Introducing Cone, the ConductorOne CLI
What is Cone?
A CLI, or command-line interface, is a text-based user interface that allows users to interact with a computer by typing commands. CLIs are popular with developers, system administrators, and security engineers because of the speed, control, and flexibility they offer.
We created the ConductorOne’s CLI, Cone, to bring the power of ConductorOne to the command line.
Why is it called Cone?
For informal use we like to shorten “ConductorOne” to “C1”. If you spell out the number … you get “Cone”!
What can I do with Cone?
Here are just a few of key ConductorOne tasks you can perform on the command line by using Cone.
Search for available entitlements
The search
command displays all entitlements currently available to you from all applicable request catalogs:
$ cone search
Get access to an entitlement
The get
command retrieves a specific entitlement using its alias:
$ cone get ${entitlement_alias}
For example:
$ cone get aws-prod-admin
This command will find an entitlement in ConductorOne with the alias aws-prod-admin
. If you already have access to this entitlement, cone
will exit successfully (exit status 0). However, if you don’t currently have access but the entitlement is available to you (in other words, it’s present in one of your request catalogs), cone
will create an access request in ConductorOne and notify the necessary approvers. Based on the entitlement’s settings, the command may prompt you to enter a justification or length of access.
Once the request is approved, you’ll be able to access the entitlement.
Drop an entitlement
The drop
command revokes a specific entitlement using its alias:
$ cone drop ${entitlement_alias}
For example:
$ cone drop aws-prod-admin
If you currently have access to this entitlement, cone
will create a revocation request in the ConductorOne and, following any required review, deprovision the access. If you don’t have acccess to the entitlement, cone
will exit successfully (exit status 0).