Call SEAL OP-CLI¶
Call¶
You call SEAL OP-CLI in a command prompt or in a PowerShell on Windows or a Linux shell on Linux with the following command:
opcli <dataType> <command> <option>
Environment Variables¶
For a list of environment variables taken into account by SEAL OP-CLI, refer to Environment Variables.
Hint - priority
The value specified with the correspondent option takes priority over the one specified with the corresponent environment variable.
Options¶
The following options (<option>) are available with the SEAL OP-CLI call:
SEAL Operator Server¶
With the --server option, you specify the URL of the SEAL Operator server to which SEAL OP-CLI will connect if different to https://localhost:3008.
opcli <dataType> <command> --server <url>
Example - connect to the SEAL Operator server running on operator.server1.com
opcli <dataType> <command> --server https://operator.server1.com:3008
Self-Signed Certificates¶
Specifying the --insecure option, you avoid that the certificate will be checked by the client.
opcli <dataType> <command> --insecure
User Authentication¶
For the user authentication via the configured OIDC identity provider, different options can be specified when calling SEAL OP-CLI.
User Name and Password¶
With the --user and --pass options, you can specify the user and the password known to the OIDC identity provider.
opcli <dataType> <command> --user <owner> --pass <password>
JSON Web Token (JWT)¶
With the --bearer option, you can specify the access token valid for the user known to the OIDC identity provider.
opcli <dataType> <command> --bearer <token>
Example - JSON Web token
opcli <dataType> <command> --bearer eyJ0eXAiOiJKV1QiLCJhbG...
Hint - environment variable
The JSON Web token can also be specified with the OPCLI_BEARER_TOKEN environment variable.
No Browser for Authentication¶
By default, the default browser will be opened for the user authentication. With the --no-browser option, you specify that the browser should not be opened for authentication.
opcli <dataType> <command> --no-browser
Authentication Process and Priority¶
After the successful authentication, SEAL OP-CLI receives a refresh token from the OIDC identity provider and stores it in a file. SEAL OP-CLI uses the refresh token for getting a new access token from the OIDC identity provider. The validity is configured in the OIDC identity provider.
For the user authentication, SEAL OP-CLI evalutes the data in the following order:
--beareroptionOPCLI_BEARER_TOKENenvironment variable--userand--passoptions- File containing the refresh token
- Login via browser (unless
--no-browserhas been specified)
OIDC Identity Provider Settings¶
For the settings of the connected OIDC identity provider, different options can be specified when calling SEAL OP-CLI.
SEAL-specific Keycloak
If you use the SEAL-specific Keycloak as OIDC identity provider, the defaults of these options already fit.
OIDC Client Name¶
With the auth-client-id option, you specify the client name configured in the OIDC identity provider.
opcli <dataType> <command> --auth-client-id <name>
Hint - environment variable
The client name can also be specified with the OPCLI_AUTH_CLIENT_ID environment variable.
OIDC Client Secret¶
With the auth-client-secret option, you specify the client secret configured in the OIDC identity provider.
opcli <dataType> <command> --auth-client-secret <secret>
Hint - environment variable
The client secret can also be specified with the OPCLI_AUTH_CLIENT_SECRET environment variable.
Local Port¶
With the --localport option, you specify the local port for the code flow with SEAL OP-CLI.
opcli <dataType> <command> --localport <port>
Local HTTP Server¶
With the --localhttp option, you specify that the local server listening on the port specified by --localport is using HTTP instead of HTTPS for the code flow with SEAL OP-CLI.
opcli <dataType> <command> --localhttp
Hint - OIDC identity provider
The OIDC identity provider must be configured to allow the redirect URI to use HTTP.
Log Level¶
By default, the log level is set to info. With the --loglevel option, you change the log level. For the available values, refer to the LOG_LEVEL environment variable.
opcli <dataType> <command> --loglevel <logLevel>
Example - get debug messages
opcli <dataType> <command> --loglevel debug
Return Codes¶
For a list of available codes returned by SEAL OP-CLI, refer to Return Codes.
Display the Version of SEAL OP-CLI¶
opcli --version
Display the Options and Parameters¶
With the --help option at the different levels, you get the available options and parameters of the specific level.
Example - options and parameters of SEAL OP-CLI
opcli --help
Example - options and parameters available for managing tasks
opcli task --help
Example - options and parameters available for creating a task
opcli task create --help
SEAL OP-CLI Commands In Detail¶
Refer to the description of the specific SEAL OP-CLI commands: