feat(iam): add usermanagement and accessmanagement CLI commands#1842
Open
jt-nr wants to merge 1 commit into
Open
feat(iam): add usermanagement and accessmanagement CLI commands#1842jt-nr wants to merge 1 commit into
jt-nr wants to merge 1 commit into
Conversation
Adds two new top-level commands that expose New Relic user and access management via the CLI. ## Command structure The command hierarchy mirrors the two distinct sections of the New Relic Administration UI — User Management and Access Management — rather than the underlying SDK package layout. This gives CLI users a mental model consistent with the UI and the product documentation, regardless of how the NerdGraph schema is organized internally. `usermanagement` (actor.organization.userManagement.*): - users get/create/update/delete - groups get/create/update/delete - groups members add/remove - auth-domains get `accessmanagement`: - grants get/create/revoke - roles get - permissions get ## SDK usage in accessmanagement The Access Management UI makes NerdGraph calls to two different schema roots on the same page: actor.organization.authorizationManagement.* for grant mutations, and customerAdministration.* for reads (grants get, roles get, permissions get). We followed the same split here so CLI behavior matches what users see in the UI: - grants create/revoke → authorizationManagement SDK - grants get, roles get, permissions get → customerAdministration SDK roles get uses customerAdministration specifically because it supports richer filtering (name contains, groupId) compared to the equivalent authorizationManagement method. ## Naming - "grants create/revoke" follows the CRUD convention used elsewhere in the CLI rather than the SDK's GrantAccess/RevokeAccess naming. - Flag names use camelCase to match existing CLI conventions (--authDomainId, --groupId, --userId, --roleId). Includes per-package READMEs with command reference, flag docs, example responses, jq recipes, and an end-to-end workflow that spans both commands — since the natural flow is to create users/groups in usermanagement and then assign access in accessmanagement.
Author
|
Note on the E2E failures: these are expected for fork PRs. The |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds two new top-level commands that expose New Relic user and access management via the CLI.
Command structure
The command hierarchy mirrors the two distinct sections of the New Relic Administration UI — User Management and Access Management — rather than the underlying SDK package layout. This gives CLI users a mental model consistent with the UI and the product documentation, regardless of how the NerdGraph schema is organized internally.
usermanagement(actor.organization.userManagement.*):accessmanagement:SDK usage in accessmanagement
The Access Management UI makes NerdGraph calls to two different schema roots on the same page: actor.organization.authorizationManagement.* for grant mutations, and customerAdministration.* for reads (grants get, roles get, permissions get). We followed the same split here so CLI behavior matches what users see in the UI:
roles get uses customerAdministration specifically because it supports richer filtering (name contains, groupId) compared to the equivalent authorizationManagement method.
Naming
Includes per-package READMEs with command reference, flag docs, example responses, jq recipes, and an end-to-end workflow that spans both commands — since the natural flow is to create users/groups in usermanagement and then assign access in accessmanagement.