README
ΒΆ
OTC CLI
A command-line interface tool for Open Telekom Cloud (OTC) that provides seamless authentication and resource management with federated Single Sign-On (SSO) support.
Features
- π Federated Authentication - Login via OIDC/Keycloak SSO or IAM credentials
- β‘ Temporary Credentials - Generate 24-hour AWS-compatible credentials
- π Token Caching - Automatic token management and refresh
- π¦ Resource Management - List and manage OTC resources
- π Multi-Project Support - Work with multiple OTC projects
- π CCE Integration - Get kubeconfig for Kubernetes clusters
Installation
From Source
git clone https://github.com/abdo-farag/otc-cli.git
cd otc-cli
go build -o otc-cli cmd/otc-cli/main.go
sudo mv otc-cli /usr/local/bin/
Using Go Install
go install github.com/abdo-farag/otc-cli@latest
Quick Start
Option 1: Login with Federated SSO (OIDC/Keycloak)
- Configure environment variables:
# OIDC/Keycloak Configuration
export IDP_URL="https://your-keycloak.com/realms/YourRealm"
export IDP_CLIENT_ID="otc-client"
export IDP_CLIENT_SECRET="your-client-secret" # Optional, for confidential clients
export IDP_PROVIDER_NAME="YourSSO"
# OTC Configuration
export OS_DOMAIN_NAME="OTC00000000001000001234"
export OS_REGION="eu-de"
- Login:
otc-cli login
This will open your browser for SSO authentication. After successful login, credentials are saved to otc-credentials.sh.
- Load credentials:
source otc-credentials.sh
Option 2: Login with IAM Credentials
- Configure environment variables:
export OS_USERNAME="your-username"
export OS_PASSWORD="your-password"
export OS_DOMAIN_NAME="OTC00000000001000001234"
export OS_REGION="eu-de"
- Login:
otc-cli login --iam
- Load credentials:
source otc-credentials.sh
Basic Usage
List Resources
# List all projects
otc-cli list projects
# List servers/instances
otc-cli list servers
# List servers in specific project
otc-cli list servers -p "Production"
# List VPCs
otc-cli list vpcs
# List subnets
otc-cli list subnets
# List volumes
otc-cli list volumes
# List CCE clusters
otc-cli list cce
Get Kubeconfig
# Get kubeconfig for CCE cluster
otc-cli get kubeconfig -c cluster-name
# Save to specific file
otc-cli get kubeconfig -c cluster-id -o ~/.kube/otc-config
Logout
Clear cached credentials:
otc-cli logout
Configuration
Keycloak OIDC Client Setup
If using federated SSO, configure your Keycloak client:
- Create OIDC Client in Keycloak Admin Console
- Client Settings:
- Client Protocol:
openid-connect - Access Type:
publicorconfidential - Valid Redirect URIs:
http://localhost:9197/oidc/auth - Web Origins:
http://localhost:9197
- Client Protocol:
- Required Scopes:
openid,email,profile,roles,groups,offline_access
Environment Variables
| Variable | Description | Required | Default |
|---|---|---|---|
IDP_URL |
Keycloak/OIDC provider URL | For SSO | - |
IDP_CLIENT_ID |
OIDC client ID | For SSO | - |
IDP_CLIENT_SECRET |
OIDC client secret | No | - |
IDP_PROVIDER_NAME |
Identity provider name in OTC | For SSO | - |
OS_USERNAME |
IAM username | For IAM | - |
OS_PASSWORD |
IAM password | For IAM | - |
OS_DOMAIN_NAME |
OTC domain name | Yes | - |
OS_REGION |
OTC region | No | eu-de |
Documentation
For advanced usage, detailed examples, and troubleshooting, see the complete documentation.
Topics covered in the advanced docs:
- Working with multiple projects
- JSON output and scripting
- Integration with AWS CLI, Terraform, and boto3
- Detailed troubleshooting guide
- Authentication flow diagrams
- CI/CD integration
Quick Troubleshooting
"Could not find OIDC configuration" error
- Verify
IDP_PROVIDER_NAMEmatches the Identity Provider name in OTC IAM - Check that federated identity is properly configured in OTC Console
"Project not found" error
List available projects first:
otc-cli list projects
Browser doesn't open
Use no-browser mode:
otc-cli login --no-browser
For more detailed troubleshooting, see otc-cli.md.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
MIT License - see LICENSE file for details
Links
- Documentation: otc-cli.md
- Issues: GitHub Issues
- Repository: github.com/abdo-farag/otc-cli
Related Documentation
- Keycloak Documentation: https://www.keycloak.org/documentation
- Open Telekom Cloud Documentation: https://docs.otc.t-systems.com/
- Gopher Telekom Cloud SDK: https://github.com/opentelekomcloud/gophertelekomcloud
- Go SDK for Open Telekom Cloud (this project uses it internally)
Note: This is an unofficial tool and is not supported by T-Systems or Deutsche Telekom.
Directories
Click to show internal directories.
Click to hide internal directories.