Skip to main content

wf assign wayfinderrole

wf assign wayfinderrole

Assigns a Wayfinder role to an access token, giving access to Wayfinder itself

Synopsis

Binds a role that permits access to Wayfinder itself to a platform or workspace scoped access token.

Roles can be assigned either at a platform-wide level (see: wf get wayfinderrolebindings) or in a specific workspace (see: wf get workspacerolebindings -w WORKSPACE).

By default, assigning a role to a platform access token will create a platform-wide binding. To assign a role in a single workspace to a platform token, add --in-workspace WORKSPACE. This can also be used to assign a role to a workspace access token in a workspace other than its own.

By default, assigning a role to a workspace access token will create a workspace binding in the same workspace as the access token. To assign a role platform-wide to a workspace token, add --platform-wide. Note that only Wayfinder administrators can bind roles platform-wide. This would typically be used only for limited read-only access to platform-wide features.

wf assign wayfinderrole [flags]

Examples


# List all of the roles you can assign with this command:
$ wf get wayfinderroles

# Create a workspace-scoped token and assign role to allow it access to create and manage
# application environments:
$ wf use workspace app1
$ wf create workspaceaccesstoken ci
$ wf assign wayfinderrole --workspace-access-token ci --role workspace.appmanager

# Assign a workspace-scoped token a role in another workspace:
$ wf create workspaceaccesstoken -w app1 ci
$ wf assign wayfinderrole -w app1 --workspace-access-token ci --role workspace.viewer --in-workspace app2

# Create a platform-scoped access token and assign roles to permit management of workspaces and
# cloud accounts:
$ wf create platformaccesstoken ci-workspacemanager
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role workspacecreator
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role cloudaccessmanager

# Create a platform-scoped access token and assign a role to it to allow it to create and manage
# clusters in workspace app1:
$ wf create platformaccesstoken ci-workspacemanager
$ wf assign wayfinderrole --platform-access-token ci-workspacemanager --role workspace.clustermanager --in-workspace app1

Options

      --dry-run                         Render the resource to screen rather than implement
-h, --help help for wayfinderrole
--in-workspace string Assigns role in the specified workspace - defaults to the current workspace for --workspace-access-token
--non-interactive Do not prompt for user input
--platform-access-token string Platform-scoped access token to assign a role to (must specify one of --workspace-access-token OR --platform-access-token)
--platform-wide Assigns role platform-wide - default for --platform-access-token (can only be used by Wayfinder administrators)
--role string Role is the role to assign
--workspace-access-token string Workspace-scoped access token to assign a role to (must specify one of --workspace-access-token OR --platform-access-token)

Options inherited from parent commands

      --debug              Debug / trace logging (default: false)
--force Force operation to happen (default: false)
--no-wait Do not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your current - to change current: wf use profile NAME
--show-headers Display headers on table out (default true)
--verbose Verbose logging (default: false)
-w, --workspace string Workspace to use

SEE ALSO

  • wf assign - Assign allows you to assign access roles (for cluster access) or wayfinder roles (for access to Wayfinder itself) to access tokens