Ctrl+K

Applications

Applications#

A Union application is an identity through which external systems can perform actions in the system. An application can be bound to policies and granted permissions just like a human user.

Applications are managed through uctl.

List existing apps#

$ uctl get apps

Output:

 -------------------- --------------------- ---------------- ----------------------------------------
| ID (4)             | CLIENT NAME        | RESPONSE TYPES | GRANT TYPES                             |
 -------------------- -------------------- ---------------- -----------------------------------------
| contoso-flyteadmin | contoso flyteadmin | [CODE]         | [CLIENT_CREDENTIALS AUTHORIZATION_CODE] |
 -------------------- -------------------- ---------------- -----------------------------------------
| contoso-uctl       | contoso uctl       | [CODE]         | [AUTHORIZATION_CODE]                    |
 -------------------- -------------------- ---------------- -----------------------------------------
| contoso-operator   | contoso operator   | [CODE]         | [CLIENT_CREDENTIALS AUTHORIZATION_CODE] |
 -------------------- -------------------- ---------------- -----------------------------------------

Note

These 3 apps are built into the system. Modifying these by editing, deleting or recreating them will disrupt the system.

Exporting the spec of an existing app#

$ uctl get apps contoso-operator --appSpecFile app.yaml

Output:

clientId: contoso-operator
clientName: contoso operator
grantTypes:
  - CLIENT_CREDENTIALS
  - AUTHORIZATION_CODE
redirectUris:
  - http://localhost:8080/authorization-code/callback
responseTypes:
  - CODE
tokenEndpointAuthMethod: CLIENT_SECRET_BASIC

Creating a new app#

First, create a specification file called app.yaml (for example) with the following contents (you can adjust the clientId and clientName to your requirements):

clientId: example-operator
clientName: Example Operator
grantTypes:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
redirectUris:
- http://localhost:8080/authorization-code/callback
responseTypes:
- CODE
tokenEndpointAuthMethod: CLIENT_SECRET_BASIC

Now, create the app using the specification file:

$ uctl create app --appSpecFile app.yaml

The response should look something like this:

 ------------------ ------------------- ------------- ---------
| NAME             | CLIENT NAME       | SECRET      | CREATED |
 ------------------ ------------------- ------------- ---------
| example-operator |  Example Operator | <AppSecret> |         |
 ------------------ ------------------- ------------- ---------

Copy the <AppSecret> to an editor for later use. This is the only time that the secret will be displayed. The secret is not stored by Union.

Update an existing app#

To update an existing app, update its specification file as desired while leaving the clientId the same, to identify which app is to be updated, and then do:

$ uctl apply app --appSpecFile app.yaml

Delete an app#

To delete an app use the uctl delete app command and specify the app by ID:

$ uctl delete app example-operator
Contents