wf assign accessrole wayfinderrole
wf assign accessrole wayfinderrole
Assigns a Wayfinder role to an access token, giving access to Wayfinder itself
Synopsis
Binds a role that permits access to Wayfinder itself to a platform or workspace scoped access token.
Roles can be assigned either at a platform-wide level (see: wf get wayfinderrolebindings) or in a specific workspace (see: wf get workspacerolebindings -w WORKSPACE).
By default, assigning a role to a platform access token will create a platform-wide binding. To assign a role in a single workspace to a platform token, add --in-workspace WORKSPACE. This can also be used to assign a role to a workspace access token in a workspace other than its own.
By default, assigning a role to a workspace access token will create a workspace binding in the same workspace as the access token. To assign a role platform-wide to a workspace token, add --platform-wide. Note that only Wayfinder administrators can bind roles platform-wide. This would typically be used only for limited read-only access to platform-wide features.
wf assign accessrole wayfinderrole [flags]
Examples
# List all of the roles you can assign with this command:
$ wf get wayfinderroles
# Create a workspace-scoped token and assign role to allow it access to create and manage
# application environments:
$ wf use workspace app1
$ wf create workspaceaccesstoken ci
$ wf assign wayfinderrole --workspace-access-token ci --role workspace.appmanager
# Assign a workspace-scoped token a role in another workspace:
$ wf create workspaceaccesstoken -w app1 ci
$ wf assign wayfinderrole -w app1 --workspace-access-token ci --role workspace.viewer --in-workspace app2
# Create a platform-scoped access token and assign roles to permit management of workspaces and
# cloud accounts:
$ wf create platformaccesstoken ci-workspacemanager
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role workspacecreator
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role cloudaccessmanager
# Create a platform-scoped access token and assign a role to it to allow it to create and manage
# clusters in workspace app1:
$ wf create platformaccesstoken ci-workspacemanager
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role workspace.clustermanager --in-workspace app1
Options
--dry-run Render the resource to screen rather than implement
-h, --help help for wayfinderrole
--in-workspace string Assigns role in the specified workspace - defaults to the current workspace for --workspace-access-token
--non-interactive Do not prompt for user input
--platform-access-token string Platform-scoped access token to assign a role to (must specify one of --workspace-access-token OR --platform-access-token)
--platform-wide Assigns role platform-wide - default for --platform-access-token (can only be used by Wayfinder administrators)
--role string Role is the role to assign
--workspace-access-token string Workspace-scoped access token to assign a role to (must specify one of --workspace-access-token OR --platform-access-token)
Options inherited from parent commands
--debug Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within
SEE ALSO
- wf assign accessrole - Allows you to assign an access role (i.e. permissions to access a cluster/namespace) to an access token