Connection Manager
The Connection Manager contains a list of all connections to the resources that are external to the CipherTrust Manager server. Any resource that you intend to use with CipherTrust Manager and that resides outside of the CipherTrust Manager infrastructure has to be added using the Connection Manager.
Only Connection Admins can add, edit, delete, or test a connection.
Accessing the Connection Manager
To access the Connection Manager, log in to CipherTrust Manager as administrator. Next, click Keys & Access Management on the main screen, and then select Connections from the sidebar on the left.
The Connections Management screen is displayed. It is divided into:
CONNECTIONS - allows you to configure the connections
INTERNAL CONNECTIONS - allows you to configure the servers required for a connection
CONNECTIONS
The tabular view lists all the currently configured connections. You can arrange the list in different orders, by clicking on the column headers to sort it by that column. The table has the following columns:
Name - name of the connection
Creation - date when the connection was created
Type - type of connection
Products - name of the product that uses the connection
State - state that the connection is in. It is one of these states:
Not tested - connection has not been tested
Fail - connection has been tested and the test failed. The date when the connection failed is displayed to the right
Ready - connection is properly configured and ready
The last column contains an ellipsis icon (...). When clicked, it displays a menu that allows you to perform the following operations on the existing connections:
View/Edit - view and edit the connection
Test Connection - test the connection
Delete - delete the connection
Use the filters in the column headers to filter through multiple connections and display only those that you wish to display.
Use the Search box to search for a specific connection.
Refer to Adding a New Connection to add a new connection.
INTERNAL CONNECTIONS
The tabular view lists all the currently configured servers. You can arrange the list in different orders, by clicking on the column headers to sort it by that column. The table has the following columns:
Hostname - hostname of the server
Description - description of the server
Created - date when the server was created
Service - type of service
Products - name of the product that uses the server
The last column contains an ellipsis icon (...). When clicked, it displays a menu that allows you to perform the following operations on the existing servers:
Delete - delete the server
Download Server Cert - download the server certificate
Click the Download Luna Client Cert button to download the certificate of the Luna client registered with Luna HSM.
Use the filters in the column headers to filter through multiple servers and display only those that you wish to display.
Use the Search box to search for a specific server.
Refer to Adding an Internal Connection (Server) to add the servers.
Adding a New Connection
Before adding a new AWS connection, ensure that time on the CipherTrust Manager and AWS is in sync. To change the time on the CipherTrust Manager, use the NTP server or run the date or timedatectl command.
Click the + Add Connection button to open the Add Connection wizard. The wizard consists of these four steps:
Select Connection Type
General Info
Configure Connection
Add Products
1. Select Connection Type
In the Select Category section, click the Cloud, TDP, HSM, File-Share, Key Manager, or SCP tile and select a desired connection type from the Select Type menu:
Cloud: Amazon Web Services (AWS), Microsoft Azure, Salesforce, Google Cloud Platform (GCP), or Oracle Cloud Infrastructure (OCI). All are cloud computing platforms and CipherTrust Cloud Key Manager (CCKM) manages cloud keys for these cloud services.
TDP: Hadoop Knox. It provides a single point of authentication and access for Hadoop services in a cluster.
HSM: Luna Network HSM. It allows CCKM to manage and perform operations on the keys stored on HSM.
File-Share: CIFS/SMB. It provides access to the shared files available in the network.
Key Manager: DSM Connection. It provides a single point of authentication and access for DSM in a cluster.
SCP: SCP. It helps to securely transfer system backup from CipherTrust Manager to the external servers.
Click Next to move to the next step.
2. General Info
In this step, provide a Name and Description (optional) for the new connection.
Click Next to move to the next step.
3. Configure Connection
Amazon Web Services
Access Key ID - an access key is a long-term credential for an AWS account root user. An access key consists of two parts: an access key ID and a secret access key (pretty much like a user name and password). This is the user name part.
Secret Access Key – this is the password part of the access key. Select the Show Secret Access Key check box to view the password as open text.
Cloud Name - the name of the AWS cloud to connect to. Currently, only the following options are available:
AWS
AWS-US-GOV
AWS-CN
Assume Role - the AWS Assume Role. For more details, refer to the AWS documentation, (see "Identity and Access Management (IAM) role").
Assume Role External ID - the external ID for an IAM role in AWS (Assume Role). This is something that you may want to use when you need to give access to your AWS resources to a third party. For more details, refer to the AWS documentation (see "Identity and Access Management (IAM) role").
Click Next to move to the next step.
Microsoft Azure
Client ID - this is an Application ID of the Azure application. It can be used either with Client Secret or Certificate to authenticate the application.
Tenant ID - this is the Office365 tenant ID. It is a globally unique identifier (GUID). For more details, refer to the Azure documentation.
Cloud Name - the name of the Azure cloud to connect to. Currently, only the following options are available:
Azure Cloud
Azure China Cloud
Azure US Government
Azure Stack - For Azure Stack configuration, refer to Configure Azure Stack.
Authentication - you can use either Client Secret or Certificate for authentication purpose.
Client Secret – this authentication method uses the application password of the Client ID to enable communication between Azure and CipherTrust Manager.
Certificate - this authentication method is used to enable password-less communication between Azure and CipherTrust Manager. To do so:
Select the Certificate radio button and click the Generate and Download button.
Upload the downloaded certificate on Azure for the provided Client ID.
Once the upload is done, verify the Thumbprint on the CipherTrust Manager and Azure and both the thumbprints must match.
Click the Test Credentials button to verify if the certificate authentication is working.
The default certificate duration is 10 years.
Azure Stack does not support Certificate authentication.
• This configuration is applicable to Azure Stack only.
• Configuring an Azure Stack connection requires various URLs, described below. To get these URLs, run the commandGet AzureRmEnvironmentin your Azure AD VM. Refer to Connect with Azure AD for details.Azure Stack Connection Type - Azure stack supports two types backed by Active Directory as an identity provider:
AAD - Azure Active Directory
ADFS - Active Directory Federation Services
Active Directory Endpoint - this is a URL at which the identity providers can be reached. For example, https://login.microsoftonline.com/
Key Vault DNS Suffix - this is a DNS suffix for the key vault in the Azure Stack. For example, vault.local.azurestack.external.
Management URL - this is the URL with a unique identifier for Azure Resource Manager registered with your identity provider.
Resource Manager URL - this URL is the location of the Azure Resource Manager service. For example, https://management.azure.com or https://management.local.azurestack.external
Vault Resource URL - this is the URL to access vault resources. For example, https://vault.local.azurestack.external
Azure Server Certificate - this is the Server certificate used by HTTPS protocol for a secure connection.
Salesforce
Username - username to access the Salesforce server.
Client ID - application ID of the Salesforce application. It can be used either with Client Secret or Certificate to authenticate the application.
The Salesforce Connection Manager does not allow using one client id for multiple connections for certificate based authentication. This limitation exists because the Salesforce server allows only one certificate for a client id at any given time.
However, if client credential based authentication is used, multiple connections are allowed with one client id.Cloud Name - the name of the Salesforce cloud to connect to. Currently, only the following options are available:
Salesforce Sandbox Cloud
Salesforce Cloud
Authentication - you can use either Client Secret or Certificate for authentication purpose.
Client Secret – this authentication method uses the account password and the Client Secret for the given Client ID to enable the communication between Salesforce and the CipherTrust Manager.
Certificate - this authentication method is used to enable password-less communication between Salesforce and the CipherTrust Manager. To do so:
Specify the Certificate Duration in Days ( 1 day to 10 years).
The default certificate duration is 10 years.
Select the Certificate radio button and click the Generate and Download button.
Upload the downloaded certificate on Salesforce for the provided Client ID.
Once the upload is done, verify the Certificate Subject on the CipherTrust Manager and Salesforce, and both the Certificate Subjects must match.
Click Next to move to the next step.
Currently, the only product supported for Salesforce connection is Cloud Key Manager.
SAP Data Custodian
API Endpoint - this is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:
Create a temporary technical user (TU).
Generate its credentials and download them.
The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.
Username - provide username to access the SAP data custodian server.
Secret - provide secret (password).
Tenant - provide tenant.
The username, secret, and tenant are standard user credentials for SAP data custodian. Currently, the CipherTrust Manager only supports standard user credentials for authentication.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Currently, the only product supported for SAP Data Custodian connection is Cloud Key Manager.
Oracle Cloud Infrastructure (OCI)
To configure an OCI connection:
Tenancy OCID: OCID of the tenancy.
User OCID: OCID of the user.
Region: An Oracle Cloud Infrastructure region.
Fingerprint: Fingerprint of the public key added to this user.
Key File: Private key file for the OCI connection in the PEM format. Either upload the key file or paste the file content.
File Upload: Select and click Upload Certificate to upload the key file from your machine.
Text: Select and paste the certificate content in the text field.
Passphrase: Passphrase of the encrypted key file.
Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Currently, the only product supported for OCI connection is Cloud Key Manager.
Google Cloud Platform (GCP)
Key File - upload the key file that you have got from the GCP console while creating the service account.
Cloud Name - select the Google from the drop-down list.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Currently, the only product supported for Google connection is Cloud Key Manager.
Hadoop Knox
Only one TDP connection of a particular type (Hadoop Knox) can be created at a time on the CipherTrust Manager. The Hadoop Knox connections are supported in the root domain only.
For Hadoop Knox, only HTTPS protocol is supported.
While testing a Hadoop Knox connection, if the connectivity is working for any one of the nodes in the connection, the overall connection status will be true.
Add Knox Node
Node Host - provide hostname of a Hadoop Knox node.
Port - provide port number of the Hadoop Knox node.
Certificate - upload the Hadoop Knox node certificate.
To add multiple nodes in a Hadoop Knox connection, click +Add Knox Node.
Topology – provide the Knox topology. The default topology name is "default". If you are not using the default topology, name your own topology.
Authentication – provide a valid credential provisioned in the authentication service configured on Knox through in Ambari.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Luna Network HSM
To use Luna Network HSM as a key source, you must configure Luna Network connection and HSM server. To configure HSM server, refer to Adding an Internal Connection (Server).
It is mandatory to create one or more HSM Servers before creating an HSM Connection.
To configure the Luna Network HSM connection:
Partition Server Hostname/IP - select the hostname/IP of the server from the drop-down list
Partition Label - label of the HSM partition
Partition Serial No - serial number of the HSM Partition
Add Partition - click this button to add the multiple partitions
Partition Password - password of the HSM partition(s)
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Currently, the only product supported for LUNA Network HSM connection is Cloud Key Manager.
Server Message Block (SMB)
Host - IP or FQDN of the SMB share server.
Port - the port where the SMB service is running on the host.
The Host and Port fields must be specified together, or do not specify any of them. If Host and Port are not specified while creating a connection, these fields cannot be added later.
Username - username to access the SMB share.
Password - password to access the SMB share.
Domain - workgroup or domain under which the username is configured. It is an optional field.
Test Path - path to the file-share for which the credentials need to be tested. It is only required to test the connections.
The Common Internet File System (CIFS) is a dialect of SMB.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
The Host, Port, and Test Path fields are mandatory for testing the connection credentials.
Click Next to move to the next step.
DSM Connection
Add DSM Node
Node Hostname/IP - provide hostname or IP of a DSM node.
If the DSM hostname cannot be resolved, then a DNS entry must be added under Admin Settings > DNS Hosts.
Certificate - upload the DSM node certificate. This is the DSM server certificate (for example,
DSM.cer) you downloaded to your local machine.
To add multiple nodes in a DSM connection, click +Add DSM Node.
Nodes must be from the same DSM cluster.
For Authentication
Username - username of the DSM server.
Password - password of the DSM server.
Domain ID - provide domain Id if DSM user is restricted to a domain. It is an optional field.
While creating a connection to DSM on the CipherTrust Manager, if the user is a local domain admin in the DSM, then a domain ID is required.
Let's assume, user "U1" manages/owns the domain "D1".
To get the domain id, follow this process:
1. "U1" requests the System Administrator of DSM to provide the domain id for "D1".
2. System Administrator calls the/dsm/v1/domainsAPI to fetch the list of domains. This API returns details of all domains including their IDs.
3. System Administrator finds the domain ID of domain "D1" and provides it to "U1".
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the next step.
Secure Copy Protocol (SCP)
The SCP connections are supported in the root domain only.
Host - IP/hostname of the SCP server.
Port - port number of the SCP server. Default port is 22.
Username - username of the SCP server.
Auth Method - you can use either Password or Key for authentication purpose.
Authentication Method Description Password password to authenticate the SCP server. Key public key used for authentication. Click the Download Public key for SSH authentication button.
To upload the fetched key to the list of authorized keys on the SCP server, refer to the Uploading Key to the List of Authorized Keys on the SCP Server section.Public key of SCP Server - public key of the SCP server. It is used to verify the identity of the host through key fingerprint. It is available at the
/etc/sshlocation on the SCP server. To find the public key of the SCP server, refer to Finding Public Key of the SCP Server section.Path to - path of the SCP server where backup will be transferred.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
While testing the SCP connection, a file with the name temp-cm-scp-test-connection is created at the specified path on the SCP server.
Click Next to move to the next step.
The only product supported for SCP connection is Backup/Restore.
Uploading Key to the List of Authorized Keys on the SCP Server
To upload the fetched key to the list of authorized keys on the SCP server, perform the following steps:
Open the downloaded key and copy its content without quotes (“”).
Append the content of this public key to the following file (authorized_keys) on the SCP server. This file is available at:
/home/<SCP user>/.ssh/authorized_keys.Save the file and exit.
Example
Run the below command to get the content of the
authorized_keysfile:ubuntu@ip:/etc/ssh$ cat /home/ubuntu/.ssh/authorized_keys
Output:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
Append the content of public key of the CipherTrust Manager:
ssh-rsa..<content of authorized_keys>...+FFChClf1in1xnKG9UL/ Yaths-UbuntuDev
ssh-rsa...<content of public key of CipherTrust Manager>...P9+9JRqDINamNougibgw==In this example, the highlighted code is the public key downloaded from Step 1.
Finding Public Key of the SCP Server
Following example shows how to find the public key of the SCP server.
Example
Copy the default SSH public key (ssh_host_ecdsa_key.pub) of the SCP server. This key is available at: /etc/ssh/.
Run the command:
ubuntu@ip:/etc/ssh$ cat ssh_host_ecdsa_key.pub
Output:
ecdsa-sha2-nistp256.....YcS6IzvTZZ6tpL/F65f/M= root@ip
By default, the ssh_host_ecdsa_key (private key) is used for SSH authentication. However, you can also use other keys for SSH authentication. To do so, uncomment other options in the /etc/ssh/sshd_config file referring to the HostKey.
4. Add Products
Use the check boxes in the Products list to select a product associated with the connection.
Data Discovery
CTE
Cloud Key Manager
Backup/Restore
Click Save to save your connection. The new connection is now listed in the Connections Management table.
Adding an Internal Connection (Server)
Currently, you can add only HSM Servers.
Click the + Add HSM Server button in the INTERNAL CONNECTIONS section to add the HSM Server.
HSM Hostname/IP - provide the hostname/IP of the server
HSM Certificate - upload the HSM certificate
HSM Description - provide the HSM description
HSM Products - select the check boxes in the Products list to select a product associated with the HSM server
• Currently, the only product supported for HSM Server is Cloud Key Manager.
• Luna Network HSMs can only be added at the CipherTrust Manager root domain for use with CCKM.
Click Create to add the HSM Server. The new server is now listed in the INTERNAL CONNECTIONS Management table.
Managing LUNA HSM Connections using ksctl
Luna network HSM management is divided into:
Luna Network HSM Servers
The following operations can be performed:
Add/delete/get a Luna network HSM server
List all Luna network HSM servers
Get Luna client details such as certificate and hostname
The Luna servers are used to create a connection of type Luna network HSM.
Adding a Luna Server
To add a Luna Server, run:
Syntax
ksctl connectionmgmt luna-hsm servers add --hostname <Hostname/IP> --hsm-cert-file <HSM-Certificate>
This command requires a hostname or IP of the server and a valid certificate.
Example Request
ksctl connectionmgmt luna-hsm servers add --hostname host --hsm-cert-file ~/server.pem
Example Response
{
"hostname": "host",
"hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
"id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:25:27.163022185Z",
"service": "luna network"
}
Getting Details of Luna Server
To get details of a Luna Server already registered with the Connection Manager, run:
Syntax
ksctl connectionmgmt luna-hsm servers get --id <Hostname/Id>
This command requires an identifier that can either be ID or hostname of the server.
Example Request
ksctl connectionmgmt luna-hsm servers get --id host
Example Response
{
"hostname": "host",
"hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
"id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:25:27.163022Z",
"service": "luna network"
}
Deleting a Luna Server
To delete a Luna Server, run:
Syntax
ksctl connectionmgmt luna-hsm servers delete --id <Hostname/Id>
This command requires an identifier that can either be ID or hostname of the server.
There will be no response if server is deleted successfully.
Getting List of Luna Servers
To list all the Luna Servers already registered with the Connection Manager, run:
Syntax
ksctl connectionmgmt luna-hsm servers list
Example Request
ksctl connectionmgmt luna-hsm servers list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"hostname": "host",
"hsm_certificate": "-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\nMeTBtJHgJ+LH5Xob/hADnOAJb7jIB3GSBdpBH7VJhQ5VU5sNHqg4ZiNi1vLZPPed\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n",
"id": "83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"uri": "kylo:kylo:connectionmgmt:hsm-servers:host-83a24275-65ff-42cf-9e22-edd1b7f0c4f3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:25:27.163022Z",
"service": "luna network"
}
]
}
Getting Details of a Luna Client
To get details of a Luna Client registered with a Luna Server, run:
Syntax
ksctl connectionmgmt luna-hsm servers client-get
Example Request
ksctl connectionmgmt luna-hsm servers client-get
Example Response
{
"id": "5fc757bd-8e95-4352-8d1c-4bc861d252d9",
"uri": "kylo:kylo:doorway:Certificate:5fc757bd-8e95-4352-8d1c-4bc861d252d9",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-12-03T12:22:46.061088Z",
"updatedAt": "2020-12-03T12:22:46.056696Z",
"hostname": "cckm-client-51437b79-4f10-490e-9769-3d5b0526af46",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDezCCAmOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCQ0Ex\nEDAOBgNVBAgMB09udGFyaW8xDzANBgNVBAcMBk90dGF3YTETMBEGA1UECgwKTXkg\nY29tcGFueTE5MDcGA1UEAwwwY2NrbS1jbGllbnQtNTE0MzdiNzktNGYxMC00OTBl\nLTk3NjktM2Q1YjA1MjZhZjQ2MB4XDTIwMTIwMjEyMjI0NloXDTMwMTIwMTEyMjI0\nNlowgYAxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZP\ndHRhd2ExEzARBgNVBAoMCk15IGNvbXBhbnkxOTA3BgNVBAMMMGNja20tY2xpZW50\nLTUxNDM3Yjc5LTRmMTAtNDkwZS05NzY5LTNkNWIwNTI2YWY0NjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBANyjU9u2iVR0N5foHjZy7e4jMX5TX6BKiqAL\nc3Zn5MjpHZWdd82U1+UYjOgAdgU1IMKr84pxPoMDVrpcK0pk1U07sVqgSYM0WXd1\nB78n8n13CS6xYNL6rHoGXwO3LR0XW45Sa2NvhX/QFiTXsAYQgBZmW3urNj/kx1sd\n2xD0umeTxK+2DnLG8ccxeBxE+bahfxGHH2v+ln5FjVncsSjYLFlOrafI2ZSQLSZK\nXmLp4///Ca3l4SeIvgPCjgWfPiXQ7ZFSEOMcCbCptNuTOuYLbTG9AF2j7BmXMJ3S\n6lG4O/CenKC0JfVKHmfHiy0KcbyQY5zFNvuYjht6Enua58q4hYUCAwEAATANBgkq\nhkiG9w0BAQsFAAOCAQEAqHUSkv9rv5DhZmIRyWw+CrrXFFxxsrezPGWpHSIoKuFo\nFwTgXrru2K8O4mDvByHqcXKDjn/mKzhY9GHTAj3bLjbe3PbW6wAQVvGd8ovLVLEH\nvNY6wATVtafmvSwL/hBWmcdmj5HX3f/OV6h3h+Ck6rHrNzcbw4v25o+89kmEMgi4\njeuXNBSLC/1TrKoChr5nVBugU3BrKZgwm9yrMntuzCqmIVl2dstlbL9R+LSoCns5\na/PreKkP4DbxqxxgeE7RTqtv+qhjrKyMQVMDsHfCDc1Je+NBHkwVrfIdXJrJVuuh\nxZC/isR370yet+J4HM57xsNswI3/YG4l4nXl5jt9dQ==\n-----END CERTIFICATE-----\n"
}
Luna Network HSM Connections
The following operations can be performed:
Create/Get/Update/Delete a Luna Network HSM connection
List all Luna Network HSM connections
Test an existing Luna Network HSM connection
Test the newly created connection
A Luna Network HSM connection can be an HA or non-HA.
HA stands for High Availability, that means there will be more than one partition to ensure availability and load balancing.
In an HA connection, there are multiple partitions of one or more HSM Servers. Whereas, in a non-HA connection there is a single partition of an HSM Server.
Creating a Luna Connection
To create a connection of Luna Network HSM type, run:
Syntax
ksctl connectionmgmt luna-hsm connections create --name <Connection-Name> --conn-password <Partition-Password> --partitions-json-file <xxx.json> --ha-enable <Yes/No>
This command requires:
Name of the connection
Partition file of JSON type
Password of the Luna partitions
The HA flag is optional, and the default value is FALSE.
To create a connection with multiple partitions (with an HA group), the HA flag should be specified as TRUE. The format of the JSON file to create a connection:
[
{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label1","serial_number": "xxxxxx"},
{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}
]
Example Request
ksctl connectionmgmt luna-hsm connections create --name demo1 --conn-password passcode --partitions-json-file partitions.json --ha-enable yes
Example Response
{
"id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.592526537Z",
"updatedAt": "2020-12-04T09:30:20.591321554Z",
"service": "luna network",
"category": "hsm",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "demo1",
"partitions": [
{
"hostname": "xx.xxx.xx.xx",
"serial_number": "14",
"partition_label": "sample-label"
},
{
"hostname": "xx.xxx.xx.xx",
"serial_number": "12",
"partition_label": "sample-label"
}
],
"is_ha_enabled": true
}
Getting Details of a Luna Connection
To get details of a Luna Network connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections get --id <Id/Connection-Name>
This command requires a connection identifier that can be either ID or name of the connection.
Example Request
ksctl connectionmgmt luna-hsm connections get --id demo1
Example Response
{
"id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.592527Z",
"updatedAt": "2020-12-04T09:30:20.591322Z",
"service": "luna network",
"category": "hsm",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "demo1",
"partitions": [
{
"id": "39c7775c-a72c-4b31-9745-d1e9adbf8946",
"uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-39c7775c-a72c-4b31-9745-d1e9adbf8946",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.597013Z",
"hostname": "xx.xxx.xx.xx",
"serial_number": "14",
"partition_label": "sample-label"
},
{
"id": "e3b7914d-3a88-40de-9385-649c5f019e3f",
"uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-e3b7914d-3a88-40de-9385-649c5f019e3f",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.598614Z",
"hostname": "xx.xxx.xx.xx",
"serial_number": "12",
"partition_label": "sample-label"
}
],
"is_ha_enabled": true,
"max_session_count": 0,
"session_count": 0,
"max_rw_session_count": 0,
"rw_session_count": 0,
"max_pin_len": 0,
"min_pin_len": 0,
"total_public_memory": 0,
"free_public_memory": 0,
"total_private_memory": 0,
"free_private_memory": 0,
"operation_status": "",
"operation_error": ""
}
Updating a Luna Connection
To update a Luna Network connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections update --id <Id/Name> --conn-password <New-Password>
This command requires:
A connection identifier that can either be ID or name of the connection
One or more parameters to update
The Luna Connection Update supports updating the password and other meta information.
This command does not support updating a partition information.
Example Request
ksctl connectionmgmt luna-hsm connections update --id demo1 --conn-password newPasscode
Example Response
{
"id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.592526537Z",
"updatedAt": "2020-12-04T09:30:20.591321554Z",
"service": "luna network",
"category": "hsm",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "demo1",
"partitions": [
{
"hostname": "xx.xxx.xx.xx",
"serial_number": "14",
"partition_label": "sample-label"
},
{
"hostname": "xx.xxx.xx.xx",
"serial_number": "12",
"partition_label": "sample-label"
}
],
}
Deleting a Luna Connection
To delete a Luna Network connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections delete --id <Id/Name>
There will be no response if LUNA Network connection is deleted successfully.
Getting List of Luna Connections
To list all the connections of Luna Network HSM type, run:
Syntax
ksctl connectionmgmt luna-hsm connections list
Example Request
ksctl connectionmgmt luna-hsm connections list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"uri": "kylo:kylo:connectionmgmt:connections:demo1-c8c1cd6b-1f37-405c-9e12-de2f6bec2c36",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.592527Z",
"updatedAt": "2020-12-04T09:30:20.591322Z",
"service": "luna network",
"category": "hsm",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "demo1",
"partitions": [
{
"id": "39c7775c-a72c-4b31-9745-d1e9adbf8946",
"uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-39c7775c-a72c-4b31-9745-d1e9adbf8946",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.597013Z",
"hostname": "xx.xxx.xx.xx",
"serial_number": "14",
"partition_label": "sample-label"
},
{
"id": "e3b7914d-3a88-40de-9385-649c5f019e3f",
"uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-e3b7914d-3a88-40de-9385-649c5f019e3f",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-04T09:30:20.598614Z",
"hostname": "xx.xxx.xx.xx",
"serial_number": "12",
"partition_label": "sample-label"
}
],
"is_ha_enabled": true
}
]
}
Adding a partition to the Luna Connection
To add a partition to the Luna Connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections add-partition --id <Id/Name> --partitions-json-file <xxx.json>
A parition can only be added to a connection if HA flag is TRUE.
The format of the JSON file to add a partition:
{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}
Example Request
ksctl connectionmgmt luna-hsm connections add-partition --id demo1 --partitions-json-file partition.json
Example Response
{
"id": "288b05a9-0e08-4b76-be6c-3713b0e10751",
"uri": "kylo:kylo:connectionmgmt:luna-network-partition:demo1-288b05a9-0e08-4b76-be6c-3713b0e10751",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-05T06:01:27.482393059Z",
"hostname": "xx.xxx.xx.xx",
"serial_number": "1429964054509",
"partition_label": "sample-label"
}
Deleting a Partition from the Luna Connection
To delete a partition from the Luna Connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections delete-partition --id <Id/Name> --partition-id <Partition-Id>
There will be no response if partition is deleted successfully.
Testing an Existing Luna Connection
To test an existing Luna Network connection, run:
Syntax
ksctl connectionmgmt luna-hsm connections test --id <Id/Name>
This command requires a connection identifier that can either be ID or name of the connection.
This command is asynchronous; therefore, it initiates a connection test and gives the status as in_progress. You can fetch the actual status by using the get command for the same connection.
Example Request
ksctl connectionmgmt luna-hsm connections test --id demo1
Example Response
{
"id": "b1c8597a-670e-456f-b2e4-a452311e2916",
"uri": "kylo:kylo:hsm:connections:b1c8597a-670e-456f-b2e4-a452311e2916",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-12-04T09:37:17.578573227Z",
"updatedAt": "2020-12-04T09:37:17.575470994Z",
"connection_status": "in_progress"
}
Testing a New Luna Connection
To test a new Luna Network connection parameters, run:
Syntax
ksctl connectionmgmt luna-hsm connections test --conn-password <Partitions-Password> --partitions-json-file <xxx.json> --ha-enable <Yes/No>
This command requires a partition file of JSON type and a password of the luna partitions.
HA flag is optional, and the default value is FALSE. To test connection parameters with multiple partitions (with an HA group), the HA flag should be specified as TRUE. The format of the JSON file to create a connection:
[
{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label1","serial_number": "xxxxxx"},
{"hostname": "xx.xxx.xx.xx","partition_label": "sample-label2","serial_number": "xxxxxx"}
]
This command is asynchronous; therefore, it initiates a connection test and gives the status as in_progress.
The test-status command can be used to fetch the actual status by using the ID returned with this command.
Example Request
ksctl connectionmgmt luna-hsm connections test --conn-password passcode --partitions-json-file partitions.json --ha-enable yes
Example Response
{
"id": "00eb8941-a787-4440-a46d-8f658b7f97d3",
"uri": "kylo:kylo:hsm:connections:00eb8941-a787-4440-a46d-8f658b7f97d3",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-23T13:27:20.281086901Z",
"updatedAt": "2020-11-23T13:27:20.277119471Z",
"connection_status": "in_progress"
}
Getting a Test Status
To get the status of the Luna connection parameters test performed earlier, run:
Syntax
ksctl connectionmgmt luna-hsm connections test-status --id <Test-Identifier>
This command requires a test ID that is returned as a part of the test command.
Example Request
ksctl connectionmgmt luna-hsm connections test-status --id 00eb8941-a787-4440-a46d-8f658b7f97d3
Example Response
{
"id": "00eb8941-a787-4440-a46d-8f658b7f97d3",
"uri": "kylo:kylo:hsm:connections:de7b1255-9ded-4222-8e1b-408110413a19",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-23T13:32:57.450956Z",
"updatedAt": "2020-11-23T13:32:57.505909Z",
"connection_status": "connection ok"
}
Managing Azure Stack Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an Azure Stack connection
List all Azure Stack connections
Test an existing Azure Stack connection
Test parameters for a Azure Stack connection
Examples in this section are for ADFS connection type. Similarly, you can manage connections for AAD by changing the connection-type to AAD.
Creating an Azure Stack Connection
To create an Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure create --name <Connection-Name> --products <Product-Names> --clientid <Azure-Key-ID> --meta <Key-Values> --tenantid <Tenant-ID> --cloudname <Cloud-Name> --connection-type <Connection-Type> --active-dir-endpoint <Active-Directory-Endpoint> --management-url <Management-URL> --res-manager-url <Resource-Manager-URL> --key-vault-dns-suffix <Keyvault-DNS-Suffix> --vault-res-url <Vault-Resource-URL> --server-cert-file <Server-Certificate-File>
Example Request
ksctl connectionmgmt azure create --name test-azs-adfs --products cckm --clientid client123 --secret secret123 --tenantid 123 --cloudname AzureStack --connection-type ADFS --active-dir-endpoint "https://adfs.local.azurestack.external/adfs" --management-url "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd" --res-manager-url "https://management.local.azurestack.external/" --key-vault-dns-suffix "vault.local.azurestack.external" --vault-res-url "https://vault.local.azurestack.external" --server-cert-file ~/server.pem
Example Response
{
"id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-24T11:06:31.917450971Z",
"updatedAt": "2020-12-24T11:06:31.916445598Z",
"service": "azure",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-azs-adfs",
"products": [
"cckm"
],
"tenant_id": "123",
"client_id": "client123",
"cloud_name": "AzureStack",
"active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
"vault_resource_url": "https://vault.local.azurestack.external",
"resource_manager_url": "https://management.local.azurestack.external/",
"key_vault_dns_suffix": "vault.local.azurestack.external",
"management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
"azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
"azure_stack_connection_type": "ADFS"
}
Getting Details of an Azure Stack Connection
To get details of an Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt azure get --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3
Example Response
{
"id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-24T11:06:31.917451Z",
"updatedAt": "2020-12-24T11:06:31.916446Z",
"service": "azure",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-azs-adfs",
"products": [
"cckm"
],
"tenant_id": "123",
"client_id": "client123",
"cloud_name": "AzureStack",
"active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
"vault_resource_url": "https://vault.local.azurestack.external",
"resource_manager_url": "https://management.local.azurestack.external/",
"key_vault_dns_suffix": "vault.local.azurestack.external",
"management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
"azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
"azure_stack_connection_type": "ADFS"
}
Updating an Azure Stack Connection
To update an Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure modify --id <Connection-Name/ID> --products <Product-Names> --secret <Azure-Client-Secret> --meta <Key-Values>
Example Request
ksctl connectionmgmt azure modify --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3 --tenantid 456
Example Response
{
"id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-24T11:06:31.917451Z",
"updatedAt": "2020-12-24T11:14:12.702605505Z",
"service": "azure",
"category": "cloud",
"last_connection_ok": false,
"last_connection_error": "Post \"https://adfs.local.azurestack.external/adfs/oauth2/token\": dial tcp: lookup adfs.local.azurestack.external on 127.0.0.11:53: no such host",
"last_connection_at": "2020-12-24T11:12:48.403146Z",
"name": "test-azs-adfs",
"products": [
"cckm"
],
"meta": "",
"tenant_id": "456",
"client_id": "client123",
"cloud_name": "AzureStack",
"active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
"vault_resource_url": "https://vault.local.azurestack.external",
"resource_manager_url": "https://management.local.azurestack.external/",
"key_vault_dns_suffix": "vault.local.azurestack.external",
"management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
"azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
"azure_stack_connection_type": "ADFS"
}
Deleting an Azure Stack Connection
To delete an Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt azure delete --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3
There will be no response if Azure Stack connection is deleted successfully.
Getting List of Azure Stack Connections
To list all the Azure Stack connections, run:
Syntax
ksctl connectionmgmt azure list
Example Request
ksctl connectionmgmt azure list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"uri": "kylo:kylo:connectionmgmt:connections:test-azs-adfs-2cc2d7db-155c-472f-b248-4ca4072d1bb3",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-24T11:06:31.917451Z",
"updatedAt": "2020-12-24T11:06:31.916446Z",
"service": "azure",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-azs-adfs",
"products": [
"cckm"
],
"tenant_id": "123",
"client_id": "client123",
"cloud_name": "AzureStack",
"active_directory_endpoint": "https://adfs.local.azurestack.external/adfs",
"vault_resource_url": "https://vault.local.azurestack.external",
"resource_manager_url": "https://management.local.azurestack.external/",
"key_vault_dns_suffix": "vault.local.azurestack.external",
"management_url": "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd",
"azure_stack_server_cert": "-----BEGIN CERTIFICATE-----\nMIIEPDCCAiSgAwIBAgIRALJpeHdhAFCGctcAVJ1fpwMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMDEyMDIwOTIzMTRaFw0yMjEyMDIwOTIzMTRaMCIxDjAMBgNVBAMTBWFkbWluMRAw\nDgYKCZImiZPyLGQBARMAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n2j0VAgq5PlqfFX2A8yoLYayv3NZcwWwC0ErhY3z2tIcnxuJ84OoVTD1O2NXF1SMq\nBK2dS1WrDim4QZpp+ueuLAYpQDHxZAo353tXjQ9W6alvfCTaX621/2clxQ/fn3Zt\nL0zP8aUCO/sv80B6C+nr20g8ooxdUIOrbsYWwVMpis+J39fQNItLJzcib0lWYrYe\n7f1d+yXc+zMMU1tEOh7q504zy142YsFNlk1D3HOzvPB+NHA2D7M8Buj7Z3VH57cr\ny69bDFlBlePO3JDUfo8TKmz+ST0x9TjVBHTtjCDqtENWBqNppAd3SdRIeHKFF8CH\nbHg/oL6z3kQYXwEqbHu5kQIDAQABozUwMzAOBgNVHQ8BAf8EBAMCA4gwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEA\nlu2HMN3FnPPYxKt89aBJA1NeZgTTSGPLnE3T5T2VPjy6/RO6rWnvcn3YdaOOHRa2\nWP+mm/Au003pheu8orX0YrRxEVLCYUff3Xq+wKol8zP8EGR3PMB4zOGfdkxGQJZB\n/aVDasU80mLdLi7iwVD5p788fCIKdQWNA1Ln1nmEwF48jBns6p2kx2TCruQU0v9H\npbPKOVq84zs0rrgtioYgF4nlTGXjNP6KvO+F0PdUKby6ZtQptGADz92FD4wnpQr1\nBtGFhkS+c4nD+JzjeWMhu6qyK+NTJ5f5CUF6okxfOIHAzmLja9knwVLsJQ3R4oKo\nLyzp/wBSurdS+ClT9pJ0unPzq7UM0QFkvk2Op0gFswZ5XfewaAaEZifcVnux/ira\ndlZrVM9kBN1Fz2DzWau7itqhXiT8fdDH68qYQwNQwwDe5km3+i44Jz7KWEQi88XO\nKbwO8tMMvd+exLXshLzIbJ/1IVsQklR4N1M7GHrXTbgomCAxBhTkuGyu4hENYHsN\nobEToCx8UNXoZlYUX2f8hE9ad/tGrpwqXUHkSWjnET2+R5OmtS0p2wsRofbmY9in\noE4di6Pk83BMh2RpCDxDPb0UqTGlRlbPuew0mNfI2ePQLoFhyoTmwN1xEgUpex1u\nQb9IovyN2/Bm1QNpt4wRwoDF4sGAgcEM6AAtMVe2uVQ=\n-----END CERTIFICATE-----\n",
"azure_stack_connection_type": "ADFS"
},
]
}
Testing an Existing Azure Stack Connection
To test an existing Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure test --id <Connection-Name/ID> --clientid <Azure-Key-ID> --secret <Azure-Client-Secret> --tenantid <Tenant-ID>
Example Request
ksctl connectionmgmt azure test --id 2cc2d7db-155c-472f-b248-4ca4072d1bb3
Example Response
{
"connection_ok": true
}
Testing Parameters for an Azure Stack Connection
To test parameters for an Azure Stack connection, run:
Syntax
ksctl connectionmgmt azure test --clientid <Azure-Key-ID> --meta <Key-Values> --tenantid <Tenant-ID> --cloudname <Cloud-Name> --connection-type <Connection-Type> --active-dir-endpoint <Active-Directory-Endpoint> --management-url <Management-URL> --res-manager-url <Resource-Manager-URL> --key-vault-dns-suffix <Keyvault-DNS-Suffix> --vault-res-url <Vault-Resource-URL> --server-cert-file <Server-Certificate-File>
Example Request
ksctl connectionmgmt azure test --clientid client123 --secret secret123 --tenantid 123 --cloudname AzureStack --connection-type ADFS --active-dir-endpoint "https://adfs.local.azurestack.external/adfs" --management-url "https://management.adfs.azurestack.local/2aeeb93d-50a7-415e-8b217-01b5c5e2fasd" --res-manager-url "https://management.local.azurestack.external/" --key-vault-dns-suffix "vault.local.azurestack.external" --vault-res-url "https://vault.local.azurestack.external" --server-cert-file ~/server.pem
Example Response
{
"connection_ok": true
}
Managing Salesforce Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an Salesforce connection
List all Salesforce connections
Test an existing Salesforce connection
Test parameters for a Salesforce connection
Creating a Salesforce Connection
To create a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce create --name <Connection-Name> --products <Products-Names> --clientid <Salesforce-Key-ID> --username <Salesforce-Client-Secret> --cloudname <Salesforce-Cloud-Name> --use-certificate <yes/y>
Example Request
ksctl connectionmgmt salesforce create --name "salesforce-1" --products "cckm" --cloudname "Salesforce Sandbox Cloud" --clientid 123456 --username "xyz@gmail.com" --use-certificate yes
Example Response
{
"id": "24e3172a-f413-4440-851d-41dda4be3866",
"uri": "kyloconnectionmgmt:connections:salesforce-1-24e3172a-f413-4440-851d-41dda4be3866",
"account": "kyloadmin:accounts:kylo",
"createdAt": "2021-08-12T11:41:25.621130969Z",
"updatedAt": "2021-08-12T11:41:25.620184543Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "123456",
"username": "xyz@gmail.com",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIFvjCCA6agAwIBAgIRAPO1rJFvIa2vMxg8/kBv+bIwDQYJKoZIhvcNAQELBQAw\nfzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNh\nbiBKb3NlMQ8wDQYDVQQKEwZUaGFsZXMxFDASBgNVBAsTC0NpcGhlclRydXN0MSEw\nHwYDVQQDExhjY2ttLnRoYWxlc2VzZWN1cml0eS5jb20wHhcNMjEwODEyMTE0MTI1\nWhcNMzEwODEwMTE0MTI1WjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv\ncm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDzANBgNVBAoTBlRoYWxlczEUMBIGA1UE\nCxMLQ2lwaGVyVHJ1c3QxITAfBgNVBAMTGGNja20udGhhbGVzZXNlY3VyaXR5LmNv\nbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMmUZCVDih5P6tR/8pNV\nhn30kYyJl0aRRejeNZ1pOPqthqOyAbxvwBs5SPS40fjOrby2KpJ89LajCG9lWAPd\ngZyUnB6Wm0DVlefmH92moASlcYteRytGEkWJLFOaNkzswclDzuWGY4V25+6gBDV7\np6CbfcxDqHQVfPoiaplU/R019iL52eg8o002+xr6neSMTa517CPUp/ynAexRQrq/\n/q5t/d4LQ74g0sbq7OZpv4n1W7SIS8F8X5JebXRVjLQYnsn2Skblv5iwaPPdjBb+\nPtBCdIqooAO1rNBektW7jOsK/UB0/6SmDFavD3+xYIJBjpYBvx37Phx24AMwUYId\nlh8Jp94OXOEC2/6ypgBvZSIobHUZ2Pq8FvXvO7KNH3Zo1r7JQkb1vjEctr5v2X19\n1fp0mIW0vKrHQPzSMAHThRsNYkFGhMTficZsjhMIjeOtefuz0fzzmho58FxbL3JP\nH6GqY7daZcpUFwOTgPO8ginoZKNtfFrNoxuwl3dJlc5e9C4gWR+hirU66oYxbJsH\nFfyv135GkgY0Sqrffld7JTLBkPovRS9YYD9idIPBwuAI4c7A4BvTL38m4nd6AbFY\nOLIdVvnnS4vtURffb131ZsUdYAlkpJn5OCBhCTxCEl1F1usidI8TjUZsxVGUZ6Re\nWFU9edK5DlJcXUh9d6Ok7AfHAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNV\nHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC\nAQBkJt/jnVITmxNJ+StxZF3iza8GH4DF2pk1/gJo5Q8A1tyk+EDWkNpyFaYXG7gK\n0IG6u79Nz5YhDGKTRdLgVi8+ApnvgBoYLOxdx89TvRJzbvIwC1SfKF9w4JID5rmB\nv28o6sP9bk6PRcE2kbaiX1IYjGJw4xeLBUaoB2WEG24PfYPqdxr/pa0cfbBFc10s\nZ+5+Xe0XBmYUMiu25YcdHI97u5n7U6+6gBE+lyzVptlXNTJPDwf/fcOqzp6jJlFu\nzRsPbts9O8DbTdGfuzBJfxbObDEWPDa+TX0Be70AiP9gLKSLMeX4xQypGE2umkPG\nj7sWcJuC8T1SXsbxIVNyBQu6cSZvkLJmlnQGbo3W71oRkMc4r1n0BSHYbFKa/h2/\nVGm0zhyGmXFazkWWXExXno1Z11gO6kODVDgvkbeuRAJANJuN3wOLEqLCMJFYORIN\ndFjY/RAJU38oEkGvwq3s9tFIKUk4OaOG45+eIywKC/7bQSq/v3VAP07an4VrDdS6\nTxeHQzVLMar9lHiyBf7D2FsLj0lhLCAVAUd8sRjw3Trcr8k1NTzJNstWNkxTAaKN\nIwZf9lMFR/HU9tH8LMDV1PCsxLLM85zwbj/0wmlMzqF7/P8NwQoatlADmaAo3S/q\nx+3xUo+zZVfaYq1UQhNgjRB0Jq1QAqxJAzRDlBud2d25Cw==\n-----END CERTIFICATE-----\n",
"certificate_subject": "CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"
}
Getting Details of a Salesforce Connection
To get details of a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce get --id 5818ec3d-c5e9-4039-b911-efd45cb08f88
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "xyz@gmail.com"
}
Updating a Salesforce Connection
To update a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce modify --id <Connection-Name/ID> --products <Products-Names> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret> --meta <Key:Values>
Example Request
ksctl connectionmgmt salesforce modify --id 5818ec3d-c5e9-4039-b911-efd45cb08f88 --username abcd@gmail.com
Example Response
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:25:06.228123698Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud",
"client_id": "3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12",
"username": "abcd@gmail.com"
}
Deleting a Salesforce Connection
To delete a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5
Example Response
There will be no response if Salesforce connection is deleted successfully.
Getting List of Salesforce Connections
To list all the Salesforce connections, run:
Syntax
ksctl connectionmgmt salesforce list
Example Request
ksctl connectionmgmt salesforce list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "5818ec3d-c5e9-4039-b911-efd45cb08f88",
"uri": "kylo:kylo:connectionmgmt:connections:salesforce-1-5818ec3d-c5e9-4039-b911-efd45cb08f88",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-08-10T10:21:29.967822Z",
"updatedAt": "2021-08-10T10:21:29.966606Z",
"service": "salesforce",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "salesforce-1",
"products": [
"cckm"
],
"cloud_name": "Salesforce Sandbox Cloud"
}
]
}
Testing an Existing Salesforce Connection
To test an existing Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt salesforce test --id 5087c384-43aa-4750-951e-3a0f2b60d43b
Example Response
{
"connection_ok": true,
}
Testing Parameters for a Salesforce Connection
To test parameters for a Salesforce connection, run:
Syntax
ksctl connectionmgmt salesforce test --id <Connection-Name/ID> --clientid <Salesforce-Key-ID> --secret <Salesforce-Client-Secret>
Example Request
ksctl connectionmgmt salesforce test --clientid 3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12 --secret BC0556E7A0B4C96E218EF91370C5B --username salesforce-1 --conn-password 123456 --cloudname "Salesforce Sandbox Cloud"
Example Response
{
"connection_ok": true,
}
Managing SAP Data Custodian Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SAP Data Custodian connection
List all SAP Data Custodian connections
Test an existing SAP Data Custodian connection
Test parameters for a SAP Data Custodian connection
Creating a SAP Data Custodian Connection
To create a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc create --name <Connection-Name> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>
Here, --api-endpoint is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:
Create a temporary technical user (TU).
Generate its credentials and download them.
The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.
Example Request
ksctl connectionmgmt sap-dc create --name test-conn --products "cckm" --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.77127493Z",
"updatedAt": "2021-10-27T07:21:22.770209257Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
Getting Details of a SAP Data Custodian Connection
To get details of a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc get --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:21:22.770209Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
Updating a SAP Data Custodian Connection
To update a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc modify --id <Connection-Name/ID> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String> --meta <Key:Values>
Example Request
ksctl connectionmgmt sap-dc modify --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18 --products "cckm" --api-endpoint "https://test2-endpoint.com" --user-creds '{"user":"testuser2","secret":"testsecret2","tenant":"testtenant2"}'
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:26:11.431339116Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test2-endpoint.com",
"user_credentials": {
"tenant": "testtenant2",
"user": "testuser2"
}
}
Deleting a SAP Data Custodian Connection
To delete a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc delete --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
There will be no response if SAP Data Custodian connection is deleted successfully.
Getting List of SAP Data Custodian Connections
To list all the SAP Data Custodian connections, run:
Syntax
ksctl connectionmgmt sap-dc list
Example Request
ksctl connectionmgmt sap-dc list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:21:22.770209Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
]
}
Testing an Existing SAP Data Custodian Connection
To test an existing SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc test --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
{
"connection_ok": true
}
Testing Parameters for a SAP Data Custodian Connection
To test parameters for a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc test --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>
Example Request
ksctl connectionmgmt sap-dc test --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'
Example Response
{
"connection_ok": true
}
Managing Hadoop Knox Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete a Hadoop Knox connection
List all Hadoop Knox connections
Test an existing Hadoop Knox connection
Test parameters for a Hadoop Knox connection
Add/Get/Update/Delete a node in an existing Hadoop Knox connection
List all nodes in a Hadoop Knox connection
Creating a Hadoop Knox Connection
To create a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop create --name <Connection-Name> --products <Products-Names> --username <Server-UserName> --conn-password <Server-Password> --meta <Key-Values> --service <Service-Name> --topology <Topology> --nodes-json-file <JSON-File>
Example Request
ksctl connectionmgmt hadoop create --name knox --service hadoop-knox --conn-password admin --username admin --nodes-json-file ../hadoop.json --topology default
Example Response
{
"id": "d9fe26ca-0321-4cba-bc14-8334bfcb6f9c",
"uri": "kylo:kylo:connectionmgmt:connections:knox-d9fe26ca-0321-4cba-bc14-8334bfcb6f9c",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T10:56:00.729395192Z",
"updatedAt": "2020-12-28T10:56:00.728472048Z",
"service": "hadoop-knox",
"category": "system",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "knox",
"username": "admin",
"topology": "default",
"nodes": [
{
"hostname": "node1",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"protocol": "https"
}
]
}
Getting Details of a Hadoop Knox Connection
To get details of a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt hadoop get --id 604da7f5-0359-4b56-ae8d-7164857a2f2f
Example Response
{
"id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
"uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T04:48:36.061995Z",
"updatedAt": "2020-12-28T04:48:36.061306Z",
"service": "hadoop-knox",
"category": "system",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "hadoopConnection",
"products": [
"cte"
],
"description": "test description",
"username": "admin",
"topology": "default",
"nodes": [
{
"hostname": "host1",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"path": "/gateway/default/webhdfs/v1",
"protocol": "https"
}
]
}
Updating a Hadoop Knox Connection
To update a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop modify --id <Connection-Name/ID> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key:Values> --topology <Topology>
Example Request
ksctl connectionmgmt hadoop modify --id 604da7f5-0359-4b56-ae8d-7164857a2f2f --username admin
Example Response
{
"id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
"uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T04:48:36.061995Z",
"updatedAt": "2020-12-28T09:34:20.197779489Z",
"service": "hadoop-knox",
"category": "system",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "hadoopConnection",
"products": [
"cte"
],
"meta": "",
"description": "test description",
"username": "admin",
"topology": "default"
}
Deleting a Hadoop Knox Connection
To delete a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt hadoop delete --id 604da7f5-0359-4b56-ae8d-7164857a2f2f
There will be no response if connection is deleted successfully.
Getting List of Hadoop Knox Connections
To list all the Hadoop Knox connections, run:
Syntax
ksctl connectionmgmt hadoop list
Example Request
ksctl connectionmgmt hadoop list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "604da7f5-0359-4b56-ae8d-7164857a2f2f",
"uri": "kylo:kylo:connectionmgmt:connections:hadoopconnection-604da7f5-0359-4b56-ae8d-7164857a2f2f",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T04:48:36.061995Z",
"updatedAt": "2020-12-28T04:48:36.061306Z",
"service": "hadoop-knox",
"category": "system",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "hadoopConnection",
"products": [
"cte"
],
"description": "test description",
"username": "admin",
"topology": "default",
"nodes": [
{
"hostname": "host1",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"path": "/gateway/default/webhdfs/v1",
"protocol": "https"
}
]
}
]
}
Testing an Existing Hadoop Knox Connection
To test an existing Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt hadoop test --id 604da7f5-0359-4b56-ae8d-7164857a2f2ft;
Example Response
{
"status": true,
"nodes": [
{
"hostname": "1.2.3.4",
"connection_ok": true,
}
]
}
Testing Parameters for a Hadoop Knox Connection
To test parameters for a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop test --username <Server-Username> --conn-password <Server-Password> --service <Service-Name> --nodes-json-file <JSON-File>
Example Request
ksctl connectionmgmt hadoop test --username admin --conn-password test_password --nodes-json-file hadoop.json --service hadoop-knox
Example Response
{
"status": true,
"nodes": [
{
"hostname": "1.2.3.4",
"connection_ok": true,
}
]
}
Adding a Node in an Existing Hadoop Knox Connection
To add a node in an existing Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop node add --id <Connection-Name/ID> --hostname <Server-Hostname> --port <Server-Port> --path <Server-Path> --server-cert-file <Server-Certificate-File> --protocol <Communication-Protocol>
Example Request
ksctl connectionmgmt hadoop node add --hostname node2 --port 1234 --protocol https --server-cert-file ~/server.pem --id 4690c02c-769b-43c6-88a0-d58e3634027d
Example Response
{
"id": "4690c02c-769b-43c6-88a0-d58e3634027d",
"uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T10:48:36.907928008Z",
"hostname": "node2",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"protocol": "https"
}
Getting Node Details in a Hadoop Knox Connection
To get node details in a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop node get --id <Connection-Name/ID> --node-id <Node ID/Hostname>
Example Request
ksctl connectionmgmt hadoop node get --id 4690c02c-769b-43c6-88a0-d58e3634027d --node-id node2
Example Response
{
"id": "4690c02c-769b-43c6-88a0-d58e3634027d",
"uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T10:48:36.907928Z",
"hostname": "node2",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"protocol": "https"
}
Updating a Node in a Hadoop Knox Connection
To update a node in a Hadoop Knox Connection, run:
Syntax
ksctl connectionmgmt hadoop node modify --id <Connection-Name/ID> --node-id <Node ID/Hostname> --hostname <Server-Hostname> --port <Server-Port> --path <Sever-Path> --protocol <Communication-Protocol> --sever-cert-file <Server-Certificate-File>
Example Request
ksctl connectionmgmt hadoop node modify --id 4690c02c-769b-43c6-88a0-d58e3634027d --node-id node2 --port 5678
Example Response
{
"id": "4690c02c-769b-43c6-88a0-d58e3634027d",
"account": "kylo:kylo:admin:accounts:kylo",
"hostname": "node2",
"port": "5678",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"protocol": "https"
}
Deleting a Node in a Hadoop Knox Connection
To delete a node in a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop node delete --id <Connection-Name/ID> --node-id <Node ID/Hostname>
Example Request
ksctl connectionmgmt hadoop node delete --id c4a11fc1-d226-4f19-8d03-5911198e89e5 --node-id e4a11fc1-d226-4f19-8d03-5911198e89e4
There will be no response if node is deleted successfully.
Getting List of all Nodes in a Hadoop Knox Connection
To list all the nodes in a Hadoop Knox connection, run:
Syntax
ksctl connectionmgmt hadoop node list --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt hadoop node list --id 4690c02c-769b-43c6-88a0-d58e3634027d
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "4690c02c-769b-43c6-88a0-d58e3634027d",
"uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-4690c02c-769b-43c6-88a0-d58e3634027d",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T10:48:36.907928Z",
"hostname": "node2",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"protocol": "https"
},
{
"id": "ad5e290c-13ef-451b-bf40-dbb37e00e423",
"uri": "kylo:kylo:connectionmgmt:hadoop-knox-node:hadoopconnection-ad5e290c-13ef-451b-bf40-dbb37e00e423",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2020-12-28T04:48:36.063074Z",
"hostname": "host1",
"port": "1234",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----",
"path": "/gateway/default/webhdfs/v1",
"protocol": "https"
}
]
}
Managing SMB Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SMB connection
List all SMB connections
Test an existing SMB connection
Creating an SMB Connection
To create an SMB connection, run:
Syntax
ksctl connectionmgmt smb create --name <Connection-Name> --host <Hostname> --port <Port> --Username <SMB-Connection-Username> ---conn-password <SMB-Connection-Password>
Example Request
ksctl connectionmgmt smb create --name smbConnection1 --host xx.xxx.xxx.xxx --port 445 --username test1 --conn-password 1234
Example Response
{
"id": "5b32eb85-5c8e-4416-a749-b0b0b8916213",
"uri": "kylo:kylo:connectionmgmt:connections:smbconnection1-5b32eb85-5c8e-4416-a749-b0b0b8916213",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T08:49:10.5042906Z",
"updatedAt": "2021-02-03T08:49:10.502989201Z",
"service": "SMB",
"category": "File-Share",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "smbConnection1",
"username": "test1",
"host": "xx.xxx.xxx.xxx",
"Port": "445"
}
Getting Details of an SMB Connection
To get details of an SMB connection, run:
Syntax
ksctl connectionmgmt smb get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt smb get --id 7ee52a57-19d4-4202-b900-edd299bb6d7a
Example Response
{
"id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
"uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T03:55:03.541011Z",
"updatedAt": "2021-02-03T03:55:03.538119Z",
"service": "SMB",
"category": "File-Share",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "smbConnection",
"products": [
"CTE"
],
"description": "a description of the connection",
"username": "user",
"domain": "domainName",
"host": "1.2.3.4",
"Port": "445"
}
Updating an SMB Connection
To update an SMB connection, run:
Syntax
ksctl connectionmgmt smb modify --id <Connection-Name/ID> --products <Product-Names> --conn-password <SMB-Connection-Password> --meta <Key-Values>
Example Request
ksctl connectionmgmt smb modify --id 7ee52a57-19d4-4202-b900-edd299bb6d7a --conn-password 1234 --username test2
Example Response
{
"id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
"uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T03:55:03.541011Z",
"updatedAt": "2021-02-03T08:58:21.490072287Z",
"service": "SMB",
"category": "File-Share",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "smbConnection",
"products": [
"CTE"
],
"meta": "",
"description": "a description of the connection",
"host": "1.2.3.4",
"domain": "domainName",
"username": "test2",
"port": "445"
}
Deleting an SMB Connection
To delete an SMB connection, run;
Syntax
ksctl connectionmgmt smb delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt smb delete --id 7ee52a57-19d4-4202-b900-edd299bb6d7a
There will be no response if SMB connection is deleted successfully.
Getting List of SMB Connections
To list all the SMB connections, run:
Syntax
ksctl connectionmgmt smb list
Example Request
ksctl connectionmgmt smb list
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "5b32eb85-5c8e-4416-a749-b0b0b8916213",
"uri": "kylo:kylo:connectionmgmt:connections:smbconnection1-5b32eb85-5c8e-4416-a749-b0b0b8916213",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T08:49:10.504291Z",
"updatedAt": "2021-02-03T08:49:10.502989Z",
"service": "SMB",
"category": "File-Share",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "smbConnection1",
"username": "test1",
"host": "xx.xxx.xxx.xxx",
"Port": "445"
},
{
"id": "7ee52a57-19d4-4202-b900-edd299bb6d7a",
"uri": "kylo:kylo:connectionmgmt:connections:smbconnection-7ee52a57-19d4-4202-b900-edd299bb6d7a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T03:55:03.541011Z",
"updatedAt": "2021-02-03T03:55:03.538119Z",
"service": "SMB",
"category": "File-Share",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "smbConnection",
"products": [
"CTE"
],
"description": "a description of the connection",
"username": "user",
"domain": "domainName",
"host": "1.2.3.4",
"Port": "445"
}
]
}
Testing an Existing SMB Connection
To test an existing SMB connection, run;
Syntax
ksctl connectionmgmt smb test --id <Connection-Name/ID> --share-path <Share-Path>
ksctl connectionmgmt smb test --host <Hostname> --port <Port> --username <SMB-Connection-Username> --conn-password <SMB-Connection-Password> --share-path <Share-Path>
Example Request 1
ksctl connectionmgmt smb test --id 7ee52a57-19d4-4202-b900-edd299bb6d7a --share-path shared
Example Response 1
{
"connection_ok": true
}
Example Request 2
ksctl connectionmgmt smb test --host xx.xxx.xxx.xxx --port 445 --username test1 --conn-password 1234 --share-path shared
Example Response 2
{
"connection_ok": true
}
Managing DSM Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete a DSM connection
List all DSM connections
Test an existing DSM connection
Test parameters for a DSM connection
Add/Get/Update/Delete a node in an existing DSM connection
List all nodes in a DSM connection
Creating a DSM Connection
To create a DSM connection, run:
Syntax
ksctl connectionmgmt dsm create --name <Connection-Name> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key-Values> --dsm-domain-id <Domain-ID> --nodes-json-file <Json-File>
Example Request
ksctl connectionmgmt dsm create --name dsm-connection --username admin --conn-password Ssl12345# --nodes-json-file ./dsmnodes.json
Example DSM Nodes JSON File
[
{
"hostname": "test.node1",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n"
},
{
"hostname": "test.node2",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n"
}
]
Example Response
{
"id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.944110478Z",
"updatedAt": "2021-02-03T10:36:52.941941401Z",
"service": "DSM",
"category": "KeyManager",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "dsm-connection",
"username": "admin",
"nodes": [
{
"id": "7a523daa-aa94-4b11-b31b-c945853663e4",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.946654385Z",
"hostname": "test.node1",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
},
{
"id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.948553989Z",
"hostname": "test.node2",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
]
}
Getting Details of a DSM Connection
To get details of a DSM connection, run:
Syntax
ksctl connectionmgmt dsm get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt dsm get --id dsm-connection
Example Response
{
"id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.94411Z",
"updatedAt": "2021-02-03T10:36:52.941941Z",
"service": "DSM",
"category": "KeyManager",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "dsm-connection",
"username": "admin",
"nodes": [
{
"id": "7a523daa-aa94-4b11-b31b-c945853663e4",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.946654Z",
"hostname": "test.node1",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
},
{
"id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.948554Z",
"hostname": "test.node2",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
]
}
Updating a DSM Connection
To update a DSM connection, run:
Syntax
ksctl connectionmgmt dsm modify --id <Connection-Name/ID> --products <Products-Names> --username <Server-Username> --conn-password <Server-Password> --meta <Key:Values>
Example Request
ksctl connectionmgmt dsm modify --id dsm-cli-1 --username myadmin
Example Response
{
"id": "110b0166-6320-4de2-bbd4-c037665616cf",
"uri": "kylo:kylo:connectionmgmt:connections:dsm-cli-1-110b0166-6320-4de2-bbd4-c037665616cf",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T08:22:58.459353Z",
"updatedAt": "2021-02-03T10:40:41.242490229Z",
"service": "DSM",
"category": "KeyManager",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "dsm-cli-1",
"meta": "",
"username": "myadmin"
}
Deleting a DSM Connection
To delete a DSM connection, run;
Syntax
ksctl connectionmgmt dsm delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt dsm delete --id dsm-cli-1
There will be no response if DSM connection is deleted successfully.
Getting List of DSM Connections
To list all the DSM connections, run:
Syntax
ksctl connectionmgmt dsm list
Example Request
ksctl connectionmgmt dsm list
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"uri": "kylo:kylo:connectionmgmt:connections:dsm-connection-d873bac7-adef-43a9-b3cf-2e76cbd40bd2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.94411Z",
"updatedAt": "2021-02-03T10:36:52.941941Z",
"service": "DSM",
"category": "KeyManager",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "dsm-connection",
"username": "admin"
},
{
"id": "110b0166-6320-4de2-bbd4-c037665616cf",
"uri": "kylo:kylo:connectionmgmt:connections:dsm-cli-1-110b0166-6320-4de2-bbd4-c037665616cf",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T08:22:58.459353Z",
"updatedAt": "2021-02-03T08:23:03.937019Z",
"service": "DSM",
"category": "KeyManager",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "dsm-cli-1",
"meta": "",
"username": "kylo_d1_rst"
}
]
}
Testing an Existing DSM Connection
To test an existing DSM connection, run;
Syntax
ksctl connectionmgmt dsm test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt dsm test --id dsm-connection
Example Response
{
"status": true,
"nodes": [
{
"hostname": "test.node1",
"connection_ok": true
},
{
"hostname": "node2",
"connection_ok": true
}
],
"admin_type": "SYSTEM_ADMIN",
"managed_domains": [
{
"id": 1,
"url": "/v1/domains/1",
"name": "System Domain",
"description": "Internal system domain",
"kmipEnabled": false,
"fingerprintRegistrationDisabled": false,
"registrationTokenEnabled": false,
"MoreInfo": true
}
]
}
Testing Parameters for a DSM Connection
To test parameters for a DSM connection, run:
Syntax
ksctl connectionmgmt dsm test --username <Server-Username> --conn-password <Server-Password> --nodes-json-file <JSON-File>
Example Request
ksctl connectionmgmt dsm test --username admin --conn-password Ssl12345# --nodes-json-file ./dsmnodes.json
Example Response
{
"status": true,
"nodes": [
{
"hostname": "test.node1",
"connection_ok": true
},
{
"hostname": "test.node2",
"connection_ok": true
}
],
"admin_type": "SYSTEM_ADMIN",
"managed_domains": [
{
"id": 1,
"url": "/v1/domains/1",
"name": "System Domain",
"description": "Internal system domain",
"kmipEnabled": false,
"fingerprintRegistrationDisabled": false,
"registrationTokenEnabled": false,
"MoreInfo": true
}
]
}
Adding Node in an Existing DSM Connection
To add node in a existing DSM connection, run:
Syntax
ksctl connectionmgmt dsm node add --id <Connection-Name/ID> --hostname <Server-Hostname> --server-cert-file <Server-Certificate-File>
Nodes must be from the same DSM cluster.
Example Request
ksctl connectionmgmt dsm node add --id dsm-connection --hostname node2 --server-cert-file ./cert.txt
Example Certificate File
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT
GkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE
ChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ
BgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG
A1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y
bWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT
AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41
uPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd
6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ
hpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA
4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry
20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L
HBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL
NRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG
A1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E
RTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7
M4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN
fB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF
lKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3
FOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU
CpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==
-----END CERTIFICATE-----
Example Response
{
"id": "82292365-39a0-4000-a756-963e7952b483",
"uri": "kylo:kylo:connectionmgmt:DSM-node:dsm-connection-82292365-39a0-4000-a756-963e7952b483",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:50:44.563323356Z",
"hostname": "node2",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
Getting Node Details in a DSM Connection
To get node details in a DSM connection, run:
Syntax
ksctl connectionmgmt dsm node get --id <Connection-Name/ID> --node-id <Server-Node-ID>
Example Request
ksctl connectionmgmt dsm node get --id dsm-connection --node-id test.node1
Example Response
{
"id": "7a523daa-aa94-4b11-b31b-c945853663e4",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.946654Z",
"hostname": "test.node1",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
Updating a Node in a DSM Connection
To update a node in a DSM Connection, run:
Syntax
ksctl connectionmgmt dsm node modify --id <Connection-Name/ID> --node-id <Server-Node-ID> --hostname <Server-Hostname> --sever-cert-file <Server-Certificate-File>
Example Request
ksctl connectionmgmt dsm node modify --id dsm-connection --node-id test.node2 --hostname node3
Example Response
{
"id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.948554Z",
"hostname": "node3",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
Deleting a Node in a DSM Connection
To delete a node in a DSM connection, run:
Syntax
ksctl connectionmgmt dsm node delete --id <Connection-Name/ID> --node-id <Node-ID>
Example Request
ksctl connectionmgmt dsm node delete --id dsm-connection --node-id node3
There will be no response if node is deleted successfully.
Getting List of all Nodes in a DSM Connection
To list all the nodes in a DSM connection, run:
Syntax
ksctl connectionmgmt DSM node list --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt dsm node list --id dsm-connection
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-bf333cb2-ad27-45ef-b1ba-5a85408e4141",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.948554Z",
"hostname": "test.node2",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
},
{
"id": "7a523daa-aa94-4b11-b31b-c945853663e4",
"uri": "kylo:kylo:connectionmgmt:dsm-node:dsm-connection-7a523daa-aa94-4b11-b31b-c945853663e4",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-02-03T10:36:52.946654Z",
"hostname": "test.node1",
"server_certificate": "-----BEGIN CERTIFICATE-----\nMIIEETCCAvmgAwIBAgIGCBPpVT3oMA0GCSqGSIb3DQEBDAUAMHMxIzAhBgNVBAMT\nGkNHIENBIFMgb24gc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UE\nChMJVm9ybWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJ\nBgNVBAYTAlVTMB4XDTIxMDEzMDA3MzYwOVoXDTMxMDEzMTA3MzYwOVowaDEYMBYG\nA1UEAxMPc3lzNzgxMDAucWEuY29tMQswCQYDVQQLEwJRQTESMBAGA1UEChMJVm9y\nbWV0cmljMREwDwYDVQQHEwhTYW4gSm9zZTELMAkGA1UECBMCQ0ExCzAJBgNVBAYT\nAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVYaXdacb0/g0u41\nuPtRowUK1lroUUNBZ8ileAwPfItkZPo3pSVzxLKnqB+7vKSEy6t6JfBH/zTzVQxd\n6cPtG5rnUeDSeGiYDmbVSULY9XmaETb2nA2XRuv9yGxJzm8QuxKw2ANQNKbVWcEZ\nhpy9C9WQUM2Td9MD0vhzDGCDg1eZNjtqDQdgTM95Xs8RqK/lbGn3x8YLUKiUcTVA\n4NhTyNVGpnvu0i/SPeLZNScRUXI0awqYuavMS3ty5Ooxd78AF3qHiutddvzeR5Ry\n20w/Xralbk6AuVHtBkaB6CKvSG1dUi/pFHuXw+49Fn2+gVPP0RYXGEwVm5d6wJ3L\nHBZCQwIDAQABo4G1MIGyMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n/wQCMAAwDgYDVR0PAQH/BAQDAgOoMB0GA1UdDgQWBBT6eagam2IV9s2XkOesFOxL\nNRRmZTAnBgNVHSMEIDAegBQLjlEnc9uzLZKw8msCBSyUnRGdKIIGALOnqfHDMBoG\nA1UdEQQTMBGCD3N5czc4MTAwLnFhLmNvbTAWBgcrzg8AAAABBAtTRVJWRVJfTk9E\nRTANBgkqhkiG9w0BAQwFAAOCAQEAoQVMDr8SeS6+F1O3C7ALWp5V0b9FUeab49n7\nM4fV6yPy+ZC07cVkqG1qde9lIsn5vOHuhdMJOQeX0EClFG4zs0gvbQ8/HVcoD7dN\nfB98nJXm+jOrKOKcNAvGaddtAUX7mDI48mIVrqstjibXxMlgHBMZ382Ujp5xcOnF\nlKU9NSqicW3wYAFaJH9NiVSINQEA6AizVuNmx3y1Di6hnsijvH6aJf5UVWgYq7Z3\nFOSPBlo0lyF8Tfavbq8IUphXyR3eWwV86uJsrV9Pty1xfAy0TqSm9py2+WBIL+ZU\nCpMRws+XTtAG5js7OkJbgKvoVf+GtWpSw4/OSF4PgGnfzoZ0YA==\n-----END CERTIFICATE-----\n",
"last_connection_ok": null,
"connection_id": "d873bac7-adef-43a9-b3cf-2e76cbd40bd2"
}
]
}
Managing Google Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete a GCP connection
List all GCP connections
Test an existing GCP connection
Test a new GCP Connection
Creating a GCP Connection
To create a GCP connection, run:
Syntax
ksctl connectionmgmt gcp create --name <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>
Format of GCP Key File
{
"type": "service_account",
"project_id": "test",
"private_key_id": "hbk0662522e157b8e39cc672108de25016d736y0",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV7g0lBwL/XaBD\nbpKtMQwFQJUiIPpv8luHA5wrvRi+XgAHBey8xMSOy/ezDNTlPgF99RNFz022WuCV\nAitCCaDpuaHPSqnx7ygs8hM6Mh/Kpq0fInnCXrdcgZKpK2qIJ8H0OdSmyiZp1hNG\nOICQckcmuJ0VUQLzwbS3R8dbwFAquQSxR1WBbI1vWZia3iap1ALSsh6nBUvaH7M6\nXaLZmZxUSLBw9o50slyI6UtM9WswcNWR9iYQS78DYakM5on9/M2y8kWQozhbIT/b\nilcE2weCtiu3UJR1xtI3WDL7eW3xdfJc2kLg0AIHflOopVkiuKaaFCw7s6aQUvFn\nna9Oi7FbAgMBAAECggEAIYBI8K57arAnw8eSEqsmnb/yWsjdTyCd8rO/Bh5zvIQN\n7wufeiQ6P75zSMfOoyOlqirx3LHNEqyClPMlAQ9u8osOat7fZDK2kOtL1YY58ktN\nux10AdtBTaxA4lsZML9Bj5Oq4H+5qkNK+2knwPcUa1znxInOM4v3F+iLsKiaJUZQ\nwnew+WacECpgMHxMavDiY92/0hPIYtBgJPk4Qud/0+EZ9QnTZ1FR4NSwk2rKBOx3\nJZTDcxLHbJ/jYPt+AJo77HITXkkbwBI9l9ILq5Y/aCI3Xw5qZA8lzuqxlklqvLvJ\n3j1ivz0+3t2/Ux4Y/wKpqmEMmKUAIq0BFKd+IqiykQKBgQDwS++M7l8SwQR8Sntn\nkkseFWPFmsETe9JzTugVsaQAfn9HPDtGmr2wcK+0Fo7/NEpYm+Vodh1rlLcSs7Ak\nheOIjShdDSRXjtwSoNxVoMoAaLFP3DORERhWYCczJjeqcoP1fUC27LmvA/1NDd15\n/C9BEdVH+ltpPDwgJxYJtXE+uQKBgQDj6QLJ0b9LEYxz0ig0knN7u0g4LRPkZF58\nrLDphUF+t06XRiXa8UKkaHsCMc0hVbZJ0yvHdY640ckxhzZfLk78fmonKfW11wV0\nBMjoYZlfJPQvAydalehVBrJ4j/ZhouhYKuycRrOrCcZD+FwpKBd8ThVcRxd/9j8V\nQgMf8ciGswKBgQDXC33z55dZ1zbGbHmHtNpYr9e8DcRgRV2PJ7x3PaSBdLM+8t4x\nT2YWsqHrTozmQsuOBOYG2D13+3zi1b/6z39SwtCuhYZSfVzhpufIEb71IrwbtfrI\nBj57fk1Wbws+FIGXfmId0jhSMgXLoW7lLhSz7NusMJcB1JASTihgw+n2sQKBgQCn\nFz4kGNLWhpcikwFHCdgA7t2T0fiziaJ8ZV+O1VOfQ2UrIxK94gOp5a/JfBmYRu7O\nUTPXmCh699M5rJgAUEM4erX44Jp0JqCo3pktReDcEIu1q+o+T4l2TOKr4WARVQ5j\nFZVDPdKbox7o1j07L1mImPawIK7p8e9t9me0E9+gYQKBgCiXzwL5ngTxAqLNXTTx\nuYL/1x3Pg6uvBnltfCUTDKVFDPv9Dwaad3T9cwqZZCzlM0GqTuALzVb1NAHVcx3U\nIUXcwn8mDT/aYWClnTDW7/ZwThnOsXSxbco68JdM2bpCS9nRqhYAlLb0eLMl2pEU\n59cqC1DjxsmVcmpabyi/726I\n-----END PRIVATE KEY-----\n",
"client_email": "test@some-project.iam.gserviceaccount.com",
"client_id": "some-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40some-project.iam.gserviceaccount.com"
}
Example Request
ksctl connectionmgmt gcp create --name gcpConn --key-file gcp.json --products CCKM
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.5260642Z",
"updatedAt": "2021-04-01T04:56:28.524593208Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Getting Details of a GCP Connection
To get details of a GCP connection, run:
Syntax
ksctl connectionmgmt gcp get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt gcp get --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526064Z",
"updatedAt": "2021-04-01T04:56:28.524593Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Updating a GCP Connection
To update a GCP connection, run:
Syntax
ksctl connectionmgmt gcp modify --id <Connection-Name> --key-file <Key-File-Path> --cloudname <Cloud-Name> --products <Product-Names> --meta <Key:Values>
Example Request
ksctl connectionmgmt gcp modify --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59 --key-file gcp1.json
Example Response
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526064Z",
"updatedAt": "2021-04-01T05:03:38.665326512Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": true,
"last_connection_at": "2021-04-01T05:00:03.806155Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"meta": "",
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
Deleting a GCP Connection
To delete a GCP connection, run;
Syntax
ksctl connectionmgmt gcp delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt gcp delete --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
There will be no response if GCP connection is deleted successfully.
Getting List of GCP Connections
To list all the GCP connections, run:
Syntax
ksctl connectionmgmt gcp list
Example Request
ksctl connectionmgmt gcp list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"uri": "kylo:kylo:connectionmgmt:connections:gcpconn-047bcdcb-5bbe-4de8-85e2-1dc504d07c59",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-04-01T04:56:28.526696Z",
"updatedAt": "2021-04-01T04:56:28.526696Z",
"service": "gcp",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "gcpConn",
"products": [
"CCKM"
],
"cloud_name": "gcp",
"client_email": "test@some-project.iam.gserviceaccount.com",
"private_key_id": "y437c51g956b8ab4908yb41541262a2fa3b0f84f"
}
]
}
Testing an Existing GCP Connection
To test an existing GCP connection, run;
Syntax
ksctl connectionmgmt gcp test --id <Connection-Name/ID> --key-file <Key-File-Path>
Example Request
ksctl connectionmgmt gcp test --id 047bcdcb-5bbe-4de8-85e2-1dc504d07c59
Example Response
{
"connection_ok": true
}
Testing a New GCP Connection
To test a new GCP connection, run;
Syntax
ksctl connectionmgmt gcp test --key-file <Key-File-Path>
Example Request
ksctl connectionmgmt gcp test --key-file gcp.json
Example Response
{
"connection_ok": true
}
Managing Oracle Cloud Infrastructure (OCI) Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an OCI connection
List all OCI connections
Test an existing OCI connection
Test parameters for an OCI Connection
Creating an OCI Connection
To create an OCI connection, run:
Syntax
1 | ksctl connectionmgmt oci create --name <connection-name> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file, pass_phrase-in-json-format>
|
Example Request
1 | ksctl connectionmgmt oci create --name oci-connection --products cckm --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
|
Example Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | {
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282327Z",
"updatedAt": "2022-01-19T04:32:15.488831158Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
|
conn-cred.json
1 2 3 4 | {
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}
|
Getting Details of an OCI Connection
To get details of an OCI connection, run:
Syntax
1 | ksctl connectionmgmt oci get --id <connection-name/id>
|
Example Request
1 | ksctl connectionmgmt oci get --id oci-connection
|
Example Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | {
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:32:15.488831Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
|
Updating an OCI Connection
To update an OCI connection, run:
Syntax
1 | ksctl connectionmgmt oci modify --id <connection-name/id> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format> --meta <key:values>
|
Example Request
1 | ksctl connectionmgmt oci modify --id oci-connection --user-ocid ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq
|
Example Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | {
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:40:36.311287549Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
|
Deleting an OCI Connection
To delete an OCI connection, run;
Syntax
1 | ksctl connectionmgmt oci delete --id <connection-name/id>
|
Example Request
1 | ksctl connectionmgmt oci delete --id oci-connection
|
Example Response
There will be no response if OCI Connection is deleted successfully.
Getting List of OCI Connections
To list all the OCI connections, run:
Syntax
1 | ksctl connectionmgmt oci list
|
Example Request
1 | ksctl connectionmgmt oci list
|
Example Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | {
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490836Z",
"updatedAt": "2022-01-19T04:40:36.312949Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
]
}
|
Testing an Existing OCI Connection
To test an existing OCI connection, run;
Syntax
1 | ksctl connectionmgmt oci test --id <connection-name/id>
|
Example Request
1 | ksctl connectionmgmt oci test --id oci-connection
|
Example Response
1 2 3 | {
"connection_ok": true
}
|
Testing Parameters for an OCI Connection
To test parameters for an OCI connection, run;
Syntax
1 | ksctl connectionmgmt oci test --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format>
|
Example Request
1 | ksctl connectionmgmt oci test --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
|
Example Response
1 2 3 | {
"connection_ok": true
}
|
conn-cred.json
1 2 3 4 | {
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}
|
Managing SCP Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SCP connection
List all SCP connections
Test an existing SCP connection
Test a new SCP Connection
Creating an SCP Connection
To create an SCP connection, run:
Syntax
ksctl connectionmgmt scp create --name <Connection-Name> --host <Hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp create --name scp-conn --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp" --products "backup/restore"
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Getting Details of an SCP Connection
To get details of an SCP connection, run:
Syntax
ksctl connectionmgmt scp get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp get --id scp-conn
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Updating an SCP Connection
To update an SCP connection, run:
Syntax
ksctl connectionmgmt scp modify --name <Connection-Name> --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --public-key <key> --path-to <Destination-Machine-Path> --products <Products-Names> --meta <Key:Value>
Example Request
ksctl connectionmgmt scp modify --id scp-conn --host 1.2.3.4 --scp-port 32
Example Response
{
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:21:53.141454927Z",
"service": "scp",
"category": "external-server",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "scp-conn",
"products": [
"backup/restore"
],
"meta": null,
"host": "1.2.3.4",
"port": 32,
"username": "admin",
"auth_method": "password",
"path_to": "/home/scp"
}
Deleting an SCP Connection
To delete an SCP connection, run;
Syntax
Syntax
ksctl connectionmgmt scp delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp delete --id scp-conn
Example Response
There will be no response if SCP connection is deleted successfully.
Getting List of SCP Connections
To list all the SCP connections, run:
Syntax
ksctl connectionmgmt scp list
Example Request
ksctl connectionmgmt scp list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"name": "scp-conn",
"id": "55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"uri": "kylo:kylo:connectionmgmt:connections:scp-conn-55ffad19-8c7c-4a33-8fc6-d2d2bca5deb5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-06-07T06:17:01.343933Z",
"updatedAt": "2021-06-07T06:17:01.342893Z",
"service": "scp",
"category": "external-server",
"products": [
"backup/restore"
],
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"host": "8.8.8.8",
"port": 22,
"username": "admin",
"auth_method": "password",
"public_key": "public-key",
"path_to": "/home/scp"
}
]
}
Testing an Existing SCP Connection
To test an existing SCP connection, run;
Syntax
ksctl connectionmgmt scp test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt scp test --id scp-conn
Example Response
{
"connection_ok": true
}
Testing a New SCP Connection
To test a new SCP connection, run;
Syntax
ksctl connectionmgmt scp test --host <hostname> --scp-port <Port> --username <SCP-Connection-Username> --auth-method <Key or Password> --conn-password <SCP-Connection-Password> --path-to <Destination-Machine-Path> --public-key <key>
Example Request
ksctl connectionmgmt scp test --host 8.8.8.8 --scp-port 22 --username admin --auth-method password --conn-password paswd --public-key key --path-to "/home/scp"
Example Response
{
"connection_ok": true
}
Connection Manager Certificate Expiration Check
The CipherTrust Manager inspects the expiration date of the certificates used in the configured connections everyday, at a preset system time to log the record. This is done for the following connections:
Microsoft Azure
DSM Connection
Hadoop
Salesforce
Luna Network HSM
The CipherTrust Manager then creates list of certificates based on their expiration date:
Certificates whose expiration dates are within 91 days.
This list is logged in the Records section once every week.
Certificates whose expiration dates are within 7 days.
This list is logged in the Records section once every day.
Certificates that are already expired.
This list is logged in the Records section once every day.
You can also create alarm triggers for these records. For more details, go to Creating Alarm Trigger for Client Certificate Expiration.