iamctl

command
v1.18.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Command iamctl is the operational CLI for Hanzo IAM.

Subcommands are designed to run as one-shot Kubernetes Jobs that reconcile IAM state from KMS-sourced configuration. Each subcommand is idempotent and safe to re-run.

Subcommands: 

init-providers      Upsert OAuth provider rows (GitHub, Google, …)
                    from environment variables sourced from KMS.
wire-providers      Attach the GitHub + Google providers to every
                    real-org application (idempotent).
clean-spam-orgs     Identify and (with --apply) delete suspicious
                    organizations. DRY-RUN by default.

Authentication. iamctl talks to IAM's HTTP API at IAM_ENDPOINT using the Casdoor-style clientId+clientSecret query-parameter scheme. Both credentials are read from env vars IAM_CLIENT_ID and IAM_CLIENT_SECRET (these are the admin client's credentials, sourced from KMS at deploy time via KMSSecret).

Usage examples (inside a Job): 

iamctl init-providers
iamctl wire-providers
iamctl clean-spam-orgs                  # dry-run, prints plan
iamctl clean-spam-orgs --apply          # actually deletes

Exit codes: 

0  success (idempotent — also returned on no-op runs)
1  configuration / env-var error
2  IAM API error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.