Skip to content

Commit

Permalink
fix: 1) add auth to docs 2) correct params in README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@vavsab
vavsab committed Mar 14, 2024
1 parent 399aa29 commit e2ce436
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 9 deletions.
11 changes: 5 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,11 @@ dotnet add package Pulumiverse.cpln

The following configuration points are available for the `cpln` provider:

- `cpln:domain` - domain used to connect to the cpln instance
- `cpln:insecure` - use insecure connection
- `cpln:jwtProfileFile` - path to the file containing credentials to connect to cpln. Either `jwtProfileFile` or `jwtProfileJson`
- `cpln:jwtProfileJson` - JSON value of credentials to connect to cpln. Either `jwtProfileFile` or `jwtProfileJson` is required
- `cpln:port` - used port if not the default ports 80 or 443 are configured
- `cpln:token` - path to the file containing credentials to connect to cpln
- `cpln:org` - The Control Plane org that this provider will perform actions against
- `cpln:endpoint` - The Control Plane Data Service API endpoint
- `cpln:profile` - The user/service account profile that this provider will use to authenticate to the data service
- `cpln:token` - A generated token that can be used to authenticate to the data service API
- `cpln:refreshToken` - A generated token that can be used to authenticate to the data service API

## Reference

Expand Down
21 changes: 18 additions & 3 deletions docs/installation-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,23 @@ The Pulumi Control Plane (cpln) provider is available as a package in all Pulumi
## Setup

To provision resources with the Pulumi Control Plane (cpln) provider, you need to authenticate with one of the available options.

TODO: Enumerate those here.
1. CLI
- [Install the CLI](https://docs.controlplane.com/reference/cli#installation) and execute the command `cpln login`. After a successful login, the Pulumi provider will use the `default` profile to authenticate. To use a different profile, set the `profile` variable when initializing the provider or set the `CPLN_PROFILE` environment variable.
2. Token
- The `token` variable can be set when initializing the provider or by setting the `CPLN_TOKEN` environment variable.
- The value of `token` can be either:
- The output of running the command `cpln profile token PROFILE_NAME`, or
- In the case of a [Service Account](https://docs.controlplane.com/reference/serviceaccount), the value of one of it's [keys](https://docs.controlplane.com/reference/serviceaccount#keys)
3. Refresh Token
- The `refreshToken` variable is used when the provider is required to create an org or update the `authConfig` property using the `Org` resource. The `refreshToken` variable can be set when initializing the provider or by setting the `CPLN_REFRESH_TOKEN` environment variable.
- When creating an org, the `refreshToken` **must** belong to a user that has the org_creator role for the associated account.
- When updating the org `authConfig` property, the `refreshToken` **must** belong to a user that was authenticated using SAML.
- The `refreshToken` can be obtained by following these steps:
- Using the CLI, authenticate with a user account by executing `cpln login`.
- Browser to the path `~/.config/cpln/profiles`. This path will contain JSON files corresponding to the name of the profile (i.e., `default.json`).
- The contents of the JSON file will contain a key named `refreshToken`. Use the value of this key for the `refreshToken` variable.

To perform automated tasks using Pulumi, the preferred method is to use a `Service Account` and one of it's `keys` as the `token` value.

## Configuration Options

Expand All @@ -29,4 +44,4 @@ Use `pulumi config set cpln:<option>`.
| `endpoint`| Optional | The Control Plane Data Service API endpoint. Default is: `https://api.cpln.io`. Can be specified with the `CPLN_ENDPOINT` environment variable. |
| `profile`| Optional | The user/service account profile that this provider will use to authenticate to the data service. Can be specified with the `CPLN_PROFILE` environment variable. |
| `token`| Optional | A generated token that can be used to authenticate to the data service API. Can be specified with the `CPLN_TOKEN` environment variable |
| `refreshToken`| Optional | A generated token that can be used to authenticate to the data service API. Can be specified with the `CPLN_REFRESH_TOKEN` environment variable. Used when the provider is required to create an org or update the `authConfig` property. Refer to the [auth docs](https://registry.terraform.io/providers/controlplane-com/cpln/latest/docs#authentication) on how to obtain the refresh token. |
| `refreshToken`| Optional | A generated token that can be used to authenticate to the data service API. Can be specified with the `CPLN_REFRESH_TOKEN` environment variable. Used when the provider is required to create an org or update the `authConfig` property. |

0 comments on commit e2ce436

Please sign in to comment.