From e2ce4365e14a3c5b69457a6e452f7e5cd5f0013f Mon Sep 17 00:00:00 2001 From: Ivan Sabelnikov Date: Thu, 14 Mar 2024 11:05:44 +0000 Subject: [PATCH] fix: 1) add auth to docs 2) correct params in README.md --- README.md | 11 +++++------ docs/installation-configuration.md | 21 ++++++++++++++++++--- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 07af8b2..3eaaa17 100644 --- a/README.md +++ b/README.md @@ -48,12 +48,11 @@ dotnet add package Pulumiverse.cpln The following configuration points are available for the `cpln` provider: -- `cpln:domain` - domain used to connect to the cpln instance -- `cpln:insecure` - use insecure connection -- `cpln:jwtProfileFile` - path to the file containing credentials to connect to cpln. Either `jwtProfileFile` or `jwtProfileJson` -- `cpln:jwtProfileJson` - JSON value of credentials to connect to cpln. Either `jwtProfileFile` or `jwtProfileJson` is required -- `cpln:port` - used port if not the default ports 80 or 443 are configured -- `cpln:token` - path to the file containing credentials to connect to cpln +- `cpln:org` - The Control Plane org that this provider will perform actions against +- `cpln:endpoint` - The Control Plane Data Service API endpoint +- `cpln:profile` - The user/service account profile that this provider will use to authenticate to the data service +- `cpln:token` - A generated token that can be used to authenticate to the data service API +- `cpln:refreshToken` - A generated token that can be used to authenticate to the data service API ## Reference diff --git a/docs/installation-configuration.md b/docs/installation-configuration.md index 1334bf5..77fda56 100644 --- a/docs/installation-configuration.md +++ b/docs/installation-configuration.md @@ -16,8 +16,23 @@ The Pulumi Control Plane (cpln) provider is available as a package in all Pulumi ## Setup To provision resources with the Pulumi Control Plane (cpln) provider, you need to authenticate with one of the available options. - -TODO: Enumerate those here. +1. CLI + - [Install the CLI](https://docs.controlplane.com/reference/cli#installation) and execute the command `cpln login`. After a successful login, the Pulumi provider will use the `default` profile to authenticate. To use a different profile, set the `profile` variable when initializing the provider or set the `CPLN_PROFILE` environment variable. +2. Token + - The `token` variable can be set when initializing the provider or by setting the `CPLN_TOKEN` environment variable. + - The value of `token` can be either: + - The output of running the command `cpln profile token PROFILE_NAME`, or + - In the case of a [Service Account](https://docs.controlplane.com/reference/serviceaccount), the value of one of it's [keys](https://docs.controlplane.com/reference/serviceaccount#keys) +3. Refresh Token + - The `refreshToken` variable is used when the provider is required to create an org or update the `authConfig` property using the `Org` resource. The `refreshToken` variable can be set when initializing the provider or by setting the `CPLN_REFRESH_TOKEN` environment variable. + - When creating an org, the `refreshToken` **must** belong to a user that has the org_creator role for the associated account. + - When updating the org `authConfig` property, the `refreshToken` **must** belong to a user that was authenticated using SAML. + - The `refreshToken` can be obtained by following these steps: + - Using the CLI, authenticate with a user account by executing `cpln login`. + - Browser to the path `~/.config/cpln/profiles`. This path will contain JSON files corresponding to the name of the profile (i.e., `default.json`). + - The contents of the JSON file will contain a key named `refreshToken`. Use the value of this key for the `refreshToken` variable. + +To perform automated tasks using Pulumi, the preferred method is to use a `Service Account` and one of it's `keys` as the `token` value. ## Configuration Options @@ -29,4 +44,4 @@ Use `pulumi config set cpln: