diff --git a/docs/man/inspect/_index.md b/docs/man/inspect/_index.md index d9c36313..46a1ec73 100644 --- a/docs/man/inspect/_index.md +++ b/docs/man/inspect/_index.md @@ -10,3 +10,9 @@ command: Prints the `manifest.json` of the specified TDF for inspection. This is useful for development and administration. + +## Example + +```shell +$ otdfctl inspect example.tdf +``` diff --git a/docs/man/policy/attributes/create.md b/docs/man/policy/attributes/create.md index 5ebdd2cc..ea14d5cb 100644 --- a/docs/man/policy/attributes/create.md +++ b/docs/man/policy/attributes/create.md @@ -53,3 +53,9 @@ If an Attribute is defined with logical rule `HIERARCHY`, an Entity must be mapp compared to a given Value on TDF'd Resource Data. Hierarchical values are considered highest at index 0 and lowest at the last index. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes create --namespace 3d25d33e-2469-4990-a9ed-fdd13ce74436 --name myattribute --rule ANY_OF +``` diff --git a/docs/man/policy/attributes/deactivate.md b/docs/man/policy/attributes/deactivate.md index 710e0b33..3a35fb9f 100644 --- a/docs/man/policy/attributes/deactivate.md +++ b/docs/man/policy/attributes/deactivate.md @@ -19,3 +19,9 @@ However, a deactivation of an attribute means its associated values cannot be en For information about reactivation, see the `unsafe reactivate` subcommand. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes deactivate --id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb +``` diff --git a/docs/man/policy/attributes/get.md b/docs/man/policy/attributes/get.md index 0c873c29..ef463c6c 100644 --- a/docs/man/policy/attributes/get.md +++ b/docs/man/policy/attributes/get.md @@ -13,3 +13,9 @@ command: Retrieve an attribute along with its metadata, rule, and values. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes get --id=3c51a593-cbf8-419d-b7dc-b656d0bedfbb +``` diff --git a/docs/man/policy/attributes/list.md b/docs/man/policy/attributes/list.md index ef8e3440..8e3af71d 100644 --- a/docs/man/policy/attributes/list.md +++ b/docs/man/policy/attributes/list.md @@ -24,3 +24,9 @@ command: By default, the list will only provide `active` attributes if unspecified, but the filter can be controlled with the `--state` flag. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes list +``` diff --git a/docs/man/policy/attributes/namespaces/create.md b/docs/man/policy/attributes/namespaces/create.md index b3a4bbda..073d16dc 100644 --- a/docs/man/policy/attributes/namespaces/create.md +++ b/docs/man/policy/attributes/namespaces/create.md @@ -20,3 +20,9 @@ command: Creation of a `namespace` is required to add attributes or any other policy objects beneath. For more information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces create --name opentdf.io +``` diff --git a/docs/man/policy/attributes/namespaces/deactivate.md b/docs/man/policy/attributes/namespaces/deactivate.md index 9227bbf4..a4ced922 100644 --- a/docs/man/policy/attributes/namespaces/deactivate.md +++ b/docs/man/policy/attributes/namespaces/deactivate.md @@ -21,3 +21,9 @@ behaviors. For information about reactivation, see the `unsafe reactivate` subcommand. For reactivation, see the `unsafe` command. + +## Example + +```shell +otdfctl policy attributes namespaces deactivate --id 7650f02a-be00-4faa-a1d1-37cded5e23dc +``` diff --git a/docs/man/policy/attributes/namespaces/get.md b/docs/man/policy/attributes/namespaces/get.md index b6d8d11f..0e746e01 100644 --- a/docs/man/policy/attributes/namespaces/get.md +++ b/docs/man/policy/attributes/namespaces/get.md @@ -11,3 +11,9 @@ command: --- For more information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces get --id=7650f02a-be00-4faa-a1d1-37cded5e23dc +``` \ No newline at end of file diff --git a/docs/man/policy/attributes/namespaces/list.md b/docs/man/policy/attributes/namespaces/list.md index 4fcc1295..c328d95a 100644 --- a/docs/man/policy/attributes/namespaces/list.md +++ b/docs/man/policy/attributes/namespaces/list.md @@ -18,3 +18,9 @@ command: --- For more general information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces list +``` diff --git a/docs/man/policy/attributes/namespaces/unsafe/delete.md b/docs/man/policy/attributes/namespaces/unsafe/delete.md index 6a27deab..e877ba77 100644 --- a/docs/man/policy/attributes/namespaces/unsafe/delete.md +++ b/docs/man/policy/attributes/namespaces/unsafe/delete.md @@ -18,3 +18,9 @@ Any existing TDFs containing attributes under this namespace will be rendered in Make sure you know what you are doing. For more general information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces unsafe delete --id 7650f02a-be00-4faa-a1d1-37cded5e23dc +``` diff --git a/docs/man/policy/attributes/namespaces/unsafe/reactivate.md b/docs/man/policy/attributes/namespaces/unsafe/reactivate.md index f5ae353e..5e0ed742 100644 --- a/docs/man/policy/attributes/namespaces/unsafe/reactivate.md +++ b/docs/man/policy/attributes/namespaces/unsafe/reactivate.md @@ -18,3 +18,9 @@ The Active/Inactive state of any Attribute Definitions or Values under this Name Make sure you know what you are doing. For more general information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces unsafe reactivate --id 7650f02a-be00-4faa-a1d1-37cded5e23dc +``` diff --git a/docs/man/policy/attributes/namespaces/unsafe/update.md b/docs/man/policy/attributes/namespaces/unsafe/update.md index 35da7611..b536e91f 100644 --- a/docs/man/policy/attributes/namespaces/unsafe/update.md +++ b/docs/man/policy/attributes/namespaces/unsafe/update.md @@ -23,3 +23,9 @@ and already created may now become accessible. Make sure you know what you are doing. For more general information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces unsafe update --id=7650f02a-be00-4faa-a1d1-37cded5e23dc --name opentdf2.io +``` diff --git a/docs/man/policy/attributes/namespaces/update.md b/docs/man/policy/attributes/namespaces/update.md index 3550d6c3..57390939 100644 --- a/docs/man/policy/attributes/namespaces/update.md +++ b/docs/man/policy/attributes/namespaces/update.md @@ -21,3 +21,9 @@ command: Attribute Namespace changes can be dangerous, so this command is for updates considered "safe" (currently just mutations to metadata `labels`). For unsafe updates, see the dedicated `unsafe update` command. For more general information, see the `namespaces` subcommand. + +## Example + +```shell +otdfctl policy attributes namespaces update --id=7650f02a-be00-4faa-a1d1-37cded5e23dc --label hello=world +``` diff --git a/docs/man/policy/attributes/unsafe/delete.md b/docs/man/policy/attributes/unsafe/delete.md index 4e2e4e4c..4b6d0864 100644 --- a/docs/man/policy/attributes/unsafe/delete.md +++ b/docs/man/policy/attributes/unsafe/delete.md @@ -18,3 +18,9 @@ Any existing TDFs containing the deleted attribute of this name will be rendered Make sure you know what you are doing. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes unsafe delete --id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb +``` diff --git a/docs/man/policy/attributes/unsafe/reactivate.md b/docs/man/policy/attributes/unsafe/reactivate.md index 8a944f71..dad61f81 100644 --- a/docs/man/policy/attributes/unsafe/reactivate.md +++ b/docs/man/policy/attributes/unsafe/reactivate.md @@ -18,3 +18,9 @@ The Active/Inactive state of any Attribute Values under this Definition will NOT Make sure you know what you are doing. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes unsafe reactivate --id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb +``` diff --git a/docs/man/policy/attributes/unsafe/update.md b/docs/man/policy/attributes/unsafe/update.md index 17099c45..e18cb192 100644 --- a/docs/man/policy/attributes/unsafe/update.md +++ b/docs/man/policy/attributes/unsafe/update.md @@ -48,3 +48,9 @@ To remove Values from an Attribute Definition, delete them separately via the `v Make sure you know what you are doing. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes unsafe update --id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb --name mynewname +``` diff --git a/docs/man/policy/attributes/update.md b/docs/man/policy/attributes/update.md index 98ede206..f523cb7d 100644 --- a/docs/man/policy/attributes/update.md +++ b/docs/man/policy/attributes/update.md @@ -23,3 +23,9 @@ Attribute Definition changes can be dangerous, so this command is for updates co For unsafe updates, see the dedicated `unsafe update` command. For more general information, see the `attributes` subcommand. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes update --id=3c51a593-cbf8-419d-b7dc-b656d0bedfbb --label hello=world +``` diff --git a/docs/man/policy/attributes/values/create.md b/docs/man/policy/attributes/values/create.md index 4cbb232c..b2b82cca 100644 --- a/docs/man/policy/attributes/values/create.md +++ b/docs/man/policy/attributes/values/create.md @@ -24,3 +24,9 @@ Add a single new value underneath an existing attribute. For a hierarchical attribute, a new value is added in lowest hierarchy (last). For more information on attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values create --attribute-id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb --value myvalue1 +``` diff --git a/docs/man/policy/attributes/values/deactivate.md b/docs/man/policy/attributes/values/deactivate.md index 13d10eb2..c1cf895d 100644 --- a/docs/man/policy/attributes/values/deactivate.md +++ b/docs/man/policy/attributes/values/deactivate.md @@ -15,3 +15,9 @@ However, a deactivation of an attribute value means it cannot be entitled in an For information about reactivation, see the `unsafe reactivate` subcommand. For more information on attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values deactivate --id 355743c1-c0ef-4e8d-9790-d49d883dbc7d +``` diff --git a/docs/man/policy/attributes/values/get.md b/docs/man/policy/attributes/values/get.md index 2cdc5b37..51f41c37 100644 --- a/docs/man/policy/attributes/values/get.md +++ b/docs/man/policy/attributes/values/get.md @@ -13,3 +13,9 @@ command: Retrieve an attribute value along with its metadata. For more general information about attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values get --id 355743c1-c0ef-4e8d-9790-d49d883dbc7d +``` diff --git a/docs/man/policy/attributes/values/list.md b/docs/man/policy/attributes/values/list.md index 7e7a142c..79415aa4 100644 --- a/docs/man/policy/attributes/values/list.md +++ b/docs/man/policy/attributes/values/list.md @@ -28,3 +28,9 @@ command: By default, the list will only provide `active` values if unspecified, but the filter can be controlled with the `--state` flag. For more general information about attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values list --attribute-id 3c51a593-cbf8-419d-b7dc-b656d0bedfbb +``` diff --git a/docs/man/policy/attributes/values/unsafe/delete.md b/docs/man/policy/attributes/values/unsafe/delete.md index 28572b62..cc0a4841 100644 --- a/docs/man/policy/attributes/values/unsafe/delete.md +++ b/docs/man/policy/attributes/values/unsafe/delete.md @@ -18,3 +18,9 @@ Any existing TDFs containing the deleted attribute of this value will be rendere Make sure you know what you are doing. For more information on attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values unsafe delete --id b20458b0-1855-4608-8869-3f6199bc2878 +``` diff --git a/docs/man/policy/attributes/values/unsafe/reactivate.md b/docs/man/policy/attributes/values/unsafe/reactivate.md index 67868726..288aee87 100644 --- a/docs/man/policy/attributes/values/unsafe/reactivate.md +++ b/docs/man/policy/attributes/values/unsafe/reactivate.md @@ -18,3 +18,9 @@ The Active/Inactive state of the Attribute Definition and Namespace above this V Make sure you know what you are doing. For more information on attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values unsafe reactivate --id 355743c1-c0ef-4e8d-9790-d49d883dbc7d +``` diff --git a/docs/man/policy/attributes/values/unsafe/update.md b/docs/man/policy/attributes/values/unsafe/update.md index 4157a9c8..c7eba02b 100644 --- a/docs/man/policy/attributes/values/unsafe/update.md +++ b/docs/man/policy/attributes/values/unsafe/update.md @@ -24,3 +24,9 @@ and already created may now become accessible. Make sure you know what you are doing. For more information on attribute values, see the `values` subcommand. + +## Example + +```shell +otdfctl policy attributes values unsafe update --id 355743c1-c0ef-4e8d-9790-d49d883dbc7d --name mynewvalue1 +``` diff --git a/docs/man/policy/attributes/values/update.md b/docs/man/policy/attributes/values/update.md index d657722c..cc31ef71 100644 --- a/docs/man/policy/attributes/values/update.md +++ b/docs/man/policy/attributes/values/update.md @@ -23,3 +23,9 @@ Attribute Value changes can be dangerous, so this command is for updates conside For unsafe updates, see the dedicated `unsafe update` command. For more general information, see the `values` subcommand. For more general information about attributes, see the `attributes` subcommand. + +## Example + +```shell +otdfctl policy attributes values update --id 355743c1-c0ef-4e8d-9790-d49d883dbc7d --label hello=world +``` diff --git a/docs/man/policy/kas-grants/assign.md b/docs/man/policy/kas-grants/assign.md index 390c1bed..076fb048 100644 --- a/docs/man/policy/kas-grants/assign.md +++ b/docs/man/policy/kas-grants/assign.md @@ -39,3 +39,20 @@ command: Assign a registered Key Access Server (KAS) to an attribute namespace, definition, or value. For more information, see `kas-registry` and `kas-grants` manuals. + +## Example + +Namespace grant: +```shell +otdfctl policy kas-grants assign --namespace-id 3d25d33e-2469-4990-a9ed-fdd13ce74436 --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` + +Attribute grant: +```shell +otdfctl policy kas-grants assign --attribute-id a21eb299-3a7d-4035-8a39-c8662c03cb15 --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` + +Attribute value grant: +```shell +otdfctl policy kas-grants assign --value-id 0a40b27c-6cc9-49e8-a6ae-663cac2c324b --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` diff --git a/docs/man/policy/kas-grants/list.md b/docs/man/policy/kas-grants/list.md index e3c27db7..209b91e2 100644 --- a/docs/man/policy/kas-grants/list.md +++ b/docs/man/policy/kas-grants/list.md @@ -25,3 +25,9 @@ Omitting `kas` lists all grants known to platform policy, otherwise results are the KAS URI or ID specified by the flag value. For more information, see `kas-registry` and `kas-grants` manuals. + +## Example + +```shell +otdfctl policy kas-grants list +``` diff --git a/docs/man/policy/kas-grants/unassign.md b/docs/man/policy/kas-grants/unassign.md index bb71e1b7..7b06c371 100644 --- a/docs/man/policy/kas-grants/unassign.md +++ b/docs/man/policy/kas-grants/unassign.md @@ -30,3 +30,20 @@ command: Unassign a registered Key Access Server (KAS) to an attribute namespace, definition, or value. For more information, see `kas-registry` and `kas-grants` manuals. + +## Example + +Namespace grant: +```shell +otdfctl policy kas-grants unassign --namespace-id 3d25d33e-2469-4990-a9ed-fdd13ce74436 --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` + +Attribute grant: +```shell +otdfctl policy kas-grants unassign --attribute-id a21eb299-3a7d-4035-8a39-c8662c03cb15 --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` + +Attribute value grant: +```shell +otdfctl policy kas-grants unassign --value-id 0a40b27c-6cc9-49e8-a6ae-663cac2c324b --kas-id 62857b55-560c-4b67-96e3-33e4670ecb3b +``` diff --git a/docs/man/policy/kas-registry/create.md b/docs/man/policy/kas-registry/create.md index c2662e79..02d1735a 100644 --- a/docs/man/policy/kas-registry/create.md +++ b/docs/man/policy/kas-registry/create.md @@ -72,3 +72,24 @@ The JSON value passed to the `--public-keys` flag stores the set of public keys Deprecated. For more information about registration of Key Access Servers, see the manual for `kas-registry`. + +## Examples + +```shell +otdfctl policy kas-registry create --uri http://example.com/kas --name example-kas --public-keys '{ + "cached": { + "keys": [ + { + "pem": "-----BEGIN CERTIFICATE-----\nMIIC/TCCAeWgAwIBAgIUSHTJ2bzAh7dQmmF03q6Iq/n0l90wDQYJKoZIhvcNAQEL\nBQAwDjEMMAoGA1UEAwwDa2FzMB4XDTI0MDYwNjE3NDY1NFoXDTI1MDYwNjE3NDY1\nNFowDjEMMAoGA1UEAwwDa2FzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAxN3APihTiojcaH6oWj1tMtZMaaZ+IA1qtqFmpy5Fg8D5bEsP736GxzUMFsMV\nshrKEXz8dY9Kp23uIwyeC0RPWLe5xIfTkJUbyLpqGdlEgqj10RQ8kSVq270XPES2\nGZUij2DuJVfwpTpLzcti2PsgEOoOKC6NnnAI0NS1mao/2DxQxs/D9hAJjGdpzymb\nxi2TxGnvYbvofCPd8RdFTCPvgwKLS7+MqBcmic9VdX91QNOPmrP3rIoKtjjd+5PY\nl/z73PAxR3K3SIzIZLvItq2ahobOOMiSxw8soOlOdHNUJTpECcduhRbquqmK6fTw\nVOfrcRQhhU4TkDu92LI7SglOWQIDAQABo1MwUTAdBgNVHQ4EFgQUdgxx7U5AQgfi\niQWu3khi9yneEVowHwYDVR0jBBgwFoAUdgxx7U5AQgfiiQWu3khi9yneEVowDwYD\nVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATcLYbHomJgLQ/H6iDvcA\nIpISF/Rcxgh7NnIqRkB+Tm4xNlNHIxl4Sz+KkEZEPh0WKItGVDj3293rArROEOXI\ntVmn2OBv9M/5DQkHj76Ru4PQ2TcL0CACl1JKfqXLsMc6HHTp8ZTP8lMdpW4kzEc3\nfVtgvtpJc4WHdUIEzAtTlzYRqIbyyBMWeTjXwa54aMv3RZQdJ+C0ehwWTDQDph7n\nKY3+7G0enNEVtyW4dtxvQQbidMany0JEpr6QpPmxC8e0Z23dMDdkR1IoT99PhdW/\nQC8xMjuLCiREV7a6e2MxCGj3fxrnMXwOIqO3AzNswe2amcoz2ktuoqgDTYlo+FkK\n5w==\n-----END CERTIFICATE-----\n", + "kid": "k1", + "alg": 1 + } + ] + } + }' +``` + +With a remote public key: +```shell +otdfctl policy kas-registry create --uri http://example.com/kas2 --name example-kas2 --public-key-remote "https://example.com/kas2/public_key" +``` diff --git a/docs/man/policy/kas-registry/delete.md b/docs/man/policy/kas-registry/delete.md index bfff3958..d30439c2 100644 --- a/docs/man/policy/kas-registry/delete.md +++ b/docs/man/policy/kas-registry/delete.md @@ -20,3 +20,9 @@ type of grants and relevant key splits. Make sure you know what you are doing. For more information about registration of Key Access Servers, see the manual for `kas-registry`. + +## Example + +```shell +otdfctl policy kas-registry delete --id 3c39618a-cd8c-48cf-a60c-e8a2f4be4dd5 +``` diff --git a/docs/man/policy/kas-registry/get.md b/docs/man/policy/kas-registry/get.md index cf19bd38..19968e84 100644 --- a/docs/man/policy/kas-registry/get.md +++ b/docs/man/policy/kas-registry/get.md @@ -12,3 +12,9 @@ command: --- For more information about registration of Key Access Servers, see the manual for `kas-registry`. + +## Example + +```shell +otdfctl policy kas-registry get --id=62857b55-560c-4b67-96e3-33e4670ecb3b +``` diff --git a/docs/man/policy/kas-registry/list.md b/docs/man/policy/kas-registry/list.md index 9d2101fd..6eb8581b 100644 --- a/docs/man/policy/kas-registry/list.md +++ b/docs/man/policy/kas-registry/list.md @@ -14,3 +14,9 @@ command: --- For more information about registration of Key Access Servers, see the manual for `kas-registry`. + +## Example + +```shell +otdfctl policy kas-registry list +``` diff --git a/docs/man/policy/kas-registry/update.md b/docs/man/policy/kas-registry/update.md index cc64948f..cfe5198c 100644 --- a/docs/man/policy/kas-registry/update.md +++ b/docs/man/policy/kas-registry/update.md @@ -39,3 +39,9 @@ type of grants and relevant key splits. Make sure you know what you are doing. For more information about registration of Key Access Servers, see the manual for `kas-registry`. + +## Example + +```shell +otdfctl policy kas-registry update --id 3c39618a-cd8c-48cf-a60c-e8a2f4be4dd5 --name example-kas2-newname --public-key-remote "https://example.com/kas2/new_public_key" +``` diff --git a/docs/man/policy/resource-mappings/create.md b/docs/man/policy/resource-mappings/create.md index 20ba76f0..fdf427cc 100644 --- a/docs/man/policy/resource-mappings/create.md +++ b/docs/man/policy/resource-mappings/create.md @@ -22,3 +22,9 @@ command: Associate an attribute value with a set of plaintext string terms. For more information about resource mappings, see the `resource-mappings` subcommand. + +## Examples + +```shell +otdfctl policy resource-mappings create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --terms term1,term2 +``` diff --git a/docs/man/policy/resource-mappings/delete.md b/docs/man/policy/resource-mappings/delete.md index 3eba3329..3640325b 100644 --- a/docs/man/policy/resource-mappings/delete.md +++ b/docs/man/policy/resource-mappings/delete.md @@ -11,3 +11,9 @@ command: --- For more information about resource mappings, see the `resource-mappings` subcommand. + +## Examples + +```shell +otdfctl policy resource-mappings delete --id=3ff446fb-8fb1-4c04-8023-47592c90370c +``` diff --git a/docs/man/policy/resource-mappings/get.md b/docs/man/policy/resource-mappings/get.md index 22e8c9a4..abc4a0fb 100644 --- a/docs/man/policy/resource-mappings/get.md +++ b/docs/man/policy/resource-mappings/get.md @@ -11,3 +11,9 @@ command: --- For more information about resource mappings, see the `resource-mappings` subcommand. + +## Examples + +```shell +otdfctl policy resource-mappings get --id=3ff446fb-8fb1-4c04-8023-47592c90370c +``` diff --git a/docs/man/policy/resource-mappings/list.md b/docs/man/policy/resource-mappings/list.md index 6dbd6d92..402865ba 100644 --- a/docs/man/policy/resource-mappings/list.md +++ b/docs/man/policy/resource-mappings/list.md @@ -14,3 +14,9 @@ command: --- For more information about resource mappings, see the `resource-mappings` subcommand. + +## Examples + +```shell +otdfctl policy resource-mappings get --id=3ff446fb-8fb1-4c04-8023-47592c90370c +``` diff --git a/docs/man/policy/resource-mappings/update.md b/docs/man/policy/resource-mappings/update.md index 8f367583..0346e49f 100644 --- a/docs/man/policy/resource-mappings/update.md +++ b/docs/man/policy/resource-mappings/update.md @@ -26,3 +26,9 @@ command: Alter the attribute value associated with a resource mapping's terms, or fully replace the terms in a given resource mapping. For more information about resource mappings, see the `resource-mappings` subcommand. + +## Examples + +```shell +otdfctl policy resource-mappings update --id=3ff446fb-8fb1-4c04-8023-47592c90370c --terms newterm1,newterm2 +``` diff --git a/docs/man/policy/subject-condition-sets/create.md b/docs/man/policy/subject-condition-sets/create.md index f5605d44..7ace9291 100644 --- a/docs/man/policy/subject-condition-sets/create.md +++ b/docs/man/policy/subject-condition-sets/create.md @@ -94,3 +94,36 @@ the condition set would not resolve to true, and the Subject would not be found to the Attribute Value applicable to this Subject Condition Set via Subject Mapping between. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Examples + +The following subject condition set would resolve to true if the field at `.example.field.one` is +`myvalue` or `myothervalue1`, or the field at `.example.field.two` is not equal to `notpresentvalue`. +```shell +otdfctl policy subject-condition-set create --subject-sets '[ + { + "condition_groups": [ + { + "conditions": [ + { + "operator": 1, + "subject_external_values": ["myvalue", "myothervalue"], + "subject_external_selector_value": ".example.field.one" + }, + { + "operator": 2, + "subject_external_values": ["notpresentvalue"], + "subject_external_selector_value": ".example.field.two" + } + ], + "boolean_operator": 2 + } + ] + } +]' +``` + +You can perform the same action with the input contained in a file: +```shell +otdfctl policy subject-condition-set create --subject-sets-file-json scs.json +``` diff --git a/docs/man/policy/subject-condition-sets/delete.md b/docs/man/policy/subject-condition-sets/delete.md index 9726e6e0..3f269b93 100644 --- a/docs/man/policy/subject-condition-sets/delete.md +++ b/docs/man/policy/subject-condition-sets/delete.md @@ -13,3 +13,9 @@ command: --- For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-condition-sets delete --id=bfade235-509a-4a6f-886a-812005c01db5 +``` diff --git a/docs/man/policy/subject-condition-sets/get.md b/docs/man/policy/subject-condition-sets/get.md index 764b104a..fefb2842 100644 --- a/docs/man/policy/subject-condition-sets/get.md +++ b/docs/man/policy/subject-condition-sets/get.md @@ -13,3 +13,9 @@ command: --- For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-condition-sets get --id=bfade235-509a-4a6f-886a-812005c01db5 +``` diff --git a/docs/man/policy/subject-condition-sets/list.md b/docs/man/policy/subject-condition-sets/list.md index 77b9bc26..928ea730 100644 --- a/docs/man/policy/subject-condition-sets/list.md +++ b/docs/man/policy/subject-condition-sets/list.md @@ -15,3 +15,9 @@ command: --- For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-condition-set list +``` diff --git a/docs/man/policy/subject-condition-sets/prune.md b/docs/man/policy/subject-condition-sets/prune.md index e2842050..45806e7b 100644 --- a/docs/man/policy/subject-condition-sets/prune.md +++ b/docs/man/policy/subject-condition-sets/prune.md @@ -11,3 +11,9 @@ command: This command will delete all Subject Condition Sets that are not utilized within any Subject Mappings and are therefore 'stranded'. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-condition-set prune +``` diff --git a/docs/man/policy/subject-condition-sets/update.md b/docs/man/policy/subject-condition-sets/update.md index 9d5b3d67..f82783f6 100644 --- a/docs/man/policy/subject-condition-sets/update.md +++ b/docs/man/policy/subject-condition-sets/update.md @@ -31,3 +31,31 @@ command: Replace the existing conditional logic within an SCS with new conditional logic, passing either JSON directly or a JSON file. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +This updates the boolean_operator of the subject condition set created in the `create` example. The following subject condition set would resolve to true if the field at `.example.field.one` is +`myvalue` or `myothervalue` AND the field at `.example.field.two` is not equal to `notpresentvalue`. +```shell +otdfctl policy subject-condition-set update --id bfade235-509a-4a6f-886a-812005c01db5 --subject-sets '[ + { + "condition_groups": [ + { + "conditions": [ + { + "operator": 1, + "subject_external_values": ["myvalue", "myothervalue"], + "subject_external_selector_value": ".example.field.one" + }, + { + "operator": 2, + "subject_external_values": ["notpresentvalue"], + "subject_external_selector_value": ".example.field.two" + } + ], + "boolean_operator": 1 + } + ] + } +]' +``` diff --git a/docs/man/policy/subject-mappings/create.md b/docs/man/policy/subject-mappings/create.md index 4b24b7e2..537631fa 100644 --- a/docs/man/policy/subject-mappings/create.md +++ b/docs/man/policy/subject-mappings/create.md @@ -39,8 +39,42 @@ command: default: '' --- +The possible values for standard actions are DECRYPT and TRANSMIT. + Create a Subject Mapping to entitle an entity (via existing or new Subject Condition Set) to an Attribute Value. For more information about subject mappings, see the `subject-mappings` subcommand. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Examples + +Create a subject mapping linking to an existing subject condition set: +```shell +otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action-standard DECRYPT --subject-condition-set-id 8dc98f65-5f0a-4444-bfd1-6a818dc7b447 +``` + +Or you can create a mapping that linked to a new subject condition set: +```shell +otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action-standard DECRYPT --subject-condition-set-new '[ + { + "condition_groups": [ + { + "conditions": [ + { + "operator": 1, + "subject_external_values": ["myvalue", "myothervalue"], + "subject_external_selector_value": ".example.field.one" + }, + { + "operator": 2, + "subject_external_values": ["notpresentvalue"], + "subject_external_selector_value": ".example.field.two" + } + ], + "boolean_operator": 2 + } + ] + } +]' +``` diff --git a/docs/man/policy/subject-mappings/delete.md b/docs/man/policy/subject-mappings/delete.md index c2af25ac..1a00549d 100644 --- a/docs/man/policy/subject-mappings/delete.md +++ b/docs/man/policy/subject-mappings/delete.md @@ -17,3 +17,9 @@ Delete a Subject Mapping to remove entitlement of an entity (via Subject Conditi For more information about subject mappings, see the `subject-mappings` subcommand. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-mappings delete --id d71c4028-ce64-453b-8aa7-6edb45fbb848 +``` diff --git a/docs/man/policy/subject-mappings/get.md b/docs/man/policy/subject-mappings/get.md index 75e2197c..bc52c6f2 100644 --- a/docs/man/policy/subject-mappings/get.md +++ b/docs/man/policy/subject-mappings/get.md @@ -15,3 +15,7 @@ command: Retrieve the specifics of a Subject Mapping. For more information about subject mappings, see the `subject-mappings` subcommand. + +```shell +otdfctl policy subject-mappings get --id 39866dd2-368b-41f6-b292-b4b68c01888b +``` diff --git a/docs/man/policy/subject-mappings/list.md b/docs/man/policy/subject-mappings/list.md index 1e13e6af..4db94592 100644 --- a/docs/man/policy/subject-mappings/list.md +++ b/docs/man/policy/subject-mappings/list.md @@ -14,3 +14,9 @@ command: --- For more information about subject mappings, see the `subject-mappings` subcommand. + +## Example + +```shell +otdfctl policy subject-mappings list +``` diff --git a/docs/man/policy/subject-mappings/update.md b/docs/man/policy/subject-mappings/update.md index 3f4abf07..f4db14e4 100644 --- a/docs/man/policy/subject-mappings/update.md +++ b/docs/man/policy/subject-mappings/update.md @@ -44,3 +44,9 @@ At this time, creation of a new SCS during update of a subject mapping is not su For more information about subject mappings, see the `subject-mappings` subcommand. For more information about subject condition sets, see the `subject-condition-sets` subcommand. + +## Example + +```shell +otdfctl policy subject-mappings update --id 39866dd2-368b-41f6-b292-b4b68c01888b --action-standard DECRYPT,TRANSMIT +```