fix(objsto): remove broken sections from object storage example (#682)

Author: kangasta

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add commands for attaching, detaching, and listing policies attached to a user in managed object storage service.
+
 ## [3.29.0] - 2026-02-06
 
 ### Added

examples/use_object_storage.md

@@ -43,29 +43,9 @@ Save the access key ID and secret access key from the output - you'll need these
 
 Attach a policy to grant the user access to buckets:
 
-1. **Using the UpCloud API:**
-
-   First, get your service UUID:
-   ```sh
-   service_uuid=$(upctl object-storage list -o json | jq -r ".[] | select(.name == \"${prefix}service\") | .uuid")
-   ```
-
-   Then attach the policy (requires UPCLOUD_TOKEN environment variable):
-   ```sh when="false"
-   # Note: This command requires a bearer token which can be created via the UpCloud Control Panel
-   # The when=false flag skips this in automated tests since only username/password are available in CI
-   curl -X POST "https://api.upcloud.com/1.3/object-storage-2/${service_uuid}/users/${prefix}user/policies" \
-     -H "Authorization: Bearer ${UPCLOUD_TOKEN}" \
-     -H "Content-Type: application/json" \
-     -d '{"name": "ECSS3FullAccess"}'
-   ```
-
-   A successful response returns HTTP status 204.
-
-2. **Using the UpCloud Control Panel:**
-   Navigate to Object Storage → Users → Select user → Attach Policy → ECSS3FullAccess
-
-**Note:** Without attaching a policy, the user won't have permission to access buckets via AWS CLI or S3-compatible tools.
+```sh
+upctl object-storage user policy attach ${prefix}service --username ${prefix}user --policy ECSS3FullAccess
+```
 
 Verify S3 access with AWS CLI:
 

internal/commands/base/base.go

@@ -25,6 +25,7 @@ import (
 	objectstoragelabel "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/label"
 	objectstoragenetwork "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/network"
 	objectstorageuser "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/user"
+	objectstorageuserpolicy "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/objectstorage/user/policy"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/partner"
 	partneraccount "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/partner/account"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/root"
@@ -234,6 +235,12 @@ func BuildCommands(rootCmd *cobra.Command, conf *config.Config) {
 	commands.BuildCommand(objectstorageuser.DeleteCommand(), userCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorageuser.ListCommand(), userCommand.Cobra(), conf)
 
+	// Object storage user policy management
+	userPolicyCommand := commands.BuildCommand(objectstorageuserpolicy.BaseUserPolicyCommand(), userCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuserpolicy.AttachCommand(), userPolicyCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuserpolicy.DetachCommand(), userPolicyCommand.Cobra(), conf)
+	commands.BuildCommand(objectstorageuserpolicy.ListCommand(), userPolicyCommand.Cobra(), conf)
+
 	// Object storage access key management
 	accessKeyCommand := commands.BuildCommand(objectstorageAccesskey.BaseAccessKeyCommand(), objectStorageCommand.Cobra(), conf)
 	commands.BuildCommand(objectstorageAccesskey.CreateCommand(), accessKeyCommand.Cobra(), conf)

internal/commands/objectstorage/user/policy/attach.go

@@ -0,0 +1,57 @@
+package policy
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// AttachCommand creates the 'object-storage user-policy attach' command
+func AttachCommand() commands.Command {
+	return &attachCommand{
+		BaseCommand: commands.New(
+			"attach",
+			"Attach a policy to a user in managed object storage service",
+			"upctl object-storage user-policy attach <service-uuid> --username myuser --policy ECSS3FullAccess",
+			"upctl object-storage user-policy attach my-service --username myuser --policy ECSS3ReadOnlyAccess",
+		),
+	}
+}
+
+type attachCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.AttachManagedObjectStorageUserPolicyRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *attachCommand) InitCommand() {
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "The username to attach the policy to.")
+	fs.StringVar(&s.params.Name, "policy", "", "The name of the policy to attach.")
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+	commands.Must(s.Cobra().MarkFlagRequired("policy"))
+}
+
+// Execute implements Command.Execute
+func (s *attachCommand) Execute(exec commands.Executor, serviceUUID string) (output.Output, error) {
+	s.params.ServiceUUID = serviceUUID
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Attaching policy %s to user %s in service %s", s.params.Name, s.params.Username, serviceUUID)
+	exec.PushProgressStarted(msg)
+
+	err := svc.AttachManagedObjectStorageUserPolicy(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	return output.OnlyMarshaled{Value: fmt.Sprintf("Policy %s attached to user %s in service %s", s.params.Name, s.params.Username, serviceUUID)}, nil
+}

internal/commands/objectstorage/user/policy/detach.go

@@ -0,0 +1,57 @@
+package policy
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// DetachCommand creates the 'object-storage user-policy detach' command
+func DetachCommand() commands.Command {
+	return &detachCommand{
+		BaseCommand: commands.New(
+			"detach",
+			"Detach a policy from a user in managed object storage service",
+			"upctl object-storage user-policy detach <service-uuid> --username myuser --policy ECSS3FullAccess",
+			"upctl object-storage user-policy detach my-service --username myuser --policy ECSS3ReadOnlyAccess",
+		),
+	}
+}
+
+type detachCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.DetachManagedObjectStorageUserPolicyRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *detachCommand) InitCommand() {
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "The username to detach the policy from.")
+	fs.StringVar(&s.params.Name, "policy", "", "The name of the policy to detach.")
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+	commands.Must(s.Cobra().MarkFlagRequired("policy"))
+}
+
+// Execute implements Command.Execute
+func (s *detachCommand) Execute(exec commands.Executor, serviceUUID string) (output.Output, error) {
+	s.params.ServiceUUID = serviceUUID
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Detaching policy %s from user %s in service %s", s.params.Name, s.params.Username, serviceUUID)
+	exec.PushProgressStarted(msg)
+
+	err := svc.DetachManagedObjectStorageUserPolicy(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	return output.OnlyMarshaled{Value: fmt.Sprintf("Policy %s detached from user %s in service %s", s.params.Name, s.params.Username, serviceUUID)}, nil
+}

internal/commands/objectstorage/user/policy/list.go

@@ -0,0 +1,70 @@
+package policy
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// ListCommand creates the 'object-storage user-policy list' command
+func ListCommand() commands.Command {
+	return &listCommand{
+		BaseCommand: commands.New(
+			"list",
+			"List policies attached to a user in managed object storage service",
+			"upctl object-storage user-policy list <service-uuid> --username myuser",
+			"upctl object-storage user-policy list my-service --username myuser",
+		),
+	}
+}
+
+type listCommand struct {
+	*commands.BaseCommand
+	completion.ObjectStorage
+	resolver.CachingObjectStorage
+	params request.GetManagedObjectStorageUserPoliciesRequest
+}
+
+// InitCommand implements Command.InitCommand
+func (s *listCommand) InitCommand() {
+	fs := s.Cobra().Flags()
+	fs.StringVar(&s.params.Username, "username", "", "The username to list policies for.")
+	commands.Must(s.Cobra().MarkFlagRequired("username"))
+}
+
+// Execute implements Command.Execute
+func (s *listCommand) Execute(exec commands.Executor, serviceUUID string) (output.Output, error) {
+	s.params.ServiceUUID = serviceUUID
+	svc := exec.All()
+
+	msg := fmt.Sprintf("Listing policies for user %s in service %s", s.params.Username, serviceUUID)
+	exec.PushProgressStarted(msg)
+
+	res, err := svc.GetManagedObjectStorageUserPolicies(exec.Context(), &s.params)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	rows := []output.TableRow{}
+	for _, policy := range res {
+		rows = append(rows, output.TableRow{
+			policy.Name,
+		})
+	}
+
+	return output.MarshaledWithHumanOutput{
+		Value: res,
+		Output: output.Table{
+			Columns: []output.TableColumn{
+				{Key: "name", Header: "Policy Name"},
+			},
+			Rows: rows,
+		},
+	}, nil
+}

internal/commands/objectstorage/user/policy/policy.go

@@ -0,0 +1,16 @@
+package policy
+
+import (
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+)
+
+// BaseUserPolicyCommand creates the base "object-storage user policy" command
+func BaseUserPolicyCommand() commands.Command {
+	return &userPolicyCommand{
+		BaseCommand: commands.New("policy", "Manage policies attached to a managed object storage user"),
+	}
+}
+
+type userPolicyCommand struct {
+	*commands.BaseCommand
+}