UpCloudLtd
diff --git a/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎examples/use_object_storage.md‎
Lines changed: 48 additions & 0 deletions b/‎examples/use_object_storage.md‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎internal/commands/base/base.go‎
Lines changed: 36 additions & 0 deletions b/‎internal/commands/base/base.go‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎internal/commands/objectstorage/accesskey/accesskey.go‎
Lines changed: 16 additions & 0 deletions b/‎internal/commands/objectstorage/accesskey/accesskey.go‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎internal/commands/objectstorage/accesskey/create.go‎
Lines changed: 71 additions & 0 deletions b/‎internal/commands/objectstorage/accesskey/create.go‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎internal/commands/objectstorage/accesskey/delete.go‎
Lines changed: 61 additions & 0 deletions b/‎internal/commands/objectstorage/accesskey/delete.go‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎internal/commands/objectstorage/accesskey/list.go‎
Lines changed: 77 additions & 0 deletions b/‎internal/commands/objectstorage/accesskey/list.go‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎internal/commands/objectstorage/bucket/bucket.go‎
Lines changed: 16 additions & 0 deletions b/‎internal/commands/objectstorage/bucket/bucket.go‎
Lines changed: 16 additions & 0 deletions
@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Object storage service creation with `object-storage create` command supporting labels, networks, and configured status
+- Object storage label management with dedicated commands: `object-storage label add`, `object-storage label remove`, and `object-storage label list`
+- Object storage network management with `object-storage network attach` and `object-storage network detach` commands
+- Object storage bucket management with `object-storage bucket create`, `object-storage bucket delete`, and `object-storage bucket list` commands
+- Object storage user management with `object-storage user create`, `object-storage user delete`, and `object-storage user list` commands
+- Object storage user access key management with `object-storage create-access-key`, `object-storage delete-access-key`, and `object-storage list-access-keys` commands
+
 ## [3.21.0] - 2025-07-15
 
 ### Added
 
@@ -0,0 +1,48 @@
+# Using Object Storage with upctl
+
+This example demonstrates how to create and manage an object storage service, including managing buckets and configuring
+S3-compatible access via access keys.
+
+Set environment variables for convenience:
+
+```env
+prefix=example-upctl-
+region=europe-1
+```
+
+Create a managed object storage service:
+
+```sh
+upctl object-storage create --name ${prefix}service --network type=public,name=${prefix}network,family=IPv4 --region ${region}
+```
+
+List all buckets in your service (will be empty at this point):
+
+```sh
+upctl object-storage bucket list ${prefix}service
+```
+
+Create a new bucket:
+
+```sh
+upctl object-storage bucket create ${prefix}service --name ${prefix}bucket
+```
+
+Create a user and an access key for S3-compatible access:
+
+```sh
+upctl object-storage user create ${prefix}service --username ${prefix}user
+upctl object-storage access-key create ${prefix}service --username ${prefix}user
+```
+
+Once not needed anymore, delete the user:
+
+```sh
+upctl object-storage user delete ${prefix}service --username ${prefix}user
+```
+
+Delete also the managed object storage service along with its buckets:
+
+```sh
+upctl object-storage delete ${prefix}service --delete-buckets
+```
@@ -19,6 +19,11 @@ import (
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/network"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/networkpeering"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage"
+	objectstorageAccesskey "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/accesskey"
+	objectstoragebucket "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/bucket"
+	objectstoragelabel "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/label"
+	objectstoragenetwork "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/network"
+	objectstorageuser "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/user"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/partner"
 	partneraccount "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/partner/account"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/root"
@@ -212,11 +217,42 @@ func BuildCommands(rootCmd *cobra.Command, conf *config.Config) {
 
 	// Managed object storage operations
 	objectStorageCommand := commands.BuildCommand(objectstorage.BaseobjectstorageCommand(), rootCmd, conf)
+	commands.BuildCommand(objectstorage.CreateCommand(), objectStorageCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorage.DeleteCommand(), objectStorageCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorage.ListCommand(), objectStorageCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorage.ShowCommand(), objectStorageCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorage.RegionsCommand(), objectStorageCommand.Cobra(), conf)
 
+	// Object storage user management
+	userCommand := commands.BuildCommand(objectstorageuser.BaseUserCommand(), objectStorageCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuser.CreateCommand(), userCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuser.DeleteCommand(), userCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuser.ListCommand(), userCommand.Cobra(), conf)
+
+	// Object storage access key management
+	accessKeyCommand := commands.BuildCommand(objectstorageAccesskey.BaseAccessKeyCommand(), objectStorageCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageAccesskey.CreateCommand(), accessKeyCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageAccesskey.DeleteCommand(), accessKeyCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageAccesskey.ListCommand(), accessKeyCommand.Cobra(), conf)
+
+	// Object storage network management
+	objectStorageNetworkCommand := commands.BuildCommand(objectstoragenetwork.BaseNetworkCommand(), objectStorageCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragenetwork.AttachCommand(), objectStorageNetworkCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragenetwork.DetachCommand(), objectStorageNetworkCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragenetwork.ListCommand(), objectStorageNetworkCommand.Cobra(), conf)
+
+	// Object storage bucket management
+	bucketCommand := commands.BuildCommand(objectstoragebucket.BaseBucketCommand(), objectStorageCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragebucket.CreateCommand(), bucketCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragebucket.DeleteCommand(), bucketCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragebucket.ListCommand(), bucketCommand.Cobra(), conf)
+
+	// Object storage label management
+	labelCommand := commands.BuildCommand(objectstoragelabel.BaseLabelCommand(), objectStorageCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragelabel.AddCommand(), labelCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragelabel.RemoveCommand(), labelCommand.Cobra(), conf)
+	commands.BuildCommand(objectstoragelabel.ListCommand(), labelCommand.Cobra(), conf)
+
 	// Network Gateway operations
 	gatewayCommand := commands.BuildCommand(gateway.BaseGatewayCommand(), rootCmd, conf)
 	commands.BuildCommand(gateway.DeleteCommand(), gatewayCommand.Cobra(), conf)
 
@@ -0,0 +1,16 @@
+package accesskey
+
+import (
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+)
+
+// BaseAccessKeyCommand creates the base "object-storage access-key" command
+func BaseAccessKeyCommand() commands.Command {
+	return &accessKeyCommand{
+		BaseCommand: commands.New("access-key", "Manage access keys in managed object storage services"),
+	}
+}
+
+type accessKeyCommand struct {
+	*commands.BaseCommand
+}
@@ -0,0 +1,71 @@
+package accesskey
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// CreateCommand creates the 'object-storage access-key create' command
+func CreateCommand() commands.Command {
+	return &createCommand{
+		BaseCommand: commands.New(
+			"create",
+			"Create an access key for a user in managed object storage service",
+			"upctl object-storage access-key create <service-uuid> --username myuser",
+			"upctl object-storage access-key create my-service --username myuser",
+		),
+	}
+}
+
+type createCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.CreateManagedObjectStorageUserAccessKeyRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *createCommand) InitCommand() {
+	s.Cobra().Long = commands.WrapLongDescription(`Create an access key for a user in managed object storage service\n\nCreates a new access key for the specified user in a managed object storage service. The access key can be used to authenticate API requests to the object storage service. Note that the secret access key is only shown once during creation and cannot be retrieved later.`)
+
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "The username to create the access key for.")
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+}
+
+// Execute implements Command.Execute
+func (s *createCommand) Execute(exec commands.Executor, serviceUUID string) (output.Output, error) {
+	s.params.ServiceUUID = serviceUUID
+
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Creating access key for user %v in service %v", s.params.Username, s.params.ServiceUUID)
+	exec.PushProgressStarted(msg)
+
+	res, err := svc.CreateManagedObjectStorageUserAccessKey(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	// Handle SecretAccessKey which might be a pointer
+	var secretKey interface{}
+	if res.SecretAccessKey != nil {
+		secretKey = *res.SecretAccessKey
+	} else {
+		secretKey = ""
+	}
+
+	return output.MarshaledWithHumanDetails{Value: res, Details: []output.DetailRow{
+		{Title: "Access Key ID", Value: res.AccessKeyID},
+		{Title: "Secret Access Key", Value: secretKey},
+		{Title: "Status", Value: res.Status},
+		{Title: "Created At", Value: res.CreatedAt},
+	}}, nil
+}
@@ -0,0 +1,61 @@
+package accesskey
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// DeleteCommand creates the 'object-storage access-key delete' command
+func DeleteCommand() commands.Command {
+	return &deleteCommand{
+		BaseCommand: commands.New(
+			"delete",
+			"Delete an access key from a user in managed object storage service",
+			"upctl object-storage access-key delete <service-uuid> --username myuser --access-key-id AKIAIOSFODNN7EXAMPLE",
+			"upctl object-storage access-key delete my-service --username myuser --access-key-id AKIAIOSFODNN7EXAMPLE",
+		),
+	}
+}
+
+type deleteCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.DeleteManagedObjectStorageUserAccessKeyRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *deleteCommand) InitCommand() {
+	s.Cobra().Long = commands.WrapLongDescription(`Delete an access key from a user in managed object storage service\n\nDeletes the specified access key from the user in the managed object storage service. The access key will be permanently deleted and can no longer be used for authentication.`)
+
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "Username that owns the access key")
+	fs.StringVar(&s.params.AccessKeyID, "access-key-id", "", "Access key ID to delete")
+
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+	commands.Must(s.Cobra().MarkFlagRequired("access-key-id"))
+}
+
+// Execute implements commands.MultipleArgumentCommand
+func (s *deleteCommand) Execute(exec commands.Executor, serviceUUID string) (output.Output, error) {
+	s.params.ServiceUUID = serviceUUID
+
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Deleting access key %s for user %s from service %s", s.params.AccessKeyID, s.params.Username, serviceUUID)
+	exec.PushProgressStarted(msg)
+
+	err := svc.DeleteManagedObjectStorageUserAccessKey(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	return output.OnlyMarshaled{Value: fmt.Sprintf("Access key %s deleted for user %s from service %s", s.params.AccessKeyID, s.params.Username, serviceUUID)}, nil
+}
@@ -0,0 +1,77 @@
+package accesskey
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// ListCommand creates the 'object-storage access-key list' command
+func ListCommand() commands.Command {
+	return &listCommand{
+		BaseCommand: commands.New(
+			"list",
+			"List access keys for a user in managed object storage service",
+			"upctl object-storage access-key list <service-uuid> --username myuser",
+			"upctl object-storage access-key list my-service --username myuser",
+		),
+	}
+}
+
+type listCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.GetManagedObjectStorageUserAccessKeysRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *listCommand) InitCommand() {
+	s.Cobra().Long = commands.WrapLongDescription(`List access keys for a user in managed object storage service\n\nLists all access keys for the specified user in the managed object storage service. This helps you find the access key IDs needed for deletion.`)
+
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "The username of the user to list access keys from.")
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+}
+
+// Execute implements commands.MultipleArgumentCommand
+func (s *listCommand) Execute(exec commands.Executor, uuid string) (output.Output, error) {
+	s.params.ServiceUUID = uuid
+
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Listing access keys for user %s in service %s", s.params.Username, uuid)
+	exec.PushProgressStarted(msg)
+
+	res, err := svc.GetManagedObjectStorageUserAccessKeys(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	rows := []output.TableRow{}
+	for _, accessKey := range res {
+		rows = append(rows, output.TableRow{
+			accessKey.AccessKeyID,
+			accessKey.Status,
+			accessKey.CreatedAt.String(),
+		})
+	}
+
+	return output.MarshaledWithHumanOutput{
+		Value: res,
+		Output: output.Table{
+			Columns: []output.TableColumn{
+				{Key: "access_key_id", Header: "Access Key ID"},
+				{Key: "status", Header: "Status"},
+				{Key: "created_at", Header: "Created"},
+			},
+			Rows: rows,
+		},
+	}, nil
+}
@@ -0,0 +1,16 @@
+package bucket
+
+import (
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+)
+
+// BaseBucketCommand creates the base "object-storage bucket" command
+func BaseBucketCommand() commands.Command {
+	return &bucketCommand{
+		BaseCommand: commands.New("bucket", "Manage buckets in managed object storage services"),
+	}
+}
+
+type bucketCommand struct {
+	*commands.BaseCommand
+}