canaille
Command Line Interface¶
Canaille provide several commands to help administrator manage their data.
Generally, some configuration has to be loaded by Canaille.
This can be achieved by configuration loading method available, but most of the time a CONFIG environment variable is used.
For the sake of readability, it is omitted in the following examples.
env CONFIG=path/to/config.toml canaille ...
canaille config¶
Handle Canaille configuration file.
canaille config [OPTIONS] COMMAND [ARGS]...
check¶
Test the network connections defined in the configuration file.
Attempt to reach the database and the SMTP server with the provided credentials.
canaille config check [OPTIONS]
dump¶
Export the configuration in TOML format.
The configuration is exported to the file path passed by --path if set,
or the CONFIG environment variable if set, or a config.toml
file in the current directory.
canaille config dump [OPTIONS]
Options
- --path <path>¶
The path to the config file
canaille run¶
Run Canaille in a hypercorn application server.
Have a look at the Hypercorn configuration documentation to find how to configure it.
canaille run [OPTIONS]
Options
- --config <config>¶
Path to a TOML hypercorn configuration file.
canaille jwk¶
JSON Web Key management.
canaille jwk [OPTIONS] COMMAND [ARGS]...
create¶
JSON Web Key creation.
canaille jwk create [OPTIONS] COMMAND [ARGS]...
ec¶
Create a EC JSON Web Key.
canaille jwk create ec [OPTIONS]
Options
- --crv <crv>¶
The key CRV
oct¶
Create a Oct JSON Web Key.
canaille jwk create oct [OPTIONS]
Options
- --size <size>¶
The key size
okp¶
Create a OKP JSON Web Key.
canaille jwk create okp [OPTIONS]
Options
- --crv <crv>¶
The key CRV
rsa¶
Create a RSA JSON Web Key.
canaille jwk create rsa [OPTIONS]
Options
- --size <size>¶
The key size
canaille clean¶
Remove expired tokens and authorization codes.
canaille clean [OPTIONS]
canaille dump¶
Dump all the available models.
If no argument is passed, all model instances are dumped.
canaille dump [OPTIONS] [MODEL]...
Arguments
- MODEL¶
Optional argument(s)
canaille restore¶
Restore previously dumped models.
The dumped models should be passed by the standard input.
cat dump.json | canaille restore
canaille restore [OPTIONS]
canaille install¶
Installs canaille elements from the configuration.
For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas.
canaille install [OPTIONS]
canaille populate¶
Populate the database with generated random data.
canaille populate [OPTIONS] COMMAND [ARGS]...
Options
- --nb <nb>¶
Number of items to create
groups¶
Populate the database with generated random groups.
canaille populate groups [OPTIONS]
Options
- --nb-users-max <nb_users_max>¶
The maximum number of users that will randomly be affected in the group
users¶
Populate the database with generated random users.
canaille populate users [OPTIONS]
canaille get¶
canaille get [OPTIONS] COMMAND [ARGS]...
client¶
Search for clients and display the matching models as JSON.
canaille get client [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --trusted <trusted>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwks <jwks>¶
- --sector-identifier-uri <sector_identifier_uri>¶
- --subject-type <subject_type>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
- --application-type <application_type>¶
- --id-token-signed-response-alg <id_token_signed_response_alg>¶
- --id-token-encrypted-response-alg <id_token_encrypted_response_alg>¶
- --id-token-encrypted-response-enc <id_token_encrypted_response_enc>¶
- --userinfo-signed-response-alg <userinfo_signed_response_alg>¶
- --userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>¶
- --userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>¶
- --default-max-age <default_max_age>¶
- --require-auth-time <require_auth_time>¶
- --default-acr-values <default_acr_values>¶
- --initiate-login-uri <initiate_login_uri>¶
- --request-object-signing-alg <request_object_signing_alg>¶
- --request-object-encryption-alg <request_object_encryption_alg>¶
- --request-object-encryption-enc <request_object_encryption_enc>¶
- --request-uris <request_uris>¶
consent¶
Search for consents and display the matching models as JSON.
canaille get consent [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
group¶
Search for groups and display the matching models as JSON.
canaille get group [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
token¶
Search for tokens and display the matching models as JSON.
canaille get token [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
user¶
Search for users and display the matching models as JSON.
canaille get user [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
canaille set¶
canaille set [OPTIONS] COMMAND [ARGS]...
client¶
Update a client and display the edited model in JSON format in the standard output.
IDENTIFIER should be a client id or client_id
canaille set client [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --trusted <trusted>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwks <jwks>¶
- --sector-identifier-uri <sector_identifier_uri>¶
- --subject-type <subject_type>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
- --application-type <application_type>¶
- --id-token-signed-response-alg <id_token_signed_response_alg>¶
- --id-token-encrypted-response-alg <id_token_encrypted_response_alg>¶
- --id-token-encrypted-response-enc <id_token_encrypted_response_enc>¶
- --userinfo-signed-response-alg <userinfo_signed_response_alg>¶
- --userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>¶
- --userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>¶
- --default-max-age <default_max_age>¶
- --require-auth-time <require_auth_time>¶
- --default-acr-values <default_acr_values>¶
- --initiate-login-uri <initiate_login_uri>¶
- --request-object-signing-alg <request_object_signing_alg>¶
- --request-object-encryption-alg <request_object_encryption_alg>¶
- --request-object-encryption-enc <request_object_encryption_enc>¶
- --request-uris <request_uris>¶
Arguments
- IDENTIFIER¶
Required argument
consent¶
Update a consent and display the edited model in JSON format in the standard output.
IDENTIFIER should be a consent id or consent_id
canaille set consent [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
Arguments
- IDENTIFIER¶
Required argument
group¶
Update a group and display the edited model in JSON format in the standard output.
IDENTIFIER should be a group id or display_name
canaille set group [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
Arguments
- IDENTIFIER¶
Required argument
token¶
Update a token and display the edited model in JSON format in the standard output.
IDENTIFIER should be a token id or token_id
canaille set token [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
Arguments
- IDENTIFIER¶
Required argument
user¶
Update a user and display the edited model in JSON format in the standard output.
IDENTIFIER should be a user id or user_name
canaille set user [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
Arguments
- IDENTIFIER¶
Required argument
canaille create¶
canaille create [OPTIONS] COMMAND [ARGS]...
client¶
Create a new client and display the created model in JSON format in the standard output.
canaille create client [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
consent¶
Create a new consent and display the created model in JSON format in the standard output.
canaille create consent [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
group¶
Create a new group and display the created model in JSON format in the standard output.
canaille create group [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
token¶
Create a new token and display the created model in JSON format in the standard output.
canaille create token [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
user¶
Create a new user and display the created model in JSON format in the standard output.
canaille create user [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
canaille delete¶
canaille delete [OPTIONS] COMMAND [ARGS]...
client¶
Delete a client.
IDENTIFIER should be a client id or client_id
canaille delete client [OPTIONS]
Options
- --noconfirm¶
Ask for confirmation before deleting objects.
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --trusted <trusted>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwks <jwks>¶
- --sector-identifier-uri <sector_identifier_uri>¶
- --subject-type <subject_type>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
- --application-type <application_type>¶
- --id-token-signed-response-alg <id_token_signed_response_alg>¶
- --id-token-encrypted-response-alg <id_token_encrypted_response_alg>¶
- --id-token-encrypted-response-enc <id_token_encrypted_response_enc>¶
- --userinfo-signed-response-alg <userinfo_signed_response_alg>¶
- --userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>¶
- --userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>¶
- --default-max-age <default_max_age>¶
- --require-auth-time <require_auth_time>¶
- --default-acr-values <default_acr_values>¶
- --initiate-login-uri <initiate_login_uri>¶
- --request-object-signing-alg <request_object_signing_alg>¶
- --request-object-encryption-alg <request_object_encryption_alg>¶
- --request-object-encryption-enc <request_object_encryption_enc>¶
- --request-uris <request_uris>¶
consent¶
Delete a consent.
IDENTIFIER should be a consent id or consent_id
canaille delete consent [OPTIONS]
Options
- --noconfirm¶
Ask for confirmation before deleting objects.
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
group¶
Delete a group.
IDENTIFIER should be a group id or display_name
canaille delete group [OPTIONS]
Options
- --noconfirm¶
Ask for confirmation before deleting objects.
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
token¶
Delete a token.
IDENTIFIER should be a token id or token_id
canaille delete token [OPTIONS]
Options
- --noconfirm¶
Ask for confirmation before deleting objects.
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
user¶
Delete a user.
IDENTIFIER should be a user id or user_name
canaille delete user [OPTIONS]
Options
- --noconfirm¶
Ask for confirmation before deleting objects.
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
canaille reset-otp¶
Reset one-time passcode authentication for a user and display the edited user in JSON format in the standard output.
IDENTIFIER should be a user id or user_name
canaille reset-otp [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument