Create Connection
The connection resource allows exposing internal services from your internal infra structure to users.
Types of Connections
The definition of this resource represent how clients will be able to interact with internal resources.
Each type/subtype may represent a distinct implementation:
-
application/<subtype>
- An alias to map distinct types of shell applications (e.g.: python, ruby, etc) -
application/tcp
- Forward TCP connectionsThis type requires the following environment variables:
HOST
: ip or dns of the internal servicePORT
: the port of the internal service
-
custom
- Any custom shell application -
database/<subtype>
- Allow connecting to databases through multiple clients (Webapp, cli, IDE’s)
Each <subtype>
has distinct environment variables that are allowed to be configured, refer to our documentation for more information.
Body
Toggle Port Forwarding
- enabled - Enable to perform port forwarding for this connection
- disabled - Disable port forwarding for this connection
enabled
, disabled
Toggle Ad Hoc Executions
- enabled - Enable to run ad-hoc executions for this connection
- disabled - Disable ad-hoc executions for this connection
enabled
, disabled
Toggle Ad Hoc Runbooks Executions
- enabled - Enable to run runbooks for this connection
- disabled - Disable runbooks execution for this connection
enabled
, disabled
Toggle Introspection Schema
- enabled - Enable the instrospection schema in the webapp
- disabled - Disable the instrospection schema in the webapp
enabled
, disabled
The agent associated with this connection
Name of the connection. This attribute is immutable when updating it
Type represents the main type of the connection:
- database - Database protocols
- application - Custom applications
- custom - Shell applications
database
, application
, custom
Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp.
The guard rail association id rules
The jira issue templates ids associated to the connection
When this option is enabled it will allow managing the redact types through the attribute redact_types
Redact Types is a list of info types that will used to redact the output of the connection. Possible values are described in the DLP documentation: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference
Reviewers is a list of groups that will review the connection before the user could execute it
Secrets are environment variables that are going to be exposed in the runtime of the connection:
- { envvar:[env-key]: [base64-val] } - Expose the value as environment variable
- { filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem
The value could also represent an integration with a external provider:
- { envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable
- { envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"}
Sub Type is the underline implementation of the connection:
- postgres - Implements Postgres protocol
- mysql - Implements MySQL protocol
- mongodb - Implements MongoDB Wire Protocol
- mssql - Implements Microsoft SQL Server Protocol
- tcp - Forwards a TCP connection
Tags to classify the connection
Response
Toggle Port Forwarding
- enabled - Enable to perform port forwarding for this connection
- disabled - Disable port forwarding for this connection
enabled
, disabled
Toggle Ad Hoc Executions
- enabled - Enable to run ad-hoc executions for this connection
- disabled - Disable ad-hoc executions for this connection
enabled
, disabled
Toggle Ad Hoc Runbooks Executions
- enabled - Enable to run runbooks for this connection
- disabled - Disable runbooks execution for this connection
enabled
, disabled
Toggle Introspection Schema
- enabled - Enable the instrospection schema in the webapp
- disabled - Disable the instrospection schema in the webapp
enabled
, disabled
The agent associated with this connection
Name of the connection. This attribute is immutable when updating it
Type represents the main type of the connection:
- database - Database protocols
- application - Custom applications
- custom - Shell applications
database
, application
, custom
Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp.
The guard rail association id rules
Unique ID of the resource
The jira issue templates ids associated to the connection
Managed By is a read only field that indicates who is managing this resource. When this attribute is set, this resource is considered immutable
When this option is enabled it will allow managing the redact types through the attribute redact_types
Redact Types is a list of info types that will used to redact the output of the connection. Possible values are described in the DLP documentation: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference
Reviewers is a list of groups that will review the connection before the user could execute it
Secrets are environment variables that are going to be exposed in the runtime of the connection:
- { envvar:[env-key]: [base64-val] } - Expose the value as environment variable
- { filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem
The value could also represent an integration with a external provider:
- { envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable
- { envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"}
Status is a read only field that informs if the connection is available for interaction
- online - The agent is connected and alive
- offline - The agent is not connected
online
, offline
Sub Type is the underline implementation of the connection:
- postgres - Implements Postgres protocol
- mysql - Implements MySQL protocol
- mongodb - Implements MongoDB Wire Protocol
- mssql - Implements Microsoft SQL Server Protocol
- tcp - Forwards a TCP connection
Tags to classify the connection