Add api and reassign documentation

2025-12-09 20:37:47 +00:00 · 2025-04-22 07:11:36 -05:00
parent 59a220c8cd
commit ca08f46fb5
2 changed files with 286 additions and 0 deletions
--- a/docs/tools/cli/api.md
+++ b/docs/tools/cli/api.md
@@ -0,0 +1,150 @@
+---
+id: cli-api
+title: API
+pagination_label: CLI API
+sidebar_label: API
+sidebar_position: 10
+sidebar_class_name: cli-api
+keywords: ['cli', 'cli api', 'api']
+description: Learn how to use the CLI to make generic api calls in this guide.
+slug: /tools/cli/api
+tags: ['CLI']
+---
+
+Learn how to use the SailPoint CLI to make generic api calls in this guide.
+
+The `api` command makes it easy to call SailPoint APIs and parse the results using JSONPath queries if needed.
+
+- [get](#get-requests)
+- [post](#post-requests)
+- [patch](#patch-requests)
+- [put](#put-requests)
+- [delete](#delete-requests)
+
+## Get Requests
+
+Run this command to get a list of transforms using the v2025 API:
+
+```shell
+sail api get /v2025/transforms
+```
+
+You can filter the results using the `--jsonpath` flag or `-j` for short. The following command returns just the names of the transforms:
+
+```shell
+sail api get /v2025/transforms --jsonpath "$.*.name"
+```
+
+For better readability, you can pretty-print the response using the `--pretty` flag or `-p` for short:
+
+```shell
+sail api get /v2025/transforms --jsonpath "$.*.name" --pretty
+```
+
+### Headers
+
+To include headers with your API call—such as calling an experimental endpoint—use the `--headers` or `-H` flag:
+
+```shell
+sail api get /v2025/entitlements/ -H "X-SailPoint-Experimental:true"
+```
+
+### Query Parameters
+
+Use the `--query` or `-q` flag to provide query parameters.
+
+For example, to retrieve a list of entitlements owned by a specific identity:
+
+:::tip
+Query parameters may need to be escaped depending on their use.
+:::
+
+```shell
+sail api get /v2025/entitlements -q filters="owner.id eq\"<identity_id>\"" -H "X-SailPoint-Experimental:true"
+```
+
+### Multiple Query Parameters
+
+The `--query` flag can be used multiple times to provide additional query parameters.
+
+Use the following command to return a single entitlement owned by a specific identity:
+
+```shell
+sail api get /v2025/entitlements -q filters="owner.id eq\"<identity-id>\"" -q limit=1 -H "X-SailPoint-Experimental:true"
+```
+
+## Post Requests
+
+Use the `post` subcommand to create resources.
+
+Run the following command to create a basic transform, passing the request body as a string:
+
+```shell
+sail api post /v2025/transforms --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
+```
+
+Alternatively, use the `--body-file` or `-f` flag to provide the request body from a file:
+
+```shell
+sail api post /v2025/transforms --file-body ./transform.json
+```
+
+## Patch Requests
+
+Use the `patch` sub command to update resources.
+
+Run the following command to update the owner of an access profile.
+
+```shell
+ sail api patch /v2025/access-profiles/<access-profile-id> --body '[{"op":"replace","path":"/owner/id","value":"<identity-id>"}]'
+```
+
+## Put Requests
+
+Run this command to replace a transform object using the v2025 api:
+
+```shell
+sail api put /v2025/transforms/<transform-id> --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
+```
+
+Use the `--body-file` or `-f` flag to provide the body of the request via a file.
+
+```shell
+sail api put /v2025/transforms --file-body ./updated-transform.json
+```
+
+## Delete Requests
+
+Use this command to remove resources from Identity Security Cloud.
+
+Run the following command to remove a transform from your tenant.
+
+```shell
+sail api delete /v2025/transforms/<transform-id>
+```
+
+## Changing commands together
+
+You can combine the `--jsonpath` flag with tools like [jq](https://jqlang.org/) to chain commands and perform complex operations.
+
+For example, the following script reassigns roles from one owner to another. It uses `--jsonpath` to extract role IDs owned by the source identity, then updates each role with the new owner using sail api patch.
+
+```shell
+#!/bin/bash
+
+from=$1
+to=$2
+
+if [[ -z "$from" || -z "$to" ]]; then
+  echo "Usage: $0 <from> <to>"
+  exit 1
+fi
+
+ids=$(sail api get /v2025/roles -q "filters=owner.id eq \"$from\"" --jsonpath '$.*.id')
+
+for id in $(echo "$ids" | jq -r '.[]'); do
+  echo "Patching role ID: $id"
+  sail api patch /v2025/roles/"$id" \
+    --body "[{\"op\":\"replace\",\"path\":\"/owner/id\",\"value\":\"$to\"}]"
+done
+```
--- a/docs/tools/cli/reassign.md
+++ b/docs/tools/cli/reassign.md
@@ -0,0 +1,136 @@
+---
+id: cli-reassign
+title: Reassign
+pagination_label: CLI Reassign
+sidebar_label: Reassign
+sidebar_position: 10
+sidebar_class_name: cli-reassign
+keywords: ['cli', 'cli reassign', 'reassign']
+description: Learn how to use the CLI to reassign the owner on objects in Identity Security Cloud.
+slug: /tools/cli/reassign
+tags: ['CLI']
+---
+
+Learn how to use the SailPoint CLI to reassign the owner on objects in Identity Security Cloud.
+
+The `reassign` command makes it easy to reassign ownership for the following supported object types:
+
+* sources
+* roles
+* access profiles
+* entitlements
+* identity profiles
+* governance groups
+* workflows
+
+## Reassign all object types
+
+Use the following command to reassign all supported object types from one identity to another.
+
+:::caution
+It is recommended to use the `--dry-run` flag first to make sure the objects gathered are in fact the ones you wish to modify.
+:::
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --dry-run
+```
+
+The command will gather the supported object types, then display a simple report to show you a summary of which objects will be reassigned.
+
+You also have the ability to save the full report to a file in which you can view the objects in detail.
+
+```text
+Reassignment Preview
+====================
+From Owner:       2c918089796ba06c01798018af8d4161 (Tyler Mairose)
+To Owner:         <new-owner-id> (Darrell Thobe)
+Object Types:     source, role, access-profile, entitlement, identity-profile, governance-group, workflow
+Dry Run:          true
+
+Objects to Reassign:
+---------------------
+Object Type          Count
+-----------          -----
+role                 2
+access-profile       0
+entitlement          1
+identity-profile     0
+governance-group     1
+workflow             1
+source               6
+
+Total:             11 objects
+
+No changes have been made. Run the command without --dry-run to proceed.
+Would you like to save the full report to a file (y/n):
+```
+
+### Reassign all object types without confirmation
+
+Run the following command to reassign all supported object types from one identity to another without being asked for confirmation.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --force
+```
+
+## Reassign specific object types
+
+Use the following command to reassign only workflows and roles from one identity to another.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role --dry-run
+```
+
+```text
+Reassignment Preview
+====================
+From Owner:       2c918089796ba06c01798018af8d4161 (Tyler Mairose)
+To Owner:         c701d93655854f1ea583622e7103e468 (Darrell Thobe)
+Object Types:     workflow, role
+Dry Run:          true
+
+Objects to Reassign:
+---------------------
+Object Type          Count
+-----------          -----
+role                 2
+workflow             1
+
+Total:             3 objects
+
+No changes have been made. Run the command without --dry-run to proceed.
+```
+
+Run the command without `--dry-run` to proceed with the reassignment.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role
+```
+
+You will still be asked if you wish to save the full report and confirm that you wish to reassign the objects.
+
+### Reassign specific object types without confirmation
+
+Run the following command to reassign all workflows and roles from one identity to another without being asked for confirmation.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role --force
+```
+
+## Reassign a single object
+
+Use the reassign command with the `--object-id` flag, passing in the id of the object you wish to reassign. The command will determine its object type and generate the preview.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --object-id <object-id>
+```
+
+To continue with the reassignment, call the command again without `--dry-run` and follow the prompts.
+
+### Reassign a single object without confirmation
+
+Run the following command to reassign a single object from one identity to another without being asked for confirmation.
+
+```shell
+sail reassign --from <old-owner-id> --to <new-owner-id> --object-id <object-id> --force
+```