Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

CipherTrust Manager Administration

Connection Manager

search

Please Note:

Connection Manager

The Connection Manager contains a list of all connections to the resources that are external to the CipherTrust Manager server. Any resource that you intend to use with CipherTrust Manager and that resides outside of the CipherTrust Manager infrastructure has to be added using the Connection Manager.

Only Connection Admins can add, edit, delete, or test a connection.

Accessing the Connection Manager

To access the Connection Manager, log in to CipherTrust Manager as administrator. Next, click Keys & Access Management on the main screen, and then select Connections from the sidebar on the left.

The Connections Management screen is displayed. It is divided into:

CONNECTIONS

The tabular view lists all the currently configured connections. You can arrange the list in different orders, by clicking on the column headers to sort it by that column. The table has the following columns:

  • Name - name of the connection

  • Creation - date when the connection was created

  • Type - type of connection

  • Products - name of the product that uses the connection

  • State - state that the connection is in. It is one of these states:

    • Not tested - connection has not been tested

    • Fail - connection has been tested and the test failed. The date when the connection failed is displayed to the right

    • Ready - connection is properly configured and ready

The last column contains an ellipsis icon (...). When clicked, it displays a menu that allows you to perform the following operations on the existing connections:

  • View/Edit - view and edit the connection

  • Test Connection - test the connection

  • Delete - delete the connection

Use the filters in the column headers to filter through multiple connections and display only those that you wish to display.

Use the Search box to search for a specific connection.

Refer to Adding a New Connection to add a new connection.

INTERNAL CONNECTIONS

The tabular view lists all the currently configured servers. You can arrange the list in different orders, by clicking on the column headers to sort it by that column. The table has the following columns:

  • Hostname - hostname of the server

  • Description - description of the server

  • Created - date when the server was created

  • Service - type of service

  • Products - name of the product that uses the server

The last column contains an ellipsis icon (...). When clicked, it displays a menu that allows you to perform the following operations on the existing servers:

  • Delete - delete the server

  • Download Server Cert - download the server certificate

Click the Download Luna Client Cert button to download the certificate of the Luna client registered with Luna HSM.

Use the filters in the column headers to filter through multiple servers and display only those that you wish to display.

Use the Search box to search for a specific server.

Refer to Adding an Internal Connection (Server) to add the servers.

Adding a New Connection

Before adding a new AWS connection, ensure that time on the CipherTrust Manager and AWS is in sync. To change the time on the CipherTrust Manager, use the NTP server or run the date or timedatectl command.

Click the + Add Connection button to open the Add Connection wizard. The wizard consists of these four steps:

  • Select Connection Type

  • General Info

  • Configure Connection

  • Add Products

1. Select Connection Type

In the Select Category section, click the Cloud, TDP, HSM, File-Share, Key Manager, or SCP tile and select a desired connection type from the Select Type menu:

  • Cloud: Amazon Web Services (AWS), Microsoft Azure, Salesforce, Google Cloud Platform (GCP), or Oracle Cloud Infrastructure (OCI). All are cloud computing platforms and CipherTrust Cloud Key Manager (CCKM) manages cloud keys for these cloud services.

  • TDP: Hadoop Knox. It provides a single point of authentication and access for Hadoop services in a cluster.

  • HSM: Luna Network HSM. It allows CCKM to manage and perform operations on the keys stored on HSM.

  • File-Share: CIFS/SMB. It provides access to the shared files available in the network.

  • Key Manager: DSM Connection. It provides a single point of authentication and access for DSM in a cluster.

  • SCP: SCP. It helps to securely transfer system backup from CipherTrust Manager to the external servers.

Click Next to move to the next step.

2. General Info

In this step, provide a Name and Description (optional) for the new connection.

Click Next to move to the next step.

3. Configure Connection

Amazon Web Services

  • Access Key ID - an access key is a long-term credential for an AWS account root user. An access key consists of two parts: an access key ID and a secret access key (pretty much like a user name and password). This is the user name part.

  • Secret Access Key – this is the password part of the access key. Select the Show Secret Access Key check box to view the password as open text.

  • Cloud Name - the name of the AWS cloud to connect to. Currently, only the following options are available:

    • AWS

    • AWS-US-GOV

    • AWS-CN

  • Assume Role - the AWS Assume Role. For more details, refer to the AWS documentation, (see "Identity and Access Management (IAM) role").

  • Assume Role External ID - the external ID for an IAM role in AWS (Assume Role). This is something that you may want to use when you need to give access to your AWS resources to a third party. For more details, refer to the AWS documentation (see "Identity and Access Management (IAM) role").

Click Next to move to the next step.

Microsoft Azure

  • Client ID - this is an Application ID of the Azure application. It can be used either with Client Secret or Certificate to authenticate the application.

  • Tenant ID - this is the Office365 tenant ID. It is a globally unique identifier (GUID). For more details, refer to the Azure documentation.

  • Cloud Name - the name of the Azure cloud to connect to. Currently, only the following options are available:

    • Azure Cloud

    • Azure China Cloud

    • Azure US Government

    • Azure Stack - For Azure Stack configuration, refer to Configure Azure Stack.

  • Authentication - you can use either Client Secret or Certificate for authentication purpose.

    • Client Secret – this authentication method uses the application password of the Client ID to enable communication between Azure and CipherTrust Manager.

    • Certificate - this authentication method is used to enable password-less communication between Azure and CipherTrust Manager. To do so:

      • Select the Certificate radio button and click the Generate and Download button.

      • Upload the downloaded certificate on Azure for the provided Client ID.

      • Once the upload is done, verify the Thumbprint on the CipherTrust Manager and Azure and both the thumbprints must match.

      • Click the Test Credentials button to verify if the certificate authentication is working.

      The default certificate duration is 10 years.

      Azure Stack does not support Certificate authentication.

  • Configure Azure Stack

    • This configuration is applicable to Azure Stack only.
    • Configuring an Azure Stack connection requires various URLs, described below. To get these URLs, run the command Get AzureRmEnvironment in your Azure AD VM. Refer to Connect with Azure AD for details.

    • Azure Stack Connection Type - Azure stack supports two types backed by Active Directory as an identity provider:

      • AAD - Azure Active Directory

      • ADFS - Active Directory Federation Services

    • Active Directory Endpoint - this is a URL at which the identity providers can be reached. For example, https://login.microsoftonline.com/

    • Key Vault DNS Suffix - this is a DNS suffix for the key vault in the Azure Stack. For example, vault.local.azurestack.external.

    • Management URL - this is the URL with a unique identifier for Azure Resource Manager registered with your identity provider.

    • Resource Manager URL - this URL is the location of the Azure Resource Manager service. For example, https://management.azure.com or https://management.local.azurestack.external

    • Vault Resource URL - this is the URL to access vault resources. For example, https://vault.local.azurestack.external

    • Azure Server Certificate - this is the Server certificate used by HTTPS protocol for a secure connection.

Salesforce

  • Username - username to access the Salesforce server.

  • Client ID - application ID of the Salesforce application. It can be used either with Client Secret or Certificate to authenticate the application.

    The Salesforce Connection Manager does not allow using one client id for multiple connections for certificate based authentication. This limitation exists because the Salesforce server allows only one certificate for a client id at any given time.
    However, if client credential based authentication is used, multiple connections are allowed with one client id.

  • Cloud Name - the name of the Salesforce cloud to connect to. Currently, only the following options are available:

    • Salesforce Sandbox Cloud

    • Salesforce Cloud

  • Authentication - you can use either Client Secret or Certificate for authentication purpose.

    • Client Secret – this authentication method uses the account password and the Client Secret for the given Client ID to enable the communication between Salesforce and the CipherTrust Manager.

    • Certificate - this authentication method is used to enable password-less communication between Salesforce and the CipherTrust Manager. To do so:

      • Specify the Certificate Duration in Days ( 1 day to 10 years).

        The default certificate duration is 10 years.

      • Select the Certificate radio button and click the Generate and Download button.

      • Upload the downloaded certificate on Salesforce for the provided Client ID.

      • Once the upload is done, verify the Certificate Subject on the CipherTrust Manager and Salesforce, and both the Certificate Subjects must match.

Click Next to move to the next step.

Currently, the only product supported for Salesforce connection is Cloud Key Manager.

SAP Data Custodian

  • API Endpoint - this is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:

    1. Create a temporary technical user (TU).

    2. Generate its credentials and download them.

    The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.

  • Username - provide username to access the SAP data custodian server.

  • Secret - provide secret (password).

  • Tenant - provide tenant.

The username, secret, and tenant are standard user credentials for SAP data custodian. Currently, the CipherTrust Manager only supports standard user credentials for authentication.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Currently, the only product supported for SAP Data Custodian connection is Cloud Key Manager.

Oracle Cloud Infrastructure (OCI)

To configure an OCI connection:

  • Tenancy OCID: OCID of the tenancy.

  • User OCID: OCID of the user.

  • Region: An Oracle Cloud Infrastructure region.

  • Fingerprint: Fingerprint of the public key added to this user.

  • Key File: Private key file for the OCI connection in the PEM format. Either upload the key file or paste the file content.

    • File Upload: Select and click Upload Certificate to upload the key file from your machine.

    • Text: Select and paste the certificate content in the text field.

  • Passphrase: Passphrase of the encrypted key file.

Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Currently, the only product supported for OCI connection is Cloud Key Manager.

Google Cloud Platform (GCP)

  • Key File - upload the key file that you have got from the GCP console while creating the service account.

  • Cloud Name - select the Google from the drop-down list.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Currently, the only product supported for Google connection is Cloud Key Manager.

Hadoop Knox

Only one TDP connection of a particular type (Hadoop Knox) can be created at a time on the CipherTrust Manager. The Hadoop Knox connections are supported in the root domain only.

For Hadoop Knox, only HTTPS protocol is supported.

While testing a Hadoop Knox connection, if the connectivity is working for any one of the nodes in the connection, the overall connection status will be true.

Add Knox Node

  • Node Host - provide hostname of a Hadoop Knox node.

  • Port - provide port number of the Hadoop Knox node.

  • Certificate - upload the Hadoop Knox node certificate.

To add multiple nodes in a Hadoop Knox connection, click +Add Knox Node.

  • Topology – provide the Knox topology. The default topology name is "default". If you are not using the default topology, name your own topology.

  • Authentication – provide a valid credential provisioned in the authentication service configured on Knox through in Ambari.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Luna Network HSM

To use Luna Network HSM as a key source, you must configure Luna Network connection and HSM server. To configure HSM server, refer to Adding an Internal Connection (Server).

It is mandatory to create one or more HSM Servers before creating an HSM Connection.

To configure the Luna Network HSM connection:

  • Partition Server Hostname/IP - select the hostname/IP of the server from the drop-down list

  • Partition Label - label of the HSM partition

  • Partition Serial No - serial number of the HSM Partition

  • Add Partition - click this button to add the multiple partitions

  • Partition Password - password of the HSM partition(s)

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Currently, the only product supported for LUNA Network HSM connection is Cloud Key Manager.

Server Message Block (SMB)

  • Host - IP or FQDN of the SMB share server.

  • Port - the port where the SMB service is running on the host.

    The Host and Port fields must be specified together, or do not specify any of them. If Host and Port are not specified while creating a connection, these fields cannot be added later.

  • Username - username to access the SMB share.

  • Password - password to access the SMB share.

  • Domain - workgroup or domain under which the username is configured. It is an optional field.

  • Test Path - path to the file-share for which the credentials need to be tested. It is only required to test the connections.

The Common Internet File System (CIFS) is a dialect of SMB.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

The Host, Port, and Test Path fields are mandatory for testing the connection credentials.

Click Next to move to the next step.

DSM Connection

Add DSM Node

  • Node Hostname/IP - provide hostname or IP of a DSM node.

    If the DSM hostname cannot be resolved, then a DNS entry must be added under Admin Settings > DNS Hosts.

  • Certificate - upload the DSM node certificate. This is the DSM server certificate (for example, DSM.cer) you downloaded to your local machine.

To add multiple nodes in a DSM connection, click +Add DSM Node.

Nodes must be from the same DSM cluster.

For Authentication

  • Username - username of the DSM server.

  • Password - password of the DSM server.

  • Domain ID - provide domain Id if DSM user is restricted to a domain. It is an optional field.

    While creating a connection to DSM on the CipherTrust Manager, if the user is a local domain admin in the DSM, then a domain ID is required.
    Let's assume, user "U1" manages/owns the domain "D1".
    To get the domain id, follow this process:
    1. "U1" requests the System Administrator of DSM to provide the domain id for "D1".
    2. System Administrator calls the /dsm/v1/domains API to fetch the list of domains. This API returns details of all domains including their IDs.
    3. System Administrator finds the domain ID of domain "D1" and provides it to "U1".

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Secure Copy Protocol (SCP)

The SCP connections are supported in the root domain only.

  • Host - IP/hostname of the SCP server.

  • Port - port number of the SCP server. Default port is 22.

  • Username - username of the SCP server.

  • Auth Method - you can use either Password or Key for authentication purpose.

    Authentication MethodDescription
    Passwordpassword to authenticate the SCP server.
    Keypublic key used for authentication. Click the Download Public key for SSH authentication button.
    To upload the fetched key to the list of authorized keys on the SCP server, refer to the Uploading Key to the List of Authorized Keys on the SCP Server section.
  • Public key of SCP Server - public key of the SCP server. It is used to verify the identity of the host through key fingerprint. It is available at the /etc/ssh location on the SCP server. To find the public key of the SCP server, refer to Finding Public Key of the SCP Server section.

  • Path to - path of the SCP server where backup will be transferred.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

While testing the SCP connection, a file with the name temp-cm-scp-test-connection is created at the specified path on the SCP server.

Click Next to move to the next step.

The only product supported for SCP connection is Backup/Restore.

Uploading Key to the List of Authorized Keys on the SCP Server

To upload the fetched key to the list of authorized keys on the SCP server, perform the following steps:

  1. Open the downloaded key and copy its content without quotes (“”).

  2. Append the content of this public key to the following file (authorized_keys) on the SCP server. This file is available at: /home/<SCP user>/.ssh/authorized_keys.

  3. Save the file and exit.

    Example

    Run the below command to get the content of the authorized_keys file:

    ubuntu@ip:/etc/ssh$ cat /home/ubuntu/.ssh/authorized_keys

    Output:

    ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev

    Append the content of public key of the CipherTrust Manager:

    ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDevssh-rsa...<content of public key of CipherTrust Manager>...P9+9JRqDINamNougibgw==

    In this example, the highlighted code is the public key downloaded from Step 1.

Finding Public Key of the SCP Server

Following example shows how to find the public key of the SCP server.

Example

Copy the default SSH public key (ssh_host_ecdsa_key.pub) of the SCP server. This key is available at: /etc/ssh/.

Run the command:

ubuntu@ip:/etc/ssh$ cat ssh_host_ecdsa_key.pub

Output:

ecdsa-sha2-nistp256.....YcS6IzvTZZ6tpL/F65f/M= root@ip

By default, the ssh_host_ecdsa_key (private key) is used for SSH authentication. However, you can also use other keys for SSH authentication. To do so, uncomment other options in the /etc/ssh/sshd_config file referring to the HostKey.

4. Add Products

Use the check boxes in the Products list to select a product associated with the connection.

  • Data Discovery

  • CTE

  • Cloud Key Manager

  • Backup/Restore

Click Save to save your connection. The new connection is now listed in the Connections Management table.

Adding an Internal Connection (Server)

Currently, you can add only HSM Servers.

Click the + Add HSM Server button in the INTERNAL CONNECTIONS section to add the HSM Server.

  • HSM Hostname/IP - provide the hostname/IP of the server

  • HSM Certificate - upload the HSM certificate

  • HSM Description - provide the HSM description

  • HSM Products - select the check boxes in the Products list to select a product associated with the HSM server

• Currently, the only product supported for HSM Server is Cloud Key Manager.
• Luna Network HSMs can only be added at the CipherTrust Manager root domain for use with CCKM.

Click Create to add the HSM Server. The new server is now listed in the INTERNAL CONNECTIONS Management table.

Managing LUNA HSM Connections using ksctl

Luna network HSM management is divided into:

Luna Network HSM Servers

The following operations can be performed:

  • Add/delete/get a Luna network HSM server

  • List all Luna network HSM servers

  • Get Luna client details such as certificate and hostname

The Luna servers are used to create a connection of type Luna network HSM.

Adding a Luna Server

To add a Luna Server, run:

Syntax


ksctl connectionmgmt luna-hsm servers add --hostname <Hostname/IP> --hsm-cert-file <HSM-Certificate>

This command requires a hostname or IP of the server and a valid certificate.

Example Request


ksctl connectionmgmt luna-hsm servers add --hostname host --hsm-cert-file ~/server.pem

Example Response


{
    "hostname": "host",
    "hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
    "id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
    "uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-04T09:25:27.163022185Z",
    "service": "luna network"
}

Getting Details of Luna Server

To get details of a Luna Server already registered with the Connection Manager, run:

Syntax


ksctl connectionmgmt luna-hsm servers get --id <Hostname/Id>

This command requires an identifier that can either be ID or hostname of the server.

Example Request


ksctl connectionmgmt luna-hsm servers get --id host

Example Response


{
    "hostname": "host",
    "hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
    "id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
    "uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-04T09:25:27.163022Z",
    "service": "luna network"
}

Deleting a Luna Server

To delete a Luna Server, run:

Syntax


ksctl connectionmgmt luna-hsm servers delete --id <Hostname/Id>

This command requires an identifier that can either be ID or hostname of the server.

There will be no response if server is deleted successfully.

Getting List of Luna Servers

To list all the Luna Servers already registered with the Connection Manager, run:

Syntax


ksctl connectionmgmt luna-hsm servers list

Example Request


ksctl connectionmgmt luna-hsm servers list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "hostname": "host",
            "hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
            "id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
            "uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-04T09:25:27.163022Z",
            "service": "luna network"
        }
    ]
}

Getting Details of a Luna Client

To get details of a Luna Client registered with a Luna Server, run:

Syntax


ksctl connectionmgmt luna-hsm servers client-get

Example Request


ksctl connectionmgmt luna-hsm servers client-get

Example Response


{
    "id": "5fc757bd-8e95-4352-8d1c-4bc861d252d9",
    "uri": "kylo:kylo:doorway:Certificate:5fc757bd-8e95-4352-8d1c-4bc861d252d9",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-12-03T12:22:46.061088Z",
    "updatedAt": "2020-12-03T12:22:46.056696Z",
    "hostname": "cckm-client-51437b79-4f10-490e-9769-3d5b0526af46",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDezCCAmOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCQ0Ex\nEDAOBgNVBAgMB09udGFyaW8xDzANBgNVBAcMBk90dGF3YTETMBEGA1UECgwKTXkg\nY29tcGFueTE5MDcGA1UEAwwwY2NrbS1jbGllbnQtNTE0MzdiNzktNGYxMC00OTBl\nLTk3NjktM2Q1YjA1MjZhZjQ2MB4XDTIwMTIwMjEyMjI0NloXDTMwMTIwMTEyMjI0\nNlowgYAxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZP\ndHRhd2ExEzARBgNVBAoMCk15IGNvbXBhbnkxOTA3BgNVBAMMMGNja20tY2xpZW50\nLTUxNDM3Yjc5LTRmMTAtNDkwZS05NzY5LTNkNWIwNTI2YWY0NjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBANyjU9u2iVR0N5foHjZy7e4jMX5TX6BKiqAL\nc3Zn5MjpHZWdd82U1+UYjOgAdgU1IMKr84pxPoMDVrpcK0pk1U07sVqgSYM0WXd1\nB78n8n13CS6xYNL6rHoGXwO3LR0XW45Sa2NvhX/QFiTXsAYQgBZmW3urNj/kx1sd\n2xD0umeTxK+2DnLG8ccxeBxE+bahfxGHH2v+ln5FjVncsSjYLFlOrafI2ZSQLSZK\nXmLp4///Ca3l4SeIvgPCjgWfPiXQ7ZFSEOMcCbCptNuTOuYLbTG9AF2j7BmXMJ3S\n6lG4O/CenKC0JfVKHmfHiy0KcbyQY5zFNvuYjht6Enua58q4hYUCAwEAATANBgkq\nhkiG9w0BAQsFAAOCAQEAqHUSkv9rv5DhZmIRyWw+CrrXFFxxsrezPGWpHSIoKuFo\nFwTgXrru2K8O4mDvByHqcXKDjn/mKzhY9GHTAj3bLjbe3PbW6wAQVvGd8ovLVLEH\nvNY6wATVtafmvSwL/hBWmcdmj5HX3f/OV6h3h+Ck6rHrNzcbw4v25o+89kmEMgi4\njeuXNBSLC/1TrKoChr5nVBugU3BrKZgwm9yrMntuzCqmIVl2dstlbL9R+LSoCns5\na/PreKkP4DbxqxxgeE7RTqtv+qhjrKyMQVMDsHfCDc1Je+NBHkwVrfIdXJrJVuuh\nxZC/isR370yet+J4HM57xsNswI3/YG4l4nXl5jt9dQ==\n-----END CERTIFICATE-----\n"
}

Luna Network HSM Connections

The following operations can be performed:

  • Create/Get/Update/Delete a Luna Network HSM connection

  • List all Luna Network HSM connections

  • Test an existing Luna Network HSM connection

  • Test the newly created connection

A Luna Network HSM connection can be an HA or non-HA.

HA stands for High Availability, that means there will be more than one partition to ensure availability and load balancing.

In an HA connection, there are multiple partitions of one or more HSM Servers. Whereas, in a non-HA connection there is a single partition of an HSM Server.

Creating a Luna Connection

To create a connection of Luna Network HSM type, run:

Syntax


ksctl connectionmgmt luna-hsm connections create --name <Connection-Name> --conn-password <Partition-Password> --partitions-json-file <xxx.json> --ha-enable <Yes/No>

This command requires:

  • Name of the connection

  • Partition file of JSON type

  • Password of the Luna partitions

The HA flag is optional, and the default value is FALSE.
To create a connection with multiple partitions (with an HA group), the HA flag should be specified as TRUE. The format of the JSON file to create a connection:

[
    {"hostname": "xx.xxx.xx.xx","partition_label": "sample-label1","serial_number": "xxxxxx"},
    {"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}
]

Example Request


ksctl connectionmgmt luna-hsm connections create --name demo1 --conn-password passcode --partitions-json-file partitions.json --ha-enable yes

Example Response


{
    "id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-04T09:30:20.592526537Z",
    "updatedAt": "2020-12-04T09:30:20.591321554Z",
    "service": "luna network",
    "category": "hsm",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "demo1",
    "partitions": [
        {
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "14",
            "partition_label": "sample-label"
        },
        {
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "12",
            "partition_label": "sample-label"
        }
    ],
    "is_ha_enabled": true
}

Getting Details of a Luna Connection

To get details of a Luna Network connection, run:

Syntax


ksctl connectionmgmt luna-hsm connections get --id <Id/Connection-Name>

This command requires a connection identifier that can be either ID or name of the connection.

Example Request


ksctl connectionmgmt luna-hsm connections get --id demo1

Example Response


{
    "id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-04T09:30:20.592527Z",
    "updatedAt": "2020-12-04T09:30:20.591322Z",
    "service": "luna network",
    "category": "hsm",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "demo1",
    "partitions": [
        {
            "id": "39c7775c-a72c-4b31-9745-d1e9adbf8946",
            "uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-39c7775c-a72c-4b31-9745-d1e9adbf8946",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-04T09:30:20.597013Z",
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "14",
            "partition_label": "sample-label"
        },
        {
            "id": "e3b7914d-3a88-40de-9385-649c5f019e3f",
            "uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-e3b7914d-3a88-40de-9385-649c5f019e3f",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-04T09:30:20.598614Z",
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "12",
            "partition_label": "sample-label"
        }
    ],
    "is_ha_enabled": true,
    "max_session_count": 0,
    "session_count": 0,
    "max_rw_session_count": 0,
    "rw_session_count": 0,
    "max_pin_len": 0,
    "min_pin_len": 0,
    "total_public_memory": 0,
    "free_public_memory": 0,
    "total_private_memory": 0,
    "free_private_memory": 0,
    "operation_status": "",
    "operation_error": ""
}

Updating a Luna Connection

To update a Luna Network connection, run:

Syntax


ksctl connectionmgmt luna-hsm connections update --id <Id/Name> --conn-password <New-Password>

This command requires:

  • A connection identifier that can either be ID or name of the connection

  • One or more parameters to update

The Luna Connection Update supports updating the password and other meta information.

This command does not support updating a partition information.

Example Request


ksctl connectionmgmt luna-hsm connections update --id demo1 --conn-password newPasscode

Example Response


{
    "id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-04T09:30:20.592526537Z",
    "updatedAt": "2020-12-04T09:30:20.591321554Z",
    "service": "luna network",
    "category": "hsm",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "demo1",
    "partitions": [
        {
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "14",
            "partition_label": "sample-label"
        },
        {
            "hostname": "xx.xxx.xx.xx",
            "serial_number": "12",
            "partition_label": "sample-label"
        }
    ],
}

Deleting a Luna Connection

To delete a Luna Network connection, run:

Syntax


ksctl connectionmgmt luna-hsm connections delete --id <Id/Name>

There will be no response if LUNA Network connection is deleted successfully.

Getting List of Luna Connections

To list all the connections of Luna Network HSM type, run:

Syntax


ksctl connectionmgmt luna-hsm connections list

Example Request


ksctl connectionmgmt luna-hsm connections list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
            "uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-04T09:30:20.592527Z",
            "updatedAt": "2020-12-04T09:30:20.591322Z",
            "service": "luna network",
            "category": "hsm",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "demo1",
            "partitions": [
                {
                    "id": "39c7775c-a72c-4b31-9745-d1e9adbf8946",
                    "uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-39c7775c-a72c-4b31-9745-d1e9adbf8946",
                    "account": "kylo:kylo:admin:accounts:kylo",
                    "createdAt": "2020-12-04T09:30:20.597013Z",
                    "hostname": "xx.xxx.xx.xx",
                    "serial_number": "14",
                    "partition_label": "sample-label"
                },
                {
                    "id": "e3b7914d-3a88-40de-9385-649c5f019e3f",
                    "uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-e3b7914d-3a88-40de-9385-649c5f019e3f",
                    "account": "kylo:kylo:admin:accounts:kylo",
                    "createdAt": "2020-12-04T09:30:20.598614Z",
                    "hostname": "xx.xxx.xx.xx",
                    "serial_number": "12",
                    "partition_label": "sample-label"
                }
            ],
            "is_ha_enabled": true
        }
    ]
}

Adding a partition to the Luna Connection

To add a partition to the Luna Connection, run:

Syntax


ksctl connectionmgmt luna-hsm connections add-partition --id <Id/Name> --partitions-json-file <xxx.json>

A parition can only be added to a connection if HA flag is TRUE.
The format of the JSON file to add a partition:

{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}

Example Request


ksctl connectionmgmt luna-hsm connections add-partition --id demo1 --partitions-json-file partition.json 

Example Response


{
    "id": "288b05a9-0e08-4b76-be6c-3713b0e10751",
    "uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-288b05a9-0e08-4b76-be6c-3713b0e10751",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-05T06:01:27.482393059Z",
    "hostname": "xx.xxx.xx.xx",
    "serial_number": "1429964054509",
    "partition_label": "sample-label"
}

Deleting a Partition from the Luna Connection

To delete a partition from the Luna Connection, run:

Syntax


ksctl connectionmgmt luna-hsm connections delete-partition --id <Id/Name> --partition-id <Partition-Id>

There will be no response if partition is deleted successfully.

Testing an Existing Luna Connection

To test an existing Luna Network connection, run:

Syntax

    
ksctl connectionmgmt luna-hsm connections test --id <Id/Name>

This command requires a connection identifier that can either be ID or name of the connection.
This command is asynchronous; therefore, it initiates a connection test and gives the status as in_progress. You can fetch the actual status by using the get command for the same connection.

Example Request


ksctl  connectionmgmt luna-hsm connections test --id demo1

Example Response


{
    "id": "b1c8597a-670e-456f-b2e4-a452311e2916",
    "uri": "kylo:kylo:hsm:connections:b1c8597a-670e-456f-b2e4-a452311e2916",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-12-04T09:37:17.578573227Z",
    "updatedAt": "2020-12-04T09:37:17.575470994Z",
    "connection_status": "in_progress"
}

Testing a New Luna Connection

To test a new Luna Network connection parameters, run:

Syntax


ksctl connectionmgmt luna-hsm connections test --conn-password <Partitions-Password> --partitions-json-file <xxx.json> --ha-enable <Yes/No>

This command requires a partition file of JSON type and a password of the luna partitions.
HA flag is optional, and the default value is FALSE. To test connection parameters with multiple partitions (with an HA group), the HA flag should be specified as TRUE. The format of the JSON file to create a connection:

[
    {"hostname": "xx.xxx.xx.xx","partition_label": "sample-label1","serial_number": "xxxxxx"},
    {"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}
]

This command is asynchronous; therefore, it initiates a connection test and gives the status as in_progress.
The test-status command can be used to fetch the actual status by using the ID returned with this command.

Example Request


ksctl connectionmgmt luna-hsm connections test --conn-password passcode --partitions-json-file partitions.json  --ha-enable yes

Example Response


{
    "id": "00eb8941-a787-4440-a46d-8f658b7f97d3",
    "uri": "kylo:kylo:hsm:connections:00eb8941-a787-4440-a46d-8f658b7f97d3",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-11-23T13:27:20.281086901Z",
    "updatedAt": "2020-11-23T13:27:20.277119471Z",
    "connection_status": "in_progress"
}

Getting a Test Status

To get the status of the Luna connection parameters test performed earlier, run:

Syntax


ksctl connectionmgmt luna-hsm connections test-status --id <Test-Identifier>

This command requires a test ID that is returned as a part of the test command.

Example Request


ksctl connectionmgmt luna-hsm connections test-status --id 00eb8941-a787-4440-a46d-8f658b7f97d3

Example Response


{
    "id": "00eb8941-a787-4440-a46d-8f658b7f97d3",
    "uri": "kylo:kylo:hsm:connections:de7b1255-9ded-4222-8e1b-408110413a19",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-11-23T13:32:57.450956Z",
    "updatedAt": "2020-11-23T13:32:57.505909Z",
    "connection_status": "connection ok"
}

Managing Azure Stack Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an Azure Stack connection

  • List all Azure Stack connections

  • Test an existing Azure Stack connection

  • Test parameters for a Azure Stack connection

Examples in this section are for ADFS connection type. Similarly, you can manage connections for AAD by changing the connection-type to AAD.

Creating an Azure Stack Connection

To create an Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure create --name <Connection-Name> --products <Product-Names> --clientid <Azure-Key-ID> --meta <Key-Values> --tenantid <Tenant-ID> --cloudname <Cloud-Name> --connection-type <Connection-Type> --active-dir-endpoint <Active-Directory-Endpoint> --management-url <Management-URL> --res-manager-url <Resource-Manager-URL> --key-vault-dns-suffix <Keyvault-DNS-Suffix> --vault-res-url <Vault-Resource-URL> --server-cert-file <Server-Certificate-File>

Example Request


ksctl connectionmgmt azure create --name test-azs-adfs --products cckm --clientid client123 --secret secret123  --tenantid 123 --cloudname AzureStack --connection-type ADFS --active-dir-endpoint "https://adfs.local.azurestack.external/adfs" --management-url "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd" --res-manager-url "https://management.local.azurestack.external/" --key-vault-dns-suffix "vault.local.azurestack.external" --vault-res-url "https://vault.local.azurestack.external" --server-cert-file ~/server.pem

Example Response


    {
     "id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
        "uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2020-12-24T11:06:31.917450971Z",
        "updatedAt": "2020-12-24T11:06:31.916445598Z",
        "service": "azure",
        "category": "cloud",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "test-azs-adfs",
        "products": [
                "cckm"
        ],
        "tenant_id": "123",
        "client_id": "client123",
        "cloud_name": "AzureStack",
        "active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
        "vault_resource_url": "https://vault.local.azurestack.external",
        "resource_manager_url": "https://management.local.azurestack.external/",
        "key_vault_dns_suffix": "vault.local.azurestack.external",
        "management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
        "azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
        "azure_stack_connection_type": "ADFS"
    }

Getting Details of an Azure Stack Connection

To get details of an Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt azure get --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3

Example Response


{
    "id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
    "uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-24T11:06:31.917451Z",
    "updatedAt": "2020-12-24T11:06:31.916446Z",
    "service": "azure",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-azs-adfs",
    "products": [
            "cckm"
    ],
    "tenant_id": "123",
    "client_id": "client123",
    "cloud_name": "AzureStack",
    "active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
    "vault_resource_url": "https://vault.local.azurestack.external",
    "resource_manager_url": "https://management.local.azurestack.external/",
    "key_vault_dns_suffix": "vault.local.azurestack.external",
    "management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
    "azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
    "azure_stack_connection_type": "ADFS"
}

Updating an Azure Stack Connection

To update an Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure modify --id <Connection-Name/ID> --products <Product-Names> --secret <Azure-Client-Secret> --meta <Key-Values>

Example Request


ksctl connectionmgmt azure modify --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3 --tenantid 456

Example Response


{
        "id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
        "uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2020-12-24T11:06:31.917451Z",
        "updatedAt": "2020-12-24T11:14:12.702605505Z",
        "service": "azure",
        "category": "cloud",
        "last_connection_ok": false,
        "last_connection_error": "Post \"https://adfs.local.azurestack.external/adfs/oauth2/token\": dial tcp: lookup adfs.local.azurestack.external on 127.0.0.11:53: no such host",
        "last_connection_at": "2020-12-24T11:12:48.403146Z",
        "name": "test-azs-adfs",
        "products": [
                "cckm"
        ],
        "meta": "",
        "tenant_id": "456",
        "client_id": "client123",
        "cloud_name": "AzureStack",
        "active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
        "vault_resource_url": "https://vault.local.azurestack.external",
        "resource_manager_url": "https://management.local.azurestack.external/",
        "key_vault_dns_suffix": "vault.local.azurestack.external",
        "management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
        "azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
        "azure_stack_connection_type": "ADFS"
}

Deleting an Azure Stack Connection

To delete an Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt azure delete --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3

There will be no response if Azure Stack connection is deleted successfully.

Getting List of Azure Stack Connections

To list all the Azure Stack connections, run:

Syntax


ksctl connectionmgmt azure list

Example Request


ksctl connectionmgmt azure list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
            {
                    "id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
                    "uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
                    "account": "kylo:kylo:admin:accounts:kylo",
                    "createdAt": "2020-12-24T11:06:31.917451Z",
                    "updatedAt": "2020-12-24T11:06:31.916446Z",
                    "service": "azure",
                    "category": "cloud",
                    "last_connection_ok": null,
                    "last_connection_at": "0001-01-01T00:00:00Z",
                    "name": "test-azs-adfs",
                    "products": [
                            "cckm"
                    ],
                    "tenant_id": "123",
                    "client_id": "client123",
                    "cloud_name": "AzureStack",
                    "active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
                    "vault_resource_url": "https://vault.local.azurestack.external",
                    "resource_manager_url": "https://management.local.azurestack.external/",
                    "key_vault_dns_suffix": "vault.local.azurestack.external",
                    "management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
                    "azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
                    "azure_stack_connection_type": "ADFS"
            },
    ]
}

Testing an Existing Azure Stack Connection

To test an existing Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure test --id <Connection-Name/ID> --clientid <Azure-Key-ID> --secret <Azure-Client-Secret> --tenantid <Tenant-ID>

Example Request


ksctl connectionmgmt azure test --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3

Example Response


{
    "connection_ok": true
}

Testing Parameters for an Azure Stack Connection

To test parameters for an Azure Stack connection, run:

Syntax


ksctl connectionmgmt azure test --clientid <Azure-Key-ID> --meta <Key-Values> --tenantid <Tenant-ID> --cloudname <Cloud-Name> --connection-type <Connection-Type> --active-dir-endpoint <Active-Directory-Endpoint> --management-url <Management-URL> --res-manager-url <Resource-Manager-URL> --key-vault-dns-suffix <Keyvault-DNS-Suffix> --vault-res-url <Vault-Resource-URL> --server-cert-file <Server-Certificate-File>

Example Request


ksctl connectionmgmt azure test --clientid client123 --secret secret123  --tenantid 123 --cloudname AzureStack --connection-type ADFS --active-dir-endpoint "https://adfs.local.azurestack.external/adfs" --management-url "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd" --res-manager-url "https://management.local.azurestack.external/" --key-vault-dns-suffix "vault.local.azurestack.external" --vault-res-url "https://vault.local.azurestack.external" --server-cert-file ~/server.pem

Example Response


{
    "connection_ok": true
}

Managing Salesforce Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an Salesforce connection

  • List all Salesforce connections

  • Test an existing Salesforce connection

  • Test parameters for a Salesforce connection

Creating a Salesforce Connection

To create a Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce create --name <Connection-Name> --products <Products-Names> --clientid <Salesforce-Key-ID> --username <Salesforce-Client-Secret> --cloudname <Salesforce-Cloud-Name> --use-certificate <yes/y>

Example Request


ksctl connectionmgmt salesforce create --name "salesforce-1" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456  --username "xyz@gmail.com" --use-certificate yes

Example Response


{
        "id": "24e3172a-f413-4440-851d-41dda4be3866",
        "uri": "kyloconnectionmgmt:connections:salesforce-1-24e3172a-f413-4440-851d-41dda4be3866",
        "account": "kyloadmin:accounts:kylo",
        "createdAt": "2021-08-12T11:41:25.621130969Z",
        "updatedAt": "2021-08-12T11:41:25.620184543Z",
        "service": "salesforce",
        "category": "cloud",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "salesforce-1",
        "products": [
                "cckm"
        ],
        "cloud_name": "Salesforce Sandbox Cloud",
        "client_id": "123456",
        "username": "xyz@gmail.com",
        "certificate": "-----BEGIN CERTIFICATE-----\nMIIFvjCCA6agAwIBAgIRAPO1rJFvIa2vMxg8/kBv+bIwDQYJKoZIhvcNAQELBQAw\nfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNh\nbiBKb3NlMQ8wDQYDVQQKEwZUaGFsZXMxFDASBgNVBAsTC0NpcGhlclRydXN0MSEw\nHwYDVQQDExhjY2ttLnRoYWxlc2VzZWN1cml0eS5jb20wHhcNMjEwODEyMTE0MTI1\nWhcNMzEwODEwMTE0MTI1WjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\ncm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UE\nCxMLQ2lwaGVyVHJ1c3QxITAfBgNVBAMTGGNja20udGhhbGVzZXNlY3VyaXR5LmNv\nbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMmUZCVDih5P6tR/8pNV\nhn30kYyJl0aRRejeNZ1pOPqthqOyAbxvwBs5SPS40fjOrby2KpJ89LajCG9lWAPd\ngZyUnB6Wm0DVlefmH92moASlcYteRytGEkWJLFOaNkzswclDzuWGY4V25+6gBDV7\np6CbfcxDqHQVfPoiaplU/R019iL52eg8o002+xr6neSMTa517CPUp/ynAexRQrq/\n/q5t/d4LQ74g0sbq7OZpv4n1W7SIS8F8X5JebXRVjLQYnsn2Skblv5iwaPPdjBb+\nPtBCdIqooAO1rNBektW7jOsK/UB0/6SmDFavD3+xYIJBjpYBvx37Phx24AMwUYId\nlh8Jp94OXOEC2/6ypgBvZSIobHUZ2Pq8FvXvO7KNH3Zo1r7JQkb1vjEctr5v2X19\n1fp0mIW0vKrHQPzSMAHThRsNYkFGhMTficZsjhMIjeOtefuz0fzzmho58FxbL3JP\nH6GqY7daZcpUFwOTgPO8ginoZKNtfFrNoxuwl3dJlc5e9C4gWR+hirU66oYxbJsH\nFfyv135GkgY0Sqrffld7JTLBkPovRS9YYD9idIPBwuAI4c7A4BvTL38m4nd6AbFY\nOLIdVvnnS4vtURffb131ZsUdYAlkpJn5OCBhCTxCEl1F1usidI8TjUZsxVGUZ6Re\nWFU9edK5DlJcXUh9d6Ok7AfHAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNV\nHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC\nAQBkJt/jnVITmxNJ+StxZF3iza8GH4DF2pk1/gJo5Q8A1tyk+EDWkNpyFaYXG7gK\n0IG6u79Nz5YhDGKTRdLgVi8+ApnvgBoYLOxdx89TvRJzbvIwC1SfKF9w4JID5rmB\nv28o6sP9bk6PRcE2kbaiX1IYjGJw4xeLBUaoB2WEG24PfYPqdxr/pa0cfbBFc10s\nZ+5+Xe0XBmYUMiu25YcdHI97u5n7U6+6gBE+lyzVptlXNTJPDwf/fcOqzp6jJlFu\nzRsPbts9O8DbTdGfuzBJfxbObDEWPDa+TX0Be70AiP9gLKSLMeX4xQypGE2umkPG\nj7sWcJuC8T1SXsbxIVNyBQu6cSZvkLJmlnQGbo3W71oRkMc4r1n0BSHYbFKa/h2/\nVGm0zhyGmXFazkWWXExXno1Z11gO6kODVDgvkbeuRAJANJuN3wOLEqLCMJFYORIN\ndFjY/RAJU38oEkGvwq3s9tFIKUk4OaOG45+eIywKC/7bQSq/v3VAP07an4VrDdS6\nTxeHQzVLMar9lHiyBf7D2FsLj0lhLCAVAUd8sRjw3Trcr8k1NTzJNstWNkxTAaKN\nIwZf9lMFR/HU9tH8LMDV1PCsxLLM85zwbj/0wmlMzqF7/P8NwQoatlADmaAo3S/q\nx+3xUo+zZVfaYq1UQhNgjRB0Jq1QAqxJAzRDlBud2d25Cw==\n-----END CERTIFICATE-----\n",
        "certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"
}

Getting Details of a Salesforce Connection

To get details of a Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt salesforce get --id 5818ec3d-c5e9-4039-b911-efd45cb08f88

Example Response


{
    "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-08-10T10:21:29.967822Z",
    "updatedAt": "2021-08-10T10:21:29.966606Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
    "username": "xyz@gmail.com"
}

Updating a Salesforce Connection

To update a Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce modify --id <Connection-Name/ID> --products <Products-Names> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret> --meta <Key:Values>

Example Request


ksctl connectionmgmt salesforce modify --id 5818ec3d-c5e9-4039-b911-efd45cb08f88 --username abcd@gmail.com

Example Response


{
    "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-08-10T10:21:29.967822Z",
    "updatedAt": "2021-08-10T10:25:06.228123698Z",
    "service": "salesforce",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "salesforce-1",
    "products": [
        "cckm"
    ],
    "cloud_name": "Salesforce Sandbox Cloud",
    "client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
    "username": "abcd@gmail.com"
}

Deleting a Salesforce Connection

To delete a Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt salesforce delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5

Example Response

There will be no response if Salesforce connection is deleted successfully.

Getting List of Salesforce Connections

To list all the Salesforce connections, run:

Syntax


ksctl connectionmgmt salesforce list

Example Request


ksctl connectionmgmt salesforce list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
            "uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-08-10T10:21:29.967822Z",
            "updatedAt": "2021-08-10T10:21:29.966606Z",
            "service": "salesforce",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "salesforce-1",
            "products": [
                "cckm"
            ],
            "cloud_name": "Salesforce Sandbox Cloud"
        }
    ]
}

Testing an Existing Salesforce Connection

To test an existing Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce test --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt salesforce test --id 5087c384-43aa-4750-951e-3a0f2b60d43b

Example Response


{
 "connection_ok": true,
}

Testing Parameters for a Salesforce Connection

To test parameters for a Salesforce connection, run:

Syntax


ksctl connectionmgmt salesforce test --id <Connection-Name/ID> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret>

Example Request


ksctl connectionmgmt salesforce test --clientid 3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12 --secret BC0556E7A0B4C96E218EF91370C5B --username salesforce-1 --conn-password 123456 --cloudname "Salesforce Sandbox Cloud"

Example Response


{
 "connection_ok": true,
}

Managing SAP Data Custodian Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an SAP Data Custodian connection

  • List all SAP Data Custodian connections

  • Test an existing SAP Data Custodian connection

  • Test parameters for a SAP Data Custodian connection

Creating a SAP Data Custodian Connection

To create a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc create --name <Connection-Name> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>

Here, --api-endpoint is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:

  1. Create a temporary technical user (TU).

  2. Generate its credentials and download them.

The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.

Example Request


ksctl connectionmgmt sap-dc create --name test-conn --products "cckm" --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.77127493Z",
    "updatedAt": "2021-10-27T07:21:22.770209257Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant",
        "user": "testuser"
    }
}

Getting Details of a SAP Data Custodian Connection

To get details of a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc get --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.771275Z",
    "updatedAt": "2021-10-27T07:21:22.770209Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant",
        "user": "testuser"
    }
}

Updating a SAP Data Custodian Connection

To update a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc modify --id <Connection-Name/ID> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String> --meta <Key:Values>

Example Request


ksctl connectionmgmt sap-dc modify --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18 --products "cckm" --api-endpoint "https://test2-endpoint.com" --user-creds '{"user":"testuser2","secret":"testsecret2","tenant":"testtenant2"}'

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.771275Z",
    "updatedAt": "2021-10-27T07:26:11.431339116Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test2-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant2",
        "user": "testuser2"
    }
}

Deleting a SAP Data Custodian Connection

To delete a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc delete --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response

There will be no response if SAP Data Custodian connection is deleted successfully.

Getting List of SAP Data Custodian Connections

To list all the SAP Data Custodian connections, run:

Syntax


ksctl connectionmgmt sap-dc list

Example Request


ksctl connectionmgmt sap-dc list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
            "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-10-27T07:21:22.771275Z",
            "updatedAt": "2021-10-27T07:21:22.770209Z",
            "service": "sap-data-custodian",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "test-conn",
            "products": [
                "cckm"
            ],
            "api_endpoint": "https://test-endpoint.com",
            "user_credentials": {
                "tenant": "testtenant",
                "user": "testuser"
            }
        }
    ]
}

Testing an Existing SAP Data Custodian Connection

To test an existing SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc test --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc test --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response


{
    "connection_ok": true
}

Testing Parameters for a SAP Data Custodian Connection

To test parameters for a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc test --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>

Example Request


ksctl connectionmgmt sap-dc test --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'

Example Response


{
    "connection_ok": true
}

Managing Hadoop Knox Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete a Hadoop Knox connection

  • List all Hadoop Knox connections

  • Test an existing Hadoop Knox connection

  • Test parameters for a Hadoop Knox connection

  • Add/Get/Update/Delete a node in an existing Hadoop Knox connection

  • List all nodes in a Hadoop Knox connection

Creating a Hadoop Knox Connection

To create a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop create --name <Connection-Name> --products <Products-Names> --username <Server-UserName> --conn-password <Server-Password> --meta <Key-Values> --service <Service-Name> --topology <Topology> --nodes-json-file <JSON-File>

Example Request


ksctl connectionmgmt hadoop create --name knox --service hadoop-knox --conn-password admin --username admin --nodes-json-file ../hadoop.json --topology default

Example Response


{
    "id": "d9fe26ca-0321-4cba-bc14-8334bfcb6f9c",
    "uri": "kylo:kylo:connectionmgmt:connections:knox-d9fe26ca-0321-4cba-bc14-8334bfcb6f9c",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-28T10:56:00.729395192Z",
    "updatedAt": "2020-12-28T10:56:00.728472048Z",
    "service": "hadoop-knox",
    "category": "system",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "knox",
    "username": "admin",
    "topology": "default",
    "nodes": [
        {
            "hostname": "node1",
            "port": "1234",
            "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
            "protocol": "https"
        }
    ]
}

Getting Details of a Hadoop Knox Connection

To get details of a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt hadoop get --id 604da7f5-0359-4b56-ae8d-7164857a2f2f

Example Response


{
    "id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
    "uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-28T04:48:36.061995Z",
    "updatedAt": "2020-12-28T04:48:36.061306Z",
    "service": "hadoop-knox",
    "category": "system",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "hadoopConnection",
    "products": [
        "cte"
    ],
    "description": "test description",
    "username": "admin",
    "topology": "default",
    "nodes": [
        {
            "hostname": "host1",
            "port": "1234",
            "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
            "path": "/gateway/default/webhdfs/v1",
            "protocol": "https"
        }
    ]
}

Updating a Hadoop Knox Connection

To update a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop modify --id <Connection-Name/ID> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key:Values> --topology <Topology>

Example Request


ksctl connectionmgmt hadoop modify --id 604da7f5-0359-4b56-ae8d-7164857a2f2f --username admin

Example Response


{
    "id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
    "uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-28T04:48:36.061995Z",
    "updatedAt": "2020-12-28T09:34:20.197779489Z",
    "service": "hadoop-knox",
    "category": "system",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "hadoopConnection",
    "products": [
        "cte"
    ],
    "meta": "",
    "description": "test description",
    "username": "admin",
    "topology": "default"
}

Deleting a Hadoop Knox Connection

To delete a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt hadoop delete --id 604da7f5-0359-4b56-ae8d-7164857a2f2f

There will be no response if connection is deleted successfully.

Getting List of Hadoop Knox Connections

To list all the Hadoop Knox connections, run:

Syntax


ksctl connectionmgmt hadoop list

Example Request


ksctl connectionmgmt hadoop list 

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
            "uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-28T04:48:36.061995Z",
            "updatedAt": "2020-12-28T04:48:36.061306Z",
            "service": "hadoop-knox",
            "category": "system",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "hadoopConnection",
            "products": [
                "cte"
            ],
            "description": "test description",
            "username": "admin",
            "topology": "default",
            "nodes": [
                {
                    "hostname": "host1",
                    "port": "1234",
                    "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
                    "path": "/gateway/default/webhdfs/v1",
                    "protocol": "https"
                }
            ]
        }
    ]
}

Testing an Existing Hadoop Knox Connection

To test an existing Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop test --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt hadoop test --id 604da7f5-0359-4b56-ae8d-7164857a2f2ft;

Example Response


{
    "status": true,
    "nodes": [
        {
            "hostname": "1.2.3.4",
            "connection_ok": true,
        }
    ]
}

Testing Parameters for a Hadoop Knox Connection

To test parameters for a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop test --username <Server-Username> --conn-password <Server-Password> --service <Service-Name> --nodes-json-file <JSON-File>

Example Request


ksctl connectionmgmt hadoop test --username admin --conn-password test_password --nodes-json-file hadoop.json --service hadoop-knox

Example Response


{
    "status": true,
    "nodes": [
        {
            "hostname": "1.2.3.4",
            "connection_ok": true,
        }
    ]
}

Adding a Node in an Existing Hadoop Knox Connection

To add a node in an existing Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop node add --id <Connection-Name/ID> --hostname <Server-Hostname> --port <Server-Port> --path <Server-Path> --server-cert-file <Server-Certificate-File> --protocol <Communication-Protocol>

Example Request


ksctl connectionmgmt hadoop node add --hostname node2 --port 1234 --protocol https --server-cert-file ~/server.pem --id 4690c02c-769b-43c6-88a0-d58e3634027d

Example Response


{
    "id": "4690c02c-769b-43c6-88a0-d58e3634027d",
    "uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-28T10:48:36.907928008Z",
    "hostname": "node2",
    "port": "1234",
    "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
    "protocol": "https"
}

Getting Node Details in a Hadoop Knox Connection

To get node details in a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop node get --id <Connection-Name/ID> --node-id <Node ID/Hostname> 

Example Request


ksctl connectionmgmt hadoop node get --id 4690c02c-769b-43c6-88a0-d58e3634027d --node-id node2 

Example Response


{
    "id": "4690c02c-769b-43c6-88a0-d58e3634027d",
    "uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2020-12-28T10:48:36.907928Z",
    "hostname": "node2",
    "port": "1234",
    "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
    "protocol": "https"
}

Updating a Node in a Hadoop Knox Connection

To update a node in a Hadoop Knox Connection, run:

Syntax


ksctl connectionmgmt hadoop node modify --id <Connection-Name/ID> --node-id <Node ID/Hostname> --hostname <Server-Hostname> --port <Server-Port> --path <Sever-Path> --protocol <Communication-Protocol> --sever-cert-file <Server-Certificate-File>

Example Request


ksctl connectionmgmt hadoop node modify --id 4690c02c-769b-43c6-88a0-d58e3634027d --node-id node2 --port 5678

Example Response


{
    "id": "4690c02c-769b-43c6-88a0-d58e3634027d",
    "account": "kylo:kylo:admin:accounts:kylo",
    "hostname": "node2",
    "port": "5678",
    "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
    "protocol": "https"
}

Deleting a Node in a Hadoop Knox Connection

To delete a node in a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop node delete --id <Connection-Name/ID> --node-id <Node ID/Hostname>

Example Request


ksctl connectionmgmt hadoop node delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5 --node-id e4a11fc1-d226-4f19-8d03-5911198e89e4

There will be no response if node is deleted successfully.

Getting List of all Nodes in a Hadoop Knox Connection

To list all the nodes in a Hadoop Knox connection, run:

Syntax


ksctl connectionmgmt hadoop node list --id <Connection-Name/ID> 

Example Request


ksctl connectionmgmt hadoop node list --id 4690c02c-769b-43c6-88a0-d58e3634027d

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 2,
    "resources": [
        {
            "id": "4690c02c-769b-43c6-88a0-d58e3634027d",
            "uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-28T10:48:36.907928Z",
            "hostname": "node2",
            "port": "1234",
            "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
            "protocol": "https"
        },
        {
            "id": "ad5e290c-13ef-451b-bf40-dbb37e00e423",
            "uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-ad5e290c-13ef-451b-bf40-dbb37e00e423",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2020-12-28T04:48:36.063074Z",
            "hostname": "host1",
            "port": "1234",
            "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
            "path": "/gateway/default/webhdfs/v1",
            "protocol": "https"
        }
    ]
}

Managing SMB Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an SMB connection

  • List all SMB connections

  • Test an existing SMB connection

Creating an SMB Connection

To create an SMB connection, run:

Syntax


ksctl connectionmgmt smb create --name <Connection-Name> --host <Hostname> --port <Port> --Username <SMB-Connection-Username> ---conn-password  <SMB-Connection-Password>

Example Request


ksctl connectionmgmt smb create --name smbConnection1 --host xx.xxx.xxx.xxx --port 445 --username test1 --conn-password 1234

Example Response


{
    "id": "5b32eb85-5c8e-4416-a749-b0b0b8916213",
    "uri": "kylo:kylo:connectionmgmt:connections:smbconnection1-5b32eb85-5c8e-4416-a749-b0b0b8916213",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-02-03T08:49:10.5042906Z",
    "updatedAt": "2021-02-03T08:49:10.502989201Z",
    "service": "SMB",
    "category": "File-Share",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "smbConnection1",
    "username": "test1",
    "host": "xx.xxx.xxx.xxx",
    "Port": "445"
}

Getting Details of an SMB Connection

To get details of an SMB connection, run:

Syntax


ksctl connectionmgmt smb get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt smb get --id 7ee52a57-19d4-4202-b900-edd299bb6d7a

Example Response


{
    "id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
    "uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-02-03T03:55:03.541011Z",
    "updatedAt": "2021-02-03T03:55:03.538119Z",
    "service": "SMB",
    "category": "File-Share",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "smbConnection",
    "products": [
        "CTE"
    ],
    "description": "a description of the connection",
    "username": "user",
    "domain": "domainName",
    "host": "1.2.3.4",
    "Port": "445"
}

Updating an SMB Connection

To update an SMB connection, run:

Syntax


ksctl connectionmgmt smb modify --id <Connection-Name/ID> --products <Product-Names> --conn-password <SMB-Connection-Password> --meta <Key-Values>

Example Request


ksctl connectionmgmt smb modify --id 7ee52a57-19d4-4202-b900-edd299bb6d7a --conn-password 1234 --username test2

Example Response


{
    "id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
    "uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-02-03T03:55:03.541011Z",
    "updatedAt": "2021-02-03T08:58:21.490072287Z",
    "service": "SMB",
    "category": "File-Share",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "smbConnection",
    "products": [
        "CTE"
    ],
    "meta": "",
    "description": "a description of the connection",
    "host": "1.2.3.4",
    "domain": "domainName",
    "username": "test2",
    "port": "445"
}

Deleting an SMB Connection

To delete an SMB connection, run;

Syntax


ksctl connectionmgmt smb delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt smb delete --id 7ee52a57-19d4-4202-b900-edd299bb6d7a

There will be no response if SMB connection is deleted successfully.

Getting List of SMB Connections

To list all the SMB connections, run:

Syntax


ksctl connectionmgmt smb list

Example Request


ksctl connectionmgmt smb list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 2,
    "resources": [
        {
            "id": "5b32eb85-5c8e-4416-a749-b0b0b8916213",
            "uri": "kylo:kylo:connectionmgmt:connections:smbconnection1-5b32eb85-5c8e-4416-a749-b0b0b8916213",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-02-03T08:49:10.504291Z",
            "updatedAt": "2021-02-03T08:49:10.502989Z",
            "service": "SMB",
            "category": "File-Share",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "smbConnection1",
            "username": "test1",
            "host": "xx.xxx.xxx.xxx",
            "Port": "445"
        },
        {
            "id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
            "uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-02-03T03:55:03.541011Z",
            "updatedAt": "2021-02-03T03:55:03.538119Z",
            "service": "SMB",
            "category": "File-Share",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "smbConnection",
            "products": [
                "CTE"
            ],
            "description": "a description of the connection",
            "username": "user",
            "domain": "domainName",
            "host": "1.2.3.4",
            "Port": "445"
        }
    ]
}

Testing an Existing SMB Connection

To test an existing SMB connection, run;

Syntax


ksctl connectionmgmt smb test --id <Connection-Name/ID> --share-path <Share-Path>

ksctl connectionmgmt smb test --host <Hostname> --port <Port> --username <SMB-Connection-Username> --conn-password <SMB-Connection-Password> --share-path <Share-Path>

Example Request 1


ksctl connectionmgmt smb test --id 7ee52a57-19d4-4202-b900-edd299bb6d7a --share-path shared

Example Response 1


{
    "connection_ok": true
}

Example Request 2


ksctl connectionmgmt smb test --host xx.xxx.xxx.xxx --port 445 --username test1 --conn-password 1234 --share-path shared

Example Response 2


{
    "connection_ok": true
}

Managing DSM Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete a DSM connection

  • List all DSM connections

  • Test an existing DSM connection

  • Test parameters for a DSM connection

  • Add/Get/Update/Delete a node in an existing DSM connection

  • List all nodes in a DSM connection

Creating a DSM Connection

To create a DSM connection, run:

Syntax


ksctl connectionmgmt dsm create --name <Connection-Name> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key-Values> --dsm-domain-id <Domain-ID> --nodes-json-file <Json-File>

Example Request


ksctl connectionmgmt dsm create --name dsm-connection --username admin --conn-password Ssl12345# --nodes-json-file ./dsmnodes.json

Example DSM Nodes JSON File


[
    {
      "hostname": "test.node1",
      "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n"
    },
    {
      "hostname": "test.node2",
      "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n"
    }
]

Example Response


{
        "id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
        "uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2021-02-03T10:36:52.944110478Z",
        "updatedAt": "2021-02-03T10:36:52.941941401Z",
        "service": "DSM",
        "category": "KeyManager",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "dsm-connection",
        "username": "admin",
        "nodes": [
                {
                        "id": "7a523daa-aa94-4b11-b31b-c945853663e4",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.946654385Z",
                        "hostname": "test.node1",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                },
                {
                        "id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.948553989Z",
                        "hostname": "test.node2",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                }
        ]
}

Getting Details of a DSM Connection

To get details of a DSM connection, run:

Syntax


ksctl connectionmgmt dsm get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt dsm get --id dsm-connection

Example Response


{
        "id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
        "uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2021-02-03T10:36:52.94411Z",
        "updatedAt": "2021-02-03T10:36:52.941941Z",
        "service": "DSM",
        "category": "KeyManager",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "dsm-connection",
        "username": "admin",
        "nodes": [
                {
                        "id": "7a523daa-aa94-4b11-b31b-c945853663e4",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.946654Z",
                        "hostname": "test.node1",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                },
                {
                        "id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.948554Z",
                        "hostname": "test.node2",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                }
        ]
}

Updating a DSM Connection

To update a DSM connection, run:

Syntax


ksctl connectionmgmt dsm modify --id <Connection-Name/ID> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key:Values>

Example Request


ksctl connectionmgmt dsm  modify --id dsm-cli-1 --username myadmin

Example Response


{
        "id": "110b0166-6320-4de2-bbd4-c037665616cf",
        "uri": "kylo:kylo:connectionmgmt:connections:dsm-cli-1-110b0166-6320-4de2-bbd4-c037665616cf",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2021-02-03T08:22:58.459353Z",
        "updatedAt": "2021-02-03T10:40:41.242490229Z",
        "service": "DSM",
        "category": "KeyManager",
        "last_connection_ok": null,
        "last_connection_at": "0001-01-01T00:00:00Z",
        "name": "dsm-cli-1",
        "meta": "",
        "username": "myadmin"
}

Deleting a DSM Connection

To delete a DSM connection, run;

Syntax


ksctl connectionmgmt dsm delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt dsm delete --id dsm-cli-1

There will be no response if DSM connection is deleted successfully.

Getting List of DSM Connections

To list all the DSM connections, run:

Syntax


ksctl connectionmgmt dsm list

Example Request


ksctl connectionmgmt dsm list

Example Response


{
        "skip": 0,
        "limit": 10,
        "total": 2,
        "resources": [
                {
                        "id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
                        "uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.94411Z",
                        "updatedAt": "2021-02-03T10:36:52.941941Z",
                        "service": "DSM",
                        "category": "KeyManager",
                        "last_connection_ok": null,
                        "last_connection_at": "0001-01-01T00:00:00Z",
                        "name": "dsm-connection",
                        "username": "admin"
                },
                {
                        "id": "110b0166-6320-4de2-bbd4-c037665616cf",
                        "uri": "kylo:kylo:connectionmgmt:connections:dsm-cli-1-110b0166-6320-4de2-bbd4-c037665616cf",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T08:22:58.459353Z",
                        "updatedAt": "2021-02-03T08:23:03.937019Z",
                        "service": "DSM",
                        "category": "KeyManager",
                        "last_connection_ok": null,
                        "last_connection_at": "0001-01-01T00:00:00Z",
                        "name": "dsm-cli-1",
                        "meta": "",
                        "username": "kylo_d1_rst"
                }
        ]
}

Testing an Existing DSM Connection

To test an existing DSM connection, run;

Syntax


ksctl connectionmgmt dsm test --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt dsm test --id dsm-connection

Example Response


{
        "status": true,
        "nodes": [
                {
                        "hostname": "test.node1",
                        "connection_ok": true
                },
                {
                        "hostname": "node2",
                        "connection_ok": true
                }
        ],
        "admin_type": "SYSTEM_ADMIN",
        "managed_domains": [
                {
                        "id": 1,
                        "url": "/v1/domains/1",
                        "name": "System Domain",
                        "description": "Internal system domain",
                        "kmipEnabled": false,
                        "fingerprintRegistrationDisabled": false,
                        "registrationTokenEnabled": false,
                        "MoreInfo": true
                }
        ]
}

Testing Parameters for a DSM Connection

To test parameters for a DSM connection, run:

Syntax


ksctl connectionmgmt dsm test --username <Server-Username> --conn-password <Server-Password> --nodes-json-file <JSON-File>

Example Request


ksctl connectionmgmt dsm test --username admin --conn-password Ssl12345# --nodes-json-file ./dsmnodes.json

Example Response


{
        "status": true,
        "nodes": [
                {
                        "hostname": "test.node1",
                        "connection_ok": true
                },
                {
                        "hostname": "test.node2",
                        "connection_ok": true
                }
        ],
        "admin_type": "SYSTEM_ADMIN",
        "managed_domains": [
                {
                        "id": 1,
                        "url": "/v1/domains/1",
                        "name": "System Domain",
                        "description": "Internal system domain",
                        "kmipEnabled": false,
                        "fingerprintRegistrationDisabled": false,
                        "registrationTokenEnabled": false,
                        "MoreInfo": true
                }
        ]
}

Adding Node in an Existing DSM Connection

To add node in a existing DSM connection, run:

Syntax


ksctl connectionmgmt dsm node add --id <Connection-Name/ID> --hostname <Server-Hostname> --server-cert-file <Server-Certificate-File>

Nodes must be from the same DSM cluster.

Example Request


ksctl connectionmgmt dsm node add --id dsm-connection --hostname node2 --server-cert-file ./cert.txt

Example Certificate File


-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT
GkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE
ChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ
BgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG
A1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y
bWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT
AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41
uPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd
6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ
hpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA
4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry
20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L
HBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL
NRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG
A1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E
RTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7
M4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN
fB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF
lKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3
FOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU
CpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==
-----END CERTIFICATE-----

Example Response


{
        "id": "82292365-39a0-4000-a756-963e7952b483",
        "uri": "kylo:kylo:connectionmgmt:DSM-node:dsm-connection-82292365-39a0-4000-a756-963e7952b483",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2021-02-03T10:50:44.563323356Z",
        "hostname": "node2",
        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n\n",
        "last_connection_ok": null,
        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}

Getting Node Details in a DSM Connection

To get node details in a DSM connection, run:

Syntax


ksctl connectionmgmt dsm node get --id <Connection-Name/ID> --node-id <Server-Node-ID>

Example Request


ksctl connectionmgmt dsm node get --id dsm-connection --node-id test.node1

Example Response


{
        "id": "7a523daa-aa94-4b11-b31b-c945853663e4",
        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
        "account": "kylo:kylo:admin:accounts:kylo",
        "createdAt": "2021-02-03T10:36:52.946654Z",
        "hostname": "test.node1",
        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
        "last_connection_ok": null,
        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}

Updating a Node in a DSM Connection

To update a node in a DSM Connection, run:

Syntax


ksctl connectionmgmt dsm node modify --id <Connection-Name/ID> --node-id <Server-Node-ID> --hostname <Server-Hostname> --sever-cert-file <Server-Certificate-File>

Example Request


ksctl connectionmgmt dsm node modify --id dsm-connection --node-id test.node2 --hostname node3

Example Response


{
    "id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
    "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-02-03T10:36:52.948554Z",
    "hostname": "node3",
    "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
    "last_connection_ok": null,
    "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}

Deleting a Node in a DSM Connection

To delete a node in a DSM connection, run:

Syntax


ksctl connectionmgmt dsm node delete --id <Connection-Name/ID> --node-id <Node-ID>

Example Request


ksctl connectionmgmt dsm node delete --id dsm-connection --node-id node3

There will be no response if node is deleted successfully.

Getting List of all Nodes in a DSM Connection

To list all the nodes in a DSM connection, run:

Syntax


ksctl connectionmgmt DSM node list --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt dsm node list --id dsm-connection

Example Response


{
        "skip": 0,
        "limit": 10,
        "total": 2,
        "resources": [
                {
                        "id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.948554Z",
                        "hostname": "test.node2",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                },
                {
                        "id": "7a523daa-aa94-4b11-b31b-c945853663e4",
                        "uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
                        "account": "kylo:kylo:admin:accounts:kylo",
                        "createdAt": "2021-02-03T10:36:52.946654Z",
                        "hostname": "test.node1",
                        "server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
                        "last_connection_ok": null,
                        "connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
                }
        ]
}

Managing Google Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete a GCP connection

  • List all GCP connections

  • Test an existing GCP connection

  • Test a new GCP Connection

Creating a GCP Connection

To create a GCP connection, run:

Syntax


ksctl connectionmgmt gcp create --name <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>

Format of GCP Key File


{
"type": "service_account",
"project_id": "test",
"private_key_id": "hbk0662522e157b8e39cc672108de25016d736y0",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV7g0lBwL/XaBD\nbpKtMQwFQJUiIPpv8luHA5wrvRi+XgAHBey8xMSOy/ezDNTlPgF99RNFz022WuCV\nAitCCaDpuaHPSqnx7ygs8hM6Mh/Kpq0fInnCXrdcgZKpK2qIJ8H0OdSmyiZp1hNG\nOICQckcmuJ0VUQLzwbS3R8dbwFAquQSxR1WBbI1vWZia3iap1ALSsh6nBUvaH7M6\nXaLZmZxUSLBw9o50slyI6UtM9WswcNWR9iYQS78DYakM5on9/M2y8kWQozhbIT/b\nilcE2weCtiu3UJR1xtI3WDL7eW3xdfJc2kLg0AIHflOopVkiuKaaFCw7s6aQUvFn\nna9Oi7FbAgMBAAECggEAIYBI8K57arAnw8eSEqsmnb/yWsjdTyCd8rO/Bh5zvIQN\n7wufeiQ6P75zSMfOoyOlqirx3LHNEqyClPMlAQ9u8osOat7fZDK2kOtL1YY58ktN\nux10AdtBTaxA4lsZML9Bj5Oq4H+5qkNK+2knwPcUa1znxInOM4v3F+iLsKiaJUZQ\nwnew+WacECpgMHxMavDiY92/0hPIYtBgJPk4Qud/0+EZ9QnTZ1FR4NSwk2rKBOx3\nJZTDcxLHbJ/jYPt+AJo77HITXkkbwBI9l9ILq5Y/aCI3Xw5qZA8lzuqxlklqvLvJ\n3j1ivz0+3t2/Ux4Y/wKpqmEMmKUAIq0BFKd+IqiykQKBgQDwS++M7l8SwQR8Sntn\nkkseFWPFmsETe9JzTugVsaQAfn9HPDtGmr2wcK+0Fo7/NEpYm+Vodh1rlLcSs7Ak\nheOIjShdDSRXjtwSoNxVoMoAaLFP3DORERhWYCczJjeqcoP1fUC27LmvA/1NDd15\n/C9BEdVH+ltpPDwgJxYJtXE+uQKBgQDj6QLJ0b9LEYxz0ig0knN7u0g4LRPkZF58\nrLDphUF+t06XRiXa8UKkaHsCMc0hVbZJ0yvHdY640ckxhzZfLk78fmonKfW11wV0\nBMjoYZlfJPQvAydalehVBrJ4j/ZhouhYKuycRrOrCcZD+FwpKBd8ThVcRxd/9j8V\nQgMf8ciGswKBgQDXC33z55dZ1zbGbHmHtNpYr9e8DcRgRV2PJ7x3PaSBdLM+8t4x\nT2YWsqHrTozmQsuOBOYG2D13+3zi1b/6z39SwtCuhYZSfVzhpufIEb71IrwbtfrI\nBj57fk1Wbws+FIGXfmId0jhSMgXLoW7lLhSz7NusMJcB1JASTihgw+n2sQKBgQCn\nFz4kGNLWhpcikwFHCdgA7t2T0fiziaJ8ZV+O1VOfQ2UrIxK94gOp5a/JfBmYRu7O\nUTPXmCh699M5rJgAUEM4erX44Jp0JqCo3pktReDcEIu1q+o+T4l2TOKr4WARVQ5j\nFZVDPdKbox7o1j07L1mImPawIK7p8e9t9me0E9+gYQKBgCiXzwL5ngTxAqLNXTTx\nuYL/1x3Pg6uvBnltfCUTDKVFDPv9Dwaad3T9cwqZZCzlM0GqTuALzVb1NAHVcx3U\nIUXcwn8mDT/aYWClnTDW7/ZwThnOsXSxbco68JdM2bpCS9nRqhYAlLb0eLMl2pEU\n59cqC1DjxsmVcmpabyi/726I\n-----END PRIVATE KEY-----\n",
"client_email": "test@some-project.iam.gserviceaccount.com",
"client_id": "some-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40some-project.iam.gserviceaccount.com"
}

Example Request


ksctl connectionmgmt gcp create --name gcpConn --key-file gcp.json --products CCKM

Example Response


{
    "id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-04-01T04:56:28.5260642Z",
    "updatedAt": "2021-04-01T04:56:28.524593208Z",
    "service": "gcp",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "gcpConn",
    "products": [
        "CCKM"
    ],
    "cloud_name": "gcp",
    "client_email": "test@some-project.iam.gserviceaccount.com",
    "private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}

Getting Details of a GCP Connection

To get details of a GCP connection, run:

Syntax


ksctl connectionmgmt gcp get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt gcp get --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59

Example Response


{
    "id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-04-01T04:56:28.526064Z",
    "updatedAt": "2021-04-01T04:56:28.524593Z",
    "service": "gcp",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "gcpConn",
    "products": [
        "CCKM"
    ],
    "cloud_name": "gcp",
    "client_email": "test@some-project.iam.gserviceaccount.com",
    "private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}

Updating a GCP Connection

To update a GCP connection, run:

Syntax


ksctl connectionmgmt gcp modify --id <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>

Example Request


ksctl connectionmgmt gcp modify --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59 --key-file gcp1.json

Example Response


{
    "id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-04-01T04:56:28.526064Z",
    "updatedAt": "2021-04-01T05:03:38.665326512Z",
    "service": "gcp",
    "category": "cloud",
    "last_connection_ok": true,
    "last_connection_at": "2021-04-01T05:00:03.806155Z",
    "name": "gcpConn",
    "products": [
        "CCKM"
    ],
    "meta": "",
    "cloud_name": "gcp",
    "client_email": "test@some-project.iam.gserviceaccount.com",
    "private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}

Deleting a GCP Connection

To delete a GCP connection, run;

Syntax


ksctl connectionmgmt gcp delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt gcp delete --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59

There will be no response if GCP connection is deleted successfully.

Getting List of GCP Connections

To list all the GCP connections, run:

Syntax


ksctl connectionmgmt gcp list

Example Request


ksctl connectionmgmt gcp list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
            "uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-04-01T04:56:28.526696Z",
            "updatedAt": "2021-04-01T04:56:28.526696Z",
            "service": "gcp",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "gcpConn",
            "products": [
                "CCKM"
            ],
            "cloud_name": "gcp",
            "client_email": "test@some-project.iam.gserviceaccount.com",
            "private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
        }
    ]
}

Testing an Existing GCP Connection

To test an existing GCP connection, run;

Syntax


ksctl connectionmgmt gcp test --id <Connection-Name/ID> --key-file <Key-File-Path>

Example Request


ksctl connectionmgmt gcp test --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59

Example Response


{
    "connection_ok": true
}

Testing a New GCP Connection

To test a new GCP connection, run;

Syntax


ksctl connectionmgmt gcp test --key-file <Key-File-Path>

Example Request


ksctl connectionmgmt gcp test --key-file gcp.json

Example Response


{
    "connection_ok": true
}

Managing Oracle Cloud Infrastructure (OCI) Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an OCI connection

  • List all OCI connections

  • Test an existing OCI connection

  • Test parameters for an OCI Connection

Creating an OCI Connection

To create an OCI connection, run:

Syntax

1
ksctl connectionmgmt oci create --name <connection-name> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file, pass_phrase-in-json-format>

Example Request

1
ksctl connectionmgmt oci create --name oci-connection --products cckm --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json

Example Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282327Z",
    "updatedAt": "2022-01-19T04:32:15.488831158Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

conn-cred.json

1
2
3
4
{
    "key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
    "pass_phrase": "password"
}

Getting Details of an OCI Connection

To get details of an OCI connection, run:

Syntax

1
ksctl connectionmgmt oci get --id <connection-name/id>

Example Request

1
ksctl connectionmgmt oci get --id oci-connection

Example Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282Z",
    "updatedAt": "2022-01-19T04:32:15.488831Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

Updating an OCI Connection

To update an OCI connection, run:

Syntax

1
ksctl connectionmgmt oci modify --id <connection-name/id> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format> --meta <key:values>

Example Request

1
ksctl connectionmgmt oci modify --id oci-connection --user-ocid ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq

Example Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282Z",
    "updatedAt": "2022-01-19T04:40:36.311287549Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

Deleting an OCI Connection

To delete an OCI connection, run;

Syntax

1
ksctl connectionmgmt oci delete --id <connection-name/id>

Example Request

1
ksctl connectionmgmt oci delete --id oci-connection

Example Response

There will be no response if OCI Connection is deleted successfully.

Getting List of OCI Connections

To list all the OCI connections, run:

Syntax

1
ksctl connectionmgmt oci list

Example Request

1
ksctl connectionmgmt oci list

Example Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
            "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2022-01-19T04:32:15.490836Z",
            "updatedAt": "2022-01-19T04:40:36.312949Z",
            "service": "oci",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "oci-connection",
            "products": [
                "cckm"
            ],
            "user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
            "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
            "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
            "region": "ap-sydney-1"
        }
    ]
}

Testing an Existing OCI Connection

To test an existing OCI connection, run;

Syntax

1
ksctl connectionmgmt oci test --id <connection-name/id>

Example Request

1
ksctl connectionmgmt oci test --id oci-connection

Example Response

1
2
3
{
    "connection_ok": true
}

Testing Parameters for an OCI Connection

To test parameters for an OCI connection, run;

Syntax

1
ksctl connectionmgmt oci test --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format>

Example Request

1
ksctl connectionmgmt oci test --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json

Example Response

1
2
3
{
"connection_ok": true
}

conn-cred.json

1
2
3
4
{
    "key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
    "pass_phrase": "password"
 }

Managing SCP Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an SCP connection

  • List all SCP connections

  • Test an existing SCP connection

  • Test a new SCP Connection

Creating an SCP Connection

To create an SCP connection, run:

Syntax


ksctl connectionmgmt scp create --name <Connection-Name> --host <Hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key> --products <Products-Names> --meta <Key:Value>

Example Request


ksctl connectionmgmt scp create --name scp-conn --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp" --products "backup/restore"

Example Response


{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-06-07T06:17:01.343933Z",
    "updatedAt": "2021-06-07T06:17:01.342893Z",
    "service": "scp",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "scp-conn",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "8.8.8.8",
    "port": 22,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/scp"
}

Getting Details of an SCP Connection

To get details of an SCP connection, run:

Syntax


ksctl connectionmgmt scp get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt scp get --id scp-conn

Example Response


{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-06-07T06:17:01.343933Z",
    "updatedAt": "2021-06-07T06:17:01.342893Z",
    "service": "scp",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "scp-conn",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "8.8.8.8",
    "port": 22,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/scp"
}

Updating an SCP Connection

To update an SCP connection, run:

Syntax


ksctl connectionmgmt scp modify --name <Connection-Name> --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --public-key <key> --path-to <Destination-Machine-Path> --products <Products-Names> --meta <Key:Value>

Example Request


ksctl connectionmgmt scp modify --id scp-conn --host 1.2.3.4 --scp-port 32

Example Response


{
    "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-06-07T06:17:01.343933Z",
    "updatedAt": "2021-06-07T06:21:53.141454927Z",
    "service": "scp",
    "category": "external-server",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "scp-conn",
    "products": [
        "backup/restore"
    ],
    "meta": null,
    "host": "1.2.3.4",
    "port": 32,
    "username": "admin",
    "auth_method": "password",
    "path_to": "/home/scp"
}

Deleting an SCP Connection

To delete an SCP connection, run;

Syntax

Syntax


ksctl connectionmgmt scp delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt scp delete --id scp-conn

Example Response

There will be no response if SCP connection is deleted successfully.

Getting List of SCP Connections

To list all the SCP connections, run:

Syntax


ksctl connectionmgmt scp list 

Example Request


ksctl connectionmgmt scp list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "name": "scp-conn",
            "id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
            "uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-06-07T06:17:01.343933Z",
            "updatedAt": "2021-06-07T06:17:01.342893Z",
            "service": "scp",
            "category": "external-server",
            "products": [
                "backup/restore"
            ],
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "host": "8.8.8.8",
            "port": 22,
            "username": "admin",
            "auth_method": "password",
            "public_key": "public-key",
            "path_to": "/home/scp"
        }
    ]
}

Testing an Existing SCP Connection

To test an existing SCP connection, run;

Syntax


ksctl connectionmgmt scp test --id <Connection-Name/ID> 

Example Request


ksctl connectionmgmt scp test --id scp-conn 

Example Response


{
    "connection_ok": true
}

Testing a New SCP Connection

To test a new SCP connection, run;

Syntax


ksctl connectionmgmt scp test --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key>

Example Request


ksctl connectionmgmt scp test --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp"

Example Response


{
    "connection_ok": true
}

Connection Manager Certificate Expiration Check

The CipherTrust Manager inspects the expiration date of the certificates used in the configured connections everyday, at a preset system time to log the record. This is done for the following connections:

  • Microsoft Azure

  • DSM Connection

  • Hadoop

  • Salesforce

  • Luna Network HSM

The CipherTrust Manager then creates list of certificates based on their expiration date:

  • Certificates whose expiration dates are within 91 days.

    This list is logged in the Records section once every week.

  • Certificates whose expiration dates are within 7 days.

    This list is logged in the Records section once every day.

  • Certificates that are already expired.

    This list is logged in the Records section once every day.

You can also create alarm triggers for these records. For more details, go to Creating Alarm Trigger for Client Certificate Expiration.