Argus pepcli

Argus pepcli command line

View the Project on GitHub argus-authz/argus-pep-cli

Argus pepcli command

The pepcli command allows you to submit a XACML request to the PEP daemon and display the XACML response.

The command is very useful to check if a XACML policy applies (decision is Permit, Deny, Not Applicable or Indeterminate) for the given XACML request. Or to check if the XACML response correspond to the values you are expecting (uidgid, secondary-gids, ...) for the user mapping.

Documentation

The full documentation is available online https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZPEPCCLI

Usage

Usage:
    pepcli --pepd <URL> --keyinfo <FILE> [options...]
    pepcli --pepd <URL> --subjectid <DN> [options...]

Submit a XACML Request to the PEP Server and show the XACML Response.

Options:
 -p|--pepd <URL>         Argus PEP server endpoint URL.
 -k|--keyinfo <FILE>     XACML Subject key-info: proxy or X509 file.
 -s|--subjectid <DN>     XACML Subject subject-id: user DN (format RFC2253).
 -f|--fqan <FQAN>        XACML Subject primary FQAN and FQANs
                         Add multiple --fqan options for secondary FQANs.
 -r|--resourceid <URI>   XACML Resource resource-id.
 -a|--actionid <URI>     XACML Action action-id.
 --profileid <URI>       XACML profile-id (default TODO).
 -t|--timeout <SEC>      Connection timeout in second (default 30s).
 -x|--requestcontext     Show effective XACML Request context.
 -v|--verbose            Verbose.
 -q|--quiet              Turn off output.
 -d|--debug              Show debug information.
 -h|--help               This help.
 -V|--version            Display version and exit.
TLS options:
 --capath <DIR>          Directory containing the server PEM encoded CA certificates.
 --cacert <FILE>         Server PEM encoded CA certificate filename.
 --cert <FILE>           Client PEM encoded certificate filename.
 --key <FILE>            Client PEM encoded private key filename.
 --keypasswd <PASSWD>    Password of the client private key
                         If the --keypasswd is omitted and the private key is encrypted,
                         then you will be prompted for the password.