Command Line Interface¶

Global options¶

Execute Cloud recipes

usage: scullery [-h] [-V] [-d] [--project PROJECT | --region REGION]
                [--token TOKEN | --ak AK | --username USERNAME] [--sk SK]
                [--security-token SECURITYTOKEN] [--password PASSWORD]
                [--user-domain USER_DOMAIN_NAME]
                {} ...

Named Arguments¶

-V, --version

show program’s version number and exit

-d, --debug

Turn on debugging options

Default: False

Scoping¶

Define scoped/unscoped recipes

--project, -p: Specify Project for project scoped recipes
--region, -R: Specify region to use for unscopped recipes

Authentication options¶

Type of authentication to use

--token: Token to use (or environment OS_AUTH_TOKEN or OS_TOKEN)
--ak: Access Key for AK/SK authentication (or environment OS_ACCESS_KEY)
--username, -u: Username for username+password authentication (or environment OS_USERNAME)

AK/SK authentication¶

Options specific to AK/SK authentication

--sk: Secret Key for AK/SK authentication (or environment OS_SECRET_KEY)
--security-token, --security_token, --securitytoken: Security token for temp AK/SK authentication (or environment OS_SECURITY_TOKEN)

Username+password authentication¶

Options related to username+password authentication

--password, --passwd, -P: Password for username+password authentication (or environment OS_PASSWORD)
--user-domain, --user_domain, --userdomain: User domain (OTC0000XXXX for username+password authentication (or environment OS_USER_DOMAIN_NAME)

Recipes¶

Buckets¶

Object Storage Bucket recipes

List, create, delete, manage tags and access policies for OBS buckets.

Recipe	Description
	list all buckets (with tags)
ls	same as above
ls env=prod	list buckets filtered by tag
ls env=prod –tag env	filtered, showing tag column
create	create a new bucket
delete	delete a bucket
tag	list bucket tags
tag key=value …	set (replace) tags
untag key …	delete tags by key
untag –all	delete all tags
access	show access policy
access grant	grant access (IAM user/group)
access revoke	revoke access (IAM user/group)

Access is managed via bucket policies. Only IAM users are supported as policy principals — IAM groups are not supported by the OBS/S3 API.

This recipe automatically acquires temporary AK/SK credentials if the session uses password or token authentication.

usage: RECIPE [-h] {bucket} ...

Sub-commands¶

bucket¶

Object Storage Bucket management

RECIPE bucket [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
              {create,mk,new,delete,del,rm,remove,ls,list,filter,tag,untag,tag-del,rmtag,access,policy,pol}
              ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

create (mk, new)¶

Create a new bucket

RECIPE bucket create [-h] [--location LOCATION] name

Positional Arguments¶

name: Bucket name (globally unique)

Named Arguments¶

--location, -l: Bucket location (region). Defaults to session region.

delete (del, rm, remove)¶

Delete a bucket (must be empty)

RECIPE bucket delete [-h] name

Positional Arguments¶

name: Bucket name

ls (list, filter)¶

List buckets, optionally filtered by tag

RECIPE bucket ls [-h] [--tag KEY] [-f {terminal,json,yaml,csv,tsv,markdown}]
                 [filter ...]

Positional Arguments¶

filter: Tag filter as KEY=VALUE (repeatable)

Named Arguments¶

--tag

Display specific tag KEY as a column (repeatable; default: all tags in a combined column)

Default: []

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

tag¶

Show or set tags on a bucket

RECIPE bucket tag [-h] [-f {json,yaml,terminal}] name [tag ...]

Positional Arguments¶

name: Bucket name
tag: Tag as key=value (if omitted, list existing tags)

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

untag (tag-del, rmtag)¶

Delete tags from a bucket

RECIPE bucket untag [-h] [--all] name [key ...]

Positional Arguments¶

name: Bucket name
key: Tag key(s) to remove

Named Arguments¶

--all, -a

Delete all tags from the bucket

Default: False

access (policy, pol)¶

Manage bucket access policy (IAM users

RECIPE bucket access [-h] [-f {json,yaml,terminal}]
                     name [{grant,revoke}] [who] [{READ,WRITE,FULL_CONTROL}]

Positional Arguments¶

name

Bucket name

op

Possible choices: grant, revoke

Operation (grant or revoke)

who

IAM user name

permission

Possible choices: READ, WRITE, FULL_CONTROL

Permission to grant/revoke

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

DeH¶

Dedicated Host recipes

Lists available dedicated host types.

When specifying the AZ, the AZ can be a numeric index (2) or a full AZ name (eu-de-02). If omitted it defaults to the first available availability zone.

usage: RECIPE [-h] {deh,dedicated-host} ...

Sub-commands¶

deh (dedicated-host)¶

Dedicated Host types

RECIPE deh [-h] [-f {terminal,json,yaml,csv,tsv,markdown}] [az]

Positional Arguments¶

az

Availability zone (number or name, default: 1)

Default: 1

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

ECS¶

Elastic Cloud Server recipes

List, inspect and control ECS servers, and query available flavors.

Recipe	Description
	list servers in current project
get	server details
flavors	list available flavors
start	start a server
stop	stop (soft) a server
reboot	reboot (soft) a server

Use -f / --force with stop and reboot for a hard shutdown / hard reboot.

The flavors command accepts --ram (minimum GB, converted to MB for the API) and --disk (minimum GB).

usage: RECIPE [-h] {ecs} ...

Sub-commands¶

ecs¶

Elastic Cloud Server management

RECIPE ecs [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
           {flavors,fl,availability-zones,azs,zones,get,start,on,stop,off,reboot,restart}
           ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

flavors (fl)¶

List available flavors

RECIPE ecs flavors [-h] [--ram RAM] [--disk DISK]
                   [-f {terminal,json,yaml,csv,tsv,markdown}]

Named Arguments¶

--ram

Minimum memory in GB

--disk

Minimum disk size in GB

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

availability-zones (azs, zones)¶

List availability zones

RECIPE ecs availability-zones [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

get¶

Get details for a server

RECIPE ecs get [-h] [-f {json,yaml,terminal}] server [server ...]

Positional Arguments¶

server: Server name(s)

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

start (on)¶

Start a server

RECIPE ecs start [-h] server [server ...]

Positional Arguments¶

server: Server name(s)

stop (off)¶

Stop a server

RECIPE ecs stop [-h] [--force] server [server ...]

Positional Arguments¶

server: Server name(s)

Named Arguments¶

--force, -f

Force hard shutdown

Default: False

reboot (restart)¶

Reboot a server

RECIPE ecs reboot [-h] [--force] server [server ...]

Positional Arguments¶

server: Server name(s)

Named Arguments¶

--force, -f

Force hard reboot

Default: False

Groups¶

Group recipes

Recipe	Description
	List groups
get groupname	Get details related to a group. This will show group definitions, assigned domain roles and member users.
add groupname [description]	Create a new group
del groupname	Delete a group

usage: RECIPE [-h] {group,grp} ...

Sub-commands¶

group (grp)¶

Group recipes

RECIPE group [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
             {get,add,create,new,del,rm} ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

get¶

Get details for group

RECIPE group get [-h] [-f {json,yaml,terminal}] group [group ...]

Positional Arguments¶

group: Group to look-up

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

add (create, new)¶

Add group

RECIPE group add [-h] [-d DESCRIPTION] [-p PROJECT] name

Positional Arguments¶

name: Group name

Named Arguments¶

-d, --description, --desc: Optional description
-p, --project, --proj: Include project name in description

del (rm)¶

Delete group

RECIPE group del [-h] name [name ...]

Positional Arguments¶

name: Group name to delete

IMS¶

Image management service

This recipe is used to list images

API Docs

usage: RECIPE [-h] {image,ims,img} ...

Sub-commands¶

image (ims, img)¶

Image management

RECIPE image [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
             {get,list,find,ls} ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

get¶

Get details for image

RECIPE image get [-h] [-f {json,yaml,terminal}] image [image ...]

Positional Arguments¶

image: Image to check

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

list (find, ls)¶

Find image

RECIPE image list [-h]
                  [--os {Windows,Ubuntu,Red Hat,SUSE,CentOS,Debian,OpenSUSE,Oracle Linux,Fedora,CoreOS,EulerOS,Other}]
                  [--type {Linux,Windows,Other}]
                  [param ...]

Positional Arguments¶

param: Key=value parameters to filter list

Named Arguments¶

--os

Possible choices: Windows, Ubuntu, Red Hat, SUSE, CentOS, Debian, OpenSUSE, Oracle Linux, Fedora, CoreOS, EulerOS, Other

Specify the image os platform

--type

Possible choices: Linux, Windows, Other

Specify an OS type

Login¶

Lets you issue temporary credentials at the start of a session.

TODO: update ~/s3cfg

This can issue temp AK/SK and unscoped tokens. Tokens is the default as temp AK/SK has these issues:

No IAM access
No TMS access (probably other global services too)

temp AK/SK works well for:

OBS access
Project scoped requests
Project info

usage: RECIPE [-h] {login,init,logout} ...

Sub-commands¶

login (init)¶

Start an interactive session

RECIPE login [-h] [--aksk] [--token] [--ttl TTL] [--s3cfg] [--region REGION]

Named Arguments¶

--aksk

Issue temporary AK/SK credentials

Default: False

--token

Issue token (Default)

Default: False

--ttl

Credentials Time-to-live in seconds (only for temp AK/SK)

Default: 3600

--s3cfg

If issuing AK/SK, update ~/.s3cfg

Default: False

--region, -R

Unscoped token for the given region

Default: 'eu-de'

logout¶

Discard cached session

RECIPE logout [-h] [--s3cfg]

Named Arguments¶

--s3cfg

Update ~/.s3cfg

Default: False

Projects¶

IAM Projects recipes

Recipe	Description
list	Get a list of projects
get	Get details of a project
add	Create a new project
del	Delete an existing project
grant	Grants a role to a group on a project
revoke	Revokes a role from a group on a project

NOTE Project deleletion takes more than 30 minutes.

This recipe will check using Resource Management that no active resources are assigned to this project. Use --force to ignore.

usage: RECIPE [-h] {project,prj} ...

Sub-commands¶

project (prj)¶

Project Management service

RECIPE project [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
               {get,g,add,create,new,a,del,remove,rm,r,grant,gr,revoke,rev}
               ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

get (g)¶

Get details for project

RECIPE project get [-h] [-f {json,yaml,terminal}] project [project ...]

Positional Arguments¶

project: Project to look-up

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

add (create, new, a)¶

Add Project

RECIPE project add [-h] [-d DESCRIPTION] name

Positional Arguments¶

name: Project name

Named Arguments¶

-d, --description, --desc: Optional description

del (remove, rm, r)¶

Delete Project

RECIPE project del [-h] [-f] name [name ...]

Positional Arguments¶

name: Project name to delete

Named Arguments¶

-f, --force

Force remove even if resources exists

Default: False

grant (gr)¶

Grant roles

RECIPE project grant [-h] grants [grants ...]

Positional Arguments¶

grants: Enter “role” [on] “project” [to] “group”

revoke (rev)¶

Revoke roles

RECIPE project revoke [-h] revokes [revokes ...]

Positional Arguments¶

revokes: Enter “role” [on] “project” [from] “group”

RMS¶

Resource management recipes

This recipe is used to list resources optionally filtered by projectname.

If no projectname is specified it should list all resources. If projectname is specified it will list all resources related to the given project.

Output format can be controlled with -f / --format:

Format	Description
`terminal`	Aligned columns for your terminal
`json`	JSON array of resources
`csv`	Comma-separated values
`tsv`	Tab-separated values
`markdown`	Markdown / pipe table

usage: RECIPE [-h] {rms} ...

Sub-commands¶

rms¶

Resource management

RECIPE rms [-h] [-m PRJMATCH] [-T TAGS] [-t TYPE]
           [-f {terminal,json,yaml,csv,tsv,markdown}]

Named Arguments¶

-m, --project

Match project (or region)

-T, --tags

Spcifies tags, format is key or key=value

Default: []

-t, --type

Resource type in the format provider.type

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Roles¶

Implements role recipes.

Recipe	Description
	List custom roles
system	List system roles. These roles are built-in into the cloud infrastructure.
get role_name	Get the role details.
add role_name [yaml_file]	Create a role using a `yaml_file`. If no `yaml_file` is specified it will read definition from `stdin`.
del role_name	Delete a custom role

Example YAML:

- Action:
  - 'ecs:*:get*'
  - 'ecs:*:list*'
  - 'ecs:*:stop*'
  - 'ecs:*:start*'
  - 'ecs:*:reboot*'
  - 'ims:*:list'
  - 'ims:*:get'
  Effect: Allow

See scullery.iam.Iam.new_role for more details.

usage: RECIPE [-h] {role} ...

Sub-commands¶

role¶

Role recipes

RECIPE role [-h] [-f {terminal,json,yaml,csv,tsv,markdown}] [--long]
            {system,sys,custom,cus,get,add,new,create,del,rm} ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

--long, -l

Show Name and ID columns in human-readable output

Default: False

Sub-commands¶

system (sys)¶

List system roles

RECIPE role system [-h]

custom (cus)¶

List custom roles

RECIPE role custom [-h]

get¶

Get details for role

RECIPE role get [-h] [-f {json,yaml,terminal}] role [role ...]

Positional Arguments¶

role: Role to look-up

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

add (new, create)¶

Add role

RECIPE role add [-h] [-d DESCRIPTION] [-p PROJECT] name [policy]

Positional Arguments¶

name

Role name to create

policy

Policy file (if not specified will read from stdin)

Default: <_io.TextIOWrapper name='<stdin>' mode='r' encoding='utf-8'>

Named Arguments¶

-d, --description, --desc: Description for this role
-p, --project, --proj: Include project name in description

del (rm)¶

Delete role

RECIPE role del [-h] name [name ...]

Positional Arguments¶

name: Role name to delete

Tag Management Service¶

These recipes are used to create and delete pre-defined tags.

usage: RECIPE [-h] {tag,tms} ...

Sub-commands¶

tag (tms)¶

Tag management service

RECIPE tag [-h] [-a | -d] [kvp ...]

Positional Arguments¶

kvp: Key value pair (key=value

Named Arguments¶

-a, --add: Create a tag key=value pair
-d, --del: Delete a tag key=value pair

Users¶

This module implements user related recipes. The following verbs are recognized.

recipe	descripiton
	List cloud users
get username	Get user details for a given user
add [options]	Create user
del username	Delete user
group groupname add username	Add user to group
group groupname del username	Remove user from group

usage: RECIPE [-h] {user,usr} ...

Sub-commands¶

user (usr)¶

User recipes

RECIPE user [-h] [-f {terminal,json,yaml,csv,tsv,markdown}]
            {get,add,new,create,del,rm,group,grp,passwd,reset-passwd,password,set-passwd}
            ...

Named Arguments¶

-f, --format

Possible choices: terminal, json, yaml, csv, tsv, markdown

Output format

Default: 'terminal'

Sub-commands¶

get¶

Get details for user

RECIPE user get [-h] [-f {json,yaml,terminal}] user [user ...]

Positional Arguments¶

user: User to look-up

Named Arguments¶

-f, --format

Possible choices: json, yaml, terminal

Output format

Default: 'terminal'

add (new, create)¶

Add user

RECIPE user add [-h] [-P PASSWD] [-n NAME] [-m EMAIL] [-d DESCRIPTION]
                [-p PROJECT] [-g GROUP]

Named Arguments¶

-P, --password, --passwd

Password to use (if not specified a random password is used)

-n, --name, --user

User name to create (it not specified a random name is used)

-m, -e, --email, --mail

Assign e-mail address

-d, --description, --desc

Description for this user

-p, --project, --proj

Include project name in description

-g, --group, --grp

Assign group (can be specified multiple times)

Default: []

del (rm)¶

Delete user

RECIPE user del [-h] name [name ...]

Positional Arguments¶

name: User name to delete

group (grp)¶

Modify user group membership

RECIPE user group [-h] group {add,del} user

Positional Arguments¶

group

Group to modify

op

Possible choices: add, del

Add or Delete operation

user

User to add/del from group

passwd (reset-passwd, password, set-passwd)¶

set/reset user password

RECIPE user passwd [-h] [-S] user [password]

Positional Arguments¶

user: User to modify
password: Password to set (if not specify will use a random string)

Named Arguments¶

-S, --chg-pwd

Ask password to be changed on first login

Default: False

Wizard¶

Configuration Wizard

Lets you interactive configure your config.yaml file for use with scullery.

It may update $HOME/.s3cfg if requested.

usage: RECIPE [-h] {config-wizard,wiz} ...

Sub-commands¶

config-wizard (wiz)¶

Configure your client

RECIPE config-wizard [-h]