cpln apply

Overview

The cpln apply command is used to automate the management of Control Plane resources using JSON or YAML metadata as input. This automation can be used for:

GitOps
Scripting
Testing

Using cpln apply is a good way to leverage the CLI in an idempotent manner.

The usage, limitations, and example templates are described below.

Using the CLI

Using the CLI, the apply command is called by executing:

cpln apply --file FILE_NAME [OPTIONS]

The FILE_NAME is the path for the file and it can be either a JSON or YAML file containing the resource metadata. To apply an Identity, a Volume Set or a Workload resource you need to specify a GVC using one of the following methods.

Specify a gvc within your cpln profile. This will add the gvc to the session context of the profile and will be refered to as the default gvc when executing any future command including the cpln apply command.
```
cpln profile update PROFILE_NAME --gvc GVC_NAME
```
Specify a --gvc flag to the apply command. This will pass the gvc as an option and will override the default gvc that is defined in the profile.
```
cpln apply --file FILE_NAME --gvc GVC_NAME
```

Specify a gvc property in the resource definition within the file you intend to apply.

kind: identity
name: example-identity
description: example-description
tags: {}
gvc: example-gvc

You can specify either a GVC property or use the --gvc flag, but not both.

Click here to view the CLI reference page for the apply command.

Apply a K8s File

The CLI has the ability to convert K8s resources into Control Plane resources. By passing the --k8s true option to the apply command, the K8s resources will be converted and applied.

cpln apply --file FILE_NAME --k8s true

The apply command utilizes the logic of the CLI convert command and then applies the resulting output.

Apply Standard Input

In case you would like to pass Control Plane resources through stdin (Standard Input), use the following command.

CONTROL_PLANE_RESOURCES | cpln apply --file -

This is useful if you want to pass the stdout of a command to the cpln apply command.

Using the Console

The console has the ability to upload a JSON or YAML file or accept a resource definition in JSON or YAML as input. The functionality is the same as using the CLI. To start applying, click the cpln apply button in the upper right corner of the console. A modal will be displayed containing the upload instructions. The cpln apply modal provides the ability to specify in which org and gvc a resource will be executed. The default is your currently selected org and gvc. A file or an input containing an Identity, a Volume Set or a Workload resource will be executed in the scope of the specified gvc in the cpln apply modal. In case a gvc is defined within a resource, the resource will be executed in the scope of that gvc.

Multiple Resources

The apply command can accept a YAML file containing multiple resources. Each resource must be separated using ---. If a resource has a reference to another resource (e.g., a workload refers to a GVC), the referenced resource must be defined in the same file ONLY in case it does not already exist at Control Plane.

Renaming of Resources

If the name of an exisiting resource is changed, the cpln apply command will create a new resource. NOTE: Any orphaned resources will need to be manually deleted.

Limitations

To create an agent, use the console or the CLI agent command to obtain the bootstrap config data. Using the cpln apply command from the CLI or console does not output the config data.
Before creating a cloud account, additional configuration is required at the target cloud provider. Refer to the Create Cloud Account guide for instructions.
Before creating a domain, the required DNS entries must exist. Refer to the Configure a Domain guide for instructions.

Generate Sample Input

Samples of existing resources can be generated using the console or the CLI. These samples can assist when defining resources for your application. Using the console:

After selecting a resource, there will be an Actions pull down button in the upper right corner. Inside it you will find the View and Export options.
The View will allow you to see the resource definition as JSON, YAML and Terraform.
For the Export option select JSON Slim or YAML Slim to download the file.

Using the CLI:

Using the get command for each resource, the -o flag can output the resource as JSON or YAML.
For example: The command cpln gvc get GVC_NAME -o yaml-slim --org ORG_NAME will output the GVC_NAME as YAML.

The json-slim and yaml-slim format options will output only the necessary values needed for a subsequent call to the cpln apply command.

Use in GitOps

The apply command can be used to manage Control Plane resources as part of a CI/CD pipeline. Refer to the GitOps CLI documentation for additional information.

Example Templates

The examples below can be used as templates when creating your own metadata files. These files can be download here.

GVC

GVC Reference Page

{
  "kind": "gvc",
  "name": "example-gvc",
  "description": "example-gvc description",
  "tags": {
    "tag1": "value1"
  },
  "spec": {
    "pullSecretLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],
    "staticPlacement": {
      "locationLinks": [
        "/org/ORG_NAME/location/aws-eu-central-1",
        "/org/ORG_NAME/location/aws-us-west-2",
        "/org/ORG_NAME/location/azure-eastus2",
        "/org/ORG_NAME/location/gcp-us-east1"
      ]
    }
  }
}

Agent

Cloud Accounts

Cloud Accounts Reference Page

Cloud Account - AWS

{
  "kind": "cloudaccount",
  "name": "example-aws-cloud-account",
  "description": "example-aws-cloud-account description",
  "tags": {},
  "provider": "aws",
  "data": {
    "roleArn": "ROLE_ARN"
  }
}

Cloud Account - Azure

{
  "kind": "cloudaccount",
  "name": "example-azure-cloud-account",
  "description": "example-azure-cloud-account description",
  "tags": {},
  "provider": "azure",
  "data": {
    "secretLink": "/org/ORG_NAME/secret/AZURE_SECRET"
  }
}

Cloud Account - GCP

{
  "kind": "cloudaccount",
  "name": "example-gcp-cloud-account",
  "description": "example-gcp-cloud-account description",
  "tags": {},
  "provider": "gcp",
  "data": {
    "projectId": "PROJECT_ID"
  }
}

Cloud Account - NGS

{
  "kind": "cloudaccount",
  "name": "example-ngs-cloud-account",
  "description": "example-ngs-cloud-account description",
  "provider": "ngs",
  "data": {
    "secretLink": "/org/ORG_NAME/secret/NATS_SECRET"
  }
}

Domains

Secrets

Secrets Reference Page

Secret - AWS

{
  "kind": "secret",
  "name": "example-aws-secret",
  "description": "example-aws-secret description",
  "tags": {},
  "type": "aws",
  "data": {
    "accessKey": "AKIAIOSFODNN7EXAMPLE",
    "roleArn": "arn:awskey",
    "secretKey": "AKIAwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "externalId": "EXTERNAL_ID"
  }
}

Secret - Azure Connector

{
  "kind": "secret",
  "name": "example-azure-connector-secret",
  "description": "example-azure-connector-secret description",
  "tags": {},
  "type": "azure-connector",
  "data": {
    "code": "CODE",
    "url": "URL"
  }
}

Secret - Azure-SDK

{
  "kind": "secret",
  "name": "example-azure-sdk-secret",
  "description": "example-azure-sdk-secret",
  "tags": {},
  "type": "azure-sdk",
  "data": "{\"subscriptionId\":\"2cd8674e-4f89-4a1f-b420-7a1361b46ef7\",\"tenantId\":\"292f5674-c8b0-488b-9ff8-6d30d77f38d9\",\"clientId\":\"649846ce-d862-49d5-a5eb-7d5aad90f54e\",\"clientSecret\":\"cpln\"}"
}

Secret - Dictionary

{
  "kind": "secret",
  "name": "example-dictionary-secret",
  "description": "example-dictionary-secret description",
  "tags": {},
  "type": "dictionary",
  "data": {
    "key01": "value01",
    "key02": "value02"
  }
}

Secret - Docker

{
  "kind": "secret",
  "name": "example-docker-secret",
  "description": "example-docker-secret description",
  "tags": {},
  "type": "docker",
  "data": "{\"auths\":{\"https://index.docker.io/v1/\":{\"username\":\"USERNAME\",\"password\":\"PASSWORD\"}}}"
}

Secret - ECR

{
  "kind": "secret",
  "name": "example-ecr-secret",
  "description": "example-ecr-secret description",
  "tags": {},
  "type": "ecr",
  "data": {
    "accessKey": "AKIA_ACCESS_KEY",
    "repos": ["015716931711.dkr.ecr.us-west-2.amazonaws.com/repo"],
    "secretKey": "SECRET_KEY",
    "externalId": "EXTERNAL_ID"
  }
}

Secret - GCP

{
  "kind": "secret",
  "name": "example-gcp-secret",
  "description": "example-gcp-secret description",
  "tags": {},
  "type": "gcp",
  "data": "{\"type\":\"gcp\",\"project_id\":\"cpln12345\",\"private_key_id\":\"pvt_key\",\"private_key\":\"key\",\"client_email\":\"support@cpln.io\",\"client_id\":\"12744\",\"auth_uri\":\"cloud.google.com\",\"token_uri\":\"token.cloud.google.com\",\"auth_provider_x509_cert_url\":\"cert.google.com\",\"client_x509_cert_url\":\"cert.google.com\"}"
}

Secret - KeyPair

NOTE: The example below uses a self-signed certificate. Do not use for production.

{
  "kind": "secret",
  "name": "example-keypair-secret",
  "description": "example-keypair-secret description",
  "tags": {},
  "type": "keypair",
  "data": {
    "passphrase": "cpln",
    "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrVyExI0uvRmwCAKFHiv\nbaAcPMcKJDa6f6TtaVo2p8jyfEhVwDTmR3FUrDDZAjh0Q8G/Up8Ob3+IJafNymCO\nBhUKou+8ie7guqsbU9JrT0Zos1k/pd0aVfnAR0EpW3es/7fdkWUszU0uweeEj22m\nXMlLplnqqoYOGAhuNMqGsZwBr36Bxq9EeB2O79QsAFDNkPVg7xIaYKn32j69o0Zr\nryYI8xqOYYy5Dw6CX+++YYLYiR/PkLYJTVAsxXeqyltCfb3Iv7vN5HrfoYBhndr3\nNxBPkcIJZeh3Z+QzfJ5U+bB5fP/aOsEk5bPbtLzylj2KnOOM/ZxXJtOcu0xtJLd3\nXwIDAQAB\n-----END PUBLIC KEY-----\n",
    "secretKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,9A26BB15304B18E7\n\nZdBgMExsvIJEsIFDMQ02xh4nDnhXEGUNu7LiWIZjn9WS6QB2jApyOFOBWmp0lK6L\ndIJ+Mb8wMeHtkiKS6ZbYeea8M29kwEejZRnKl1Wq0EFycdwbONtbcbjzF+tQGEBT\ngQQgkY7wjDWl8HwjFEA+NUuitzi6uI2xWlQpFdUrmqJAZCbxNFa0aM8nW6jnitvP\n616ps3HjLnWCjoyqS4hWxiWmt+VE3KruPnUVVV7bWlzc6jnoZcSaeqeaoQrNKguH\nte2iBIMdY/uldb7Ik2Kxr2+kBRmV4YNkp1EelNi/m39VcoUHJLk1jLldzuINhbi2\nIRqYZe4EEMSYdb3TkSosXa64Sz7jMBz5AxlA0n78FKlB9G5FAxaXcVYNQIlvzCbw\nuXPbQd/UYKUuEI1Yn8OmGBN5xcOdgWz8hfyxA2Hq1tmo1XN6snavGe7TKbZd70N+\n1yFbclB2T1z8fPcLwUZUxOl4g2DoMMHIzCSPaIe/otT8389k4H6hEulLis4lW0p3\nqopL5kdpxmSGgXsX6q6CUFb/0cw9HskNT3zbzKLx2MzjFCo93IB07UxPwkCD2kb1\nsLKMcpTC8a0vLaTVNYgDX7wW/YjBrCokaqk0z1whuN6iSReOtvmu5ybrq1Ksg8UQ\nyvCSScM/+muKi+gbEOskQs4Ph3ZLHqAX3/XYoyBcFnPNxVHTIa5Dcju6h5gl1/uY\n6tkRsHDr0Lzy8pd6jjf/ApPf9ypCuxKUO1q8PzPg2E4bmEFxc8zOB2NLvfPgFrUR\n0Sbkapv/6x6nNRw75cu69c5we/atip6wst8J1MSU0fTqb6bZ3TF2pDyNEOkdkvoZ\nYZ0r3hUytdT0pImoDLKoyy17mtHLLApzHyIgmR3cqtSt07ncmC5lyEBcZBrQXMa8\naZeOr8iUWQE/q+4BvoxeKsOD6ttKuFnrgl0rmMnYQsSyLJOPizrU4L1d1HMIKswm\niW+Rg7xlWmQg95m8XEWTjAb3tuNz/tGXC7Qa88HvC7YfyG69yM61oPsT83YnxcBT\nC/X67lSFTYguFa3HgDZpjGq7Hc/Q7nhaoqNMEs01O6jbcmrue8IIa2FH1tTwPN0W\nD7JefjCQjEghue2mjc0fovOGe9A9jvWf+gJHF3vRtFa67uQiQxge9zUzpHyVNpOj\nVe0y0HvibNTd6TSCArctJpIcwpjO3MTT5LBJ1p/8v4b4+knEKD2c69jumNbKGbWr\nWjq39M/MGNUO5SbZMO3gFCt6fgtXkOktH9pJ9iOQpYKgl7QTe2qQygfWkIm0EZRN\n6EaQdNNKgENWicpKyKQ4BxoY1LYAHFHJ95VisLf3KmmOF5MwajADZQT/yth3gvht\nxx21b9iudcgq/CRccSvfIPIWZKi6oaqNIXK+E3DQd40TUopLsBWzacTZn9maSZtW\nRyAY1TkRn1qDR2soyhBcihrX5PZ83jnOlM3XTdfF1784g8zB9ooDnK7mUKueH1W3\nhWFADMUF7uaBbo5EZ9sE+dFPzWPJLhu2j67a1iHmByqEvFY64lzq7VwwU/GE8JdA\n85oEkhg1ZEPJp3OYTQfPI/CC/2fc93Exf6wmaXuss8AHehuGcKQniOZmFOKOBprv\n-----END RSA PRIVATE KEY-----"
  }
}

Secret - Opaque

{
  "kind": "secret",
  "name": "example-opaque-secret",
  "description": "example-opaque-secret",
  "tags": {},
  "type": "opaque",
  "data": {
    "encoding": "plain",
    "payload": "sample payload"
  }
}

Secret - TLS

{
  "kind": "secret",
  "name": "example-tls-secret",
  "description": "example-tls-secret description",
  "tags": {},
  "type": "tls",
  "data": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t",
    "chain": "-----BEGIN CERTIFICATE-----\nMIID+zCCAuOgAwIBAgIUEwBv3WQkP7dIiEIxyj+Wi1STz7QwDQYJKoZIhvcNAQEL\nBQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQH\nDAtMb3MgQW5nZWxlczENMAsGA1UECgwEQ1BMTjERMA8GA1UECwwIQ1BMTi1PUkcx\nEDAOBgNVBAMMB2NwbG4uaW8xHjAcBgkqhkiG9w0BCQEWD3N1cHBvcnRAY3Bsbi5p\nbzAeFw0yMDEwMTQxNzI4MDhaFw0zMDEwMTIxNzI4MDhaMIGMMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLTG9zIEFuZ2VsZXMxDTAL\nBgNVBAoMBENQTE4xETAPBgNVBAsMCENQTE4tT1JHMRAwDgYDVQQDDAdjcGxuLmlv\nMR4wHAYJKoZIhvcNAQkBFg9zdXBwb3J0QGNwbG4uaW8wggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDBzN2jRf9ouoF4XG0eUxcc4f1sP8vhW1fQXjun3cl0\nRsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvNrsl7U4iJIEcJL6vTqHY7jTGXQkd9\nyPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWnpvg157mJ/u9qdyU+1h8DncES30Fk\nPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88INbBHLjxBQgwTu0vgMxN34b5z+esHr\naetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBiL2TeDrnEY6qP/ZoGuyyVnsT/6pHY\n/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/ljq0e1j69AgMBAAGjUzBRMB0GA1Ud\nDgQWBBRxncC/8RRio/S9Ly8tKFS7WnTcNTAfBgNVHSMEGDAWgBRxncC/8RRio/S9\nLy8tKFS7WnTcNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAr\nsDZQj4K47fW6JkJbxlzZ1hd7IX6cQhI/DRIdTGR1u0kM1RtZoS0UtV5qsYV/g/S4\nChuB/aIARyTWvHKDhcT3bRGHLnoZJ8pLlQh4nEfO07SRhyeNiO4qmWM9az0nP5qD\nwAXpLpmYIairzAgY7QXbk5wXbTrXli3mz14VaNoqN4s7iyLtHn5TGAXc12aMwo7M\n5yn/RGxoWQoJqSQKc9nf909cR81AVCdG1dFcp7u8Ud1pTtlmiU9ZJ/YOXDCT/1hZ\nYxoeotDBBOIao3Ym/3351somMoQ7Lz6hRWvG0WhDIsCXvth4XSxRkZFXgjWNuhdD\nu2ZCis/EwXsqRJPkIPnL\n-----END CERTIFICATE-----\t\t",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBzN2jRf9ouoF4\nXG0eUxcc4f1sP8vhW1fQXjun3cl0RsN4jRdOyTKWcls1yAxlOkwFod8d6HND9OvN\nrsl7U4iJIEcJL6vTqHY7jTGXQkd9yPONMpMXYE8Dsiqtk0deoOab7fafYcvq1iWn\npvg157mJ/u9qdyU+1h8DncES30FkPsG8TsIsjx94JkTJeMmEJxtws4dfuoCk88IN\nbBHLjxBQgwTu0vgMxN34b5z+esHraetDN2fqxSoTOeIlyFzeS+kwG3GK4I1hUQBi\nL2TeDrnEY6qP/ZoGuyyVnsT/6pHY/BTAcH3Rgeqose7mqBT+7zlxDfHYHceuNB/l\njq0e1j69AgMBAAECggEAPGhrPZV4A2D/MlE9AhLMRYh7wd4w4tHiEWUOG0kank/g\nZhc0iK5WQmbq31y34GXHhInsThpCs5AIYFh3HSXwjS2udsKRQKxmDjH4nzldp2uX\n3w9Aoiy29GP4wZoCyRBGUZxfH1cQhOazXgrBm6vbPZRldD4nMer0R+BIamWEsIYD\nYjDj1pT0noLUSeqoLmGxSQ4DNIBQVZB/T8ziMcEzl6bhprT0QrapJSyD2CtA8tH1\nZ8cyhmyE0CUvSkV4K2ecvVukWBJvrAYc6euPAnkS5LJrQotI5+3jJO2QawOlL6Uw\nrFWBpgBrCgbzquMRpDCQ/J9/GDYaZjim4YdonboBgQKBgQD7jx3CVnG4LDz198am\nspmPwKCW1ke6PhlG7zf3YR00xg9vPBYiy4obb1Jg6em1wr+iZ0dEt8fimeZXewBf\nLzlrR8T1Or0eLzfbn+GlLIKGKhn2pKB/i1iolkfIonchqXRk9WNx+PzjgUqiYWRC\n/1tH2BsODlVrzKL2lnbWKNIFdQKBgQDFOLedpMeYemLhrsU1TXGt1xTxAbWvOCyt\nvig/huyz4SQENXyu3ImPzxIxpTHxKhUaXo/qFXn0jhqnf0LfWI4nbQUbkivb5BPr\nKY9aj7XwwsY4MXW5C12Qi0lIwHOWCmfzvyS7TCMqnQb7sT4Mjmm4ydEbiI1TjlFJ\nD/RFxzcDKQKBgQCehPcJyZNrrWTU0sh5rz4ZWhdYNbuJXyxqiMBJwQa4hL6hJ8oD\nLyPeWe4daAmAIjLEUjSU1wK8hqKiKb54PLgAJH+20MbvyG14lm2Iul2d0dX+mIsT\nFGpQAjNF+Sr9KV1RaVi7L12ct5KidKDLn0KUKVgTKXEmtxNSNEq6dYqzKQKBgDI8\nzljzvnwSwNloIYgAYDK+FPGHU/Z8QrVHOQ1lmyn+8aO41DfeqZPeVW4b/GrII3QC\nHnqsWdJ32EZOXoRyFFPqq2BojY+Hu6MthPy2msvncYKi5q/qOz00nchQbaEMqYon\naH3lWRfjxAGdFocwR7HwhrmSwR1FpWMNE1Yq9tJxAoGBANc0nZSy5ZlTiMWdRrTt\ngFc9N/jz8OL6qLrJtX2Axyv7Vv8H/gbDg4olLR+Io38M0S1WwEHsaIJLIvJ6msjl\n/LlseAW6oiO6jzhWEr0VQSLkuJn45hG/uy7t19SDuNR7W5NuEr0YbWd6fZEpR7RR\nS1hFKnRRcrVqA+HjWnZ//BGi\n-----END PRIVATE KEY-----"
  }
}

Secret - Username/Password

{
  "kind": "secret",
  "name": "example-username-secret",
  "description": "example-username-secret description",
  "tags": {},
  "type": "userpass",
  "data": {
    "encoding": "plain",
    "password": "PASSWORD",
    "username": "USERNAME"
  }
}

Groups

Groups Reference PageSee the Group Query Rules reference page for details on how to create a query.

{
  "kind": "group",
  "name": "example-group",
  "description": "example-group description",
  "tags": {},
  "memberLinks": ["/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME", "/org/ORG_NAME/user/USER_EMAIL", "/org/ORG_NAME/user/USER_EMAIL"],
  "memberQuery": {
    "kind": "user",
    "fetch": "items",
    "spec": {
      "match": "all",
      "terms": [
        {
          "op": "=",
          "tag": "test-tag",
          "value": "test-value"
        }
      ]
    }
  }
}

Policies

Policies Reference PageThe first example shows a policy for an explicit secret (‘targetLinks’) that contain a binding for all four of the principal types with the ‘edit’ and ‘manage’ permissions.The second example shows a policy that targets all secrets within the org. When the target key set to all. The targetLinks and targetQuery properties are not evaluated.Each ‘targetKind’ has its own unique set of binding permissions. The permissions can be obtained by:

Running the CLI permissions command (e.g., cpln secret permissions), or
The reference page for each target (e.g. Secret Permissions).

Policy - Explict Secret

{
  "kind": "policy",
  "name": "example-policy-explicit",
  "description": "example-policy description",
  "tags": {},
  "targetKind": "secret",
  "bindings": [
    {
      "permissions": ["edit", "manage"],
      "principalLinks": [
        "/org/ORG_NAME/group/GROUP_NAME",
        "/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME",
        "/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME",
        "/org/ORG_NAME/user/USER_EMAIL"
      ]
    }
  ],
  "targetLinks": ["/org/ORG_NAME/secret/SECRET_NAME"],
  "targetQuery": {
    "kind": "secret",
    "fetch": "items",
    "spec": {
      "match": "all",
      "terms": [
        {
          "op": "=",
          "tag": "example-tag",
          "value": "example-value"
        }
      ]
    }
  }
}

Policy - All Secrets

{
  "kind": "policy",
  "name": "example-policy-all",
  "description": "example-policy-all description",
  "tags": {},
  "targetKind": "secret",
  "target": "all",
  "bindings": [
    {
      "permissions": ["edit", "manage"],
      "principalLinks": [
        "/org/ORG_NAME/group/GROUP_NAME",
        "/org/ORG_NAME/gvc/GVC_NAME/identity/IDENTITY_NAME",
        "/org/ORG_NAME/serviceaccount/SERVICE_ACCOUNT_NAME",
        "/org/ORG_NAME/user/USER_EMAIL"
      ]
    }
  ]
}

Quickstart

Concepts

Guides

External Logging

Kubernetes (Managed)

Bring your Own Kubernetes (BYOK)

Terraform Provider

Pulumi Provider

Kubernetes Operator

Reference

Overview

Using the CLI

Apply a K8s File

Apply Standard Input

Using the Console

Multiple Resources

Renaming of Resources

Limitations

Generate Sample Input

Use in GitOps

Example Templates

Quickstart

Concepts

Guides

External Logging

Kubernetes (Managed)

Bring your Own Kubernetes (BYOK)

Terraform Provider

Pulumi Provider

Kubernetes Operator

Reference

​Overview

​Using the CLI

​Apply a K8s File

​Apply Standard Input

​Using the Console

​Multiple Resources

​Renaming of Resources

​Limitations

​Generate Sample Input

​Use in GitOps

​Example Templates

Overview

Using the CLI

Apply a K8s File

Apply Standard Input

Using the Console

Multiple Resources

Renaming of Resources

Limitations

Generate Sample Input

Use in GitOps

Example Templates