cpl 2.0.1 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/CHANGELOG.md +111 -85
- data/CONTRIBUTING.md +2 -2
- data/Gemfile.lock +2 -2
- data/README.md +14 -5
- data/cpl.gemspec +1 -1
- data/docs/commands.md +30 -6
- data/docs/secrets-and-env-values.md +42 -0
- data/docs/tips.md +1 -40
- data/examples/controlplane.yml +12 -3
- data/lib/command/apply_template.rb +70 -80
- data/lib/command/base.rb +82 -71
- data/lib/command/build_image.rb +2 -2
- data/lib/command/cleanup_images.rb +1 -1
- data/lib/command/cleanup_stale_apps.rb +1 -1
- data/lib/command/copy_image_from_upstream.rb +3 -3
- data/lib/command/delete.rb +17 -5
- data/lib/command/deploy_image.rb +6 -21
- data/lib/command/doctor.rb +47 -0
- data/lib/command/latest_image.rb +1 -1
- data/lib/command/no_command.rb +1 -0
- data/lib/command/promote_app_from_upstream.rb +1 -1
- data/lib/command/run.rb +17 -11
- data/lib/command/setup_app.rb +80 -16
- data/lib/command/test.rb +1 -0
- data/lib/command/version.rb +1 -0
- data/lib/core/config.rb +40 -12
- data/lib/core/controlplane.rb +53 -0
- data/lib/core/controlplane_api.rb +13 -7
- data/lib/core/controlplane_api_direct.rb +1 -1
- data/lib/core/doctor_service.rb +104 -0
- data/lib/core/helpers.rb +10 -0
- data/lib/core/shell.rb +7 -0
- data/lib/core/template_parser.rb +76 -0
- data/lib/cpl/version.rb +1 -1
- data/lib/cpl.rb +25 -11
- data/templates/app.yml +0 -5
- metadata +8 -7
- data/googlee2da545df05d92f9.html +0 -1
- data/lib/core/controlplane_api_cli.rb +0 -10
- data/templates/secrets.yml +0 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 468f47cb0e1cf3cdb710b885949188c68f40fd74ad4236379a5a6c6fd55739c1
|
4
|
+
data.tar.gz: fc83d4ef5ee3ded08d52ca5f2df92e5ee261df6fcefd27f673452d0ba265a650
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dac1051680d2b3c69473636a9babd19b8799ea6e2eaadbb26582836641f7a73e843e4a26c32f41206edb0a6b21ab89b9b62cc08087360d75a562c3b6bb40188d
|
7
|
+
data.tar.gz: 52ca1f46ff0d459f450e1a1bd82b6efce780e9b6480ebbda955722eef4bea3a98d71cdaff076691b4cfe93e77c42285f358bfb4ba9adf857c961108302a4f5d6
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -12,194 +12,220 @@ Please follow the recommendations outlined at [keepachangelog.com](https://keepa
|
|
12
12
|
|
13
13
|
Changes since the last non-beta release.
|
14
14
|
|
15
|
-
_Please add entries here for your pull requests that
|
15
|
+
_Please add entries here for your pull requests that have not yet been released._
|
16
16
|
|
17
17
|
### Fixed
|
18
18
|
|
19
|
-
- Fixed issue where
|
19
|
+
- Fixed issue where release script was not running from the app image. [PR 183](https://github.com/shakacode/control-plane-flow/pull/183) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
20
|
+
- Fixed issue where deprecated options were not being warned. [PR 183](https://github.com/shakacode/control-plane-flow/pull/183) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
21
|
+
|
22
|
+
### Added
|
23
|
+
|
24
|
+
- Added post-creation hook to `setup-app` command (configurable through `hooks.post_creation` in `controlplane.yml`). [PR 183](https://github.com/shakacode/control-plane-flow/pull/183) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
25
|
+
- Added pre-deletion hook to `delete` command (configurable through `hooks.pre_deletion` in `controlplane.yml`). [PR 183](https://github.com/shakacode/control-plane-flow/pull/183) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
26
|
+
- Added `doctor` command to run validations. [PR 185](https://github.com/shakacode/control-plane-flow/pull/185) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
27
|
+
|
28
|
+
### Changed
|
29
|
+
|
30
|
+
- `cpl` now sets `CPLN_SKIP_UPDATE_CHECK` to `true` for all internal `cpln` calls, which disables the version check and prevents cluttering the logs. [PR 180](https://github.com/shakacode/control-plane-flow/pull/180) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
31
|
+
- `setup-app` command now automatically creates a secret, policy, and identity for the app if they do not exist. The `--skip-secrets-setup` option prevents this behavior. [PR 181](https://github.com/shakacode/control-plane-flow/pull/181) by [Rafael Gomes](https://github.com/rafaelgomesxyz). [PR 190](https://github.com/shakacode/control-plane-flow/pull/190) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
32
|
+
- Specific validations are now run before commands, and the command will exit with a non-zero code if any validation fails. Can be disabled by setting `DISABLE_VALIDATIONS` env var to `true`. [PR 185](https://github.com/shakacode/control-plane-flow/pull/185) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
33
|
+
- Deprecated the `--skip-secret-access-binding` option in favor of `--skip-secrets-setup`. This can also now be configured through `skip_secrets_setup` in `controlplane.yml` [PR 190](https://github.com/shakacode/control-plane-flow/pull/190) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
34
|
+
|
35
|
+
## [2.0.2] - 2024-05-17
|
36
|
+
|
37
|
+
- Fixed issue with improper handling of job statuses. Fixed issue with interactive magic string showing and exit code. [PR 177](https://github.com/shakacode/control-plane-flow/pull/177) by [Sergey Tarasov](https://github.com/dzirtusss).
|
38
|
+
|
39
|
+
## [2.0.1] - 2024-05-15
|
40
|
+
|
41
|
+
### Fixed
|
42
|
+
|
43
|
+
- Fixed issue where `cleanup-stale-apps` command fails to delete apps with volumesets. [PR 175](https://github.com/shakacode/control-plane-flow/pull/175) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
20
44
|
|
21
45
|
## [2.0.0] - 2024-05-14
|
22
46
|
|
23
47
|
### BREAKING CHANGES
|
24
48
|
|
25
|
-
- Commands that finished with a failure now exit with code `64` instead of `1`. [PR 132](https://github.com/shakacode/
|
26
|
-
- Bumped minimum `cpln` version to `2.0.1` (`cpln workload cron get` is required). [PR 171](https://github.com/shakacode/
|
27
|
-
- `run:cleanup` command has been removed. [PR 151](https://github.com/shakacode/
|
28
|
-
- `deploy-image` command now runs the release script in the context of the `run` command. [PR 151](https://github.com/shakacode/
|
49
|
+
- Commands that finished with a failure now exit with code `64` instead of `1`. [PR 132](https://github.com/shakacode/control-plane-flow/pull/132) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
50
|
+
- Bumped minimum `cpln` version to `2.0.1` (`cpln workload cron get` is required). [PR 171](https://github.com/shakacode/control-plane-flow/pull/171) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
51
|
+
- `run:cleanup` command has been removed. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
52
|
+
- `deploy-image` command now runs the release script in the context of the `run` command. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
29
53
|
|
30
54
|
### Fixed
|
31
55
|
|
32
|
-
- Fixed race conditions when using latest image in `run` command. [PR 163](https://github.com/shakacode/
|
56
|
+
- Fixed race conditions when using latest image in `run` command. [PR 163](https://github.com/shakacode/control-plane-flow/pull/163) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
33
57
|
|
34
58
|
### Added
|
35
59
|
|
36
|
-
- Added options to `run` command to override the workload container's `--cpu`, `--memory`, and `--entrypoint`. [PR 151](https://github.com/shakacode/
|
37
|
-
- Added `--workload` option to `delete` command to delete a specific workload. [PR 151](https://github.com/shakacode/
|
38
|
-
- Added `--replica` option to `logs` command to see logs from a specific replica. [PR 151](https://github.com/shakacode/
|
39
|
-
- Added `--replica` option to `ps:stop` command to stop a specific replica. [PR 151](https://github.com/shakacode/
|
40
|
-
- Added option to set custom names for secrets and secrets policy, using `secrets_name` and `secrets_policy_name` in `controlplane.yml`. [PR 159](https://github.com/shakacode/
|
60
|
+
- Added options to `run` command to override the workload container's `--cpu`, `--memory`, and `--entrypoint`. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
61
|
+
- Added `--workload` option to `delete` command to delete a specific workload. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
62
|
+
- Added `--replica` option to `logs` command to see logs from a specific replica. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
63
|
+
- Added `--replica` option to `ps:stop` command to stop a specific replica. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
64
|
+
- Added option to set custom names for secrets and secrets policy, using `secrets_name` and `secrets_policy_name` in `controlplane.yml`. [PR 159](https://github.com/shakacode/control-plane-flow/pull/159) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
41
65
|
|
42
66
|
### Changed
|
43
67
|
|
44
|
-
- An error is now raised if the org does not exist. [PR 167](https://github.com/shakacode/
|
45
|
-
- Common options are now shown in help. [PR 169](https://github.com/shakacode/
|
46
|
-
- `run` command now uses a single reusable cron workload and works for both interactive and non-interactive jobs. [PR 151](https://github.com/shakacode/
|
47
|
-
- `run:detached` command has been deprecated in favor of `run`. [PR 151](https://github.com/shakacode/
|
48
|
-
- `deploy-image` command now raises an error if image does not exist. [PR 153](https://github.com/shakacode/
|
49
|
-
- `delete` command now unbinds identity from policy (if bound) when deleting app. [PR 170](https://github.com/shakacode/
|
68
|
+
- An error is now raised if the org does not exist. [PR 167](https://github.com/shakacode/control-plane-flow/pull/167) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
69
|
+
- Common options are now shown in help. [PR 169](https://github.com/shakacode/control-plane-flow/pull/169) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
70
|
+
- `run` command now uses a single reusable cron workload and works for both interactive and non-interactive jobs. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
71
|
+
- `run:detached` command has been deprecated in favor of `run`. [PR 151](https://github.com/shakacode/control-plane-flow/pull/151) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
72
|
+
- `deploy-image` command now raises an error if image does not exist. [PR 153](https://github.com/shakacode/control-plane-flow/pull/153) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
73
|
+
- `delete` command now unbinds identity from policy (if bound) when deleting app. [PR 170](https://github.com/shakacode/control-plane-flow/pull/170) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
50
74
|
|
51
75
|
## [1.4.0] - 2024-03-20
|
52
76
|
|
53
77
|
### Added
|
54
78
|
|
55
|
-
- Added new template substitution variables (used by `apply-template` and `setup-app` commands): `{{APP_LOCATION_LINK}}`, `{{APP_IMAGE_LINK}}`, `{{APP_IDENTITY}}`, `{{APP_IDENTITY_LINK}}`, `{{APP_SECRETS}}` and `{{APP_SECRETS_POLICY}}`. [PR 146](https://github.com/shakacode/
|
56
|
-
- Added `--run-release-phase` option to `deploy-image` command to run release script before deploying (same step as in `promote-app-from-upstream` command). [PR 146](https://github.com/shakacode/
|
79
|
+
- Added new template substitution variables (used by `apply-template` and `setup-app` commands): `{{APP_LOCATION_LINK}}`, `{{APP_IMAGE_LINK}}`, `{{APP_IDENTITY}}`, `{{APP_IDENTITY_LINK}}`, `{{APP_SECRETS}}` and `{{APP_SECRETS_POLICY}}`. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
80
|
+
- Added `--run-release-phase` option to `deploy-image` command to run release script before deploying (same step as in `promote-app-from-upstream` command). [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
57
81
|
|
58
82
|
### Changed
|
59
83
|
|
60
|
-
- Template substitution (used by `apply-template` and `setup-app` commands) now uses double braces (e.g., `APP_ORG` -> `{{APP_ORG}}`). This change is backwards compatible. [PR 146](https://github.com/shakacode/
|
61
|
-
- Renamed template substitution variable `APP_GVC` to `{{APP_NAME}}` (used by `apply-template` and `setup-app` commands). This change is backwards compatible. [PR 146](https://github.com/shakacode/
|
62
|
-
- `setup-app` command now automatically binds the app to the secrets policy, as long as both the identity and the policy exist. Added `--skip-secret-access-binding` option to prevent this behavior. [PR 146](https://github.com/shakacode/
|
63
|
-
- Local API token is now refreshed when it is about to expire. [PR 146](https://github.com/shakacode/
|
64
|
-
- `apply-template` command now exits with non-zero code if failed to apply any templates. [PR 146](https://github.com/shakacode/
|
84
|
+
- Template substitution (used by `apply-template` and `setup-app` commands) now uses double braces (e.g., `APP_ORG` -> `{{APP_ORG}}`). This change is backwards compatible. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
85
|
+
- Renamed template substitution variable `APP_GVC` to `{{APP_NAME}}` (used by `apply-template` and `setup-app` commands). This change is backwards compatible. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
86
|
+
- `setup-app` command now automatically binds the app to the secrets policy, as long as both the identity and the policy exist. Added `--skip-secret-access-binding` option to prevent this behavior. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
87
|
+
- Local API token is now refreshed when it is about to expire. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
88
|
+
- `apply-template` command now exits with non-zero code if failed to apply any templates. [PR 146](https://github.com/shakacode/control-plane-flow/pull/146) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
65
89
|
|
66
90
|
## [1.3.0] - 2024-03-19
|
67
91
|
|
68
92
|
### Fixed
|
69
93
|
|
70
|
-
- Fixed issue where cpln profile was not switched back to `default` if an error happened while running `copy-image-from-upstream` command. [PR 135](https://github.com/shakacode/
|
71
|
-
- Fixed issue that didn't allow using upstream with `match_if_app_name_starts_with` set to `true` in `copy-image-from-upstream` command. [PR 136](https://github.com/shakacode/
|
94
|
+
- Fixed issue where cpln profile was not switched back to `default` if an error happened while running `copy-image-from-upstream` command. [PR 135](https://github.com/shakacode/control-plane-flow/pull/135) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
95
|
+
- Fixed issue that didn't allow using upstream with `match_if_app_name_starts_with` set to `true` in `copy-image-from-upstream` command. [PR 136](https://github.com/shakacode/control-plane-flow/pull/136) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
72
96
|
|
73
97
|
### Added
|
74
98
|
|
75
|
-
- Added `--no-clean-on-failure` option to `run:detached` command to skip deletion of failed workload run. [PR 133](https://github.com/shakacode/
|
76
|
-
- Added `--domain` option to `maintenance`, `maintenance:on` and `maintenance:off` commands. [PR 131](https://github.com/shakacode/
|
77
|
-
- Added `default_domain` config to specify domain for `maintenance`, `maintenance:on` and `maintenance:off` commands. [PR 131](https://github.com/shakacode/
|
78
|
-
- Added option to specify upstream for `copy-image-from-upstream` command through `CPLN_UPSTREAM` env var. [PR 138](https://github.com/shakacode/
|
99
|
+
- Added `--no-clean-on-failure` option to `run:detached` command to skip deletion of failed workload run. [PR 133](https://github.com/shakacode/control-plane-flow/pull/133) by [Justin Gordon](https://github.com/justin808) and [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
100
|
+
- Added `--domain` option to `maintenance`, `maintenance:on` and `maintenance:off` commands. [PR 131](https://github.com/shakacode/control-plane-flow/pull/131) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
101
|
+
- Added `default_domain` config to specify domain for `maintenance`, `maintenance:on` and `maintenance:off` commands. [PR 131](https://github.com/shakacode/control-plane-flow/pull/131) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
102
|
+
- Added option to specify upstream for `copy-image-from-upstream` command through `CPLN_UPSTREAM` env var. [PR 138](https://github.com/shakacode/control-plane-flow/pull/138) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
79
103
|
|
80
104
|
### Changed
|
81
105
|
|
82
|
-
- `build-image` command now accepts extra options and passes them to `docker build`. [PR 126](https://github.com/shakacode/
|
83
|
-
- `CPLN_ORG_UPSTREAM` env var now takes precedence over config from `controlplane.yml` in `copy-image-from-upstream` command. [PR 137](https://github.com/shakacode/
|
84
|
-
- `info` command now works properly for apps with `match_if_app_name_starts_with` set to `true`.[PR 139](https://github.com/shakacode/
|
85
|
-
- `info` command now lists workloads in the same order as `controlplane.yml`. [PR 139](https://github.com/shakacode/
|
86
|
-
- Improved domain workload matching for `maintenance`, `maintenance:on` and `maintenance:off` commands (instead of matching only by workload, it now matches by org + app + workload, which is more accurate). [PR 140](https://github.com/shakacode/
|
106
|
+
- `build-image` command now accepts extra options and passes them to `docker build`. [PR 126](https://github.com/shakacode/control-plane-flow/pull/126) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
107
|
+
- `CPLN_ORG_UPSTREAM` env var now takes precedence over config from `controlplane.yml` in `copy-image-from-upstream` command. [PR 137](https://github.com/shakacode/control-plane-flow/pull/137) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
108
|
+
- `info` command now works properly for apps with `match_if_app_name_starts_with` set to `true`.[PR 139](https://github.com/shakacode/control-plane-flow/pull/139) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
109
|
+
- `info` command now lists workloads in the same order as `controlplane.yml`. [PR 139](https://github.com/shakacode/control-plane-flow/pull/139) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
110
|
+
- Improved domain workload matching for `maintenance`, `maintenance:on` and `maintenance:off` commands (instead of matching only by workload, it now matches by org + app + workload, which is more accurate). [PR 140](https://github.com/shakacode/control-plane-flow/pull/140) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
87
111
|
|
88
112
|
## [1.2.0] - 2024-01-03
|
89
113
|
|
90
114
|
### Fixed
|
91
115
|
|
92
|
-
- Fixed issue where `info` command does not respect `CPLN_ORG` env var. [PR 88](https://github.com/shakacode/
|
93
|
-
- Fixed issues with running `cpl --version` and `cpl --help` where no configuration file exists. [PR 100](https://github.com/shakacode/
|
94
|
-
- Fixed issue where `delete` command fails to delete apps with volumesets. [PR 123](https://github.com/shakacode/
|
116
|
+
- Fixed issue where `info` command does not respect `CPLN_ORG` env var. [PR 88](https://github.com/shakacode/control-plane-flow/pull/88) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
117
|
+
- Fixed issues with running `cpl --version` and `cpl --help` where no configuration file exists. [PR 100](https://github.com/shakacode/control-plane-flow/pull/100) by [Mostafa Ahangarha](https://github.com/ahangarha).
|
118
|
+
- Fixed issue where `delete` command fails to delete apps with volumesets. [PR 123](https://github.com/shakacode/control-plane-flow/pull/123) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
95
119
|
|
96
120
|
### Added
|
97
121
|
|
98
|
-
- Added `--org` option to all commands. [PR 88](https://github.com/shakacode/
|
99
|
-
- Added option to set the app with a `CPLN_APP` env var. [PR 88](https://github.com/shakacode/
|
100
|
-
- Show `org` and `app` on every command excluding `info`, `version`, `maintenance`, `env`, `ps`, and `latest_image`. [PR 94](https://github.com/shakacode/
|
101
|
-
- Added option to only use `CPLN_ORG` and `CPLN_APP` env vars if `allow_org_override_by_env` and `allow_app_override_by_env` configs are set to `true` in `controlplane.yml`. [PR 109](https://github.com/shakacode/
|
102
|
-
- Added `CPLN_LOCATION` env variable and `--location` option for `apply-template`, `ps`, `run`, `run:detached`. [PR 105](https://github.com/shakacode/
|
103
|
-
- Added `generate` command for creating basic Control Plane configuration directory. [PR 116](https://github.com/shakacode/
|
104
|
-
- Added `--trace` option to all commands for more detailed logs. [PR 124](https://github.com/shakacode/
|
122
|
+
- Added `--org` option to all commands. [PR 88](https://github.com/shakacode/control-plane-flow/pull/88) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
123
|
+
- Added option to set the app with a `CPLN_APP` env var. [PR 88](https://github.com/shakacode/control-plane-flow/pull/88) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
124
|
+
- Show `org` and `app` on every command excluding `info`, `version`, `maintenance`, `env`, `ps`, and `latest_image`. [PR 94](https://github.com/shakacode/control-plane-flow/pull/94) by [Mostafa Ahangarha](https://github.com/ahangarha).
|
125
|
+
- Added option to only use `CPLN_ORG` and `CPLN_APP` env vars if `allow_org_override_by_env` and `allow_app_override_by_env` configs are set to `true` in `controlplane.yml`. [PR 109](https://github.com/shakacode/control-plane-flow/pull/109) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
126
|
+
- Added `CPLN_LOCATION` env variable and `--location` option for `apply-template`, `ps`, `run`, `run:detached`. [PR 105](https://github.com/shakacode/control-plane-flow/pull/105) by [Mostafa Ahangarha](https://github.com/ahangarha).
|
127
|
+
- Added `generate` command for creating basic Control Plane configuration directory. [PR 116](https://github.com/shakacode/control-plane-flow/pull/116) by [Mostafa Ahangarhga](https://github.com/ahangarha).
|
128
|
+
- Added `--trace` option to all commands for more detailed logs. [PR 124](https://github.com/shakacode/control-plane-flow/pull/124) by [justin808](https://github.com/justin808)
|
105
129
|
- Added better error message to check the org name in case of a 403 error. [PR 124](https://github.com/justin808) by [justin808](https://github.com/justin808)
|
106
130
|
|
107
131
|
### Changed
|
108
132
|
|
109
|
-
- `--org` option now takes precedence over `CPLN_ORG` env var, which takes precedence over `cpln_org` from `controlplane.yml`. [PR 88](https://github.com/shakacode/
|
110
|
-
- Renamed `setup` config into `setup_app_templates`. [PR 112](https://github.com/shakacode/
|
133
|
+
- `--org` option now takes precedence over `CPLN_ORG` env var, which takes precedence over `cpln_org` from `controlplane.yml`. [PR 88](https://github.com/shakacode/control-plane-flow/pull/88) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
134
|
+
- Renamed `setup` config into `setup_app_templates`. [PR 112](https://github.com/shakacode/control-plane-flow/pull/112) by [Mostafa Ahangarha](https://github.com/ahangarha).
|
111
135
|
|
112
136
|
## [1.1.2] - 2023-10-17
|
113
137
|
|
114
138
|
### Fixed
|
115
139
|
|
116
|
-
- Fixed failed build on MacOS by adding platform flag and fixed multiple files in yaml document for template. [PR 81](https://github.com/shakacode/
|
140
|
+
- Fixed failed build on MacOS by adding platform flag and fixed multiple files in yaml document for template. [PR 81](https://github.com/shakacode/control-plane-flow/pull/81) by [justin808](https://github.com/justin808).
|
117
141
|
|
118
142
|
### Added
|
119
143
|
|
120
|
-
- Added `open-console` command to open the app console on Control Plane. [PR 83](https://github.com/shakacode/
|
121
|
-
- Added option to set the org with a `CPLN_ORG`/`CPLN_ORG_UPSTREAM` env var. [PR 83](https://github.com/shakacode/
|
122
|
-
- Added `--verbose` option to all commands for more detailed logs. [PR 83](https://github.com/shakacode/
|
144
|
+
- Added `open-console` command to open the app console on Control Plane. [PR 83](https://github.com/shakacode/control-plane-flow/pull/83) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
145
|
+
- Added option to set the org with a `CPLN_ORG`/`CPLN_ORG_UPSTREAM` env var. [PR 83](https://github.com/shakacode/control-plane-flow/pull/83) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
146
|
+
- Added `--verbose` option to all commands for more detailed logs. [PR 83](https://github.com/shakacode/control-plane-flow/pull/83) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
123
147
|
|
124
148
|
### Changed
|
125
149
|
|
126
|
-
- Calling `cpl` with no command now shows the help menu. [PR 83](https://github.com/shakacode/
|
150
|
+
- Calling `cpl` with no command now shows the help menu. [PR 83](https://github.com/shakacode/control-plane-flow/pull/83) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
127
151
|
|
128
152
|
## [1.1.1] - 2023-09-23
|
129
153
|
|
130
154
|
### Fixed
|
131
155
|
|
132
|
-
- Fixed issue where API token is not reset when switching profile. [PR 77](https://github.com/shakacode/
|
156
|
+
- Fixed issue where API token is not reset when switching profile. [PR 77](https://github.com/shakacode/control-plane-flow/pull/77) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
133
157
|
|
134
158
|
## [1.1.0] - 2023-09-20
|
135
159
|
|
136
160
|
### Fixed
|
137
161
|
|
138
|
-
- Fixed issue where `copy-image-from-upstream` command does not copy commit. [PR 70](https://github.com/shakacode/
|
139
|
-
- Fixed issue where an error is not raised if the app is not defined. [PR 73](https://github.com/shakacode/
|
140
|
-
- Fixed issue where `CPLN_ENDPOINT` is not used if available. [PR 75](https://github.com/shakacode/
|
162
|
+
- Fixed issue where `copy-image-from-upstream` command does not copy commit. [PR 70](https://github.com/shakacode/control-plane-flow/pull/70) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
163
|
+
- Fixed issue where an error is not raised if the app is not defined. [PR 73](https://github.com/shakacode/control-plane-flow/pull/73) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
164
|
+
- Fixed issue where `CPLN_ENDPOINT` is not used if available. [PR 75](https://github.com/shakacode/control-plane-flow/pull/75) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
141
165
|
|
142
166
|
### Added
|
143
167
|
|
144
|
-
- Added `image_retention_max_qty` config to clean up images based on max quantity with `cleanup-images` command. [PR 72](https://github.com/shakacode/
|
168
|
+
- Added `image_retention_max_qty` config to clean up images based on max quantity with `cleanup-images` command. [PR 72](https://github.com/shakacode/control-plane-flow/pull/72) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
145
169
|
|
146
170
|
### Changed
|
147
171
|
|
148
|
-
- Updated docs for `run` commands regarding passing arguments at the end. [PR 71](https://github.com/shakacode/
|
149
|
-
- Renamed `cleanup-old-images` command to `cleanup-images`. [PR 72](https://github.com/shakacode/
|
150
|
-
- Renamed `old_image_retention_days` config to `image_retention_days`. [PR 72](https://github.com/shakacode/
|
172
|
+
- Updated docs for `run` commands regarding passing arguments at the end. [PR 71](https://github.com/shakacode/control-plane-flow/pull/71) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
173
|
+
- Renamed `cleanup-old-images` command to `cleanup-images`. [PR 72](https://github.com/shakacode/control-plane-flow/pull/72) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
174
|
+
- Renamed `old_image_retention_days` config to `image_retention_days`. [PR 72](https://github.com/shakacode/control-plane-flow/pull/72) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
151
175
|
|
152
176
|
## [1.0.4] - 2023-07-21
|
153
177
|
|
154
178
|
### Fixed
|
155
179
|
|
156
|
-
- Fixed issue where `run` commands fail when not providing image. [PR 68](https://github.com/shakacode/
|
180
|
+
- Fixed issue where `run` commands fail when not providing image. [PR 68](https://github.com/shakacode/control-plane-flow/pull/68) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
157
181
|
|
158
182
|
## [1.0.3] - 2023-07-07
|
159
183
|
|
160
184
|
### Fixed
|
161
185
|
|
162
|
-
- Fixed `run` commands when specifying image. [PR 62](https://github.com/shakacode/
|
163
|
-
- Fixed `run:cleanup` command for non-interactive workloads. [PR 63](https://github.com/shakacode/
|
164
|
-
- Fixed `run:cleanup` command for all apps that start with name. [PR 64](https://github.com/shakacode/
|
165
|
-
- Fixed `cleanup-old-images` command for all apps that start with name. [PR 65](https://github.com/shakacode/
|
166
|
-
- Fixed `--help` option. [PR 66](https://github.com/shakacode/
|
186
|
+
- Fixed `run` commands when specifying image. [PR 62](https://github.com/shakacode/control-plane-flow/pull/62) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
187
|
+
- Fixed `run:cleanup` command for non-interactive workloads. [PR 63](https://github.com/shakacode/control-plane-flow/pull/63) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
188
|
+
- Fixed `run:cleanup` command for all apps that start with name. [PR 64](https://github.com/shakacode/control-plane-flow/pull/64) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
189
|
+
- Fixed `cleanup-old-images` command for all apps that start with name. [PR 65](https://github.com/shakacode/control-plane-flow/pull/65) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
190
|
+
- Fixed `--help` option. [PR 66](https://github.com/shakacode/control-plane-flow/pull/66) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
167
191
|
|
168
192
|
### Added
|
169
193
|
|
170
|
-
- Added `--use-local-token` option to `run:detached` command. [PR 61](https://github.com/shakacode/
|
194
|
+
- Added `--use-local-token` option to `run:detached` command. [PR 61](https://github.com/shakacode/control-plane-flow/pull/61) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
171
195
|
|
172
196
|
## [1.0.2] - 2023-07-02
|
173
197
|
|
174
198
|
### Added
|
175
199
|
|
176
|
-
- Added steps to migrate to docs. [PR 57](https://github.com/shakacode/
|
177
|
-
- Added `ps:wait` command. [PR 58](https://github.com/shakacode/
|
200
|
+
- Added steps to migrate to docs. [PR 57](https://github.com/shakacode/control-plane-flow/pull/57) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
201
|
+
- Added `ps:wait` command. [PR 58](https://github.com/shakacode/control-plane-flow/pull/58) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
178
202
|
|
179
203
|
## [1.0.1] - 2023-06-28
|
180
204
|
|
181
205
|
### Fixed
|
182
206
|
|
183
|
-
- Fixed `cleanup-stale-apps` command when app does not have image. [PR 55](https://github.com/shakacode/
|
207
|
+
- Fixed `cleanup-stale-apps` command when app does not have image. [PR 55](https://github.com/shakacode/control-plane-flow/pull/55) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
184
208
|
|
185
209
|
### Changed
|
186
210
|
|
187
|
-
- Improved docs. [PR 50](https://github.com/shakacode/
|
211
|
+
- Improved docs. [PR 50](https://github.com/shakacode/control-plane-flow/pull/50) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
|
188
212
|
|
189
213
|
## [1.0.0] - 2023-05-29
|
190
214
|
|
191
215
|
- Initial release
|
192
216
|
|
193
|
-
[Unreleased]: https://github.com/shakacode/
|
194
|
-
[2.0.
|
195
|
-
[
|
196
|
-
[
|
197
|
-
[1.
|
198
|
-
[1.
|
199
|
-
[1.
|
200
|
-
[1.1.
|
201
|
-
[1.
|
202
|
-
[1.0
|
203
|
-
[1.0.
|
204
|
-
[1.0.
|
205
|
-
[1.0.
|
217
|
+
[Unreleased]: https://github.com/shakacode/control-plane-flow/compare/v2.0.2...HEAD
|
218
|
+
[2.0.2]: https://github.com/shakacode/control-plane-flow/compare/v2.0.1...v2.0.2
|
219
|
+
[2.0.1]: https://github.com/shakacode/control-plane-flow/compare/v2.0.0...v2.0.1
|
220
|
+
[2.0.0]: https://github.com/shakacode/control-plane-flow/compare/v1.4.0...v2.0.0
|
221
|
+
[1.4.0]: https://github.com/shakacode/control-plane-flow/compare/v1.3.0...v1.4.0
|
222
|
+
[1.3.0]: https://github.com/shakacode/control-plane-flow/compare/v1.2.0...v1.3.0
|
223
|
+
[1.2.0]: https://github.com/shakacode/control-plane-flow/compare/v1.1.2...v1.2.0
|
224
|
+
[1.1.2]: https://github.com/shakacode/control-plane-flow/compare/v1.1.1...v1.1.2
|
225
|
+
[1.1.1]: https://github.com/shakacode/control-plane-flow/compare/v1.1.0...v1.1.1
|
226
|
+
[1.1.0]: https://github.com/shakacode/control-plane-flow/compare/v1.0.4...v1.1.0
|
227
|
+
[1.0.4]: https://github.com/shakacode/control-plane-flow/compare/v1.0.3...v1.0.4
|
228
|
+
[1.0.3]: https://github.com/shakacode/control-plane-flow/compare/v1.0.2...v1.0.3
|
229
|
+
[1.0.2]: https://github.com/shakacode/control-plane-flow/compare/v1.0.1...v1.0.2
|
230
|
+
[1.0.1]: https://github.com/shakacode/control-plane-flow/compare/v1.0.0...v1.0.1
|
231
|
+
[1.0.0]: https://github.com/shakacode/control-plane-flow/releases/tag/v1.0.0
|
data/CONTRIBUTING.md
CHANGED
@@ -6,10 +6,10 @@ Rather than installing `cpl` as a Ruby gem, install this repo locally and alias
|
|
6
6
|
access, e.g.:
|
7
7
|
|
8
8
|
```sh
|
9
|
-
git clone https://github.com/shakacode/
|
9
|
+
git clone https://github.com/shakacode/control-plane-flow
|
10
10
|
|
11
11
|
# Create an alias in some local shell startup script, e.g., `.profile`, `.bashrc`, etc.
|
12
|
-
alias cpl="~/projects/
|
12
|
+
alias cpl="~/projects/control-plane-flow/bin/cpl"
|
13
13
|
```
|
14
14
|
|
15
15
|
## Linting
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cpl (2.0
|
4
|
+
cpl (2.1.0)
|
5
5
|
debug (~> 1.7.1)
|
6
6
|
dotenv (~> 2.8.1)
|
7
7
|
jwt (~> 2.8.1)
|
@@ -49,7 +49,7 @@ GEM
|
|
49
49
|
racc (1.7.3)
|
50
50
|
rainbow (3.1.1)
|
51
51
|
rake (13.2.1)
|
52
|
-
rdoc (6.
|
52
|
+
rdoc (6.7.0)
|
53
53
|
psych (>= 4.0.0)
|
54
54
|
regexp_parser (2.9.0)
|
55
55
|
reline (0.5.7)
|
data/README.md
CHANGED
@@ -6,8 +6,8 @@
|
|
6
6
|
<meta name="keywords" content="Control Plane, Heroku, Kubernetes, K8, Infrastructure">
|
7
7
|
<meta name="google-site-verification" content="dIV4nMplcYl6YOKOaZMqgvdKXhLJ4cdYY6pS6e_YrPU" />
|
8
8
|
|
9
|
-
[![RSpec](https://github.com/shakacode/
|
10
|
-
[![Rubocop](https://github.com/shakacode/
|
9
|
+
[![RSpec](https://github.com/shakacode/control-plane-flow/actions/workflows/rspec.yml/badge.svg)](https://github.com/shakacode/control-plane-flow/actions/workflows/rspec.yml)
|
10
|
+
[![Rubocop](https://github.com/shakacode/control-plane-flow/actions/workflows/rubocop.yml/badge.svg)](https://github.com/shakacode/control-plane-flow/actions/workflows/rubocop.yml)
|
11
11
|
|
12
12
|
[![Gem](https://badge.fury.io/rb/cpl.svg)](https://badge.fury.io/rb/cpl)
|
13
13
|
|
@@ -196,9 +196,6 @@ aliases:
|
|
196
196
|
# 2. Each file can contain many objects, such as in the case of templates that create a resource, like `postgres`.
|
197
197
|
# 3. While the naming often corresponds to a workload or other object name, the naming is arbitrary.
|
198
198
|
# Naming does not need to match anything other than the file name without the `.yml` extension.
|
199
|
-
#
|
200
|
-
# If you're going to use secrets, you need to apply the `secrets.yml` template separately (one-time setup):
|
201
|
-
# `cpl apply-template secrets -a my-app`
|
202
199
|
setup_app_templates:
|
203
200
|
- app
|
204
201
|
- redis
|
@@ -207,6 +204,9 @@ aliases:
|
|
207
204
|
- rails
|
208
205
|
- sidekiq
|
209
206
|
|
207
|
+
# Skips secrets setup when running `cpl setup-app`.
|
208
|
+
skip_secrets_setup: true
|
209
|
+
|
210
210
|
# Only needed if using a custom secrets name.
|
211
211
|
# The default is '{APP_PREFIX}-secrets'. For example:
|
212
212
|
# - for an app 'my-app-staging' with `match_if_app_name_starts_with` set to `false`,
|
@@ -273,6 +273,15 @@ apps:
|
|
273
273
|
# e.g., "my-app-review-pr123", "my-app-review-anything-goes", etc.
|
274
274
|
match_if_app_name_starts_with: true
|
275
275
|
|
276
|
+
# Hooks can be either a script path that exists in the app image or a command.
|
277
|
+
# They're run in the context of `cpl run` with the latest image.
|
278
|
+
hooks:
|
279
|
+
# Used by the command `cpl setup-app` to run a hook after creating the app.
|
280
|
+
post_creation: bundle exec rake db:prepare
|
281
|
+
|
282
|
+
# Used by the command `cpl delete` to run a hook before deleting the app.
|
283
|
+
pre_deletion: bundle exec rake db:drop
|
284
|
+
|
276
285
|
my-app-production:
|
277
286
|
<<: *common
|
278
287
|
|
data/cpl.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
|
|
10
10
|
|
11
11
|
spec.summary = "Heroku to Control Plane"
|
12
12
|
spec.description = "CLI for providing Heroku-like platform-as-a-service on Control Plane"
|
13
|
-
spec.homepage = "https://github.com/shakacode/
|
13
|
+
spec.homepage = "https://github.com/shakacode/control-plane-flow"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.required_ruby_version = ">= 2.7.0"
|
data/docs/commands.md
CHANGED
@@ -109,6 +109,9 @@ cpl copy-image-from-upstream -a $APP_NAME --upstream-token $UPSTREAM_TOKEN --ima
|
|
109
109
|
- Deletes the whole app (GVC with all workloads, all volumesets and all images) or a specific workload
|
110
110
|
- Also unbinds the app from the secrets policy, as long as both the identity and the policy exist (and are bound)
|
111
111
|
- Will ask for explicit user confirmation
|
112
|
+
- Runs a pre-deletion hook before the app is deleted if `hooks.pre_deletion` is specified in the `.controlplane/controlplane.yml` file
|
113
|
+
- If the hook exits with a non-zero code, the command will stop executing and also exit with a non-zero code
|
114
|
+
- Use `--skip-pre-deletion-hook` to skip the hook if specified in `controlplane.yml`
|
112
115
|
|
113
116
|
```sh
|
114
117
|
# Deletes the whole app (GVC with all workloads, all volumesets and all images).
|
@@ -121,14 +124,29 @@ cpl delete -a $APP_NAME -w $WORKLOAD_NAME
|
|
121
124
|
### `deploy-image`
|
122
125
|
|
123
126
|
- Deploys the latest image to app workloads
|
124
|
-
-
|
127
|
+
- Runs a release script before deploying if `release_script` is specified in the `.controlplane/controlplane.yml` file and `--run-release-phase` is provided
|
125
128
|
- The release script is run in the context of `cpl run` with the latest image
|
126
|
-
-
|
129
|
+
- If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
|
127
130
|
|
128
131
|
```sh
|
129
132
|
cpl deploy-image -a $APP_NAME
|
130
133
|
```
|
131
134
|
|
135
|
+
### `doctor`
|
136
|
+
|
137
|
+
- Runs validations
|
138
|
+
|
139
|
+
```sh
|
140
|
+
# Runs all validations that don't require additional options by default.
|
141
|
+
cpl doctor
|
142
|
+
|
143
|
+
# Runs config validation.
|
144
|
+
cpl doctor --validations config
|
145
|
+
|
146
|
+
# Runs templates validation (requires app).
|
147
|
+
cpl doctor --validations templates -a $APP_NAME
|
148
|
+
```
|
149
|
+
|
132
150
|
### `env`
|
133
151
|
|
134
152
|
- Displays app-specific environment variables
|
@@ -276,7 +294,7 @@ cpl open-console -a $APP_NAME
|
|
276
294
|
- Runs `cpl copy-image-from-upstream` to copy the latest image from upstream
|
277
295
|
- Runs `cpl deploy-image` to deploy the image
|
278
296
|
- If `.controlplane/controlplane.yml` includes the `release_script`, `cpl deploy-image` will use the `--run-release-phase` option
|
279
|
-
-
|
297
|
+
- If the release script exits with a non-zero code, the command will stop executing and also exit with a non-zero code
|
280
298
|
|
281
299
|
```sh
|
282
300
|
cpl promote-app-from-upstream -a $APP_NAME -t $UPSTREAM_TOKEN
|
@@ -407,9 +425,15 @@ cpl run -a $APP_NAME --entrypoint /app/alternative-entrypoint.sh -- rails db:mig
|
|
407
425
|
|
408
426
|
- Creates an app and all its workloads
|
409
427
|
- Specify the templates for the app and workloads through `setup_app_templates` in the `.controlplane/controlplane.yml` file
|
410
|
-
- This should only be used for temporary apps like review apps, never for persistent apps like production (to update workloads for those, use 'cpl apply-template' instead)
|
411
|
-
-
|
412
|
-
-
|
428
|
+
- This should only be used for temporary apps like review apps, never for persistent apps like production or staging (to update workloads for those, use 'cpl apply-template' instead)
|
429
|
+
- Configures app to have org-level secrets with default name "{APP_PREFIX}-secrets"
|
430
|
+
using org-level policy with default name "{APP_PREFIX}-secrets-policy" (names can be customized, see docs)
|
431
|
+
- Creates identity for secrets if it does not exist
|
432
|
+
- Use `--skip-secrets-setup` to prevent the automatic setup of secrets,
|
433
|
+
or set it through `skip_secrets_setup` in the `.controlplane/controlplane.yml` file
|
434
|
+
- Runs a post-creation hook after the app is created if `hooks.post_creation` is specified in the `.controlplane/controlplane.yml` file
|
435
|
+
- If the hook exits with a non-zero code, the command will stop executing and also exit with a non-zero code
|
436
|
+
- Use `--skip-post-creation-hook` to skip the hook if specified in `controlplane.yml`
|
413
437
|
|
414
438
|
```sh
|
415
439
|
cpl setup-app -a $APP_NAME
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# Secrets and ENV Values
|
2
|
+
|
3
|
+
You can store ENV values used by a container (within a workload) within Control Plane at the following levels:
|
4
|
+
|
5
|
+
1. Workload Container
|
6
|
+
2. GVC
|
7
|
+
|
8
|
+
For your "review apps," it is convenient to have simple ENVs stored in plain text in your source code. You will want to
|
9
|
+
keep some ENVs, like the Rails' `SECRET_KEY_BASE`, out of your source code. For staging and production apps, you will
|
10
|
+
set these values directly at the GVC or workload levels, so none of these ENV values are committed to the source code.
|
11
|
+
|
12
|
+
For storing ENVs in the source code, we can use a level of indirection so that you can store an ENV value in your source
|
13
|
+
code like `cpln://secret/my-app-review-env-secrets.SECRET_KEY_BASE` and then have the secret value stored at the org
|
14
|
+
level, which applies to your GVCs mapped to that org.
|
15
|
+
|
16
|
+
For setting up secrets, you'll need:
|
17
|
+
|
18
|
+
- **Org-level Secret:** This is where the values will be stored.
|
19
|
+
- **GVC Identity:** An identity that must be associated with each workload that requires access to the secret.
|
20
|
+
- **Org-level Policy:** A policy that binds the identity to the secret, granting the necessary permissions for the workload to access the secret.
|
21
|
+
|
22
|
+
You can do this during the initial app setup, like this:
|
23
|
+
|
24
|
+
1. Add the template for `app` to `.controlplane/templates`
|
25
|
+
2. Ensure that the `app` template is listed in `setup_app_templates` for the app in `.controlplane/controlplane.yml`
|
26
|
+
3. Run `cpl setup-app -a $APP_NAME`
|
27
|
+
4. The secrets, secrets policy and identity will be automatically created, along with the proper binding
|
28
|
+
5. In the Control Plane console, upper left "Manage Org" menu, click on "Secrets"
|
29
|
+
6. Find the created secret (it will be in the `$APP_PREFIX-secrets` format) and add the secret env vars there
|
30
|
+
7. Use `cpln://secret/...` in the app to access the secret env vars (e.g., `cpln://secret/$APP_PREFIX-secrets.SOME_VAR`)
|
31
|
+
|
32
|
+
Here are the manual steps for reference. We recommend that you follow the steps above:
|
33
|
+
|
34
|
+
1. In the upper left of the Control Plane console, "Manage Org" menu, click on "Secrets"
|
35
|
+
2. Create a secret with `Secret Type: Dictionary` (e.g., `my-secrets`) and add the secret env vars there
|
36
|
+
3. In the upper left "Manage GVC" menu, click on "Identities"
|
37
|
+
4. Create an identity (e.g., `my-identity`)
|
38
|
+
5. Navigate to the workload that you want to associate with the identity created
|
39
|
+
6. Click "Identity" on the left menu and select the identity created
|
40
|
+
7. In the lower left "Access Control" menu, click on "Policies"
|
41
|
+
8. Create a policy with `Target Kind: Secret` and add a binding with the `reveal` permission for the identity created
|
42
|
+
9. Use `cpln://secret/...` in the app to access the secret env vars (e.g., `cpln://secret/my-secrets.SOME_VAR`)
|