├── LICENSE ├── README.md ├── certificates ├── cloudctl.pem.cer ├── cloudctl.pem.chain └── cloudctl.pem.pub.key ├── cloudctl-chain0.pub ├── cloudctl-chain1.pub ├── cloudctl.pub └── doc ├── case_cmd.md ├── case_launch.md ├── case_save.md ├── samples └── parse_csv.sh ├── verify-v2.md └── verify.md /LICENSE: -------------------------------------------------------------------------------- 1 | International License Agreement for Non-Warranted Programs 2 | 3 | Part 1 - General Terms 4 | 5 | BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. 6 | 7 | IF YOU DO NOT AGREE TO THESE TERMS OR DO NOT HAVE AUTHORITY: i) DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND ii) PROMPTLY RETURN THE UNUSED MEDIA AND DOCUMENTATION, AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. 8 | 9 | This International License Agreement for Non-Warranted Programs (ILAN) and applicable Transaction Documents (together the "Agreement") are the complete agreement between Licensee and IBM regarding the use of a Program. The country required terms included in Part 2 of this ILAN replace or modify the terms of Part 1. 10 | 11 | Transaction Documents (TDs) provide a description, information, and terms regarding the Program and its authorized use. Examples of TDs for Programs include license information (LI), licensed program specifications (LPS), quote, proof of entitlement (PoE) or invoice. To the extent of any conflict a TD will prevail over the ILAN. 12 | 13 | 1. Program License 14 | 15 | a. A Program is an executable IBM-branded computer program and its related material and includes whole and partial copies. Program details are described in a TD available at http://www.ibm.com/software/sla (for Passport Advantage Programs) or http://www.ibm.com/support/knowledgecenter (for other IBM Programs), in the Program's system command directory, or as otherwise specified by IBM. IBM software policies (such as backup, temporary use and IBM approved cloud environment) available at http://www.ibm.com/softwarepolicies apply to Licensee's use of Programs. 16 | 17 | b. Copies of Programs are copyrighted and licensed. 18 | 19 | c. Licensee is granted a nonexclusive license to: 20 | 21 | (1) use each copy of a Program, subject to the terms of the Agreement and, if applicable, up to the number of license entitlements Licensee acquires ("Authorized Use"); 22 | 23 | (2) make and install copies to support such Authorized Use; and 24 | 25 | (3) make a backup copy. 26 | 27 | d. Programs may be used by Licensee, its employees and contractors. Licensee may not rent or lease a Program or provide commercial IT, hosting or timesharing services to any third party. Additional rights may be available for additional fees or under different terms. 28 | 29 | e. The license granted for a Program is subject to Licensee: 30 | 31 | (1) reproducing copyright notices and other markings on any copy; 32 | 33 | (2) ensuring anyone who uses the Program: i) does so only on Licensee's behalf within Licensee's Authorized Use; and ii) complies with this Agreement; 34 | 35 | (3) not reverse assembling, reverse compiling, translating, or reverse engineering the Program, except as expressly permitted by law without the possibility of contractual waiver; and 36 | 37 | (4) not using any of the elements of the Program or related licensed materials separately from the Program. 38 | 39 | f. If the TD for a Program ("Principal Program") states that a "Supporting Program" is included with the Principal Program, Licensee may use the Supporting Program subject to any license limitations of the Principal Program and only to support the Principal Program. 40 | 41 | g. This license applies to each copy of the Program that Licensee makes. 42 | 43 | h. An update, fix, or patch to a Program is subject to the terms governing the Program unless new terms are provided in an updated TD. Licensee accepts such new terms upon installation of the update, fix, or patch. If a Program is replaced by an update, Licensee agrees to promptly discontinue use of the replaced Program. 44 | 45 | i. If Licensee is dissatisfied with a Program for any reason, Licensee may terminate the license by returning the Program and proof of entitlement to IBM or the authorized IBM Business Partner within 30 days of the original acquisition date of such Program for a refund of the amount paid. For a downloaded Program, contact the party Licensee acquired the Program from for refund instructions. 46 | 47 | 2. Warranties 48 | 49 | a. IBM does not warrant uninterrupted or error-free operation of an IBM Program or that IBM will correct all defects or prevent third party disruptions. These warranties are the exclusive warranties from IBM and replace all other warranties, including the implied warranties or conditions of satisfactory quality, merchantability, non-infringement, and fitness for a particular purpose. IBM warranties will not apply if there has been misuse, modification, damage not caused by IBM, or failure to comply with written instructions provided by IBM. Non-IBM Programs are provided as-is, without warranties of any kind. Third parties may provide their own warranties to Licensee. 50 | 51 | b. Additional support available during or after the warranty period may be available under separate agreement. 52 | 53 | 3. Charges, Taxes, Payment, and Verification 54 | 55 | a. Licensee's right to use a Program is contingent on Licensee paying applicable charges, if any, as specified in the agreement under which Licensee acquired the license entitlements. Licensee is responsible to acquire additional license entitlements in advance of any increase of its use. 56 | 57 | b. Licensee agrees to pay all applicable charges for acquired entitlements and any charges for use in excess of authorizations. Charges are exclusive of any customs or other duty, tax, and similar levies imposed by any authority resulting from Licensee's acquisition of entitlements and will be invoiced in addition to such charges. Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM and late payment fees may apply. Licensee is responsible to properly acquire additional license entitlements in advance to increase its use. IBM does not give credits or refunds for charges already due or paid, except as specified elsewhere in this ILAN, the applicable TD, or terms of the agreement under which Licensee acquired license entitlements. 58 | 59 | c. Based on acquired entitlements, Licensee agrees to: i) pay any withholding tax directly to the appropriate government entity where required by law; ii) furnish a tax certificate evidencing such payment to IBM; iii) pay IBM only the net proceeds after tax; and iv) fully cooperate with IBM in seeking a waiver or reduction of such taxes and promptly complete and file all relevant documents. 60 | 61 | d. If Licensee imports, exports, transfers, accesses, or uses a Program across a border, Licensee agrees to be responsible for and pay authorities any custom, duty, tax, or similar levy assessed by the authorities. This excludes those taxes based on IBM's net income. 62 | 63 | 3.1 Licensing Verification 64 | 65 | a. Licensee will, for all Programs at all sites and for all environments, create, retain, and each year provide to IBM upon request with 30 days' advance notice: i) a report, in a format requested by IBM using records, system tools output, and other system information; and ii) supporting documentation (collectively, "Deployment Data"). 66 | 67 | b. Upon reasonable notice, IBM and its independent auditors may verify Licensee's compliance with this Agreement, at all sites and for all environments, in which Licensee uses (for any purposes) Programs. Verification will be conducted in a manner that minimizes disruption to Licensee's business and may be conducted on Licensee's premises, during normal business hours. IBM will have a written confidentiality agreement with the independent auditor. In addition to providing Deployment Data described above, Licensee agrees to provide to IBM and its auditors additional accurate information and Deployment Data upon request. 68 | 69 | c. Licensee will promptly order and pay charges at IBM's then current rates associated with: i) any deployments in excess of authorizations indicated on or by any annual report or verification; ii) applicable subscription & support services (S&S) for such excess deployments for the lesser of the duration of such excess use or two years; and iii) any additional charges and other liabilities determined as a result of such verification, including but not limited to taxes, duties, and regulatory fees. 70 | 71 | 4. Liability and Intellectual Property Protection 72 | 73 | a. IBM's entire liability for all claims related to this Agreement will not exceed the amount of any actual direct damages incurred by Licensee up to the greater of: i) U.S. $10,000.00 (or equivalent in local currency); or ii) the amounts paid (if recurring charges, up to 12 months' charges apply) for the entitlements to the Program that is the subject of the claim, regardless of the basis of the claim. IBM will not be liable for special, incidental, exemplary, indirect, or economic consequential damages, or for lost profits, business, value, revenue, goodwill, or anticipated savings. These limitations apply collectively to IBM, its affiliates, contractors, and suppliers. 74 | 75 | b. The following amounts are not subject to the above cap: damages that cannot be limited under applicable law. 76 | 77 | c. IBM has no responsibility for claims based on non-IBM products, items not provided by IBM, or any violation of law or third party rights caused by Content, or any Licensee materials, designs, specifications. Content consists of all data, software, and information that Licensee or its authorized users provide, authorize access to, or inputs to a Program. 78 | 79 | 5. Termination 80 | 81 | a. IBM may terminate Licensee's license to use a Program if Licensee fails to comply with the ILAN, TDs or acquisition agreements, such as the International Passport Advantage Agreement (IPAA). Licensee will promptly destroy all copies of the Program after license termination. Any terms that by their nature extend beyond the termination remain in effect until fulfilled and apply to successors and assignees. 82 | 83 | 6. Governing Laws and Geographic Scope 84 | 85 | a. Both parties agree to the application of the laws of the country where the transaction for license entitlements is performed, without regard to conflict of law principles. The rights and obligations of each party are valid only in the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use, except all licenses are valid as specifically granted. 86 | 87 | b. Each party is also responsible for complying with: i) laws and regulations applicable to its business and Content; and ii) import, export and economic sanction laws and regulations, including the defense trade control regime of the United States of America and any applicable jurisdictions, that prohibit or restrict the import, export, re-export, or transfer of products, technology, services or data, directly or indirectly, to or for certain countries, end uses or end users. 88 | 89 | c. If any provision of this Agreement for a Program, is invalid or unenforceable, the remaining provisions remain in full force and effect. Nothing in this Agreement affects statutory rights of consumers that cannot be waived or limited by contract. The United Nations Convention on Contracts for the International Sale of Goods does not apply to transactions under this Agreement. 90 | 91 | 7. General 92 | 93 | a. IBM is an independent contractor, not Licensee's agent, joint venturer, partner, or fiduciary, and does not undertake to perform any of Licensee's regulatory obligations, or assume any responsibility for Licensee's business or operations. Licensee is responsible for its use of IBM Programs and Non-IBM Programs. IBM is acting as an information technology provider only. IBM's direction, suggested usage, or guidance or use of a Program does not constitute medical, clinical, legal, accounting, or other licensed professional advice. Licensee should obtain its own expert advice. 94 | 95 | b. For Programs IBM provides to Licensee in tangible form, IBM fulfills its shipping and delivery obligations upon the delivery of such Programs to the IBM-designated carrier, unless otherwise agreed to in writing by Licensee and IBM. 96 | 97 | c. Licensee may not use the Program if failure of the Program could lead to death, serious bodily injury, or property or environmental damage. 98 | 99 | d. IBM, its affiliates, and contractors of either require use of business contact information and certain account usage information. This information is not Content. Business contact information is used to communicate and manage business dealings with the Licensee. Examples of business contact information include name, business telephone, address, email, user ID, and tax registration information. Account usage information is required to enable, provide, manage, support, administer, and improve Programs. Examples of account usage information include reported errors and digital information gathered using tracking technologies, such as cookies and web beacons, during use of the Programs. The IBM Privacy Statement at http://www.ibm.com/privacy provides additional details with respect to IBM's collection, use, and handling of business contact and account usage information. When Licensee provides information to IBM and notice to, or consent by, the individuals is required for such processing, Licensee will notify individuals and obtain consent. 100 | 101 | e. IBM Business Partners who use or make available Programs are independent from IBM and unilaterally determine their prices and terms. IBM is not responsible for their actions, omissions, statements, or offerings. 102 | 103 | f. IBM may offer Non-IBM Programs, or an IBM Program may enable access to Non-IBM Programs, that may require acceptance of third party terms identified in a TD or presented to the Licensee. Linking to or use of Non-IBM Programs constitutes Licensee's agreement with such terms. IBM is not a party to such third party agreements and is not responsible for such Non-IBM Programs. 104 | 105 | g. License grants to Programs are provided by International Business Machines Corporation, a New York corporation ("IBM Corporation"). The IBM company from which the Licensee acquires entitlements ("IBM") is acting as a distributor and delivering Programs and is responsible for enforcing the terms of this Agreement. If entitlements are acquired from an IBM Business Partner, the IBM company for the country of acquisition is responsible for enforcing the terms of this Agreement. No right or cause of action is created in favor of Licensee against IBM Corporation. Licensee waives all claims and causes of action against IBM Corporation and agrees to look solely to IBM for any rights and remedies in connection with Programs. 106 | 107 | h. Licensee may not sublicense, assign, or transfer the license for any Program (except to the extent assignment or transfer may not be legally restricted or as is expressly permitted in a TD or as otherwise agreed by IBM). IBM may assign its rights and obligations under this Agreement in conjunction with the sale of the portion of IBM's business that includes a Program. IBM may share this Agreement and related documents in conjunction with any assignment. 108 | 109 | i. All notices under the Agreement must be in writing and sent to the business address specified in the agreement Licensee acquired the license entitlements unless a party designates in writing a different address. The parties consent to the use of electronic means and facsimile transmissions for communications as a signed writing. Any reproduction of the Agreement made by reliable means is considered an original. Agreement supersedes any course of dealing, discussions or representations, between the parties. 110 | 111 | j. No right or cause of action for any third party is created by the Agreement. Neither party will bring a legal action arising out of or related to this Agreement more than two years after the cause of action arose. Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control. Each party will allow the other reasonable opportunity to comply before it claims the other has not met its obligations. 112 | 113 | k. IBM may use personnel and resources in locations worldwide, including third party contractors to support the delivery of Programs and Program support. Licensee's use of Programs may result in the transfer of Content, including personally identifiable information, across country borders to provide Program support as described in the IBM Software Support Guide. 114 | 115 | Part 2 - Country Required Terms 116 | 117 | For licenses acquired in the countries specified below, the following terms replace or modify the referenced terms of this ILAN. Terms not changed by these amendments remain unchanged and in effect. 118 | 119 | 1. AMERICAS 120 | 121 | Section 3. Charges, Taxes, Payment, and Verification 122 | 123 | Replace the first and second sentence of paragraph b with the following: 124 | 125 | In Brazil: Licensee agrees to pay all applicable charges for acquired entitlements and any charges for use in excess of authorizations and any customs or other duty, tax, and similar levies imposed by any authority resulting from Licensee's acquisition of entitlements. 126 | 127 | In paragraph b: 128 | 129 | In Mexico: In the third sentence, delete the words "to an account specified by IBM". 130 | 131 | In Mexico: Add the following new sentence after the third sentence: 132 | 133 | Payments will be made through electronic transfer of funds to an account specified by IBM or in IBMīs domicile which is located in Alfonso Napoles Gandara 3111, Santa Fe PeŮa Blanca, Alvaro Obregon, Mexico City, Zip Code 01210. 134 | 135 | Add at the end of paragraph c the following sentence: 136 | 137 | In Canada: Where taxes are based upon the location(s) receiving the benefit of the Program, Licensee has an ongoing obligation to notify IBM of such location(s) if different than Licensee's business address listed in the applicable Attachment or TD. 138 | 139 | Add at the end of paragraph c the following sentence: 140 | 141 | In United States: The parties agree no tangible personal property (e.g. media or publications) shall transfer to Licensee if: i) IBM delivers Programs electronically to Licensee; or ii) Licensee claims a sales or use tax exemption for Programs IBM delivers electronically to Licensee. Where taxes are based upon the location(s) receiving the benefit of the Program, Licensee has an ongoing obligation to notify IBM of such location(s) if different than Licensee's business address listed in the applicable Attachment or TD. 142 | 143 | Section 4. Liability and Intellectual Property Protection 144 | 145 | Insert the following disclaimer at the end of paragraph a: 146 | 147 | In Peru: In accordance with Article 1328 of the Peruvian Civil Code this limitations and exclusions will not apply in the cases of willful misconduct ("dolo") or gross negligence ("culpa inexcusable"). 148 | 149 | Section 6. Governing Laws and Geographic Scope 150 | 151 | In paragraph a, replace the first sentence only with: 152 | 153 | In Argentina: Both parties agree to the application of the laws of the Republic of Argentina, without regard to the conflict of law principles. Any proceeding regarding the rights, duties, and obligations arising from this Agreement will be brought in the Ordinary Commercial Court of the City of "Ciudad Autůnoma de Buenos Aires". 154 | 155 | In Chile: Both parties agree to the application of the laws of Chile, without regard to the conflict of law principles. Any conflict, interpretation or breach related to this Agreement that cannot be solved by the Parties should be remitted to the jurisdiction of the Ordinary Courts of the city and district of Santiago. 156 | 157 | In Colombia: Both parties agree to the application of the laws of the Republic of Colombia, without regard to the conflict of law principles. All rights, duties and obligations are subject to the judges of the Republic of Colombia. 158 | 159 | In Ecuador: Both parties agree to the application of the laws of the Republic of Ecuador, without regard to the conflict of law principles. Any dispute arising out or relating to this Agreement will be submitted to the civil judges of Quito and to the verbal summary proceeding. 160 | 161 | In Venezuela: Both parties agree to the application of the laws of Venezuela, without regard to the conflict of law principles. The parties agree to submit any conflict related to this Agreement, existing between them to the Courts of the Metropolitan Area of the City of Caracas. 162 | 163 | In Peru: Both parties agree to the application of the laws of Peru, without regard to the conflict of law principles. Any discrepancy that may arise between the parties in the execution, interpretation or compliance of this Agreement that may not be directly resolved shall be submitted to the Jurisdiction and Competence of the Judges and Tribunals of the 'Cercado de Lima' Judicial District. 164 | 165 | In Uruguay: Both parties agree to the application of the laws of Uruguay. Any discrepancy that may arise between the parties in the execution, interpretation or compliance of this Agreement that may not be directly resolved shall be submitted to the Montevideo Courts ("Tribunales Ordinarios de Montevideo"). 166 | 167 | In paragraph a, first sentence only, replace the phrase, "the country where the transaction for license entitlements is performed" with: 168 | 169 | In United States, Anguilla, Antigua/Barbuda, Aruba, Bahamas, Barbados, Bermuda, Bonaire, British Virgin Islands, Cayman Islands, Curacao, Dominica, Grenada, Guyana, Jamaica, Montserrat, Saba, Saint Eustatius, Saint Kitts and Nevis, Saint Lucia, Saint Maarten, Saint Vincent and the Grenadines, Suriname, Tortola, Trinidad and Tobago, and Turk and Caicos: the State of New York, United States. 170 | 171 | In Canada: the Province of Ontario and the federal laws of Canada applicable therein. 172 | 173 | In paragraph a, in the second sentence, replace the phrase "the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use" with: 174 | 175 | In Argentina: Argentina 176 | 177 | In Chile: Chile 178 | 179 | In Colombia: Colombia 180 | 181 | In Ecuador: Ecuador 182 | 183 | In Mexico: Mexico 184 | 185 | In Peru: Peru 186 | 187 | In Uruguay: Uruguay 188 | 189 | In Venezuela: Venezuela 190 | 191 | Add the following sentences at the end of paragraph b: 192 | 193 | In Brazil: All disputes arising out of or related to this Agreement, including summary proceedings, will be brought before and subject to the exclusive jurisdiction of the Forum of the City of S„o Paulo, State of S„o Paulo, Brazil and the parties irrevocably agree with this specific jurisdiction renouncing any other, however privileged it may be. 194 | 195 | In Mexico: The Parties agree to submit themselves to the exclusive jurisdiction of the courts of Mexico City to resolve any dispute arising from this Agreement. The Parties waive to any other jurisdiction that may correspond to them due to their current or future domiciles, or for any other reason. 196 | 197 | Section 7. General 198 | 199 | In paragraph g: 200 | 201 | In United States: delete the last 2 sentences. 202 | 203 | In paragraph i, add the following new sentence after the first sentence: 204 | 205 | In Mexico: Any change of address must be notified 10 (ten) days in advance, otherwise the notifications made at the last indicated address will have full legal effects. 206 | 207 | In paragraph j: 208 | 209 | In Brazil: delete the entire 2nd sentence of "Neither party will bring a legal action arising out of or related to the Agreement more than two years after the cause of action arose". 210 | 211 | Add as a new paragraph l to this section: 212 | 213 | In Canada: Both parties agree to write this document in English. Les parties ont convenu de rťdiger le prťsent document en langue anglaise. 214 | 215 | 2. ASIA PACIFIC 216 | 217 | Section 2. Warranties 218 | 219 | Add at the end of this section as a new paragraph f: 220 | 221 | In Australia: These warranties are in addition to any rights under, and only limited to the extent permitted by, the Competition and Consumer Act 2010. 222 | 223 | In Japan: IBM's liability is limited to this paragraph and the Liability and Intellectual Property Protection section, applicable Attachments, and TDs as Licensee's sole remedy for failure to meet the warranties specified in this section. 224 | 225 | In New Zealand: These warranties are in addition to any rights under the Consumer Guarantee Act 1993 or other legislation that cannot be limited by law. 226 | 227 | Section 3. Charges, Taxes, Payment, and Verification 228 | 229 | In paragraph b. replace the third sentence with the following 2 sentences: 230 | 231 | In Hong Kong, Indonesia, Korea, Macau, Malaysia, Philippines, Singapore, and Vietnam: Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM. If payment is not received within 30 days from the invoice date, IBM may charge a late payment fee on the amount outstanding, calculated on the number of days the payment is received late, at the lesser of: i) 2% for every 30 day period or portion thereof; or ii) the maximum amount permissible by applicable law. 232 | 233 | In Thailand: Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM. If payment is not received within 30 days from the invoice date, a late payment fee may be applied on the amount outstanding, at the rate of 1.25% per month, calculated on the number of days the payment is received late. 234 | 235 | In the first sentence of paragraph c, remove the word "and" before "(iv)", and add a semicolon and the following new item "(v)": 236 | 237 | In India: ; and (v) file accurate Taxes Deducted at Source (TDS) returns on a timely basis. If any tax, duty, levy or fee ("Taxes") are not charged on the basis of the exemption documentation provided by the Licensee and the taxation authority subsequently rules that such Taxes should have been charged, then the Licensee will be liable to pay such Taxes, including any interests, levies and/or penalties applicable thereon. 238 | 239 | In the first sentence of paragraph c, remove the word "and" before "(iv)", and replace item (iv) and add new item (v) with: 240 | 241 | In Singapore, Malaysia, Philippines, Thailand, Indonesia, and Vietnam: (iv) fully cooperate with IBM in seeking a waiver or reduction of withholding or other tax that Licensee requests a waiver or reduction; and v) promptly complete, file, and keep current all relevant documents for any such waiver, reductions, or exemptions. 242 | 243 | Section 4. Liability and Intellectual Property Protection 244 | 245 | In paragraph a, add at the end of the first sentence the following: 246 | 247 | In Australia: (for example, whether based in contract, tort, negligence, under statute or otherwise) 248 | 249 | In paragraph a, second sentence after the word "special" and before the word "incidental", add the following: 250 | 251 | In Philippines: (including nominal and exemplary damages), moral, 252 | 253 | Add as a new paragraph after the end of paragraph a (and ensure paragraphs properly reletter): 254 | 255 | In Australia: Where IBM is in breach of a guarantee implied by the Competition and Consumer Act 2010, IBM's liability is limited to the repair or replacement of goods or the supply of equivalent goods, or the payment of the cost of replacing the goods or having the good repaired. Where a guarantee relates to the right to sell, quiet possession, or clear title of a good under schedule 2 of the Competition and Consumer Act, then none of these limitations apply. 256 | 257 | Section 5. Termination 258 | 259 | Add at the end of the section as a new paragraph b: 260 | 261 | In Indonesia: The parties waive article 1266 of the Indonesian Civil Code to the extent it requires a court decree for the termination of an agreement creating mutual obligations. 262 | 263 | Section 6. Governing Laws and Geographic Scope 264 | 265 | In paragraph a, in the first sentence only, replace the phrase, "the country where the transaction for license entitlements is performed" with: 266 | 267 | In Cambodia, Laos: the State of New York, United States 268 | 269 | In Australia: the State or Territory in which the transaction is performed 270 | 271 | In Hong Kong: the Hong Kong Special Administrative Region of the People's Republic of China 272 | 273 | In Macau: the Hong Kong Special Administrative Region of the People's Republic of China 274 | 275 | In Korea: the Republic of Korea, and subject to the Seoul Central District Court of the Republic of Korea 276 | 277 | In Taiwan: Taiwan 278 | 279 | In India: India 280 | 281 | In paragraph b, in the first sentence, item ii), after the word "including" and before word "defense", add: 282 | 283 | In Japan: those of Japan laws and 284 | 285 | In paragraph a, in the second sentence, replace the phrase "the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use" with: 286 | 287 | In Hong Kong: the Hong Kong Special Administrative Region of the People's Republic of China 288 | 289 | In Macau: the Macau Special Administrative Region of the People's Republic of China 290 | 291 | In Taiwan: Taiwan 292 | 293 | Add at the end of the section as a new paragraph d: 294 | 295 | In Cambodia, Laos, Philippines, and Sri Lanka: Disputes will be finally settled by arbitration in Singapore under the Arbitration Rules of the Singapore International Arbitration Center ("SIAC Rules"). 296 | 297 | In India: Disputes shall be finally settled in accordance with The Arbitration and Conciliation Act, 1996 then in effect, in English, with seat in Bangalore, India. There shall be one arbitrator if the amount in dispute is less than or equal to Indian Rupee five crores and three arbitrators if the amount is more. When an arbitrator is replaced, proceedings shall continue from the stage they were at when the vacancy occurred. 298 | 299 | In Indonesia: Disputes will be finally settled by arbitration in Jakarta, Indonesia, administered by the Indonesian National Board of Arbitration established in the year 1977 ("Badan Arbitrase Nasional Indonesia" or "BANI") in accordance with the rules of the Indonesian National Board of Arbitration The arbitration award shall be final and binding on the parties without appeal and shall be in writing and set forth the findings of fact and the conclusion of law. 300 | 301 | In People's Republic of China: Either party has the right to submit the dispute to the China International Economic and Trade Arbitration Commission in Beijing, the PRC, for arbitration. The parties agree three arbitrators will be used to resolve any dispute. 302 | 303 | In Vietnam: Disputes will be finally settled by arbitration in Vietnam under the Arbitration Rules of the Vietnam International Arbitration Centre ("VIAC Rules"). All proceedings and documents presented will be in the English language. 304 | 305 | Section 7. General 306 | 307 | In paragraph j, in the second sentence, replace the phrase "two years" with: 308 | 309 | In India: three years 310 | 311 | Add to the end of this section the following new paragraph l: 312 | 313 | In Indonesia: This agreement is made in the English and Bahasa Indonesian language versions. To the extent permitted by the applicable law, the English version will prevail in the event of conflict between such versions. 314 | 315 | 3. EUROPE, MIDDLE EAST, AND AFRICA 316 | 317 | Section 3. Charges, Taxes, Payment, and Verification 318 | 319 | In paragraph b, add the following to the end of the third sentence: 320 | 321 | In Italy: if IBM requests in a written notice to Licensee. 322 | 323 | In Ukraine: , on the overdue amount from the next day after the due date up to the date of actual payment, prorated for each day of delay, at the interest rate of double the discount rate determined by the National Bank of Ukraine (NBU) during the delay period (paragraph 6 of article 232 of Commercial Code of Ukraine does not apply). 324 | 325 | In paragraph b, replace the third sentence with the following: 326 | 327 | In France: Amounts are due and payable within 10 days of the invoice date to an account specified by IBM and late payment fees apply equal to the most recent European Central Bank rate plus 10 points, in addition to debt collection costs of forty (40) euros or, if these costs exceed forty euros, complementary indemnification subject to justification of the amount claimed). 328 | 329 | In Russia: Amounts are due upon receipt of the invoice and payable within 30 days of the invoice date through electronic transfer of funds to an account specified by IBM. Late payment fees at the rate of 24% per annum calculated for each day beyond the 30 days may apply. 330 | 331 | In paragraph b, add the following to the end of the last sentence: 332 | 333 | In Lithuania: , or except as provided by law 334 | 335 | At the end of paragraph b, add the following: 336 | 337 | In Italy: In the instance of no payment or partial payment, and also following a formal credit claim procedure or trial that IBM may initiate, in derogation of article 4 of Legislative Decree n. 231 dated October 9, 2002, and according to article 7 of the same Legislative Decree, IBM will notify Licensee in writing by registered, return receipt mail of late payment fees due. 338 | 339 | Section 4. Liability and Intellectual Property Protection 340 | 341 | In paragraph a, in the first sentence insert the following before the words "the amounts paid": 342 | 343 | In Belgium, France, Germany, Italy, Luxembourg, Malta, Portugal, and Spain: the greater of Ä500,000 (five hundred thousand euro) or 344 | 345 | In Ireland and United Kingdom: 125% of 346 | 347 | In paragraph a, in the first sentence, replace the phrase "direct damages incurred by Licensee" with: 348 | 349 | In Spain: and proven damages incurred by Licensee as a direct consequence of the IBM default 350 | 351 | In paragraph a, insert after the first sentence the following new sentence: 352 | 353 | In Slovakia: Referring to ß 379 of the Commercial Code, Act No. 513/1991 Coll. as amended, and concerning all conditions related to the conclusion of the agreement, both parties state that the total foreseeable damage, which may accrue, shall not exceed the amount above, and it is the maximum for which IBM is responsible. 354 | 355 | In paragraph a, insert before the second sentence the following new sentence: 356 | 357 | In Russia: IBM will not be liable for the forgone benefit. 358 | 359 | In paragraph a, in the second sentence, delete the word: 360 | 361 | In Ireland and United Kingdom: economic 362 | 363 | In paragraph a, replace the second sentence with: 364 | 365 | In Belgium, Netherlands, and Luxembourg: IBM will not be liable for indirect or consequential damages, lost profits, business, value, revenue, goodwill, damage to reputation or anticipated savings, any third party claim against Licensee, and loss of (or damage to) data. 366 | 367 | In France: IBM will not be liable for damages to reputation, indirect damages, or lost profits, business, value, revenue, goodwill, or anticipated savings. 368 | 369 | In Portugal: IBM will not be liable for indirect damages, including loss of profit. 370 | 371 | In Spain: IBM will not be liable for damage to reputation, lost profits, business, value, revenue, goodwill, or anticipated savings. 372 | 373 | Add the following at the end of paragraph a: 374 | 375 | In France: The terms of the Agreement, including financial terms, were established in consideration of the present clause, which is an integral part of the general economy of the Agreement. 376 | 377 | In paragraph b, replace "damages that cannot be limited under applicable law" with the following: 378 | 379 | In Germany: i) damages for body injury (including death); ii) loss or damage caused by a breach of guarantee assumed by IBM in connection with any transaction under this Agreement; and iii) caused intentionally or by gross negligence. 380 | 381 | Section 6. Governing Laws and Geographic Scope 382 | 383 | In paragraph a, first sentence only, replace the phrase "the country where the transaction for license entitlements is performed" with: 384 | 385 | In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Romania, Russia, Serbia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: Austria 386 | 387 | In Estonia, Latvia, and Lithuania: Finland 388 | 389 | In Algeria, Andorra, Benin, Burkina Faso, Burundi, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: France 390 | 391 | In Angola, Bahrain, Botswana, Egypt, Eritrea, Ethiopia, Gambia, Ghana, Iraq, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: England 392 | 393 | In Liechtenstein: Switzerland 394 | 395 | In South Africa, Namibia, Lesotho, and Swaziland: the Republic of South Africa 396 | 397 | In United Kingdom: England 398 | 399 | In paragraph a, add the following at the end of the first sentence: 400 | 401 | In France: The Parties agree that articles 1222 and 1223 of the French Civil Code are not applicable. 402 | 403 | Add the following at the end of paragraph a: 404 | 405 | In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Kazakhstan, Kosovo, Kyrgyzstan, Moldova, Montenegro, Romania, Russia, Serbia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: All disputes arising out of this Agreement shall be finally settled by the International Arbitral Centre of the Austrian Federal Economic Chamber (Arbitration Body), under the Rules of Arbitration of that Arbitral Centre (Vienna Rules), in Vienna, Austria, with English as the official language, by three impartial arbitrators appointed in accordance with the Vienna Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Vienna Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 406 | 407 | In Estonia, Latvia, and Lithuania: All disputes arising out of this Agreement shall be finally settled by the Arbitration Institute of the Finland Chamber of Commerce (FAI) (Arbitration Body), under the Arbitration Rules of the Finland Chamber of Commerce (Rules), in Helsinki, Finland, with English as the official language, by three impartial arbitrators appointed in accordance with those Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 408 | 409 | In Afghanistan, Angola, Bahrain, Botswana, Burundi, Cape Verde, Djibouti, Egypt, Eritrea, Ethiopia, Gambia, Ghana, Iraq, Jordan, Kenya, Kuwait, Lebanon, Liberia, Libya, Madagascar, Malawi,, Mozambique, Nigeria, Oman, Pakistan, Palestinian Territory, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Seychelles, Sierra Leone, Somalia, South Sudan, Tanzania, Uganda, United Arab Emirates, Western Sahara, Yemen, Zambia, and Zimbabwe: All disputes arising out of this Agreement shall be finally settled by the London Court of International Arbitration (LCIA) (Arbitration Body), under the LCIA Arbitration Rules (the Rules), in London, UK, with English as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 410 | 411 | In Algeria, Benin, Burkina Faso, Cameroon, Central African Republic, Chad, Congo Republic, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Guinea, Guinea-Bissau, Ivory Coast, Mali, Mauritania, Mauritius, Morocco, Niger, Senegal, Togo, and Tunisia: All disputes arising out of this Agreement shall be finally settled by the ICC International Court of Arbitration, in Paris (Arbitration Body), under its arbitration rules (the Rules), in Paris, France, with French as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 250,000.00. 412 | 413 | In South Africa, Namibia, Lesotho, and Swaziland: All disputes arising out of this Agreement shall be finally settled by the Arbitration Foundation of Southern Africa (AFSA) (Arbitration Body), under the Rules of the Arbitration of the AFSA (the Rules), in Johannesburg, South Africa, with English as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 250,000.00. 414 | 415 | In Andorra, Austria, Cyprus, France, Germany, Greece, Israel, Italy, Portugal, Spain, Switzerland, and Turkey: All disputes will be brought before and subject to the exclusive jurisdiction of the following court of competent jurisdiction: 416 | 417 | In Andorra: the Commercial Court of Paris. 418 | 419 | In Austria: the court of Vienna, Austria (Inner City). 420 | 421 | In Cyprus: the competent court of Nicosia. 422 | 423 | In France: Commercial Court of Paris. 424 | 425 | In Germany: the courts of Stuttgart. 426 | 427 | In Greece: the competent court of Athens. 428 | 429 | In Israel: the courts of Tel Aviv Jaffa. 430 | 431 | In Italy: the courts of Milan. 432 | 433 | In Portugal: the courts of Lisbon. 434 | 435 | In Spain: the courts of Madrid. 436 | 437 | In Switzerland: the commercial court of the canton of Zurich. 438 | 439 | In Turkey: the Istanbul Central (Caglayan) Courts and Execution Directorates of Istanbul, the Republic of Turkey. 440 | 441 | In Netherlands: The Parties waive their rights under Title 7.1 ('Koop') and clause 7:401 and 402 of the Dutch Civil Code, and their rights to invoke a full or partial dissolution ('gehele of partiele ontbinding') of this Agreement under section 6:265 of the Dutch Civil Code. 442 | 443 | Section 7. General 444 | 445 | In paragraph d, insert the following at the end of the paragraph: 446 | 447 | In Spain: IBM will comply with requests to access, update or delete contact information if submitted to the following address: IBM, c/ Santa Hortensia 26-28, 28002 Madrid, Departamento de Privacidad de Datos. 448 | 449 | In paragraph j, add to the end the paragraph: 450 | 451 | In Czech Republic: Pursuant to Section 1801 of Act No. 89/2012 Coll. (the "Civil Code"), Section 1799 and Section 1800 of the Civil Code as amended, do not apply to transactions under this Agreement. Licensee accepts the risk of a change of circumstances under Section 1765 of the Civil Code. 452 | 453 | In paragraph j: 454 | 455 | In Bulgaria, Croatia, Russia, Serbia, and Slovenia: delete the 2nd sentence that says: "Neither party will bring a legal action arising out of or related to this Agreement more than two years after the cause of action arose". 456 | 457 | In paragraph j, add to the end of the second sentence: 458 | 459 | In Lithuania: , except as provided by law 460 | 461 | In paragraph j, replace the second sentence with: 462 | 463 | In Poland: Neither party will bring a legal action arising out of or related to this Agreement more than three years after the cause of action arose, except for an action of non-payment which will be brought no more than 2 years after payment is due. 464 | 465 | In paragraph j, second sentence, replace the word "two" with: 466 | 467 | In Latvia and Ukraine: three 468 | 469 | In Slovakia: four 470 | 471 | In paragraph j, add to the end of the third sentence that says: "Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control": 472 | 473 | In Russia: , including but not limited to earthquakes, floods, fires, acts of God, strikes (excluding strikes of the parties' employees), acts of war, military actions, embargoes, blockades, international or governmental sanctions, and acts of authorities of the applicable jurisdiction. 474 | 475 | In paragraph j, third sentence, modify the sentence: "Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control" as follows: 476 | 477 | In Ukraine: Neither party is responsible for failure to fulfill its non-monetary obligations due to causes or regulatory changes beyond its control, including but not limited to import, export and economic sanctions requirements of the United States. 478 | 479 | Add the following at the end of the section as new paragraph l: 480 | 481 | In Hungary: By entering into this Agreement, Licensee confirms that Licensee was sufficiently informed of all the provisions of this Agreement and had the opportunity to negotiate those terms. The following provisions may significantly deviate from the provisions generally applied by Hungarian law and both parties accept those provisions by signing the Agreement: Program License; Warranties; Charges, Taxes, Payment, and Verification; Liability and Intellectual Property Protection; Termination; Governing Laws and Geographic Scope; and General. 482 | 483 | In Czech Republic: Licensee expressly accepts the terms of this agreement which include the following important commercial terms: i) limitation and disclaimer of liability for defects (Warranties); ii) limitation of Licensee's entitlement to damages (Liability and Intellectual Property Protection); iii) binding nature of export and import regulations (Governing Laws and Geographic Scope); iv) shorter limitation periods (General); v) exclusion of applicability of provisions on adhesion contracts (General); and vi) acceptance of the risk of a change of circumstances (General). 484 | 485 | In Romania: The Licensee expressly accepts, the following standard clauses that may be deemed 'unusual clauses' as per the provisions of article 1203 Romanian Civil Code: clauses 2, 4, 5, 8j. The Licensee hereby acknowledges that it was sufficiently informed of all the provisions of this Agreement, including the clauses mentioned above, it properly analyzed and understood such provisions and had the opportunity to negotiate the terms of each clause. 486 | 487 | i125-5589-06 (10-2021) 488 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Overview](#overview) 6 | - [Download](#download) 7 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 8 | - [Install](#install) 9 | - [For macOS Catalina users](#for-macos-catalina-users) 10 | - [Support](#support) 11 | 12 | 13 | 14 | **DEPRECATION NOTICE:** The ` cloudctl case` command is deprecated in favor of [ibm-pak plugin](https://github.com/IBM/ibm-pak-plugin). Support for them will be removed in a future release. More information is available at https://ibm.biz/cloudctl-case-deprecate. 15 | 16 | # Overview 17 | Cloudctl is a command line tool to manage Container Application Software for Enterprises (CASEs) 18 | 19 | 20 | ## Download 21 | 22 | 1. Download the gzipped tar archive for your OS from the assets in [releases](https://github.com/IBM/cloud-pak-cli/releases) 23 | 2. Download the corresponding `.sig` file for verification purposes 24 | 25 | macOS example using `curl`: 26 | ``` 27 | curl -L https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-darwin-amd64.tar.gz -o cloudctl-darwin-amd64.tar.gz 28 | curl -L https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-darwin-amd64.tar.gz.sig -o cloudctl-darwin-amd64.tar.gz.sig 29 | ``` 30 | 31 | macOS example using `wget`: 32 | ``` 33 | wget https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-darwin-amd64.tar.gz 34 | wget https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-darwin-amd64.tar.gz.sig 35 | ``` 36 | 37 | Linux x86-architecture example using `curl`: 38 | ``` 39 | curl -L https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-linux-amd64.tar.gz -o cloudctl-linux-amd64.tar.gz 40 | curl -L https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-linux-amd64.tar.gz.sig -o cloudctl-linux-amd64.tar.gz.sig 41 | ``` 42 | 43 | Linux x86-architecture example using `wget`: 44 | ``` 45 | wget https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-linux-amd64.tar.gz 46 | wget https://github.com/IBM/cloud-pak-cli/releases/latest/download/cloudctl-linux-amd64.tar.gz.sig 47 | ``` 48 | 49 | 50 | ## Check Certificate/Key Validity and Archives 51 | 52 | * [cloudctl versions less than v3.23.1](doc/verify.md) 53 | 54 | * [cloudctl versions greater than or equal to v3.23.1](doc/verify-v2.md) 55 | 56 | ## Install 57 | 58 | Extract the archive: 59 | - `tar -xzf ` 60 | 61 | There should be a binary executable after extraction 62 | 63 | ### For macOS Catalina users 64 | 65 | Users on macOS Catalina might be prompted that `cloudctl-darwin-amd64` is not a trusted application. There are two ways to get around this: 66 | 67 | - Open Finder, control-click the application `cloudctl-darwin-amd64`, choose **Open** from the menu, and then click **Open** in the dialog that appears. Enter your admin name and password to open the app if promoted. 68 | 69 | - Enable developer-mode for your terminal window, which will whitelist everything: 70 | - Open Terminal, and enter: 71 | ```console 72 | ❯ spctl developer-mode enable-terminal 73 | ``` 74 | - Go to System Preferences -> Security & Privacy -> Privacy Tab -> Developer Tools -> Terminal : Enable 75 | - Restart all terminals 76 | 77 | _See https://support.apple.com/en-ca/HT202491 for more information_ 78 | 79 | ## Support 80 | 81 | To report an issue or get help please visit https://www.ibm.com/docs/en/cpfs?topic=support-opening-case 82 | -------------------------------------------------------------------------------- /certificates/cloudctl.pem.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHrDCCBZSgAwIBAgIQBEXbzjEy72lLuGFm+DSGoTANBgkqhkiG9w0BAQsFADBp 3 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT 4 | OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0 5 | IDIwMjEgQ0ExMB4XDTIzMDExMzAwMDAwMFoXDTI0MDIwMTIzNTk1OVowgbAxCzAJ 6 | BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw 7 | MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0 8 | aW9uMREwDwYDVQQLEwhJQk0gQ0NTUzE0MDIGA1UEAxMrSW50ZXJuYXRpb25hbCBC 9 | dXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbjCCAiIwDQYJKoZIhvcNAQEBBQAD 10 | ggIPADCCAgoCggIBAL2l185gcMrUUzd+55JnqhzTAcS8pzpuofGe7fVoxWriENFU 11 | QtCfgASbZGxs2DXXl+D9fDzc1Oh+bjCoCeTSzrkvzIr1Z8YeUYB/W8wSxlfAPSoK 12 | lvSXyDng1fjq1+W9KNyjfdMptIJWGkpYjLh36sjZxbpzebj6FAFN3hSQEtYlXFWu 13 | ZQF/QaKcO9hHEuriuOQVOCG1hbBo40fo9HsAWT1E+mDbMYNJNhNytnhd+Ff4W4qJ 14 | k+4jwq/jr2WwDRapuNoL72wvFBkLwTayMIMSgSXoK2dd98Ck057qvF9XAR1HNGuI 15 | rznPmDvQj3dTnauhnsvIvNqjGFQR0FcCchM6w4loVmkBJXROnr40iA9GsezIv04d 16 | gtKG8pfaUxQTi14RRk5p+QwLncBO9KR0SIUyzQRhDrfqIzNT6rDRqCO/1ZMTqe5g 17 | 5s7FEYMITGPn+PQfm85vMstiTGANCBoxWzTJma54a6sFm93Tb/PHLXXCM1ZAwpQw 18 | i8dz92gLgWdR5w9VL0xINcsCEZZQeXovKOt6DoLUUrl6wK4FFC5P8lymX212zwIk 19 | qBQ9FRTN7wmQ7qKQC53A4vBzMQbBVhf30X4St16bYIvqw8ytVHab+4x0i715gpXb 20 | 9m67Xs7eJrIOoTzex54HclZiVe5dKC+TJRbaxJ0EDcNkNfbib3xExd3Gux9NAgMB 21 | AAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNV 22 | HQ4EFgQU3Mf+pvnZMtNLC2DcZEGhW/XqOGEwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud 23 | JQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwz 24 | LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5 25 | NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5j 26 | b20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIx 27 | Q0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIBFhtodHRw 28 | Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsG 29 | AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0 30 | dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVT 31 | aWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1UdEwEB/wQCMAAwDQYJ 32 | KoZIhvcNAQELBQADggIBAFpVnfigiH6qBuWcCwYntUR4HHU99L3Aeqi56hpayHJm 33 | 3IGnmEJ43z707StDDd08ML5yEt2RFH8gJ9A9j4rWOIOxWYeFxA3lw9y5dSWKpKM+ 34 | WBAFeONFftkqYTrgOrhb5/2QQOVzNjMhVR7zhS0DYLKDcmPJvUj4eixh5CJwWP97 35 | zQy3dI+oSgyKBMIEkJcRtsZTZkcgMSSbnTYoB3cd3m7CkuHOoO5foo+uWUGkNVhG 36 | HsZAJ70SNtuKUx0SuS8WVvXf2LfeA7NE6ajjnV4yYDFP0noRuDUYwhSsEZxQJEZF 37 | HDg/5owbmjVblMgxBhUPz1fpYz3z7NsKN0KPcZpsPppUBl2xbLwWldbB+JH1hiKM 38 | f9Jh/MIBy0nvWikDYXmDXEY+zDPB+dVx7lUv2INwKtrati9zS8RW7fWuVWOHj9c7 39 | qQ5kzevFDeP1O6xwPleAC/unOr23/KrpEF6JX3q0YQ67/cWoZBVXgRt74o4OxTWD 40 | QrhaSNFaE2+otbKzh7hz7mUH8ENAk2AzYp7OggIsG5EGHBFFi0YYJndfKpl6OKwX 41 | jTjYMY7w/yKE9jjByOlu9rugcHYpX/6ntp3n88NPIAtgKVh0Y1+0Y7rypLZM9usa 42 | 4eRI8dTsmWGhQEQ7y4Lb6yXSqom7bwLDfEAv6J17i0pVs77A2fhApvDVbOfIXL/g 43 | -----END CERTIFICATE----- 44 | -------------------------------------------------------------------------------- /certificates/cloudctl.pem.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJV 6 | UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy 7 | dXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIIC 8 | IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1 9 | M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZ 10 | wZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI 11 | 8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGi 12 | TUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLm 13 | ysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3S 14 | vUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tv 15 | k2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+ 16 | 960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3s 17 | MJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FK 18 | PkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1H 19 | s/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAw 20 | HQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LS 21 | cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF 22 | BQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp 23 | Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu 24 | Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy 25 | aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j 26 | cmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQAD 27 | ggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L 28 | /Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHV 29 | UHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rd 30 | KOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK 31 | 6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43N 32 | b3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4Z 33 | XDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvm 34 | oLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8 35 | y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMM 36 | B0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+F 37 | SCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO 38 | -----END CERTIFICATE----- 39 | -----BEGIN CERTIFICATE----- 40 | MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi 41 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 42 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 43 | RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV 44 | UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu 45 | Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG 46 | SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y 47 | ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If 48 | xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV 49 | ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO 50 | DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ 51 | jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ 52 | CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi 53 | EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM 54 | fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY 55 | uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK 56 | chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 57 | 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 58 | hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD 59 | ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 60 | SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd 61 | +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc 62 | fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa 63 | sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N 64 | cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 65 | 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 66 | 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI 67 | r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 68 | /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm 69 | gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ 70 | -----END CERTIFICATE----- 71 | -------------------------------------------------------------------------------- /certificates/cloudctl.pem.pub.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaXXzmBwytRTN37nkmeq 3 | HNMBxLynOm6h8Z7t9WjFauIQ0VRC0J+ABJtkbGzYNdeX4P18PNzU6H5uMKgJ5NLO 4 | uS/MivVnxh5RgH9bzBLGV8A9KgqW9JfIOeDV+OrX5b0o3KN90ym0glYaSliMuHfq 5 | yNnFunN5uPoUAU3eFJAS1iVcVa5lAX9Bopw72EcS6uK45BU4IbWFsGjjR+j0ewBZ 6 | PUT6YNsxg0k2E3K2eF34V/hbiomT7iPCr+OvZbANFqm42gvvbC8UGQvBNrIwgxKB 7 | JegrZ133wKTTnuq8X1cBHUc0a4ivOc+YO9CPd1Odq6Gey8i82qMYVBHQVwJyEzrD 8 | iWhWaQEldE6evjSID0ax7Mi/Th2C0obyl9pTFBOLXhFGTmn5DAudwE70pHRIhTLN 9 | BGEOt+ojM1PqsNGoI7/VkxOp7mDmzsURgwhMY+f49B+bzm8yy2JMYA0IGjFbNMmZ 10 | rnhrqwWb3dNv88ctdcIzVkDClDCLx3P3aAuBZ1HnD1UvTEg1ywIRllB5ei8o63oO 11 | gtRSuXrArgUULk/yXKZfbXbPAiSoFD0VFM3vCZDuopALncDi8HMxBsFWF/fRfhK3 12 | Xptgi+rDzK1Udpv7jHSLvXmCldv2brtezt4msg6hPN7HngdyVmJV7l0oL5MlFtrE 13 | nQQNw2Q19uJvfETF3ca7H00CAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /cloudctl-chain0.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJV 6 | UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy 7 | dXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIIC 8 | IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1 9 | M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZ 10 | wZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI 11 | 8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGi 12 | TUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLm 13 | ysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3S 14 | vUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tv 15 | k2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+ 16 | 960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3s 17 | MJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FK 18 | PkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1H 19 | s/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAw 20 | HQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LS 21 | cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF 22 | BQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp 23 | Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu 24 | Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy 25 | aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j 26 | cmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQAD 27 | ggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L 28 | /Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHV 29 | UHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rd 30 | KOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK 31 | 6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43N 32 | b3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4Z 33 | XDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvm 34 | oLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8 35 | y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMM 36 | B0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+F 37 | SCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO 38 | -----END CERTIFICATE----- 39 | -------------------------------------------------------------------------------- /cloudctl-chain1.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV 6 | UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu 7 | Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG 8 | SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y 9 | ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If 10 | xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV 11 | ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO 12 | DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ 13 | jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ 14 | CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi 15 | EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM 16 | fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY 17 | uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK 18 | chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 19 | 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 20 | hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD 21 | ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 22 | SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd 23 | +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc 24 | fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa 25 | sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N 26 | cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 27 | 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 28 | 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI 29 | r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 30 | /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm 31 | gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /cloudctl.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHrDCCBZSgAwIBAgIQCbWIyVcXJcnR1PGI/nP0SzANBgkqhkiG9w0BAQsFADBp 3 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT 4 | OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0 5 | IDIwMjEgQ0ExMB4XDTIyMDIwMTAwMDAwMFoXDTI0MDIwMTIzNTk1OVowgbAxCzAJ 6 | BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw 7 | MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0 8 | aW9uMREwDwYDVQQLEwhJQk0gQ0NTUzE0MDIGA1UEAxMrSW50ZXJuYXRpb25hbCBC 9 | dXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbjCCAiIwDQYJKoZIhvcNAQEBBQAD 10 | ggIPADCCAgoCggIBAMtUksnkFPk7vrcbHl9wxdsZM4OGb2wr51B7J574PI37aRVQ 11 | bqIGLkjxv6bMudqEqCP5jj0f0gqHOm6pCCWhwp9emfyYmIC/gjK96llP+pujquw/ 12 | xIQoYpgjPgioV4ppxuWpVnaiEHWzHPib0ucjD3eqhc/upYkKRehc9WR0h0wrhWuu 13 | aD+hvKHOS621v+STEbmRCB0omaEWgUHVbTO41anMFs95QKoU6IOtkKuoeSTIfjeQ 14 | Y/gO48jVbS/368sRwXi4Np7qW3dg/A0UFBiIbIJqZ76FjZTBjD+wi2t+1nRT1zOR 15 | qxbHgmhvTHonfZdkIf69/UdoouDLVI5wqRrhMmSTrjxP0nNmt+9YptOp3PeT33/z 16 | scB+iE/tVNzo33tWZjrU2LoJHEwLhUnKaUpanKTGIdGNth753CoKw0oVaHt4oLOy 17 | PqovT9aBZOO4viEuE4nDqvIoHFuuVZuF53b4r9tXbA0y3bKC0/LEzS6+Rzn/uWdZ 18 | DVUDona/2rAE4BCj3NtRzCHfHq1YegElDCW9rpRbwTaFTpErmjB8qnx6+K6vw3+y 19 | LJQvCMsveHj9X3B7Y9f3slX2hIEwLJm++iKXAYbd1BWzPK43lZ013tQKInKZT5Ka 20 | 5Ld5By10qxkD2odjfZJNrymXGfo+HQcfPWGRdOW9pj7V2NYqmMXmwVtCv3iRAgMB 21 | AAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNV 22 | HQ4EFgQUTRz8VCzJSDYWenHEQ+PRY7lVoikwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud 23 | JQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwz 24 | LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5 25 | NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5j 26 | b20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIx 27 | Q0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIBFhtodHRw 28 | Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsG 29 | AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0 30 | dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVT 31 | aWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1UdEwEB/wQCMAAwDQYJ 32 | KoZIhvcNAQELBQADggIBAMQf8+g1iHJGG6dw9LfaSA3IBxI6lmHppVCZKCdJiJmw 33 | fVPaiyfcVthJqqvjbb8NjPMw0UibXHXLanDbJ32BecJOaqmLU4jkIu62uA+qbkWY 34 | sXSPgjtTIlEV8XzKKq8sXaE7tuhemJYPe0bV+kZUZ8r5C8SK3fkQO2lrqyTBQuel 35 | NoFKf2GcDJJVzBV298HrPNvj69APB2p9q2OxMBR++2cFeAuGGjxLzVUh6niVY4H0 36 | 2GHLnR8JU9OtXzbctqyfPSCdtFgvLm5abb5tMLh/VPDYNad4GpK+NufUryOAUaup 37 | A40zBbKoAM2GfCirLwXFGEI6vQeY8hP6jECbMrJrDHnvtXx7pVMYKtw80tC5TUuC 38 | FlK5U3I3YCpnN9arBwX8AhhepQZNKjBc4Ss7yI80lRkpYyQtY2uib1v8o0J97JkU 39 | pkM8xPK43q/sucUijVoimM2S6dq8maxRJL1si3vch1Ei229BpPKXdn4ZPWy3zwbY 40 | sHI/Ap5tWRoCmCQ2Bh8wpubE1F9SBhb8tkHs6irD7EP6H+jtN6m89HAQnIC6ga14 41 | SECihdOAu1s+cCxg7dMgvnw2wrwwgSS1UDbctJzY+24BIGcuivNXzOvbXfd1wqg6 42 | Y4dqOS+XfGK1XWdUTV+XElGB7bivEQfRHpvhN4pfEMHq1SyiZA7Dm3EhLwSip+L0 43 | -----END CERTIFICATE----- 44 | -------------------------------------------------------------------------------- /doc/case_cmd.md: -------------------------------------------------------------------------------- 1 | **DEPRECATION NOTICE:** The `cloudctl case` command is deprecated in favor of [ibm-pak plugin](https://github.com/IBM/ibm-pak-plugin). Support for them will be removed in a future release. More information is available at https://ibm.biz/cloudctl-case-deprecate. 2 | ## cloudctl case 3 | 4 | Learn about the `cloudctl case` commands that you can run to manage your CASEs. 5 | 6 | ### cloudctl case save 7 | 8 | Save the contents of your CASE locally. 9 | 10 | #### Syntax 11 | 12 | ``` 13 | cloudctl case save --case --outputdir 14 | 15 | OPTIONS: 16 | --case value, -c value The local path or URL containing the CASE file to parse 17 | --outputdir value, -o value The output directory to which the CASE resources will be placed. The output directory will be created if it does not exist 18 | --tolerance value, -t value The tolerance level for validating the CASE 19 | 0 - maximum validation 20 | 1 - reduced validation 21 | (default: 0) 22 | ``` 23 | 24 | #### Examples 25 | 26 | 1. This example shows how to download the specified CASE from github, extract and parse it, and retrieve the components that make up the CASE. 27 | ``` 28 | $ cloudctl case save --case https://github.com/IBM/cloud-pak/raw/master/repo/case/sample-case-1.0.0.tgz --outputdir /tmp/cache 29 | ``` 30 | 31 | 2. This example shows the same as example one, except the CASE is available locally 32 | ``` 33 | $ cloudctl case save --case /tmp/repo/case/sample-case-1.0.0.tgz --outputdir /tmp/cache 34 | ``` 35 | 36 | ### cloudctl case launch 37 | 38 | Executes the specified CASE launcher script 39 | 40 | #### Syntax 41 | ``` 42 | cloudctl case launch --case [additional parameters] 43 | 44 | OPTIONS: 45 | --action value, -a value The name of the action item launched 46 | --args value, -r value Other arguments. Refer to documentation for specifics. 47 | --case value, -c value The root directory to the extracted CASE 48 | --instance value, -i value The name of the instance of the target application (release) 49 | --inventory value, -e value The name of the inventory item launched 50 | --namespace value, -n value The name of the target namespace 51 | --tolerance value, -t value The tolerance level for validating the CASE 52 | 0 - maximum validation 53 | 1 - reduced validation 54 | (default: 0) 55 | ``` 56 | 57 | #### Examples 58 | 59 | 1. This example executes a cluster setup CASE launcher script for the CASE found in /tmp/cache. The script exists in the clusterSetup inventory item and is associated with the setup action. 60 | 61 | ``` 62 | $ cloudctl case launch --case /tmp/cache --inventory clusterSetup --action setup --args "--serviceAccount sample-sa1" 63 | ``` 64 | 65 | 2. This example executes the default CASE launcher script for the CASE found in /tmp/cache. One of the additional arguments points to the folder where the CASE was saved to using `cloudctl case save`. 66 | 67 | ``` 68 | $ cloudctl case launch --case /tmp/cache --args "--localCache /tmp/cache" 69 | ``` -------------------------------------------------------------------------------- /doc/case_launch.md: -------------------------------------------------------------------------------- 1 | **DEPRECATION NOTICE:** The `cloudctl case` command is deprecated in favor of [ibm-pak plugin](https://github.com/IBM/ibm-pak-plugin). Support for them will be removed in a future release. More information is available at https://ibm.biz/cloudctl-case-deprecate. 2 | # cloudctl case launch example 3 | 4 | `cloudctl case launch` executes an action defined in a CASE. As part of this process, it validates the prerequisites for the action and the integrity of the CASE prior to executing the script. A CASE can contain zero or more launch scripts. 5 | 6 | ## Example 7 | 8 | The following example shows a hypothetical CASE with launcher script in the `clusterSetup` inventory item. This launcher has a number of custom parameters that are passed to it via the `--args` parameter. 9 | 10 | The first part of the command retrieves the CASE and validates the integrity of the CASE: 11 | 12 | ``` 13 | $ cloudctl case launch --case $CASELOC --namespace $NAMESPACE --inventory clusterSetup --action setup --args "--imageRegistry $IMAGE_REG --imageRegistryUser $USER --imageRegistryPass $TOKEN" 14 | Welcome to the CASE launcher 15 | Attempting to retrieve and extract the CASE from the specified location 16 | [✓] CASE has been retrieved and extracted 17 | Attempting to validate the CASE 18 | OK 19 | ``` 20 | 21 | The second part of the command finds the specified launch script and checks if the prerequisites have been met on the Kubernetes cluster that you are logged into: 22 | 23 | ``` 24 | Attempting to locate the launch inventory item, script, and action in the specified CASE 25 | [✓] Found the specified launch inventory item, action, and script for the CASE 26 | Attempting to check the cluster and machine for required prerequisites for launching the item 27 | Checking for required prereqs... 28 | /case/prereqs/k8sDistros/kubernetes: true 29 | /case/prereqs/k8sResources/workerIntelLinux: true 30 | /case/prereqs/k8sDistros/ibmCloud: false 31 | /case/prereqs/k8sDistros/ibmCloudPrivate: false 32 | /case/prereqs/k8sDistros/openshift: true 33 | Required prereqs result: OK 34 | Checking user permissions... 35 | rbac.authorization.k8s.io.clusterroles/*: true 36 | apiextensions.k8s.io.customresourcedefinitions/v1beta1: true 37 | /case/prereqs/k8sDistros/openshift: true 38 | /prereqs/k8sDistros/openshift: true 39 | security.openshift.io.securitycontextconstraints/: true 40 | User permissions result: OK 41 | [✓] Cluster and Client Prerequisites have been met for the CASE 42 | ``` 43 | 44 | Finally, the specified script is executed: 45 | 46 | ``` 47 | Running the CASE clusterSetup launch script with the following action context: setup 48 | [✓] CASE launch script completed successfully 49 | OK 50 | ``` 51 | 52 | ### Debugging errors 53 | 54 | There are three reasons why a launcher script may fail: 55 | 56 | 1. The CASE has been modified and the signature validation fails 57 | 58 | Each CASE contains a signature to verify the integrity of the contents of the CASE, similar to an md5 hash. If this check fails then that means something in the CASE has changed from its original state and it may not be the product you are expecting. If you are the one who has modified the CASE and are confident in the contents, then the signature verification can be skipped by setting the `-t|--tolerance` flag to 1 or greater. 59 | 60 | 1. The prerequisite check has failed 61 | 62 | The launcher script is associated with an inventory item and an action within the CASE. The action in the CASE defines a set of cluster prerequisites needed for the script to run successfully. These prerequisites are compared to the cluster that you are logged into. The CASE README should include the set of prerequisites so that if this part of the command fails, it is easier to understand what may be missing. 63 | 64 | More information on how prerequisites are specified in a CASE can be found in the CASE specification for [actions.yaml](https://github.ibm.com/CloudPakOpenContent/case-spec/blob/master/220-actions.md) and [prereqs.yaml](https://github.ibm.com/CloudPakOpenContent/case-spec/blob/master/120-prereqs.md). 65 | 66 | 1. The script has failed 67 | 68 | The laucher script has failed to complete successfully. Review the output from the script to determine what failed and review the product documentation for ways to fix. 69 | 70 | ### Exit codes 71 | 72 | Phase one of this project returns only two possible return codes: 0 for success and 1 for failure. We expect to support additional exit codes in the future, including propogating exit codes from the launch scripts. 73 | 74 | ### CASE validation 75 | 76 | Each CASE contains two files for validating the authenticity of the CASE: digests.yaml and signature.yaml. The digests.yaml contains a shasum for the CASE as well as any other resources that are referenced by the CASE. These resources include files, container images, Helm charts, and other CASEs. The signature.yaml contains an encrypted shasum of the contents of the files in the CASE. Each file represents a point-in-time reference for the specific CASE. 77 | 78 | The digests.yaml is verified during `cloudctl case save` and the signature.yaml is verified during `cloudctl case launch`. 79 | 80 | More information on digests.yaml and signature.yaml can be found in the [CASE specification documentation](https://github.com/ibm/case). 81 | 82 | #### A note on floating tags 83 | 84 | As stated previously, digests.yaml and signature.yaml represent a point-in-time reference for a CASE. If a CASE references a mutable image tag, such as `latest` and the image is updated between when the CASE is published and `cloudctl case launch` is run, then signature validation will fail. If you seeing signature validation fail for this reason, and you are confident in the pedigree of the CASE, then this validation can be bypassed by setting the `-t | --tolerance` flag to 1. -------------------------------------------------------------------------------- /doc/case_save.md: -------------------------------------------------------------------------------- 1 | **DEPRECATION NOTICE:** The `cloudctl case` command is deprecated in favor of [ibm-pak plugin](https://github.com/IBM/ibm-pak-plugin). Support for them will be removed in a future release. More information is available at https://ibm.biz/cloudctl-case-deprecate. 2 | # cloudctl case save example 3 | 4 | `cloudctl case save` saves the contents of your CASE locally. This includes the CASE itself and any dependent CASEs and Helm charts. Container images referenced by your CASE will be compiled in a comma separated values (CSV) file that can be used to mirror your images into a local image repository. 5 | 6 | ## Example 7 | 8 | ``` 9 | $ cloudctl case save --case "$CASE_LOC" --outputdir /tmp/case 10 | Downloading and extracting the CASE ... 11 | - Success 12 | Retrieving CASE version ... 13 | - Success 14 | Validating the CASE ... 15 | - Success 16 | Creating inventory ... 17 | - Success 18 | Finding inventory items 19 | - Success 20 | Resolving inventory items ... 21 | Parsing inventory items 22 | - Success 23 | ``` 24 | 25 | ### Sample Output Structure 26 | 27 | This example shows the output of a `cloudctl case save` command for a CASE with the following hierarchy: 28 | 29 | ```bash 30 | ├── case1 31 | │   ├── chart1 32 | │   ├── case2 33 | │ │   ├──chart2 34 | ``` 35 | 36 | The output includes the two Helm charts in tgz format in the charts directory, two CASE tgzs for the two CASEs in the root directory, and csv files containing information about which helm charts and container images are associated with each of the CASEs. 37 | 38 | ```bash 39 | ├── charts 40 | │   ├── chart1-1.0.0.tgz 41 | │   ├── chart2-2.0.0.tgz 42 | ├── case1-1.0.0-charts.csv 43 | ├── case1-1.0.0-images.csv 44 | ├── case1-1.0.0.tgz 45 | ├── case2-2.0.0-charts.csv 46 | ├── case2-2.0.0-images.csv 47 | └── case2-2.0.0.tgz 48 | ``` 49 | 50 | No container images were downloaded using `cloudctl case case`, only the metadata about them. If you are installing the product on a system that has a connection to the internet, the images do not need to be downloaded prior to using `cloudctl case launch` to install. If you need to install the product in a private network environment, then the contents of the image csv files is important. 51 | 52 | ### Images CSV 53 | 54 | The images CSV file contains a list of all the images that are referenced by a CASE. 55 | 56 | The CASE references either a specific image manifest (architecture, os and variant), or a manifest list, when the CASE supports multiple architectures. 57 | 58 | If a Manifest List is specified, it must always represent the entire set of manifests. It cannot include a subset: 59 | 1. Most repositories require the images to be present before creating the manifest list. 60 | 2. If images are removed from the manifest list the digest will change. 61 | 62 | Name format: 63 | `--images.csv` 64 | 65 | Fields: 66 | - `hostport`: The host and optional port of the remote registry where the image resides, in the form of `host[:port]` (required). 67 | - `name`: The fully qualified name of the image in the registry (required). 68 | - `tag`: The tag of the manifest. A tag is used for documentation purposes, since the digest is the authoritative identifier for the manifest. (optional). 69 | - `digest`: The OCI formatted digest of the manifest. (required). 70 | - `mtype`: If `LIST`, the image is a manifest list, `IMAGE` if an image manifest (required). 71 | - `os`: The applicable os of the image (e.g. `amd64`) (required if MLIST=0). 72 | - `arch`: The applicable architecture of the image (e.g. `linux`). (required if MLIST=0). 73 | - `variant`: The variant of the image (e.g. `v7`) (optional). 74 | - `insecure`: If 1, the image is fetched using `http`, if 0 or not supplied, the image is fetched using `https` (optional). 75 | - `digestsource`: If `REGISTRY`, the digest is current version in the source registry. If `CASE`, the digest is the version from the CASE (required). 76 | 77 | Example nginx-1.17.5-images.csv: 78 | ``` 79 | hostport,name,tag,digest,mtype,os,arch,variant,insecure,digestsource 80 | registry-1.docker.io,library/nginx,1.17.5,sha256:922c815aa4df050d4df476e92daed4231f466acc8ee90e0e774951b0fd7195a4,LIST,,,,0,CASE 81 | registry-1.docker.io,library/nginx,,sha256:f56b43e9913cef097f246d65119df4eda1d61670f7f2ab720831a01f66f6ff9c,IMAGE,linux,amd64,,0,CASE 82 | registry-1.docker.io,library/nginx,,sha256:585c1ec805ab799d7a8e5082d94aace5c3f1455b75f103ca5ca2b45fdbee75fc,IMAGE,linux,arm,v7,0,CASE 83 | registry-1.docker.io,library/nginx,,sha256:2b947b067421d91891ad5d9d8c5a5882d5352013f4bbcc35604028f975bec8aa,IMAGE,linux,arm64,v8,0,CASE 84 | registry-1.docker.io,library/nginx,,sha256:69f9646f3bb5e2d432e6de6c9be00097c808aed6e8509f6589b886082536affe,IMAGE,linux,386,,0,CASE 85 | registry-1.docker.io,library/nginx,,sha256:6949c49968f8e9155dca74e5ee6d8644d23168f2af248fd9b7045091d13f5d36,IMAGE,linux,ppc64le,,0,CASE 86 | registry-1.docker.io,library/nginx,,sha256:e5d2d2271923ddc74e1d4d81f7e1266eb1e501cc11f6b277ffb89952347e7abc,IMAGE,linux,s390x,,0,CASE 87 | ``` 88 | 89 | #### Using the Images CSV 90 | 91 | The image CSV is meant to be parsed, filtered, and used to mirror or download only the images that you need. Some examples: 92 | 93 | - Compile a list of all of the images and use `oc image mirror` to pull them locally 94 | - Build a list of only the amd64 images and use `skopeo copy` to mirror them locally 95 | - Build the image path for each image and then update the hostport property to point to an internal repository 96 | 97 | To this end, there is a [sample CSV parsing script](samples/parse_csv.sh) found in the samples folder. This script parses one or more image CSV files and uses either `oc image mirror` or `skopeo copy` to mirror the images from the starting repository to an internal repository while keeping their integrity. 98 | 99 | ### Exit codes 100 | 101 | Phase one of this project returns only two possible return codes: 0 for success and 1 for failure. We expect to support additional exit codes in the future and will outline them here when they are available. 102 | 103 | ### CASE validation 104 | 105 | Each CASE contains two files for validating the authenticity of the CASE: digests.yaml and signature.yaml. The digests.yaml contains a shasum for the CASE as well as any other resources that are referenced by the CASE. These resources include files, container images, Helm charts, and other CASEs. The signature.yaml contains an encrypted shasum of the contents of the files in the CASE. Each file represents a point-in-time reference for the specific CASE. 106 | 107 | The digests.yaml is verified during `cloudctl case save` and the signature.yaml is verified during `cloudctl case launch`. 108 | 109 | More information on digests.yaml and signature.yaml can be found in the [CASE specification documentation](https://github.com/ibm/case). 110 | 111 | #### A note on floating tags 112 | 113 | As stated previously, digests.yaml and signature.yaml represent a point-in-time reference for a CASE. If a CASE references a mutable image tag, such as `latest` and the image is updated between when the CASE is published and `cloudctl case save` is run, then digest validation will fail. If digest validation is failing for this reason, and you are confident in the pedigree of the CASE, then this validation can be bypassed by setting the `-t | --tolerance` flag to 1. -------------------------------------------------------------------------------- /doc/samples/parse_csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright IBM Corp. 2020 4 | # 5 | # parse_csv.sh takes an image csv or directory containing image csvs and 6 | # uses either oc mirror or skopeo copy to mirror the images from the remote 7 | # repository to the local one. 8 | # 9 | # If either the source registry or destination require authentication, log 10 | # in to them on the command line prior to running this script. 11 | # 12 | # We use oc image mirror or skopeo copy because it is able to preserve the 13 | # image integrity when copying images, such that the image digest does not 14 | # change between image repositories. This is important for digest and 15 | # signature verification of CASE packages. 16 | # 17 | 18 | # Default arg values 19 | CASE_ARCHIVE_DIR="" 20 | CSV_FILE="" 21 | ACTION="" 22 | TO_REGISTRY="" 23 | USAGE=" 24 | parse_csv.sh --action [ ocMirror | skopeoCopy ] --imagesFile --toRegistry [--caseArchiveDir ]\" 25 | " 26 | 27 | OC_TXT_MAP=$(mktemp /tmp/oc_image_mirror_mapping.XXXXXXXXX) 28 | 29 | # 30 | # ENUM for csv field locations 31 | # 32 | registry=0 33 | image_name=1 34 | tag=2 35 | digest=3 36 | mytype=4 37 | os=5 38 | arch=6 39 | variant=7 40 | insecure=8 41 | 42 | # 43 | # parse_args will parse the CLI args passed to the script 44 | # and set the required internal variables needed. 45 | # 46 | parse_args() { 47 | # Parse CLI parameters 48 | while [ "$1" != "" ]; do 49 | case $1 in 50 | --action) 51 | shift 52 | ACTION="${1}" 53 | ;; 54 | --imagesFile) 55 | shift 56 | CSV_FILE="${1}" 57 | ;; 58 | --toRegistry ) 59 | shift 60 | TO_REGISTRY="${1}" 61 | ;; 62 | --caseArchiveDir ) 63 | shift 64 | CASE_ARCHIVE_DIR="${1}" 65 | ;; 66 | *) 67 | echo "Invalid Option ${1}" >&2 68 | exit 1 69 | ;; 70 | 71 | esac 72 | shift 73 | done 74 | 75 | # Check that all required parameters have been specified 76 | foundError=0 77 | if [ -z $CSV_FILE ] && [ -z $CASE_ARCHIVE_DIR ]; then 78 | echo "Error: The location of the image CSV file or directory containing the CSV files was not specified." 79 | foundError=1 80 | fi 81 | if [ -z $ACTION ]; then 82 | echo "Error: The --action parameter was not specified." 83 | foundError=1 84 | fi 85 | if [ $foundError -eq 1 ]; then 86 | print_usage 1 87 | fi 88 | } 89 | 90 | # 91 | # print_usage prints usage menu and exits with $1 92 | # 93 | print_usage() { 94 | echo "Usage: ${USAGE}" 95 | exit "${1}" 96 | } 97 | 98 | # 99 | # parse_case_image_csv turns the image CSV file into newline separated array 100 | # held in memory to be used by other functions later. 101 | # 102 | IMAGE_CSV_MEMORY_ARRAY= 103 | parse_case_image_csv() { 104 | _IFS=$IFS 105 | IFS=$'\r\n' 106 | IMAGE_CSV_MEMORY_ARRAY=($(cat "${CSV_FILE}")) 107 | IFS=$_IFS 108 | } 109 | 110 | # 111 | # parse_case_image_csv_for_field example function for how to parse all fields of 112 | # the CSV file out 113 | # 114 | parse_case_image_csv_for_field() { 115 | _IFS=$IFS 116 | field="${1}" 117 | 118 | if [[ -z "${field}" ]]; then field="${registry}"; fi 119 | 120 | idx=1 121 | while [[ idx -ne ${#IMAGE_CSV_MEMORY_ARRAY[@]} ]]; do 122 | line=${IMAGE_CSV_MEMORY_ARRAY[${idx}]} 123 | IFS=',' 124 | read -ra split_line <<< "${line}" 125 | echo ${split_line[${field}]} 126 | 127 | idx=$(( idx + 1 )) 128 | done 129 | IFS=$_IFS 130 | } 131 | 132 | # 133 | # parse_case_image_csv_for_field_with_index example function for how to get a specific 134 | # field from a specific line in the CSV 135 | # 136 | parse_case_image_csv_for_field_with_index() { 137 | field="${1}" 138 | idx="${2}" 139 | 140 | if [[ -z "${field}" ]]; then field="${registry}"; fi 141 | if [[ -z "${idx}" ]]; then idx=0; fi 142 | 143 | line=${IMAGE_CSV_MEMORY_ARRAY[${idx}]} 144 | _IFS=$IFS 145 | IFS=',' 146 | read -ra split_line <<< "${line}" 147 | echo ${split_line[${field}]} 148 | IFS=$_IFS 149 | } 150 | 151 | # 152 | # example_oc_image_mirror will mirror images in the CSV file to a hosted 153 | # registry, using oc mirror image command 154 | # 155 | example_oc_image_mirror() { 156 | _IFS=$IFS 157 | len=${#IMAGE_CSV_MEMORY_ARRAY[@]} 158 | idx=1 159 | 160 | while [[ idx -ne len ]] 161 | do 162 | line=${IMAGE_CSV_MEMORY_ARRAY[${idx}]} 163 | IFS=',' 164 | read -ra split_line <<< "${line}" 165 | 166 | source_registry="${split_line[${registry}]}" 167 | source_image_name="${split_line[${image_name}]}" 168 | source_tag="${split_line[${tag}]}" 169 | source_arch="${split_line[${arch}]}" 170 | source_digest="${split_line[${digest}]}" 171 | 172 | dest_string="${TO_REGISTRY}/${source_image_name}:${source_tag}" 173 | 174 | echo "${source_registry}/${source_image_name}@${source_digest}=$dest_string" >> "$OC_TXT_MAP" 175 | 176 | idx=$(( idx + 1 )) 177 | done 178 | IFS=$_IFS 179 | } 180 | 181 | # 182 | # example_skopeo will copy images in the CSV file to a hosted 183 | # registry, using skopeo copy command 184 | # 185 | example_skopeo() { 186 | _IFS=$IFS 187 | len=${#IMAGE_CSV_MEMORY_ARRAY[@]} 188 | idx=1 189 | s_rc=0 190 | 191 | while [[ idx -ne len ]] 192 | do 193 | line=${IMAGE_CSV_MEMORY_ARRAY[${idx}]} 194 | IFS=',' 195 | read -ra split_line <<< "${line}" 196 | 197 | source_registry="${split_line[${registry}]}" 198 | source_image_name="${split_line[${image_name}]}" 199 | source_tag="${split_line[${tag}]}" 200 | source_arch="${split_line[${arch}]}" 201 | source_digest="${split_line[${digest}]}" 202 | 203 | dest_string="docker://${TO_REGISTRY}/${source_image_name}:${source_tag}" 204 | 205 | echo "skopeo copy docker://${source_registry}/${source_image_name}@${source_digest} $dest_string --all" 206 | #skopeo copy \ 207 | # "docker://${source_registry}/${source_image_name}@${source_digest}" \ 208 | # "$dest_string" \ 209 | # "--all" 210 | 211 | if [[ "$rc" -ne 0 ]]; then 212 | s_rc=11 213 | fi 214 | 215 | idx=$(( idx + 1 )) 216 | done 217 | IFS=$_IFS 218 | return $s_rc 219 | } 220 | 221 | # 222 | # example_parse_all_oc_image_mirror is an example of parsing the image 223 | # CSV and using oc mirror to transfer the images to an internal repository 224 | # 225 | example_parse_all_oc_image_mirror() { 226 | touch "$OC_TXT_MAP" 227 | 228 | if [[ -z "${CSV_FILE}" ]] 229 | then 230 | for fname in ${CASE_ARCHIVE_DIR}/*-images.csv; do 231 | CSV_FILE="$fname" 232 | parse_case_image_csv 233 | example_oc_image_mirror 234 | done 235 | else 236 | parse_case_image_csv 237 | example_oc_image_mirror 238 | fi 239 | 240 | echo "oc image mirror --filter-by-os '.' -f \"$OC_TXT_MAP\" --max-per-registry 1 --insecure" 241 | #oc image mirror --filter-by-os '.' -f "$OC_TXT_MAP" --max-per-registry 1 --insecure 242 | o_rc="$?" 243 | rm -f "$OC_TXT_MAP" 244 | if [[ "$o_rc" -ne 0 ]]; then 245 | exit 11 246 | fi 247 | 248 | } 249 | 250 | # 251 | # example_parse_all_skopeo_copy is an example of parsing the image 252 | # CSV and using skopeo copy to transfer the images to an internal repository 253 | # 254 | example_parse_all_skopeo_copy() { 255 | if [[ -z "${CSV_FILE}" ]] 256 | then 257 | for fname in "${CASE_ARCHIVE_DIR}"/*-images.csv; do 258 | CSV_FILE="$fname" 259 | parse_case_image_csv 260 | example_skopeo 261 | rc="$?" 262 | done 263 | else 264 | parse_case_image_csv 265 | example_skopeo 266 | rc="$?" 267 | fi 268 | 269 | if [[ "$rc" -ne 0 ]]; then 270 | exit 11 271 | fi 272 | } 273 | 274 | # 275 | # example_main_entry_point provides an example flow for 276 | # an end to end scenario launched from the CASE launcher 277 | # provided by cloudctl. 278 | # 279 | example_main_entry_point() { 280 | case "$ACTION" in 281 | skopeoCopy) 282 | echo "Using skopeo copy" 283 | example_parse_all_skopeo_copy 284 | ;; 285 | ocMirror) 286 | echo "Using oc image mirror" 287 | example_parse_all_oc_image_mirror 288 | ;; 289 | *) 290 | echo "Action: $ACTION not supported at this time" 291 | ;; 292 | esac 293 | } 294 | 295 | parse_args "$@" 296 | 297 | if [ ! -z $CSV_FILE ]; then 298 | echo -en "Parsing the image CSV file located at: ${CSV_FILE}\n" 299 | elif [ ! -z $CASE_ARCHIVE_DIR ]; then 300 | echo -en "Parsing the image CSV files located at: ${CASE_ARCHIVE_DIR}\n" 301 | fi 302 | 303 | example_main_entry_point -------------------------------------------------------------------------------- /doc/verify-v2.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Download public keys](#download-public-keys) 6 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 7 | - [Check Certificate/Key Validity](#check-certificatekey-validity) 8 | - [Verify that the certificate/key is owned by IBM:](#verify-that-the-certificatekey-is-owned-by-ibm) 9 | - [Verify authenticity of certificate/key:](#verify-authenticity-of-certificatekey) 10 | - [Optionally Compare the certificate and the public key](#optionally-compare-the-certificate-and-the-public-key) 11 | - [Check public key details](#check-public-key-details) 12 | - [Check certficate details](#check-certficate-details) 13 | - [Verify Archive](#verify-archive) 14 | 15 | 16 | 17 | # Download public keys 18 | 19 | Retrieve the latest public keys (example with wget): 20 | ``` 21 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/certificates/cloudctl.pem.cer 22 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/certificates/cloudctl.pem.chain 23 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/certificates/cloudctl.pem.pub.key 24 | ``` 25 | 26 | # Check Certificate/Key Validity and Archives 27 | 28 | ## Check Certificate/Key Validity 29 | 30 | ### Verify that the certificate/key is owned by IBM: 31 | Note: On windows, run below commands from Git Bash 32 | 33 | ``` 34 | openssl x509 -inform pem -in cloudctl.pem.cer -noout -text 35 | ``` 36 | 37 | ### Verify authenticity of certificate/key: 38 | 39 | ``` 40 | openssl ocsp -no_nonce -issuer cloudctl.pem.chain -cert cloudctl.pem.cer -VAfile cloudctl.pem.chain -text -url http://ocsp.digicert.com -respout ocsptest 41 | ``` 42 | 43 | Should see a message that contains: 44 | 45 | `Response verify OK` 46 | 47 | ## Optionally Compare the certificate and the public key 48 | 49 | ### Check public key details 50 | 51 | ``` 52 | openssl rsa -noout -text -inform PEM -in cloudctl.pem.pub.key -pubin 53 | ``` 54 | 55 | Make a note of modulus and Exponent 56 | 57 | ### Check certficate details 58 | 59 | ``` 60 | openssl x509 -inform pem -in cloudctl.pem.cer -noout -text 61 | ``` 62 | 63 | Check the `Public-Key` section in the output and compare with previous result. 64 | 65 | 66 | ## Verify Archive 67 | 68 | We will verify cloudctl-linux-amd64.tar.gz. Steps will be same for other archives. 69 | 70 | Convert the signature from base64 to bytes 71 | 72 | ``` 73 | export ARCHIVE=cloudctl-linux-amd64.tar.gz 74 | openssl enc -d -A -base64 -in "${ARCHIVE}.sig" -out "/tmp/${ARCHIVE}.decoded.sig" 75 | ``` 76 | 77 | Verify the signature bytes: 78 | 79 | ``` 80 | export ARCHIVE=cloudctl-linux-amd64.tar.gz 81 | openssl dgst -verify cloudctl.pem.pub.key -keyform PEM -sha256 -signature "/tmp/${ARCHIVE}.decoded.sig" -binary "${ARCHIVE}" 82 | ``` -------------------------------------------------------------------------------- /doc/verify.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Download public keys](#download-public-keys) 6 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 7 | - [Check Certificate/Key Validity](#check-certificatekey-validity) 8 | - [Verify that the certificate/key is owned by IBM:](#verify-that-the-certificatekey-is-owned-by-ibm) 9 | - [Verify authenticity of certificate/key:](#verify-authenticity-of-certificatekey) 10 | - [Optionally Validate Each Certificate Individually](#optionally-validate-each-certificate-individually) 11 | - [Verify that the certificate is still active:](#verify-that-the-certificate-is-still-active) 12 | - [Verify that the intermediate certificate is still active:](#verify-that-the-intermediate-certificate-is-still-active) 13 | - [Verify Archive](#verify-archive) 14 | 15 | 16 | 17 | # Download public keys 18 | 19 | Retrieve the latest public keys (example with wget): 20 | ``` 21 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/cloudctl.pub 22 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/cloudctl-chain0.pub 23 | wget https://raw.githubusercontent.com/IBM/cloud-pak-cli/master/cloudctl-chain1.pub 24 | ``` 25 | 26 | # Check Certificate/Key Validity and Archives 27 | 28 | ## Check Certificate/Key Validity 29 | 30 | #### Verify that the certificate/key is owned by IBM: 31 | 32 | ``` 33 | openssl x509 -inform pem -in cloudctl.pub -noout -text 34 | ``` 35 | 36 | #### Verify authenticity of certificate/key: 37 | 38 | ``` 39 | cat cloudctl-chain0.pub > chain.pub 40 | cat cloudctl-chain1.pub >> chain.pub 41 | 42 | openssl ocsp -no_nonce -issuer chain.pub -cert cloudctl.pub -VAfile chain.pub -text -url http://ocsp.digicert.com -respout ocsptest 43 | ``` 44 | 45 | Should see a message that contains: 46 | 47 | `Response verify OK` 48 | 49 | ## Optionally Validate Each Certificate Individually 50 | 51 | #### Verify that the certificate is still active: 52 | 53 | ``` 54 | openssl ocsp -no_nonce -issuer cloudctl-chain0.pub -cert cloudctl.pub -VAfile cloudctl-chain0.pub -text -url http://ocsp.digicert.com -respout ocsptest 55 | ``` 56 | 57 | Should see a message that contains: 58 | 59 | `Response verify OK` 60 | 61 | #### Verify that the intermediate certificate is still active: 62 | 63 | ``` 64 | openssl ocsp -no_nonce -issuer cloudctl-chain1.pub -cert cloudctl-chain0.pub -VAfile cloudctl-chain1.pub -text -url http://ocsp.digicert.com -respout ocsptest 65 | ``` 66 | 67 | Should see a message that contains: 68 | 69 | `Response verify OK` 70 | 71 | 72 | ## Verify Archive 73 | 74 | After completing verification of the certificate, extract public key: 75 | 76 | ``` 77 | openssl x509 -pubkey -noout -in cloudctl.pub > public.key 78 | ``` 79 | 80 | The public key is used to verify the tar archive: 81 | 82 | ``` 83 | openssl dgst -sha256 -verify public.key -signature 84 | ``` 85 | 86 | e.g. 87 | 88 | ``` 89 | openssl dgst -sha256 -verify public.key -signature cloudctl-darwin-amd64.tar.gz.sig cloudctl-darwin-amd64.tar.gz 90 | ``` 91 | 92 | Should see a message that contains: 93 | 94 | `Verified OK` --------------------------------------------------------------------------------