Appearance
plexctl cloud
Synopsis
plexctl cloud is the operator surface for the Cloud Inventory aggregate and the per-Cloud Cloud Credential listings. It wraps two /v1 surfaces under a single cobra parent:
/v1/clouds— CRUD on Clouds./v1/cloud-credentials(scoped to a Cloud) — list / get / revoke through the nestedplexctl cloud credentialsubgroup.
text
plexctl cloud <subcommand> [flags]
plexctl cloud credential <subcommand> [flags]Subcommands
plexctl cloud create
POSTs to /v1/clouds. Required flags: --slug, --display-name, --provider, --external-id, --endpoint, --region-defaults. The --endpoint and --region-defaults flags carry inline JSON objects that the per-provider validator family validates on the server.
plexctl cloud list
GETs /v1/clouds. Pagination is keyset-based via --cursor / --limit; the --all flag follows next_cursor until exhausted (mutually exclusive with --cursor).
plexctl cloud get <id>
GETs /v1/clouds/{id}. Local UUID validation rejects malformed id with exit 2.
plexctl cloud update <id>
PATCHes /v1/clouds/{id}. Only flags explicitly set on the command line are sent in the PATCH body. --slug and --provider are not exposed because the API rejects mutating them. An empty patch surfaces as 400 empty_patch.
plexctl cloud delete <id>
DELETEs /v1/clouds/{id}. Requires the persistent --yes flag. A Cloud with attached credentials returns 409 cloud_not_empty.
plexctl cloud credential list
GETs /v1/clouds/{id}/cloud-credentials (the --cloud-id flag is required). Metadata only; secret material is never returned on the read paths. Supports --limit and --cursor.
plexctl cloud credential get <id>
GETs /v1/cloud-credentials/{id} — metadata only.
plexctl cloud credential revoke <id>
POSTs /v1/cloud-credentials/{id}/revoke. Requires the persistent --yes flag and a required --reason string that is recorded on the revocation audit row.
Flags
plexctl cloud create
| Flag | Type | Required | Description |
|---|---|---|---|
--slug | string | yes | kebab-case URL handle. |
--display-name | string | yes | Human-readable Cloud name. |
--provider | enum | yes | Upstream provider: aws | azure. |
--external-id | string | yes | Upstream provider account identifier. |
--endpoint | JSON | yes | Provider-specific connection metadata. |
--region-defaults | JSON | yes | Provider-specific region/default metadata. |
plexctl cloud list
| Flag | Type | Required | Description |
|---|---|---|---|
--limit | int | no | Maximum items per page (server default when zero). |
--cursor | string | no | Continuation token from a previous call. |
--all | bool | no | Follow next_cursor until exhausted. Mutually exclusive with --cursor. |
plexctl cloud update <id>
| Flag | Type | Required | Description |
|---|---|---|---|
--display-name | string | no | New human-readable Cloud name. |
--endpoint | JSON | no | New endpoint metadata. |
--region-defaults | JSON | no | New region-defaults metadata. |
plexctl cloud delete <id>
| Flag | Type | Required | Description |
|---|---|---|---|
--yes (persistent) | bool | yes | Required confirmation for the destructive operation. |
plexctl cloud credential revoke <id>
| Flag | Type | Required | Description |
|---|---|---|---|
--reason | string | yes | Audit-recorded revocation rationale. |
--yes (persistent) | bool | yes | Required confirmation for the destructive operation. |
Persistent flags inherited from root
--server, --profile, --token-file, --output, --yes, --reveal-secrets. See ../plexctl.md for the canonical list.
Exit codes
See ../plexctl.md#exit-code-taxonomy.
Examples
Create a Cloud
shell
export PLEXSPHERE_URL="${PLEXSPHERE_URL:-https://localhost:8080}"
plexctl cloud create \
--server "${PLEXSPHERE_URL}" \
--slug acme-aws-prod \
--display-name "Acme AWS production" \
--provider aws \
--external-id "123456789012" \
--endpoint '{"region":"eu-central-1","partition":"aws"}' \
--region-defaults '{"default_region":"eu-central-1"}'Delete a Cloud (requires --yes)
shell
plexctl cloud delete 0190a8b8-a0c0-7a0a-8a0a-a0a0a0a0a0a0 \
--server "${PLEXSPHERE_URL}" \
--yes