iam.md

Documentation for scw iam

IAM API.

• API keys management commands
  • Create an API key
  • Delete an API key
  • Get an API key
  • List API keys
  • Update an API key
• Applications management commands
  • Create a new application
  • Delete an application
  • Get an existing application
  • List applications of an organization
  • Update an existing application
• Groups management commands
  • Add a user of an application to a group
  • Create a new group
  • Delete a group
  • Get a group
  • List groups
  • Remove a user or an application from a group
  • Update a group
• JWTs management commands
  • Delete a JWT
  • Get a JWT
  • List JWTs
• Permission sets management commands
  • List permission sets
• Policies management commands
  • Create a new policy
  • Delete a policy
  • Get an existing policy
  • List policies of an organization
  • Update an existing policy
• Rules management commands
  • List rules of an existing policy
  • Set rules of an existing policy
• SSH keys management commands
  • Create an SSH key
  • Delete an SSH key
  • Get an SSH key
  • Initialize SSH key
  • List SSH keys
  • Update an SSH key
• Users management commands
  • Delete a guest user from an organization
  • Retrieve a user from its ID
  • List users of an organization

API keys management commands

API keys management commands.

Create an API key

Create an API key.

Usage:

scw iam api-key create [arg=value ...]

Args:

Name		Description
application-id		ID of application principal
user-id		ID of user principal
expires-at		Expiration date of the API key
default-project-id		The default project ID to use with object storage
description		The description of the API key (max length is 200 chars)

Delete an API key

Delete an API key.

Usage:

scw iam api-key delete <access-key ...> [arg=value ...]

Args:

Name		Description
access-key	Required	Access key to delete

Examples:

Delete a given API key

scw iam api-key delete SCW00000000000

Get an API key

Get an API key.

Usage:

scw iam api-key get <access-key ...> [arg=value ...]

Args:

Name		Description
access-key	Required	Access key to search for

List API keys

List API keys.

Usage:

scw iam api-key list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc, expires_at_asc, expires_at_desc, access_key_asc, access_key_desc	Criteria for sorting results
application-id	Deprecated	ID of an application bearer
user-id	Deprecated	ID of a user bearer
editable		Filter out editable API keys or not
expired		Filter out expired API keys or not
access-key		Filter out by access key
description		Filter out by description
bearer-id		Filter out by bearer ID
bearer-type	One of: unknown_bearer_type, user, application	Filter out by type of bearer
organization-id	Required Default: <retrieved from config>	ID of organization

Update an API key

Update an API key.

Usage:

scw iam api-key update <access-key ...> [arg=value ...]

Args:

Name		Description
access-key	Required	Access key to update
default-project-id		The new default project ID to set
description		The new description to update

Applications management commands

Applications management commands.

Create a new application

Create a new application.

Usage:

scw iam application create [arg=value ...]

Args:

Name		Description
name	Required Default: <generated>	Name of application to create (max length is 64 chars)
description		Description of application (max length is 200 chars)
organization-id		Organization ID to use. If none is passed the default organization ID will be used

Delete an application

Delete an application.

Usage:

scw iam application delete <application-id ...> [arg=value ...]

Args:

Name		Description
application-id	Required	ID of application to delete

Get an existing application

Get an existing application.

Usage:

scw iam application get <application-id ...> [arg=value ...]

Args:

Name		Description
application-id	Required	ID of application to find

List applications of an organization

List applications of an organization.

Usage:

scw iam application list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc, name_asc, name_desc	Criteria for sorting results
name		Name of application to filter
editable		Filter out editable applications or not
application-ids.{index}		Filter out by a list of ID
organization-id	Required Default: <retrieved from config>	ID of organization to filter

Update an existing application

Update an existing application.

Usage:

scw iam application update <application-id ...> [arg=value ...]

Args:

Name		Description
application-id	Required	ID of application to update
name		New name of application (max length is 64 chars)
description		New description of application (max length is 200 chars)

Groups management commands

Groups management commands.

Add a user of an application to a group

Add a user of an application to a group.

Usage:

scw iam group add-member <group-id ...> [arg=value ...]

Args:

Name		Description
group-id	Required	ID of group
user-id		ID of the user to add
application-id		ID of the application to add

Create a new group

Create a new group.

Usage:

scw iam group create [arg=value ...]

Args:

Name		Description
name	Required Default: <generated>	Name of the group to create (max length is 64 chars). MUST be unique inside an organization
description		Description of the group to create (max length is 200 chars)
organization-id		Organization ID to use. If none is passed the default organization ID will be used

Examples:

Create a group

scw iam group create name=foobar

Delete a group

Delete a group.

Usage:

scw iam group delete <group-id ...> [arg=value ...]

Args:

Name		Description
group-id	Required	ID of group to delete

Examples:

Delete a given group

scw iam group delete 11111111-1111-1111-1111-111111111111

Get a group

Get a group.

Usage:

scw iam group get <group-id ...> [arg=value ...]

Args:

Name		Description
group-id	Required	ID of group

List groups

List groups.

Usage:

scw iam group list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc, name_asc, name_desc	Sort order of groups
name		Name of group to find
application-ids.{index}		Filter out by a list of application ID
user-ids.{index}		Filter out by a list of user ID
group-ids.{index}		Filter out by a list of group ID
organization-id	Default: <retrieved from config>	Filter by organization ID

Remove a user or an application from a group

Remove a user or an application from a group.

Usage:

scw iam group remove-member <group-id ...> [arg=value ...]

Args:

Name		Description
group-id	Required	ID of group
user-id		ID of the user to remove
application-id		ID of the application to remove

Update a group

Update a group.

Usage:

scw iam group update <group-id ...> [arg=value ...]

Args:

Name		Description
group-id	Required	ID of group to update
name		New name for the group (max length is 64 chars). MUST be unique inside an organization
description		New description for the group (max length is 200 chars)

JWTs management commands

JWTs management commands.

Delete a JWT

Delete a JWT.

Usage:

scw iam jwt delete <jti ...> [arg=value ...]

Args:

Name		Description
jti	Required	JWT ID of the JWT to delete

Get a JWT

Get a JWT.

Usage:

scw iam jwt get <jti ...> [arg=value ...]

Args:

Name		Description
jti	Required	JWT ID of the JWT to get

List JWTs

List JWTs.

Usage:

scw iam jwt list <audience-id ...> [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc	Criteria for sorting results
audience-id	Required	ID of the user to search
expired		Filter out expired JWTs or not

Permission sets management commands

Permission sets management commands.

List permission sets

List permission sets.

Usage:

scw iam permission-set list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: name_asc, name_desc, created_at_asc, created_at_desc	Criteria for sorting results
organization-id		Organization ID to use. If none is passed the default organization ID will be used

Policies management commands

Policies management commands.

Create a new policy

Create a new policy.

Usage:

scw iam policy create [arg=value ...]

Args:

Name		Description
name	Required Default: <generated>	Name of policy to create (max length is 64 chars)
description		Description of policy to create (max length is 200 chars)
rules.{index}.permission-set-names.{index}		Names of permission sets bound to the rule
rules.{index}.project-ids.{index}		List of project IDs scoped to the rule
rules.{index}.organization-id		ID of organization scoped to the rule
user-id		ID of user, owner of the policy
group-id		ID of group, owner of the policy
application-id		ID of application, owner of the policy
no-principal		True when the policy do not belong to any principal
organization-id		Organization ID to use. If none is passed the default organization ID will be used

Examples:

Add a policy for a group that gives InstanceFullAccess on all projects

scw iam policy create group-id=11111111-1111-1111-1111-111111111111 rules.0.organization-id=11111111-1111-1111-1111-111111111111 rules.0.permission-set-names.0=InstanceFullAccess

Delete a policy

Delete a policy.

Usage:

scw iam policy delete <policy-id ...> [arg=value ...]

Args:

Name		Description
policy-id	Required	Id of policy to delete

Get an existing policy

Get an existing policy.

Usage:

scw iam policy get <policy-id ...> [arg=value ...]

Args:

Name		Description
policy-id	Required	Id of policy to search

List policies of an organization

List policies of an organization.

Usage:

scw iam policy list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: policy_name_asc, policy_name_desc, created_at_asc, created_at_desc	Criteria for sorting results
editable		Filter out editable policies or not
user-ids.{index}		Filter out by a list of user ID
group-ids.{index}		Filter out by a list of group ID
application-ids.{index}		Filter out by a list of application ID
no-principal		True when the policy do not belong to any principal
policy-name		Name of policy to fetch
organization-id	Required Default: <retrieved from config>	ID of organization to filter

Update an existing policy

Update an existing policy.

Usage:

scw iam policy update <policy-id ...> [arg=value ...]

Args:

Name		Description
policy-id	Required	Id of policy to update
name		New name of policy (max length is 64 chars)
description		New description of policy (max length is 200 chars)
user-id		New ID of user, owner of the policy
group-id		New ID of group, owner of the policy
application-id		New ID of application, owner of the policy
no-principal		True when the policy do not belong to any principal

Rules management commands

Rules management commands.

List rules of an existing policy

List rules of an existing policy.

Usage:

scw iam rule list <policy-id ...> [arg=value ...]

Args:

Name		Description
policy-id	Required	Id of policy to search

Set rules of an existing policy

Set rules of an existing policy.

Usage:

scw iam rule update <policy-id ...> [arg=value ...]

Args:

Name		Description
policy-id	Required	Id of policy to update
rules.{index}.permission-set-names.{index}		Names of permission sets bound to the rule
rules.{index}.project-ids.{index}		List of project IDs scoped to the rule
rules.{index}.organization-id		ID of organization scoped to the rule

SSH keys management commands

SSH keys management commands.

Create an SSH key

Create an SSH key.

Usage:

scw iam ssh-key create [arg=value ...]

Args:

Name		Description
name	Required Default: <generated>	The name of the SSH key. Max length is 1000
public-key	Required	SSH public key. Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported. Max length is 65000
project-id		Project ID to use. If none is passed the default project ID will be used

Examples:

Add a given ssh key

scw iam ssh-key create name=foobar public-key="$(cat <path/to/your/public/key>)"

Delete an SSH key

Delete an SSH key.

Usage:

scw iam ssh-key delete <ssh-key-id ...> [arg=value ...]

Args:

Name		Description
ssh-key-id	Required

Examples:

Delete a given SSH key

scw iam ssh-key delete 11111111-1111-1111-1111-111111111111

Get an SSH key

Get an SSH key.

Usage:

scw iam ssh-key get <ssh-key-id ...> [arg=value ...]

Args:

Name		Description
ssh-key-id	Required	The ID of the SSH key

Initialize SSH key

Initialize SSH key.

Usage:

scw iam ssh-key init

List SSH keys

List SSH keys.

Usage:

scw iam ssh-key list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc, name_asc, name_desc	Sort order of SSH keys
name		Name of group to find
project-id		Filter by project ID
disabled		Filter out disabled SSH keys or not
organization-id	Default: <retrieved from config>	Filter by organization ID

Update an SSH key

Update an SSH key.

Usage:

scw iam ssh-key update <ssh-key-id ...> [arg=value ...]

Args:

Name		Description
ssh-key-id	Required
name		Name of the SSH key. Max length is 1000
disabled		Enable or disable the SSH key

Users management commands

Users management commands.

Delete a guest user from an organization

Delete a guest user from an organization.

Usage:

scw iam user delete <user-id ...> [arg=value ...]

Args:

Name		Description
user-id	Required	ID of user to delete

Retrieve a user from its ID

Retrieve a user from its ID.

Usage:

scw iam user get <user-id ...> [arg=value ...]

Args:

Name		Description
user-id	Required	ID of user to find

List users of an organization

List users of an organization.

Usage:

scw iam user list [arg=value ...]

Args:

Name		Description
order-by	Default: created_at_asc One of: created_at_asc, created_at_desc, updated_at_asc, updated_at_desc, email_asc, email_desc, last_login_asc, last_login_desc	Criteria for sorting results
user-ids.{index}		Filter out by a list of ID
organization-id	Required Default: <retrieved from config>	ID of organization to filter