Skip to content
/ otc-cli Public

A command-line interface tool for Open Telekom Cloud (OTC) that provides seamless authentication and resource management with federated Single Sign-On (SSO) support.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abdo-farag/otc-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

10 Commits
.github/workflows
.github/workflows
Β 
Β 
cli
cli
Β 
Β 
cmd/otc-cli
cmd/otc-cli
Β 
Β 
internal
internal
Β 
Β 
web
web
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.goreleaser.yaml
.goreleaser.yaml
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
otc-cli.md
otc-cli.md
Β 
Β 

Repository files navigation

OTC CLI

A command-line interface tool for Open Telekom Cloud (OTC) that provides seamless authentication and resource management with federated Single Sign-On (SSO) support.

Features

  • πŸ” Federated Authentication - Login via OIDC/Keycloak SSO or IAM credentials
  • ⚑ Temporary Credentials - Generate 24-hour AWS-compatible credentials
  • πŸ”„ Token Caching - Automatic token management and refresh
  • πŸ“¦ Resource Management - List and manage OTC resources
  • 🌐 Multi-Project Support - Work with multiple OTC projects
  • πŸš€ CCE Integration - Get kubeconfig for Kubernetes clusters

Installation

From Source

git clone https://github.com/abdo-farag/otc-cli.git
cd otc-cli
go build -o otc-cli cmd/otc-cli/main.go
sudo mv otc-cli /usr/local/bin/

Using Go Install

go install github.com/abdo-farag/otc-cli@latest

Quick Start

Option 1: Login with Federated SSO (OIDC/Keycloak)

  1. Configure environment variables:
# OIDC/Keycloak Configuration
export IDP_URL="https://your-keycloak.com/realms/YourRealm"
export IDP_CLIENT_ID="otc-client"
export IDP_CLIENT_SECRET="your-client-secret"  # Optional, for confidential clients
export IDP_PROVIDER_NAME="YourSSO"

# OTC Configuration
export OS_DOMAIN_NAME="OTC00000000001000001234"
export OS_REGION="eu-de"
  1. Login:
otc-cli login

This will open your browser for SSO authentication. After successful login, credentials are saved to otc-credentials.sh.

  1. Load credentials:
source otc-credentials.sh

Option 2: Login with IAM Credentials

  1. Configure environment variables:
export OS_USERNAME="your-username"
export OS_PASSWORD="your-password"
export OS_DOMAIN_NAME="OTC00000000001000001234"
export OS_REGION="eu-de"
  1. Login:
otc-cli login --iam
  1. Load credentials:
source otc-credentials.sh

Basic Usage

List Resources

# List all projects
otc-cli list projects

# List servers/instances
otc-cli list servers

# List servers in specific project
otc-cli list servers -p "Production"

# List VPCs
otc-cli list vpcs

# List subnets
otc-cli list subnets

# List volumes
otc-cli list volumes

# List CCE clusters
otc-cli list cce

Get Kubeconfig

# Get kubeconfig for CCE cluster
otc-cli get kubeconfig -c cluster-name

# Save to specific file
otc-cli get kubeconfig -c cluster-id -o ~/.kube/otc-config

Logout

Clear cached credentials:

otc-cli logout

Configuration

Keycloak OIDC Client Setup

If using federated SSO, configure your Keycloak client:

  1. Create OIDC Client in Keycloak Admin Console
  2. Client Settings:
    • Client Protocol: openid-connect
    • Access Type: public or confidential
    • Valid Redirect URIs: http://localhost:9197/oidc/auth
    • Web Origins: http://localhost:9197
  3. Required Scopes: openid, email, profile, roles, groups, offline_access

Environment Variables

Variable Description Required Default
IDP_URL Keycloak/OIDC provider URL For SSO -
IDP_CLIENT_ID OIDC client ID For SSO -
IDP_CLIENT_SECRET OIDC client secret No -
IDP_PROVIDER_NAME Identity provider name in OTC For SSO -
OS_USERNAME IAM username For IAM -
OS_PASSWORD IAM password For IAM -
OS_DOMAIN_NAME OTC domain name Yes -
OS_REGION OTC region No eu-de

Documentation

For advanced usage, detailed examples, and troubleshooting, see the complete documentation.

Topics covered in the advanced docs:

  • Working with multiple projects
  • JSON output and scripting
  • Integration with AWS CLI, Terraform, and boto3
  • Detailed troubleshooting guide
  • Authentication flow diagrams
  • CI/CD integration

Quick Troubleshooting

"Could not find OIDC configuration" error

  • Verify IDP_PROVIDER_NAME matches the Identity Provider name in OTC IAM
  • Check that federated identity is properly configured in OTC Console

"Project not found" error

List available projects first:

otc-cli list projects

Browser doesn't open

Use no-browser mode:

otc-cli login --no-browser

For more detailed troubleshooting, see otc-cli.md.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

MIT License - see LICENSE file for details

Links

Related Documentation

Note: This is an unofficial tool and is not supported by T-Systems or Deutsche Telekom.

About

A command-line interface tool for Open Telekom Cloud (OTC) that provides seamless authentication and resource management with federated Single Sign-On (SSO) support.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jan 8, 2026

Packages

No packages published

Languages