Cross-Realm Trust Commands

The OLP CLI supports the following functionality for the cross-realm trusts management:

  • list cross-realm trusts established for the realm of the requesting app
  • create a cross-realm trust
  • delete a cross-realm trust
  • show details about a cross-realm trust

org trust list

Lists cross-realm trusts established for the realm of the requesting app, where the realm is either a source or target within the cross-realm trust.


olp org trust list [command options]

Optional parameters:

  • --source-realm <source realm HRN> The HRN identifying the source realm holding the resource to be shared.
  • --target-realm <target realm HRN> The HRN identifying the realm the resource can be shared with.
  • --source-project <source project HRN> The HRN identifying the home project of the resource to be shared.
  • --target-project <target project HRN> The HRN identifying the project the resource can be shared with.
  • --limit <max number of cross-realm trusts> Specify the maximum number of cross-realm trusts returned in the result (100 by default).
  • --json Display the command's result in JSON format.
  • --quiet Display source and target HRNs.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.

Note

Use --source-realm, --source-project, --target-project, and --target-realm to filter the command output. You can apply only one filter at a time.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below lists cross-realm trusts.


olp org trust list --source-realm hrn:here:account::rlm-a:realm/rlm-a

Output:


Source HRN                        Target HRN                        Requires linkable resource with target project
hrn:here:account::rlm-a:realm/rlm-a  hrn:here:authorization::rlm-b:project/project-b true

Example:

The command below lists cross-realm trusts in JSON format.


olp org trust list --json

Output:


{
  "crossRealmTrusts": [
    {
      "sourceRealm": "hrn:here:account::rlm-a:realm/rlm-a",
      "targetRealm": "hrn:here:account::rlm-b:realm/rlm-b",
      "sourceProject": "hrn:here:authorization::rlm-a:project/project-a",
      "targetProject": "hrn:here:authorization::rlm-b:project/project-b",
      "requiresLinkableResourceWithTargetProject": true
    },
    {
      "sourceRealm": "hrn:here:account::rlm-d:realm/rlm-d",
      "targetRealm": "hrn:here:account::rlm-e:realm/rlm-e",
      "requiresLinkableResourceWithTargetProject": false
    },
    {
      "sourceProject": "hrn:here:authorization::rlm-f:project/project-f",
      "targetProject": "hrn:here:authorization::rlm-g:project/project-g",
      "requiresLinkableResourceWithTargetProject": true
    },
    {
      "sourceRealm": "hrn:here:account::rlm-a:realm/rlm-a",
      "targetProject": "hrn:here:authorization::rlm-b:project/project-b",
      "requiresLinkableResourceWithTargetProject": true
    },
    {
      "sourceProject": "hrn:here:authorization::rlm-a:project/project-a",
      "targetRealm": "hrn:here:account::rlm-b:realm/rlm-b"
    }
  ]
}

org trust create

Creates or updates a cross-realm trust that allows linkable resources to be received from the home project or the realm of the resource.


olp org trust create <source HRN> <target HRN> [command options]

Note

The calling user or app must have the permission to take the manageCrossRealmTrust action against the target realm. This permission is granted to all users or apps with roles OrgAdmin or CrossRealmTrustManager.

Required parameters:

  • <source HRN> The HRN identifying the source realm or project.
  • <target HRN> The HRN identifying the target realm or project.

Optional parameters:

  • --target-project-required Indicate whether an actor in the source realm must always specify a project in the target realm when offering a linkable resource. When this is set, the user or app in the source realm cannot offer the linkable resource broadly in the target realm, such that it could be added to any project in the target realm. If the parameter is not specified, then the user or app in the source realm is allowed to create linkable resources identifying the target realm, such that the resource link can be added to any project in the target realm.
  • --json Display the command's result in JSON format.
  • --quiet Display source and target HRNs.
  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below creates a cross-realm trust.


olp org trust create hrn:here:authorization::rlm-a:project/project-a hrn:here:authorization::rlm-b:project/project-b

Output:


Cross-realm trust between hrn:here:authorization::rlm-a:project/project-a and hrn:here:authorization::rlm-b:project/project-b has been created.

Example:

The command below creates a cross-realm trust with the output in JSON format.


olp org trust create hrn:here:account::rlm-a:realm/rlm-a hrn:here:account::rlm-b:realm/rlm-b --target-project-required --json

Output:


{
  "sourceRealm": "hrn:here:account::rlm-a:realm/rlm-a",
  "targetRealm": "hrn:here:account::rlm-b:realm/rlm-b",
  "requiresLinkableResourceWithTargetProject": true
}

org trust show

Shows details on a single cross-realm trust object identified by source and target realms or projects.


olp org trust show <source HRN> <target HRN> [command options]

Note

The calling application must belong to the realm identified by the <source HRN> or <target HRN>.

Required parameters:

  • <source HRN> The HRN identifying the source realm or project.
  • <target HRN> The HRN identifying the target realm or project.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Display the command result in JSON format.
  • --quiet Display source and target HRNs.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below shows details on a cross-realm trust.


olp org trust show hrn:here:authorization::rlm-a:project/project-a hrn:here:authorization::rlm-b:project/project-b

Output:


Trust has been established between:
Source project hrn:here:authorization::rlm-a:project/project-a and target project hrn:here:authorization::rlm-b:project/project-b
and requires linkable resource with target project hrn:here:authorization::rlm-b:project/project-b

Example:

The command below shows details on a cross-realm trust in JSON format.


olp org trust show hrn:here:authorization::rlm-a:project/project-a hrn:here:authorization::rlm-b:project/project-b --json

Output:


{
  "sourceRealm": "hrn:here:account::rlm-a:realm/rlm-a",
  "targetRealm": "hrn:here:account::rlm-b:realm/rlm-b",
  "sourceProject": "hrn:here:authorization::rlm-a:project/project-a",
  "targetProject": "hrn:here:authorization::rlm-b:project/project-b",
  "requiresLinkableResourceWithTargetProject": true
}

org trust delete

Deletes an existing cross-realm trust to no longer allow linkable resources to be offered by the source project or realm into the context of the target realm or a project therein.


olp org trust delete <source HRN> <target HRN> [command options]

Note

The calling user or app must have permission to take the manageCrossRealmTrust action against the specified realm. This permission is granted to all users or apps with roles OrgAdmin or CrossRealmTrustManager.

Required parameters:

  • <source HRN> The HRN identifying the source realm or project.
  • <target HRN> The HRN identifying the target realm or project.

Optional parameters:

  • --credentials <path to credentials file> The name of a credentials file to use with the command. Credentials files are downloaded separately from the HERE platform portal.
  • --profile <profile name> The name of the credentials profile to use from the olpcli.ini file.
  • --json Display the command result in JSON format.
  • --quiet Display source and target HRNs.

For more information on using credentials and profiles, see Credentials Setup.

Example:

The command below deletes a cross-realm trust.


olp org trust delete hrn:here:authorization::rlm-a:project/project-a hrn:here:authorization::rlm-b:project/project-b

Output:


Cross-realm trust between hrn:here:authorization::rlm-a:project/project-a and hrn:here:authorization::rlm-b:project/project-b has been deleted.

results matching ""

    No results matching ""