aserto-dev
diff --git a/‎docs/command-line-interface/ds-load-cli/installation.mdx‎
Lines changed: 23 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/installation.mdx‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/auth0.mdx‎
Lines changed: 55 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/auth0.mdx‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/azuread.mdx‎
Lines changed: 51 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/azuread.mdx‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/cognito.mdx‎
Lines changed: 52 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/cognito.mdx‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/custom.mdx‎
Lines changed: 50 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/custom.mdx‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/google.mdx‎
Lines changed: 74 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/google.mdx‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎docs/command-line-interface/ds-load-cli/plugins/ldap.mdx‎
Lines changed: 76 additions & 0 deletions b/‎docs/command-line-interface/ds-load-cli/plugins/ldap.mdx‎
Lines changed: 76 additions & 0 deletions
@@ -0,0 +1,23 @@
+---
+sidebar_label: Installation
+title: Installing the ds-load CLI and plugins
+description: ds-load CLI installation instructions
+---
+
+# Installation
+
+The `ds-load` CLI and plugins are available on Linux, macOS, and Windows platforms.
+
+- Via Homebrew for macOS or LinuxBrew for Linux
+
+  ```shell
+  brew tap aserto-dev/tap && brew install ds-load
+  ```
+
+- Via WinGet for Windows
+
+  ```
+  winget install Aserto.DSLoad
+  ```
+
+- Binaries for Linux, Windows, and Mac are available as tarballs on the GitHub [release](https://github.com/aserto-dev/ds-load/releases) page.
@@ -0,0 +1,55 @@
+---
+sidebar_label: Auth0
+---
+
+# Auth0 plugin
+
+## Usage
+
+```sh
+Usage: ds-load-auth0 <command>
+
+auth0 directory loader
+
+Commands:
+  version             version information
+  fetch               fetch auth0 data
+  transform           transform auth0 data
+  export-transform    export default transform template
+  exec                fetch and transform auth0 data
+  verify              verify fetcher configuration and credentials
+
+Flags:
+  -h, --help                  Show context-sensitive help.
+  -c, --config=CONFIG-FLAG    Configuration file path
+  -v, --verbosity=INT         Use to increase output verbosity.
+
+Run "ds-load-auth0 <command> --help" for more information on a command.
+```
+
+## Arguments
+
+The Auth0 plugin supports the following arguments:
+
+```sh
+  -d, --domain=STRING             auth0 domain ($AUTH0_DOMAIN)
+  -i, --client-id=STRING          auth0 client id ($AUTH0_CLIENT_ID)
+  -s, --client-secret=STRING      auth0 client secret ($AUTH0_CLIENT_SECRET)
+      --connection-name=STRING    auth0 connection name ($AUTH0_CONNECTION_NAME)
+      --user-pid=STRING           auth0 user PID of the user you want to read ($AUTH0_USER_PID)
+      --user-email=STRING         auth0 user email of the user you want to read ($AUTH0_USER_EMAIL)
+      --[no-]roles                include roles ($AUTH0_ROLES)
+      --[no-]rate-limit           enable http client rate limiter
+```
+
+## Transform
+
+The Auth0 plugin can retrieve both users and roles, and transform these into directory user objects, identity objects, roles, and relationships between these.
+
+To export the default transform, use:
+
+`ds-load auth0 export-transform`
+
+You can use this as the basis for your own transform, which can be tweaked for a different mapping between Auth0 and directory objects and relations.
+
+To learn about the transformation language, refer to the [transform](/docs/command-line-interface/ds-load-cli/transform) docs.
@@ -0,0 +1,51 @@
+---
+sidebar_label: Azure AD
+---
+
+# Azure AD plugin
+
+## Usage
+
+```sh
+Usage: ds-load-azuread <command>
+
+AzureAD directory loader
+
+Commands:
+  version             version information
+  fetch               fetch Azure AD data
+  transform           transform Azure AD data
+  export-transform    export default transform template
+  exec                fetch and transform Azure AD data
+  verify              verify fetcher configuration and credentials
+
+Flags:
+  -h, --help                  Show context-sensitive help.
+  -c, --config=CONFIG-FLAG    Configuration file path
+  -v, --verbosity=INT         Use to increase output verbosity.
+
+Run "ds-load-azuread <command> --help" for more information on a command.
+```
+
+## Arguments
+
+The Azure AD plugin supports the following arguments:
+
+```sh
+  -a, --tenant=STRING           AzureAD tenant ($AZUREAD_TENANT)
+  -i, --client-id=STRING        AzureAD Client ID ($AZUREAD_CLIENT_ID)
+  -s, --client-secret=STRING    AzureAD Client Secret ($AZUREAD_CLIENT_SECRET)
+  -r, --refresh-token=STRING    AzureAD Refresh Token ($AZUREAD_REFRESH_TOKEN)
+```
+
+## Transform
+
+The Azure AD plugin can retrieve both users and groups, and transform these into directory user objects, identity objects, groups, and relationships between these.
+
+To export the default transform, use:
+
+`ds-load azuread export-transform`
+
+You can use this as the basis for your own transform, which can be tweaked for a different mapping between Azure AD and directory objects and relations.
+
+To learn about the transformation language, refer to the [transform](/docs/command-line-interface/ds-load-cli/transform) docs.
@@ -0,0 +1,52 @@
+---
+sidebar_label: Cognito
+---
+
+# Cognito plugin
+
+## Usage
+
+```sh
+Usage: ds-load-cognito <command>
+
+Cognito directory loader
+
+Commands:
+  version             version information
+  fetch               fetch cognito data
+  transform           transform cognito data
+  export-transform    export default transform template
+  exec                fetch and transform cognito data
+  verify              verify fetcher configuration and credentials
+
+Flags:
+  -h, --help                  Show context-sensitive help.
+  -c, --config=CONFIG-FLAG    Configuration file path
+  -v, --verbosity=INT         Use to increase output verbosity.
+
+Run "ds-load-cognito <command> --help" for more information on a command.
+```
+
+## Arguments
+
+The Cognito plugin supports the following arguments:
+
+```sh
+  -k, --access-key=STRING      AWS Access Key ($AWS_ACCESS_KEY)
+  -s, --secret-key=STRING      AWS Secret Key ($AWS_SECRET_KEY)
+  -p, --user-pool-id=STRING    AWS Cognito User Pool ID ($AWS_COGNITO_USER_POOL_ID)
+  -r, --region=STRING          AWS Region ($AWS_REGION)
+  -g, --[no-]groups            Retrieve Cognito groups ($AWS_COGNITO_GROUPS)
+```
+
+## Transform
+
+The Cognito plugin can retrieve both users and groups, and transform these into directory user objects, identity objects, group objects, and relationships between these.
+
+To export the default transform, use:
+
+`ds-load cognito export-transform`
+
+You can use this as the basis for your own transform, which can be tweaked for a different mapping between Cognito and directory objects and relations.
+
+To learn about the transformation language, refer to the [transform](/docs/command-line-interface/ds-load-cli/transform) docs.
@@ -0,0 +1,50 @@
+---
+sidebar_label: Custom Plugins
+---
+
+# Writing a custom plugin
+
+Plugins have a simple contract with the host `ds-load` command. They can be written in any language.
+
+A set of go packages can be used as a "mini-SDK" for building custom plugins in go. This eliminates much of the "boilerplate" of writing a plugin, including commands like `export-transform`, providing help, and so on.
+
+The plugins that come with `ds-load` can all be found [here](https://github.com/aserto-dev/ds-load/tree/main/plugins). They can be used as a guide for how to write a custom plugin for a new data source.
+
+In addition, a standalone plugin for importing Hubspot data into the directory can be found [here](https://github.com/aserto-demo/ds-load-hubspot). This shows how to properly import the `ds-load` SDK in an external plugin.
+
+## Retrieving data
+
+Most of the "heavy lifting" of building a plugin involves retrieving data from the source. The Hubspot plugin uses the Hubspot REST API, and can easily be adapted to any other service that supports a REST interaction pattern.
+
+## Transforming into objects and relations
+
+The other main task is to author the default transform for the plugin. The [transformation](/docs/command-line-interface/ds-load-cli/transform.mdx) docs provide an annotated walkthrough of the Auth0 default transform, which can act as a guide.
+
+The Hubspot sample plugin also has a default transform that shows how to create objects of different types, and relationships between them.
+
+## Installation
+
+To have `ds-load` pick up your custom plugin, simply call it `ds-load-<plugin-name>` and copy the binary to `~/.ds-load/plugins`.
+
+```sh
+ls -l ~/.ds-load/plugins
+total 32000
+-rwxr-xr-x  1 ogazitt  staff    16M Aug  3 10:50 ds-load-hubspot*```
+```
+
+To verify that `ds-load` can load your plugin, use `ds-load exec --help`. Note that `hubspot` is in the list of available commands:
+
+```sh
+Usage: ds-load exec <command> ...
+
+import data in directory by running fetch, transform and publish
+
+Arguments:
+  <command> ...    available commands are: hubspot|auth0|azuread|cognito|google|okta
+```
+
+## Need help?
+
+Please drop us a line in our [community slack](https://aserto.com/slack) if you need help writing a custom plugin!  Also, we're happy to evaluate and accept new providers written by the community via a Pull Request in the [ds-load](https://github.com/aserto-dev/ds-load) repository.
+
+Submitted plugins should follow the same design patterns as existing providers, and live in the [plugins](https://github.com/aserto-dev/ds-load/tree/main/plugins) directory.
@@ -0,0 +1,74 @@
+---
+sidebar_label: Google Workspace
+---
+
+# Google Workspace plugin
+
+## Usage
+
+```sh
+Usage: ds-load-google <command>
+
+Google Workspace directory loader
+
+Commands:
+  version              version information
+  fetch                fetch google workspace data
+  transform            transform google workspace data
+  export-transform     export default transform template
+  exec                 fetch and transform google workspace data
+  get-refresh-token    obtain a refresh token from GCP
+  verify               verify fetcher configuration and credentials
+
+Flags:
+  -h, --help                  Show context-sensitive help.
+  -c, --config=CONFIG-FLAG    Configuration file path
+  -v, --verbosity=INT         Use to increase output verbosity.
+
+Run "ds-load-google <command> --help" for more information on a command.
+```
+
+## Arguments
+
+The Google Workspace plugin supports the following arguments:
+
+```sh
+  -i, --client-id=STRING          Google Client ID ($GOOGLE_CLIENT_ID)
+  -s, --client-secret=STRING      Google Client Secret ($GOOGLE_CLIENT_SECRET)
+  -r, --refresh-token=STRING      Google Refresh Token ($GOOGLE_REFRESH_TOKEN)
+  -g, --groups                    Retrieve Google groups ($GOOGLE_GROUPS)
+      --customer="my_customer"    Google Workspace Customer field ($GOOGLE_CUSTOMER)
+```
+
+## Obtaining a refresh token
+
+Once you've created an OAuth application in the Google Cloud Console, the Google Workspace plugin can generate a refresh token for you.
+
+```sh
+Usage: ds-load-google get-refresh-token --client-id=STRING --client-secret=STRING
+
+obtain a refresh token from GCP
+
+Flags:
+  -h, --help                    Show context-sensitive help.
+  -c, --config=CONFIG-FLAG      Configuration file path
+  -v, --verbosity=INT           Use to increase output verbosity.
+
+  -i, --client-id=STRING        Google Client ID ($GOOGLE_CLIENT_ID)
+  -s, --client-secret=STRING    Google Client Secret ($GOOGLE_CLIENT_SECRET)
+  -p, --port=8761               Port number to run callback server on ($GOOGLE_PORT)
+```
+
+This refresh token can then be passed (along with the Client ID and Client Secret) to complete the configuration of the Google Workspace plugin.
+
+## Transform
+
+The Google Workspace plugin can retrieve both users and groups, and transform these into directory user objects, identity objects, group objects, and relationships between these.
+
+To export the default transform, use:
+
+`ds-load google export-transform`
+
+You can use this as the basis for your own transform, which can be tweaked for a different mapping between Google Workspace and directory objects and relations.
+
+To learn about the transformation language, refer to the [transform](/docs/command-line-interface/ds-load-cli/transform) docs.
@@ -0,0 +1,76 @@
+---
+sidebar_label: LDAP
+---
+
+# LDAP plugin
+
+## Usage
+```sh
+Usage: ds-load-ldap <command>
+
+ldap directory loader
+
+Commands:
+  version             version information
+  fetch               fetch ldap data
+  transform           transform ldap data
+  export-transform    export default transform template
+  exec                fetch and transform ldap data
+  verify              verify fetcher configuration and credentials
+
+Flags:
+  -h, --help                  Show context-sensitive help.
+  -c, --config=CONFIG-FLAG    Configuration file path
+  -v, --verbosity=INT         Use to increase output verbosity.
+
+Run "ds-load-ldap <command> --help" for more information on a command.
+```
+
+## Arguments
+
+The LDAP plugin supports the following arguments:
+
+```sh
+  -h, --help                                                   Show context-sensitive help.
+  -c, --config=CONFIG-FLAG                                     Configuration file path
+  -v, --verbosity=INT                                          Use to increase output verbosity.
+
+  -u, --user=STRING                                            LDAP user ($LDAP_USER)
+  -p, --password=STRING                                        LDAP password ($LDAP_PASSWORD)
+  -s, --host=STRING                                            LDAP host ($LDAP_HOST)
+  -b, --base-dn="dc=example,dc=org"                            LDAP base DN ($LDAP_BASE_DN)
+  -f, --user-filter="(&(objectClass=organizationalPerson))"    LDAP user filter ($LDAP_USER_FILTER)
+  -g, --group-filter="(&(objectClass=groupOfNames))"           LDAP group filter ($LDAP_GROUP_FILTER)
+  -i, --insecure                                               Allow insecure LDAP connection ($LDAP_INSECURE)
+  -U, --id-field="objectGUID"                                  LDAP field to use as ID ($LDAP_ID_FIELD)
+  -t, --template=STRING                                        transformation template file path ($DS_TEMPLATE_FILE)
+```
+
+## Transform
+
+The LDAP plugin can retrieve both users and groups, and transform these into directory user objects, identity objects, groups, and relationships between these.
+
+To export the default transform, use:
+
+`ds-load ldap export-transform`
+
+You can use this as the basis for your own transform, which can be tweaked for a different mapping between LDAP and directory objects and relations.
+
+To learn about the transformation language, refer to the [transform](/docs/command-line-interface/ds-load-cli/transform) docs.
+
+
+## Config example
+```
+---
+host: "directory.prod.aserto.com:8443"
+api-key: "<your-directory-api-key>"
+tenant-id: "<your-tenant-id>"
+ldap:
+  base-dn: "dc=aserto,dc=com"
+  user: "CN=aserto,CN=Users,DC=aserto,DC=com"
+  password: "<ldap-user-password>"
+  host: "ldap://localhost:1389"
+  user-filter: "(&(objectClass=organizationalPerson))"
+  group-filter: "(&(objectClass=group))"
+  id-field: "objectGUID"
+```