role¶
role assume-role¶
Usage
usage: -c role assume-role [-h]
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--prefix PREFIX]
[--duration-seconds DURATION_SECONDS]
role_id session_name
Description
Creates temporary credentials with the permissions attached to the specified role. Those credentials will be valid for a limited period of time.
Return
Returns dict: Temporary credentials
Optional
optional arguments:
-h, --help show this help message and exit
--duration-seconds DURATION_SECONDS
The duration, in seconds, of the role session
role attach-aws-policy¶
Usage
usage: -c role attach-aws-policy [-h]
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--prefix PREFIX]
role_id policy_id
Description
Attaches the specified AWS policy to the specified role. When you attach a AWS policy to a role, the AWS policy becomes part of the role’s permission (access) policy.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
role create¶
Usage
usage: -c role create [-h] [-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent] [--prefix PREFIX]
[--description DESCRIPTION] [--path PATH]
[--max-session-duration MAX_SESSION_DURATION]
[--project-id PROJECT_ID]
name --assume_role_policy_document
[--assume_role_policy_document ...]
Description
Creates a new role.
Return
Returns dict: A structure containing details about the new role
Optional
optional arguments:
-h, --help show this help message and exit
--description DESCRIPTION
A description of the role
--path PATH A path to give to the new role
--max-session-duration MAX_SESSION_DURATION
Maximum session duration (in seconds) that can be requested when assuming this role
--project-id PROJECT_ID
If given, create the role in that project, rather in the project the request is made of.
This parameter is for usage of admin or tenant admin only
role detach-aws-policy¶
Usage
usage: -c role detach-aws-policy [-h]
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--prefix PREFIX]
role_id policy_id
Description
Removes the specified AWS policy from the specified role.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
role get¶
Usage
usage: -c role get [-h] [-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent] [--prefix PREFIX]
role_id
Description
Retrieves information about the specified role, including the role’s path, GUID, ARN, and the role’s trust policy that grants permission to assume the role.
Return
Returns dict: A structure containing details about the role
Optional
optional arguments:
-h, --help show this help message and exit
role iam-list¶
Usage
usage: -c role iam-list [-h] [-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}] [--name NAME]
[--project-id PROJECT_ID]
Description
List all available IAM roles. List with IAM format, that’s the reason for the double listing APIs.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
--name NAME If given, only list roles with the given name
--project-id PROJECT_ID
If given, only list roles from that project
role list¶
Usage
usage: -c role list [-h] [-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}] [--name NAME]
Description
List all available roles.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
--name NAME If given, only list roles with the given name
role list-aws-policies¶
Usage
usage: -c role list-aws-policies [-h]
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
role_id
Description
Lists all AWS policies that are attached to the specified role.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
role list-instance-profiles¶
Usage
usage: -c role list-instance-profiles [-h]
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
role_id
Description
Lists the instance profiles that have the specified associated role. If there are none, the operation returns an empty list.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
role remove¶
Usage
usage: -c role remove [-h] [-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent] [--prefix PREFIX]
[--force]
role_id
Description
Deletes the specified role.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
--force If true, detach all policies from the role before deleting it
role set-aws-policies¶
Usage
usage: -c role set-aws-policies [-h]
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--prefix PREFIX]
role_id --policy_ids [--policy_ids ...]
Description
Set the role’s AWS policies in the specified project.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
role update¶
Usage
usage: -c role update [-h] [-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent] [--prefix PREFIX]
[--description DESCRIPTION]
[--max-session-duration MAX_SESSION_DURATION]
[--assume-role-policy-document [ASSUME_ROLE_POLICY_DOCUMENT [ASSUME_ROLE_POLICY_DOCUMENT ...]]]
role_id
Description
Updates the description of a role.
Return
Returns dict: A structure containing details about the new role
Optional
optional arguments:
-h, --help show this help message and exit
--description DESCRIPTION
The new description for the role
--max-session-duration MAX_SESSION_DURATION
Maximum session duration (in seconds) that can be requested when assuming this role
--assume-role-policy-document [ASSUME_ROLE_POLICY_DOCUMENT [ASSUME_ROLE_POLICY_DOCUMENT ...]]
This is a trust relationship policy document that grants permission to an entity to assume the role.
It is a JSON object which is basically a list of objects each of which represents an entity or group of entities.
Two types of objects can appear in this list:
A user object, for a specific user, and a project object, for all users in the project.
Each object has an 'effect' property which describes whether the entity, or entities, are allowed or denied to assume the role.
If the same entity has both an 'allow' and 'deny', the 'deny' prevails.
If there are any nulls in the JSON, they are discarded.
A user object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be 'user'
- entity_id (uuid): The ID of the user
- project_id (uuid): The ID of the project that the user must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "user", "entity_id": "4143f6870f8648b798192660ff480051", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
A project object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be '*'
- project_id (uuid): The ID of the project that the users must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "*", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
role-assignments list¶
Usage
usage: -c role-assignments list [-h]
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--kwargs KWARGS]
Description
List role assignments users have. See http://developer.openstack.org/api-ref-identity-v3.html#listRoleAssignments.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit
--kwargs KWARGS Extra arguments, a dict as a JSON string
role-assignments list-mine¶
Usage
usage: -c role-assignments list-mine [-h]
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
Description
List role assignments of authenticated user. See http://developer.openstack.org/api-ref-identity-v3.html#listRoleAssignments.
Return
None
Optional
optional arguments:
-h, --help show this help message and exit