Jimmctl Reference¶
Index¶
ADD-CLOUD-TO-CONTROLLER¶
Summary¶
Add cloud to specific controller in jimm
Usage¶
jimmctl add-cloud-to-controller [options] <controller_name> <cloud_name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
The path to the cloud’s definition file. |
|
|
false |
Forces the cloud to be added to the controller |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl add-cloud-to-controller mycontroller mycloud
jimmctl add-cloud-to-controller mycontroller mycloud --cloud=./cloud-definition.yaml
Details¶
The add-cloud-to-controller command adds the specified cloud to a specific controller on jimm.
One can specify a cloud definition via a yaml file passed with the –cloud flag. If the flag is missing, the command will assume the cloud definition is already known and will error otherwise.
ADD-CONTROLLER¶
Summary¶
Add controller to jimm
Usage¶
jimmctl add-controller [options] <filepath>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl add-controller ./controller-info
jimmctl add-controller ./controller-info.yaml --format json
Details¶
The add-controller command adds a controller to jimm.
AUDIT-EVENTS¶
Aliases: audit-events
Summary¶
Displays audit events
Usage¶
jimmctl list-audit-events [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
display events that happened after a specified time, formatted as RFC3339 |
|
|
display events that happened before specified time, formatted as RFC3339 |
|
|
yaml |
Specify output format (json|tabular|yaml) |
|
0 |
limit the maximum number of returned audit events |
|
display events for a specific method call |
|
|
display events for a specific model (model name is controller/model) |
|
|
Specify an output file |
|
|
0 |
offset the set of returned audit events |
|
false |
reverse the order of logs, showing the most recent first |
|
display events performed by authenticated user |
Examples¶
jimmctl list-audit-events --after 2020-01-01T15:00:00 --before 2020-01-01T15:00:00 --user-tag user@canonical.com --limit 50
jimmctl list-audit-events --method CreateModel
jimmctl audit-events --after 2020-01-01T15:00:00 --format yaml
Details¶
The list-audit-events command displays matching audit events.
AUTH¶
Summary¶
Authorisation model management.
Usage¶
jimmctl auth [flags] <command> ...
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Show short description of plugin, if any |
|
false |
Show help on a command or other topic. |
Details¶
The auth command enables users to manage authorisation model used by JIMM.
Subcommands¶
AUTH GROUP¶
Summary¶
Group management.
Usage¶
jimmctl auth group [options] <command> ...
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Show short description of plugin, if any |
|
false |
Show help on a command or other topic. |
Details¶
The group command enables group management for jimm
Subcommands¶
AUTH GROUP ADD¶
Summary¶
Add group to jimm.
Usage¶
jimmctl auth group add [options] <name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl auth group add mygroup
Details¶
The add command adds group to jimm.
AUTH GROUP LIST¶
Summary¶
List all groups.
Usage¶
jimmctl auth group list [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
0 |
The maximum number of groups to return |
|
Specify an output file |
|
|
0 |
The offset to use when requesting groups |
Examples¶
jimmctl auth group list
Details¶
The list command lists all groups in jimm.
AUTH GROUP REMOVE¶
Summary¶
Remove a group.
Usage¶
jimmctl auth group remove [options] <name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
smart |
Specify output format (smart) |
|
Specify an output file |
|
|
false |
delete group without prompt |
Examples¶
jimmctl auth group remove mygroup
Details¶
The remove command removes a group in jimm.
AUTH GROUP RENAME¶
Summary¶
Rename a group.
Usage¶
jimmctl auth group rename [options] <name> <new name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl auth group rename mygroup newgroup
Details¶
The rename command renames a group in jimm.
AUTH RELATION¶
Summary¶
Relation management.
Usage¶
jimmctl auth relation [options] <command> ...
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Show short description of plugin, if any |
|
false |
Show help on a command or other topic. |
Details¶
relation command enables relation management for jimm
Subcommands¶
AUTH RELATION ADD¶
Summary¶
Add relation to jimm.
Usage¶
jimmctl auth relation add [options] <object> <relation> <target_object>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
file location of JSON encoded tuples |
|
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl auth relation add user-alice@canonical.com member group-mygroup
jimmctl auth relation add group-MyTeam#member admin model-mymodel
jimmctl auth relation add -f /path/to/file.yaml
Details¶
The add command adds relation to jimm.
The object and target object must be of the form <tag>-<objectname> or <tag>-<object-uuid> E.g. “user-Alice” or “controller-MyController”
-f Read from a file where filename is the location of a JSON encoded file of the form: [ { “object”:“user-mike”, “relation”:“member”, “target_object”:“group-yellow” }, { “object”:“user-alice”, “relation”:“member”, “target_object”:“group-yellow” } ]
Certain constraints apply when creating/removing a relation, namely: Object may be one of:
user tag = "user-<name>"
group tag = "group-<name>"
controller tag = "controller-<name>"
model tag = "model-<name>"
application offer tag = "offer-<name>"
If target_object is a group, the relation can only be:
member
If target_object is a controller, the relation can be one of:
loginer
administrator
If target_object is a model, the relation can be one of:
reader
writer
administrator
If target_object is an application offer, the relation can be one of:
reader
consumer
administrator
Additionally, if the object is a group, a userset can be applied by adding #member as follows. This will grant/revoke the relation to all users within TeamA:
group-TeamA#member administrator controller-MyController
AUTH RELATION CHECK¶
Summary¶
Check access to a resource.
Usage¶
jimmctl auth relation check [options] <object> <relation> <target_object>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
smart |
Specify output format (json|smart|yaml) |
|
Specify an output file |
Examples¶
jimmctl auth relation check user-alice@canonical.com administrator controller-aws-controller-1
Details¶
Verifies the access between resources.
AUTH RELATION LIST¶
Summary¶
List relations.
Usage¶
jimmctl auth relation list [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|tabular|yaml) |
|
Specify an output file |
|
|
relation object |
|
|
relation name |
|
|
true |
resolves UUIDs to human readable tags |
|
relation target object |
Examples¶
List all relations
jimmctl auth relation list
List relations where the target object match
jimmctl auth relation list --target model-mymodel
List relations where the target object and relation match
jimmctl auth relation list --target model-mymodel --relation admin
Details¶
List relations known to jimm. Using the “target”, “relation” and “object” flags, only those relations matching the filter will be returned.
AUTH RELATION REMOVE¶
Summary¶
Remove relation from jimm.
Usage¶
jimmctl auth relation remove [options] <object> <relation> <target_object>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
file location of JSON encoded tuples |
|
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl auth relation remove user-alice@canonical.com member group-mygroup
jimmctl auth relation remove group-MyTeam#member admin model-mymodel
jimmctl auth relation remove -f /path/to/file.yaml
Details¶
The remove command removes a relation from jimm.
The object and target object must be of the form <tag>-<objectname> or <tag>-<object-uuid> E.g. “user-Alice” or “controller-MyController”
-f Read from a file where filename is the location of a JSON encoded file of the form: [ { “object”:“user-mike”, “relation”:“member”, “target_object”:“group-yellow” }, { “object”:“user-alice”, “relation”:“member”, “target_object”:“group-yellow” } ]
Certain constraints apply when creating/removing a relation, namely: Object may be one of:
user tag = "user-<name>"
group tag = "group-<name>"
controller tag = "controller-<name>"
model tag = "model-<name>"
application offer tag = "offer-<name>"
If target_object is a group, the relation can only be:
member
If target_object is a controller, the relation can be one of:
loginer
administrator
If target_object is a model, the relation can be one of:
reader
writer
administrator
If target_object is an application offer, the relation can be one of:
reader
consumer
administrator
Additionally, if the object is a group, a userset can be applied by adding #member as follows. This will grant/revoke the relation to all users within TeamA:
group-TeamA#member administrator controller-MyController
AUTH ROLE¶
Summary¶
Role management.
Usage¶
jimmctl auth role [options] <command> ...
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Show short description of plugin, if any |
|
false |
Show help on a command or other topic. |
Details¶
The role command enables role management for jimm
Subcommands¶
AUTH ROLE ADD¶
Summary¶
Add role to jimm.
Usage¶
jimmctl auth role add [options] <role name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl auth role add myrole
Details¶
The add command adds role to jimm.
AUTH ROLE LIST¶
Summary¶
List all roles.
Usage¶
jimmctl auth role list [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
0 |
The maximum number of roles to return |
|
Specify an output file |
|
|
0 |
The offset to use when requesting roles |
Examples¶
jimmctl auth role list
Details¶
The list command lists all roles in jimm.
AUTH ROLE REMOVE¶
Summary¶
Remove a role.
Usage¶
jimmctl auth role remove [options] <role name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
smart |
Specify output format (smart) |
|
Specify an output file |
|
|
false |
delete role without prompt |
Examples¶
jimmctl auth role remove myrole
Details¶
The remove command removes a role in jimm.
AUTH ROLE RENAME¶
Summary¶
Rename a role.
Usage¶
jimmctl auth role rename [options] <role name> <new role name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl auth role rename myrole newrolename
Details¶
The rename command renames a role in jimm.
CONTROLLER-INFO¶
Summary¶
Stores controller info to a yaml file
Usage¶
jimmctl controller-info [options] <name> <filepath> [<public address>]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
false |
If local flag is specified, then the local API address and CA cert of the controller will be used. |
|
Specify the hostname for TLS verification. |
Examples¶
jimmctl controller-info mycontroller ./destination/file.yaml mycontroller.example.com
jimmctl controller-info mycontroller ./destination/file.yaml --local
Details¶
The controller-info command writes controller information contained in the juju client store to a yaml file.
If a public address is specified, the output controller information will contain the public address provided and omit a CA cert, this assumes that the server is secured with a public certificate.
Use the –local flag if the server is not configured with a public address.
CONTROLLERS¶
Aliases: list-controllers
Summary¶
Lists all controllers known to JIMM.
Usage¶
jimmctl controllers [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl controllers
jimmctl controllers --format json
Details¶
The list-controllers command displays controller information for all controllers known to JIMM.
DOCUMENTATION¶
Summary¶
Generate the documentation for all commands
Usage¶
jimmctl documentation [options] --out <target-folder> --no-index --split --url <base-url> --discourse-ids <filepath>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
File containing a mapping of commands and their discourse ids |
|
|
false |
Do not generate the commands index |
|
Documentation output folder if not set the result is displayed using the standard output |
|
|
false |
Generate a separate Markdown file for each command |
|
Documentation host URL |
Examples¶
juju documentation
juju documentation --split
juju documentation --split --no-index --out /tmp/docs
To render markdown documentation using a list of existing commands, you can use a file with the following syntax
command1: id1
command2: id2
commandN: idN
For example:
add-cloud: 1183
add-secret: 1284
remove-cloud: 4344
Then, the urls will be populated using the ids indicated in the file above.
juju documentation --split --no-index --out /tmp/docs --discourse-ids /tmp/docs/myids
Details¶
This command generates a markdown formatted document with all the commands, their descriptions, arguments, and examples.
GRANT-AUDIT-LOG-ACCESS¶
Summary¶
Grants access to audit logs.
Usage¶
jimmctl grant-audit-log-access [options] <username>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl grant-audit-log-access <username>
Details¶
Grants a user access to read audit logs.
HELP¶
Summary¶
Show help on a command or other topic.
Usage¶
jimmctl help [flags] [topic]
Details¶
See also: topics
IMPORT-CLOUD-CREDENTIALS¶
Summary¶
Import cloud credentials to jimm
Usage¶
jimmctl import-cloud-credentials [options] <filepath>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl import-cloud-credentials ./path/creds.json
Details¶
The import-cloud-credentials imports a set of cloud credentials loaded from a file containing a series of JSON objects. The JSON objects specifying the credentials should be of the form:
{ “_id”: <cloud-credential-id>, “type”: <credential-type>, “attributes”: { <key1>: <value1>, … } }
IMPORT-MODEL¶
Summary¶
Import a model to jimm
Usage¶
jimmctl import-model [options] <controller name> <model uuid>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
switch the model owner to the desired user |
Examples¶
jimmctl import-model mycontroller ac30d6ae-0bed-4398-bba7-75d49e39f189
jimmctl import-model mycontroller ac30d6ae-0bed-4398-bba7-75d49e39f189 --owner user@canonical.com
Details¶
The import-model imports a model running on a controller to jimm.
When importing, it is necessary for JIMM to contain a set of cloud credentials that represent a user’s access to the incoming model’s cloud.
The –owner command is necessary when importing a model created by a local user and it will switch the model owner to the desired external user.
LIST-AUDIT-EVENTS¶
Aliases: audit-events
Summary¶
Displays audit events
Usage¶
jimmctl list-audit-events [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
display events that happened after a specified time, formatted as RFC3339 |
|
|
display events that happened before specified time, formatted as RFC3339 |
|
|
yaml |
Specify output format (json|tabular|yaml) |
|
0 |
limit the maximum number of returned audit events |
|
display events for a specific method call |
|
|
display events for a specific model (model name is controller/model) |
|
|
Specify an output file |
|
|
0 |
offset the set of returned audit events |
|
false |
reverse the order of logs, showing the most recent first |
|
display events performed by authenticated user |
Examples¶
jimmctl list-audit-events --after 2020-01-01T15:00:00 --before 2020-01-01T15:00:00 --user-tag user@canonical.com --limit 50
jimmctl list-audit-events --method CreateModel
jimmctl audit-events --after 2020-01-01T15:00:00 --format yaml
Details¶
The list-audit-events command displays matching audit events.
LIST-CONTROLLERS¶
Aliases: list-controllers
Summary¶
Lists all controllers known to JIMM.
Usage¶
jimmctl controllers [options]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl controllers
jimmctl controllers --format json
Details¶
The list-controllers command displays controller information for all controllers known to JIMM.
MIGRATE¶
Summary¶
Migrate models to the target controller
Usage¶
jimmctl migrate [options] <controller name> <model uuid> [<model uuid>...]
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl migrate mycontroller 2cb433a6-04eb-4ec4-9567-90426d20a004
jimmctl migrate mycontroller 2cb433a6-04eb-4ec4-9567-90426d20a004 fd469983-27c2-423b-bebf-84f616fb036b ...
Details¶
The migrate command migrates a model(s) to a new controller. Specify a model-uuid to migrate and the destination controller name.
Note that multiple models can be targeted for migration by supplying multiple model uuids.
MODEL-STATUS¶
Summary¶
Displays full model status
Usage¶
jimmctl model-status [options] <model uuid>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl model-status 2cb433a6-04eb-4ec4-9567-90426d20a004
jimmctl model-status 2cb433a6-04eb-4ec4-9567-90426d20a004 --format yaml
Details¶
The model-status command displays full model status.
PURGE-AUDIT-LOGS¶
Summary¶
purge audit logs from the database before the given date
Usage¶
jimmctl purge-audit-logs [options] <date>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl purge-audit-logs 2021-02-03
jimmctl purge-audit-logs 2021-02-03T00
jimmctl purge-audit-logs 2021-02-03T15:04:05Z
Details¶
The purge-audit-logs purges logs from the database before the given date.
The provided date must be formatted as an ISO8601 date string.
QUERY-MODELS¶
Summary¶
Query model statuses
Usage¶
jimmctl query-models [options] <query>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
json |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl query-models '.applications | with_entries(select(.key=="nginx-ingress-integrator"))'
Details¶
The query-models command queries all models available to the current user performing the query against each model status individually, returning the collated query responses for each model.
The query runs against the output of “juju status –format json”, as such you can format your query against an output like this.
The queries expect a JQ query string.
REMOVE-CLOUD-FROM-CONTROLLER¶
Summary¶
Remove cloud from specific controller in jimm
Usage¶
jimmctl remove-cloud-from-controller [options] <controller_name> <cloud_name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl remove-cloud-from-controller mycontroller mycloud
Details¶
The remove-cloud-from-controller command removes the specified cloud from the specified controller in jimm.
REMOVE-CONTROLLER¶
Summary¶
Remove controller from jimm
Usage¶
jimmctl remove-controller [options] <name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
false |
force remove a controller |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl remove-controller mycontroller
jimmctl remove-controller mycontroller --force
Details¶
The remove-controller command removes a controller from jimm.
REVOKE-AUDIT-LOG-ACCESS¶
Summary¶
revokes access to audit logs.
Usage¶
jimmctl revoke-audit-log-access [options] <user>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl revoke-audit-log-access user@canonical.com
Details¶
The revoke-audit-log-access revokes user access to audit logs.
SET-CONTROLLER-DEPRECATED¶
Summary¶
Sets controller deprecated status.
Usage¶
jimmctl set-controller-deprecated [options] <controller name>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
|
yaml |
Specify output format (json|yaml) |
|
Specify an output file |
Examples¶
jimmctl set-controller-deprecated mycontroller
Details¶
The set-controller-deprecated sets the deprecated status of a controller.
UPDATE-MIGRATED-MODEL¶
Summary¶
Update the controller running a model.
Usage¶
jimmctl update-migrated-model [options] <controller name> <model uuid>
Options¶
Flag |
Default |
Usage |
|---|---|---|
|
false |
Do not use web browser for authentication |
Examples¶
jimmctl update-migrated-model mycontroller e0bf3abf-7029-4e48-9c26-68a7b6e02947
Details¶
The update-migrated-model updates a model known to JIMM that has been migrated externally to a different JAAS controller.