Cone command reference
Key commands:
Run
cone helpin your terminal to show all available commands.Run
cone <command> --helporcone <command> -hfor help with a specific command.
Overview
Cone interacts with the ConductorOne API to manage access to entitlements.
Usage:
cone [command]
| Command | Subcommand | Description |
|---|---|---|
completion | bash fish powershell zsh | Generate the autocompletion script for the specified shell. |
drop | Create a revoke access ticket for an entitlement by alias. | |
get | Create an access request for an entitlement by alias. | |
get-user | Get a user by ID. | |
has | Check if the current user has a specific entitlement for an app. | |
help | Help for any command | |
login | Authenticate to ConductorOne, creating config.yaml if it doesn’t exist. | |
search | ||
task | approve comment deny escalate get search | Interact with tasks directly. |
whoami | Show information about the current user. |
Global flags
| Flag | Description |
|---|---|
--client-id string | Client ID. |
--client-secret-string | Client secret. |
--debug | Enable debug logging. |
-i, --non-interactive | Disable prompts. |
-o, --output string | Output format. Valid values: table, json, json-pretty. (Default: table.) |
-p, --profile string | The config profile to use. (Default: default.) |
To see Cone’s current version number, run
cone --versionorcone -v.
Completion
Generate the autocompletion script for cone for the specified shell.
Usage:
cone completion [subcommand]
| Subcommand | Description |
|---|---|
bash | Generate the autocompletion script for Bash. |
fish | Generate the autocompletion script for Fish. |
powershell | Generate the autocompletion script for PowerShell. |
zsh | Generate the autocompletion script for Zsh. |
bash
Generate the autocompletion script for Bash.
Usage:
cone completion bash [flags]
| Flag | Description |
|---|---|
-h, --help | Help for bash. |
--no-descriptions | Disable completion descriptions. |
This script depends on the ‘bash-completion’ package. If it is not installed already, you can install it via your operating system’s package manager.
To load completions in your current shell session: source <(cone completion bash)
To load completions for every new session, execute once:
For Linux: cone completion bash > /etc/bash_completion.d/cone
For macOS: cone completion bash > $(brew --prefix)/etc/bash_completion.d/cone
You will need to start a new shell for this setup to take effect.
fish
Generate the autocompletion script for Fish.
Usage:
cone completion fish [flags]
| Flag | Description |
|---|---|
-h, --help | Help for fish. |
--no-descriptions | Disable completion descriptions. |
To load completions in your current shell session: cone completion fish | source
To load completions for every new session, execute once: cone completion fish > ~/.config/fish/completions/cone.fish
You will need to start a new shell for this setup to take effect.
powershell
Generate the autocompletion script for PowerShell.
Usage:
cone completion powershell [flags]
| Flag | Description |
|---|---|
-h, --help | Help for powershell. |
--no-descriptions | Disable completion descriptions. |
To load completions in your current shell session: cone completion powershell | Out-String | Invoke-Expression
To load completions for every new session, add the output of the above command to your PowerShell profile.
zsh
Generate the autocompletion script for Zsh.
Usage:
cone completion zsh [flags]
| Flag | Description |
|---|---|
-h, --help | Help for zsh. |
--no-descriptions | Disable completion descriptions. |
If shell completion is not already enabled in your environment you must enable it. You can execute the following once: echo "autoload -U compinit; compinit" >> ~/.zshrc
To load completions in your current shell session: source <(cone completion zsh)
To load completions for every new session, execute once:
For Linux: cone completion zsh > "${fpath[1]}/_cone"
For macOS: cone completion zsh > $(brew --prefix)/share/zsh/site-functions/\_cone
You will need to start a new shell for this setup to take effect.
Drop
Create a revoke access ticket for an entitlement by alias.
Usage:
cone drop <alias> [flags]
cone drop --query <query> [flags]
cone drop --app-id <app-id> --entitlement-id <entitlement-id> [flags]
| Flag | Description |
|---|---|
--alias string | The entitlement alias to filter by. |
-a, --app-id string | The app ID to filter by. |
detailed | Show more details about the app and entitlement for this request. |
-e, --entitlement-id string | The entitlement ID to filter by. |
--force | Force the creation of a task even if the user already has (or doesn’t have) the entitlement. |
-h, --help | Help for drop. |
-j, --justification string | The justification for the request. (Default: Made with cone.) |
-q, --query string | The query to filter by. |
-w, --wait | Wait for the task to be approved and provisioned. |
Get
Create an access request for an entitlement by alias.
Usage:
cone get <alias> [flags]
cone get --query <query> [flags]
cone get --app-id <app-id> --entitlement-id <entitlement-id> [flags]
| Flag | Description |
|---|---|
--alias string | The entitlement alias to filter.. by. |
-a, --app-id string | The app ID to filter by. |
--detailed | Show more details about the app and entitlement for this request. |
-d, --duration string | The length of time the entitlement is requested for, expressed as a sequence of decimal numbers, each with optional fraction and a unit suffix, such as “12h”, “1w2d” or “2h45m”. Valid units are (m)inutes, (h)ours, (d)ays, (w)eeks. |
--emergency-access | Request emergency access to the entitlement. |
-e, --entitlement-id string | The entitlement ID to filter by. |
--force | Force the creation of a task even if the user already has (or doesn’t have) the entitlement. |
-h, --help | Help for get. |
-j, --justification string | The justification for the request. (Default: Made with cone.) |
-q, --query string | The query to filter by. |
-w, --wait | Wait for the task to be approved and provisioned. |
Get-user
Get a user by ID.
Usage:
cone get-user [flags]
| Flag | Description |
|---|---|
-h, --help | Help for get-user. |
Has
Check if the current user has a specific entitlement for an app.
Usage:
cone has <app-id> <app-entitlement-id> [flags]
| Flag | Description |
|---|---|
-h, --help | Help for has. |
Help
Help provides help for any CLI command. Type cone help [path to command] for full details.
Usage:
cone help [command] [flags]
| Flag | Description |
|---|---|
-h, --help | Help for help. |
Login
Authenticate to ConductorOne, creating the config.yaml file if it doesn’t exist.
Usage:
cone login <tenant-name or tenant-url> [flags]
| Flag | Description |
|---|---|
-h, --help | Help for login. |
--profile string | Config profile to create or update. (Default: default.) |
Search
Usage:
cone search [flags]
| Flag | Description |
|---|---|
--alias string | The entitlement alias to filter by. |
--app string | The display name of the app to filter by. |
--granted | Only return granted tasks. |
-h, --help | Help for search. |
--not-granted | Only return ungranted tasks. |
-q, --query string | The query to filter by. |
Task
A group of commands related to interacting with tasks directly.
Usage:
cone task [flags]
cone task [command]
| Subcommand | Description |
|---|---|
approve | Mark a task as approved. |
comment | Adds the specified comment to a task. |
deny | Mark a task as denied. |
escalate | Escalate an access request task to emergency access. |
get | Gets a task by ID. |
search | Search for tasks using various filters. |
approve
Mark a task as approved.
Usage:
cone task approve <task-id> [flags]
| Flag | Description |
|---|---|
--comment string | Comment to add to the task when performing an action. |
-h, --help | Help for approve. |
-w, --wait | Wait for the task to be approved and provisioned. |
comment
Adds the specified comment to a task.
Usage:
cone task comment <task-id> <comment> [flags]
| Flag | Description |
|---|---|
-h, --help | Help for comment. |
deny
Mark a task as denied.
Usage:
cone task deny <task-id> [flags]
| Flag | Description |
|---|---|
--comment string | Comment to add to the task when performing an action. |
-h, --help | Help for deny. |
-w, --wait | Wait for the task to be approved and provisioned. |
escalate
Escalate an access request task to emergency access.
Usage:
cone task escalate <task-id> [flags]
| Flag | Description |
|---|---|
-h, --help | Help for escalate. |
get
Gets a task by ID.
Usage:
cone task get <task-id> [flags]
| Flag | Description |
|---|---|
-h, --help | Help for get. |
search
Search for tasks using various filters.
Usage:
cone task search [flags]
| Flag | Description |
|---|---|
--access-review-ids strings | Filter tasks by access review ids (access review campaign this task belongs to). |
--app-entitlement-ids strings | Filter tasks by app entitlement ids (target app entitlement of the ticket). |
--app-ids strings | Filter tasks by app application ids (target application of the task). |
--app-resource-ids strings | Filter tasks by app resource ids (target resource of the ticket). |
--app-resource-type-ids strings | Filter tasks by app resource type ids (target resource type of the task). |
--app-user-subject-ids strings | Filter tasks by app user subject ids (target of the task). |
--assignee-ids strings | Filter tasks by who is currently assigned to them. |
-h, --help | Help for search. |
--include-deleted | Include deleted tasks in the results. |
--query string | Query string to filter tasks. |
--state string | Filter tasks by their state (open, closed). |
--task-type string | Filter tasks by their task type (grant, revoke, certify). |
--user-subject-ids strings | Filter tasks by user subject IDs (C1 user target of the task). |
Whoami
Information about the current user.
Usage:
cone whoami [flags]
| Flag | Description |
|---|---|
-h, --help | Help for whoami. |