sailpoint-cli

   _____       _ _ _____      _       _      _____ _      _____ 
  / ____|     (_) |  __ \    (_)     | |    / ____| |    |_   _|
 | (___   __ _ _| | |__) |__  _ _ __ | |_  | |    | |      | |  
  \___ \ / _` | | |  ___/ _ \| | '_ \| __| | |    | |      | |  
  ____) | (_| | | | |  | (_) | | | | | |_  | |____| |____ _| |_ 
 |_____/ \__,_|_|_|_|   \___/|_|_| |_|\__|  \_____|______|_____|

The SailPoint Command Line Interface (CLI) makes it easy to interact with SailPoint's SaaS Platform in a programmatic way. Many functions that use to be accomplished through tools like Postman or from custom scripts can now be done directly on the command line with minimal setup.

Install

Installation of the CLI requires Golang version 1.17 or above.

MacOS and Linux

Open your terminal app, navigate to the project directory, and run the following command.

make install

After that, make sure you can run the sail command.

sail -h

Windows

Open PowerShell, navigate to the project directory, and run the following command.

go build -o "C:\Program Files\sailpoint\sail.exe"

After that, add the following directory to the system PATH parameter. You can find instructions on how to do this from this article. This will only need to be done the first time you install the CLI.

C:\Program Files\sailpoint

Once installed, make sure PowerShell can run the sail command.

sail -h

Configuration

Create a personal access token, which will be used to authenticate the SP CLI to your IdentityNow tenant.

Create a configuration file in your home directory to save your credentials.

On Linux/Mac, run:

mkdir ~/.sp
touch ~/.sp/config.yaml

On Windows PowerShell, run:

baseURL: https://{org}.api.cloud.sailpoint.com # or baseURL: https://localhost:7100
tokenURL: https://{org}.api.cloud.sailpoint.com/oauth/token
clientSecret: [clientSecret]
clientID: [clientID]

You may also specify the config as environment variables:

$ SP_CLI_BASEURL=http://localhost:7100 \
  SP_CLI_TOKENURL=http://{org}.api.cloud.sailpoint.com \
  SP_CLI_CLIENTSECRET=xxxx sp conn list

This can useful for cases like CI pipelines to avoid having to write the config file.

Usage

Note that for all invoke commands, the version flag -v is optional. If not provided, the cli will run against the version pointed by the latest tag.

$ sp conn help
$ sp conn init [connectorProjectName]
$ sp conn create [connectorAlias]
$ sp conn update -c [connectorID] -a [connectorAlias]
$ sp conn list
$ sp conn upload -c [connectorID | connectorAlias] -f connector.zip
$ sp conn invoke test-connection -c [connectorID | connectorAlias] -p [config.json] -v [version]
$ sp conn invoke account-list -c [connectorID | connectorAlias] -p [config.json] -v [version]
$ sp conn invoke account-read [identity] -c [connectorID | connectorAlias] -p [config.json] -v [version]
$ sp conn invoke entitlement-list -t [entitlementType] -c [connectorID | connectorAlias] -p [config.json] -v [version]
$ sp conn invoke entitlement-read [identity] -t [entitlementType] -c [connectorID | connectorAlias] -p [config.json] -v [version]
$ sp conn tags create -c [connectorID | connectorAlias] -n [tagName] -v [version]
$ sp conn tags update -c [connectorID | connectorAlias] -n [tagName] -v [version]
$ sp conn tags list -c [connectorID | connectorAlias]
$ sp conn logs
$ sp conn logs tail
$ sp conn stats

Command `conn` is short for `connectors`. Both of the following commands work and they work the exact same way

$ sp conn list
$ sp connectors list

Languages

Go 96%

TypeScript 2.6%

PowerShell 1%

Shell 0.2%

Makefile 0.1%

Other 0.1%

README.md