mia-platform
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/30_commands.md‎
Lines changed: 85 additions & 1 deletion b/‎docs/30_commands.md‎
Lines changed: 85 additions & 1 deletion
diff --git a/‎internal/client/transport.go‎
Lines changed: 2 additions & 2 deletions b/‎internal/client/transport.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/clioptions/clioptions.go‎
Lines changed: 13 additions & 2 deletions b/‎internal/clioptions/clioptions.go‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎internal/cmd/company.go‎
Lines changed: 4 additions & 1 deletion b/‎internal/cmd/company.go‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎internal/cmd/company/iam.go‎
Lines changed: 43 additions & 0 deletions b/‎internal/cmd/company/iam.go‎
Lines changed: 43 additions & 0 deletions
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- `company iam list` command
+- `company iam list users` command
+- `company iam list groups` command
+- `company iam list serviceaccounts` command
 - marketplace apply: add version to multipart request metadata if present in the item
 - add command `miactl marketplace list-versions`
 - mark as alpha the features:
 
@@ -102,6 +102,90 @@ Available flags for the command:
 - `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
 - `--context`, to specify a different context from the currently selected one
 
+### iam
+
+The `company iam` subcommands are used for managing the RBAC permissions associated with a company. Only
+**Company Owners** can modify, add or remove RBAC authorization to the company.
+
+#### list
+
+The `company iam list` subcommand allows you to view the list of all the different identity associated with the Company
+specified in the current context. The output will show the **names**, **types** and **permissions** associated with
+them.
+
+Usage:
+
+```sh
+miactl company iam list [flags]
+```
+
+Available flags for the command:
+
+- `--groups`, filter IAM entities to show only groups. Mutally exclusive with `users` and `serviceAccounts`
+- `--serviceAccounts`, filter IAM entities to show only service accounts. Mutally exclusive with `users` and `groups`
+- `--users`, filter IAM entities to show only users. Mutally exclusive with `groups` and `serviceAccounts`
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+
+##### users
+
+The `company iam list users` subcommand allows you to view the list of all users that have access to your company
+directly or via one or more groups.
+
+Usage:
+
+```sh
+miactl company iam list users [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+
+##### groups
+
+The `company iam list groups` subcommand allows you to view the list of all groups that are available in your company.
+
+Usage:
+
+```sh
+miactl company iam list groups [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+
+##### serviceaccounts
+
+The `company iam list serviceaccounts` subcommand allows you to view the list of all service accounts that are available
+in your company.
+
+Usage:
+
+```sh
+miactl company iam list serviceaccounts [flags]
+```
+
+Available flags for the command:
+
+- `--endpoint`, to set the Console endpoint (default is `https://console.cloud.mia-platform.eu`)
+- `--certificate-authority`, to provide the path to a custom CA certificate
+- `--insecure-skip-tls-verify`, to disallow the check the validity of the certificate of the remote endpoint
+- `--context`, to specify a different context from the currently selected one
+- `--company-id`, to set the ID of the desired Company
+
 ## project
 
 This command allows you to manage `miactl` Projects.
@@ -306,7 +390,7 @@ pods available in the current context and then the logs of all their containers
 Usage:
 
 ```sh
-miactl runtime logs  POD-QUERY [flags]
+miactl runtime logs POD-QUERY [flags]
 ```
 
 Available flags for the command:
 
@@ -18,8 +18,8 @@ package client
 import (
 	"net/http"
 
+	"github.com/mia-platform/miactl/internal/logger"
 	"github.com/mia-platform/miactl/internal/transport"
-	"github.com/mia-platform/miactl/internal/util"
 	"golang.org/x/oauth2"
 )
 
@@ -60,7 +60,7 @@ func transportForConfig(config *Config) (http.RoundTripper, error) {
 			Insecure: config.Insecure,
 			CAFile:   config.CAFile,
 		},
-		Verbose: util.LogLevel >= 5,
+		Verbose: logger.LogLevel >= 5,
 	}
 
 	if authProvider != nil {
 
@@ -23,7 +23,8 @@ import (
 
 	"github.com/mia-platform/miactl/internal/cliconfig"
 	"github.com/mia-platform/miactl/internal/client"
-	"github.com/mia-platform/miactl/internal/util"
+	"github.com/mia-platform/miactl/internal/logger"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 )
@@ -66,6 +67,10 @@ type CLIOptions struct {
 
 	// OutputFormat describes the output format of some commands. Can be json or yaml.
 	OutputFormat string
+
+	ShowUsers           bool
+	ShowGroups          bool
+	ShowServiceAccounts bool
 }
 
 // NewCLIOptions return a new CLIOptions instance
@@ -77,7 +82,7 @@ func (o *CLIOptions) AddGlobalFlags(flags *pflag.FlagSet) {
 	locator := cliconfig.NewConfigPathLocator()
 	configFilePathDescription := fmt.Sprintf("path to the config file default to %s", locator.DefaultConfigPath())
 	flags.StringVarP(&o.MiactlConfig, "config", "c", "", configFilePathDescription)
-	flags.IntVarP(&util.LogLevel, "verbose", "v", 0, "increase the verbosity of the cli output")
+	flags.IntVarP(&logger.LogLevel, "verbose", "v", 0, "increase the verbosity of the cli output")
 }
 
 func (o *CLIOptions) AddConnectionFlags(flags *pflag.FlagSet) {
@@ -174,6 +179,12 @@ func (o *CLIOptions) AddOutputFormatFlag(flags *pflag.FlagSet, defaultVal string
 	flags.StringVarP(&o.OutputFormat, "output", "o", defaultVal, "Output format. Allowed values: json, yaml")
 }
 
+func (o *CLIOptions) AddIAMListFlags(flags *pflag.FlagSet) {
+	flags.BoolVar(&o.ShowUsers, "users", false, "Filter IAM entities to show only users. Mutally exclusive with groups and serviceAccounts")
+	flags.BoolVar(&o.ShowGroups, "groups", false, "Filter IAM entities to show only groups. Mutally exclusive with users and serviceAccounts")
+	flags.BoolVar(&o.ShowServiceAccounts, "serviceAccounts", false, "Filter IAM entities to show only service accounts. Mutally exclusive with users and groups")
+}
+
 func (o *CLIOptions) ToRESTConfig() (*client.Config, error) {
 	locator := cliconfig.NewConfigPathLocator()
 	locator.ExplicitPath = o.MiactlConfig
 
@@ -33,7 +33,10 @@ func CompanyCmd(options *clioptions.CLIOptions) *cobra.Command {
 	options.AddContextFlags(flags)
 
 	// add sub commands
-	cmd.AddCommand(company.ListCmd(options))
+	cmd.AddCommand(
+		company.ListCmd(options),
+		company.IAMCmd(options),
+	)
 
 	return cmd
 }
@@ -0,0 +1,43 @@
+// Copyright Mia srl
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package company
+
+import (
+	"github.com/mia-platform/miactl/internal/clioptions"
+	"github.com/mia-platform/miactl/internal/cmd/company/iam"
+	"github.com/spf13/cobra"
+)
+
+func IAMCmd(o *clioptions.CLIOptions) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "iam",
+		Short: "Manage Mia-Platform IAM for a company",
+		Long: `A Company Owner user can manager the access to the company directly to a user,
+via a group or through service accounts.`,
+	}
+
+	// add cmd flags
+	flags := cmd.PersistentFlags()
+	o.AddConnectionFlags(flags)
+	o.AddContextFlags(flags)
+	o.AddCompanyFlags(flags)
+
+	cmd.AddCommand(
+		iam.ListCmd(o),
+	)
+
+	return cmd
+}