Versions Compared

Old Version 1

changes.mady.by.user Stonebranch

Saved on

compared with

New Version Current

changes.mady.by.user Melahat Elis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UDMG Command Line Interface (CLI) is implemented by the waarpudmg-gatewayclient client.

In addition to what is supported by the original version of the waarp-gateway v0.67.2 1 client, the following commands have been added for UDMG:

...

Only Local User Account authentication is supported for the CLI.

SSO and LDAP authentication is only used for the Graphical User Interface.See Waarp Gateway Client Connection Settings on how to give the credentials

The authentication options are:


-a <ADDRESS>, --address=<ADDRESS>

The address of the gateway instance to query. If the parameter is absent, the address will be retrieved from the environment variable UDMG_SERVER_ADDRESS (see below). 

This address must be provided as a DSN (Data Source Name):

[http|https]://<login>:<password>@<host>:<port>`

The protocol can be http or https depending on the configuration of the REST interface of the gateway.

The required login and password are the identifiers of a user. The user and password can be omitted, in which case they will be requested via a terminal prompt.


-i, --insecure

Disables certificate validation of the Gateway service REST interface. Can be used for self-signed certificates and testing.

Note
titleNote

The connection settings are already configured on the UDMG terminal environment.

Since server certificate validation is no longer done, the client blindly trusts the server. This can be a security hole if you are not absolutely sure of the server when using this option.


UDMG_SERVER_ADDRESS

If the Gateway address is not provided in the command via the -a option , the address will be retrieved from this environment variable. The syntax of the address remains identical to that described above.


UDMG_SERVER_INSECURED

Disables certificate validation of the Gateway service REST interface. (equivalent to option -i)

PGP Key Management

PGP key records can be stored in the UDMG database and retrieved with the CLI or the REST API to be used by scripts or by Universal Controller tasks without having to keep them in a local keyring.

Both private and public PGP keys can be stored in the database with AES encryption.

Add key

Code Block
waarpudmg-gateway sbclient sb_pgp add

Adds a new pgp PGP key with the given parameters.

short optionlong optiondescription
-n--name=The name of the key, must be unique.
-u--pgp-name=The key user name.
-e--pgp-email=The associated email.
-a--pgp-algo=The algorithm that was used for creating the key (free text, for reference).
-f--valid-from=The valid from date
-t--valid-to=The expiration date
-k--private-key=The private key. It must be in ascii ASCII armored format.
-K--public-key=The public key. It must be in ascii ASCII armored format.
-p--passphrase=The passphrase of the private key.
-c--comment=An additional comment to describe the pgp PGP key.

Example

To create a public pgp PGP key from a file containing the key that was given by a partner, the syntax is as follows:

Code Block
waarpudmg-gatewayclient sb_pgp add --name=rhelsec --pgp-name="Red Hat, Inc. (Product Security)" --pgp-email="secalert@redhat.com" --pgp-algo="4096R" --comment="https://access.redhat.com/security/team/contact" --public-key="$(cat dce3823597f5eac4.txt)"

List keys

Code Block
waarpudmg-gateway sbclient sb_pgp list

Displays a list of all keys meeting the criteria below.

short optionlong optiondescription
-l--limit=The maximum number of keys allowed in the response. Set to 20 by default.
-o--offset=Index of the first returned entry (default: 0).
-s--sort=[name+|name-]

The setting and order in which keys will be displayed. The possible choices are:

  • by key name (name+&name-)

Example

Code Block
waarpudmg-gatewayclient sb_pgp list -l 10 -o 5 -s 'name+'

Get a key

Code Block
waarpudmg-gateway sbclient sb_pgp <key_name>

Retrieve a PGP key details. The private key content is not output on screen.

...

To get the details for a PGP key:

Code Block
waarpudmg-gatewayclient sb_pgp get test1.key

To get the details for a PGP key and extract the key contents:

Code Block
waarpudmg-gatewayclient sb_pgp get -x test1.txt test1.key

...

  • test1.txt: content of the private key field
  • test1.txt.pub: content of the public key field

Delete a key

Code Block
waarpudmg-gateway sbclient sb_pgp delete <key_name>

Delete the given key.

Example

Code Block
waarpudmg-gatewayclient sb_pgp delete test1.key

Audit Management

...

List audit records

Code Block
waarpudmg-gateway sbclient sb_audit list

Displays a list of all audit records meeting the criteria below.

short optionlong optiondescription
-l--limit=The maximum number of records allowed in the response. Set to 20 by default.
-o--offset=Index of the first returned entry (default: 0).
-s--sort=[id+|id-]

The setting and order in which records will be displayed. The possible choices are:

  • by ecord record id (id+&id-)

Example

Code Block
waarpudmg-gatewayclient sb_audit list -l 10 -o 5 -s 'id+'

Get an audit record

Code Block
waarpudmg-gateway sbclient sb_audit get <id>

Retrieve an audit record details. 

...

To get the details for a PGP key:

Code Block
waarpudmg-gatewayclient sb_pgp getaudit get 12