+##############################
+# Role Management Operations #
+##############################
+
+@cli.command(name='role-create', short_help='creates a new role')
+@click.argument('name')
+@click.option('--permissions',
+ default=None,
+ help='role permissions using a dictionary')
+@click.pass_context
+def role_create(ctx, name, permissions):
+ """
+ Creates a new role.
+
+ \b
+ NAME: Name or ID of the role.
+ DEFINITION: Definition of grant/denial of access to resources.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.create(name, permissions)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+
+@cli.command(name='role-update', short_help='updates a role')
+@click.argument('name')
+@click.option('--set-name',
+ default=None,
+ help='change name of rle')
+# @click.option('--permissions',
+# default=None,
+# help='provide a yaml format dictionary with incremental changes. Values can be bool or None to delete')
+@click.option('--add',
+ default=None,
+ help='yaml format dictionary with permission: True/False to access grant/denial')
+@click.option('--remove',
+ default=None,
+ help='yaml format list to remove a permission')
+@click.pass_context
+def role_update(ctx, name, set_name, add, remove):
+ """
+ Updates a role.
+
+ \b
+ NAME: Name or ID of the role.
+ DEFINITION: Definition overwrites the old definition.
+ ADD: Grant/denial of access to resource to add.
+ REMOVE: Grant/denial of access to resource to remove.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.update(name, set_name, None, add, remove)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+
+@cli.command(name='role-delete', short_help='deletes a role')
+@click.argument('name')
+# @click.option('--force', is_flag=True, help='forces the deletion bypassing pre-conditions')
+@click.pass_context
+def role_delete(ctx, name):
+ """
+ Deletes a role.
+
+ \b
+ NAME: Name or ID of the role.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.delete(name)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+
+@cli.command(name='role-list', short_help='list all roles')
+@click.option('--filter', default=None,
+ help='restricts the list to the projects matching the filter')
+@click.pass_context
+def role_list(ctx, filter):
+ """
+ List all roles.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ resp = ctx.obj.role.list(filter)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+ table = PrettyTable(['name', 'id'])
+ for role in resp:
+ table.add_row([role['name'], role['_id']])
+ table.align = 'l'
+ print(table)
+
+
+@cli.command(name='role-show', short_help='show specific role')
+@click.argument('name')
+@click.pass_context
+def role_show(ctx, name):
+ """
+ Shows the details of a role.
+
+ \b
+ NAME: Name or ID of the role.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ resp = ctx.obj.role.get(name)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+ table = PrettyTable(['key', 'attribute'])
+ for k, v in resp.items():
+ table.add_row([k, json.dumps(v, indent=2)])
+ table.align = 'l'
+ print(table)
+