CLI Admin
is an administrative console that allows to manage all Ferrum
CLI has a following main peculiarities:
- It is separate console executable utility
- Shares same codebase
- Use
Ferrum
config file (provides as an argument)
Admin CLI could be build as follows:
go build -o ferrum-admin.exe ./api/admin/cli
All Admin CLI operation have the same scheme as follows:
{admin_cli_executable} --resource={resorce_name} --operation={operation_type} [additional_arguments]
where:
{admin_cli_executable}
is a name of executable file{resource_name}
-realm
,client
,user
oruser_federation
{operation_type}
is an operation to perform over resource (see operation description below)[additional_arguments]
a set of additional--key=value
pairs i.e. resource id (for get), or value (for create and|or update)
CLI
allows to perform standard CRUD operation via console (create
, read
, update
, delete
) and some additional
operations:
reset_password
- reset password to random valuechange_password
- changes password to provided
!!! Important NOTE !!! : in some of a systems to pass JSON
via command line all "
should be escaped as \"
.
Create operation should provide --value
with resource body, key will be constructed from body. For client
and user
creation realm id (name)
must be provided via --params
.
Create realm
example
./ferrum-admin.exe --resource=realm --operation=create --value='{\"name\": \"WissanceFerrumDemo\", \"token_expiration\": 600, \"refresh_expiration\": 300}'
Create client
example:
./ferrum-admin.exe --resource=client --operation=create --value='{\"id\": \"d4dc483d-7d0d-4d2e-a0a0-2d34b55e6666\", \"name\": \"WissanceWebDemo\", \"type\": \"confidential\", \"auth\": {\"type\": 1, \"value\": \"fb6Z4RsOadVycQoeQiN57xpu8w8wTEST\"}}' --params=WissanceFerrumDemo
Create user
example:
./ferrum-admin.exe --resource=user --operation=create --value='{\"info\": {\"sub\": \"667ff6a7-3f6b-449b-a217-6fc5d9ac6890\", \"email_verified\": true, \"roles\": [\"admin\"], \"name\": \"M.V.Ushakov\", \"preferred_username\": \"umv\", \"given_name\": \"Michael\", \"family_name\": \"Ushakov\"}, \"credentials\": {\"password\": \"1s2d3f4g90xs\"}}' --params=WissanceFerrumDemo
Create user_federation
example:
./ferrum-admin.exe --resource=user_federation --operation=create --value='{\"name\":\"test_ldap\", \"type\":\"ldap\", \"url\":\"ldap://ldap.wissance.com:389\"}' --params=WissanceFerrumDemo
Update operation fully replace item by key --resource_id
+ --param={realm_name}
(realm does not requires)
New key content provides via --value=
. Why we don't provide just a DB key? Answer is there are could be different storage
and key is often composite, therefore it is more user-friendly to provide separately key and realn
Update realm
example
./ferrum-admin.exe --resource=realm --operation=update --resource_id=WissanceFerrumDemo --value='{"name": "WissanceFerrumDemo", "token_expiration": 2400, "refresh_expiration": 1200}'
Update client
example:
./ferrum-admin.exe --resource=client --operation=update --resource_id=WissanceWebDemo --value='{\"id\": \"d4dc483d-7d0d-4d2e-a0a0-2d34b55e6666\", \"name\": \"WissanceWebDemo\", \"type\": \"confidential\", \"auth\": {\"type\": 2, \"value\": \"fb6Z4RsOadVycQoeQiN57xpu8w8wTEST\"}}' --params=WissanceFerrumDemo
Update user
example:
./ferrum-admin.exe --resource=user --operation=update --resource_id=umv --value='{\"info\": {\"sub\": \"667ff6a7-3f6b-449b-a217-6fc5d9ac6890\", \"email_verified\": true, \"roles\": [\"admin\", \"managers\"], \"name\": \"M.V.Ushakov\", \"preferred_username\": \"umv\", \"given_name\": \"Michael\", \"family_name\": \"Ushakov\"}, \"credentials\": {\"password\": \"1s2d3f4g90xs\"}}' --params=WissanceFerrumDemo
Update user_federation
example:
./ferrum-admin.exe --resource=user_federation --operation=update --resource_id=test_ldap --value='{\"name\":\"test_ldap\", \"type\":\"ldap\", \"url\":\"ldap://custom_ldap.wissance.com:389\"}' --params=WissanceFerrumDemo
Question:
- What is using for user identification, because it has
preferred_username
, andgiven_name
fields. I've not tested this yet butpreferred_username
must be used asresource_id
. Here and in allCRUD
operations that are requires identifier.
Get by id operation requires resource identifier (resource_id
) and realm name via --params
.
Get realm
example:
./ferrum-admin.exe --resource=realm --operation=get --resource_id=WissanceFerrumDemo
Get client
example:
./ferrum-admin.exe --resource=client --operation=get --resource_id=WissanceWebDemo --params=WissanceFerrumDemo
Get user
example:
./ferrum-admin.exe --resource=user --operation=get --resource_id=umv --params=WissanceFerrumDemo
Get user should hide credential section (have to test, not tested yet).
Get user_federation
example:
./ferrum-admin.exe --resource=user_federation --operation=get --resource_id=test_ldap --params=WissanceFerrumDemo
Delete operation requires --resource_id
and --params
to be provided.
Delete realm
example:
./ferrum-admin.exe --resource=realm --operation=delete --resource_id=WissanceFerrumDemo
Delete client
example:
./ferrum-admin.exe --resource=client --operation=delete --resource_id=WissanceWebDemo --params=WissanceFerrumDemo
Delete user
example:
./ferrum-admin.exe --resource=user --operation=delete --resource_id=umv --params=WissanceFerrumDemo
Delete user_federation
example:
./ferrum-admin.exe --resource=user_federation --operation=delete --resource_id=test_ldap --params=WissanceFerrumDemo
Questions (todo for work):
- What happened to clients and users if realm was deleted ? Should be a CASCADE removing.
Password reset makes set user
password value to random, new password outputs to console. As for get, update or delete
operation it requires username to be provided via --resource_id
and a realm name via --params
, example:
./ferrum-admin.exe --resource=user --operation=reset_password --resource_id=umv --params=WissanceFerrumDemo
Password change requires username to be provided via --resource_id
and a realm name via --params. New password is passing via
--value=`, example:
./ferrum-admin.exe --resource=user --operation=change_password --resource_id=umv --value='newPassword' --params=WissanceFerrumDemo