IBM Cloud access policies: How to check for specific policy using CLI?

Question

IBM Cloud Identity and Access Management (IAM) allows to define access policies to allow a service to access another service in a specific role. I can create such policies using the IBM Cloud CLI. However, how can I find a specific policy using the CLI? I can list them with the following command, but not filter.

> ibmcloud iam authorization-policies 
OK

ID:                        11111111-xxxx-43d4-927f-9c4fda1d0e0a   
Source service name:       cloud-object-storage   
Source service instance:   All instances   
Target service name:       kms   
Target service instance:   All instances   
Roles:                     Reader   

ID:                        11111111-xxxx-4734-aa28-2a9e56ae4391   
Source service name:       cloud-object-storage   
Source service instance:   All instances   
Target service name:       kms   
Target service instance:   6db42dc7-8edd-490c-bda6-7ad4c44d7c71   
Roles:                     Reader

score 1 · Accepted Answer · answered Sep 19 '18 at 11:42

Something can be done using grep and the after context option. The following filters for the beginning of a policy entry and keeps the next few lines thereafter. Further invocations of grep search for other policy properties. This could be done for all instances or for specific instance IDs.

ibmcloud iam authorization-policies | \
   grep -A 4 "Source service name:       cloud-object-storage" | \
   grep -A 3 "All instances" | \
   grep -A 2 "kms" | \
   grep "Reader"

Idea is taken from this toolchain script as part of this IBM Cloud tutorial.

IBM Cloud access policies: How to check for specific policy using CLI?

1 Answers1