Command Line Interface¶
Canaille provide several commands to help administrator manage their data.
Generally, some configuration has to be loaded by Canaille.
This can be achieved by configuration loading method available, but most of the time a CONFIG
environment variable is used.
For the sake of readability, it is omitted in the following examples.
env CONFIG=path/to/config.toml canaille ...
canaille check¶
Test the configuration file.
Attempt to reach the database and the SMTP server with the provided credentials.
canaille check [OPTIONS]
canaille run¶
Run Canaille in a hypercorn application server.
Have a look at the Hypercorn configuration documentation to find how to configure it.
canaille run [OPTIONS]
Options
- --config <config>¶
Path to a TOML hypercorn configuration file.
canaille clean¶
Remove expired tokens and authorization codes.
canaille clean [OPTIONS]
canaille dump¶
Dump all the available models.
canaille dump [OPTIONS]
canaille install¶
Installs canaille elements from the configuration.
For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas.
canaille install [OPTIONS]
canaille populate¶
Populate the database with generated random data.
canaille populate [OPTIONS] COMMAND [ARGS]...
Options
- --nb <nb>¶
Number of items to create
groups¶
Populate the database with generated random groups.
canaille populate groups [OPTIONS]
Options
- --nb-users-max <nb_users_max>¶
The maximum number of users that will randomly be affected in the group
users¶
Populate the database with generated random users.
canaille populate users [OPTIONS]
canaille get¶
canaille get [OPTIONS] COMMAND [ARGS]...
client¶
Search for clients and display the matching models as JSON.
canaille get client [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --preconsent <preconsent>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwk <jwk>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
consent¶
Search for consents and display the matching models as JSON.
canaille get consent [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
group¶
Search for groups and display the matching models as JSON.
canaille get group [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
token¶
Search for tokens and display the matching models as JSON.
canaille get token [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
user¶
Search for users and display the matching models as JSON.
canaille get user [OPTIONS]
Options
- --id <id>¶
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
canaille set¶
canaille set [OPTIONS] COMMAND [ARGS]...
client¶
Update a client and display the edited model in JSON format in the standard output.
IDENTIFIER should be a client id or client_id
canaille set client [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --preconsent <preconsent>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwk <jwk>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
Arguments
- IDENTIFIER¶
Required argument
consent¶
Update a consent and display the edited model in JSON format in the standard output.
IDENTIFIER should be a consent id or consent_id
canaille set consent [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
Arguments
- IDENTIFIER¶
Required argument
group¶
Update a group and display the edited model in JSON format in the standard output.
IDENTIFIER should be a group id or display_name
canaille set group [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
Arguments
- IDENTIFIER¶
Required argument
token¶
Update a token and display the edited model in JSON format in the standard output.
IDENTIFIER should be a token id or token_id
canaille set token [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
Arguments
- IDENTIFIER¶
Required argument
user¶
Update a user and display the edited model in JSON format in the standard output.
IDENTIFIER should be a user id or user_name
canaille set user [OPTIONS] IDENTIFIER
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
Arguments
- IDENTIFIER¶
Required argument
canaille create¶
canaille create [OPTIONS] COMMAND [ARGS]...
client¶
Create a new client and display the created model in JSON format in the standard output.
canaille create client [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --description <description>¶
- --preconsent <preconsent>¶
- --audience <audience>¶
- --client-id <client_id>¶
- --client-secret <client_secret>¶
- --client-id-issued-at <client_id_issued_at>¶
- --client-secret-expires-at <client_secret_expires_at>¶
- --redirect-uris <redirect_uris>¶
- --token-endpoint-auth-method <token_endpoint_auth_method>¶
- --grant-types <grant_types>¶
- --response-types <response_types>¶
- --client-name <client_name>¶
- --client-uri <client_uri>¶
- --logo-uri <logo_uri>¶
- --scope <scope>¶
- --contacts <contacts>¶
- --tos-uri <tos_uri>¶
- --policy-uri <policy_uri>¶
- --jwks-uri <jwks_uri>¶
- --jwk <jwk>¶
- --software-id <software_id>¶
- --software-version <software_version>¶
- --post-logout-redirect-uris <post_logout_redirect_uris>¶
consent¶
Create a new consent and display the created model in JSON format in the standard output.
canaille create consent [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --consent-id <consent_id>¶
- --subject <subject>¶
- --client <client>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --revokation-date <revokation_date>¶
group¶
Create a new group and display the created model in JSON format in the standard output.
canaille create group [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --display-name <display_name>¶
- --members <members>¶
- --description <description>¶
token¶
Create a new token and display the created model in JSON format in the standard output.
canaille create token [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --token-id <token_id>¶
- --access-token <access_token>¶
- --client <client>¶
- --subject <subject>¶
- --type <type>¶
- --refresh-token <refresh_token>¶
- --scope <scope>¶
- --issue-date <issue_date>¶
- --lifetime <lifetime>¶
- --revokation-date <revokation_date>¶
- --audience <audience>¶
user¶
Create a new user and display the created model in JSON format in the standard output.
canaille create user [OPTIONS]
Options
- --created <created>¶
- --last-modified <last_modified>¶
- --user-name <user_name>¶
- --password-failure-timestamps <password_failure_timestamps>¶
- --password <password>¶
- --password-last-update <password_last_update>¶
- --preferred-language <preferred_language>¶
- --family-name <family_name>¶
- --given-name <given_name>¶
- --formatted-name <formatted_name>¶
- --display-name <display_name>¶
- --emails <emails>¶
- --phone-numbers <phone_numbers>¶
- --formatted-address <formatted_address>¶
- --street <street>¶
- --postal-code <postal_code>¶
- --locality <locality>¶
- --region <region>¶
- --photo <photo>¶
- --profile-url <profile_url>¶
- --title <title>¶
- --organization <organization>¶
- --employee-number <employee_number>¶
- --department <department>¶
- --groups <groups>¶
- --lock-date <lock_date>¶
- --last-otp-login <last_otp_login>¶
- --secret-token <secret_token>¶
- --hotp-counter <hotp_counter>¶
- --one-time-password <one_time_password>¶
- --one-time-password-emission-date <one_time_password_emission_date>¶
canaille delete¶
canaille delete [OPTIONS] COMMAND [ARGS]...
client¶
Delete a client.
IDENTIFIER should be a client id or client_id
canaille delete client [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument
consent¶
Delete a consent.
IDENTIFIER should be a consent id or consent_id
canaille delete consent [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument
group¶
Delete a group.
IDENTIFIER should be a group id or display_name
canaille delete group [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument
token¶
Delete a token.
IDENTIFIER should be a token id or token_id
canaille delete token [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument
user¶
Delete a user.
IDENTIFIER should be a user id or user_name
canaille delete user [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument
canaille reset-otp¶
Reset one-time password authentication for a user and display the edited user in JSON format in the standard output.
IDENTIFIER should be a user id or user_name
canaille reset-otp [OPTIONS] IDENTIFIER
Arguments
- IDENTIFIER¶
Required argument