IAM API.
- API keys management commands
- Applications management commands
- Groups management commands
- JWTs management commands
- Permission sets management commands
- Policies management commands
- Rules management commands
- SSH keys management commands
- Users management commands
API keys management commands.
Create an API key.
Usage:
scw iam api-key create [arg=value ...]
Args:
Name | Description | |
---|---|---|
application-id | ID of application principal | |
user-id | ID of user principal | |
expires-at | Expiration date of the API key | |
default-project-id | The default project ID to use with object storage | |
description | The description of the API key (max length is 200 chars) |
Delete an API key.
Usage:
scw iam api-key delete <access-key ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
access-key | Required | Access key to delete |
Examples:
Delete a given API key
scw iam api-key delete SCW00000000000
Get an API key.
Usage:
scw iam api-key get <access-key ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
access-key | Required | Access key to search for |
List API keys.
Usage:
scw iam api-key list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc , expires_at_asc , expires_at_desc , access_key_asc , access_key_desc |
Criteria for sorting results |
Deprecated | ID of an application bearer | |
Deprecated | ID of a user bearer | |
editable | Filter out editable API keys or not | |
expired | Filter out expired API keys or not | |
access-key | Filter out by access key | |
description | Filter out by description | |
bearer-id | Filter out by bearer ID | |
bearer-type | One of: unknown_bearer_type , user , application |
Filter out by type of bearer |
organization-id | Required Default: <retrieved from config> |
ID of organization |
Update an API key.
Usage:
scw iam api-key update <access-key ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
access-key | Required | Access key to update |
default-project-id | The new default project ID to set | |
description | The new description to update |
Applications management commands.
Create a new application.
Usage:
scw iam application create [arg=value ...]
Args:
Name | Description | |
---|---|---|
name | Required Default: <generated> |
Name of application to create (max length is 64 chars) |
description | Description of application (max length is 200 chars) | |
organization-id | Organization ID to use. If none is passed the default organization ID will be used |
Delete an application.
Usage:
scw iam application delete <application-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
application-id | Required | ID of application to delete |
Get an existing application.
Usage:
scw iam application get <application-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
application-id | Required | ID of application to find |
List applications of an organization.
Usage:
scw iam application list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc , name_asc , name_desc |
Criteria for sorting results |
name | Name of application to filter | |
editable | Filter out editable applications or not | |
application-ids.{index} | Filter out by a list of ID | |
organization-id | Required Default: <retrieved from config> |
ID of organization to filter |
Update an existing application.
Usage:
scw iam application update <application-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
application-id | Required | ID of application to update |
name | New name of application (max length is 64 chars) | |
description | New description of application (max length is 200 chars) |
Groups management commands.
Add a user of an application to a group.
Usage:
scw iam group add-member <group-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
group-id | Required | ID of group |
user-id | ID of the user to add | |
application-id | ID of the application to add |
Create a new group.
Usage:
scw iam group create [arg=value ...]
Args:
Name | Description | |
---|---|---|
name | Required Default: <generated> |
Name of the group to create (max length is 64 chars). MUST be unique inside an organization |
description | Description of the group to create (max length is 200 chars) | |
organization-id | Organization ID to use. If none is passed the default organization ID will be used |
Examples:
Create a group
scw iam group create name=foobar
Delete a group.
Usage:
scw iam group delete <group-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
group-id | Required | ID of group to delete |
Examples:
Delete a given group
scw iam group delete 11111111-1111-1111-1111-111111111111
Get a group.
Usage:
scw iam group get <group-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
group-id | Required | ID of group |
List groups.
Usage:
scw iam group list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc , name_asc , name_desc |
Sort order of groups |
name | Name of group to find | |
application-ids.{index} | Filter out by a list of application ID | |
user-ids.{index} | Filter out by a list of user ID | |
group-ids.{index} | Filter out by a list of group ID | |
organization-id | Default: <retrieved from config> |
Filter by organization ID |
Remove a user or an application from a group.
Usage:
scw iam group remove-member <group-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
group-id | Required | ID of group |
user-id | ID of the user to remove | |
application-id | ID of the application to remove |
Update a group.
Usage:
scw iam group update <group-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
group-id | Required | ID of group to update |
name | New name for the group (max length is 64 chars). MUST be unique inside an organization | |
description | New description for the group (max length is 200 chars) |
JWTs management commands.
Delete a JWT.
Usage:
scw iam jwt delete <jti ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
jti | Required | JWT ID of the JWT to delete |
Get a JWT.
Usage:
scw iam jwt get <jti ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
jti | Required | JWT ID of the JWT to get |
List JWTs.
Usage:
scw iam jwt list <audience-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc |
Criteria for sorting results |
audience-id | Required | ID of the user to search |
expired | Filter out expired JWTs or not |
Permission sets management commands.
List permission sets.
Usage:
scw iam permission-set list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: name_asc , name_desc , created_at_asc , created_at_desc |
Criteria for sorting results |
organization-id | Organization ID to use. If none is passed the default organization ID will be used |
Policies management commands.
Create a new policy.
Usage:
scw iam policy create [arg=value ...]
Args:
Name | Description | |
---|---|---|
name | Required Default: <generated> |
Name of policy to create (max length is 64 chars) |
description | Description of policy to create (max length is 200 chars) | |
rules.{index}.permission-set-names.{index} | Names of permission sets bound to the rule | |
rules.{index}.project-ids.{index} | List of project IDs scoped to the rule | |
rules.{index}.organization-id | ID of organization scoped to the rule | |
user-id | ID of user, owner of the policy | |
group-id | ID of group, owner of the policy | |
application-id | ID of application, owner of the policy | |
no-principal | True when the policy do not belong to any principal | |
organization-id | Organization ID to use. If none is passed the default organization ID will be used |
Examples:
Add a policy for a group that gives InstanceFullAccess on all projects
scw iam policy create group-id=11111111-1111-1111-1111-111111111111 rules.0.organization-id=11111111-1111-1111-1111-111111111111 rules.0.permission-set-names.0=InstanceFullAccess
Delete a policy.
Usage:
scw iam policy delete <policy-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
policy-id | Required | Id of policy to delete |
Get an existing policy.
Usage:
scw iam policy get <policy-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
policy-id | Required | Id of policy to search |
List policies of an organization.
Usage:
scw iam policy list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: policy_name_asc , policy_name_desc , created_at_asc , created_at_desc |
Criteria for sorting results |
editable | Filter out editable policies or not | |
user-ids.{index} | Filter out by a list of user ID | |
group-ids.{index} | Filter out by a list of group ID | |
application-ids.{index} | Filter out by a list of application ID | |
no-principal | True when the policy do not belong to any principal | |
policy-name | Name of policy to fetch | |
organization-id | Required Default: <retrieved from config> |
ID of organization to filter |
Update an existing policy.
Usage:
scw iam policy update <policy-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
policy-id | Required | Id of policy to update |
name | New name of policy (max length is 64 chars) | |
description | New description of policy (max length is 200 chars) | |
user-id | New ID of user, owner of the policy | |
group-id | New ID of group, owner of the policy | |
application-id | New ID of application, owner of the policy | |
no-principal | True when the policy do not belong to any principal |
Rules management commands.
List rules of an existing policy.
Usage:
scw iam rule list <policy-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
policy-id | Required | Id of policy to search |
Set rules of an existing policy.
Usage:
scw iam rule update <policy-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
policy-id | Required | Id of policy to update |
rules.{index}.permission-set-names.{index} | Names of permission sets bound to the rule | |
rules.{index}.project-ids.{index} | List of project IDs scoped to the rule | |
rules.{index}.organization-id | ID of organization scoped to the rule |
SSH keys management commands.
Create an SSH key.
Usage:
scw iam ssh-key create [arg=value ...]
Args:
Name | Description | |
---|---|---|
name | Required Default: <generated> |
The name of the SSH key. Max length is 1000 |
public-key | Required | SSH public key. Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported. Max length is 65000 |
project-id | Project ID to use. If none is passed the default project ID will be used |
Examples:
Add a given ssh key
scw iam ssh-key create name=foobar public-key="$(cat <path/to/your/public/key>)"
Delete an SSH key.
Usage:
scw iam ssh-key delete <ssh-key-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
ssh-key-id | Required |
Examples:
Delete a given SSH key
scw iam ssh-key delete 11111111-1111-1111-1111-111111111111
Get an SSH key.
Usage:
scw iam ssh-key get <ssh-key-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
ssh-key-id | Required | The ID of the SSH key |
Initialize SSH key.
Usage:
scw iam ssh-key init
List SSH keys.
Usage:
scw iam ssh-key list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc , name_asc , name_desc |
Sort order of SSH keys |
name | Name of group to find | |
project-id | Filter by project ID | |
disabled | Filter out disabled SSH keys or not | |
organization-id | Default: <retrieved from config> |
Filter by organization ID |
Update an SSH key.
Usage:
scw iam ssh-key update <ssh-key-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
ssh-key-id | Required | |
name | Name of the SSH key. Max length is 1000 | |
disabled | Enable or disable the SSH key |
Users management commands.
Delete a guest user from an organization.
Usage:
scw iam user delete <user-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
user-id | Required | ID of user to delete |
Retrieve a user from its ID.
Usage:
scw iam user get <user-id ...> [arg=value ...]
Args:
Name | Description | |
---|---|---|
user-id | Required | ID of user to find |
List users of an organization.
Usage:
scw iam user list [arg=value ...]
Args:
Name | Description | |
---|---|---|
order-by | Default: created_at_asc One of: created_at_asc , created_at_desc , updated_at_asc , updated_at_desc , email_asc , email_desc , last_login_asc , last_login_desc |
Criteria for sorting results |
user-ids.{index} | Filter out by a list of ID | |
organization-id | Required Default: <retrieved from config> |
ID of organization to filter |