Command Line Interface

Canaille provide several commands to help administrator manage their data.

Generally, some configuration has to be loaded by Canaille. This can be achieved by configuration loading method available, but most of the time a CONFIG environment variable is used. For the sake of readability, it is omitted in the following examples.

env CONFIG=path/to/config.toml canaille ...

canaille check

Test the configuration file.

Attempt to reach the database and the SMTP server with the provided credentials.

canaille check [OPTIONS]

canaille run

Run Canaille in a hypercorn application server.

Have a look at the Hypercorn configuration documentation to find how to configure it.

canaille run [OPTIONS]

Options

--config <config>

Path to a TOML hypercorn configuration file.

canaille clean

Remove expired tokens and authorization codes.

canaille clean [OPTIONS]

canaille dump

Dump all the available models.

canaille dump [OPTIONS]

canaille install

Installs canaille elements from the configuration.

For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas.

canaille install [OPTIONS]

canaille populate

Populate the database with generated random data.

canaille populate [OPTIONS] COMMAND [ARGS]...

Options

--nb <nb>

Number of items to create

groups

Populate the database with generated random groups.

canaille populate groups [OPTIONS]

Options

--nb-users-max <nb_users_max>

The maximum number of users that will randomly be affected in the group

users

Populate the database with generated random users.

canaille populate users [OPTIONS]

canaille get

canaille get [OPTIONS] COMMAND [ARGS]...

authorizationcode

Search for authorizationcodes and display the matching models as JSON.

canaille get authorizationcode [OPTIONS]

Options

--id <id>
--created <created>
--last-modified <last_modified>
--authorization-code-id <authorization_code_id>
--code <code>
--client <client>
--subject <subject>
--redirect-uri <redirect_uri>
--response-type <response_type>
--scope <scope>
--nonce <nonce>
--issue-date <issue_date>
--lifetime <lifetime>
--challenge <challenge>
--challenge-method <challenge_method>
--revokation-date <revokation_date>

client

Search for clients and display the matching models as JSON.

canaille get client [OPTIONS]

Options

--id <id>
--created <created>
--last-modified <last_modified>
--description <description>
--preconsent <preconsent>
--audience <audience>
--client-id <client_id>
--client-secret <client_secret>
--client-id-issued-at <client_id_issued_at>
--client-secret-expires-at <client_secret_expires_at>
--redirect-uris <redirect_uris>
--token-endpoint-auth-method <token_endpoint_auth_method>
--grant-types <grant_types>
--response-types <response_types>
--client-name <client_name>
--client-uri <client_uri>
--logo-uri <logo_uri>
--scope <scope>
--contacts <contacts>
--tos-uri <tos_uri>
--policy-uri <policy_uri>
--jwks-uri <jwks_uri>
--jwk <jwk>
--software-id <software_id>
--software-version <software_version>
--post-logout-redirect-uris <post_logout_redirect_uris>

group

Search for groups and display the matching models as JSON.

canaille get group [OPTIONS]

Options

--id <id>
--created <created>
--last-modified <last_modified>
--display-name <display_name>
--members <members>
--description <description>

token

Search for tokens and display the matching models as JSON.

canaille get token [OPTIONS]

Options

--id <id>
--created <created>
--last-modified <last_modified>
--token-id <token_id>
--access-token <access_token>
--client <client>
--subject <subject>
--type <type>
--refresh-token <refresh_token>
--scope <scope>
--issue-date <issue_date>
--lifetime <lifetime>
--revokation-date <revokation_date>
--audience <audience>

user

Search for users and display the matching models as JSON.

canaille get user [OPTIONS]

Options

--id <id>
--created <created>
--last-modified <last_modified>
--user-name <user_name>
--password-failure-timestamps <password_failure_timestamps>
--password <password>
--password-last-update <password_last_update>
--preferred-language <preferred_language>
--family-name <family_name>
--given-name <given_name>
--formatted-name <formatted_name>
--display-name <display_name>
--emails <emails>
--phone-numbers <phone_numbers>
--formatted-address <formatted_address>
--street <street>
--postal-code <postal_code>
--locality <locality>
--region <region>
--photo <photo>
--profile-url <profile_url>
--title <title>
--organization <organization>
--employee-number <employee_number>
--department <department>
--groups <groups>
--lock-date <lock_date>
--last-otp-login <last_otp_login>
--secret-token <secret_token>
--hotp-counter <hotp_counter>
--one-time-password <one_time_password>
--one-time-password-emission-date <one_time_password_emission_date>

canaille set

canaille set [OPTIONS] COMMAND [ARGS]...

authorizationcode

Update a authorizationcode and display the edited model in JSON format in the standard output.

IDENTIFIER should be a authorizationcode id or authorization_code_id

canaille set authorizationcode [OPTIONS] IDENTIFIER

Options

--created <created>
--last-modified <last_modified>
--authorization-code-id <authorization_code_id>
--code <code>
--client <client>
--subject <subject>
--redirect-uri <redirect_uri>
--response-type <response_type>
--scope <scope>
--nonce <nonce>
--issue-date <issue_date>
--lifetime <lifetime>
--challenge <challenge>
--challenge-method <challenge_method>
--revokation-date <revokation_date>

Arguments

IDENTIFIER

Required argument

client

Update a client and display the edited model in JSON format in the standard output.

IDENTIFIER should be a client id or client_id

canaille set client [OPTIONS] IDENTIFIER

Options

--created <created>
--last-modified <last_modified>
--description <description>
--preconsent <preconsent>
--audience <audience>
--client-id <client_id>
--client-secret <client_secret>
--client-id-issued-at <client_id_issued_at>
--client-secret-expires-at <client_secret_expires_at>
--redirect-uris <redirect_uris>
--token-endpoint-auth-method <token_endpoint_auth_method>
--grant-types <grant_types>
--response-types <response_types>
--client-name <client_name>
--client-uri <client_uri>
--logo-uri <logo_uri>
--scope <scope>
--contacts <contacts>
--tos-uri <tos_uri>
--policy-uri <policy_uri>
--jwks-uri <jwks_uri>
--jwk <jwk>
--software-id <software_id>
--software-version <software_version>
--post-logout-redirect-uris <post_logout_redirect_uris>

Arguments

IDENTIFIER

Required argument

group

Update a group and display the edited model in JSON format in the standard output.

IDENTIFIER should be a group id or display_name

canaille set group [OPTIONS] IDENTIFIER

Options

--created <created>
--last-modified <last_modified>
--display-name <display_name>
--members <members>
--description <description>

Arguments

IDENTIFIER

Required argument

token

Update a token and display the edited model in JSON format in the standard output.

IDENTIFIER should be a token id or token_id

canaille set token [OPTIONS] IDENTIFIER

Options

--created <created>
--last-modified <last_modified>
--token-id <token_id>
--access-token <access_token>
--client <client>
--subject <subject>
--type <type>
--refresh-token <refresh_token>
--scope <scope>
--issue-date <issue_date>
--lifetime <lifetime>
--revokation-date <revokation_date>
--audience <audience>

Arguments

IDENTIFIER

Required argument

user

Update a user and display the edited model in JSON format in the standard output.

IDENTIFIER should be a user id or user_name

canaille set user [OPTIONS] IDENTIFIER

Options

--created <created>
--last-modified <last_modified>
--user-name <user_name>
--password-failure-timestamps <password_failure_timestamps>
--password <password>
--password-last-update <password_last_update>
--preferred-language <preferred_language>
--family-name <family_name>
--given-name <given_name>
--formatted-name <formatted_name>
--display-name <display_name>
--emails <emails>
--phone-numbers <phone_numbers>
--formatted-address <formatted_address>
--street <street>
--postal-code <postal_code>
--locality <locality>
--region <region>
--photo <photo>
--profile-url <profile_url>
--title <title>
--organization <organization>
--employee-number <employee_number>
--department <department>
--groups <groups>
--lock-date <lock_date>
--last-otp-login <last_otp_login>
--secret-token <secret_token>
--hotp-counter <hotp_counter>
--one-time-password <one_time_password>
--one-time-password-emission-date <one_time_password_emission_date>

Arguments

IDENTIFIER

Required argument

canaille create

canaille create [OPTIONS] COMMAND [ARGS]...

authorizationcode

Create a new authorizationcode and display the created model in JSON format in the standard output.

canaille create authorizationcode [OPTIONS]

Options

--created <created>
--last-modified <last_modified>
--authorization-code-id <authorization_code_id>
--code <code>
--client <client>
--subject <subject>
--redirect-uri <redirect_uri>
--response-type <response_type>
--scope <scope>
--nonce <nonce>
--issue-date <issue_date>
--lifetime <lifetime>
--challenge <challenge>
--challenge-method <challenge_method>
--revokation-date <revokation_date>

client

Create a new client and display the created model in JSON format in the standard output.

canaille create client [OPTIONS]

Options

--created <created>
--last-modified <last_modified>
--description <description>
--preconsent <preconsent>
--audience <audience>
--client-id <client_id>
--client-secret <client_secret>
--client-id-issued-at <client_id_issued_at>
--client-secret-expires-at <client_secret_expires_at>
--redirect-uris <redirect_uris>
--token-endpoint-auth-method <token_endpoint_auth_method>
--grant-types <grant_types>
--response-types <response_types>
--client-name <client_name>
--client-uri <client_uri>
--logo-uri <logo_uri>
--scope <scope>
--contacts <contacts>
--tos-uri <tos_uri>
--policy-uri <policy_uri>
--jwks-uri <jwks_uri>
--jwk <jwk>
--software-id <software_id>
--software-version <software_version>
--post-logout-redirect-uris <post_logout_redirect_uris>

group

Create a new group and display the created model in JSON format in the standard output.

canaille create group [OPTIONS]

Options

--created <created>
--last-modified <last_modified>
--display-name <display_name>
--members <members>
--description <description>

token

Create a new token and display the created model in JSON format in the standard output.

canaille create token [OPTIONS]

Options

--created <created>
--last-modified <last_modified>
--token-id <token_id>
--access-token <access_token>
--client <client>
--subject <subject>
--type <type>
--refresh-token <refresh_token>
--scope <scope>
--issue-date <issue_date>
--lifetime <lifetime>
--revokation-date <revokation_date>
--audience <audience>

user

Create a new user and display the created model in JSON format in the standard output.

canaille create user [OPTIONS]

Options

--created <created>
--last-modified <last_modified>
--user-name <user_name>
--password-failure-timestamps <password_failure_timestamps>
--password <password>
--password-last-update <password_last_update>
--preferred-language <preferred_language>
--family-name <family_name>
--given-name <given_name>
--formatted-name <formatted_name>
--display-name <display_name>
--emails <emails>
--phone-numbers <phone_numbers>
--formatted-address <formatted_address>
--street <street>
--postal-code <postal_code>
--locality <locality>
--region <region>
--photo <photo>
--profile-url <profile_url>
--title <title>
--organization <organization>
--employee-number <employee_number>
--department <department>
--groups <groups>
--lock-date <lock_date>
--last-otp-login <last_otp_login>
--secret-token <secret_token>
--hotp-counter <hotp_counter>
--one-time-password <one_time_password>
--one-time-password-emission-date <one_time_password_emission_date>

canaille delete

canaille delete [OPTIONS] COMMAND [ARGS]...

authorizationcode

Delete a authorizationcode.

IDENTIFIER should be a authorizationcode id or authorization_code_id

canaille delete authorizationcode [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

client

Delete a client.

IDENTIFIER should be a client id or client_id

canaille delete client [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

group

Delete a group.

IDENTIFIER should be a group id or display_name

canaille delete group [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

token

Delete a token.

IDENTIFIER should be a token id or token_id

canaille delete token [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

user

Delete a user.

IDENTIFIER should be a user id or user_name

canaille delete user [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument

canaille reset-otp

Reset one-time password authentication for a user and display the edited user in JSON format in the standard output.

IDENTIFIER should be a user id or user_name

canaille reset-otp [OPTIONS] IDENTIFIER

Arguments

IDENTIFIER

Required argument