimeZXewBf\nLzlrR8T1Or0eLzfbn+GlLIKGKhn2pKB/i1iolkfIonchqXRk9WNx+PzjgUqiYWRC\n/1tH2BsODlVrzKL2lnbWKNIFdQKBgQDFOLedpMeYemLhrsU1TXGt1xTxAbWvOCyt\nvig/huyz4SQENXyu3ImPzxIxpTHxKhUaXo/qFXn0jhqnf0LfWI4nbQUbkivb5BPr\nKY9aj7XwwsY4MXW5C12Qi0lIwHOWCmfzvyS7TCMqnQb7sT4Mjmm4ydEbiI1TjlFJ\nD/RFxzcDKQKBgQCehPcJyZNrrWTU0sh5rz4ZWhdYNbuJXyxqiMBJwQa4hL6hJ8oD\nLyPeWe4daAmAIjLEUjSU1wK8hqKiKb54PLgAJH+20MbvyG14lm2Iul2d0dX+mIsT\nFGpQAjNF+Sr9KV1RaVi7L12ct5KidKDLn0KUKVgTKXEmtxNSNEq6dYqzKQKBgDI8\nzljzvnwSwNloIYgAYDK+FPGHU/Z8QrVHOQ1lmyn+8aO41DfeqZPeVW4b/GrII3QC\nHnqsWdJ32EZOXoRyFFPqq2BojY+Hu6MthPy2msvncYKi5q/qOz00nchQbaEMqYon\naH3lWRfjxAGdFocwR7HwhrmSwR1FpWMNE1Yq9tJxAoGBANc0nZSy5ZlTiMWdRrTt\ngFc9N/jz8OL6qLrJtX2Axyv7Vv8H/gbDg4olLR+Io38M0S1WwEHsaIJLIvJ6msjl\n/LlseAW6oiO6jzhWEr0VQSLkuJn45hG/uy7t19SDuNR7W5NuEr0YbWd6fZEpR7RR\nS1hFKnRRcrVqA+HjWnZ//BGi\n-----END PRIVATE KEY-----"
}
}
Secret - TLS - YAML
copy
kind: secret
name: example-tls-secret
description: example-tls-secret description
tags: {}
type: tls
data:
cert: |-
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH
DAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx
EDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p
bzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL
BgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv
MR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0
RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9
yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk
PsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr
aetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY
/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud
DgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9
Ly8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr
sDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4
ChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD
wAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M
5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ
YxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD
u2ZCis/EwXsqRJPkIPnL
-----END CERTIFICATE-----
chain: |-
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH
DAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx
EDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p
bzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL
BgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv
MR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0
RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9
yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk
PsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr
aetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY
/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud
DgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9
Ly8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr
sDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4
ChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD
wAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M
5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ
YxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD
u2ZCis/EwXsqRJPkIPnL
-----END CERTIFICATE-----
key: |-
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBzN2jRf9ouoF4
XG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvN
rsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWn
pvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88IN
bBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBi
L2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/l
jq0e1j69AgMBAAECggEAPGhrPZV4A2D/MlE9AhLMRYh7wd4w4tHiEWUOG0kank/g
Zhc0iK5WQmbq31y34GXHhInsThpCs5AIYFh3HSXwjS2udsKRQKxmDjH4nzldp2uX
3w9Aoiy29GP4wZoCyRBGUZxfH1cQhOazXgrBm6vbPZRldD4nMer0R+BIamWEsIYD
YjDj1pT0noLUSeqoLmGxSQ4DNIBQVZB/T8ziMcEzl6bhprT0QrapJSyD2CtA8tH1
Z8cyhmyE0CUvSkV4K2ecvVukWBJvrAYc6euPAnkS5LJrQotI5+3jJO2QawOlL6Uw
rFWBpgBrCgbzquMRpDCQ/J9/GDYaZjim4YdonboBgQKBgQD7jx3CVnG4LDz198am
spmPwKCW1ke6PhlG7zf3YR00xg9vPBYiy4obb1Jg6em1wr+iZ0dEt8fimeZXewBf
LzlrR8T1Or0eLzfbn+GlLIKGKhn2pKB/i1iolkfIonchqXRk9WNx+PzjgUqiYWRC
/1tH2BsODlVrzKL2lnbWKNIFdQKBgQDFOLedpMeYemLhrsU1TXGt1xTxAbWvOCyt
vig/huyz4SQENXyu3ImPzxIxpTHxKhUaXo/qFXn0jhqnf0LfWI4nbQUbkivb5BPr
KY9aj7XwwsY4MXW5C12Qi0lIwHOWCmfzvyS7TCMqnQb7sT4Mjmm4ydEbiI1TjlFJ
D/RFxzcDKQKBgQCehPcJyZNrrWTU0sh5rz4ZWhdYNbuJXyxqiMBJwQa4hL6hJ8oD
LyPeWe4daAmAIjLEUjSU1wK8hqKiKb54PLgAJH+20MbvyG14lm2Iul2d0dX+mIsT
FGpQAjNF+Sr9KV1RaVi7L12ct5KidKDLn0KUKVgTKXEmtxNSNEq6dYqzKQKBgDI8
zljzvnwSwNloIYgAYDK+FPGHU/Z8QrVHOQ1lmyn+8aO41DfeqZPeVW4b/GrII3QC
HnqsWdJ32EZOXoRyFFPqq2BojY+Hu6MthPy2msvncYKi5q/qOz00nchQbaEMqYon
aH3lWRfjxAGdFocwR7HwhrmSwR1FpWMNE1Yq9tJxAoGBANc0nZSy5ZlTiMWdRrTt
gFc9N/jz8OL6qLrJtX2Axyv7Vv8H/gbDg4olLR+Io38M0S1WwEHsaIJLIvJ6msjl
/LlseAW6oiO6jzhWEr0VQSLkuJn45hG/uy7t19SDuNR7W5NuEr0YbWd6fZEpR7RR
S1hFKnRRcrVqA+HjWnZ//BGi
-----END PRIVATE KEY-----
Secret - Username/Password - JSON
copy
{
"kind": "secret",
"name": "example-username-secret",
"description": "example-username-secret description",
"tags": {},
"type": "userpass",
"data": {
"encoding": "plain",
"password": "PASSWORD",
"username": "USERNAME"
}
}
Secret - Username/Password - YAML
copy
kind: secret
name: sample-username
description: sample-username
tags: {}
type: userpass
data:
encoding: plain
password: PASSWORD
username: USERNAME

Groups

Groups Reference Page

See the Group Query Rules reference page for details on how to create a query.


Group - JSON
copy
{
"kind": "group",
"name": "example-group",
"description": "example-group description",
"tags": {},
"memberLinks": [
"/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME",
"/org/ORG_NAME/user/USER_EMAIL",
"/org/ORG_NAME/user/USER_EMAIL"
],
"memberQuery": {
"kind": "user",
"fetch": "items",
"spec": {
"match": "all",
"terms": [
{
"op": "=",
"tag": "test-tag",
"value": "test-value"
}
]
}
}
}
Group - YAML
copy
kind: group
name: example-group
description: example-group description
tags: {}
memberLinks:
- /org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME
- /org/ORG_NAME/user/USER_EMAIL
- /org/ORG_NAME/user/USER_EMAIL
memberQuery:
kind: user
fetch: items
spec:
match: all
terms:
- op: "="
tag: test
value: "1234"

Policies

Policies Reference Page

The first example shows a policy for an explict secret ('targetLinks') that contain a binding for all four of the principal types with the 'edit' and 'manage' permissions.

The second example shows a policy that targets all secrets within the org. When the target key is set to all, the targetLinks and targetQuery properties are not evaluated.

Each 'targetKind' has its own unique set of binding permissons. The permissions can be obtained by:

  1. Running the CLI permissions command (e.g., cpln secret permissions), or
  2. The reference page for each target (e.g. Secret Permissions).

Policy - Explict Secret - JSON
copy
{
"kind": "policy",
"name": "example-policy-explicit",
"description": "example-policy description",
"tags": {},
"targetKind": "secret",
"bindings": [
{
"permissions": ["edit", "manage"],
"principalLinks": [
"/org/ORG_NAME/group/GROUP_NAME",
"/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME",
"/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME",
"/org/ORG_NAME/user/USER_EMAIL"
]
}
],
"targetLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],
"targetQuery": {
"kind": "secret",
"fetch": "items",
"spec": {
"match": "all",
"terms": [
{
"op": "=",
"tag": "example-tag",
"value": "example-value"
}
]
}
}
}
Policy - Explict Secret - YAML
copy
kind: policy
name: example-policy-explicit
description: example-policy description
tags: {}
origin: default
bindings:
- permissions:
- edit
- manage
principalLinks:
- /org/ORG_NAME/group/GROUP_NAME
- /org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME
- /org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME
- /org/ORG_NAME/user/USER_EMAIL
targetKind: secret
targetLinks:
- /org/ORG_NAME/secret/SECRET_NAME
targetQuery:
kind: secret
fetch: items
spec:
match: all
terms:
- op: "="
tag: example-tag
value: example-value
Policy - All Secrets - JSON
copy
{
"kind": "policy",
"name": "example-policy-all",
"description": "example-policy-all description",
"tags": {},
"targetKind": "secret",
"target": "all",
"bindings": [
{
"permissions": ["edit", "manage"],
"principalLinks": [
"/org/ORG_NAME/group/GROUP_NAME",
"/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME",
"/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME",
"/org/ORG_NAME/user/USER_EMAIL"
]
}
]
}
Policy - All Secrets - YAML
copy
kind: policy
name: example-policy-all
description: example-policy-all description
tags: {}
targetKind: secret
target: all
bindings:
- permissions:
- edit
- manage
principalLinks:
- /org/terraform-test-org/group/test
- /org/terraform-test-org/gvc/toolbox-gvc/identity/tbd
- /org/terraform-test-org/serviceaccount/tbd
- /org/terraform-test-org/user/eric@controlplane.com

Copyright © 2021 Control Plane Corporation. All rights reserved. Revision 2233d10a
Contents