Project policy documents CLI commands

The commands in this section allow you to manage project policy documents that define permissions for project roles.

Prerequisites

Minimum CLI version: 20.49.0
Managing policy documents requires an admin API key with team admin permissions.

Project policy document commands#

List policy documents#

uniform policy-documents list -p <projectId>

command
List policy documents for a project.

Command	Output details
-p, --project string	Uniform project id. If not specified, the environment variable `UNIFORM_CLI_PROJECT_ID` is used.
-f, --format string (optional, default value: YAML)	Format for the output (YAML or JSON)
-o, --filename string (optional)	File name for the output. If not specified the output is written to stdout.
-f, --format string (optional, default value: YAML)	Uniform API key. If not specified, the environment variable `UNIFORM_API_KEY` is used.
--apiHost string (optional, default value: https://uniform.app)	Uniform host. If not specified, the environment variable `UNIFORM_CLI_BASE_URL` is used. If the environment variable isn't set, the default value is used.
--verbose	Include verbose logging (default: false)

Pull policy documents#

uniform policy-documents pull <directory> -p <projectId>

command
Pull all policy documents from Uniform to local files. Each policy document is saved as a separate file named by role ID.

If a directory path is specified, a separate file is created for each policy document.

Command	Output details
-w, --what-if boolean (optional)	If true, reports what would be done but changes no files.
-m, --mode string (optional, default value: mirror)	Specifies what kind of changes can be made. `create` - Create new files but don't update existing files. `createOrUpdate` - Create new files and update existing files but delete no files. `mirror` - Create new files, update existing files, and delete files that don't match existing objects in the Uniform project.
-d, --diff string (optional, default value: off)	Specifies which changes are written to stdout. If not specified, the environment variable UNIFORM_CLI_DIFF_MODE is used. If the environment variable isn't set, the default value is used. `off` - No changes are written. `update` - Only update changes are written. `on` - Update, create, and delete changes are written.
-f, --format string (optional, default value: YAML)	Format for the output (YAML or JSON)
-p, --project string	Uniform project id. If not specified, the environment variable `UNIFORM_CLI_PROJECT_ID` is used.
-f, --format string (optional, default value: YAML)	Uniform API key. If not specified, the environment variable `UNIFORM_API_KEY` is used.
--apiHost string (optional, default value: https://uniform.app)	Uniform host. If not specified, the environment variable `UNIFORM_CLI_BASE_URL` is used. If the environment variable isn't set, the default value is used.
--verbose	Include verbose logging (default: false)

Push policy documents#

uniform policy-documents push <directory> -p <projectId>

command
Push policy documents from local files to Uniform. Directory should contain one file per role ID.

If a directory path is specified, the policy documents defined in the files in the directory are used.

Command	Output details
-w, --what-if boolean (optional)	If true, reports what would be done but changes no files.
-m, --mode string (optional, default value: mirror)	Specifies what kind of changes can be made. `create` - Create new files but don't update existing files. `createOrUpdate` - Create new files and update existing files but delete no files. `mirror` - Create new files, update existing files, and delete files that don't match existing objects in the Uniform project.
-d, --diff string (optional, default value: off)	Specifies which changes are written to stdout. If not specified, the environment variable UNIFORM_CLI_DIFF_MODE is used. If the environment variable isn't set, the default value is used. `off` - No changes are written. `update` - Only update changes are written. `on` - Update, create, and delete changes are written.
-f, --format string (optional, default value: YAML)	Format for the output (YAML or JSON)
-p, --project string	Uniform project id. If not specified, the environment variable `UNIFORM_CLI_PROJECT_ID` is used.
-f, --format string (optional, default value: YAML)	Uniform API key. If not specified, the environment variable `UNIFORM_API_KEY` is used.
--apiHost string (optional, default value: https://uniform.app)	Uniform host. If not specified, the environment variable `UNIFORM_CLI_BASE_URL` is used. If the environment variable isn't set, the default value is used.
--verbose	Include verbose logging (default: false)

Example workflow#

Here's a typical workflow for managing policy documents:

1. List policy documents#

uniform policy-documents list -p <projectId>

2. Pull policy documents to local directory#

uniform policy-documents pull ./policies -p <projectId>

3. Modify local files as needed#

Edit the policy document files in the ./policies directory as needed.

4. Preview changes with what-if mode#

uniform policy-documents push ./policies -p <projectId> --what-if --diff on

5. Apply changes#

uniform policy-documents push ./policies -p <projectId>

6. Cross-project sync#

You can sync policy documents between projects in the same team:

# Pull from source project uniform policy-documents pull ./policies -p <sourceProjectId> # Push to target project uniform policy-documents push ./policies -p <targetProjectId>

On this page