@flowcore/cli-plugin-iam 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/README.md +396 -7
  2. package/bin/dev.js +2 -2
  3. package/bin/run.js +2 -2
  4. package/dist/commands/assign/policy.d.ts +16 -0
  5. package/dist/commands/assign/policy.js +124 -0
  6. package/dist/commands/assign/role.d.ts +15 -0
  7. package/dist/commands/assign/role.js +98 -0
  8. package/dist/commands/create/policy.d.ts +16 -0
  9. package/dist/commands/create/policy.js +110 -0
  10. package/dist/commands/create/role.d.ts +14 -0
  11. package/dist/commands/create/role.js +78 -0
  12. package/dist/commands/edit/policy.js +3 -3
  13. package/dist/commands/edit/role.js +3 -3
  14. package/dist/commands/get/key-policies.d.ts +13 -0
  15. package/dist/commands/get/key-policies.js +79 -0
  16. package/dist/commands/get/key-roles.d.ts +13 -0
  17. package/dist/commands/get/key-roles.js +75 -0
  18. package/dist/commands/get/user-policies.d.ts +14 -0
  19. package/dist/commands/get/user-policies.js +94 -0
  20. package/dist/commands/get/user-roles.d.ts +14 -0
  21. package/dist/commands/get/user-roles.js +90 -0
  22. package/dist/commands/unassign/policy.d.ts +17 -0
  23. package/dist/commands/unassign/policy.js +143 -0
  24. package/dist/commands/unassign/role.d.ts +16 -0
  25. package/dist/commands/unassign/role.js +117 -0
  26. package/dist/commands/validate/key.d.ts +15 -0
  27. package/dist/commands/validate/key.js +106 -0
  28. package/dist/commands/validate/user.d.ts +15 -0
  29. package/dist/commands/validate/user.js +106 -0
  30. package/dist/index.d.ts +1 -1
  31. package/dist/index.js +1 -1
  32. package/dist/resource-types/iam-api-version.js +2 -2
  33. package/dist/resource-types/policy.resource.js +3 -3
  34. package/dist/resource-types/role-binding.resource.d.ts +4 -4
  35. package/dist/resource-types/role.resource.d.ts +3 -3
  36. package/dist/resource-types/role.resource.js +2 -2
  37. package/dist/utils/combine-merge.util.d.ts +1 -1
  38. package/dist/utils/combine-merge.util.js +1 -1
  39. package/dist/utils/error-message.util.d.ts +1 -0
  40. package/dist/utils/error-message.util.js +4 -0
  41. package/dist/utils/fetch-manifest.util.js +2 -2
  42. package/dist/utils/read-pipe.util.js +5 -5
  43. package/oclif.manifest.json +964 -69
  44. package/package.json +18 -11
  45. package/.npmrc +0 -1
  46. package/CHANGELOG.md +0 -132
package/oclif.manifest.json CHANGED
@@ -1,16 +1,21 @@
1
1
  {
2
2
  "commands": {
3
- "delete:policy": {
3
+ "assign:policy": {
4
4
  "aliases": [],
5
5
  "args": {
6
- "NAME": {
7
- "description": "name",
8
- "name": "NAME",
6
+ "POLICY_NAME": {
7
+ "description": "The name of the policy to assign",
8
+ "name": "POLICY_NAME",
9
9
  "required": true
10
10
  }
11
11
  },
12
- "description": "Delete a policy",
13
- "examples": [],
12
+ "description": "Assign an IAM policy to a user, API key, or role. Exactly one of --user, --key, or --role must be specified",
13
+ "examples": [
14
+ "$ flowcore iam assign policy read-access --user \"auth0|abc123\" -t my-org",
15
+ "$ flowcore iam assign policy read-access --key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org",
16
+ "$ flowcore iam assign policy read-access --role data-reader -t my-org",
17
+ "$ flowcore iam assign policy read-access --user \"auth0|abc123\" -t my-org -j"
18
+ ],
14
19
  "flags": {
15
20
  "profile": {
16
21
  "description": "Specify the configuration profile to use",
@@ -21,33 +26,61 @@
21
26
  },
22
27
  "json": {
23
28
  "char": "j",
24
- "description": "json output",
29
+ "description": "Output result as JSON",
25
30
  "name": "json",
26
31
  "required": false,
27
32
  "allowNo": false,
28
33
  "type": "boolean"
29
34
  },
35
+ "key": {
36
+ "description": "The API key ID to assign the policy to",
37
+ "exclusive": [
38
+ "user",
39
+ "role"
40
+ ],
41
+ "name": "key",
42
+ "required": false,
43
+ "hasDynamicHelp": false,
44
+ "multiple": false,
45
+ "type": "option"
46
+ },
47
+ "role": {
48
+ "description": "The role name to assign the policy to",
49
+ "exclusive": [
50
+ "user",
51
+ "key"
52
+ ],
53
+ "name": "role",
54
+ "required": false,
55
+ "hasDynamicHelp": false,
56
+ "multiple": false,
57
+ "type": "option"
58
+ },
30
59
  "tenant": {
31
60
  "char": "t",
32
- "description": "tenant",
61
+ "description": "The tenant (organization slug) containing the policy",
33
62
  "name": "tenant",
34
63
  "required": true,
35
64
  "hasDynamicHelp": false,
36
65
  "multiple": false,
37
66
  "type": "option"
38
67
  },
39
- "yes": {
40
- "char": "y",
41
- "description": "yes to all",
42
- "name": "yes",
68
+ "user": {
69
+ "description": "The user ID to assign the policy to",
70
+ "exclusive": [
71
+ "key",
72
+ "role"
73
+ ],
74
+ "name": "user",
43
75
  "required": false,
44
- "allowNo": false,
45
- "type": "boolean"
76
+ "hasDynamicHelp": false,
77
+ "multiple": false,
78
+ "type": "option"
46
79
  }
47
80
  },
48
81
  "hasDynamicHelp": false,
49
82
  "hiddenAliases": [],
50
- "id": "delete:policy",
83
+ "id": "assign:policy",
51
84
  "pluginAlias": "@flowcore/cli-plugin-iam",
52
85
  "pluginName": "@flowcore/cli-plugin-iam",
53
86
  "pluginType": "core",
@@ -57,21 +90,25 @@
57
90
  "relativePath": [
58
91
  "dist",
59
92
  "commands",
60
- "delete",
93
+ "assign",
61
94
  "policy.js"
62
95
  ]
63
96
  },
64
- "delete:role": {
97
+ "assign:role": {
65
98
  "aliases": [],
66
99
  "args": {
67
- "NAME": {
68
- "description": "name",
69
- "name": "NAME",
100
+ "ROLE_NAME": {
101
+ "description": "The name of the role to assign",
102
+ "name": "ROLE_NAME",
70
103
  "required": true
71
104
  }
72
105
  },
73
- "description": "Delete a role",
74
- "examples": [],
106
+ "description": "Assign an IAM role to a user or API key. Exactly one of --user or --key must be specified",
107
+ "examples": [
108
+ "$ flowcore iam assign role data-reader --user \"auth0|abc123\" -t my-org",
109
+ "$ flowcore iam assign role data-reader --key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org",
110
+ "$ flowcore iam assign role data-reader --user \"auth0|abc123\" -t my-org -j"
111
+ ],
75
112
  "flags": {
76
113
  "profile": {
77
114
  "description": "Specify the configuration profile to use",
@@ -82,33 +119,47 @@
82
119
  },
83
120
  "json": {
84
121
  "char": "j",
85
- "description": "json output",
122
+ "description": "Output result as JSON",
86
123
  "name": "json",
87
124
  "required": false,
88
125
  "allowNo": false,
89
126
  "type": "boolean"
90
127
  },
128
+ "key": {
129
+ "description": "The API key ID to assign the role to",
130
+ "exclusive": [
131
+ "user"
132
+ ],
133
+ "name": "key",
134
+ "required": false,
135
+ "hasDynamicHelp": false,
136
+ "multiple": false,
137
+ "type": "option"
138
+ },
91
139
  "tenant": {
92
140
  "char": "t",
93
- "description": "tenant",
141
+ "description": "The tenant (organization slug) containing the role",
94
142
  "name": "tenant",
95
143
  "required": true,
96
144
  "hasDynamicHelp": false,
97
145
  "multiple": false,
98
146
  "type": "option"
99
147
  },
100
- "yes": {
101
- "char": "y",
102
- "description": "yes to all",
103
- "name": "yes",
148
+ "user": {
149
+ "description": "The user ID to assign the role to",
150
+ "exclusive": [
151
+ "key"
152
+ ],
153
+ "name": "user",
104
154
  "required": false,
105
- "allowNo": false,
106
- "type": "boolean"
155
+ "hasDynamicHelp": false,
156
+ "multiple": false,
157
+ "type": "option"
107
158
  }
108
159
  },
109
160
  "hasDynamicHelp": false,
110
161
  "hiddenAliases": [],
111
- "id": "delete:role",
162
+ "id": "assign:role",
112
163
  "pluginAlias": "@flowcore/cli-plugin-iam",
113
164
  "pluginName": "@flowcore/cli-plugin-iam",
114
165
  "pluginType": "core",
@@ -118,23 +169,24 @@
118
169
  "relativePath": [
119
170
  "dist",
120
171
  "commands",
121
- "delete",
172
+ "assign",
122
173
  "role.js"
123
174
  ]
124
175
  },
125
- "edit:policy": {
176
+ "create:policy": {
126
177
  "aliases": [],
127
178
  "args": {
128
179
  "NAME": {
129
- "description": "name",
180
+ "description": "The name of the policy to create",
130
181
  "name": "NAME",
131
182
  "required": true
132
183
  }
133
184
  },
134
- "description": "Edit a policy in your preferred editor",
185
+ "description": "Create a new IAM policy with the specified name, version, and policy documents defining resource access rules",
135
186
  "examples": [
136
- "$ flowcore iam edit policy my-policy -t my-tenant",
137
- "$ FC_EDITOR=code flowcore iam edit policy my-policy -t my-tenant"
187
+ "$ flowcore iam create policy read-access -t my-org --version \"2024-01-01\" --documents '[{\"resource\":\"frn::my-org:data-core/*\",\"action\":[\"read\",\"fetch\"]}]'",
188
+ "$ cat docs.json | flowcore iam create policy read-access -t my-org --version \"2024-01-01\" --documents -",
189
+ "$ flowcore iam create policy admin-access -t my-org --version \"2024-01-01\" --description \"Full admin access\" --documents '[{\"resource\":\"frn::my-org:*\",\"action\":\"*\"}]' -j"
138
190
  ],
139
191
  "flags": {
140
192
  "profile": {
@@ -144,19 +196,51 @@
144
196
  "multiple": false,
145
197
  "type": "option"
146
198
  },
199
+ "description": {
200
+ "description": "A description of the policy",
201
+ "name": "description",
202
+ "required": false,
203
+ "hasDynamicHelp": false,
204
+ "multiple": false,
205
+ "type": "option"
206
+ },
207
+ "documents": {
208
+ "description": "JSON array of policy documents, each with \"resource\" and \"action\" fields. Use \"-\" to read from stdin",
209
+ "name": "documents",
210
+ "required": true,
211
+ "hasDynamicHelp": false,
212
+ "multiple": false,
213
+ "type": "option"
214
+ },
215
+ "json": {
216
+ "char": "j",
217
+ "description": "Output result as JSON",
218
+ "name": "json",
219
+ "required": false,
220
+ "allowNo": false,
221
+ "type": "boolean"
222
+ },
147
223
  "tenant": {
148
224
  "char": "t",
149
- "description": "tenant",
225
+ "description": "The tenant (organization slug) to create the policy in",
150
226
  "name": "tenant",
151
227
  "required": true,
152
228
  "hasDynamicHelp": false,
153
229
  "multiple": false,
154
230
  "type": "option"
231
+ },
232
+ "version": {
233
+ "description": "The version of the policy (e.g. 2024-01-01)",
234
+ "name": "version",
235
+ "required": true,
236
+ "hasDynamicHelp": false,
237
+ "multiple": false,
238
+ "type": "option"
155
239
  }
156
240
  },
157
241
  "hasDynamicHelp": false,
158
242
  "hiddenAliases": [],
159
- "id": "edit:policy",
243
+ "id": "create:policy",
160
244
  "pluginAlias": "@flowcore/cli-plugin-iam",
161
245
  "pluginName": "@flowcore/cli-plugin-iam",
162
246
  "pluginType": "core",
@@ -166,23 +250,23 @@
166
250
  "relativePath": [
167
251
  "dist",
168
252
  "commands",
169
- "edit",
253
+ "create",
170
254
  "policy.js"
171
255
  ]
172
256
  },
173
- "edit:role": {
257
+ "create:role": {
174
258
  "aliases": [],
175
259
  "args": {
176
260
  "NAME": {
177
- "description": "name",
261
+ "description": "The name of the role to create",
178
262
  "name": "NAME",
179
263
  "required": true
180
264
  }
181
265
  },
182
- "description": "Edit a role in your preferred editor",
266
+ "description": "Create a new IAM role with the specified name and optional description",
183
267
  "examples": [
184
- "$ flowcore iam edit role my-role -t my-tenant",
185
- "$ FC_EDITOR=code flowcore iam edit role my-role -t my-tenant"
268
+ "$ flowcore iam create role data-reader -t my-org --description \"Read-only data access\"",
269
+ "$ flowcore iam create role admin -t my-org -j"
186
270
  ],
187
271
  "flags": {
188
272
  "profile": {
@@ -192,9 +276,25 @@
192
276
  "multiple": false,
193
277
  "type": "option"
194
278
  },
279
+ "description": {
280
+ "description": "A description of the role",
281
+ "name": "description",
282
+ "required": false,
283
+ "hasDynamicHelp": false,
284
+ "multiple": false,
285
+ "type": "option"
286
+ },
287
+ "json": {
288
+ "char": "j",
289
+ "description": "Output result as JSON",
290
+ "name": "json",
291
+ "required": false,
292
+ "allowNo": false,
293
+ "type": "boolean"
294
+ },
195
295
  "tenant": {
196
296
  "char": "t",
197
- "description": "tenant",
297
+ "description": "The tenant (organization slug) to create the role in",
198
298
  "name": "tenant",
199
299
  "required": true,
200
300
  "hasDynamicHelp": false,
@@ -204,7 +304,7 @@
204
304
  },
205
305
  "hasDynamicHelp": false,
206
306
  "hiddenAliases": [],
207
- "id": "edit:role",
307
+ "id": "create:role",
208
308
  "pluginAlias": "@flowcore/cli-plugin-iam",
209
309
  "pluginName": "@flowcore/cli-plugin-iam",
210
310
  "pluginType": "core",
@@ -214,20 +314,20 @@
214
314
  "relativePath": [
215
315
  "dist",
216
316
  "commands",
217
- "edit",
317
+ "create",
218
318
  "role.js"
219
319
  ]
220
320
  },
221
- "get:policy": {
321
+ "delete:policy": {
222
322
  "aliases": [],
223
323
  "args": {
224
324
  "NAME": {
225
325
  "description": "name",
226
326
  "name": "NAME",
227
- "required": false
327
+ "required": true
228
328
  }
229
329
  },
230
- "description": "Get a policy",
330
+ "description": "Delete a policy",
231
331
  "examples": [],
232
332
  "flags": {
233
333
  "profile": {
@@ -249,15 +349,15 @@
249
349
  "char": "t",
250
350
  "description": "tenant",
251
351
  "name": "tenant",
252
- "required": false,
352
+ "required": true,
253
353
  "hasDynamicHelp": false,
254
354
  "multiple": false,
255
355
  "type": "option"
256
356
  },
257
- "wide": {
258
- "char": "w",
259
- "description": "wide output",
260
- "name": "wide",
357
+ "yes": {
358
+ "char": "y",
359
+ "description": "yes to all",
360
+ "name": "yes",
261
361
  "required": false,
262
362
  "allowNo": false,
263
363
  "type": "boolean"
@@ -265,7 +365,7 @@
265
365
  },
266
366
  "hasDynamicHelp": false,
267
367
  "hiddenAliases": [],
268
- "id": "get:policy",
368
+ "id": "delete:policy",
269
369
  "pluginAlias": "@flowcore/cli-plugin-iam",
270
370
  "pluginName": "@flowcore/cli-plugin-iam",
271
371
  "pluginType": "core",
@@ -275,20 +375,20 @@
275
375
  "relativePath": [
276
376
  "dist",
277
377
  "commands",
278
- "get",
378
+ "delete",
279
379
  "policy.js"
280
380
  ]
281
381
  },
282
- "get:role": {
382
+ "delete:role": {
283
383
  "aliases": [],
284
384
  "args": {
285
385
  "NAME": {
286
386
  "description": "name",
287
387
  "name": "NAME",
288
- "required": false
388
+ "required": true
289
389
  }
290
390
  },
291
- "description": "Get a role",
391
+ "description": "Delete a role",
292
392
  "examples": [],
293
393
  "flags": {
294
394
  "profile": {
@@ -310,15 +410,15 @@
310
410
  "char": "t",
311
411
  "description": "tenant",
312
412
  "name": "tenant",
313
- "required": false,
413
+ "required": true,
314
414
  "hasDynamicHelp": false,
315
415
  "multiple": false,
316
416
  "type": "option"
317
417
  },
318
- "wide": {
319
- "char": "w",
320
- "description": "wide output",
321
- "name": "wide",
418
+ "yes": {
419
+ "char": "y",
420
+ "description": "yes to all",
421
+ "name": "yes",
322
422
  "required": false,
323
423
  "allowNo": false,
324
424
  "type": "boolean"
@@ -326,7 +426,7 @@
326
426
  },
327
427
  "hasDynamicHelp": false,
328
428
  "hiddenAliases": [],
329
- "id": "get:role",
429
+ "id": "delete:role",
330
430
  "pluginAlias": "@flowcore/cli-plugin-iam",
331
431
  "pluginName": "@flowcore/cli-plugin-iam",
332
432
  "pluginType": "core",
@@ -336,10 +436,805 @@
336
436
  "relativePath": [
337
437
  "dist",
338
438
  "commands",
339
- "get",
439
+ "delete",
440
+ "role.js"
441
+ ]
442
+ },
443
+ "edit:policy": {
444
+ "aliases": [],
445
+ "args": {
446
+ "NAME": {
447
+ "description": "name",
448
+ "name": "NAME",
449
+ "required": true
450
+ }
451
+ },
452
+ "description": "Edit a policy in your preferred editor",
453
+ "examples": [
454
+ "$ flowcore iam edit policy my-policy -t my-tenant",
455
+ "$ FC_EDITOR=code flowcore iam edit policy my-policy -t my-tenant"
456
+ ],
457
+ "flags": {
458
+ "profile": {
459
+ "description": "Specify the configuration profile to use",
460
+ "name": "profile",
461
+ "hasDynamicHelp": false,
462
+ "multiple": false,
463
+ "type": "option"
464
+ },
465
+ "tenant": {
466
+ "char": "t",
467
+ "description": "tenant",
468
+ "name": "tenant",
469
+ "required": true,
470
+ "hasDynamicHelp": false,
471
+ "multiple": false,
472
+ "type": "option"
473
+ }
474
+ },
475
+ "hasDynamicHelp": false,
476
+ "hiddenAliases": [],
477
+ "id": "edit:policy",
478
+ "pluginAlias": "@flowcore/cli-plugin-iam",
479
+ "pluginName": "@flowcore/cli-plugin-iam",
480
+ "pluginType": "core",
481
+ "strict": true,
482
+ "enableJsonFlag": false,
483
+ "isESM": true,
484
+ "relativePath": [
485
+ "dist",
486
+ "commands",
487
+ "edit",
488
+ "policy.js"
489
+ ]
490
+ },
491
+ "edit:role": {
492
+ "aliases": [],
493
+ "args": {
494
+ "NAME": {
495
+ "description": "name",
496
+ "name": "NAME",
497
+ "required": true
498
+ }
499
+ },
500
+ "description": "Edit a role in your preferred editor",
501
+ "examples": [
502
+ "$ flowcore iam edit role my-role -t my-tenant",
503
+ "$ FC_EDITOR=code flowcore iam edit role my-role -t my-tenant"
504
+ ],
505
+ "flags": {
506
+ "profile": {
507
+ "description": "Specify the configuration profile to use",
508
+ "name": "profile",
509
+ "hasDynamicHelp": false,
510
+ "multiple": false,
511
+ "type": "option"
512
+ },
513
+ "tenant": {
514
+ "char": "t",
515
+ "description": "tenant",
516
+ "name": "tenant",
517
+ "required": true,
518
+ "hasDynamicHelp": false,
519
+ "multiple": false,
520
+ "type": "option"
521
+ }
522
+ },
523
+ "hasDynamicHelp": false,
524
+ "hiddenAliases": [],
525
+ "id": "edit:role",
526
+ "pluginAlias": "@flowcore/cli-plugin-iam",
527
+ "pluginName": "@flowcore/cli-plugin-iam",
528
+ "pluginType": "core",
529
+ "strict": true,
530
+ "enableJsonFlag": false,
531
+ "isESM": true,
532
+ "relativePath": [
533
+ "dist",
534
+ "commands",
535
+ "edit",
340
536
  "role.js"
341
537
  ]
538
+ },
539
+ "get:key-policies": {
540
+ "aliases": [],
541
+ "args": {
542
+ "KEY_ID": {
543
+ "description": "The API key ID to get policies for",
544
+ "name": "KEY_ID",
545
+ "required": true
546
+ }
547
+ },
548
+ "description": "List all IAM policies assigned to a specific API key",
549
+ "examples": [
550
+ "$ flowcore iam get key-policies \"550e8400-e29b-41d4-a716-446655440000\"",
551
+ "$ flowcore iam get key-policies \"550e8400-e29b-41d4-a716-446655440000\" -j",
552
+ "$ flowcore iam get key-policies \"550e8400-e29b-41d4-a716-446655440000\" -w"
553
+ ],
554
+ "flags": {
555
+ "profile": {
556
+ "description": "Specify the configuration profile to use",
557
+ "name": "profile",
558
+ "hasDynamicHelp": false,
559
+ "multiple": false,
560
+ "type": "option"
561
+ },
562
+ "json": {
563
+ "char": "j",
564
+ "description": "Output result as JSON",
565
+ "name": "json",
566
+ "required": false,
567
+ "allowNo": false,
568
+ "type": "boolean"
569
+ },
570
+ "wide": {
571
+ "char": "w",
572
+ "description": "Show additional columns in table output",
573
+ "name": "wide",
574
+ "required": false,
575
+ "allowNo": false,
576
+ "type": "boolean"
577
+ }
578
+ },
579
+ "hasDynamicHelp": false,
580
+ "hiddenAliases": [],
581
+ "id": "get:key-policies",
582
+ "pluginAlias": "@flowcore/cli-plugin-iam",
583
+ "pluginName": "@flowcore/cli-plugin-iam",
584
+ "pluginType": "core",
585
+ "strict": true,
586
+ "enableJsonFlag": false,
587
+ "isESM": true,
588
+ "relativePath": [
589
+ "dist",
590
+ "commands",
591
+ "get",
592
+ "key-policies.js"
593
+ ]
594
+ },
595
+ "get:key-roles": {
596
+ "aliases": [],
597
+ "args": {
598
+ "KEY_ID": {
599
+ "description": "The API key ID to get roles for",
600
+ "name": "KEY_ID",
601
+ "required": true
602
+ }
603
+ },
604
+ "description": "List all IAM roles assigned to a specific API key",
605
+ "examples": [
606
+ "$ flowcore iam get key-roles \"550e8400-e29b-41d4-a716-446655440000\"",
607
+ "$ flowcore iam get key-roles \"550e8400-e29b-41d4-a716-446655440000\" -j",
608
+ "$ flowcore iam get key-roles \"550e8400-e29b-41d4-a716-446655440000\" -w"
609
+ ],
610
+ "flags": {
611
+ "profile": {
612
+ "description": "Specify the configuration profile to use",
613
+ "name": "profile",
614
+ "hasDynamicHelp": false,
615
+ "multiple": false,
616
+ "type": "option"
617
+ },
618
+ "json": {
619
+ "char": "j",
620
+ "description": "Output result as JSON",
621
+ "name": "json",
622
+ "required": false,
623
+ "allowNo": false,
624
+ "type": "boolean"
625
+ },
626
+ "wide": {
627
+ "char": "w",
628
+ "description": "Show additional columns in table output",
629
+ "name": "wide",
630
+ "required": false,
631
+ "allowNo": false,
632
+ "type": "boolean"
633
+ }
634
+ },
635
+ "hasDynamicHelp": false,
636
+ "hiddenAliases": [],
637
+ "id": "get:key-roles",
638
+ "pluginAlias": "@flowcore/cli-plugin-iam",
639
+ "pluginName": "@flowcore/cli-plugin-iam",
640
+ "pluginType": "core",
641
+ "strict": true,
642
+ "enableJsonFlag": false,
643
+ "isESM": true,
644
+ "relativePath": [
645
+ "dist",
646
+ "commands",
647
+ "get",
648
+ "key-roles.js"
649
+ ]
650
+ },
651
+ "get:policy": {
652
+ "aliases": [],
653
+ "args": {
654
+ "NAME": {
655
+ "description": "name",
656
+ "name": "NAME",
657
+ "required": false
658
+ }
659
+ },
660
+ "description": "Get a policy",
661
+ "examples": [],
662
+ "flags": {
663
+ "profile": {
664
+ "description": "Specify the configuration profile to use",
665
+ "name": "profile",
666
+ "hasDynamicHelp": false,
667
+ "multiple": false,
668
+ "type": "option"
669
+ },
670
+ "json": {
671
+ "char": "j",
672
+ "description": "json output",
673
+ "name": "json",
674
+ "required": false,
675
+ "allowNo": false,
676
+ "type": "boolean"
677
+ },
678
+ "tenant": {
679
+ "char": "t",
680
+ "description": "tenant",
681
+ "name": "tenant",
682
+ "required": false,
683
+ "hasDynamicHelp": false,
684
+ "multiple": false,
685
+ "type": "option"
686
+ },
687
+ "wide": {
688
+ "char": "w",
689
+ "description": "wide output",
690
+ "name": "wide",
691
+ "required": false,
692
+ "allowNo": false,
693
+ "type": "boolean"
694
+ }
695
+ },
696
+ "hasDynamicHelp": false,
697
+ "hiddenAliases": [],
698
+ "id": "get:policy",
699
+ "pluginAlias": "@flowcore/cli-plugin-iam",
700
+ "pluginName": "@flowcore/cli-plugin-iam",
701
+ "pluginType": "core",
702
+ "strict": true,
703
+ "enableJsonFlag": false,
704
+ "isESM": true,
705
+ "relativePath": [
706
+ "dist",
707
+ "commands",
708
+ "get",
709
+ "policy.js"
710
+ ]
711
+ },
712
+ "get:role": {
713
+ "aliases": [],
714
+ "args": {
715
+ "NAME": {
716
+ "description": "name",
717
+ "name": "NAME",
718
+ "required": false
719
+ }
720
+ },
721
+ "description": "Get a role",
722
+ "examples": [],
723
+ "flags": {
724
+ "profile": {
725
+ "description": "Specify the configuration profile to use",
726
+ "name": "profile",
727
+ "hasDynamicHelp": false,
728
+ "multiple": false,
729
+ "type": "option"
730
+ },
731
+ "json": {
732
+ "char": "j",
733
+ "description": "json output",
734
+ "name": "json",
735
+ "required": false,
736
+ "allowNo": false,
737
+ "type": "boolean"
738
+ },
739
+ "tenant": {
740
+ "char": "t",
741
+ "description": "tenant",
742
+ "name": "tenant",
743
+ "required": false,
744
+ "hasDynamicHelp": false,
745
+ "multiple": false,
746
+ "type": "option"
747
+ },
748
+ "wide": {
749
+ "char": "w",
750
+ "description": "wide output",
751
+ "name": "wide",
752
+ "required": false,
753
+ "allowNo": false,
754
+ "type": "boolean"
755
+ }
756
+ },
757
+ "hasDynamicHelp": false,
758
+ "hiddenAliases": [],
759
+ "id": "get:role",
760
+ "pluginAlias": "@flowcore/cli-plugin-iam",
761
+ "pluginName": "@flowcore/cli-plugin-iam",
762
+ "pluginType": "core",
763
+ "strict": true,
764
+ "enableJsonFlag": false,
765
+ "isESM": true,
766
+ "relativePath": [
767
+ "dist",
768
+ "commands",
769
+ "get",
770
+ "role.js"
771
+ ]
772
+ },
773
+ "get:user-policies": {
774
+ "aliases": [],
775
+ "args": {
776
+ "USER_ID": {
777
+ "description": "The user ID to get policies for (e.g. auth0|abc123)",
778
+ "name": "USER_ID",
779
+ "required": true
780
+ }
781
+ },
782
+ "description": "List all IAM policies assigned to a specific user, optionally scoped to a tenant",
783
+ "examples": [
784
+ "$ flowcore iam get user-policies \"auth0|abc123\" -t my-org",
785
+ "$ flowcore iam get user-policies \"auth0|abc123\" -j",
786
+ "$ flowcore iam get user-policies \"auth0|abc123\" -t my-org -w"
787
+ ],
788
+ "flags": {
789
+ "profile": {
790
+ "description": "Specify the configuration profile to use",
791
+ "name": "profile",
792
+ "hasDynamicHelp": false,
793
+ "multiple": false,
794
+ "type": "option"
795
+ },
796
+ "json": {
797
+ "char": "j",
798
+ "description": "Output result as JSON",
799
+ "name": "json",
800
+ "required": false,
801
+ "allowNo": false,
802
+ "type": "boolean"
803
+ },
804
+ "tenant": {
805
+ "char": "t",
806
+ "description": "Scope results to a specific tenant (organization slug)",
807
+ "name": "tenant",
808
+ "required": false,
809
+ "hasDynamicHelp": false,
810
+ "multiple": false,
811
+ "type": "option"
812
+ },
813
+ "wide": {
814
+ "char": "w",
815
+ "description": "Show additional columns in table output",
816
+ "name": "wide",
817
+ "required": false,
818
+ "allowNo": false,
819
+ "type": "boolean"
820
+ }
821
+ },
822
+ "hasDynamicHelp": false,
823
+ "hiddenAliases": [],
824
+ "id": "get:user-policies",
825
+ "pluginAlias": "@flowcore/cli-plugin-iam",
826
+ "pluginName": "@flowcore/cli-plugin-iam",
827
+ "pluginType": "core",
828
+ "strict": true,
829
+ "enableJsonFlag": false,
830
+ "isESM": true,
831
+ "relativePath": [
832
+ "dist",
833
+ "commands",
834
+ "get",
835
+ "user-policies.js"
836
+ ]
837
+ },
838
+ "get:user-roles": {
839
+ "aliases": [],
840
+ "args": {
841
+ "USER_ID": {
842
+ "description": "The user ID to get roles for (e.g. auth0|abc123)",
843
+ "name": "USER_ID",
844
+ "required": true
845
+ }
846
+ },
847
+ "description": "List all IAM roles assigned to a specific user, optionally scoped to a tenant",
848
+ "examples": [
849
+ "$ flowcore iam get user-roles \"auth0|abc123\" -t my-org",
850
+ "$ flowcore iam get user-roles \"auth0|abc123\" -j",
851
+ "$ flowcore iam get user-roles \"auth0|abc123\" -t my-org -w"
852
+ ],
853
+ "flags": {
854
+ "profile": {
855
+ "description": "Specify the configuration profile to use",
856
+ "name": "profile",
857
+ "hasDynamicHelp": false,
858
+ "multiple": false,
859
+ "type": "option"
860
+ },
861
+ "json": {
862
+ "char": "j",
863
+ "description": "Output result as JSON",
864
+ "name": "json",
865
+ "required": false,
866
+ "allowNo": false,
867
+ "type": "boolean"
868
+ },
869
+ "tenant": {
870
+ "char": "t",
871
+ "description": "Scope results to a specific tenant (organization slug)",
872
+ "name": "tenant",
873
+ "required": false,
874
+ "hasDynamicHelp": false,
875
+ "multiple": false,
876
+ "type": "option"
877
+ },
878
+ "wide": {
879
+ "char": "w",
880
+ "description": "Show additional columns in table output",
881
+ "name": "wide",
882
+ "required": false,
883
+ "allowNo": false,
884
+ "type": "boolean"
885
+ }
886
+ },
887
+ "hasDynamicHelp": false,
888
+ "hiddenAliases": [],
889
+ "id": "get:user-roles",
890
+ "pluginAlias": "@flowcore/cli-plugin-iam",
891
+ "pluginName": "@flowcore/cli-plugin-iam",
892
+ "pluginType": "core",
893
+ "strict": true,
894
+ "enableJsonFlag": false,
895
+ "isESM": true,
896
+ "relativePath": [
897
+ "dist",
898
+ "commands",
899
+ "get",
900
+ "user-roles.js"
901
+ ]
902
+ },
903
+ "unassign:policy": {
904
+ "aliases": [],
905
+ "args": {
906
+ "POLICY_NAME": {
907
+ "description": "The name of the policy to unassign",
908
+ "name": "POLICY_NAME",
909
+ "required": true
910
+ }
911
+ },
912
+ "description": "Remove an IAM policy assignment from a user, API key, or role. Exactly one of --user, --key, or --role must be specified",
913
+ "examples": [
914
+ "$ flowcore iam unassign policy read-access --user \"auth0|abc123\" -t my-org -y",
915
+ "$ flowcore iam unassign policy read-access --key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org -y",
916
+ "$ flowcore iam unassign policy read-access --role data-reader -t my-org -y",
917
+ "$ flowcore iam unassign policy read-access --user \"auth0|abc123\" -t my-org -j -y"
918
+ ],
919
+ "flags": {
920
+ "profile": {
921
+ "description": "Specify the configuration profile to use",
922
+ "name": "profile",
923
+ "hasDynamicHelp": false,
924
+ "multiple": false,
925
+ "type": "option"
926
+ },
927
+ "json": {
928
+ "char": "j",
929
+ "description": "Output result as JSON",
930
+ "name": "json",
931
+ "required": false,
932
+ "allowNo": false,
933
+ "type": "boolean"
934
+ },
935
+ "key": {
936
+ "description": "The API key ID to unassign the policy from",
937
+ "exclusive": [
938
+ "user",
939
+ "role"
940
+ ],
941
+ "name": "key",
942
+ "required": false,
943
+ "hasDynamicHelp": false,
944
+ "multiple": false,
945
+ "type": "option"
946
+ },
947
+ "role": {
948
+ "description": "The role name to unassign the policy from",
949
+ "exclusive": [
950
+ "user",
951
+ "key"
952
+ ],
953
+ "name": "role",
954
+ "required": false,
955
+ "hasDynamicHelp": false,
956
+ "multiple": false,
957
+ "type": "option"
958
+ },
959
+ "tenant": {
960
+ "char": "t",
961
+ "description": "The tenant (organization slug) containing the policy",
962
+ "name": "tenant",
963
+ "required": true,
964
+ "hasDynamicHelp": false,
965
+ "multiple": false,
966
+ "type": "option"
967
+ },
968
+ "user": {
969
+ "description": "The user ID to unassign the policy from",
970
+ "exclusive": [
971
+ "key",
972
+ "role"
973
+ ],
974
+ "name": "user",
975
+ "required": false,
976
+ "hasDynamicHelp": false,
977
+ "multiple": false,
978
+ "type": "option"
979
+ },
980
+ "yes": {
981
+ "char": "y",
982
+ "description": "Skip confirmation prompt",
983
+ "name": "yes",
984
+ "required": false,
985
+ "allowNo": false,
986
+ "type": "boolean"
987
+ }
988
+ },
989
+ "hasDynamicHelp": false,
990
+ "hiddenAliases": [],
991
+ "id": "unassign:policy",
992
+ "pluginAlias": "@flowcore/cli-plugin-iam",
993
+ "pluginName": "@flowcore/cli-plugin-iam",
994
+ "pluginType": "core",
995
+ "strict": true,
996
+ "enableJsonFlag": false,
997
+ "isESM": true,
998
+ "relativePath": [
999
+ "dist",
1000
+ "commands",
1001
+ "unassign",
1002
+ "policy.js"
1003
+ ]
1004
+ },
1005
+ "unassign:role": {
1006
+ "aliases": [],
1007
+ "args": {
1008
+ "ROLE_NAME": {
1009
+ "description": "The name of the role to unassign",
1010
+ "name": "ROLE_NAME",
1011
+ "required": true
1012
+ }
1013
+ },
1014
+ "description": "Remove an IAM role assignment from a user or API key. Exactly one of --user or --key must be specified",
1015
+ "examples": [
1016
+ "$ flowcore iam unassign role data-reader --user \"auth0|abc123\" -t my-org -y",
1017
+ "$ flowcore iam unassign role data-reader --key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org -y",
1018
+ "$ flowcore iam unassign role data-reader --user \"auth0|abc123\" -t my-org -j -y"
1019
+ ],
1020
+ "flags": {
1021
+ "profile": {
1022
+ "description": "Specify the configuration profile to use",
1023
+ "name": "profile",
1024
+ "hasDynamicHelp": false,
1025
+ "multiple": false,
1026
+ "type": "option"
1027
+ },
1028
+ "json": {
1029
+ "char": "j",
1030
+ "description": "Output result as JSON",
1031
+ "name": "json",
1032
+ "required": false,
1033
+ "allowNo": false,
1034
+ "type": "boolean"
1035
+ },
1036
+ "key": {
1037
+ "description": "The API key ID to unassign the role from",
1038
+ "exclusive": [
1039
+ "user"
1040
+ ],
1041
+ "name": "key",
1042
+ "required": false,
1043
+ "hasDynamicHelp": false,
1044
+ "multiple": false,
1045
+ "type": "option"
1046
+ },
1047
+ "tenant": {
1048
+ "char": "t",
1049
+ "description": "The tenant (organization slug) containing the role",
1050
+ "name": "tenant",
1051
+ "required": true,
1052
+ "hasDynamicHelp": false,
1053
+ "multiple": false,
1054
+ "type": "option"
1055
+ },
1056
+ "user": {
1057
+ "description": "The user ID to unassign the role from",
1058
+ "exclusive": [
1059
+ "key"
1060
+ ],
1061
+ "name": "user",
1062
+ "required": false,
1063
+ "hasDynamicHelp": false,
1064
+ "multiple": false,
1065
+ "type": "option"
1066
+ },
1067
+ "yes": {
1068
+ "char": "y",
1069
+ "description": "Skip confirmation prompt",
1070
+ "name": "yes",
1071
+ "required": false,
1072
+ "allowNo": false,
1073
+ "type": "boolean"
1074
+ }
1075
+ },
1076
+ "hasDynamicHelp": false,
1077
+ "hiddenAliases": [],
1078
+ "id": "unassign:role",
1079
+ "pluginAlias": "@flowcore/cli-plugin-iam",
1080
+ "pluginName": "@flowcore/cli-plugin-iam",
1081
+ "pluginType": "core",
1082
+ "strict": true,
1083
+ "enableJsonFlag": false,
1084
+ "isESM": true,
1085
+ "relativePath": [
1086
+ "dist",
1087
+ "commands",
1088
+ "unassign",
1089
+ "role.js"
1090
+ ]
1091
+ },
1092
+ "validate:key": {
1093
+ "aliases": [],
1094
+ "args": {
1095
+ "KEY_ID": {
1096
+ "description": "The API key ID to validate access for",
1097
+ "name": "KEY_ID",
1098
+ "required": true
1099
+ }
1100
+ },
1101
+ "description": "Validate whether an API key has permission to perform an action on one or more resources",
1102
+ "examples": [
1103
+ "$ flowcore iam validate key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org --action ingest --resource \"frn::my-org:event-type/*\"",
1104
+ "$ flowcore iam validate key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org --action read --resource \"frn::my-org:data-core/my-core\" -j",
1105
+ "$ flowcore iam validate key \"550e8400-e29b-41d4-a716-446655440000\" -t my-org --action read --resource \"frn::my-org:data-core/core1\" --resource \"frn::my-org:data-core/core2\""
1106
+ ],
1107
+ "flags": {
1108
+ "profile": {
1109
+ "description": "Specify the configuration profile to use",
1110
+ "name": "profile",
1111
+ "hasDynamicHelp": false,
1112
+ "multiple": false,
1113
+ "type": "option"
1114
+ },
1115
+ "action": {
1116
+ "description": "The action to validate (e.g. read, write, ingest, fetch)",
1117
+ "name": "action",
1118
+ "required": true,
1119
+ "hasDynamicHelp": false,
1120
+ "multiple": false,
1121
+ "type": "option"
1122
+ },
1123
+ "json": {
1124
+ "char": "j",
1125
+ "description": "Output result as JSON",
1126
+ "name": "json",
1127
+ "required": false,
1128
+ "allowNo": false,
1129
+ "type": "boolean"
1130
+ },
1131
+ "resource": {
1132
+ "description": "The resource FRN to validate against (can be specified multiple times)",
1133
+ "name": "resource",
1134
+ "required": true,
1135
+ "hasDynamicHelp": false,
1136
+ "multiple": true,
1137
+ "type": "option"
1138
+ },
1139
+ "tenant": {
1140
+ "char": "t",
1141
+ "description": "The tenant (organization slug) to validate within",
1142
+ "name": "tenant",
1143
+ "required": true,
1144
+ "hasDynamicHelp": false,
1145
+ "multiple": false,
1146
+ "type": "option"
1147
+ }
1148
+ },
1149
+ "hasDynamicHelp": false,
1150
+ "hiddenAliases": [],
1151
+ "id": "validate:key",
1152
+ "pluginAlias": "@flowcore/cli-plugin-iam",
1153
+ "pluginName": "@flowcore/cli-plugin-iam",
1154
+ "pluginType": "core",
1155
+ "strict": true,
1156
+ "enableJsonFlag": false,
1157
+ "isESM": true,
1158
+ "relativePath": [
1159
+ "dist",
1160
+ "commands",
1161
+ "validate",
1162
+ "key.js"
1163
+ ]
1164
+ },
1165
+ "validate:user": {
1166
+ "aliases": [],
1167
+ "args": {
1168
+ "USER_ID": {
1169
+ "description": "The user ID to validate access for (e.g. auth0|abc123)",
1170
+ "name": "USER_ID",
1171
+ "required": true
1172
+ }
1173
+ },
1174
+ "description": "Validate whether a user has permission to perform an action on one or more resources",
1175
+ "examples": [
1176
+ "$ flowcore iam validate user \"auth0|abc123\" -t my-org --action read --resource \"frn::my-org:data-core/my-core\"",
1177
+ "$ flowcore iam validate user \"auth0|abc123\" -t my-org --action write --resource \"frn::my-org:data-core/*\" -j",
1178
+ "$ flowcore iam validate user \"auth0|abc123\" -t my-org --action read --resource \"frn::my-org:data-core/core1\" --resource \"frn::my-org:data-core/core2\""
1179
+ ],
1180
+ "flags": {
1181
+ "profile": {
1182
+ "description": "Specify the configuration profile to use",
1183
+ "name": "profile",
1184
+ "hasDynamicHelp": false,
1185
+ "multiple": false,
1186
+ "type": "option"
1187
+ },
1188
+ "action": {
1189
+ "description": "The action to validate (e.g. read, write, ingest, fetch)",
1190
+ "name": "action",
1191
+ "required": true,
1192
+ "hasDynamicHelp": false,
1193
+ "multiple": false,
1194
+ "type": "option"
1195
+ },
1196
+ "json": {
1197
+ "char": "j",
1198
+ "description": "Output result as JSON",
1199
+ "name": "json",
1200
+ "required": false,
1201
+ "allowNo": false,
1202
+ "type": "boolean"
1203
+ },
1204
+ "resource": {
1205
+ "description": "The resource FRN to validate against (can be specified multiple times)",
1206
+ "name": "resource",
1207
+ "required": true,
1208
+ "hasDynamicHelp": false,
1209
+ "multiple": true,
1210
+ "type": "option"
1211
+ },
1212
+ "tenant": {
1213
+ "char": "t",
1214
+ "description": "The tenant (organization slug) to validate within",
1215
+ "name": "tenant",
1216
+ "required": true,
1217
+ "hasDynamicHelp": false,
1218
+ "multiple": false,
1219
+ "type": "option"
1220
+ }
1221
+ },
1222
+ "hasDynamicHelp": false,
1223
+ "hiddenAliases": [],
1224
+ "id": "validate:user",
1225
+ "pluginAlias": "@flowcore/cli-plugin-iam",
1226
+ "pluginName": "@flowcore/cli-plugin-iam",
1227
+ "pluginType": "core",
1228
+ "strict": true,
1229
+ "enableJsonFlag": false,
1230
+ "isESM": true,
1231
+ "relativePath": [
1232
+ "dist",
1233
+ "commands",
1234
+ "validate",
1235
+ "user.js"
1236
+ ]
342
1237
  }
343
1238
  },
344
- "version": "1.7.0"
1239
+ "version": "1.8.0"
345
1240
  }