Commands reference
------------------

This section provides reference documentation about all commands 
which are available in UVOS Command Line Client. This reference can be 
generated by the command 'helpAll'. Note that information generated by help system of the 
Command Line Client is always up to date.

----------------------------
Command: addEquivalentIdentity

Creates a new identity, which is alias of (is equivalent to) another, existing identity. Syntax:
  addEquivalentIdentity <dn|x509|email> <newIdentity> <dn|x509|email> <equivalent>
The first argument is an identity type. Next is value, which is a simple string in case of 'dn' or 
'email' types and a file name with X509 certificate in case of 'x509' type. 
It is the value of added identity. Next come parameters of eqivalent identity. 
Note that label of the new identity will be the same as of it's eqivalent.

Example:
  addEquivalentIdentity email john@example.com email john@example.org


~~~~~~~~~~~~~~
Command: addGroup

Adds a new group. Syntax:
  addGroup <parentGroupPath> <newGroupName>
Separate the parent group path elements with '/'. Example:
  addGroup /parentGroup newGroup

~~~~~~~~~~~~~~
Command: addIdentity

Creates a new identity. Syntax:
  addIdentity <dn|x509|email> <value> [label]
or:  addIdentity email <value> passwd <password> [label]
The first argument is an identity type. Next is value, which is a simple string in case of 'dn' or 'email' 
types and a file name with certificate in case of 'x509' type. 3rd (optional) argument is a friendly 
(unique) name for the identity. It is common for all equivalent identities. When adding email type identity 
it is also possible to set it's password.

Example:
  addIdentity email test@example.com Johnny


~~~~~~~~~~~~~~
Command: addNotification

Adds a new notification definition for the given action. Optionally you can register it only in the context of a group
Syntax:
   addNotification <action> <recipents> [groupFilter]
Example:
   addNotification addGroup receiver@example.com /Math-VO

~~~~~~~~~~~~~~
Command: addToGroup

Adds an identity to a group. Syntax:
  addToGroup <dn|x509|email> <identity> <groupPath>
The first argument is an identity type. Next is value, which is a simple string in case of 'dn' or 'email' 
types and a file name with X509 certificate in case of 'x509' type. It is the value of added identity. 
The last argument is the group path.

Example:
  addToGroup email john@example.com /group/subgroup


~~~~~~~~~~~~~~
Command: areEquivalent

Checks if two given identities are equivalent.
Syntax:
   areEquivalent <dn|x509|email> <identity1> <dn|x509|email> <identity2>
Example:
  areEquivalent email ann@example.com email ann@example.org


~~~~~~~~~~~~~~
Command: changeLabel

Changes unique name of identity, which is common for all equivalent identities. Syntax:
  changeLabel <dn|x509|email> <identity> <newLabel>
Example:
  changeLabel email ann@example.com Ann


~~~~~~~~~~~~~~
Command: changePasswd

Changes the given identity password (or deletes it).
Syntax:
   changePasswd email <identity> [newPasswd]
If new password is not given then the password is removed.Note that it is technically possible to set also 
password for other types of identity but it makes no sense.Example:
   changePasswd email ann@example.com SecreT


~~~~~~~~~~~~~~
Command: copyGroup

Copies or moves a group to a different parent group. Syntax:
  copyGroup <grouptoBeCopiedPath> <newParentGroupPath> <doMove> [newName]
Example:
  copyGroup /group/subgroup /parent true movedG
will create group /parent/movedG with the same contents as /group/subgoup has, then /group/subgroup will be 
deleted.

~~~~~~~~~~~~~~
Command: disableAttribute

Disables an attribute. Syntax:
  disableAttribute <global> <dn|x509|email> <identity> <AttributeName> [value]
  disableAttribute <group> <groupPath> <AttributeName> [value]
  disableAttribute <ig> <dn|x509|email> <identity> <groupPath><AttributeName> [value]
The first argument specifies what kind of attribute will be changed: group attribute, identity global 
attribute, or identity attribute valid only in particular group. If the optional 'value' argument is set 
then only this value of attribute will be disabled.
Example:
  disableAttribute ig email ann@example.com /group urn:unicore:attrType:user:proffession scientist


~~~~~~~~~~~~~~
Command: enableAttribute

Enables an attribute. Syntax:
  enableAttribute <global> <dn|x509|email> <identity> <AttributeName> [value]
  enableAttribute <group> <groupPath> <AttributeName> [value]
  enableAttribute <ig> <dn|x509|email> <identity> <groupPath><AttributeName> [value]
The first argument specifies what kind of attribute will be changed: group attribute, identity global 
attribute, or identity attribute valid only in particular group. If the optional 'value' argument is set 
then only this value of attribute will be disabled.
Example:
  enableAttribute ig email ann@example.com /group urn:unicore:attrType:user:proffession scientist


~~~~~~~~~~~~~~
Command: exit

Exits application

~~~~~~~~~~~~~~
Command: exit

Exits application

~~~~~~~~~~~~~~
Command: getATypes

Lists all known attribute types. Syntax:
  getATypes

~~~~~~~~~~~~~~
Command: getATypes

Lists all known attribute types. Syntax:
  getATypes

~~~~~~~~~~~~~~
Command: getAllEquivalents

Retrieves a list of all identities that are equivalent to the given one.
Syntax:
   getAllEquivalents <dn|x509|email> <identity1>
Example:
   getAllEquivalents email ann@example.com


~~~~~~~~~~~~~~
Command: getAllGroups

Retrieves a list of all groups the given identity is a member of.
Syntax:
   getAllGroups <dn|x509|email> <identity> [implied]
If the last arg is given then also groups implied are returned, i.e. if user is a member of group 
/A/B then /Awill be returned then too.Example:
   getAllGroups email ann@example.com


~~~~~~~~~~~~~~
Command: getAllIdentities

Retrieves a list of all identities
Syntax:
   getAllIdentities


~~~~~~~~~~~~~~
Command: getApplication

Get an ID of an application submited by a given identity. Prints -1 when no application is found. 
Warning - note that more than one application may be submited by a single identity.
Syntax:
   getApplication <dn|x509|email> <identity>

~~~~~~~~~~~~~~
Command: getApplicationForms

Lists available application forms.
Syntax:
   getApplicationForms

~~~~~~~~~~~~~~
Command: getApplications

Lists application actions. Arguments filter the resopnse. Negative formId means any formId.
Syntax:
   getApplications [formId] [status]

~~~~~~~~~~~~~~
Command: getApplications

Lists application actions. Arguments filter the resopnse. Negative formId means any formId.
Syntax:
   getApplications [formId] [status]

~~~~~~~~~~~~~~
Command: getAttribute

Returns value(s) of the attribute of the given element.
Syntax:
   getAttribute <global> <dn|x509|email> <identity> <attribute> [allScopes] [includeImpliedGroups]
   getAttribute <group> <groupPath> <attribute>
   getAttribute <ig> <dn|x509|email> <identity> <groupPath> <attribute>
The first argument specifies what kind of attribute will be listed: group attribute, identity global 
attribute, or identity attribute valid only in particular group.
Example:
  getAttribute ig email ann@example.com /group urn:unicore:attrType:user:proffession


~~~~~~~~~~~~~~
Command: getAttributes

Returns all attributes of the given element.
Syntax:
   getAttributes <global> <dn|x509|email> <identity> [allScopes] [includeImpliedGroups]
   getAttributes <group> <groupPath>
   getAttributes <ig> <dn|x509|email> <identity> <groupPath>
The first argument specifies what kind of attribute will be listed: group attribute, identity global 
attribute, or identity attribute valid only in particular group.
Example:
  getAttributes ig email ann@example.com /group


~~~~~~~~~~~~~~
Command: getAuthz

Lists authorization policy for VO service access
Syntax:
   getAuthz global
   getAuthz group <group>
Example:
  getAuthz group /some/group m

~~~~~~~~~~~~~~
Command: getContent

Returns the content (subgroups and identities) of the given group.
Syntax:
   getContent <groupPath>
Example:
  getContent /group


~~~~~~~~~~~~~~
Command: getDisabledAttributes

Lists all disabled attributes. Only disabled values are presented. Syntax:
   getDisabledAttributes <global> <dn|x509|email> <identity>
   getDisabledAttributes <group> <groupPath>
   getDisabledAttributes <ig> <dn|x509|email> <identity> <groupPath>
The first argument specifies what kind of attribute will be listed: group attribute, identity global 
attribute, or identity attribute valid only in particular group.
Example:
  getDisabledAttributes ig email ann@example.com /group


~~~~~~~~~~~~~~
Command: getDisabledAttributes

Lists all disabled attributes. Only disabled values are presented. Syntax:
   getDisabledAttributes <global> <dn|x509|email> <identity>
   getDisabledAttributes <group> <groupPath>
   getDisabledAttributes <ig> <dn|x509|email> <identity> <groupPath>
The first argument specifies what kind of attribute will be listed: group attribute, identity global 
attribute, or identity attribute valid only in particular group.
Example:
  getDisabledAttributes ig email ann@example.com /group


~~~~~~~~~~~~~~
Command: getEvents

Displays all events (i.e. contents modification) which occured in the specified period of time. Syntax:
  getEvents [from <yyyy-mm-dd> <hh:mm:ss>] [to <yyyy-mm-dd> <hh:mm:ss>]
If any of range bounds is not specified then it is unlimited.
Example:
  getEvents from 2007-03-28 21:49:00
It will display all events from the specified date till now.

~~~~~~~~~~~~~~
Command: getITypes

Lists all known identity types. Syntax:
  getITypes

~~~~~~~~~~~~~~
Command: getITypes

Lists all known identity types. Syntax:
  getITypes

~~~~~~~~~~~~~~
Command: getMyIds

Lists all identities of the current user
Syntax:
   getMyIds


~~~~~~~~~~~~~~
Command: getNotifications

Lists notifications. Optionally you can query for notifications of a particular action.
Syntax:
   getNotifications [action] [groupFilter]
Example:
   getNotifications addGroup /Math-VO

~~~~~~~~~~~~~~
Command: getNotifications

Lists notifications. Optionally you can query for notifications of a particular action.
Syntax:
   getNotifications [action] [groupFilter]
Example:
   getNotifications addGroup /Math-VO

~~~~~~~~~~~~~~
Command: getPerms

Lists all permissions of specified user
Syntax:
   getPerms global <dn|x509|email> <identity>
   getPerms group <group> <dn|x509|email> <identity>
Example:
  getPerms group /some/group email ann@example.com

~~~~~~~~~~~~~~
Command: getServerInfo

Retrieves GLUE information exposed by the server.
Syntax:
   getServerInfo [full]
If the optional arg is given then raw Glue 2 XML is printed. Otherwise only a parsed
information (including server's version) is presented. 
Example:
   getServerInfo full

~~~~~~~~~~~~~~
Command: help

Provides help. Use without arguments to get generic help or with command name as parameter to get help 
on the specified command usage.

~~~~~~~~~~~~~~
Command: helpAll

Provides full help for all commands.

~~~~~~~~~~~~~~
Command: isMember

Checks if the given identity is a member of the given group.
Syntax:
   isMember <dn|x509|email> <identity> <groupPath>
Example:
  isMember email ann@example.com /group


~~~~~~~~~~~~~~
Command: processApplication

Process an application. This method doesn't fulfill any of extra requests attached to the application.
Syntax:
   processApplication <appId> <action> <sendEmail:true|false> [additionalNotes]
Valid actions are REJECT, ACCEPT or REMOVE

~~~~~~~~~~~~~~
Command: purgeHistory

Deletes all historical content of database which is older then requested. Syntax:
  purgeHistory <yyyy-mm-dd> <hh:mm:ss>

Example:
  purgeHistory 2007-03-28 21:49:00


~~~~~~~~~~~~~~
Command: removeAType

Deletes an existing attribute type, if it is unused (must be also unused in history!)
Syntax:
   removeAType <name>
Example:
   removeAType urn:someTypeTo:Remove

~~~~~~~~~~~~~~
Command: removeApplicationForm

Remove an application form.
Syntax:
   removeApplicationForm <id>

~~~~~~~~~~~~~~
Command: removeAttribute

Removes an attribute. Syntax:
  removeAttribute <global> <dn|x509|email> <identity> <AttributeName>
  removeAttribute <group> <groupPath> <AttributeName>
  removeAttribute <ig> <dn|x509|email> <identity> <groupPath><AttributeName>
The first argument specifies what kind of attribute will be removed: group attribute, identity global 
attribute, or identity attribute valid only in particular group.
Example:
  removeAttribute ig email ann@example.com /group urn:unicore:attrType:user:proffession


~~~~~~~~~~~~~~
Command: removeAuthz

Removes authorization policy for VO service access
Syntax:
   removeAuthz <group> a <AttributeName>
   removeAuthz <group> <o|m>
Use group '/' to modify global policy. Permissions can removed either from the bearer of an attribute or 
from the accessed resource owner ('o' case) or from the group members ('m' case')
Example:
  removeAuthz /some/group m

~~~~~~~~~~~~~~
Command: removeFromGroup

Removes an identity from a group. Syntax:
  removeFromGroup <dn|x509|email> <identity> <groupPath>
The first argument is an identity type. Next is value, which is a simple string in case of 'dn' or 'email' 
types and a file name with X509 certificate in case of 'x509' type. It is the value of added identity. 
The last argument is the group path.
Example:
  removeFromGroup email john@example.com /group/subgroup


~~~~~~~~~~~~~~
Command: removeGroup

Removes a group. Syntax:
  removeGroup <groupPath> [true|false]
Separate the parent group path elements with '/'. Optional 2nd argument specifies if the behaviour should 
be recursive (defualt is false).
Example:
  removeGroup /g1/subg/groupToRemove true

~~~~~~~~~~~~~~
Command: removeIdentity

Removes a identity. Syntax:
  removeIdentity <dn|x509|email> <value>
The first argument is an identity type. Next is value, which is a simple string in case of 'dn' or 'email' 
types and a file name with certificate in case of 'x509' type.
Example:
  removeIdentity email test@example.com


~~~~~~~~~~~~~~
Command: removeNotification

Removes an existing notification.
Syntax:
   removeNotification <id>
Example:
   removeNotification 3

~~~~~~~~~~~~~~
Command: setApplicationForm

Adds or updates application form. Definition is read form XML file
Syntax:
   setApplicationForm <update:true|false> 	<fileWithDefinition>
Example:
   setApplicationForm true appForm3.xml

~~~~~~~~~~~~~~
Command: setAttribute

Adds or changes an attribute. Syntax:
  setAttribute <global> <dn|x509|email> <identity> <true|false> <attributeTypeAndNameAttributeName> [value1 value2 ...]
  setAttribute <group> <groupPath> <true|false> <AttributeName> [value1 value2 ...]
  setAttribute <ig> <dn|x509|email> <identity> <groupPath> <true|false> <AttributeName> [value1 value2 ...]
The first argument specifies what kind of attribute will be changed: group attribute, identity global 
attribute, or identity attribute valid only in particular group. The boolean argument specifies if existing
attribute with the same name should be updated.
Example:
  setAttribute ig email ann@example.com /group true urn:unicore:attrType:user:proffession scientist


~~~~~~~~~~~~~~
Command: setAuthz

Modifies authorization policy for VO service access
Syntax:
   setAuthz <group> a <perm> <AttributeName> [value]]
   setAuthz <group> <o|m> <perm>
Use group '/' to modify global policy. Permissions can assigned either to the bearer of attribute or to 
the accessed resource owner ('o' case) or to the group members ('m' case')
In any case permissions are specified as string with syntax:
   <r|-><f|-><i|-><w|->
where 'r' is read permission, 'f' is full read permission, 'i' is identityCtl permission and 'w' is write 
permission.
Example:
  setAuthz /some/group m -f---
It will assign members of /some/group (and it's subgroups) the fullRead permission and remove all other 
permissions (if were set).

~~~~~~~~~~~~~~
Command: setIdentityStatus

Changes the given identity status to disable or enable it.
Syntax:
   setIdentityStatus <dn|x509|email> <identity> <true|false>
The last argument equal to 'true' will make the identity enabled (active) and 'false' will disable it.
Example:
   setIdentityStatus email ann@example.com false


~~~~~~~~~~~~~~
Command: setTime

Set time in the past for the subsequent queries. After setting the time all *query* operations will query 
the past, historical contents of the service.
Useful only in interactive mode
Syntax:
  setTime [yyyy-mm-dd hh:mm:ss]
Without the arguments it will return to normal operation on current contents. Example:
  setTime 2007-01-01 23:56:00

~~~~~~~~~~~~~~
Command: submitApplication

Submits a new application. It is read form XML file.
Syntax:
   submitApplication <fileWithDefinition>
Example:
   setApplicationForm app1.xml

~~~~~~~~~~~~~~
Command: updateAType

Adds or updates existing attribute type
Syntax:
   updateAType <name> [shortDescription] [longDescription]
Example:
   updateAType urn:newType 'Dummy type' 'Dummy type used to express foo with bar values'

~~~~~~~~~~~~~~
Command: updateCSRApplication

Updates an application containing CSR only, when CSR is processed (i.e. accpted or rejected) by a CA. 
Syntax:
   updateCSRApplication <fileWithCSR> <accepted:true|false> <sendEmail:true|false> [<fileWithSignedCert>]
File with signed certificate is needed if accepted is true.

---------------------------------