role¶
role assume-role¶
Usage
usage: symp role assume-role
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--duration-seconds DURATION_SECONDS]
role_id session_name
Description
Creates temporary credentials with the permissions attached to the specified role. Those credentials will be valid for a limited period of time.
Returns
Returns dict: Temporary credentials
Mandatory
positional arguments:
role_id The ID of the role to assume
session_name An identifier for the assumed role session
Optional
optional arguments:
-h, --help show this help message and exit
--duration-seconds DURATION_SECONDS
The duration, in seconds, of the role session
role attach-aws-policy¶
Usage
usage: symp role attach-aws-policy
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
role_id policy_id
Description
Attaches the specified AWS policy to the specified role. When you attach a AWS policy to a role, the AWS policy becomes part of the role’s permission (access) policy.
Mandatory
positional arguments:
role_id The ID of the role
policy_id The ID of the policy to attach
Optional
optional arguments:
-h, --help show this help message and exit
role create¶
Usage
usage: symp role create
[-h] [-f {adaptive_table,json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--description DESCRIPTION] [--path PATH]
[--max-session-duration MAX_SESSION_DURATION]
[--project-id PROJECT_ID]
name --assume_role_policy_document
[--assume_role_policy_document ...]
Description
Creates a new role.
Returns
Returns dict: A structure containing details about the new role
Mandatory
positional arguments:
name The name of the role to create
--assume_role_policy_document
This is a trust relationship policy document that grants permission to an entity to assume the role.
It is a JSON object which is basically a list of objects each of which represents an entity or group of entities.
Two types of objects can appear in this list:
A user object, for a specific user, and a project object, for all users in the project.
Each object has an 'effect' property which describes whether the entity, or entities, are allowed or denied to assume the role.
If the same entity has both an 'allow' and 'deny', the 'deny' prevails.
If there are any nulls in the JSON, they are discarded.
A user object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be 'user'
- entity_id (uuid): The ID of the user
- project_id (uuid): The ID of the project that the user must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "user", "entity_id": "4143f6870f8648b798192660ff480051", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
A project object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be '*'
- project_id (uuid): The ID of the project that the users must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "*", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
Optional
optional arguments:
-h, --help show this help message and exit
--description DESCRIPTION
A description of the role
--path PATH A path to give to the new role
--max-session-duration MAX_SESSION_DURATION
Maximum session duration (in seconds) that can be requested when assuming this role
--project-id PROJECT_ID
If given, create the role in that project, rather in the project the request is made of.
This parameter is for usage of admin or tenant admin only
role detach-aws-policy¶
Usage
usage: symp role detach-aws-policy
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
role_id policy_id
Description
Removes the specified AWS policy from the specified role.
Mandatory
positional arguments:
role_id The ID of the role to detach policy from
policy_id The ID of the policy to detach
Optional
optional arguments:
-h, --help show this help message and exit
role get¶
Usage
usage: symp role get
[-h] [-f {adaptive_table,json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [-m [NAME=VALUE [NAME=VALUE ...]]]
role_id
Description
Retrieves information about the specified role, including the role’s path, GUID, ARN, and the role’s trust policy that grants permission to assume the role.
Returns
Returns dict: A structure containing details about the role
Mandatory
positional arguments:
role_id The ID of the role to get information about
Optional
optional arguments:
-h, --help show this help message and exit
role iam-list¶
Usage
usage: symp role iam-list
[-h] [-f {adaptive_table,csv,json,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]] [--name NAME]
[--project-id PROJECT_ID]
Description
List all available IAM roles. List with IAM format, that’s the reason for the double listing APIs.
Returns
Returns list: List of roles
Optional
optional arguments:
-h, --help show this help message and exit
--name NAME If given, only list roles with the given name
--project-id PROJECT_ID
If given, only list roles from that project
role list¶
Usage
usage: symp role list
[-h] [-f {adaptive_table,csv,json,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]] [--name NAME]
Description
List all available roles.
Returns
Returns list: List of roles
Optional
optional arguments:
-h, --help show this help message and exit
--name NAME If given, only list roles with the given name
role list-aws-policies¶
Usage
usage: symp role list-aws-policies
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
role_id
Description
Lists all AWS policies that are attached to the specified role.
Returns
Returns list: List of policies attach to the given role
Mandatory
positional arguments:
role_id The ID of the role
Optional
optional arguments:
-h, --help show this help message and exit
role list-instance-profiles¶
Usage
usage: symp role list-instance-profiles
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
role_id
Description
Lists the instance profiles that have the specified associated role. If there are none, the operation returns an empty list.
Returns
Returns list: List of instance profiles
Mandatory
positional arguments:
role_id The ID of the role
Optional
optional arguments:
-h, --help show this help message and exit
role remove¶
Usage
usage: symp role remove
[-h] [-f {adaptive_table,json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--force]
role_id
Description
Deletes the specified role.
Mandatory
positional arguments:
role_id The ID of the role to delete
Optional
optional arguments:
-h, --help show this help message and exit
--force If true, detach all policies from the role before deleting it
role set-aws-policies¶
Usage
usage: symp role set-aws-policies
[-f {adaptive_table,json,shell,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent] [--prefix PREFIX]
[-m [NAME=VALUE [NAME=VALUE ...]]]
role_id --policy_ids [--policy_ids ...]
Description
Set the role’s AWS policies in the specified project.
Mandatory
positional arguments:
role_id The ID of the role
--policy_ids The IDs of the policies to attach
Optional
optional arguments:
-h, --help show this help message and exit
role update¶
Usage
usage: symp role update
[-h] [-f {adaptive_table,json,shell,table,value,yaml}] [-c COLUMN] [--max-width <integer>] [--noindent]
[--prefix PREFIX] [-m [NAME=VALUE [NAME=VALUE ...]]]
[--description DESCRIPTION]
[--max-session-duration MAX_SESSION_DURATION]
[--assume-role-policy-document [ASSUME_ROLE_POLICY_DOCUMENT [ASSUME_ROLE_POLICY_DOCUMENT ...]]]
role_id
Description
Updates the description of a role.
Returns
Returns dict: A structure containing details about the new role
Mandatory
positional arguments:
role_id The ID of the role to update
Optional
optional arguments:
-h, --help show this help message and exit
--description DESCRIPTION
The new description for the role
--max-session-duration MAX_SESSION_DURATION
Maximum session duration (in seconds) that can be requested when assuming this role
--assume-role-policy-document [ASSUME_ROLE_POLICY_DOCUMENT [ASSUME_ROLE_POLICY_DOCUMENT ...]]
This is a trust relationship policy document that grants permission to an entity to assume the role.
It is a JSON object which is basically a list of objects each of which represents an entity or group of entities.
Two types of objects can appear in this list:
A user object, for a specific user, and a project object, for all users in the project.
Each object has an 'effect' property which describes whether the entity, or entities, are allowed or denied to assume the role.
If the same entity has both an 'allow' and 'deny', the 'deny' prevails.
If there are any nulls in the JSON, they are discarded.
A user object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be 'user'
- entity_id (uuid): The ID of the user
- project_id (uuid): The ID of the project that the user must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "user", "entity_id": "4143f6870f8648b798192660ff480051", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
A project object is defined by the following parameters and their values:
- effect (string): 'allow' if you want to allow a user to assume the role, otherwise 'deny'
- entity_type (string): Must be '*'
- project_id (uuid): The ID of the project that the users must be logged-in to in order to assume the role
Example:
[{"effect": "allow", "entity_type": "*", "project_id": "572fc7d7326d40a69c0f5fd47a351199"}]
role-assignments list¶
Usage
usage: symp role-assignments list
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
[--kwargs KWARGS]
Description
List role assignments users have. See http://developer.openstack.org/api-ref-identity-v3.html#listRoleAssignments.
Returns
Returns list: The users and their roles on projects/domains
Optional
optional arguments:
-h, --help show this help message and exit
--kwargs KWARGS Extra arguments, a dict as a JSON string
role-assignments list-mine¶
Usage
usage: symp role-assignments list-mine
[-f {adaptive_table,csv,json,table,value,yaml}]
[-c COLUMN] [--max-width <integer>]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[-m [NAME=VALUE [NAME=VALUE ...]]]
Description
List role assignments of authenticated user. See http://developer.openstack.org/api-ref-identity-v3.html#listRoleAssignments.
Returns
Returns list: The user’s roles on projects/domains
Optional
optional arguments:
-h, --help show this help message and exit