tanzu operations iam

Commands that support Kubernetes operations for Tanzu Application Platform

Installation

tanzu plugin install apply  --target ops

Usage

CLI plugin: iam | Target: operations | Release Notes

  tanzu operations iam [command]

Commands

  add-binding     Add a role binding in the access policy
  list            List the IAM access policies
  remove-binding  Remove a role binding from the access policy
  role            Manage permissions on resources.
  test-permission Test permissions
  update-policy   Update (overwrite) IAM access policy

Usage

tanzu operations iam add-binding [flags]

Flags

  -c, --cluster string              scope search to the specified cluster_name
  -g, --groups strings              Comma-separated list of groups to include in the role binding
  -m, --management-cluster string   scope search to the specified management_cluster_name
  -n, --name string                 scope search to the name of the resource
  -p, --provisioner string          scope search to the specified provisioner_name
  -r, --role string                 Role name to bind the users/groups to
  -s, --scope string                scope search to cluster/cluster-group/workspace/organization/provisioner/management-cluster/namespace
  -u, --users strings               Comma-separated list of users to include in the role binding

Global Flags

  -h, --help   help for iam command

add-binding

Add a role binding in the access policy

Usage

  tanzu operations iam add-binding [flags]

Flags

  -c, --cluster string        scope search to the specified cluster_name
  -t, --cluster-type string   type of the cluster (eks/attached) (default "eks")
  -g, --groups strings        Comma-separated list of groups to include in the role binding
  -n, --name string           scope search to the name of the resource
  -r, --role string           Role name to bind the users/groups to
  -s, --scope string          scope search to cluster/clustergroup
  -u, --users strings         Comma-separated list of users to include in the role binding

list

List the IAM access policies.

Usage

tanzu operations iam list [flags]

Flags

  -c, --cluster string        scope search to the specified cluster_name
  -t, --cluster-type string   type of the cluster (eks/attached) (default "eks")
      --direct                lists direct or inherited policies
  -n, --name string           scope search to the name of the resource
  -o, --output string         Output format (yaml | json) (default "yaml")
  -s, --scope string          scope search to cluster/clustergroup/project

remove-binding

Remove a role binding from the access policy.

Usage

  tanzu operations iam remove-binding [flags]

Flags

  -c, --cluster string        scope search to the specified cluster_name
  -t, --cluster-type string   type of the cluster (eks/attached) (default "eks")
  -g, --group string          Group to remove from the role binding
  -n, --name string           scope search to the name of the resource
  -r, --role string           Role name to bind the users/groups to
  -s, --scope string          scope search to cluster/clustergroup/project
  -u, --user string           User to remove from the role binding

role

Manage permissions on resources.

Usage

  tanzu operations iam role [command]

Commands

  get         Retrieve a role
  list        Return a list of roles

role get

Retrieve a role.

Usage

  tanzu operations iam role get ROLENAME [flags]

Flags

  -o, --output string   Output format (yaml | json) (default "yaml")

role list

Return a list of roles

Usage

  tanzu operations iam role list [flags]

Flags

      --max-size uint   Number of records to return
  -n, --name string     scope search to the specified name (default "*")
      --offset uint     Offset at which to start returning records
  -o, --output string   Output format (yaml|json)

test-permission

Test permissions

Usage

  tanzu operations iam test-permission [flags]

Flags

  -c, --cluster string        scope search to the specified cluster_name
  -t, --cluster-type string   type of the cluster (eks/attached) (default "eks")
  -n, --name string           scope search to the name of the resource
  -v, --permission strings    permission to test
  -s, --scope string          scope search to cluster/clustergroup/project

update-policy

Update (overwrite) an access policy

Usage

  tanzu operations iam update-policy [flags]

Flags

  -c, --cluster string        scope search to the specified cluster
  -t, --cluster-type string   type of the cluster (eks/attached) (default "eks")
  -f, --file string           Resource file to update the access policy
  -n, --name string           scope search to the name of the resource
  -s, --scope string          scope search to cluster/clustergroup

Example

To update an access policy: Update the required fields in the resource file.
Then run the tanzu operations iam update-policy command using the updated resource file.

check-circle-line exclamation-circle-line close-line
Scroll to top icon