Command Line Interface

Canaille provide several commands to help administrator manage their data.

Generally, some configuration has to be loaded by Canaille. This can be achieved by configuration loading method available, but most of the time a CANAILLE_CONFIG environment variable is used. For the sake of readability, it is omitted in the following examples.

env CANAILLE_CONFIG=path/to/config.toml canaille ...

canaille config

Handle Canaille configuration file.

Usage

canaille config [OPTIONS] COMMAND [ARGS]...

check

Test the network connections defined in the configuration file.

Attempt to reach the database and the SMTP server with the provided credentials.

Usage

canaille config check [OPTIONS]

dump

Export the configuration in TOML format.

The configuration is exported to the file path passed by --path if set. else it is displayed on the standard output.

Usage

canaille config dump [OPTIONS]

Options

--path <path>

The path to the config file

canaille run

Run Canaille in a hypercorn application server.

Configuration is loaded from environment variables with CANAILLE_HYPERCORN_ prefix, and can be overridden with command-line options.

Have a look at the Hypercorn configuration documentation to find how to configure it.

Usage

canaille run [OPTIONS]

Options

--bind <bind>

The TCP host/address to bind to.

--insecure-bind <insecure_bind>

The TCP host/address to bind to for insecure connections.

--quic-bind <quic_bind>

The UDP socket to bind for QUIC.

--alpn-protocols <alpn_protocols>

The ALPN protocols to advertise.

--alt-svc-headers <alt_svc_headers>

The alt-svc header values to advertise.

--server-names <server_names>

A comma separated list of server names.

--access-log-format <ACCESS_LOG_FORMAT>

The access log format.

--accesslog <ACCESSLOG>

The target for access log outputs.

--backlog <BACKLOG>

The maximum number of pending connections.

--ca-certs <CA_CERTS>

Path to the SSL CA certificate file.

--certfile <CERTFILE>

Path to the SSL certificate file.

--ciphers <CIPHERS>

The available ciphers for SSL connections.

--debug <DEBUG>

Enable debug mode.

--dogstatsd-tags <DOGSTATSD_TAGS>

Comma separated list of tags to be applied to all StatsD metrics.

--errorlog <ERRORLOG>

The target for error log outputs.

--graceful-timeout <GRACEFUL_TIMEOUT>

Time to wait for workers to finish current requests during graceful shutdown.

--group <GROUP>

The group id to switch to.

--h11-max-incomplete-size <H11_MAX_INCOMPLETE_SIZE>

The maximum size of the incomplete request/response body.

--h11-pass-raw-headers <H11_PASS_RAW_HEADERS>

Pass raw headers to the application.

--h2-max-concurrent-streams <H2_MAX_CONCURRENT_STREAMS>

The maximum number of concurrent streams per HTTP/2 connection.

--h2-max-header-list-size <H2_MAX_HEADER_LIST_SIZE>

The maximum size of the header list.

--h2-max-inbound-frame-size <H2_MAX_INBOUND_FRAME_SIZE>

The maximum size of an inbound HTTP/2 frame.

--include-date-header <INCLUDE_DATE_HEADER>

Include a date header in the response.

--include-server-header <INCLUDE_SERVER_HEADER>

Include a server header in the response.

--keep-alive-max-requests <KEEP_ALIVE_MAX_REQUESTS>

The maximum number of requests per keep-alive connection.

--keep-alive-timeout <KEEP_ALIVE_TIMEOUT>

Seconds to wait before closing keep-alive connections.

--keyfile <KEYFILE>

Path to the SSL key file.

--keyfile-password <KEYFILE_PASSWORD>

The password for the SSL key file.

--logconfig <LOGCONFIG>

The log config file path.

--logconfig-dict <LOGCONFIG_DICT>

The log config dictionary.

--loglevel <LOGLEVEL>

The (error) log level.

--max-app-queue-size <MAX_APP_QUEUE_SIZE>

The maximum size of the application task queue.

--max-requests <MAX_REQUESTS>

The maximum number of requests a worker can handle before restarting.

--max-requests-jitter <MAX_REQUESTS_JITTER>

The maximum jitter to add to the max_requests setting.

--pid-path <PID_PATH>

Path to write the process id.

--proxy-mode <PROXY_MODE>

Proxy headers handling mode: None (no proxy), legacy (X-Forwarded-*), or modern (RFC 7239 Forwarded).

--proxy-trusted-hops <PROXY_TRUSTED_HOPS>

Number of trusted proxy hops when PROXY_MODE is set.

--read-timeout <READ_TIMEOUT>

The timeout for reading from connections.

--root-path <ROOT_PATH>

The ASGI root_path variable.

--shutdown-timeout <SHUTDOWN_TIMEOUT>

Time to wait for workers to shutdown during graceful shutdown.

--ssl-handshake-timeout <SSL_HANDSHAKE_TIMEOUT>

The SSL handshake timeout.

--startup-timeout <STARTUP_TIMEOUT>

Time to wait for workers to start during startup.

--statsd-host <STATSD_HOST>

The host:port of the statsd server.

--statsd-prefix <STATSD_PREFIX>

Prefix for statsd messages.

--umask <UMASK>

The umask to set for the process.

--use-reloader <USE_RELOADER>

Enable automatic reloading on code changes.

--user <USER>

The user id to switch to.

--verify-flags <VERIFY_FLAGS>

The SSL verify flags.

--verify-mode <VERIFY_MODE>

The SSL verify mode.

--websocket-max-message-size <WEBSOCKET_MAX_MESSAGE_SIZE>

The maximum size of a WebSocket message.

--websocket-ping-interval <WEBSOCKET_PING_INTERVAL>

If set the time in seconds between pings.

--worker-class <WORKER_CLASS>

The type of worker to use.

--workers <WORKERS>

The number of worker processes.

--wsgi-max-body-size <WSGI_MAX_BODY_SIZE>

The maximum size of WSGI request body.

canaille jwk

JSON Web Key management.

Usage

canaille jwk [OPTIONS] COMMAND [ARGS]...

create

JSON Web Key creation.

Usage

canaille jwk create [OPTIONS] COMMAND [ARGS]...

ec

Create a EC JSON Web Key.

Usage

canaille jwk create ec [OPTIONS]

Options

--crv <crv>

The key CRV

--format <output_format>

Output format

Options:

OutputFormat.JSON | OutputFormat.TOML

oct

Create a Oct JSON Web Key.

Usage

canaille jwk create oct [OPTIONS]

Options

--size <size>

The key size

--format <output_format>

Output format

Options:

OutputFormat.JSON | OutputFormat.TOML

okp

Create a OKP JSON Web Key.

Usage

canaille jwk create okp [OPTIONS]

Options

--crv <crv>

The key CRV

--format <output_format>

Output format

Options:

OutputFormat.JSON | OutputFormat.TOML

rsa

Create a RSA JSON Web Key.

Usage

canaille jwk create rsa [OPTIONS]

Options

--size <size>

The key size

--format <output_format>

Output format

Options:

OutputFormat.JSON | OutputFormat.TOML

canaille clean

Remove expired tokens and authorization codes.

Usage

canaille clean [OPTIONS]

canaille dump

Dump all the available models.

If no argument is passed, all model instances are dumped.

Usage

canaille dump [OPTIONS] [MODEL]...

Arguments

MODEL

Optional argument(s)

canaille restore

Restore previously dumped models.

The dumped models should be passed by the standard input.

cat dump.json | canaille restore

Usage

canaille restore [OPTIONS]

canaille install

Installs canaille elements from the configuration.

For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas.

Usage

canaille install [OPTIONS]

canaille populate

Populate the database with generated random data.

Usage

canaille populate [OPTIONS] COMMAND [ARGS]...

Options

--nb <nb>

Number of items to create

groups

Populate the database with generated random groups.

Usage

canaille populate groups [OPTIONS]

Options

--nb-users-max <nb_users_max>

The maximum number of users that will randomly be affected in the group

users

Populate the database with generated random users.

Usage

canaille populate users [OPTIONS]

canaille get

Usage

canaille get [OPTIONS] COMMAND [ARGS]...

authorizationcode

Search for authorizationcodes and display the matching models as JSON.

Usage

canaille get authorizationcode [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--authorization-code-id <authorization_code_id>

--code <code>

--client <client>

--subject <subject>

--redirect-uri <redirect_uri>

--response-type <response_type>

--scope <scope>

--nonce <nonce>

--issue-date <issue_date>

--lifetime <lifetime>

--challenge <challenge>

--challenge-method <challenge_method>

--revokation-date <revokation_date>

--auth-time <auth_time>

--acr <acr>

--amr <amr>

client

Search for clients and display the matching models as JSON.

Usage

canaille get client [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--description <description>

--audience <audience>

--client-id <client_id>

--client-secret <client_secret>

--client-id-issued-at <client_id_issued_at>

--client-secret-expires-at <client_secret_expires_at>

--redirect-uris <redirect_uris>

--token-endpoint-auth-method <token_endpoint_auth_method>

--token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>

--grant-types <grant_types>

--response-types <response_types>

--client-name <client_name>

--client-uri <client_uri>

--logo-uri <logo_uri>

--scope <scope>

--contacts <contacts>

--tos-uri <tos_uri>

--policy-uri <policy_uri>

--jwks-uri <jwks_uri>

--jwks <jwks>

--sector-identifier-uri <sector_identifier_uri>

--subject-type <subject_type>

--software-id <software_id>

--software-version <software_version>

--post-logout-redirect-uris <post_logout_redirect_uris>

--application-type <application_type>

--id-token-signed-response-alg <id_token_signed_response_alg>

--id-token-encrypted-response-alg <id_token_encrypted_response_alg>

--id-token-encrypted-response-enc <id_token_encrypted_response_enc>

--userinfo-signed-response-alg <userinfo_signed_response_alg>

--userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>

--userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>

--default-max-age <default_max_age>

--require-auth-time <require_auth_time>

--default-acr-values <default_acr_values>

--initiate-login-uri <initiate_login_uri>

--request-object-signing-alg <request_object_signing_alg>

--request-object-encryption-alg <request_object_encryption_alg>

--request-object-encryption-enc <request_object_encryption_enc>

--request-uris <request_uris>

--require-signed-request-object <require_signed_request_object>

consent

Search for consents and display the matching models as JSON.

Usage

canaille get consent [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--consent-id <consent_id>

--subject <subject>

--client <client>

--scope <scope>

--issue-date <issue_date>

--revokation-date <revokation_date>

group

Search for groups and display the matching models as JSON.

Usage

canaille get group [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--display-name <display_name>

--members <members>

--owner <owner>

--description <description>

token

Search for tokens and display the matching models as JSON.

Usage

canaille get token [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--token-id <token_id>

--access-token <access_token>

--client <client>

--subject <subject>

--type <type>

--refresh-token <refresh_token>

--scope <scope>

--issue-date <issue_date>

--lifetime <lifetime>

--revokation-date <revokation_date>

--audience <audience>

user

Search for users and display the matching models as JSON.

Usage

canaille get user [OPTIONS]

Options

--ignore-errors

Suppress error messages and return silently on failure.

--id <id>

--created <created>

--last-modified <last_modified>

--user-name <user_name>

--password-failure-timestamps <password_failure_timestamps>

--password <password>

--password-last-update <password_last_update>

--preferred-language <preferred_language>

--family-name <family_name>

--given-name <given_name>

--formatted-name <formatted_name>

--display-name <display_name>

--emails <emails>

--phone-numbers <phone_numbers>

--formatted-address <formatted_address>

--street <street>

--postal-code <postal_code>

--locality <locality>

--region <region>

--photo <photo>

--profile-url <profile_url>

--title <title>

--organization <organization>

--employee-number <employee_number>

--department <department>

--groups <groups>

--lock-date <lock_date>

--last-otp-login <last_otp_login>

--secret-token <secret_token>

--hotp-counter <hotp_counter>

--one-time-password <one_time_password>

--one-time-password-emission-date <one_time_password_emission_date>

--webauthn-credentials <webauthn_credentials>

canaille set

Usage

canaille set [OPTIONS] COMMAND [ARGS]...

authorizationcode

Update a authorizationcode and display the edited model in JSON format in the standard output.

IDENTIFIER should be a authorizationcode id or authorization_code_id

Usage

canaille set authorizationcode [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--authorization-code-id <authorization_code_id>

--code <code>

--client <client>

--subject <subject>

--redirect-uri <redirect_uri>

--response-type <response_type>

--scope <scope>

--nonce <nonce>

--issue-date <issue_date>

--lifetime <lifetime>

--challenge <challenge>

--challenge-method <challenge_method>

--revokation-date <revokation_date>

--auth-time <auth_time>

--acr <acr>

--amr <amr>

Arguments

IDENTIFIER

Required argument

client

Update a client and display the edited model in JSON format in the standard output.

IDENTIFIER should be a client id or client_id

Usage

canaille set client [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--description <description>

--audience <audience>

--client-id <client_id>

--client-secret <client_secret>

--client-id-issued-at <client_id_issued_at>

--client-secret-expires-at <client_secret_expires_at>

--redirect-uris <redirect_uris>

--token-endpoint-auth-method <token_endpoint_auth_method>

--token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>

--grant-types <grant_types>

--response-types <response_types>

--client-name <client_name>

--client-uri <client_uri>

--logo-uri <logo_uri>

--scope <scope>

--contacts <contacts>

--tos-uri <tos_uri>

--policy-uri <policy_uri>

--jwks-uri <jwks_uri>

--jwks <jwks>

--sector-identifier-uri <sector_identifier_uri>

--subject-type <subject_type>

--software-id <software_id>

--software-version <software_version>

--post-logout-redirect-uris <post_logout_redirect_uris>

--application-type <application_type>

--id-token-signed-response-alg <id_token_signed_response_alg>

--id-token-encrypted-response-alg <id_token_encrypted_response_alg>

--id-token-encrypted-response-enc <id_token_encrypted_response_enc>

--userinfo-signed-response-alg <userinfo_signed_response_alg>

--userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>

--userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>

--default-max-age <default_max_age>

--require-auth-time <require_auth_time>

--default-acr-values <default_acr_values>

--initiate-login-uri <initiate_login_uri>

--request-object-signing-alg <request_object_signing_alg>

--request-object-encryption-alg <request_object_encryption_alg>

--request-object-encryption-enc <request_object_encryption_enc>

--request-uris <request_uris>

--require-signed-request-object <require_signed_request_object>

Arguments

IDENTIFIER

Required argument

consent

Update a consent and display the edited model in JSON format in the standard output.

IDENTIFIER should be a consent id or consent_id

Usage

canaille set consent [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--consent-id <consent_id>

--subject <subject>

--client <client>

--scope <scope>

--issue-date <issue_date>

--revokation-date <revokation_date>

Arguments

IDENTIFIER

Required argument

group

Update a group and display the edited model in JSON format in the standard output.

IDENTIFIER should be a group id or display_name

Usage

canaille set group [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--display-name <display_name>

--members <members>

--owner <owner>

--description <description>

Arguments

IDENTIFIER

Required argument

token

Update a token and display the edited model in JSON format in the standard output.

IDENTIFIER should be a token id or token_id

Usage

canaille set token [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--token-id <token_id>

--access-token <access_token>

--client <client>

--subject <subject>

--type <type>

--refresh-token <refresh_token>

--scope <scope>

--issue-date <issue_date>

--lifetime <lifetime>

--revokation-date <revokation_date>

--audience <audience>

Arguments

IDENTIFIER

Required argument

user

Update a user and display the edited model in JSON format in the standard output.

IDENTIFIER should be a user id or user_name

Usage

canaille set user [OPTIONS] IDENTIFIER

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if the model doesn’t exist or update fails.

--created <created>

--last-modified <last_modified>

--user-name <user_name>

--password-failure-timestamps <password_failure_timestamps>

--password <password>

--password-last-update <password_last_update>

--preferred-language <preferred_language>

--family-name <family_name>

--given-name <given_name>

--formatted-name <formatted_name>

--display-name <display_name>

--emails <emails>

--phone-numbers <phone_numbers>

--formatted-address <formatted_address>

--street <street>

--postal-code <postal_code>

--locality <locality>

--region <region>

--photo <photo>

--profile-url <profile_url>

--title <title>

--organization <organization>

--employee-number <employee_number>

--department <department>

--groups <groups>

--lock-date <lock_date>

--last-otp-login <last_otp_login>

--secret-token <secret_token>

--hotp-counter <hotp_counter>

--one-time-password <one_time_password>

--one-time-password-emission-date <one_time_password_emission_date>

--webauthn-credentials <webauthn_credentials>

Arguments

IDENTIFIER

Required argument

canaille create

Usage

canaille create [OPTIONS] COMMAND [ARGS]...

authorizationcode

Create a new authorizationcode and display the created model in JSON format in the standard output.

Usage

canaille create authorizationcode [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

client

Create a new client and display the created model in JSON format in the standard output.

Usage

canaille create client [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

consent

Create a new consent and display the created model in JSON format in the standard output.

Usage

canaille create consent [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

group

Create a new group and display the created model in JSON format in the standard output.

Usage

canaille create group [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

token

Create a new token and display the created model in JSON format in the standard output.

Usage

canaille create token [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

user

Create a new user and display the created model in JSON format in the standard output.

Usage

canaille create user [OPTIONS]

Options

--quiet

Suppress output to standard output.

--ignore-errors

Suppress errors and exit silently if creation fails.

--created <created>

--last-modified <last_modified>

canaille delete

Usage

canaille delete [OPTIONS] COMMAND [ARGS]...

authorizationcode

Delete a authorizationcode.

IDENTIFIER should be a authorizationcode id or authorization_code_id

Usage

canaille delete authorizationcode [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--authorization-code-id <authorization_code_id>

--code <code>

--client <client>

--subject <subject>

--redirect-uri <redirect_uri>

--response-type <response_type>

--scope <scope>

--nonce <nonce>

--issue-date <issue_date>

--lifetime <lifetime>

--challenge <challenge>

--challenge-method <challenge_method>

--revokation-date <revokation_date>

--auth-time <auth_time>

--acr <acr>

--amr <amr>

client

Delete a client.

IDENTIFIER should be a client id or client_id

Usage

canaille delete client [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--description <description>

--audience <audience>

--client-id <client_id>

--client-secret <client_secret>

--client-id-issued-at <client_id_issued_at>

--client-secret-expires-at <client_secret_expires_at>

--redirect-uris <redirect_uris>

--token-endpoint-auth-method <token_endpoint_auth_method>

--token-endpoint-auth-signing-alg <token_endpoint_auth_signing_alg>

--grant-types <grant_types>

--response-types <response_types>

--client-name <client_name>

--client-uri <client_uri>

--logo-uri <logo_uri>

--scope <scope>

--contacts <contacts>

--tos-uri <tos_uri>

--policy-uri <policy_uri>

--jwks-uri <jwks_uri>

--jwks <jwks>

--sector-identifier-uri <sector_identifier_uri>

--subject-type <subject_type>

--software-id <software_id>

--software-version <software_version>

--post-logout-redirect-uris <post_logout_redirect_uris>

--application-type <application_type>

--id-token-signed-response-alg <id_token_signed_response_alg>

--id-token-encrypted-response-alg <id_token_encrypted_response_alg>

--id-token-encrypted-response-enc <id_token_encrypted_response_enc>

--userinfo-signed-response-alg <userinfo_signed_response_alg>

--userinfo-encrypted-response-alg <userinfo_encrypted_response_alg>

--userinfo-encrypted-response-enc <userinfo_encrypted_response_enc>

--default-max-age <default_max_age>

--require-auth-time <require_auth_time>

--default-acr-values <default_acr_values>

--initiate-login-uri <initiate_login_uri>

--request-object-signing-alg <request_object_signing_alg>

--request-object-encryption-alg <request_object_encryption_alg>

--request-object-encryption-enc <request_object_encryption_enc>

--request-uris <request_uris>

--require-signed-request-object <require_signed_request_object>

consent

Delete a consent.

IDENTIFIER should be a consent id or consent_id

Usage

canaille delete consent [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--consent-id <consent_id>

--subject <subject>

--client <client>

--scope <scope>

--issue-date <issue_date>

--revokation-date <revokation_date>

group

Delete a group.

IDENTIFIER should be a group id or display_name

Usage

canaille delete group [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--display-name <display_name>

--members <members>

--owner <owner>

--description <description>

token

Delete a token.

IDENTIFIER should be a token id or token_id

Usage

canaille delete token [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--token-id <token_id>

--access-token <access_token>

--client <client>

--subject <subject>

--type <type>

--refresh-token <refresh_token>

--scope <scope>

--issue-date <issue_date>

--lifetime <lifetime>

--revokation-date <revokation_date>

--audience <audience>

user

Delete a user.

IDENTIFIER should be a user id or user_name

Usage

canaille delete user [OPTIONS]

Options

--noconfirm

Ask for confirmation before deleting objects.

--ignore-errors

Skip items that fail to delete and continue with others.

--id <id>

--created <created>

--last-modified <last_modified>

--user-name <user_name>

--password-failure-timestamps <password_failure_timestamps>

--password <password>

--password-last-update <password_last_update>

--preferred-language <preferred_language>

--family-name <family_name>

--given-name <given_name>

--formatted-name <formatted_name>

--display-name <display_name>

--emails <emails>

--phone-numbers <phone_numbers>

--formatted-address <formatted_address>

--street <street>

--postal-code <postal_code>

--locality <locality>

--region <region>

--photo <photo>

--profile-url <profile_url>

--title <title>

--organization <organization>

--employee-number <employee_number>

--department <department>

--groups <groups>

--lock-date <lock_date>

--last-otp-login <last_otp_login>

--secret-token <secret_token>

--hotp-counter <hotp_counter>

--one-time-password <one_time_password>

--one-time-password-emission-date <one_time_password_emission_date>

--webauthn-credentials <webauthn_credentials>

canaille reset-otp

Reset one-time passcode authentication for a user and display the edited user in JSON format in the standard output.

IDENTIFIER should be a user id or user_name

Usage

canaille reset-otp [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

canaille worker

Run dramatiq workers.

Setup Dramatiq with broker and task modules from Flask app.

examples:

# Run dramatiq with 1 thread per process.

$ flask worker –threads 1

# Listen only to the “foo” and “bar” queues.

$ flask worker -Q foo,bar

# Consuming from a specific broker

$ flask worker mybroker

Usage

canaille worker [OPTIONS] [BROKER_NAME]

Options

-v, --verbose

turn on verbose log output

-p, --processes <PROCESSES>

the number of worker processes to run

Default:

2

-t, --threads <THREADS>

the number of worker treads per processes

Default:

8

-Q, --queues <QUEUES>

listen to a subset of queues, comma separated

Arguments

BROKER_NAME

Optional argument