From f363c9342f5e23f5ec56778b39d538235f9ca5d3 Mon Sep 17 00:00:00 2001 From: Steve Bang Date: Wed, 24 Jan 2024 15:19:19 -0800 Subject: [PATCH] DOCS-23222: Clarify use of `--inclusive` in `confluent iam rbac role-binding list` (#2410) Co-authored-by: Brian Strauch --- internal/iam/acl_utils.go | 2 +- .../iam/command_rbac_role_binding_create.go | 6 +-- .../iam/command_rbac_role_binding_delete.go | 4 +- .../iam/command_rbac_role_binding_list.go | 46 +++++++++---------- .../output/iam/acl/create-help-onprem.golden | 2 +- .../output/iam/acl/delete-help-onprem.golden | 2 +- .../output/iam/acl/list-help-onprem.golden | 2 +- .../role-binding/create-help-onprem.golden | 6 +-- .../iam/rbac/role-binding/create-help.golden | 4 +- .../role-binding/delete-help-onprem.golden | 4 +- .../iam/rbac/role-binding/delete-help.golden | 4 +- .../delete-missing-role-cloud.golden | 4 +- .../list-failure-help-cloud.golden | 24 +++++----- .../list-failure-help-onprem.golden | 30 ++++++------ .../rbac/role-binding/list-help-onprem.golden | 32 ++++++------- .../iam/rbac/role-binding/list-help.golden | 26 +++++------ 16 files changed, 99 insertions(+), 99 deletions(-) diff --git a/internal/iam/acl_utils.go b/internal/iam/acl_utils.go index f85fd5af90..e4e181ae67 100644 --- a/internal/iam/acl_utils.go +++ b/internal/iam/acl_utils.go @@ -36,7 +36,7 @@ access to the provided operations on the Kafka cluster itself.`) flgSet.String("transactional-id", "", "Set the TransactionalID resource.") flgSet.String("topic", "", `Set the topic resource. With this option the ACL grants the provided operations on the topics that start with that prefix, depending on whether -the --prefix option was also passed.`) +the "--prefix" option was also passed.`) flgSet.Bool("prefix", false, "Set to match all resource names prefixed with this value.") flgSet.SortFlags = false return flgSet diff --git a/internal/iam/command_rbac_role_binding_create.go b/internal/iam/command_rbac_role_binding_create.go index 6d24ccae2f..52c5738b60 100644 --- a/internal/iam/command_rbac_role_binding_create.go +++ b/internal/iam/command_rbac_role_binding_create.go @@ -64,7 +64,7 @@ func (c *roleBindingCommand) newCreateCommand() *cobra.Command { exs = append(exs, examples.Example{ Text: `Create a role binding for the principal permitting it produce to topic "my-topic":`, - Code: "confluent iam rbac role-binding create --principal User:appSA --role DeveloperWrite --resource Topic:my-topic --kafka-cluster $KAFKA_CLUSTER_ID", + Code: "confluent iam rbac role-binding create --principal User:appSA --role DeveloperWrite --resource Topic:my-topic --kafka-cluster 0000000000000000000000", }, ) } @@ -72,9 +72,9 @@ func (c *roleBindingCommand) newCreateCommand() *cobra.Command { cmd.Example = examples.BuildExampleString(exs...) cmd.Flags().String("role", "", "Role name of the new role binding.") - cmd.Flags().String("principal", "", "Qualified principal name for the role binding.") + cmd.Flags().String("principal", "", `Principal type and identifier using "Prefix:ID" format.`) addClusterFlags(cmd, c.cfg, c.CLICommand) - cmd.Flags().String("resource", "", "Qualified resource name for the role binding.") + cmd.Flags().String("resource", "", `Resource type and identifier using "Prefix:ID" format.`) cmd.Flags().Bool("prefix", false, "Whether the provided resource name is treated as a prefix pattern.") pcmd.AddOutputFlag(cmd) diff --git a/internal/iam/command_rbac_role_binding_delete.go b/internal/iam/command_rbac_role_binding_delete.go index 79fa5c2fe9..0eda6a385e 100644 --- a/internal/iam/command_rbac_role_binding_delete.go +++ b/internal/iam/command_rbac_role_binding_delete.go @@ -35,10 +35,10 @@ func (c *roleBindingCommand) newDeleteCommand() *cobra.Command { } cmd.Flags().String("role", "", "Role name of the existing role binding.") - cmd.Flags().String("principal", "", "Qualified principal name associated with the role binding.") + cmd.Flags().String("principal", "", `Principal type and identifier using "Prefix:ID" format.`) pcmd.AddForceFlag(cmd) addClusterFlags(cmd, c.cfg, c.CLICommand) - cmd.Flags().String("resource", "", "Qualified resource name for the role binding.") + cmd.Flags().String("resource", "", `Resource type and identifier using "Prefix:ID" format.`) cmd.Flags().Bool("prefix", false, "Whether the provided resource name is treated as a prefix pattern.") pcmd.AddOutputFlag(cmd) diff --git a/internal/iam/command_rbac_role_binding_list.go b/internal/iam/command_rbac_role_binding_list.go index 89dd841acb..04f0b93a25 100644 --- a/internal/iam/command_rbac_role_binding_list.go +++ b/internal/iam/command_rbac_role_binding_list.go @@ -31,7 +31,7 @@ func (c *roleBindingCommand) newListCommand() *cobra.Command { cmd := &cobra.Command{ Use: "list", Short: "List role bindings.", - Long: "List the role bindings for a particular principal and/or role, and a particular scope.", + Long: "List role bindings assigned to a principal based on scopes.", Args: cobra.NoArgs, RunE: c.list, } @@ -59,7 +59,7 @@ func (c *roleBindingCommand) newListCommand() *cobra.Command { Code: "confluent iam rbac role-binding list --principal User:u-123456 --inclusive", }, examples.Example{ - Text: "List the role bindings for the current user at the environment scope and its nested scopes:", + Text: "List the role bindings for the current user with the environment scope and nested scopes:", Code: "confluent iam rbac role-binding list --current-user --environment env-123456 --inclusive", }, ) @@ -67,49 +67,49 @@ func (c *roleBindingCommand) newListCommand() *cobra.Command { cmd.Example = examples.BuildExampleString( examples.Example{ Text: "Only use the `--resource` flag when specifying a `--role` with no `--principal` specified. If specifying a `--principal`, then the `--resource` flag is ignored. To list role bindings for a specific role on an identified resource:", - Code: "confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperRead --resource Topic", + Code: "confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperRead --resource Topic:my-topic", }, examples.Example{ Text: "List the role bindings for a specific principal:", - Code: "confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user", + Code: "confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user", }, examples.Example{ Text: "List the role bindings for a specific principal, filtered to a specific role:", - Code: "confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user --role DeveloperRead", + Code: "confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user --role DeveloperRead", }, examples.Example{ Text: "List the principals bound to a specific role:", - Code: "confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite", + Code: "confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite", }, examples.Example{ Text: "List the principals bound to a specific resource with a specific role:", - Code: "confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite --resource Topic:my-topic", + Code: "confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite --resource Topic:my-topic", }, ) } - cmd.Flags().String("principal", "", "Principal whose role bindings should be listed.") - cmd.Flags().Bool("current-user", false, "Show role bindings belonging to the current user.") - cmd.Flags().String("role", "", "List role bindings under a specific role given to a principal. Or if no principal is specified, list principals with the role.") + cmd.Flags().String("principal", "", "Principal ID, which limits role bindings to this principal. If unspecified, list all principals and role bindings.") + cmd.Flags().Bool("current-user", false, "List role bindings assigned to the current user.") + cmd.Flags().String("role", "", `Predefined role assigned to "--principal". If "--principal" is unspecified, list all principals assigned the role.`) if c.cfg.IsCloudLogin() { - cmd.Flags().String("environment", "", "Environment ID for scope of role binding listings.") - cmd.Flags().Bool("current-environment", false, "Use current environment ID for scope.") - cmd.Flags().String("cloud-cluster", "", "Cloud cluster ID for scope of role binding listings.") - cmd.Flags().String("kafka-cluster", "", "Kafka cluster ID for scope of role binding listings.") - cmd.Flags().String("schema-registry-cluster", "", "Schema Registry cluster ID for the role binding listings.") - cmd.Flags().String("ksql-cluster", "", "ksqlDB cluster name for the role binding listings.") + cmd.Flags().String("environment", "", "Environment ID, which specifies the environment scope.") + cmd.Flags().Bool("current-environment", false, "Use current environment ID for the environment scope.") + cmd.Flags().String("cloud-cluster", "", "Cloud cluster ID, which specifies the cloud cluster scope.") + cmd.Flags().String("kafka-cluster", "", "Kafka cluster ID, which specifies the Kafka cluster scope.") + cmd.Flags().String("schema-registry-cluster", "", "Schema Registry cluster ID, which specifies the Schema Registry cluster scope.") + cmd.Flags().String("ksql-cluster", "", "ksqlDB cluster name, which specifies the ksqlDB cluster scope.") } else { - cmd.Flags().String("kafka-cluster", "", "Kafka cluster ID for scope of role binding listings.") - cmd.Flags().String("schema-registry-cluster", "", "Schema Registry cluster ID for scope of role binding listings.") - cmd.Flags().String("ksql-cluster", "", "ksqlDB cluster ID for scope of role binding listings.") - cmd.Flags().String("connect-cluster", "", "Kafka Connect cluster ID for scope of role binding listings.") - cmd.Flags().String("cluster-name", "", "Cluster name to uniquely identify the cluster for role binding listings.") + cmd.Flags().String("kafka-cluster", "", "Kafka cluster ID, which specifies the Kafka cluster scope.") + cmd.Flags().String("schema-registry-cluster", "", "Schema Registry cluster ID, which specifies the Schema Registry cluster scope.") + cmd.Flags().String("ksql-cluster", "", "ksqlDB cluster ID, which specifies the ksqlDB cluster scope.") + cmd.Flags().String("connect-cluster", "", "Kafka Connect cluster ID, which specifies the Connect cluster scope.") + cmd.Flags().String("cluster-name", "", "Cluster name, which specifies the cluster scope.") pcmd.AddContextFlag(cmd, c.CLICommand) } - cmd.Flags().String("resource", "", "If specified with a role and no principals, list principals with role bindings to the role for this qualified resource.") - cmd.Flags().Bool("inclusive", false, "List all role bindings in a specific scope and its nested scopes.") + cmd.Flags().String("resource", "", `Resource type and identifier using "Prefix:ID" format. If specified with "--role" and no principals, list all principals and role bindings.`) + cmd.Flags().Bool("inclusive", false, "List role bindings for specified scopes and nested scopes. Otherwise, list role bindings for the specified scopes. If scopes are unspecified, list only organization-scoped role bindings.") pcmd.AddOutputFlag(cmd) return cmd diff --git a/test/fixtures/output/iam/acl/create-help-onprem.golden b/test/fixtures/output/iam/acl/create-help-onprem.golden index 797c2cea00..e3154d052c 100644 --- a/test/fixtures/output/iam/acl/create-help-onprem.golden +++ b/test/fixtures/output/iam/acl/create-help-onprem.golden @@ -29,7 +29,7 @@ Flags: --transactional-id string Set the TransactionalID resource. --topic string Set the topic resource. With this option the ACL grants the provided operations on the topics that start with that prefix, depending on whether - the --prefix option was also passed. + the "--prefix" option was also passed. --prefix Set to match all resource names prefixed with this value. --context string CLI context name. diff --git a/test/fixtures/output/iam/acl/delete-help-onprem.golden b/test/fixtures/output/iam/acl/delete-help-onprem.golden index 2092e4a4e7..7182eac76f 100644 --- a/test/fixtures/output/iam/acl/delete-help-onprem.golden +++ b/test/fixtures/output/iam/acl/delete-help-onprem.golden @@ -21,7 +21,7 @@ Flags: --transactional-id string Set the TransactionalID resource. --topic string Set the topic resource. With this option the ACL grants the provided operations on the topics that start with that prefix, depending on whether - the --prefix option was also passed. + the "--prefix" option was also passed. --prefix Set to match all resource names prefixed with this value. --force Skip the deletion confirmation prompt. --context string CLI context name. diff --git a/test/fixtures/output/iam/acl/list-help-onprem.golden b/test/fixtures/output/iam/acl/list-help-onprem.golden index 77f09419a8..ae5369102c 100644 --- a/test/fixtures/output/iam/acl/list-help-onprem.golden +++ b/test/fixtures/output/iam/acl/list-help-onprem.golden @@ -25,7 +25,7 @@ Flags: --transactional-id string Set the TransactionalID resource. --topic string Set the topic resource. With this option the ACL grants the provided operations on the topics that start with that prefix, depending on whether - the --prefix option was also passed. + the "--prefix" option was also passed. --prefix Set to match all resource names prefixed with this value. --context string CLI context name. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/create-help-onprem.golden b/test/fixtures/output/iam/rbac/role-binding/create-help-onprem.golden index 4e6d89e490..ec695fd315 100644 --- a/test/fixtures/output/iam/rbac/role-binding/create-help-onprem.golden +++ b/test/fixtures/output/iam/rbac/role-binding/create-help-onprem.golden @@ -6,18 +6,18 @@ Usage: Examples: Create a role binding for the principal permitting it produce to topic "my-topic": - $ confluent iam rbac role-binding create --principal User:appSA --role DeveloperWrite --resource Topic:my-topic --kafka-cluster $KAFKA_CLUSTER_ID + $ confluent iam rbac role-binding create --principal User:appSA --role DeveloperWrite --resource Topic:my-topic --kafka-cluster 0000000000000000000000 Flags: --role string REQUIRED: Role name of the new role binding. - --principal string REQUIRED: Qualified principal name for the role binding. + --principal string REQUIRED: Principal type and identifier using "Prefix:ID" format. --kafka-cluster string Kafka cluster ID for the role binding. --schema-registry-cluster string Schema Registry cluster ID for the role binding. --ksql-cluster string ksqlDB cluster ID for the role binding. --connect-cluster string Kafka Connect cluster ID for the role binding. --cluster-name string Cluster name to uniquely identify the cluster for role binding listings. --context string CLI context name. - --resource string Qualified resource name for the role binding. + --resource string Resource type and identifier using "Prefix:ID" format. --prefix Whether the provided resource name is treated as a prefix pattern. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/create-help.golden b/test/fixtures/output/iam/rbac/role-binding/create-help.golden index efa3d31c4a..a21d9e6c91 100644 --- a/test/fixtures/output/iam/rbac/role-binding/create-help.golden +++ b/test/fixtures/output/iam/rbac/role-binding/create-help.golden @@ -42,7 +42,7 @@ Grant the "FlinkDeveloper" role to principal "User:u-123456" in environment "env Flags: --role string REQUIRED: Role name of the new role binding. - --principal string REQUIRED: Qualified principal name for the role binding. + --principal string REQUIRED: Principal type and identifier using "Prefix:ID" format. --environment string Environment ID for scope of role-binding operation. --current-environment Use current environment ID for scope. --cloud-cluster string Cloud cluster ID for the role binding. @@ -50,7 +50,7 @@ Flags: --kafka-cluster string Kafka cluster ID for the role binding. --schema-registry-cluster string Schema Registry cluster ID for the role binding. --ksql-cluster string ksqlDB cluster name for the role binding. - --resource string Qualified resource name for the role binding. + --resource string Resource type and identifier using "Prefix:ID" format. --prefix Whether the provided resource name is treated as a prefix pattern. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/delete-help-onprem.golden b/test/fixtures/output/iam/rbac/role-binding/delete-help-onprem.golden index 6a06679073..ec9c310b2e 100644 --- a/test/fixtures/output/iam/rbac/role-binding/delete-help-onprem.golden +++ b/test/fixtures/output/iam/rbac/role-binding/delete-help-onprem.golden @@ -5,7 +5,7 @@ Usage: Flags: --role string REQUIRED: Role name of the existing role binding. - --principal string REQUIRED: Qualified principal name associated with the role binding. + --principal string REQUIRED: Principal type and identifier using "Prefix:ID" format. --force Skip the deletion confirmation prompt. --kafka-cluster string Kafka cluster ID for the role binding. --schema-registry-cluster string Schema Registry cluster ID for the role binding. @@ -13,7 +13,7 @@ Flags: --connect-cluster string Kafka Connect cluster ID for the role binding. --cluster-name string Cluster name to uniquely identify the cluster for role binding listings. --context string CLI context name. - --resource string Qualified resource name for the role binding. + --resource string Resource type and identifier using "Prefix:ID" format. --prefix Whether the provided resource name is treated as a prefix pattern. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/delete-help.golden b/test/fixtures/output/iam/rbac/role-binding/delete-help.golden index e81652756a..cb4f2d7328 100644 --- a/test/fixtures/output/iam/rbac/role-binding/delete-help.golden +++ b/test/fixtures/output/iam/rbac/role-binding/delete-help.golden @@ -10,7 +10,7 @@ Delete the role "ResourceOwner" for the resource "Topic:my-topic" on the Kafka c Flags: --role string REQUIRED: Role name of the existing role binding. - --principal string REQUIRED: Qualified principal name associated with the role binding. + --principal string REQUIRED: Principal type and identifier using "Prefix:ID" format. --force Skip the deletion confirmation prompt. --environment string Environment ID for scope of role-binding operation. --current-environment Use current environment ID for scope. @@ -19,7 +19,7 @@ Flags: --kafka-cluster string Kafka cluster ID for the role binding. --schema-registry-cluster string Schema Registry cluster ID for the role binding. --ksql-cluster string ksqlDB cluster name for the role binding. - --resource string Qualified resource name for the role binding. + --resource string Resource type and identifier using "Prefix:ID" format. --prefix Whether the provided resource name is treated as a prefix pattern. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/delete-missing-role-cloud.golden b/test/fixtures/output/iam/rbac/role-binding/delete-missing-role-cloud.golden index 1fa6e31a0e..6cb44082c0 100644 --- a/test/fixtures/output/iam/rbac/role-binding/delete-missing-role-cloud.golden +++ b/test/fixtures/output/iam/rbac/role-binding/delete-missing-role-cloud.golden @@ -9,7 +9,7 @@ Delete the role "ResourceOwner" for the resource "Topic:my-topic" on the Kafka c Flags: --role string REQUIRED: Role name of the existing role binding. - --principal string REQUIRED: Qualified principal name associated with the role binding. + --principal string REQUIRED: Principal type and identifier using "Prefix:ID" format. --force Skip the deletion confirmation prompt. --environment string Environment ID for scope of role-binding operation. --current-environment Use current environment ID for scope. @@ -18,7 +18,7 @@ Flags: --kafka-cluster string Kafka cluster ID for the role binding. --schema-registry-cluster string Schema Registry cluster ID for the role binding. --ksql-cluster string ksqlDB cluster name for the role binding. - --resource string Qualified resource name for the role binding. + --resource string Resource type and identifier using "Prefix:ID" format. --prefix Whether the provided resource name is treated as a prefix pattern. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/rbac/role-binding/list-failure-help-cloud.golden b/test/fixtures/output/iam/rbac/role-binding/list-failure-help-cloud.golden index faf2985258..6676b520f5 100644 --- a/test/fixtures/output/iam/rbac/role-binding/list-failure-help-cloud.golden +++ b/test/fixtures/output/iam/rbac/role-binding/list-failure-help-cloud.golden @@ -23,22 +23,22 @@ List the role bindings for user "u-123456" for all scopes: $ confluent iam rbac role-binding list --principal User:u-123456 --inclusive -List the role bindings for the current user at the environment scope and its nested scopes: +List the role bindings for the current user with the environment scope and nested scopes: $ confluent iam rbac role-binding list --current-user --environment env-123456 --inclusive Flags: - --principal string Principal whose role bindings should be listed. - --current-user Show role bindings belonging to the current user. - --role string List role bindings under a specific role given to a principal. Or if no principal is specified, list principals with the role. - --environment string Environment ID for scope of role binding listings. - --current-environment Use current environment ID for scope. - --cloud-cluster string Cloud cluster ID for scope of role binding listings. - --kafka-cluster string Kafka cluster ID for scope of role binding listings. - --schema-registry-cluster string Schema Registry cluster ID for the role binding listings. - --ksql-cluster string ksqlDB cluster name for the role binding listings. - --resource string If specified with a role and no principals, list principals with role bindings to the role for this qualified resource. - --inclusive List all role bindings in a specific scope and its nested scopes. + --principal string Principal ID, which limits role bindings to this principal. If unspecified, list all principals and role bindings. + --current-user List role bindings assigned to the current user. + --role string Predefined role assigned to "--principal". If "--principal" is unspecified, list all principals assigned the role. + --environment string Environment ID, which specifies the environment scope. + --current-environment Use current environment ID for the environment scope. + --cloud-cluster string Cloud cluster ID, which specifies the cloud cluster scope. + --kafka-cluster string Kafka cluster ID, which specifies the Kafka cluster scope. + --schema-registry-cluster string Schema Registry cluster ID, which specifies the Schema Registry cluster scope. + --ksql-cluster string ksqlDB cluster name, which specifies the ksqlDB cluster scope. + --resource string Resource type and identifier using "Prefix:ID" format. If specified with "--role" and no principals, list all principals and role bindings. + --inclusive List role bindings for specified scopes and nested scopes. Otherwise, list role bindings for the specified scopes. If scopes are unspecified, list only organization-scoped role bindings. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") Global Flags: diff --git a/test/fixtures/output/iam/rbac/role-binding/list-failure-help-onprem.golden b/test/fixtures/output/iam/rbac/role-binding/list-failure-help-onprem.golden index fe1c7b9a47..1d05d2b1c0 100644 --- a/test/fixtures/output/iam/rbac/role-binding/list-failure-help-onprem.golden +++ b/test/fixtures/output/iam/rbac/role-binding/list-failure-help-onprem.golden @@ -5,36 +5,36 @@ Usage: Examples: Only use the `--resource` flag when specifying a `--role` with no `--principal` specified. If specifying a `--principal`, then the `--resource` flag is ignored. To list role bindings for a specific role on an identified resource: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperRead --resource Topic + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperRead --resource Topic:my-topic List the role bindings for a specific principal: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user List the role bindings for a specific principal, filtered to a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user --role DeveloperRead + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user --role DeveloperRead List the principals bound to a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite List the principals bound to a specific resource with a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite --resource Topic:my-topic + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite --resource Topic:my-topic Flags: - --principal string Principal whose role bindings should be listed. - --current-user Show role bindings belonging to the current user. - --role string List role bindings under a specific role given to a principal. Or if no principal is specified, list principals with the role. - --kafka-cluster string Kafka cluster ID for scope of role binding listings. - --schema-registry-cluster string Schema Registry cluster ID for scope of role binding listings. - --ksql-cluster string ksqlDB cluster ID for scope of role binding listings. - --connect-cluster string Kafka Connect cluster ID for scope of role binding listings. - --cluster-name string Cluster name to uniquely identify the cluster for role binding listings. + --principal string Principal ID, which limits role bindings to this principal. If unspecified, list all principals and role bindings. + --current-user List role bindings assigned to the current user. + --role string Predefined role assigned to "--principal". If "--principal" is unspecified, list all principals assigned the role. + --kafka-cluster string Kafka cluster ID, which specifies the Kafka cluster scope. + --schema-registry-cluster string Schema Registry cluster ID, which specifies the Schema Registry cluster scope. + --ksql-cluster string ksqlDB cluster ID, which specifies the ksqlDB cluster scope. + --connect-cluster string Kafka Connect cluster ID, which specifies the Connect cluster scope. + --cluster-name string Cluster name, which specifies the cluster scope. --context string CLI context name. - --resource string If specified with a role and no principals, list principals with role bindings to the role for this qualified resource. - --inclusive List all role bindings in a specific scope and its nested scopes. + --resource string Resource type and identifier using "Prefix:ID" format. If specified with "--role" and no principals, list all principals and role bindings. + --inclusive List role bindings for specified scopes and nested scopes. Otherwise, list role bindings for the specified scopes. If scopes are unspecified, list only organization-scoped role bindings. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") Global Flags: diff --git a/test/fixtures/output/iam/rbac/role-binding/list-help-onprem.golden b/test/fixtures/output/iam/rbac/role-binding/list-help-onprem.golden index f5a6b1667b..c3ae14a302 100644 --- a/test/fixtures/output/iam/rbac/role-binding/list-help-onprem.golden +++ b/test/fixtures/output/iam/rbac/role-binding/list-help-onprem.golden @@ -1,4 +1,4 @@ -List the role bindings for a particular principal and/or role, and a particular scope. +List role bindings assigned to a principal based on scopes. Usage: confluent iam rbac role-binding list [flags] @@ -6,36 +6,36 @@ Usage: Examples: Only use the `--resource` flag when specifying a `--role` with no `--principal` specified. If specifying a `--principal`, then the `--resource` flag is ignored. To list role bindings for a specific role on an identified resource: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperRead --resource Topic + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperRead --resource Topic:my-topic List the role bindings for a specific principal: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user List the role bindings for a specific principal, filtered to a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --principal User:my-user --role DeveloperRead + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --principal User:my-user --role DeveloperRead List the principals bound to a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite List the principals bound to a specific resource with a specific role: - $ confluent iam rbac role-binding list --kafka-cluster $KAFKA_CLUSTER_ID --role DeveloperWrite --resource Topic:my-topic + $ confluent iam rbac role-binding list --kafka-cluster 0000000000000000000000 --role DeveloperWrite --resource Topic:my-topic Flags: - --principal string Principal whose role bindings should be listed. - --current-user Show role bindings belonging to the current user. - --role string List role bindings under a specific role given to a principal. Or if no principal is specified, list principals with the role. - --kafka-cluster string Kafka cluster ID for scope of role binding listings. - --schema-registry-cluster string Schema Registry cluster ID for scope of role binding listings. - --ksql-cluster string ksqlDB cluster ID for scope of role binding listings. - --connect-cluster string Kafka Connect cluster ID for scope of role binding listings. - --cluster-name string Cluster name to uniquely identify the cluster for role binding listings. + --principal string Principal ID, which limits role bindings to this principal. If unspecified, list all principals and role bindings. + --current-user List role bindings assigned to the current user. + --role string Predefined role assigned to "--principal". If "--principal" is unspecified, list all principals assigned the role. + --kafka-cluster string Kafka cluster ID, which specifies the Kafka cluster scope. + --schema-registry-cluster string Schema Registry cluster ID, which specifies the Schema Registry cluster scope. + --ksql-cluster string ksqlDB cluster ID, which specifies the ksqlDB cluster scope. + --connect-cluster string Kafka Connect cluster ID, which specifies the Connect cluster scope. + --cluster-name string Cluster name, which specifies the cluster scope. --context string CLI context name. - --resource string If specified with a role and no principals, list principals with role bindings to the role for this qualified resource. - --inclusive List all role bindings in a specific scope and its nested scopes. + --resource string Resource type and identifier using "Prefix:ID" format. If specified with "--role" and no principals, list all principals and role bindings. + --inclusive List role bindings for specified scopes and nested scopes. Otherwise, list role bindings for the specified scopes. If scopes are unspecified, list only organization-scoped role bindings. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") Global Flags: diff --git a/test/fixtures/output/iam/rbac/role-binding/list-help.golden b/test/fixtures/output/iam/rbac/role-binding/list-help.golden index f67e5f08eb..cc9fd1ca03 100644 --- a/test/fixtures/output/iam/rbac/role-binding/list-help.golden +++ b/test/fixtures/output/iam/rbac/role-binding/list-help.golden @@ -1,4 +1,4 @@ -List the role bindings for a particular principal and/or role, and a particular scope. +List role bindings assigned to a principal based on scopes. Usage: confluent iam rbac role-binding list [flags] @@ -24,22 +24,22 @@ List the role bindings for user "u-123456" for all scopes: $ confluent iam rbac role-binding list --principal User:u-123456 --inclusive -List the role bindings for the current user at the environment scope and its nested scopes: +List the role bindings for the current user with the environment scope and nested scopes: $ confluent iam rbac role-binding list --current-user --environment env-123456 --inclusive Flags: - --principal string Principal whose role bindings should be listed. - --current-user Show role bindings belonging to the current user. - --role string List role bindings under a specific role given to a principal. Or if no principal is specified, list principals with the role. - --environment string Environment ID for scope of role binding listings. - --current-environment Use current environment ID for scope. - --cloud-cluster string Cloud cluster ID for scope of role binding listings. - --kafka-cluster string Kafka cluster ID for scope of role binding listings. - --schema-registry-cluster string Schema Registry cluster ID for the role binding listings. - --ksql-cluster string ksqlDB cluster name for the role binding listings. - --resource string If specified with a role and no principals, list principals with role bindings to the role for this qualified resource. - --inclusive List all role bindings in a specific scope and its nested scopes. + --principal string Principal ID, which limits role bindings to this principal. If unspecified, list all principals and role bindings. + --current-user List role bindings assigned to the current user. + --role string Predefined role assigned to "--principal". If "--principal" is unspecified, list all principals assigned the role. + --environment string Environment ID, which specifies the environment scope. + --current-environment Use current environment ID for the environment scope. + --cloud-cluster string Cloud cluster ID, which specifies the cloud cluster scope. + --kafka-cluster string Kafka cluster ID, which specifies the Kafka cluster scope. + --schema-registry-cluster string Schema Registry cluster ID, which specifies the Schema Registry cluster scope. + --ksql-cluster string ksqlDB cluster name, which specifies the ksqlDB cluster scope. + --resource string Resource type and identifier using "Prefix:ID" format. If specified with "--role" and no principals, list all principals and role bindings. + --inclusive List role bindings for specified scopes and nested scopes. Otherwise, list role bindings for the specified scopes. If scopes are unspecified, list only organization-scoped role bindings. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") Global Flags: