chef-platform-auth-cli reference

chef-platform-auth-cli

Chef Platform auth CLI

Synopsis

Chef Platform auth CLI is use to get authenticate

Options

-h

--help

help for chef-platform-auth-cli

Default value: false

chef-platform-auth-cli authz

Commands for node account

Synopsis

Commands for managing node account

Options

-h

--help

help for authz

Default value: false

See also

• chef-platform-auth-cli authz policy
• chef-platform-auth-cli authz role

chef-platform-auth-cli authz policy

Commands related to policy

Options

-h

--help

help for policy

Default value: false

See also

• chef-platform-auth-cli authz
• chef-platform-auth-cli authz policy create-policy
• chef-platform-auth-cli authz policy delete-policy
• chef-platform-auth-cli authz policy disable-policy
• chef-platform-auth-cli authz policy enable-policy
• chef-platform-auth-cli authz policy get-policy
• chef-platform-auth-cli authz policy list-policy
• chef-platform-auth-cli authz policy test-policy
• chef-platform-auth-cli authz policy update-policy

chef-platform-auth-cli authz policy create-policy

create a policy under the current organization

Synopsis

Summary:

This operation will create a new user-defined policy under current organization. Policies allow access to API end-points based upon routing rules and enforced by the API gateway. Policies do not enforce attribute based access rules (ABAC) inside a domain on an object (e.g. User A can execute courier job 1234).

Note:

This method will always result in a Policy which is defined by “User”

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

409 (Conflict)

Policy name already exist in this organizational unit

422 (Unprocessable Content)

The policy does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy create-policy [flags]

Options

--body

The policy to be created

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for create-policy

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy delete-policy

Delete a policy

Synopsis

Summary:

This operation will delete an existing policy under current org.

Note:

This method will only allow deleting of user-defined policies

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

Policy doesn’t exist in this organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not deleted.

423 (Locked)

Policy is not a user-defined Policy and thus can not be deleted

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy delete-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy disable-policy

Disable a policy in the current organization

Synopsis

Summary:

Use this operation when there is a need to disable a policy. This will deactivate the policy enforcement.

Note:

This operation can only be used to disable an already enabled User policy.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The policy requested does not exist in the organization

409 (Conflict)

Expect this error code if the policy is already disabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Policy is not a User policy

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy disable-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy enable-policy

Enable a policy in the current organization

Synopsis

Summary:

Use this operation to enable a disabled policy. This will enable enforcement of the policy.

Note:

This operation can only be used to enable an already disabled User policy.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The policy requested does not exist in the organization

409 (Conflict)

Expect this error code if the policy is already enabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Policy is not a user-defined policy

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy enable-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy get-policy

Get details of a policy

Synopsis

Summary:

Use this operation to get details of a user-defined policy or a system defined policy in the organization

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The policy requested does not exist in the organization and neither a system policy

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy get-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-policy

Default value: false

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy list-policy

List policies

Synopsis

Summary:

This operation will search for user-defined policies registered in the current organization and system policies

Note:

Unless definedBy is specified this will default to limiting results to user defined policies

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy list-policy [flags]

Options

--action

the policy must contain a statement with this action

--definedBy

who defined the policy

Default value: user

--description

A partial match against the description of a Policy

--format

to print response in format

Default value: json

-h

--help

help for list-policy

Default value: false

--name

A partial match against the name of a Policy

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--route

the policy must contain a statement with a partial match of this text in the route

--status

The Status of the policies to filter by

--text

A partial match against the name or description of a Policy

--verb

the policy must contain a statement with this verb

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy test-policy

Test a policy

Synopsis

Summary:

This operation can be used to sumbit an array of routes and HTTP verb to test a policy

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The policy requested is neither a system policy; nor it exists in the organization

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy test-policy [flags]

Options

--body

Array of URIs to test

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for test-policy

Default value: false

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "requests": [
          {
              "method": "get",
              "path": "http://demo.saas.chef.io/accounts/nodes"
          },
          {
              "method": "patch",
              "path": "https://demo.saas.chef.io/accounts/node/37e71274-a9a4-4d53-9e68-f7bd256b4e7c/enable"
          },
          {
              "method": "post",
              "path": "/accounts/policies"
          },
          {
              "method": "get",
              "path": "/accounts/policy/82eb6f39-4c59-4428-a86c-e673fac583df/"
          }
      ]
  }
  

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz policy update-policy

Update a policy

Synopsis

Summary:

This operation will update an existing policy under current org.

Note:

This method will only allow updating of user-defined policies

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

Policy doesn’t exist in this organization

409 (Conflict)

Policy name already exist in this organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The policy does not meet the validation requirements. Reference the errors in the response for more details.

423 (Locked)

Policy is not a user-defined Policy and thus can not be updated

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz policy update-policy [flags]

Options

--body

The policy details to be updated

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for update-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz policy

chef-platform-auth-cli authz role

Commands related to role

Options

-h

--help

help for role

Default value: false

See also

• chef-platform-auth-cli authz
• chef-platform-auth-cli authz role assign-policies
• chef-platform-auth-cli authz role assign-policy
• chef-platform-auth-cli authz role create-role
• chef-platform-auth-cli authz role delete-policy
• chef-platform-auth-cli authz role delete-role
• chef-platform-auth-cli authz role disable-role
• chef-platform-auth-cli authz role enable-role
• chef-platform-auth-cli authz role find-role
• chef-platform-auth-cli authz role get-policy
• chef-platform-auth-cli authz role get-role
• chef-platform-auth-cli authz role list-policies
• chef-platform-auth-cli authz role modify-policies
• chef-platform-auth-cli authz role test-role
• chef-platform-auth-cli authz role update-role

chef-platform-auth-cli authz role assign-policies

Create role and assign specified policies to the role.

Synopsis

Summary:

If the role with the provided name already exists,the API will assign the specified policies to the role as a final set of policies. If the provided role does not exist, the API will create the role and assign the specified policies to the role as a final set of policies.

Errors

404 (Not Found)

The policy you requested does not exist.

422 (Policy validation failed)

The policy is a system defined policy not a user defined policy.

423 (Locked)

The role or policy is disabled.

401 (Unauthorized)

The credential used to access this resource is invalid or expired.

403 (Forbidden)

A user with this role is not allowed to access the resource.

500 (Internal Server Error)

Some unexpected errors occurred while requesting this resource.

503 (Service Unavailable)

The request service is not responsive.

Usage

chef-platform-auth-cli authz role assign-policies [flags]

Options

--body

Policies to be assigned to the role

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for assign-policies

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role assign-policy

Assign a user-defined policy to user-defined role in the current organization

Synopsis

Summary:

This operation will assign a user-defined policy to the given user-defined role in the current organization

Note:

This method will only allow assigning a user-defined policy to a user-defined role

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role you requested does not exist in the organization

409 (Conflict)

The policy is already assigned to this role

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

The requested role is not a user managed role

423 (Locked)

The policy is not a user-defined policy

423 (Locked)

The requested role is disabled

423 (Locked)

The requested policy is disabled

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role assign-policy [flags]

Options

--body

policy to add

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for assign-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "policyId": "82eb6f39-4c59-4428-a86c-e673fac583df"
  }
  

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role create-role

Create a role under current organization

Synopsis

Summary:

This operation will create a new Role. Roles are assigned to one or more policies. Policies allow access to API end-points based upon routing rules and enforced by the API gateway. Users can then assign the roles, when a user logs into a tenant and selects an organization, they must choose a role.

Note:

This method will always result in a Role which is user-defined and meant for “user”. Role meant for “node” can not be created with this api.

Errors

400 (Bad Request)

Invalid schema for request.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

409 (Conflict)

Role name already exist in this organizational unit.

422 (Unprocessable Content)

The role does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role create-role [flags]

Options

--body

The role to be created

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for create-role

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role delete-policy

Detach a user-defined policy from a user-defined role

Synopsis

Summary:

Use this operation to remove a policy from a role.

Note:

This method will only allow detaching of user-defined policies from a User defined role in the current organization.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role you requested does not exist in the organization

409 (Conflict)

The policy requested is not attached to the role

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Role is not a User defined role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role delete-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-policy

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role delete-role

Delete a role

Synopsis

Summary:

Use this operation to remove a role. This will prevent all users from selecting this role upon login or when switching roles.

WARNING If a user is currently using a role when the cache expires (invalidated) the user will be prevented from performing any actions until they log out and log in again.

Note:

This method will only allow deleting of User defined roles

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role requested does not exist in the organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Role is not a User managed role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role delete-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role disable-role

Disable a role in the current organization

Synopsis

Summary:

Use this operation when there is need to disable a role for all assigned users. This will prevent all users from selecting this role upon login, or changing to the role.

WARNING If a user is currently using a role when the cache expires (invalidated) the user will be prevented from performing any actions until they log out and log in again.

Note:

This method will only allow disabling of User or System roles. Service roles can not be disabled using this method.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role was not found

409 (Conflict)

Role is already disabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Role is not a User managed role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role disable-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role enable-role

Enable a user-defined role in the current organization

Synopsis

Summary:

Use this operation to enable a disabled role.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role you requested does not exist in the organization

409 (Conflict)

the role is already enabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

Role is not a User managed role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role enable-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role find-role

List roles

Synopsis

Summary:

This operation will list all user-defined roles under the current organization and the system defined roles.

Note:

Unless definedBy is specified this will default to limiting results to user-defined roles only

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role find-role [flags]

Options

--definedBy

who defined the role

Default value: user

--description

A partial match against the description of a Role

--filterByIds

List of role ids to filter by

Default value: []

--format

to print response in format

Default value: json

-h

--help

help for find-role

Default value: false

--level

at what level can this role be used

Default value: org

--meantFor

to whom this role can be assigned

Default value: user

--name

The name of the role

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--status

The Status of the roles to filter by

Default value: enabled

--text

A partial match against the name or description of a role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role get-policy

Get details of a policy assigned to the role

Synopsis

Summary:

Use this operation to get details of a policy assigned to the role. The role can be a system defined role or a custom role in the current organization.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role you requested is neither a system defined role nor it exists in the current organization

404 (Not Found)

The policy requested is not attached to the role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role get-policy [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-policy

Default value: false

--policyId

ID of a Policy

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role get-role

Get details of a role

Synopsis

Summary:

Use this operation to get details of a user-defined role in the organization or any system defined role

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role requested does not exist in the organization and neither a system-defined role

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role get-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-role

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role list-policies

List all policies attached to a role

Synopsis

Summary:

This operation will list all policies attached to the given role. The role can be a system defined role or a custom role in the current organization.

Note:

1. Unless roleStatus is specified it will be considered as enabled(default) and we will check if the role is enabled.
2. Unless policyStatus is specified it will be considered as enabled(default) it will get all policies which are enabled. If it’s specified as all it gets all policies irrespective of their status.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

404 (Not Found)

The role you requested is neither a system defined role nor it exists in the current organization.

404 (Not Found)

The roleStatus is sent as disabled but the role is not disabled. So the given role doesn’t match the status criteria and hence not found

423 (Locked)

The roleStatus is sent as enabled but the role is disabled. Then this API should not return the associated policies.

Usage

chef-platform-auth-cli authz role list-policies [flags]

Options

--expand

Expand the policies

Default value: false

--format

to print response in format

Default value: json

-h

--help

help for list-policies

Default value: false

--policyStatus

The Status of the policies to filter by

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--roleStatus

The Status of the roles to filter by

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role modify-policies

Assign specified policies to the role.

Synopsis

Summary:

The API will assign the specified policies to the role as a final set of policies.

Errors

404 (Not Found)

The policy or role you requested does not exist.

422 (Policy validation failed)

The policy or role is a system defined policy not a user defined policy.

423 (Locked)

The role or policy is disabled.

401 (Unauthorized)

The credential used to access this resource is invalid or expired.

403 (Forbidden)

A user with this role is not allowed to access the resource.

500 (Internal Server Error)

Some unexpected errors occurred while requesting this resource.

503 (Service Unavailable)

The request service is not responsive.

Usage

chef-platform-auth-cli authz role modify-policies [flags]

Options

--body

Policies to be attached or detached to the role

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for modify-policies

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role test-role

Test a role

Synopsis

Summary:

This operation can be used to test access to a route and method against a given role

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role requested is neither a system role; nor it exists in the organization

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role test-role [flags]

Options

--body

An URI and HTTP method to test

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for test-role

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "method": "get",
      "path": "http://demo.saas.chef.io/accounts/nodes"
  }
  

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli authz role update-role

Update a role

Synopsis

Summary:

This operation will update an existing role under current org.

Note:

This method will only allow updating of user-defined roles

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

Role doesn’t exist in this organization

409 (Conflict)

Role name already exist in this organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The role does not meet the validation requirements. Reference the errors in the response for more details.

423 (Locked)

Role is not a user-defined role and thus can not be updated

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli authz role update-role [flags]

Options

--body

The role details to be updated

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for update-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli authz role

chef-platform-auth-cli completion

Generate the autocompletion script for the specified shell

Synopsis

Generate the autocompletion script for chef-platform-auth-cli for the specified shell. See each sub-command’s help for details on how to use the generated script.

Options

-h

--help

help for completion

Default value: false

See also

• chef-platform-auth-cli completion bash
• chef-platform-auth-cli completion fish
• chef-platform-auth-cli completion powershell
• chef-platform-auth-cli completion zsh

chef-platform-auth-cli completion bash

Generate the autocompletion script for bash

Synopsis

Generate the autocompletion script for the bash shell.

This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your OS’s package manager.

To load completions in your current shell session:

source <(chef-platform-auth-cli completion bash)

To load completions for every new session, execute once:

Linux:

chef-platform-auth-cli completion bash > /etc/bash_completion.d/chef-platform-auth-cli

macOS:

chef-platform-auth-cli completion bash > $(brew --prefix)/etc/bash_completion.d/chef-platform-auth-cli

You will need to start a new shell for this setup to take effect.

completion-bash package

You must have the bash-completion package installed on your computer to run the completion bash subcommand. To install and configure the package, see the Chef 360 Platform CLI documentation.

Usage

chef-platform-auth-cli completion bash

Options

-h

--help

help for bash

Default value: false

--no-descriptions

disable completion descriptions

Default value: false

See also

• chef-platform-auth-cli completion

chef-platform-auth-cli completion fish

Generate the autocompletion script for fish

Synopsis

Generate the autocompletion script for the fish shell.

To load completions in your current shell session:

chef-platform-auth-cli completion fish | source

To load completions for every new session, execute once:

chef-platform-auth-cli completion fish > ~/.config/fish/completions/chef-platform-auth-cli.fish

You will need to start a new shell for this setup to take effect.

Usage

chef-platform-auth-cli completion fish [flags]

Options

-h

--help

help for fish

Default value: false

--no-descriptions

disable completion descriptions

Default value: false

See also

• chef-platform-auth-cli completion

chef-platform-auth-cli completion powershell

Generate the autocompletion script for powershell

Synopsis

Generate the autocompletion script for powershell.

To load completions in your current shell session:

chef-platform-auth-cli completion powershell | Out-String | Invoke-Expression

To load completions for every new session, add the output of the above command to your powershell profile.

Usage

chef-platform-auth-cli completion powershell [flags]

Options

-h

--help

help for powershell

Default value: false

--no-descriptions

disable completion descriptions

Default value: false

See also

• chef-platform-auth-cli completion

chef-platform-auth-cli completion zsh

Generate the autocompletion script for zsh

Synopsis

Generate the autocompletion script for the zsh shell.

If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once:

echo "autoload -U compinit; compinit" >> ~/.zshrc

To load completions in your current shell session:

source <(chef-platform-auth-cli completion zsh)

To load completions for every new session, execute once:

Linux:

chef-platform-auth-cli completion zsh > "${fpath[1]}/_chef-platform-auth-cli"

macOS:

chef-platform-auth-cli completion zsh > $(brew --prefix)/share/zsh/site-functions/_chef-platform-auth-cli

You will need to start a new shell for this setup to take effect.

Usage

chef-platform-auth-cli completion zsh [flags]

Options

-h

--help

help for zsh

Default value: false

--no-descriptions

disable completion descriptions

Default value: false

See also

• chef-platform-auth-cli completion

chef-platform-auth-cli deregister-device

De-register a device

Synopsis

Use this operation to de-register a device

Usage

chef-platform-auth-cli deregister-device [flags]

Options

--force

force remove profile from local list of profiles, even on error from server

Default value: false

-f

--format

to print response in format

Default value: json

-h

--help

help for deregister-device

Default value: false

--profile

name for the profile of the new api-token

Default value: default

-v

--verbose

to show debug logs

Default value: false

See also

chef-platform-auth-cli get-default-profile

Get default profile for request

Usage

chef-platform-auth-cli get-default-profile [flags]

Options

-h

--help

help for get-default-profile

Default value: false

See also

chef-platform-auth-cli keygen

Generate Ed25519 private/public key pairs for signing

Synopsis

Generate Ed25519 private/public key pairs for signing purposes.

Usage

chef-platform-auth-cli keygen [flags]

Options

-f

--force

Overwrite existing key files

Default value: false

-h

--help

help for keygen

Default value: false

-n

--name

Base name for key files (will generate <name>_private.pem and <name>_public.pem)

Default value: ed25519

-o

--output

Output directory path for key pair

Default value: ./

See also

chef-platform-auth-cli license-management

Commands for license management

Synopsis

Commands for managing license management

Options

-h

--help

help for license-management

Default value: false

See also

• chef-platform-auth-cli license-management asset
• chef-platform-auth-cli license-management entitlement
• chef-platform-auth-cli license-management feature
• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management asset

Commands related to asset

Options

-h

--help

help for asset

Default value: false

See also

• chef-platform-auth-cli license-management
• chef-platform-auth-cli license-management asset get-asset
• chef-platform-auth-cli license-management asset list-assets

chef-platform-auth-cli license-management asset get-asset

Get the Asset details

Synopsis

Summary:

Use this operation to get the asset details based on the given license ids and AssetId or AssetName.

Errors

400 (Bad Request)

The licenses do not exist in the tenant

402 (License not entitled)

The licenses are all disabled

422 (Unprocessable Content)

Both Asset Id and Asset Name cannot be blank

422 (Unprocessable Content)

Either Asset Id or Asset Name should be given; Not both

Usage

chef-platform-auth-cli license-management asset get-asset [flags]

Options

--assetId

Asset id to fetch the details

--assetName

Asset name to fetch the details

--format

to print response in format

Default value: json

-h

--help

help for get-asset

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management asset

chef-platform-auth-cli license-management asset list-assets

Get all assets

Synopsis

Summary:

Use this operation to list all the Assets for the given license Id(s)

Errors

404 (Not Found)

The license(s) do not exist in the tenant

Usage

chef-platform-auth-cli license-management asset list-assets [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-assets

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management asset

chef-platform-auth-cli license-management entitlement

Commands related to entitlement

Options

-h

--help

help for entitlement

Default value: false

See also

• chef-platform-auth-cli license-management
• chef-platform-auth-cli license-management entitlement get-entitlement
• chef-platform-auth-cli license-management entitlement list-entitlements

chef-platform-auth-cli license-management entitlement get-entitlement

Get the Entitlement details

Synopsis

Summary:

Use this operation to get the entitlement details based on the given license ids, quantity, date and the Entitlement Id.

Errors

400 (Bad Request)

The licenses do not exist in the tenant

402 (License not entitled)

The licenses are all disabled

422 (Unprocessable Content)

Both Entitlement Id and Entitlement Name cannot be blank

422 (Unprocessable Content)

Either Entitlement Id or Entitlement Name should be given

Usage

chef-platform-auth-cli license-management entitlement get-entitlement [flags]

Options

--date

date to validate the license entitlement (format :- YYYY-MM-DD)

--entitlementId

Entitlement id to fetch the details

--entitlementName

Entitlement name to fetch the details

--format

to print response in format

Default value: json

-h

--help

help for get-entitlement

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--quantity

quantity of entitlement

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management entitlement

chef-platform-auth-cli license-management entitlement list-entitlements

Get all entitlements

Synopsis

Summary:

Use this operation to list all the Entitlements for the given license Id(s)

Errors

400 (Bad Request)

The licenses do not exist in the tenant

Usage

chef-platform-auth-cli license-management entitlement list-entitlements [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-entitlements

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management entitlement

chef-platform-auth-cli license-management feature

Commands related to feature

Options

-h

--help

help for feature

Default value: false

See also

• chef-platform-auth-cli license-management
• chef-platform-auth-cli license-management feature get-feature
• chef-platform-auth-cli license-management feature list-features

chef-platform-auth-cli license-management feature get-feature

Get the Feature details

Synopsis

Summary:

Use this operation to get the feature details based on the given license ids and FeatureId or FeatureName.

Errors

400 (Bad Request)

The license(s) do not exist in the tenant

402 (License not entitled)

The licenses are all disabled

422 (Unprocessable Content)

Both Feature Id and Feature Name cannot be blank

422 (Unprocessable Content)

Either Feature Id or Feature Name should be given

Usage

chef-platform-auth-cli license-management feature get-feature [flags]

Options

--featureId

Feature id to fetch the details

--featureName

Feature name to fetch the details

--format

to print response in format

Default value: json

-h

--help

help for get-feature

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management feature

chef-platform-auth-cli license-management feature list-features

Get all features

Synopsis

Summary:

Use this operation to list all the Features for the given license Id(s)

Errors

400 (Bad Request)

The licenses do not exist in the tenant

Usage

chef-platform-auth-cli license-management feature list-features [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-features

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management feature

chef-platform-auth-cli license-management license

Commands related to license

Options

-h

--help

help for license

Default value: false

See also

• chef-platform-auth-cli license-management
• chef-platform-auth-cli license-management license client-license
• chef-platform-auth-cli license-management license describe-license
• chef-platform-auth-cli license-management license disable-license
• chef-platform-auth-cli license-management license download-license
• chef-platform-auth-cli license-management license enable-license
• chef-platform-auth-cli license-management license list-licenses
• chef-platform-auth-cli license-management license load-license
• chef-platform-auth-cli license-management license remove-license
• chef-platform-auth-cli license-management license sync-license
• chef-platform-auth-cli license-management license upload-license
• chef-platform-auth-cli license-management license validate-license

chef-platform-auth-cli license-management license client-license

List client applications

Synopsis

Summary:

Use this operation to provide the client applications based on given license Ids and entitlement Id

Errors

400 (Bad Request)

The licenses you requested does not exist in the tenant

402 (License not entitled)

The licenses are all disabled

422 (Unprocessable Content)

Entitlement Id cannot be blank

Usage

chef-platform-auth-cli license-management license client-license [flags]

Options

--entitlementId

Entitlement id to fetch the details

--format

to print response in format

Default value: json

-h

--help

help for client-license

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license describe-license

Describe a license

Synopsis

Summary:

Use this operation to describe a license based on given license Ids and entitlement Id

Errors

404 (Not Found)

The licenses you requested does not exist in the tenant

402 (License not entitled)

The licenses are all disabled

422 (Unprocessable Content)

Entitlement Id cannot be blank

Usage

chef-platform-auth-cli license-management license describe-license [flags]

Options

--entitlementId

Entitlement id to fetch the details

--format

to print response in format

Default value: json

-h

--help

help for describe-license

Default value: false

--licenseIds

comma separated list of License Ids

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license disable-license

Disable a license

Synopsis

Summary:

Use this operation to disable a license under a tenant in the local datastore

Errors

404 (Not Found)

The license you requested does not exist in the tenant

400 (Bad Request)

The license you requested is not valid

409 (Conflict)

The license is already disabled

Usage

chef-platform-auth-cli license-management license disable-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-license

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--licenseId

the License id

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license download-license

Download a license

Synopsis

Summary:

Use this operation download a license in a tenant

Errors

404 (Not Found)

The license you requested does not exist in the tenant

423 (Locked)

The license is disabled in the tenant

Usage

chef-platform-auth-cli license-management license download-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for download-license

Default value: false

--licenseId

the License id

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

--version

the license version

Default value: 2

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license enable-license

Enable a license

Synopsis

Summary:

Use this operation to enable a license under a tenant in the local datastore

Errors

404 (Not Found)

The license you requested does not exist in the tenant

400 (Bad Request)

The license you requested is not valid

409 (Conflict)

The license is already enabled

Usage

chef-platform-auth-cli license-management license enable-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-license

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--licenseId

the License id

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license list-licenses

List licenses

Synopsis

Summary:

Use this operation to list all the license present in the local data store in a tenant

Errors

Usage

chef-platform-auth-cli license-management license list-licenses [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-licenses

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license load-license

Load a license

Synopsis

Summary:

Use this operation to load the license information. This endpoint is useful in non- airgap mode. It downloads the License information from Global Service, and then adds it to Local license datastore.

Errors

404 (Not Found)

The license you requested does not exist

400 (Bad Request)

The license you requested is not valid

400 (Bad Request)

This API can’t be used in AirGap mode

Usage

chef-platform-auth-cli license-management license load-license [flags]

Options

--body

Load the license information in local datastore

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for load-license

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "licenseId": "J7C16R6HE4Z4Q9WX1Y67W9J9SF"
  }
  

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license remove-license

Remove a license

Synopsis

Summary:

Use this operation to remove a license under a tenant in the local datastore

Errors

404 (Not Found)

The license you requested does not exist in the tenant

400 (Bad Request)

The license you requested is not valid

409 (Conflict)

The license is already removed from the tenant

Usage

chef-platform-auth-cli license-management license remove-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for remove-license

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--licenseId

the License id

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license sync-license

Sync all licenses

Synopsis

Summary:

Use this operation to sync all licenses under a tenant in the local datastore. This doesn’t change the state of licenses present in local datastore.

Errors

400 (Bad Request)

This API can’t be used in AirGap mode

Usage

chef-platform-auth-cli license-management license sync-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for sync-license

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license upload-license

Upload a license

Synopsis

Summary:

Use this operation to upload the license information. This endpoint is useful in airgap mode. It takes the license information as input, and then adds/updates it to Local license datastore.

Errors

400 (Bad Request)

The license Id present in request body is invalid

400 (Bad Request)

Evidence present in request body is invalid

Usage

chef-platform-auth-cli license-management license upload-license [flags]

Options

--body

Load the license information in local datastore

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for upload-license

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "asset": [],
      "bundle": "Chef Automate",
      "customerVersion": "1",
      "entitlements": [
          {
              "grace": {
                  "duration": 90,
                  "limit": 0
              },
              "id": "c770f0fa-7fa1-4c5b-b694-7b5462595f35",
              "limit": 1,
              "measure": "node",
              "name": "Automate",
              "period": {
                  "end": "2024-07-31T00:00:00Z",
                  "start": "2021-07-31T00:00:00Z"
              }
          },
          {
              "grace": {
                  "duration": 90,
                  "limit": 1250
              },
              "id": "a5213d76-181f-4924-adba-4b7ed2b098b5",
              "limit": 2500,
              "measure": "node",
              "name": "Infra",
              "period": {
                  "end": "2024-07-31T00:00:00Z",
                  "start": "2021-07-31T00:00:00Z"
              }
          }
      ],
      "evidence": {
          "generated": "1706165217",
          "hash": "8e975550e20a6c70bb9d7dcf3f5958a6",
          "key_sha256": "0673e757a64ec284a1dd2f3700456ea6e44489aa3096c32f34cd67394dc22a21"
      },
      "features": [],
      "generatedOnDateUTC": "2023-12-25T06:46:57Z",
      "generator": "chef/license-(devel)",
      "id": "02e9b148-d2f6-4ea1-8998-b591506fc973",
      "refreshLastDateUTC": "2024-01-15T06:46:57Z",
      "refreshNextDateUTC": "2024-04-25T06:46:57Z",
      "services": [],
      "type": "commercial",
      "version": "2"
  }
  

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-management license validate-license

Validate a license Id

Synopsis

Summary:

Use this operation validate if a licenseId is present in tenant or not

Errors

400 (Bad Request)

The license you requested does not exist in the tenant

423 (Locked)

The license is disabled in the tenant

Usage

chef-platform-auth-cli license-management license validate-license [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for validate-license

Default value: false

--licenseId

the License id

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

--version

the license version

Default value: 2

See also

• chef-platform-auth-cli license-management license

chef-platform-auth-cli license-usage

Commands for license usage

Synopsis

Commands for managing license usage

Options

-h

--help

help for license-usage

Default value: false

See also

• chef-platform-auth-cli license-usage audit

chef-platform-auth-cli license-usage audit

Commands related to audit

Options

-h

--help

help for audit

Default value: false

See also

• chef-platform-auth-cli license-usage
• chef-platform-auth-cli license-usage audit get-usage
• chef-platform-auth-cli license-usage audit list-audit
• chef-platform-auth-cli license-usage audit list-audits

chef-platform-auth-cli license-usage audit get-usage

get the audit details for a specific date

Synopsis

Summary:

Use this to get the specific audit details for a given service for a specific date

Notes:

This response is polymorphic the resulting item arry will be unique to the service selected.

Errors

404 (Not Found)

The date requested contains no audits

404 (Not Found)

The service requested was not audited on the requested date

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

Usage

chef-platform-auth-cli license-usage audit get-usage [flags]

Options

--date

date of an audit (format :- YYYY-MM-DD)

--format

to print response in format

Default value: json

-h

--help

help for get-usage

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-usage audit

chef-platform-auth-cli license-usage audit list-audit

Lists the services audit for a specific date

Synopsis

Summary:

Use this operation when there is a need to view the specific services that were audited on a specific date

Errors

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

Usage

chef-platform-auth-cli license-usage audit list-audit [flags]

Options

--date

date of an audit (format :- YYYY-MM-DD)

--format

to print response in format

Default value: json

-h

--help

help for list-audit

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-usage audit

chef-platform-auth-cli license-usage audit list-audits

List Consumption Audits

Synopsis

Summary:

This operation will list consumption audits

Errors

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

Usage

chef-platform-auth-cli license-usage audit list-audits [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-audits

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--status

The Status of an Usage Audit

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli license-usage audit

chef-platform-auth-cli list-profile-names

Get the list of profile names available

Usage

chef-platform-auth-cli list-profile-names [flags]

Options

-h

--help

help for list-profile-names

Default value: false

See also

chef-platform-auth-cli node-account

Commands for node account

Synopsis

Commands for managing node account

Options

-h

--help

help for node-account

Default value: false

See also

• chef-platform-auth-cli node-account node
• chef-platform-auth-cli node-account self

chef-platform-auth-cli node-account node

Commands related to node

Options

-h

--help

help for node

Default value: false

See also

• chef-platform-auth-cli node-account
• chef-platform-auth-cli node-account node assign-role
• chef-platform-auth-cli node-account node delete-node
• chef-platform-auth-cli node-account node delete-role
• chef-platform-auth-cli node-account node disable-node
• chef-platform-auth-cli node-account node disable-role
• chef-platform-auth-cli node-account node enable-node
• chef-platform-auth-cli node-account node enable-role
• chef-platform-auth-cli node-account node find-node
• chef-platform-auth-cli node-account node get-node
• chef-platform-auth-cli node-account node get-nodeByRef
• chef-platform-auth-cli node-account node get-role
• chef-platform-auth-cli node-account node list-roles
• chef-platform-auth-cli node-account node register-node
• chef-platform-auth-cli node-account node rotate-credentials
• chef-platform-auth-cli node-account node update-credentials
• chef-platform-auth-cli node-account node verify-role

chef-platform-auth-cli node-account node assign-role

Assigns a node a new role

Synopsis

Summary:

Use this operation to assign a new role to an existing node.

Note:

Until this node is assigned credentials it will not be able to communicate with the platform and will remain in the registered status

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role you requested does not exist in the organization

409 (Conflict)

The role is already assigned to this node

409 (Conflict)

The requested node is disabled, please enable the node before requesting credential rotation

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node assign-role [flags]

Options

--body

Role to be assigned to this node

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for assign-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node delete-node

Delete a node

Synopsis

Summary:

Use this operation to remove a node. This will prevent all services/agents running on the node from communicating with the platform.

WARNING Deleted node can no longer communicate with the platform, but may still be running. Once a node has been deleted to enable communication again it must be re-enrolled

Notes:

This will have no effect for services/operations not managed by Chef Platform. e.g. chef client communicating directly to Infra Server.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node or role you requested does not exist in the organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node delete-node [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-node

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node delete-role

Deletes a node roles

Synopsis

Summary:

Use this operation to remove a nodes role. This will disable all services/agents running on the node that are managed by Chef Platform.

WARNING Deleted node roles can no longer communicate with the platform, but may still be running. Once a role has been deleted to enable communication again from this node’s role it must be assigned (authorized), and then new credentials need to be issued. If a node’s role has been deleted consider removing the skill and re-installing it or performing a node re-enrollment

Notes:

This will have no effect for services/operations not managed by Chef Platform. e.g. chef client communicating directly to Infra Server.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node or role you requested does not exist in the organization

404 (Not Found)

The role you requested is not assigned to this node in the organization

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node delete-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node disable-node

Disable a node

Synopsis

Summary:

Use this operation when there is a need to disable a node without deleting items. This will disable all services/agents running on the node that are managed by Chef Platform.

WARNING Disabled nodes can no longer communicate with the platform, but may still be running. All actions preformed by this node will fail until enabled.

Notes:

1.) This operation does not rotate or revoke credentials for the node. Once re-enabled the node will continue to communicate using the same credentials.
2.) This will have no effect for services/operations not managed by Chef Platform. e.g. chef client communicating directly to Infra Server.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

409 (Conflict)

Expect this error code if the node is already disabled.

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node disable-node [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-node

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node disable-role

Disable a node’s role (agent/service)

Synopsis

Summary:

Use this operation when there is a need to disable a single role for a node without deleting that role. This will disable that specific (services/agents) ability to communicate with the Chef Platform.

WARNING Disabled node’s role can no longer communicate with the platform, but may still be running. All actions preformed by this node for this role will fail until enabled.

Notes:

1.) This operation does not rotate or revoke credentials for the node’s role. Once re-enabled the node’s role will continue to communicate using the same credentials.
2.) This will have no effect for services/operations not managed by Chef Platform. e.g. chef client communicating directly to Infra Server.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The node’s role you requested is not assigned to this role for the organization

409 (Conflict)

Expect this error code if the node’s role is already disabled.

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node disable-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node enable-node

Enable a node

Synopsis

Summary:

Use this operation to enable a disabled node. This will allow enabled services/agents running on the node to communicate with the platform.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

409 (Conflict)

Expect this error code if the node is already enabled.

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node enable-node [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-node

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node enable-role

Enable a node’s role (agent/service)

Synopsis

Summary:

Use this operation to enable a disabled node’s role. This will allow enabled the role (services/agents) running on the node to communicate with the platform.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The node’s role you requested is not assigned to this role for the organization

409 (Conflict)

Expect this error code if the node’s role is already enabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node enable-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-role

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node find-node

Find nodes

Synopsis

Summary:

This method will allow users to search for nodes in the current organization.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node find-node [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for find-node

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--status

The Status of the Node to filter by

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node get-node

Get a node

Synopsis

Summary:

Use this operation get an authorized node

Notes

This is not the same as loading a node from node management. This will only load the authorization information about a node

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node get-node [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-node

Default value: false

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node get-nodeByRef

Get a node by node ref id

Synopsis

Summary:

Use this operation get an authorized node using the node ref id that is present in node management

Notes

This is not the same as loading a node from node management. This will only load the authorization information about a node

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node get-nodeByRef [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-nodeByRef

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--refId

ID of a node ref

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node get-role

Get a node assigned role

Synopsis

Summary:

Use this operation to get the details on an assigned node’s role

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The role you requested is not assigned to this node in the organization

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node get-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-role

Default value: false

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node list-roles

List node assigned roles

Synopsis

Summary:

Use this operation to list all of a node’s assigned roles

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node list-roles [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-roles

Default value: false

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node register-node

Registers a node

Synopsis

Summary:

This method will allow a new node to be registered with the platform. Registered nodes are allowed to have roles assigned to them. Node assigned roles are then used by agents (on the node) to communicate with the platform.

WARNING registering a node will not by itself allow the node to communicate with the plaform. A role must be created for the node for each service/agent running on that node.

Note:

1.) A registered node must FIRST existing in the node management catalog before being registered

Process of manually enrolling a node:

1.) Node is added to node management database
2.) Register the node with the platform accounts system
3.) Assign the desired role (for the node)
4.) Force credential rotation
5.) Install the service/agent
6.) Configure the agent with the credentials from Step 4

Note:

Nodes can exist in Node Management that do not exist in the Identity (accounts) database, but no node may exist as an identity that do not exist in node management

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

409 (Conflict)

Node is already registered

410 (Gone)

The attempt to register the node failed as the node is a symbolic link in node management or has been removed

422 (Unprocessable Content)

The request query string options does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node register-node [flags]

Options

--body

The node to be registerd

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for register-node

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node rotate-credentials

Request credential rotation

Synopsis

Summary:

Use this operation to request a node to rotate it’s credentials for a given role (agent/service). Post this agents will automatically rotate their keys whenever a next request is made.

Notes:

1.) This operation allows the agent itself to rotate it’s credentials it does not revoke credentials for a node.
2.) If a node has more than one role (service/agent) running on that node, this will only rotate the credentials for the supplied role

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The node’s role you requested is not assigned to this node for the organization

409 (Conflict)

The requested node is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is disabled, please enable the node’s role before requesting credential rotation

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node rotate-credentials [flags]

Options

--body

Credentials rotation parameters

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for rotate-credentials

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node update-credentials

Manual credential rotation

Synopsis

Summary:

Use this operation to manually rotate credentials for a given node’s role (agent/service).

WARNING Use this operation with extreme care, under normal cermunstatices a node will automaticly roate it’s own credentials. This should only be used if you have implemented a custom service or credential rotation process.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The node’s role you requested is not assigned to this node for the organization

409 (Conflict)

The requested node is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is not scheduled for a credential rotation. Request credential rotation first

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

423 (Locked)

The credentials for this role have already expired. Please delete the role, and re-provision.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node update-credentials [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for update-credentials

Default value: false

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account node verify-role

Verify a node’s assigned

Synopsis

Summary:

Use this operation to check to see if the node has this role assigned

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in the organization

404 (Not Found)

The role you requested does not exist in the organization

404 (Not Found)

The role you requested is not assigned to this node in the organization

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account node verify-role [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for verify-role

Default value: false

--nodeId

ID of a node

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account node

chef-platform-auth-cli node-account self

Commands related to self

Options

-h

--help

help for self

Default value: false

See also

• chef-platform-auth-cli node-account
• chef-platform-auth-cli node-account self rotate-credentials
• chef-platform-auth-cli node-account self rotate-credentials-by-roleId

chef-platform-auth-cli node-account self rotate-credentials

Self credential rotation

Synopsis

Summary:

Use this operation to rotate credentials for the current node’s role (agent/service).

WARNING Use this operation with extreme care, under normal circumstances a node will automaticly call this method to rotate it’s own credentials. This should only be used if you have implemented a custom service or credential rotation process.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in this organisation

404 (Not Found)

The role requested does not exist in this organisation

404 (Not Found)

The node’s role you requested is not assigned to this node for the organization

409 (Conflict)

The requested node is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is not scheduled for a credential rotation. Request credential rotation first

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

423 (Locked)

The credentials for this role have already expired. Please delete the role, and re-provision.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account self rotate-credentials [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for rotate-credentials

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account self

chef-platform-auth-cli node-account self rotate-credentials-by-roleId

Self credential rotation with provided roleId

Synopsis

Summary:

Response after rotating self credentials for a role.

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The node you requested does not exist in this organisation

404 (Not Found)

The role requested does not exist in this organisation

404 (Not Found)

The node’s role you requested is not assigned to this node for the organization

409 (Conflict)

The requested node is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is disabled, please enable the node before requesting credential rotation

409 (Conflict)

The requested role (agent/service) is not scheduled for a credential rotaton. Request credential rotation first

412 (Precondition Failed)

If the “If-Match” header is included in the request, th.is error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

423 (Locked)

The credentials for this role have already expired. Please delete the role, and re-provision.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli node-account self rotate-credentials-by-roleId [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for rotate-credentials-by-roleId

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--roleId

ID of a Role

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli node-account self

chef-platform-auth-cli register-device

register a device and get api-token for device login

Usage

chef-platform-auth-cli register-device [flags]

Options

--cafile

path to ca file

--device-name

name of the device

Default value: device

-f

--format

to print response in format

Default value: json

-h

--help

help for register-device

Default value: false

-i

--insecure

insecure skip verify

Default value: false

--overwrite

this flag is used to overwrite the old profile if the profile for profile name provided already exists

Default value: false

--profile-name

name for the profile of the new api-token

--url

tenant url

-v

--verbose

to show debug logs

Default value: false

See also

chef-platform-auth-cli set-default-profile

Set default profile for request

Usage

chef-platform-auth-cli set-default-profile [flags]

Options

-h

--help

help for set-default-profile

Default value: false

See also

chef-platform-auth-cli system

Commands for managing system

Synopsis

Commands for managing system like org or tenant

Options

-h

--help

help for system

Default value: false

See also

• chef-platform-auth-cli system organization
• chef-platform-auth-cli system tenant

chef-platform-auth-cli system organization

Commands related to organization

Options

-h

--help

help for organization

Default value: false

See also

• chef-platform-auth-cli system
• chef-platform-auth-cli system organization create-organization
• chef-platform-auth-cli system organization disable-organization
• chef-platform-auth-cli system organization enable-organization
• chef-platform-auth-cli system organization get-organization
• chef-platform-auth-cli system organization list-organizations
• chef-platform-auth-cli system organization my-organization
• chef-platform-auth-cli system organization my-organization-defaults-status
• chef-platform-auth-cli system organization organization-defaults-creation
• chef-platform-auth-cli system organization update-organization
• chef-platform-auth-cli system organization verify-organization

chef-platform-auth-cli system organization create-organization

CREATE a organization

Synopsis

Creates a new Organizational Unit in the current logged in tenant. The current user will be assigned the default admin role in the new OU. — ### Errors

400 (Bad Request) Malformed-Request

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

409 (Conflict) Expect this error code if organization with same name already exist.

422 (Unprocessable Content) The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization create-organization [flags]

Options

--body

The organization to be created

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for create-organization

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "createDefaultSkillAssembly": true,
      "createDefaults": true,
      "description": "First OU",
      "name": "MyOU"
  }
  

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization disable-organization

DISABLE a organization

Synopsis

Disable a currently enabled organization

WARNING Disable OU will stop all existing sessions. All nodes under the OU will not be able to communicate with platform. Users won’t be able to login

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The organization does not exist

409 (Conflict)

Expect this error code if the organization is already disabled.

422 (Unprocessable Content)

The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization disable-organization [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-organization

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization enable-organization

ENABLE a organization

Synopsis

Enable a currently disabled organization
— ### Errors

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

404 (Not Found) The organization does not exist

409 (Conflict) Expect this error code if the organization is already enabled.

422 (Unprocessable Content) The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization enable-organization [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-organization

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization get-organization

READ a organization

Synopsis

Use this api to get an organization details — ### Errors

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

404 (Not Found) The organization does not exist

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization get-organization [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-organization

Default value: false

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization list-organizations

LIST all organizations in the current logged in tenant

Synopsis

This method will list all organizational units in the current logged in tenant; optionally filtered by organizational units status (indicated in the query)

Errors

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization list-organizations [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for list-organizations

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--status

The Status to filter the Organization list by

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization my-organization

GET the organization of the current logged in user

Synopsis

This method will get organizational unit details of the current logged in user

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization my-organization [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for my-organization

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization my-organization-defaults-status

GET the defaults status of the organization of the current logged in user

Synopsis

This method will get default status of organizational unit of the current logged in user

Errors

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization my-organization-defaults-status [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for my-organization-defaults-status

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization organization-defaults-creation

create defaults for an existing organization

Synopsis

This api can be used to create the defaults for an existing organization. — ### Errors

400 (Bad Request) Malformed-Request

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

404 (Not Found) The organization does not exist

422 (Unprocessable Content) The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization organization-defaults-creation [flags]

Options

--body

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for organization-defaults-creation

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "createDefaultSkillAssembly": true
  }
  

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization update-organization

UPDATE a organization

Synopsis

This api can be used to update OU details. — ### Errors

400 (Bad Request) Malformed-Request

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

404 (Not Found) The organization does not exist

422 (Unprocessable Content) The requested payload does not meet the validation requirements. Reference the errors in the response for more details.

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization update-organization [flags]

Options

--body

The organization to be updated

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for update-organization

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "description": "First OU",
      "name": "MyOU"
  }
  

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system organization verify-organization

VERIFY a organization

Synopsis

Verify if the organization is enabled. — ### Errors

401 (Unauthorised) The credential used to access this resource is invalid/expired

403 (Forbidden) User with this role is not allowed to access the resource

404 (Not Found) The organization does not exist

500 (Internal Server Error) Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system organization verify-organization [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for verify-organization

Default value: false

--orgId

ID of an Organizational Unit

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system organization

chef-platform-auth-cli system tenant

Commands related to tenant

Options

-h

--help

help for tenant

Default value: false

See also

• chef-platform-auth-cli system
• chef-platform-auth-cli system tenant get-tenant-root-ca

chef-platform-auth-cli system tenant get-tenant-root-ca

GET the root CA certificate of the tenant

Synopsis

Use this API to get the root CA certificate for a tenant.

Errors

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli system tenant get-tenant-root-ca [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-tenant-root-ca

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli system tenant

chef-platform-auth-cli user-account

Commands for user account

Synopsis

Commands for managing user account

Options

-h

--help

help for user-account

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey
• chef-platform-auth-cli user-account identity
• chef-platform-auth-cli user-account jwt
• chef-platform-auth-cli user-account self
• chef-platform-auth-cli user-account user

chef-platform-auth-cli user-account applicationkey

Commands related to applicationkey

Options

-h

--help

help for applicationkey

Default value: false

See also

• chef-platform-auth-cli user-account
• chef-platform-auth-cli user-account applicationkey create-applicationKey
• chef-platform-auth-cli user-account applicationkey delete-applicationKey
• chef-platform-auth-cli user-account applicationkey disable-applicationKey
• chef-platform-auth-cli user-account applicationkey enable-applicationKey
• chef-platform-auth-cli user-account applicationkey get-applicationKey
• chef-platform-auth-cli user-account applicationkey get-applicationKeys
• chef-platform-auth-cli user-account applicationkey rotate-applicationKey
• chef-platform-auth-cli user-account applicationkey update-applicationKey

chef-platform-auth-cli user-account applicationkey create-applicationKey

Create application key for new node enrollment

Synopsis

Summary:

Creates a new application key for client node enrollment.

Errors

400 (Bad Request)

Bad request

401 (Unauthorised)

The credential used to access this resource is invalid or expired.

403 (Forbidden)

User with this role is not allowed to access the resource.

404 (Not Found)

The roleId or cohortId does not exist.

409 (Conflict)

The application key with the provided name already exists.

423 (Locked)

The targeted resource is currently locked and cannot be modified.

500 (Internal Server Error)

Some unexpected error occurred while processing the request.

Usage

chef-platform-auth-cli user-account applicationkey create-applicationKey [flags]

Options

--body

create application key

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for create-applicationKey

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "allowedPlatforms": "windows,linux",
      "cohortId": "2b4a84db-a107-4b2e-9a2f-85eef74686c1",
      "description": "description of application",
      "expiryAt": "2025-05-20T04:05:06Z",
      "ipCIDRs": "192.168.0.0/24",
      "ipRanges": "192.168.0.1-192.168.0.40",
      "macAddresses": "00-11-22-33-44-AA,00-11-22-33-44-FF",
      "name": "application key name",
      "roleId": "39dc4a06-d52a-435f-a2b1-6dec1ffee854",
      "type": "enrollment-cli"
  }
  

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey delete-applicationKey

Delete an application key in current tenant

Synopsis

Summary:

Use this operation to delete an application key in the current tenant

Errors

404 (Not Found)

The user you requested does not exist in the current tenant

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account applicationkey delete-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--format

to print response in format

Default value: json

-h

--help

help for delete-applicationKey

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey disable-applicationKey

Disable an application key.

Synopsis

Summary:

Use this operation when there is a need to disable an application key.

Errors

404 (Not Found)

The application key you requested does not exist in the current organizational unit.

409 (Conflict)

The application key is already disabled.

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource.

Usage

chef-platform-auth-cli user-account applicationkey disable-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--format

to print response in format

Default value: json

-h

--help

help for disable-applicationKey

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey enable-applicationKey

Enable an application key.

Synopsis

Summary:

Use this operation to enable an application key.

Errors:

404 (Not Found)

The application key you requested does not exist in the current organizational unit.

409 (Conflict)

The application key is already enabled.

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorized)

The credential used to access this resource is invalid/expired

403 (Forbidden)

Application key with this user is not allowed to access the resource.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource.

Usage

chef-platform-auth-cli user-account applicationkey enable-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--format

to print response in format

Default value: json

-h

--help

help for enable-applicationKey

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey get-applicationKey

Get details of an application key in the current tenant

Synopsis

Summary:

Use this operation to get an application key in the current tenant

Errors

404 (Not Found)

The application key you requested does not exist in the tenant

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account applicationkey get-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--format

to print response in format

Default value: json

-h

--help

help for get-applicationKey

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey get-applicationKeys

Get all application keys

Synopsis

Summary:

Returns a paginated list of application keys. The response includes detailed information about each application key.

The results can be filtered by:

• Status (enabled/disabled)
• Type (e.g., enrollment-cli)

Errors

400 (Bad Request)

The request parameters are invalid or malformed.

401 (Unauthorized)

Authentication credentials are missing or invalid.

403 (Forbidden)

The authenticated user does not have permission to access this resource.

500 (Internal Server Error)

An unexpected error occurred while processing the request.

Usage

chef-platform-auth-cli user-account applicationkey get-applicationKeys [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-applicationKeys

Default value: false

--pagination.page

what page of the pagination

Default value: 1

--pagination.size

items per page

Default value: 10

--profile

name of the profile to be used for cmd

Default value: default

--status

the status of the application key

--type

The type of the application key

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey rotate-applicationKey

Rotate credentials of an application key.

Synopsis

Summary:

This API will generate an encrypted base64 encoded binary config file for user download.

Errors:

400 (Bad Request)

Invalid request parameters. Ensure the applicationKeyId is correct.

404 (Not Found)

The requested application key does not exist.

401 (Unauthorized)

The credential used to access this resource is invalid/expired.

403 (Forbidden)

User with this role is not allowed to access the resource.

423 (Locked)

The requested application key is disabled, please enable it before requesting credential rotation.

423 (Locked)

The requested application key is already expired.

500 (Internal Server Error)

Some unexpected error occurred while processing this request.

Usage

chef-platform-auth-cli user-account applicationkey rotate-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--file-name

path to file in the local system to write response body

--format

to print response in format

Default value: json

-h

--help

help for rotate-applicationKey

Default value: false

--override-file

to override file if already exists

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account applicationkey update-applicationKey

Update an application key in current tenant

Synopsis

Summary:

This operation will update an application key

Errors

409 (Conflict)

Application Key name is already in use

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

422 (Unprocessable Content)

The Application key does not meet the validation requirements. Reference the errors in the response for more details.

423 (Locked)

The Application key is disabled/expired

404 (Not Found)

The application key you requested does not exist in the tenant

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account applicationkey update-applicationKey [flags]

Options

--applicationKeyId

ID of an Application Key.

--body

The updated application key information

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for update-applicationKey

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "allowedPlatforms": "linux",
      "cohortId": "2b4a84db-a107-4b2e-9a2f-85eef74686c1",
      "description": "description of application",
      "expiryAt": "2025-05-20T04:05:06Z",
      "id": "a852c042-f9b4-45c7-a988-035412692685",
      "ipCIDRs": "192.168.0.0/24",
      "ipRanges": "192.168.0.1-192.168.0.40",
      "macAddresses": "00-11-22-33-44-AA,00-11-22-33-44-FE",
      "name": "application key name",
      "roleId": "39dc4a06-d52a-435f-a2b1-6dec1ffee854",
      "type": "enrollment-cli"
  }
  

See also

• chef-platform-auth-cli user-account applicationkey

chef-platform-auth-cli user-account identity

Commands related to identity

Options

-h

--help

help for identity

Default value: false

See also

• chef-platform-auth-cli user-account
• chef-platform-auth-cli user-account identity authorise-device
• chef-platform-auth-cli user-account identity change-password
• chef-platform-auth-cli user-account identity create-identity
• chef-platform-auth-cli user-account identity delete-identity
• chef-platform-auth-cli user-account identity device-api-token
• chef-platform-auth-cli user-account identity device-deregister
• chef-platform-auth-cli user-account identity device-register
• chef-platform-auth-cli user-account identity disable-device
• chef-platform-auth-cli user-account identity disable-identity
• chef-platform-auth-cli user-account identity enable-device
• chef-platform-auth-cli user-account identity enable-identity
• chef-platform-auth-cli user-account identity expire-password
• chef-platform-auth-cli user-account identity get-authorise-page
• chef-platform-auth-cli user-account identity get-identity
• chef-platform-auth-cli user-account identity get-jwt
• chef-platform-auth-cli user-account identity get-login-page
• chef-platform-auth-cli user-account identity get-password-set-page
• chef-platform-auth-cli user-account identity get-self-user
• chef-platform-auth-cli user-account identity list-users
• chef-platform-auth-cli user-account identity login-identity
• chef-platform-auth-cli user-account identity logout-all-identity
• chef-platform-auth-cli user-account identity logout-identity
• chef-platform-auth-cli user-account identity refresh-jwt
• chef-platform-auth-cli user-account identity reset-password
• chef-platform-auth-cli user-account identity set-password
• chef-platform-auth-cli user-account identity update-identity
• chef-platform-auth-cli user-account identity update-self-user

chef-platform-auth-cli user-account identity authorise-device

Device authorisation

Synopsis

Summary:

This operation will authorise the requested device.

Note:

This method will only work with local users (not OAUTH)

Process

1. The user needs to enter the auth code received over cli
2. The auth code will be validated against the request

Errors

400 (Bad Request)

Malformed-Request

409 (Conflict)

The auth code already authorised

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity authorise-device [flags]

Options

--body

Auth Code for device authorisation

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--deviceId

ID of an device

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for authorise-device

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "expiration": "2024-12-31T11:42:23-05:00",
      "oauthCode": "123456"
  }
  

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity change-password

PATCH the current users’ password with a new password

Synopsis

This method will change the users password

Error(s)

409 (Conflict)

If the current user who has requested a password reset is not a “local” user

422 (Unprocessable Content)

If the users current password does not match or the new password does not meet the password requirements

423 (Locked)

If the user’s account is currently locked

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity change-password [flags]

Options

--body

The password to be changed

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for change-password

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity create-identity

Create a “local” user

Synopsis

Summary:

Use this operation to create a local user

Note:

for “local” users:

1. If a user is created without a password, they will be emailed a set password link with token/OTP
2. If a user is created with a password, they will be emailed with a created user details

Errors

400 (Bad Request)

Malformed-Request

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

404 (Not Found)

The role ID specified does not exist in the organization

409 (Conflict)

User is already registered

422 (Unprocessable Content)

The Reference the errors in the response for more details.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity create-identity [flags]

Options

--body

The user to be created

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for create-identity

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity delete-identity

Delete a user in current tenant

Synopsis

Summary:

Use this operation to delete a user in the current tenant

Errors

404 (Not Found)

The user you requested does not exist in the current tenant

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity delete-identity [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for delete-identity

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--userId

ID of an User

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity device-api-token

Create tokens for the device, if device auth code got authorised successfully.

Synopsis

Summary:

This will return api token for given deviceId

Errors

400 (Bad Request)

When code is not authorized.

404 (Not Found)

The device does not exist.

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity device-api-token [flags]

Options

--body

State Code for device token creation

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

--deviceId

ID of an device

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for device-api-token

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "stateCode": "abc123"
  }
  

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity device-deregister

Deregister given device

Synopsis

Summary:

Use this operation to deregister given device

Errors

409 (Conflict)

The device is already deregistered

404 (Not Found)

Tenant not found

404 (Not Found)

Org not found

404 (Not Found)

Role not found

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity device-deregister [flags]

Options

--deviceId

ID of an device

--format

to print response in format

Default value: json

-h

--help

help for device-deregister

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity device-register

Get auth code with authorisation url for given device register request

Synopsis

Summary:

Use this operation to get auth code with authorisation url for given device register request

Errors

400 (Bad Request)

Request body validation failed

404 (Not Found)

Tenant not found

423 (Locked)

Device is Disabled

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity device-register [flags]

Options

--body

Device metadata

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for device-register

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "appType": "type",
      "deviceName": "device_name",
      "deviceUser": "device_user",
      "macAddress": "mac_address",
      "stateCode": "abc123"
  }
  

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity disable-device

Disable device by id

Synopsis

Summary:

This will disable the device

Process

1. This api will require a deviceId which consist of (mac + deviceUser + appType)

Errors

404 (Not Found)

The device you requested does not exist in the current organizational unit

409 (Conflict)

The device is already disabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity disable-device [flags]

Options

--deviceId

ID of an device

--format

to print response in format

Default value: json

-h

--help

help for disable-device

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity disable-identity

Disable the user associated with the given userId

Synopsis

Summary:

This operation will disable the user associated with the given userId. All sessions for this userId will stop working.

Errors

409 (Conflict)

Email is already disabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity disable-identity [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for disable-identity

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--userId

ID of an User

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity enable-device

Enable device by id

Synopsis

Summary:

This will enable the device

Process

1. This api will require a deviceId which consist of (mac + deviceUser + appType)

Errors

404 (Not Found)

The device you requested does not exist in the current organizational unit

409 (Conflict)

The device is already enabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity enable-device [flags]

Options

--deviceId

ID of an device

--format

to print response in format

Default value: json

-h

--help

help for enable-device

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity enable-identity

Enable the user associated with the given userId

Synopsis

Summary:

This operation will enable the user associated with the given userId

Errors

409 (Conflict)

Email is already enabled

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated.

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity enable-identity [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for enable-identity

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--userId

ID of an User

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity expire-password

Expire the users password

Synopsis

Summary:

Use this operation to require the user to change their password upon next login

WARNING this will not impact any currently logged in users.

Note:

This method will only work with locally users (not OAUTH)

Errors

404 (Not Found)

The user you requested does not exist in the current tenant unit

409 (Conflict)

The user’s password is already set to expire

412 (Precondition Failed)

If the “If-Match” header is included in the request, this error status indicates that the value of “If-Match” (the ETag information) did not match and therefore the entity was not updated. This method will list all roles for a user

423 (Locked)

User is not a local user

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity expire-password [flags]

Options

--emailId

Email ID of an User

--format

to print response in format

Default value: json

-h

--help

help for expire-password

Default value: false

--If-Match

If-Match will compare the supplied etag to the resource requested. If the etag does not match the operation will be aborted.

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity get-authorise-page

Device authorisation page (UI) for user.

Synopsis

Summary:

This operation will load the HTML form page

Process

1. The user need to enter the OAUTH code
2. Then submit to authorize the device

Errors

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity get-authorise-page [flags]

Options

--appType

Application Type

--deviceId

ID of an device

--deviceName

Device Name

--format

to print response in format

Default value: json

-h

--help

help for get-authorise-page

Default value: false

--oauthCode

OAuth code

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity get-identity

Get a user in current tenant

Synopsis

Summary:

Use this operation to get a user in the current tenant

Errors

404 (Not Found)

The user you requested does not exist in the tenant

401 (Unauthorised)

The credential used to access this resource is invalid/expired

403 (Forbidden)

User with this role is not allowed to access the resource

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity get-identity [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-identity

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--userId

ID of an User

--verbose

to show debug logs

Default value: false

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity get-jwt

Get jwt token by exchanging the oauth code and state

Synopsis

Summary:

Use this operation to get jwt token by exchanging the oauth code and state.

Note:

1. In return we will get access token, refresh token and expiry
2. Access token will have tenantID,userID,roleId etc along with baseOrgId

Errors

400 (Bad Request)

Malformed-Request

422 (Unprocessable Content)

The given values for oauth code and state is not in correct format

423 (Locked)

This identity is locked/disabled

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity get-jwt [flags]

Options

--body

Get JWT token by exchanging the oauth code and state

--body-file

Path to file in the local system containing valid body parameter value

--body-format

Format of the --body or --body-file, options: json, yaml, toml

Default value: json

-e

--example

to show example request body

Default value: false

-f

--example-format

Format of the --example, options: json, yaml, toml

Default value: json

--format

to print response in format

Default value: json

-h

--help

help for get-jwt

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false

Examples

The following examples show request bodies that you can submit with this command.

• Default example

  {
      "oauthCode": "oauth-code",
      "state": "random-string"
  }
  

See also

• chef-platform-auth-cli user-account identity

chef-platform-auth-cli user-account identity get-login-page

Login page UI for user.

Synopsis

Summary:

This operation will load the HTML page to login

Process

1. The user need to enter the email and valid password
2. Then submit to get oauth code and state

Errors

500 (Internal Server Error)

Some unexpected error occurred requesting this resource

Usage

chef-platform-auth-cli user-account identity get-login-page [flags]

Options

--format

to print response in format

Default value: json

-h

--help

help for get-login-page

Default value: false

--profile

name of the profile to be used for cmd

Default value: default

--verbose

to show debug logs

Default value: false