pipeline egress rule
pipeline egress rule
In order to manage which public services a pipeline can access, their IP addresses or DNS names should be whitelisted.
These whitelists are then applied to all pipelines within the realm.
Such whitelists can be managed using the olp pipeline egress rule commands.
The OLP CLI supports the following:
- list egress rules
- create an egress rule
- show an egress rule
- delete an egress rule
- history show changes made to egress rules
- batch create multiple egress rules
pipeline egress rule list
Lists all egress rules within the realm.
olp pipeline egress rule list [filter] [command options]Optional parameters:
[filter]Freeform text used to filter the egress rule list. The filter checks if the egress ruleID,destination, ordestination typecontains thefilterstring.--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the list of egress rules in JSON format.--quietDisplays egress rule IDs, each on a new line.--scope <project HRN>Specifies the project HRN to use as the scope in the request. The value specified with--scopeoverrides any value forhere.token.scopeprovided in the credentials file used for the command.
For more information on using credentials and profiles, see Credentials setup.
Example without filtering:
The command below lists all the egress rules within the realm without any filtering.
olp pipeline egress rule listOutput:
ID destination destinationType created description
ee91d0ea-b45c-4d5e-b416-008b18b6504b weather.gov host 2025-11-24T22:17:10.754766Z Example rule
dcfe83c5-3c0a-45cb-8a48-d569160ceb2d example.com host 2025-11-23T21:16:15.680957Z Example rule
f146bb91-4cd3-438b-88dc-8af9eb8b8737 8.8.8.8 ipAddress 2025-11-22T20:15:36.510812Z Example rule
Use olp pipeline egress rule show <egress rule ID> to display more information about an egress ruleExample with filtering:
The command below lists all the egress rules within the realm that contain example.com in the egress rule ID,
destination, or destination type.
olp pipeline egress rule list example.comID destination destinationType created description
dcfe83c5-3c0a-45cb-8a48-d569160ceb2d example.com host 2025-11-23T21:16:15.680957Z Example rule
Use olp pipeline egress rule show <egress rule ID> to display more information about an egress rulepipeline egress rule create
Creates an egress rule for all pipelines within the realm.
olp pipeline egress rule create <egress rule destination> [command options]Required parameters:
<egress rule destination>IP address or DNS name for the egress rule. In DNS names, wildcards are only allowed in the leftmost part, and not immediately before a public suffix. For example,*.example.comis allowed, but*.*.com,*.com, and*.co.ukare not. Additionally, a DNS name cannot be a public suffix.
Optional parameters:
--description <egress rule description>The description of the egress rule.--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the created egress rule in JSON format.--quietDisplays the ID of the created egress rule.
For more information on using credentials and profiles, see Credentials setup.
Note::User or app must have the
OrgAdminrole within the realm in order to execute this command. For more information about this role, seeManage usersandManage appssections of theIdentity and Access Managementdeveloper guide.
Example:
The command below creates an egress rule for the *.weather.gov destination of the host type with
This is an example of egress rule creation description.
olp pipeline egress rule create *.weather.gov \
--description "This is an example of egress rule creation"olp pipeline egress rule create *.weather.gov ^
--description "This is an example of egress rule creation"Egress rule 3940d306-eaad-4d9f-bc76-4fc568d85c10 has been createdpipeline egress rule show
Shows the properties of the specified egress rule.
olp pipeline egress rule show <egress rule ID> [command options]Required parameters:
<egress rule ID>The ID of the egress rule to show.
Optional parameters:
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the egress rule properties in JSON format.--quietDisplays the egress rule description.--scope <project HRN>Specifies the project HRN to use as the scope in the request. The value specified with--scopeoverrides any value forhere.token.scopeprovided in the credentials file used for the command.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below displays the properties of the specified egress rule.
olp pipeline egress rule show ee91d0ea-b45c-4d5e-b416-008b18b6504bOutput:
Details of the egress rule:
created 2025-11-24T22:17:10.754766Z
destination weather.gov
description Example rule
destinationType host
realm realm
id ee91d0ea-b45c-4d5e-b416-008b18b6504bpipeline egress rule delete
Deletes the specified egress rule, making its destinations inaccessible to pipelines within the realm.
olp pipeline egress rule delete <egress rule ID> [command options]Required parameters:
<egress rule ID>The ID of the egress rule to delete.
Optional parameters:
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--quietDisplays empty output skipping additional information.
For more information on using credentials and profiles, see Credentials setup.
Note::User or app must have the
OrgAdminrole within the realm in order to execute this command. For more information about this role, seeManage usersandManage appssections of theIdentity and Access Managementdeveloper guide.
Example:
The command below deletes the specified egress rule.
olp pipeline egress rule delete 3940d306-eaad-4d9f-bc76-4fc568d85c10Output:
Egress rule 3940d306-eaad-4d9f-bc76-4fc568d85c10 has been deletedpipeline egress rule history show
Shows a list of changes applied to egress rules within the realm.
olp pipeline egress rule history show [command options]Optional parameters:
--rule-id <rule ID>Filters actions applied to egress rules to only include those with a rule ID that matches the specified value.--destination <destination>Filters actions applied to egress rules to only include those with a rule destination that matches the specified value.--principal <principal>Filters actions applied to egress rules to only include those with a principal that matches the specified value.--action <created|deleted>Filters actions applied to egress rules to only include those with an action type that matches the specified value.--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the command result in JSON format.--quietDisplays IDs of rules affected by changes, each on a new line.
For more information on using credentials and profiles, see Credentials setup.
Example without filtering:
The following command returns a list of changes without any filtering:
olp pipeline egress rule history showOutput:
ruleId action ruleDestination principal created
7191e364-2b32-4fd9-9bfb-021a4e3284ab created *.example.com wQal0uXi22E0z0kWSxVc 2025-10-22T10:18:12.724300153Z
7191e364-2b32-4fd9-9bfb-021a4e3284ab deleted *.example.com wQal0uXi22E0z0kWSxVc 2025-10-21T10:18:12.724336013Z
d2795aec-4756-4c87-a444-1abf97fb9298 created *.weather.gov wQal0uXi22E0z0kWSxVc 2025-10-20T10:18:12.724351586ZExample with filtering:
The following command returns a list of changes that are related to rules
with destinations that contain *.example.com:
olp pipeline egress rule history show --destination "*.example.com"Output:
ruleId action ruleDestination principal created
7191e364-2b32-4fd9-9bfb-021a4e3284ab created *.example.com wQal0uXi22E0z0kWSxVc 2025-10-22T10:18:12.724300153Z
7191e364-2b32-4fd9-9bfb-021a4e3284ab deleted *.example.com wQal0uXi22E0z0kWSxVc 2025-10-21T10:18:12.724336013Zpipeline egress rule batch create
Creates multiple egress rules for all pipelines within the realm.
olp pipeline egress rule batch create <path to configuraion file> [command options]Required parameters:
<path to configuraion file>The path to a local file that contains configuration for new egress rules in JSON format.
Optional parameters:
--credentials <path to credentials file>The name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal.--profile <profile name>The name of the credentials profile to use from theolpcli.inifile.--jsonDisplays the created egress rules in JSON format.--quietDisplays the IDs of the created egress rules.--scope <project HRN>Specifies the project HRN to use as the scope in the request. The value specified with--scopeoverrides any value forhere.token.scopeprovided in the credentials file used for the command.
For more information on using credentials and profiles, see Credentials setup.
Note::User or app must have the
OrgAdminrole within the realm in order to execute this command. For more information about this role, seeManage usersandManage appssections of theIdentity and Access Managementdeveloper guide.
Configuration file
Represents a JSON file containing the configurations of the egress rules that will be created.
Required fields:
destination (string)IP address or DNS name for the egress rule. In DNS names, wildcards are only allowed in the leftmost part, and not immediately before a public suffix. For example,*.example.comis allowed, but*.*.com,*.com, and*.co.ukare not. Additionally, a DNS name cannot be a public suffix.
Optional fields:
description (string)Additional information about the egress rule.
Configuration file example:
[
{
"description": "Example egress rule to open up connections to specified IP address.",
"destination": "127.0.0.1"
},
{
"description": "Example rule to open up connections to specified DNS hostname.",
"destination": "*.example.com"
}
]Example of the egress rule creation with only one egress rule specified in the configuration file:
The command below uses a configuration file that specifies only one egress rule.
olp pipeline egress rule batch create "path/to/config-with-single-rule.json"Egress rule 3940d306-eaad-4d9f-bc76-4fc568d85c10 has been createdExample of the egress rule creation with several egress rules specified in the configuration file:
The command below uses a configuration file that specifies several egress rules.
olp pipeline egress rule batch create "path/to/config-with-several-rules.json"Egress rules have been created
ID destination
ee91d0ea-b45c-4d5e-b416-008b18b6504b weather.gov
dcfe83c5-3c0a-45cb-8a48-d569160ceb2d example.com
f146bb91-4cd3-438b-88dc-8af9eb8b8737 8.8.8.8Updated 21 days ago