+##############################
+# Role Management Operations #
+##############################
+
+@cli.command(name='role-create', short_help='creates a role')
+@click.argument('name')
+@click.option('--definition',
+ default=None,
+ help='role definition using a dictionary')
+@click.pass_context
+def role_create(ctx, name, definition):
+ """
+ Creates a new role.
+
+ \b
+ NAME: Name or ID of the role.
+ DEFINITION: Definition of grant/denial of access to resources.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.create(name, definition)
+ except ClientException as inst:
+ print(inst.message)
+
+
+@cli.command(name='role-update', short_help='updates a role')
+@click.argument('name')
+@click.option('--definition',
+ default=None,
+ help='add a new definition to the role')
+@click.option('--add',
+ default=None,
+ help='add a resource access grant/denial')
+@click.option('--remove',
+ default=None,
+ help='remove a resource access grant/denial')
+@click.pass_context
+def role_update(ctx, name, definition, add, remove):
+ """
+ Updates a role.
+
+ \b
+ NAME: Name or ID of the role.
+ DEFINITION: Definition overwrites the old definition.
+ ADD: Grant/denial of access to resource to add.
+ REMOVE: Grant/denial of access to resource to remove.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.update(name, definition, add, remove)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+
+@cli.command(name='role-delete', short_help='deletes a role')
+@click.argument('name')
+# @click.option('--force', is_flag=True, help='forces the deletion bypassing pre-conditions')
+@click.pass_context
+def role_delete(ctx, name):
+ """
+ Deletes a role.
+
+ \b
+ NAME: Name or ID of the role.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ ctx.obj.role.delete(name)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+
+@cli.command(name='role-list', short_help='list all roles')
+@click.option('--filter', default=None,
+ help='restricts the list to the projects matching the filter')
+@click.pass_context
+def role_list(ctx, filter):
+ """
+ List all roles.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ resp = ctx.obj.role.list(filter)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+ table = PrettyTable(['name', 'id'])
+ for role in resp:
+ table.add_row([role['name'], role['_id']])
+ table.align = 'l'
+ print(table)
+
+
+@cli.command(name='role-show', short_help='show specific role')
+@click.argument('name')
+@click.pass_context
+def role_show(ctx, name):
+ """
+ Shows the details of a role.
+
+ \b
+ NAME: Name or ID of the role.
+ """
+ try:
+ check_client_version(ctx.obj, ctx.command.name)
+ resp = ctx.obj.role.get(name)
+ except ClientException as inst:
+ print(inst.message)
+ exit(1)
+
+ table = PrettyTable(['key', 'attribute'])
+ for k, v in resp.items():
+ table.add_row([k, json.dumps(v, indent=2)])
+ table.align = 'l'
+ print(table)
+
+