Usage

ds-load is a CLI pipeline for populating the Topaz directory (or directories that are contract-compatible, such as the Aserto directory).

Arguments

Usage: ds-load <command>

Directory loader

Commands:
  exec                  import data in directory by running fetch, transform and publish
  publish               load data from stdin into directory
  get-plugin            download plugin
  set-default-plugin    sets a plugin as default
  list-plugins          list available plugins
  version               version information

Flags:
  -h, --help                  Show context-sensitive help.
  -c, --config=CONFIG-FLAG    Path to the config file. Any argument provided to the CLI will take precedence.
  -v, --verbosity=INT         Use to increase output verbosity.

The ds-load pipeline has three stages: fetch, transform, and publish:

fetch retrieves plugin-specific data from the source in a native JSON format
transform converts this data into directory objects and relations
publish loads the objects and relations data into the directory

The default command for ds-load is exec, which executes all three stages. When running ds-load without any command, the exec parameters need to be passed.

Tip

The plugin examples below all use auth0, but every one of the plugins (azuread, cognito, google, okta, ldap, etc) follows the same patterns. Each plugin has its own documentation page.

ds-load vs plugin parameters

The ds-load CLI parameters need to be passed first, and can be followed by an arbitrary list of positional parameters. The first positional parameter is the plugin name we want to invoke followed by the plugin's parameters.

Example: ds-load --host=<directory host> auth0 --domain=<auth0 domain>

--host is a CLI parameter for ds-load
auth0 is the plugin name
--domain is a parameter for the auth0 plugin

For viewing the plugin help, use the following format: ds-load auth0 --help.

Tip

When running ds-load auth0 --key, auth0 is a positional parameter, so --key will be run in the context of the plugin. If we run ds-load --key auth0, --key would be a parameter to ds-load exec.

ds-load exec

exec is the default command. it will invoke a plugin with the specified parameters reading its output and importing the resulting data into the directory.

Usage: ds-load exec <command> ...

import data in directory by running fetch, transform and publish

Arguments:
  <command> ...    available commands are: auth0|azuread|cognito|google|okta|ldap

Flags:
  -h, --help                  Show context-sensitive help.
  -c, --config=CONFIG-FLAG    Path to the config file. Any argument provided to the CLI will take precedence.
  -v, --verbosity=INT         Use to increase output verbosity.

  -s, --host=STRING           Directory host address ($DIRECTORY_HOST)
  -k, --api-key=STRING        Directory API Key ($DIRECTORY_API_KEY)
  -i, --insecure              Disable TLS verification
  -t, --tenant-id=STRING      Directory Tenant ID ($DIRECTORY_TENANT_ID)
  -p, --print                 print output to stdout

-p/--print is enabled by default when invoking a plugin with fetch/version/export-transform/--help

Environment variables

Parameters can also be passed using environment variables, as seen in the help message of each command, but the ones from config files and command line take precedence.

Config files

Config files are in yaml format:

---
arg: value
another-arg: value
<plugin-name>:
  arg: value

When passing custom config files to both the cli and the plugin, use ds-load -c <config-path> <plugin-name> <command>

CLI config

The default location for the configuration file is ~/.config/ds-load/cfg/config.yaml. It can be overridden using the -c/--config flag.

example with auth0 plugin

---
host: directory.prod.aserto.com:8443
api-key: secretapikey
tenant-id: your-tenant-id
auth0:
  domain: "domain.auth0.com"
  client-id: "clientid"
  client-secret: "clientsupersecret"
  template-file: "/path/to/transform.file"

Plugin config

The default location for plugin configuration files is ~/.config/ds-load/cfg/<plugin-name>.yaml. It can be overridden using the -c/--config flag.

example for auth0

---
auth0:
  domain: "domain.auth0.com"
  client-id: "clientid"
  client-secret: "clientsupersecret"
  template-file: "/path/to/transform.file"

Transform

The data received from the fetcher is transformed into objects and relations using a transformation template, which is uses the go template syntax.

The default transformation template can be exported using ds-load <plugin-name> export-transform.

A custom transformation file can be provided when running the plugin in exec or transform mode via the --template-file parameter.

More documentation about transforms can be found here.

Logs

Logs are printed to stdout. You can increase detail using the verbosity flag (e.g. -vvv).

Usage examples

Import from auth0 into the directory

ds-load --host=<directory-host> --api-key=<directory-api-key> --tenant-id=<tenant-id> auth0 --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret>

Import data with a custom transformation file

ds-load --host=<directory-host> --api-key=<directory-api-key> --tenant-id=<tenant-id> auth0 --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret> --template-file=<template-path>

Fetch data from auth0 without importing it

ds-load auth0 fetch --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret>

Transform data from a previously saved auth0 fetch

Note: we use -p in order to just print the transform data.

ds-load auth0 fetch --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret> > auth0.json
cat auth0.json | ds-load -p auth0 transform

Transform and import data from a previously saved auth0 fetch

ds-load auth0 fetch --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret> > auth0.json

cat auth0.json | ds-load --host=<directory-host> --api-key=<directory-api-key> --tenant-id=<tenant-id> auth0 transform

Pipe data from fetch to transform

ds-load auth0 fetch --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret> | ds-load -p auth0 transform

Use config file to import data from auth0 into the directory

config.yaml

---
host: "directory.prod.aserto.com:8443"
api-key: "secretapikey"
tenant-id: "your-tenant-id"
auth0:
  domain: "domain.auth0.com"
  client-id: "clientid"
  client-secret: "clientsupersecret"

ds-load -c ./config.yaml auth0

Load directory data from a file

ds-load -p auth0 --domain=<auth0-domain> --client-id=<auth0-client-id> --client-secret=<auth0-client-secret> > auth0.json

cat auth0.json | ds-load publish --host=<directory-host> --api-key=<directory-api-key> --tenant-id=<tenant-id>

Usage

Arguments​

ds-load vs plugin parameters​

ds-load exec​

Environment variables​

Config files​

CLI config​

example with auth0 plugin​

Plugin config​

example for auth0​

Transform​

Logs​

Usage examples​

Import from auth0 into the directory​

Import data with a custom transformation file​

Fetch data from auth0 without importing it​

Transform data from a previously saved auth0 fetch​

Transform and import data from a previously saved auth0 fetch​

Pipe data from fetch to transform​

Use config file to import data from auth0 into the directory​

Load directory data from a file​