Entities

An entity is an object that represents a software construct. A defined collection of entities is known as a catalog. All entities are represented in YAML, can pull in data from integrations, and can be Scorecarded. Every entity has an overview page in Cortex where you can view more details about it.

Entity types

You can create your own entity types or use one of the default entity types.

By default, Cortex supports the following entity types:

• Services: The default type and the core of your catalog, used for entities such as microservices, libraries, components, etc – essentially any codebase-like module.
• Domains: An entity that allows you to group your services, resources, and other domains into hierarchical, logical units
• Teams: An entity to store all of your team data
• Cortex also supports pulling in resources directly from AWS, Azure Resources, and Google Cloud as their corresponding types out of the box

Learn more about custom and default entity types below.

Defining entities via YAML file

Whether you use the UI or GitOps to manage entities, every entity in your Cortex catalogs is defined by a YAML file called the Cortex entity descriptor, also referred to as an entity's Cortex YAML (stemming from cortex.yaml, the name of the file that powers the GitOps approach.)

Each file is a fully compliant OpenAPI 3 spec file, with our own Cortex-specific extensions.

You can still use Cortex if you don't use OpenAPI/Swagger!

We use the OpenAPI spec as a base for entity metadata, since it's an open spec with official support for extensions. That lets us extend it to be an entity descriptor spec with optional usage of actual OpenAPI fields.

Adding metadata to the entity descriptor

Any additional metadata you want to add to your descriptor belongs in the info section. Throughout the docs, you'll see snippets that start with x-cortex-* – make sure to add this to the info section.

Note that it is not currently supported to include comments in YAML files.

Managing entities

Editing in the UI or via GitOps

By default, your account is configured to edit entities through the UI. We recommend starting with the UI editor, which includes a built-in YAML editor, then switching over to GitOps when ready for a wider rollout.

If you want to use GitOps to manage your entity YAML files, you can change this setting:

1. In Cortex, navigate to Settings > Entities and click the GitOps tab.
2. Under "Options by entity type," click the toggles under UI editing to enable UI editing for each entity type.

When using GitOps, you can define any number of entities in any repository.

• Domain definitions should live in the .cortex/domains directory in your repository.
• Team definitions should live in the .cortex/teams directory in your repository.

You may store all of your entity definitions in a single repository or you can store the YAML in the repository of the corresponding service.

See the single repository example below:

.
└── .cortex
    ├── catalog
    │   ├── database.yml
    │   ├── s3-bucket.yml
    │   ├── auth-service.yml
    │   └── billing-service.yml
    ├── domains
    │   ├── billing-domain.yml
    │   └── health-domain.yml
    ├── teams
    │   ├── eng-team.yml
    │   └── sre-team.yml

Unique identifiers for entities

Entity tag

The entity tag - the value of x-cortex-tag in an entity's YAML file - is a unique identifier that's used throughout Cortex. For example, the entity tag is used to declare dependencies on other entities or look up information using the Cortex Slack Bot.

The entity tag must be globally unique across all entities. It is possible to customize the entity tag.

Cortex ID

A Cortex ID (CID) is a unique, immutable entity ID that can be used outside of Cortex for historical tracking and reporting. It can be used in the API, in CQL queries, in-app, and you can use it with the Cortex Slack Bot. The ID is automatically generated by Cortex and it is 18 characters in length.

In Cortex, the CID for an entity appears in the URL for an entity and at the top of an entity page:

The CID does not appear in an entity's YAML file, as it cannot be modified.

Understanding the entity types

See the tabs below to learn more about services, domains, teams, and custom entity types.

Service entities

Service entities

Service entity descriptor

A barebones spec file has the OpenAPI version, along with an info section that contains some basic details.

openapi: 3.0.1
info:
  title: My Service
  description: This is my cool service.
  x-cortex-tag: my-service
  x-cortex-type: service

Required fields

The only required fields under info are the title, x-cortex-tag, and x-cortex-type. The description is optional, but we highly recommend adding descriptions to all of your entities.

Example cortex.yaml for a service

openapi: 3.0.1
info:
  title: Chat Service
  description: Chat service is responsible for handling chat feature.
  x-cortex-tag: chat-service
  x-cortex-type: service
  x-cortex-parents: # parents can be of type domain only
  - tag: notifications-domain
  - tag: support-domain
  x-cortex-groups:
  - python
  x-cortex-owners:
  - type: group
    name: Delta
    provider: OKTA
    description: Delta Team
  x-cortex-slack:
    channels:
    - name: delta-team
      notificationsEnabled: true
      description: This is a description for the delta-team Slack channel # optional
  x-cortex-link:
  - name: Chat ServiceAPI Spec
    type: OPENAPI
    url: ./docs/chat-service-openapi-spec.yaml
  x-cortex-custom-metadata:
    core-service: true
  x-cortex-dependency:
    - tag: authentication-service
    - tag: chat-database
  x-cortex-git:
    github:
      repository: org/chat-service
  x-cortex-oncall:
    pagerduty:
      id: ASDF1234
      type: SCHEDULE
  x-cortex-apm:
    datadog:
      monitors:
        - 12345
  x-cortex-issues:
    jira:
      projects:
        - CS

Domain entities

Domain entities

Domain entities allow you to group all of your entities into hierarchical, logical units.

For example, you could represent Cortex's Scorecards system in the following hierarchy:

Scorecards [Domain]
└── CQL [Domain]
|   ├── Parser [Service]
└── Evaluator [Domain]
|   ├── Async Evaluator Service [Service]
|   ├── Scorecard Cache [Service]

Domain entity descriptor

If your entity is a domain, you must also specify x-cortex-type as domain. You can read more about the Domains catalog here.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool domain.
  x-cortex-tag: payments-domain
  x-cortex-type: domain

Domain hierarchies

You can define a list of other entities as children for a domain, allowing you to represent a hierarchy of how your entities are modeled across your workspace. This hierarchy is available to look at across catalog pages that contain domains, such as the default Domains catalog. It can also be used to inherit ownership across different levels.

These can be defined in two ways:

• From the parent entity YAML
  • Define children entities using the x-cortex-children tag in the parent entity YAML.
• From the child entity YAML
  • Define parent entities using the x-cortex-parents tag in the child entity YAML.

While defining these relationships top-down (on the parent entity) or bottom-up (on the child entity) will both result in a hierarchy, you may choose one or the other depending on your workflow. For example, if you are frequently making changes to a group of children domains, it may be more efficient to have the children defined on the parent YAML.

Domain children

Define a list of other entities as children for a domain, allowing you to represent a hierarchy of how your entities are modeled across your workspace using the x-cortex-children tag.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool domain.
  x-cortex-tag: payments-domain
  x-cortex-type: domain
  x-cortex-children:
  - tag: child-domain-1
  - tag: child-service-1
  - tag: child-resource-1

Domain parents

Define another entity as the parent for a domain, allowing you to represent a hierachy of how your entities are modeled across your workspace using the x-cortex-parents tag.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool domain.
  x-cortex-tag: payments-domain
  x-cortex-parents:
  - tag: parent-domain-1
  - tag: parent-domain-2

Note: Parents must be of type domain.

Ownership inheritance

A common use case for domains is defining ownership for the subtree of entities. Instead of defining ownership individually for every entity in your catalog, you can define ownership at the domain level and have that pass down to all of its children.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool domain.
  x-cortex-tag: payments-domain
  x-cortex-type: domain
  x-cortex-owners:
      - type: GROUP
        name: cortexapps/engineering
        provider: GITHUB
        inheritance: APPEND

The inheritance type for each owner can be one of APPEND, FALLBACK, or NONE. If not set, inheritance is defaulted to NONE.

• APPEND: This owner is appended to the list of owners for all child entities.
• FALLBACK: In the case where a child has no valid owners, including fallbacks, this fallback will be assigned as the owner. Note that this only applies to a child entity down the hierarchy; it is not the fallback for the parent domain itself.
• NONE: This owner owns the domain, but not necessarily any of its children (no inheritance).

Example cortex.yaml

Note: the YAML definition for a domain entity can take file names other than cortex.yaml or cortex.yml; please refer to the Domains catalog for more details.

openapi: 3.0.1
info:
  title: Chat
  description: Chat domain.
  x-cortex-tag: chat-domain
  x-cortex-type: domain
  x-cortex-children: # children can be of type service, resource, or domain
    - tag: chat-service
    - tag: chat-database
  x-cortex-parents: # parents can be of type domain only
    - tag: payments-domain
    - tag: web-domain
  x-cortex-owners:
    - type: group
      name: Support
      provider: OKTA
      description: Support Team
  x-cortex-slack:
    channels:
    - name: support-team
      notificationsEnabled: true
      description: This is a description for the support-team Slack channel # optional
  x-cortex-oncall:
    pagerduty:
      id: ASDF2345
      type: SCHEDULE
  x-cortex-apm:
    datadog:
      monitors:
        - 23456

Team entities

Team entities

Team entities allow you to store all of your team data in Cortex. Your other entities can then interact with your teams by providing a x-cortex-owners field in their entity descriptors. You can add teams from integrations or you can manually create teams (these are referred to as Cortex-managed teams).

Teams can be created in the Cortex UI or via the Cortex API.

Adding teams from integrations

When you integrate with an application that includes teams, you can import the team and its members into Cortex. Each integration syncs teams daily.

Teams from the following integrations can be imported:

• Azure DevOps
• BambooHR
• Entra ID (formerly Azure Active Directory)
• GitHub
• GitLab
• Google
• Okta
• Opsgenie
• ServiceNow
  • Before following the import process, you must configure table mappings.
• Workday

  • For the Workday integration, you can enable automatic import of discovered teams.

After configuring an integration that includes teams, follow these steps to import teams:

1. In the main nav of Cortex, click Catalogs > Teams.
2. On the right side of the Teams page, click Create team.
3. On the "Import entities" page, select the integration you are importing teams from.
   • If your expected teams do not appear, click Sync teams in the upper left corner of the "Import teams" page.
4. A list of discovered entities will appear at the bottom of the page. Click the team you want to add.
5. When you click a team, you will be redirected to the "Team details" page where you can configure basic details, Slack channels, parent and children teams, on-call, and links. When you are finished, click Save team at the bottom of the page.

Adding Cortex-managed teams

You can manually create teams in Cortex and define them in the entity descriptor.

Team entity descriptor

If your entity is a team, you must also specify x-cortex-type as team. You can read more about the Teams catalog here.

openapi: 3.0.1
info:
  title: Payments Team
  description: This is my cool team.
  x-cortex-tag: payments-team
  x-cortex-type: team

The x-cortex-team tag has two main sections: groups and members.

Adding groups to the team entity descriptor

Use groups to link your team entity with a team on a different platform that you have integrated with Cortex. You can only link one group to a team entity.

For example, you can specify:

openapi: 3.0.1
info:
  title: Example Team
  description: My Cool Team
  x-cortex-type: team
  x-cortex-tag: example-team
  x-cortex-team:
      groups:
      - name: okta-security-team
        provider: OKTA

Under groups, when you specify okta-security-team, your team will contain all the members from your okta-security-team.

Now, if you specify the okta-security-team in your x-cortex-owners on any of your other entities, they will automatically recognize example-team as a team that owns their entity.

Adding team members to the team entity descriptor

members can be used to add individual members to your team when you have a use case for a team entity that doesn't correspond exactly to a team on one of your integrations. Members support roles. For example, the following entity includes a member who has the product-manager role and a member who has both the engineering-manager role and manager role:

openapi: 3.0.1
info:
  title: Example Team
  description: My Cool Team
  x-cortex-type: team
  x-cortex-tag: example-team
  x-cortex-team:
      members:
      - name: Product Manager
        email: product-manager@cortex.io
        notificationsEnabled: true
        roles: 
          - tag: product-manager
      - name: Engineering Manager
        email: engineering-manager@cortex.io
        notificationsEnabled: true
        roles: 
          - tag: engineering-manager
          - tag: manager 

After specifying the YAML example above, your team now will contain Product Manager and Engineering Manager. If product-manager@cortex.io or engineering-manager@cortex.io were to correspond with the email of an actual account in Cortex, they would start seeing example-team being displayed as a team that they're a part of (i.e., it would start showing up in their Mine tab in catalogs that contain teams).

Roles must be defined for your workspace in your Entity Settings page, under the "Teams" tab. For more information about adding roles, see Getting Started > Teams.

tip

The role field in member is optional.

caution

In order to be considered valid, a team must have a non-empty group as described in the section above.

Team children

You can define a list of other teams as children, allowing you to represent a hierarchy of how your teams are modeled across your workspace, using the x-cortex-children tag.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool team.
  x-cortex-tag: payments-team
  x-cortex-type: team
  x-cortex-children:
  - tag: child-team-1
  - tag: child-team-2

This hierarchy is available to look at in the Teams catalog page.

Team parents

Team children allow you to define the team relationship from the top-down, but in some cases it may be easier to define the team hierarchy from the bottom-up. For these cases, x-cortex-parents can be added to any entity's YAML to define its parents.

openapi: 3.0.1
info:
  title: Payments
  description: This is my cool team.
  x-cortex-tag: payments-team
  x-cortex-type: team
  x-cortex-parents:
  - tag: parent-team-1
  - tag: parent-team-2

Example cortex.yaml

Note: the YAML definition for a team entity can take file names other than cortex.yaml or cortex.yml; please refer to the Teams catalog for more details.

openapi: 3.0.1
info:
  title: Chat Team
  description: Chat team.
  x-cortex-tag: chat-team
  x-cortex-type: team
  x-cortex-team:
      groups:
      - name: okta-chat-team
        provider: OKTA
      members:
      - name: Product Manager
        email: product-manager@cortex.io
        notificationsEnabled: true
      - name: Engineering Manager
        email: engineering-manager@cortex.io
        notificationsEnabled: true
  x-cortex-children: # children can be of type team
    - tag: chat-infra-team
    - tag: chat-sre-team
  x-cortex-slack:
    channels:
    - name: chat-team
      notificationsEnabled: true
      description: This is a description for the chat-team Slack channel # optional
  x-cortex-oncall:
    pagerduty:
      id: ASDF2345
      type: SCHEDULE

Custom entities

Custom entity types

Custom entity type descriptor

It is possible to define custom entity types.

If your entity is of a different type, you must specify x-cortex-type and x-cortex-definition. The x-cortex-definition field is validated against the entity type definition. If your custom entity type does not have specific requirements, entities of that type still need a non-null definition specified, like x-cortex-definition: {}.

openapi: 3.0.1
info:
  title: My Database
  description: This is my cool MySQL database.
  x-cortex-tag: my-database
  x-cortex-type: mysql
  x-cortex-definition:
    version: 8.0.29
    distribution: percona

Example cortex.yaml

Note: the YAML definition for a custom entity can use file names other than cortex.yaml or cortex.yml. Please refer to the entity types for more details.

openapi: 3.0.1
info:
  title: Chat Database
  description: Chat service's database.
  x-cortex-tag: chat-database
  x-cortex-type: rds
  # x-cortex-definition is required for custom x-cortex-type
  x-cortex-parents: # parents can be of type domain only
  - tag: notifications-domain
  - tag: support-domain
  x-cortex-owners:
    - type: group
      name: CloudOps
      provider: OKTA
      description: Cloud Operations Team
  x-cortex-slack:
    channels:
    - name: cloudops-team
      notificationsEnabled: true
      description: This is a description for the cloudops-team Slack channel # optional
  x-cortex-oncall:
    pagerduty:
      id: ASDF2345
      type: SCHEDULE
  x-cortex-apm:
    datadog:
      monitors:
        - 23456