Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Summary:
Add commands corresponding to RBAC APIs.
RBAC Command
```
yba rbac
Manage YugabyteDB Anywhere RBAC (Role-Based Access Control)
Usage:
yba rbac [flags]
yba rbac [command]
Available Commands:
permission Manage YugabyteDB Anywhere RBAC permissions
role Manage YugabyteDB Anywhere RBAC roles
Flags:
-h, --help help for rbac
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Permission command
```
yba rbac permission
Manage YugabyteDB Anywhere RBAC permissions
Usage:
yba rbac permission [flags]
yba rbac permission [command]
Available Commands:
describe Describe a YugabyteDB Anywhere RBAC permission
list List YugabyteDB Anywhere permissions
Flags:
-h, --help help for permission
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
Use "yba rbac permission [command] --help" for more information about a command.
```
List Permission
```
yba rbac permission list
List YugabyteDB Anywhere permissions
Usage:
yba rbac permission list [flags]
Aliases:
list, ls
Examples:
yba rbac permission list
Flags:
-n, --name string [Optional] Name of the permission. Quote name if it contains space.
--resource-type string [Optional] Resource type of the permission. Allowed values: universe, role, user, other. If not specified, all resource types are returned.
-h, --help help for list
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Describe Persmiison
```
yba rbac permission describe -h
Describe a RBAC permission in YugabyteDB Anywhere
Usage:
yba rbac permission describe [flags]
Aliases:
describe, get
Examples:
yba rbac permission describe --name <permission-name>
Flags:
-n, --name string [Required] Name of the permission. Quote name if it contains space.
-h, --help help for describe
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Role command
```
yba rbac role
Manage YugabyteDB Anywhere RBAC roles
Usage:
yba rbac role [flags]
yba rbac role [command]
Available Commands:
create Create YugabyteDB Anywhere RBAC roles
delete Delete a YugabyteDB Anywhere role
describe Describe a YugabyteDB Anywhere RBAC role
list List YugabyteDB Anywhere roles
update Update a YugabyteDB Anywhere role
Flags:
-h, --help help for role
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
List Role command
```
yba rbac role list
List YugabyteDB Anywhere roles
Usage:
yba rbac role list [flags]
Aliases:
list, ls
Examples:
yba rbac role list
Flags:
-n, --name string [Optional] Name of the role. Quote name if it contains space.
--type string [Optional] Role type. Allowed values: system, custom. If not specified, all role types are returned.
-h, --help help for list
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Describe role:
```
yba rbac role describe -h
Describe a RBAC role in YugabyteDB Anywhere
Usage:
yba rbac role describe [flags]
Aliases:
describe, get
Examples:
yba rbac role describe --name <role-name>
Flags:
-n, --name string [Required] Name of the role. Quote name if it contains space.
-h, --help help for describe
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Delete role
```
yba rbac role delete -h
Delete a role in YugabyteDB Anywhere
Usage:
yba rbac role delete [flags]
Aliases:
delete, remove, rm
Examples:
yba role delete --name <role-name>
Flags:
-n, --name string [Required] The name of the role to be deleted.
-f, --force [Optional] Bypass the prompt for non-interactive usage.
-h, --help help for delete
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
Create role
```
yba rbac role create -h
Create YugabyteDB Anywhere RBAC roles
Usage:
yba rbac role create [flags]
Aliases:
create, add
Examples:
yba rbac role create --name <role-name> \
--permission resource-type=other::action=read \
--description <description>
Flags:
-n, --name string [Required] Name of the role. Quote name if it contains space.
--description string [Optional] Description of the role. Quote description if it contains space.
--permission stringArray [Required] Permissions associated with the role. Minimum number of required permissions = 1. Provide the following double colon (::) separated fields as key-value pairs: "resource-type=<resource-type>::action=<action>". Both are requires key-values. Allowed resource types are universe, role, user, other. Allowed actions are create, read, update, delete, pause_resume, backup_restore, update_role_bindings, update_profile, super_admin_actions, xcluster. Each permission needs to be added using a separate --permission flag. Example: --permission resource-type=other::action=delete --permission resource-type=universe::action=write
-h, --help help for create
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Update role command:
```
yba rbac role update -h
Update a role in YugabyteDB Anywhere
Usage:
yba rbac role update [flags]
Aliases:
update, edit
Examples:
yba rbac role update --name <role-name> \
--add-permission resource-type=other::action=create
Flags:
-n, --name string [Required] Role name to be updated.
--add-permission stringArray [Optional] Add permissions to the role. Provide the following double colon (::) separated fields as key-value pairs: "resource-type=<resource-type>::action=<action>". Both are requires key-values. Allowed resource types are: universe, role, user, other. Allowed actions are: create, read, update, delete, pause_resume, backup_restore, update_role_bindings, update_profile, super_admin_actions, xcluster.Quote action if it contains space. Each permission needs to be added using a separate --add-permission flag.
--remove-permission stringArray [Optional] Remove permissions from the role. Provide the following double colon (::) separated fields as key-value pairs: "resource-type=<resource-type>::action=<action>". Both are requires key-values. Allowed resource types are: universe, role, user, other. Allowed actions are: create, read, update, delete, pause_resume, backup_restore, update_role_bindings, update_profile, super_admin_actions, xcluster.Quote action if it contains space. Each permission needs to be removed using a separate --remove-permission flag.
-h, --help help for update
Global Flags:
-a, --apiToken string YugabyteDB Anywhere api token.
--config string Config file, defaults to $HOME/.yba-cli.yaml
--debug Use debug mode, same as --logLevel debug.
--disable-color Disable colors in output. (default false)
-H, --host string YugabyteDB Anywhere Host (default "http://localhost:9000")
-l, --logLevel string Select the desired log level format. Allowed values: debug, info, warn, error, fatal. (default "info")
-o, --output string Select the desired output format. Allowed values: table, json, pretty. (default "table")
--timeout duration Wait command timeout, example: 5m, 1h. (default 168h0m0s)
--wait Wait until the task is completed, otherwise it will exit immediately. (default true)
```
Test Plan:
`yba rbac permission list`
```
Name Resource Type Action Permission Valid On Resource
Update Role ROLE UPDATE false
Create Role ROLE CREATE false
View Role ROLE READ false
Delete Role ROLE DELETE false
Delete User USER DELETE false
Update Role Bindings USER UPDATE_ROLE_BINDINGS false
Create User USER CREATE false
Update User Profile USER UPDATE_PROFILE false
View User USER READ false
View Universe UNIVERSE READ true
Manage XCluster UNIVERSE XCLUSTER true
Update Universe UNIVERSE UPDATE true
Create Universe UNIVERSE CREATE false
Backup/Restore Universe UNIVERSE BACKUP_RESTORE true
Pause/Resume Universe UNIVERSE PAUSE_RESUME true
Delete Universe UNIVERSE DELETE true
View Resource OTHER READ false
Create Resource OTHER CREATE false
Update Resource OTHER UPDATE false
Delete Resource OTHER DELETE false
Super Admin Actions OTHER SUPER_ADMIN_ACTIONS false
```
`yba rbac permission describe --name "View Universe"`
```
General
Name Resource Type Action Permission Valid On Resource
View Universe UNIVERSE READ true
Permission Details
Description
Allows user to view a universe.
Prerequisite Permissions
Permission 1: Details
Action Resource Type
READ OTHER
```
`yba rbac role list`
```
Name UUID Role Type
ReadOnly a392c6cc-a57d-4a04-acb8-0e1d4d1f1205 System
BackupAdmin f201e3fc-845a-4b5f-9f84-052b6c24d1a3 System
ConnectOnly 7b10ff16-5ac0-4cfe-b1ee-0a0673a5f86b System
Admin 1c4f107e-a2a4-4b45-916b-3ea6a936e85e System
SuperAdmin 5853e7a7-0a89-4472-a354-d473de7c21ae System
Developer L2 bef2eb73-020a-45f1-a9c2-23a5877714d5 Custom
Software L1 019e26b0-0ee2-476c-bb86-b85c20c26412 Custom
```
`yba rbac role get -n "Developer L2"`
```
General
Name UUID Role Type
Developer L2 bef2eb73-020a-45f1-a9c2-23a5877714d5 Custom
Role Details
Description
Access to selected universes
Created On Updated On
Thu, 08 Feb 2024 03:12:41 +0000 Mon, 05 Aug 2024 05:49:24 +0000
Permissions
Permission 1: Details
Action Resource Type
BACKUP_RESTORE UNIVERSE
Permission 2: Details
Action Resource Type
READ UNIVERSE
Permission 3: Details
Action Resource Type
PAUSE_RESUME UNIVERSE
Permission 4: Details
Action Resource Type
READ OTHER
Permission 5: Details
Action Resource Type
DELETE UNIVERSE
Permission 6: Details
Action Resource Type
XCLUSTER UNIVERSE
Permission 7: Details
Action Resource Type
UPDATE UNIVERSE
```
`yba rbac role create -n test-cli --permission resource-type=universe::action=delete --permission resource-type=universe::action=read --permission resource-type=other::action=read`
```
Name UUID Role Type
test-cli f323efd8-90ea-4090-9b41-00922866aea0 Custom
```
`yba rbac role update -n test-cli --add-permission resource-type=universe::action=read`
```
Name UUID Role Type
test-cli f323efd8-90ea-4090-9b41-00922866aea0 Custom
```
Reviewers: skurapati
Reviewed By: skurapati
Subscribers: yugaware
Differential Revision: https://phorge.dev.yugabyte.com/D40222- Loading branch information
