Configuration Automation - Ping CLI

pingcli platform export

Export Configuration as Code packages for the Ping Platform.

Synopsis

Export Configuration as Code packages for the Ping Platform.

The CLI can export Terraform HCL to use with released Terraform providers. The Terraform HCL option generates import {} block statements for resources in the target environment. Using Terraform import {} blocks, the platform’s configuration can be generated and imported into state management. More information can be found at https://developer.hashicorp.com/terraform/language/import

pingcli platform export [flags]

Examples

  Export Configuration as Code for all products configured in the configuration file, applying default options.
    pingcli platform export

  Export Configuration as Code packages for all configured products to a specific directory, overwriting any previous export.
    pingcli platform export --output-directory /path/to/my/directory --overwrite

  Export Configuration as Code packages for all configured products, specifying the export format as Terraform HCL.
    pingcli platform export --format HCL

  Export Configuration as Code packages for PingOne (core platform and SSO services).
    pingcli platform export --services pingone-platform,pingone-sso

  Export all Configuration as Code packages for PingOne. The --service-group flag can be used instead of listing all pingone-* packages in --services flag.
    pingcli platform export --service-group pingone

  Export Configuration as Code packages for PingOne (core platform), specifying the PingOne environment connection details.
    pingcli platform export --services pingone-platform --pingone-client-environment-id 3cf2... --pingone-worker-client-id a719... --pingone-worker-client-secret ey..... --pingone-region-code EU

  Export Configuration as Code packages for PingFederate, specifying the PingFederate connection details using basic authentication.
    pingcli platform export --services pingfederate --pingfederate-authentication-type basicAuth --pingfederate-username administrator --pingfederate-password 2FederateM0re --pingfederate-https-host https://pingfederate-admin.bxretail.org

  Export Configuration as Code packages for PingFederate, specifying OAuth 2.0 client credentials.
    pingcli platform export --services pingfederate --pingfederate-authentication-type clientCredentialsAuth --pingfederate-client-id clientID --pingfederate-client-secret clientSecret --pingfederate-token-url https://pingfederate-admin.bxretail.org/as/token.oauth2

  Export Configuration as Code packages for PingFederate, specifying optional connection properties
    pingcli platform export --services pingfederate --x-bypass-external-validation=false --ca-certificate-pem-files "/path/to/cert.pem,/path/to/cert2.pem" --insecure-trust-all-tls=false

Options

  -d, --output-directory string                               Specifies the output directory for export. Can be an absolute filepath or a relative filepath of the present working directory.  Example: '/Users/example/pingcli-export' Example: 'pingcli-export'
  -h, --help                                                  help for export
  -f, --format string                                         Specifies the export format. (default HCL) Options are: HCL.
  -g, --service-group string                                  Specifies the service group to export.  Options are: pingone. Example: 'pingone'
  -o, --overwrite                                             Overwrites the existing generated exports in output directory. (default false)
  -s, --services []string                                     Specifies the service(s) to export. Accepts a comma-separated string to delimit multiple services.  Options are: pingfederate, pingone-authorize, pingone-mfa, pingone-platform, pingone-protect, pingone-sso. Example: 'pingone-sso,pingone-mfa,pingfederate'
      --pingfederate-access-token string                      The PingFederate access token used to authenticate to the PingFederate admin API when using a custom OAuth 2.0 token method.
      --pingfederate-admin-api-path string                    The PingFederate API URL path used to communicate with PingFederate's admin API. (default /pf-admin-api/v1)
      --pingfederate-authentication-type string               The authentication type to use when connecting to the PingFederate admin API. Options are: accessTokenAuth, basicAuth, clientCredentialsAuth. Example: 'basicAuth'
      --pingfederate-ca-certificate-pem-files []string        Relative or full paths to PEM-encoded certificate files to be trusted as root CAs when connecting to the PingFederate server over HTTPS. (default []) Accepts a comma-separated string to delimit multiple PEM files.
      --pingfederate-client-id string                         The PingFederate OAuth client ID used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
      --pingfederate-client-secret string                     The PingFederate OAuth client secret used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
      --pingfederate-https-host string                        The PingFederate HTTPS host used to communicate with PingFederate's admin API. Example: 'https://pingfederate-admin.bxretail.org'
      --pingfederate-insecure-trust-all-tls                   Trust any certificate when connecting to the PingFederate server admin API. (default false) This is insecure and shouldn't be enabled outside of testing.
      --pingfederate-password string                          The PingFederate password used to authenticate to the PingFederate admin API when using basic authentication.
      --pingfederate-scopes []string                          The PingFederate OAuth scopes used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type. (default []) Accepts a comma-separated string to delimit multiple scopes. Example: 'openid,profile'
      --pingfederate-token-url string                         The PingFederate OAuth token URL used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
      --pingfederate-username string                          The PingFederate username used to authenticate to the PingFederate admin API when using basic authentication. Example: 'administrator'
      --pingfederate-x-bypass-external-validation-header      Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate's admin API). (default false)
      --pingone-authentication-type string                    The authorization grant type to use to authenticate to the PingOne management API. (default worker) Options are: authorization_code, client_credentials, device_code, worker.
      --pingone-authorization-code-client-id string           The authorization code client ID used to authenticate to the PingOne management API.
      --pingone-authorization-code-redirect-uri-path string   The redirect URI path to use when using the authorization code authorization grant type to authenticate to the PingOne management API. (default /callback)
      --pingone-authorization-code-redirect-uri-port string   The redirect URI port to use when using the authorization code authorization grant type to authenticate to the PingOne management API. (default 7464)
      --pingone-client-credentials-client-id string           The client credentials client ID used to authenticate to the PingOne management API.
      --pingone-client-credentials-client-secret string       The client credentials client secret used to authenticate to the PingOne management API.
      --pingone-device-code-client-id string                  The device code client ID used to authenticate to the PingOne management API.
      --pingone-environment-id string                         The ID of the PingOne environment to use for authentication (used by all auth types).
      --pingone-export-environment-id string                  The ID of the PingOne environment to export. Must be a valid PingOne UUID.
      --pingone-region-code string                            The region code of the PingOne tenant. Options are: AP, AU, CA, EU, NA, SG. Example: 'NA'
      --pingone-worker-client-id string                       DEPRECATED: Use --pingone-client-credentials-client-id instead. The worker client ID used to authenticate to the PingOne management API.
      --pingone-worker-client-secret string                   DEPRECATED: Use --pingone-client-credentials-client-secret instead. The worker client secret used to authenticate to the PingOne management API.
      --pingone-worker-environment-id string                  DEPRECATED: Use --pingone-environment-id instead. The ID of the PingOne environment that contains the worker client used to authenticate to the PingOne management API.

Options inherited from parent commands

  -C, --config string          The relative or full path to a custom Ping CLI configuration file. (default $HOME/.pingcli/config.yaml)
  -D, --detailed-exitcode      Enable detailed exit code output. (default false) 0 - pingcli command succeeded with no errors or warnings. 1 - pingcli command failed with errors. 2 - pingcli command succeeded with warnings.
  -O, --output-format string   Specify the console output format. (default text) Options are: json, text.
  -P, --profile string         The name of a configuration profile to use.
      --no-color               Disable text output in color. (default false)

More information