Welcome to the new Golem Cloud Docs! 👋
Documentation
Permissions

Golem CLI Permissions

This page only applies to the hosted Golem Cloud.

Tokens

Tokens are API keys that allow accessing Golem Cloud APIs from external services. The golem-cloud-cli tool allows managing these tokens. To manage them programmatically, check the token API.

Listing existing tokens

The following command lists all the tokens associated with your account:

Terminal
golem-cloud-cli token list

Creating a new token

To create a new token, use the following command:

Terminal
golem-cloud-cli token add
New token created with id 08bc0eac-5c51-40a5-8bc6-5c8928efb475 and expiration date 2100-01-01 00:00:00 UTC.
Please save this token secret, you can't get this data later:
64cf566c-ed72-48e5-b786-b88aa0298fb4

Optionally, an expiration date can be specified with --expires-at. If not specified, default expiration date is 2100-01-01 00:00:00 UTC.

Deleting a token

Each token has a token ID. Use the token delete command to remove a token using it's identifier:

Terminal
golem-cloud-cli token delete 08bc0eac-5c51-40a5-8bc6-5c8928efb475

Project sharing

On Golem Cloud components are organized into projects.

Listing projects

Existing projects can be listed using the project list subcommand:

Terminal
golem-cloud-cli project list

Adding projects

A new project can be created using project add. The command expects a project name and description:

Terminal
golem-cloud-cli project add --project-name "Golem Demo" --project-description "A new project for demonstrating the project feature"

When creating components or workers, the project can be specified with the --project-name flag. Every user has a default project which is used when no explicit project is specified.

Sharing projects with other accounts

Projects can be shared among multiple Golem Cloud accounts.

To share a project, use the share subcommand:

Terminal
golem-cloud-cli share --project-name "Golem Demo" --recipient-account-id 08bc0eac-5c51-40a5-8bc6-5c8928efb475 --project-actions ViewWorker --project-actions ViewComponent

This example shares the "Golem Demo" project with the account identified by 08bc0eac-5c51-40a5-8bc6-5c8928efb475 and grants component and worker view permissions for it.

💡

Alternatively it is possible to create and manage project policies using the project-policy subcommand, and refer to these policies in the share command later.

The following table lists all the actions that can be granted to a project:

ActionDescription
ViewComponentList, download and get metadata of components
CreateComponentCreate new components
UpdateComponentUpdate existing components
DeleteComponentDelete components
ViewWorkerList and get metadata of workers
CreateWorkerCreate new workers
UpdateWorkerUpdate existing workers
DeleteWorkerDelete workers
ViewProjectGrantsList existing project grants
CreateProjectGrantsGrant more access for the project
DeleteProjectGrantsRevoke access for the project
ViewApiDefinitionView API definitions
CreateApiDefinitionCreate new API definitions
UpdateApiDefinitionUpdate existing API definitions
DeleteApiDefinitionDelete API definitions