DOCSP-11877 docs for global api keys (#225)

* DOCSP-11877 docs for global api keys

* DOCSP-11877 updates for copy review feedback

* DOCSP-11877 fix for command syntax

Author: kanchana-mongodb

source/includes/list-table-global-roles.rst

@@ -0,0 +1,18 @@
+.. list-table::
+   :widths: 50 50
+   :header-rows: 1
+
+   * - Role Value in API
+     - Role
+   * - ``GLOBAL_AUTOMATION_ADMIN``
+     - :authrole:`Global Automation Admin`
+   * - ``GLOBAL_BACKUP_ADMIN``
+     - :authrole:`Global Backup Admin`
+   * - ``GLOBAL_MONITORING_ADMIN``
+     - :authrole:`Global Monitoring Admin`
+   * - ``GLOBAL_OWNER``
+     - :authrole:`Global Owner`
+   * - ``GLOBAL_READ_ONLY``
+     - :authrole:`Global Read Only`
+   * - ``GLOBAL_USER_ADMIN``
+     - :authrole:`Global User Admin`

source/reference/access.txt

@@ -24,6 +24,9 @@
 :ref:`project apikey <mcli-reference-iam-project-apikeys>`
   Manage |api| keys in your project.
 
+:ref:`globalapikey <mcli-reference-iam-global-apikeys>`
+  Manage Global |api| Keys in your |onprem| instance.
+
 .. class:: hidden
 
    .. toctree::
@@ -33,3 +36,4 @@
       Organization API Keys </reference/iam/organization-apikey-commands>
       Projects </reference/iam/project-commands>
       Project API Keys </reference/iam/project-apikey-commands>
+      Global API Keys </reference/iam/global-apikey-commands>

source/reference/iam/global-apikey-commands.txt

@@ -0,0 +1,23 @@
+.. _mcli-reference-iam-global-apikeys:
+
+=======================
+Global API Key Commands
+=======================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+.. toctree::
+   :titlesonly:
+
+   Create a Global API Key <iam-global-apikey-create>
+   List Global API Keys <iam-global-apikey-list>
+   Describe a Global API Key <iam-global-apikey-describe>
+   Update a Global API Key <iam-global-apikey-update>
+   Delete a Global API Key <iam-global-apikey-delete>
+   

source/reference/iam/iam-global-apikey-create.txt

@@ -0,0 +1,172 @@
+.. _mcli-iam-global-apikey-create:
+
+================================
+mongocli iam globalApiKey create
+================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``iam globalApiKey create`` command creates a new Global
+|api| Key for the specified |mms| instance. You must have the 
+:opsmgr:`Global Owner </reference/user-roles/#Global-Owner>` role 
+to create a Global |api| key. You can also create the key through 
+the |mms| :opsmgr:`UI 
+</admin/general/api-keys-page/#add-a-global-api-key>` and 
+:opsmgr:`API </reference/api/api-keys/global/create-one-global-api-key/>`.
+
+.. _mcli-iam-global-apikey-create-syntax:
+
+Syntax 
+------
+
+.. code-block:: text 
+
+   mongocli iam globalApiKey|globalApiKeys create
+        --desc "<description-of-key>"
+        [ --output|-o <output-format> ]
+        [ --profile|-P <profile-name> ]
+        --role <list-of-roles>
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _mcli-iam-global-apikey-create-options:
+
+Options 
+-------
+
+.. list-table:: 
+   :header-rows: 1
+   :widths: 20 10 60 10
+
+   * - Option
+     - Type 
+     - Description 
+     - Required? 
+
+   * - ``--desc``
+     - string
+     - Description of the |api| key. This description can’t be longer 
+       than 250 characters.
+     - yes
+
+   * - ``--output``, ``-o``
+     - string 
+     - .. include:: /includes/extracts/fact-basic-options-output.rst
+     - no
+
+   * - ``--profile``, ``-P`` 
+     - string 
+     - Name of the profile where your credentials are saved. If omitted, 
+       uses the {+default-profile+}. To learn more about 
+       creating a profile, see :ref:`mcli-configure`.
+       
+       You must have credentials with the :authrole:`Global Owner` role to
+       create a Global |api| Key. 
+     - no
+
+   * - ``--role`` 
+     - string 
+     - Role or roles to assign to the |api| key. To assign more than
+       one role, you can specify each role with a ``--role`` flag or
+       specify the roles in a comma-separated list with one ``--role``
+       flag. Global roles accepted by default include:
+
+       .. include:: /includes/list-table-global-roles.rst
+
+     - yes
+
+.. _mcli-iam-global-apikey-create-output:
+
+Output
+------
+
+If the command succeeds, it prints the following output to the terminal.
+If the command returns errors, see :ref:`Troubleshooting
+<troubleshooting>` for recommended solutions.
+
+.. code-block:: sh
+   :copyable: false
+
+   API Key '<api-key-id>' created.
+   Public API Key <public-key>
+   Private API Key <private-key>
+
+.. warning:: Copy and Save Public and Private Keys
+
+   {+mcli+} returns the Private |api| Key only once. After running this
+   command, immediately copy, save, and secure both the Public and
+   Private |api| Keys.
+
+For the complete list of |json| fields returned by the command, see the 
+public API :opsmgr:`reference 
+</reference/api/api-keys/global/create-one-global-api-key/#response>`. 
+The default output contains only a subset of the fields returned by this 
+command. 
+
+.. _mcli-iam-global-apikey-create-examples:
+
+Examples
+--------
+
+.. tabs::
+
+   .. tab:: Default Output
+      :tabid: default-output
+
+      The following command creates a Global |api| Key using a profile 
+      named ``om-admin``, which contains the ``Organization Owner``
+      credentials, the organization ID, and specifies the |onprem| 
+      service. The output is returned in the default format.
+
+      .. code-block:: sh
+
+         mongocli iam globalApiKey create --desc "My Global API key" --role "GLOBAL_READ_ONLY","GLOBAL_USER_ADMIN" --profile om-admin
+
+      The previous command creates the |api| key and 
+      prints the following to the terminal.
+
+      .. code-block:: json
+         :copyable: false
+
+         API Key '5f3d8790c12345678903c8d66' created.
+         Public API Key abcdefgh
+         Private API Key b4d12345-b4a3-1234-b24e-729b3f35642d
+
+   .. tab:: JSON Output
+      :tabid: json-output
+
+      The following command creates a Global |api| Key using a profile 
+      named ``om-admin``, which contains the ``Organization Owner``
+      credentials, the organization ID, and specifies the |onprem| 
+      service. The output is returned in |json| format.
+
+      .. code-block:: sh
+
+         mongocli iam globalApiKey create --desc "My Global API key" --role "GLOBAL_READ_ONLY","GLOBAL_USER_ADMIN" --profile om-admin --output json
+
+      The previous command creates the |api| key and 
+      prints the following to the terminal in |json| format.
+
+      .. code-block:: json
+         :copyable: false
+
+         {
+           "id": "5f3d8ea3c9022019903c9fce",
+           "desc": "My Global API key",
+           "roles": [
+             {
+               "roleName": "GLOBAL_READ_ONLY"
+             },
+             {
+               "roleName": "GLOBAL_USER_ADMIN"
+             }
+           ],
+           "privateKey": "b4d12345-b4a3-1234-b24e-729b3f35642d",
+           "publicKey": "abcdefgh"
+         }

source/reference/iam/iam-global-apikey-delete.txt

@@ -0,0 +1,116 @@
+.. _mcli-iam-global-apikey-delete:
+
+================================
+mongocli iam globalApiKey delete
+================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+The ``iam globalApiKey delete`` command deletes the specified
+Global |api| Key. You must confirm the operation
+when you run this command without the ``--force`` option. You 
+can also delete a Global |api| Key using the |onprem| 
+:opsmgr:`UI </admin/general/api-keys-page/#delete-a-global-api-key>` and 
+:opsmgr:`API </reference/api/api-keys/global/delete-one-global-api-key/>`.
+
+.. _mcli-iam-global-apikey-delete-syntax:
+
+Syntax 
+------
+
+.. code-block:: text 
+
+   mongocli iam globalApiKey|globalApiKeys delete|rm <api-key-id>
+        [ --force ]
+        [ --profile|-P <profile-name> ]
+
+.. include:: /includes/fact-command-line-help.rst
+
+.. _mcli-iam-global-apikey-delete-arguments:
+
+Arguments  
+---------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 20 10 60 10
+
+   * - Argument 
+     - Type 
+     - Description 
+     - Required?
+
+   * - ``<api-key-id>``
+     - string
+     - Unique identifier of the Global API Key to delete.
+     - yes
+
+.. _mcli-iam-global-apikey-delete-options:
+
+Options 
+-------
+
+.. list-table:: 
+   :header-rows: 1
+   :widths: 20 10 60 10
+
+   * - Option
+     - Type 
+     - Description 
+     - Required? 
+
+   * - ``--force`` 
+     - 
+     - Flag that indicates that the |api| key can 
+       be deleted without requiring confirmation.
+     - no
+
+   * - ``--profile``, ``-P`` 
+     - string 
+     - Name of the profile where your credentials are saved. If omitted, 
+       uses the {+default-profile+}. To learn more about 
+       creating a profile, see :ref:`mcli-configure`.
+
+       You must have credentials with the :authrole:`Global Owner` role to
+       delete a Global |api| Key. 
+     - no
+
+.. _mcli-iam-global-apikey-delete-output:
+
+Output
+------
+
+If the command succeeds, it returns the following output. If the command returns errors, see :ref:`Troubleshooting
+<troubleshooting>` for recommended solutions. 
+
+.. code-block:: sh
+   :copyable: false
+
+   ? Are you sure you want to delete: <api-key-id> Yes
+   API Key '<api-key-id>' deleted
+
+.. _mcli-iam-global-apikey-delete-examples:
+
+Example
+-------
+
+The following command deletes the specified Global |api| Key with 
+confirmation. The command uses the {+default-profile+}, which contains credentials for accessing the |onprem| instance.
+
+.. code-block:: sh
+
+   mongocli iam globalApiKey delete 5f3d8790c9022019903c1234
+
+The previous command prints the following to the terminal.
+
+.. code-block:: sh
+   :copyable: false
+
+   ? Are you sure you want to delete: 5f3d8790c9022019903c1234 Yes
+   API Key '5f3d8790c9022019903c1234' deleted