Skip to main content

CLI - Advanced

You can use the CLI to invoke a number of calls in Identity Security Cloud, including calls that aren't specifically defined by the CLI. This section includes examples that show how you can invoke those calls:

Use provided CLI invoke calls

To find commands supported by the CLI, you can use the sail conn invoke -h command:

Available Commands:
account-create Invoke a std:account:create command
account-delete Invoke a std:account:delete command
account-discover-schema Invoke a std:account:discover-schema command
account-list Invoke a std:account:list command
account-read Invoke a std:account:read command
account-update Invoke a std:account:update command
change-password Invoke a change-password command
entitlement-list Invoke a std:entitlement:list command
entitlement-read Invoke a std:entitlement:read command
raw Invoke a raw command
source-data-discover Invoke a std:source-data:discover command
source-data-read Invoke a std:source-data:read command
test-connection Invoke a std:test-connection command

To understand the required parameters to invoke a command from the CLI, you can use the help command to get a list of required parameters. For example, to read an account using the CLI, first call sail conn invoke account-read -h. The CLI will respond with the required input:

Usage:
sail connectors invoke account-read [id/lookupId] [uniqueId] [flags]

Flags:
-h, --help help for account-read
--schema string Optional - Custom account schema

Global Flags:
--config-json string Config JSON to use for commands
-p, --config-path string Path to config to use for commands
-e, --conn-endpoint string Override connectors endpoint (default "/beta/platform-connectors")
--debug Enable debug logging
--env string Environment to use for SailPoint CLI commands
-c, --id string Connector ID or Alias
-v, --version string Optional. Run against a specific version if provided. Otherwise run against the latest tag.

In this case, you need to provide the connector ID, the config path that contains the necessary configuration for the connector, and the ID for the account.

The config file will look something like this:

{
"apiKey": "<API_KEY>",
"airtableBase": "<BASE_ID>"
}

The command to invoke account-read will look like this:

sail conn invoke account-read philip.ellis -c 4b12cf79-b2ac-44ac-842b-b5a6268548f5 -p config.json

Use sail conn invoke raw

Even if a command isn't supported by the CLI, you can still invoke it. The invoke raw command allows you to specify the entire JSON object used to invoke the command.

You can use the Postman collection as a way to build the JSON object needed to invoke the command. For example, if you want to run the account-disable command, you can create a JSON object with the required fields. If you look at this example, you will see that it closely resembles the same information that is sent when debugging the command using Postman:

{
"type": "std:account:disable",
"input": {
"key": {"simple": { "id": "philip.ellis"}}
}
}

Running the raw command is similar to running the other commands, except now you pass the JSON file created earlier with the -f flag:

sail conn invoke raw -c 4b12cf79-b2ac-44ac-842b-b5a6268548f5 -f account-disable.json -p config.json