@@ -176,15 +176,15 @@ func init() {
176176
177177// rbac user assign command
178178var rbacUserAssignCmd = & cobra.Command {
179- Use : "assign <email> <role-id >" ,
179+ Use : "assign <email> <role-name >" ,
180180 Short : "Assign a role to a user" ,
181181 Long : `Assign a role to a user by email address. The user must have logged in at least once to be found in the system.` ,
182182 Args : cobra .ExactArgs (2 ),
183183 RunE : func (cmd * cobra.Command , args []string ) error {
184184 client := newAuthedClient ()
185185
186186 email := args [0 ]
187- roleID := args [1 ]
187+ roleID := mustResolveRoleID ( context . Background (), client , args [1 ])
188188
189189 printVerbose ("Assigning role %s to user %s" , roleID , email )
190190
@@ -209,15 +209,15 @@ var rbacUserAssignCmd = &cobra.Command{
209209
210210// rbac user revoke command
211211var rbacUserRevokeCmd = & cobra.Command {
212- Use : "revoke <email> <role-id >" ,
212+ Use : "revoke <email> <role-name >" ,
213213 Short : "Revoke a role from a user" ,
214214 Long : `Revoke a role from a user by email address.` ,
215215 Args : cobra .ExactArgs (2 ),
216216 RunE : func (cmd * cobra.Command , args []string ) error {
217217 client := newAuthedClient ()
218218
219219 email := args [0 ]
220- roleID := args [1 ]
220+ roleID := mustResolveRoleID ( context . Background (), client , args [1 ])
221221
222222 printVerbose ("Revoking role %s from user %s" , roleID , email )
223223
@@ -382,13 +382,14 @@ var rbacRoleListCmd = &cobra.Command{
382382
383383 // Create tabwriter
384384 w := tabwriter .NewWriter (os .Stdout , 0 , 0 , 2 , ' ' , 0 )
385- fmt .Fprintln (w , "ID \t NAME \t DESCRIPTION\t PERMISSIONS\t CREATED" )
385+ fmt .Fprintln (w , "NAME \t DESCRIPTION\t PERMISSIONS\t CREATED" )
386386
387387 for _ , role := range roles {
388388 permissions := strings .Join (role .Permissions , ", " )
389- fmt .Fprintf (w , "%s\t %s\t %s\t %s\t %s\n " ,
390- role .ID ,
391- role .Name ,
389+ name := role .Name
390+ if name == "" { name = role .ID }
391+ fmt .Fprintf (w , "%s\t %s\t %s\t %s\n " ,
392+ name ,
392393 role .Description ,
393394 permissions ,
394395 role .CreatedAt ,
@@ -404,14 +405,14 @@ var rbacRoleListCmd = &cobra.Command{
404405
405406// rbac role delete command
406407var rbacRoleDeleteCmd = & cobra.Command {
407- Use : "delete <role-id >" ,
408+ Use : "delete <role-name >" ,
408409 Short : "Delete a role" ,
409- Long : `Delete a role by ID .` ,
410+ Long : `Delete a role by name .` ,
410411 Args : cobra .ExactArgs (1 ),
411412 RunE : func (cmd * cobra.Command , args []string ) error {
412413 client := newAuthedClient ()
413414
414- roleID := args [0 ]
415+ roleID := mustResolveRoleID ( context . Background (), client , args [0 ])
415416
416417 printVerbose ("Deleting role %s" , roleID )
417418
@@ -597,7 +598,7 @@ var rbacPermissionListCmd = &cobra.Command{
597598 }
598599
599600 w := tabwriter .NewWriter (os .Stdout , 0 , 0 , 2 , ' ' , 0 )
600- fmt .Fprintln (w , "ID \t Name \t Description \t Rules \t Created " )
601+ fmt .Fprintln (w , "NAME \t DESCRIPTION \t RULES \t CREATED " )
601602
602603 for _ , permission := range permissions {
603604 rules := ""
@@ -608,9 +609,10 @@ var rbacPermissionListCmd = &cobra.Command{
608609 rules += fmt .Sprintf ("%s:%s:%s" , rule .Effect , strings .Join (rule .Actions , "," ), strings .Join (rule .Resources , "," ))
609610 }
610611
611- fmt .Fprintf (w , "%s\t %s\t %s\t %s\t %s\n " ,
612- permission .ID ,
613- permission .Name ,
612+ name := permission .Name
613+ if name == "" { name = permission .ID }
614+ fmt .Fprintf (w , "%s\t %s\t %s\t %s\n " ,
615+ name ,
614616 permission .Description ,
615617 rules ,
616618 permission .CreatedAt ,
@@ -625,13 +627,12 @@ var rbacPermissionListCmd = &cobra.Command{
625627
626628// rbac permission delete command
627629var rbacPermissionDeleteCmd = & cobra.Command {
628- Use : "delete <id >" ,
630+ Use : "delete <name >" ,
629631 Short : "Delete a permission" ,
630632 Args : cobra .ExactArgs (1 ),
631633 RunE : func (cmd * cobra.Command , args []string ) error {
632- id := args [0 ]
633-
634634 client := newAuthedClient ()
635+ id := mustResolvePermissionID (context .Background (), client , args [0 ])
635636
636637 resp , err := client .Delete (context .Background (), "/v1/rbac/permissions/" + id )
637638 if err != nil {
@@ -895,15 +896,14 @@ func testUserListOutput(client *sdk.Client, email string, args []string) (*TestR
895896
896897// rbac role assign-policy command
897898var rbacRoleAssignPolicyCmd = & cobra.Command {
898- Use : "assign-policy <role-id > <policy-id >" ,
899+ Use : "assign-policy <role-name > <permission-name >" ,
899900 Short : "Assign a policy to a role" ,
900901 Long : `Assign a policy to a role, giving the role the permissions defined in the policy.` ,
901902 Args : cobra .ExactArgs (2 ),
902903 RunE : func (cmd * cobra.Command , args []string ) error {
903- roleID := args [0 ]
904- permissionID := args [1 ]
905-
906904 client := newAuthedClient ()
905+ roleID := mustResolveRoleID (context .Background (), client , args [0 ])
906+ permissionID := mustResolvePermissionID (context .Background (), client , args [1 ])
907907
908908 req := map [string ]string {
909909 "role_id" : roleID ,
@@ -926,15 +926,14 @@ var rbacRoleAssignPolicyCmd = &cobra.Command{
926926
927927// rbac role revoke-permission command
928928var rbacRoleRevokePermissionCmd = & cobra.Command {
929- Use : "revoke-permission <role-id > <permission-id >" ,
929+ Use : "revoke-permission <role-name > <permission-name >" ,
930930 Short : "Revoke a permission from a role" ,
931931 Long : `Revoke a permission from a role, removing the access rights defined in the permission.` ,
932932 Args : cobra .ExactArgs (2 ),
933933 RunE : func (cmd * cobra.Command , args []string ) error {
934- roleID := args [0 ]
935- permissionID := args [1 ]
936-
937934 client := newAuthedClient ()
935+ roleID := mustResolveRoleID (context .Background (), client , args [0 ])
936+ permissionID := mustResolvePermissionID (context .Background (), client , args [1 ])
938937
939938 resp , err := client .Delete (context .Background (), "/v1/rbac/roles/" + roleID + "/permissions/" + permissionID )
940939 if err != nil {
@@ -949,3 +948,63 @@ var rbacRoleRevokePermissionCmd = &cobra.Command{
949948 return nil
950949 },
951950}
951+
952+ // mustResolveRoleID resolves a role name to its ID
953+ // If the argument is already a valid identifier, it's returned as-is
954+ func mustResolveRoleID (ctx context.Context , client * sdk.Client , arg string ) string {
955+ resp , err := client .Get (ctx , "/v1/rbac/roles" )
956+ if err != nil || resp .StatusCode != 200 {
957+ return arg // fallback
958+ }
959+ defer resp .Body .Close ()
960+
961+ body , err := io .ReadAll (resp .Body )
962+ if err != nil {
963+ return arg
964+ }
965+
966+ var roles []Role
967+ if err := json .Unmarshal (body , & roles ); err != nil {
968+ return arg
969+ }
970+
971+ for _ , r := range roles {
972+ if r .Name == arg || r .ID == arg {
973+ if r .ID != "" {
974+ return r .ID
975+ }
976+ return arg
977+ }
978+ }
979+ return arg
980+ }
981+
982+ // mustResolvePermissionID resolves a permission name to its ID
983+ // If the argument is already a valid identifier, it's returned as-is
984+ func mustResolvePermissionID (ctx context.Context , client * sdk.Client , arg string ) string {
985+ resp , err := client .Get (ctx , "/v1/rbac/permissions" )
986+ if err != nil || resp .StatusCode != 200 {
987+ return arg // fallback
988+ }
989+ defer resp .Body .Close ()
990+
991+ body , err := io .ReadAll (resp .Body )
992+ if err != nil {
993+ return arg
994+ }
995+
996+ var permissions []Permission
997+ if err := json .Unmarshal (body , & permissions ); err != nil {
998+ return arg
999+ }
1000+
1001+ for _ , p := range permissions {
1002+ if p .Name == arg || p .ID == arg {
1003+ if p .ID != "" {
1004+ return p .ID
1005+ }
1006+ return arg
1007+ }
1008+ }
1009+ return arg
1010+ }
0 commit comments