Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleUsage
Usage: deploy-iam.sh [Command] [Options] [Switches]

  Commands:
    get-account             --service [--account] [--enabled] [--disabled]
    set-account             --service  --account [--role] [--account-password] [--disabled] [--force-password-change]
    rename-account          --service  --account
    remove-account          --service  --account
    get-account-permission  --service  --account
    set-account-password    --service  --account --account-password
    reset-account-password  --service  --account
    enable-account          --service  --account
    disable-account         --service  --account

    get-role                --service [--role]
    set-role                --service  --role
    rename-role             --service  --role --new-role
    remove-role             --service  --role

    get-permission          --service  --role [--controller-id]
    set-permission          --service  --role --permission [--excluded] [--controller-id]
    rename-permission       --service  --role --permission  --new-permission [--excluded] [--controller-id]
    remove-permission       --service  --role --permission [--controller-id]

    get-folder              --service  --role [--folder] [--controller-id]
    set-folder              --service  --role  --folder [--recursive] [--controller-id]
    rename-folder           --service  --role  --folder  --new-folder [--recursive] [--controller-id]
    remove-folder           --service  --role  --folder [--controller-id]

    get-identity-service   [--service]
    set-identity-service    --service --service-type [--service-ordering] [--required] [--disabled]
                           [--authentication-scheme] [--single-factor-certificate] [--single-factor-password]
    rename-identity-service --service --new-service
    remove-identity-service --service

  Options:
    --url=<url>                        | required: JOC Cockpit URL
    --user=<account>                   | required: JOC Cockpit user account
    --password=<password>              | optional: JOC Cockpit password
    --ca-cert=<path>                   | optional: path to CA Certificate used for JOC Cockpit login
    --client-cert=<path>               | optional: path to Client Certificate used for login
    --client-key=<path>                | optional: path to Client Key used for login
    --timeout=<seconds>                | optional: timeout for request, default: 60
    --controller-id=<id>               | optional: Controller ID
    --account=<identifier]>            | optional: account name
    --account-password=<password>      | optional: password for account
    --service=<identifier]>            | required: identity service name
    --service-type=<identifier>        | optional: identity service type, JOC, LDAP, LDAP-JOC, OIDC, OIDC-JOC
    --service-ordering=<number>        | optional: identity service ordering by ascending number
    --new-service=<identifier>         | optional: new identity service name
    --authentication-scheme=<factor>   | optional: identity service authentication scheme: SINGLE-FACTOR, TWO-FACTOR
    --role=<identifier>               <identifier[,identifier]>   | optional: list of role identifieridentifiers
    --new-role=<identifier>            | optional: new role identifier
    --permission=<identifier>          | optional: permission identifier
    --new-permission=<identifier>      | optional: new permission identifier
    --folder=<folder>                  | optional: folder name assigned a role
    --new-folder=<folder>              | optional: new folder name assigned a role
    --audit-message=<string>           | optional: audit log message
    --audit-time-spent=<number>        | optional: audit log time spent in minutes
    --audit-link=<url>                 | optional: audit log link
    --log-dir=<directory>              | optional: path to directory holding the script's log files

  Switches:
    -h | --help                        | displays usage
    -v | --verbose                     | displays verbose output, repeat to increase verbosity
    -p | --password                    | asks for password
    -a | --account-password            | asks for account password
    -f | --force-password-change       | enforces password change on next login
    -e | --enabled                     | filters for enabled accounts
    -d | --disabled                    | filters for disabled accounts or disables identity services
    -x | --excluded                    | sets excluded permissions
    -q | --required                    | enforces use of identity service
    -r | --recursive                   | applies folder operation to sub-folders
    --single-factor-certificate        | certificate allowed as single factor
    --single-factor-password           | password allowed as single factor
    --show-logs                        | shows log output if --log-dir is used
    --make-dirs                        | creates directories if they do not exist

see https://kb.sos-berlin.com/x/lwTWCQ

...