[Test with CLI generator] Add CLI support for SCIM token management using cli tooling

[Amelia Dong (ameliadong97)]

Release Notes

Breaking Changes

• PLACEHOLDER

New Features

• PLACEHOLDER

Bug Fixes

• PLACEHOLDER

Checklist

• I have successfully built and used a custom CLI binary, without linter issues from this PR.
• I have clearly specified in the What section below whether this PR applies to Confluent Cloud, Confluent Platform, or both.
• I have verified this PR in Confluent Cloud pre-prod or production environment, if applicable.
• I have verified this PR in Confluent Platform on-premises environment, if applicable.
• I have attached manual CLI verification results or screenshots in the Test & Review section below.
• I have added appropriate CLI integration or unit tests for any new or updated commands and functionality.
• I confirm that this PR introduces no breaking changes or backward compatibility issues.
• I have indicated the potential customer impact if something goes wrong in the Blast Radius section below.
• I have put checkmarks below confirming that the feature associated with this PR is enabled in:
  • Confluent Cloud prod
  • Confluent Cloud stag
  • Confluent Platform
  • Check this box if the feature is enabled for certain organizations only

What

Blast Radius

References

Test & Review

➜  cli git:(adong/identity-6269-via-cli-tool) ✗ alias confluent='./dist/confluent_darwin_arm64_v8.0/confluent'
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token --help                               
Manage org scim tokens.

Usage:
  confluent org scim-token [command]

Available Commands:
  create      Create an org scim token.
  delete      Delete one or more org scim tokens.
  list        List org scim tokens.

Global Flags:
  -h, --help            Show help for this command.
      --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which might contain plaintext secrets.
  -v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

Use "confluent org scim-token [command] --help" for more information about a command.
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token list
                   ID                  | Connection Name | Token |           Created At           |           Expires At            
---------------------------------------+-----------------+-------+--------------------------------+---------------------------------
  1ca1d57a-b32c-48b5-9d6c-483d806c2edf | adong-sso-stag  |       | 2026-05-13 21:52:41.41977      | 2026-06-12 21:52:41.418329      
                                       |                 |       | +0000 UTC                      | +0000 UTC                       
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token create
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ID              | fdd7c637-cb96-4657-8368-949c69038872                                                                                                                                                                                                                                                                                               |
| Connection Name | adong-sso-stag                                                                                                                                                                                                                                                                                                                     |
| Token           | cflt-scim_djI4N0I_4Jyc-ksEt8deYCtv9xXJXNC-AS4oCHer0T_Nvegh8ftSIz1nB58auhLhQc1ErziDJS2j6b8cJmRWefAuUts6WQPjAZasrfnQBFWRmss73gArGWDkTj1tetTJb-GLqG_UkgweCHgR0fbVxawTqXWusX7KKJWS4KE_WlvTDhXbhfY8-eDkAlMdcWXPt7r2Vb3JS1j_S9xrwpINCiMZSwZWEHBkxdUuBjyxKZwXLQvDYUrN6ZD9NviPqA3r1cxHv_XQyLJcQ2G-ApQ-7eMy9IN4te6UB_9LIsQU5y4K4Nchg0c3SCFE |
| Created At      | 2026-05-13 22:21:44.514309                                                                                                                                                                                                                                                                                                         |
|                 | +0000 UTC                                                                                                                                                                                                                                                                                                                          |
| Expires At      | 2026-11-09 22:21:44.512977                                                                                                                                                                                                                                                                                                         |
|                 | +0000 UTC                                                                                                                                                                                                                                                                                                                          |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token create -o json
{
  "id": "133d3868-650a-40e5-94e8-7fb5d67b4193",
  "connection_name": "adong-sso-stag",
  "token": "cflt-scim_djLsPtfLwd7GtjSNtyeJqagDN1B-NY1oL595fD5RFNcKB7uWqx5OInuYTMPkVf-wp6diVaawL6OipESA_Pfxr4dNQ4V5agHo0EgcKlKj16ph3OKXFgu2J4e8Hq-7lKM7crBNfxxIM13FFVY7ZbF6WkUaRmeTogeItdPfYeeF0DmL_Upm-CIx7fmcsP-JwdOdjgKtllkCvj2ZPz676PIBvC2SXrusYnauCR58CRpEynDyKB5rjO0HupahEfKSZ9_vIb6Ded0uF6O5eJqE2x35HrFrPNFXveZrRjHIE7cPJMpb38g7iVX1JbpS",
  "created_at": "2026-05-13 22:22:01.166849 +0000 UTC",
  "expires_at": "2026-11-09 22:22:01.165057 +0000 UTC"
}
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token create -o yaml
id: 0b6da92b-2fa2-4ead-9802-ba3f49cf86b9
connection_name: adong-sso-stag
token: cflt-scim_djJrKvoHqkqJ3qGdhjzjyZ-wPYFD5j4d9RhTSibMC1mGf-e9-XEfR1TIwUnHuanBtVpD1MXB9PPYMFfVOiapAH-l9ElA9vkZc6VuNaAI0Z_IWdGFnOLt78rjy2YlbhfITjl61sVEtgzVENcfYw4O9MHWbB3D6od3R0I_WU11iOtrqxXI0G1y58NNpIH1zbYTnIumWWd_6I7lDBVwC2z-XczChRWQoDTeKyaZFo1ngDX45pz1OcVZS5TKKZSVPKJj7Ie9ZadRONKtIGNIWgXylFyRf6by1LUaNjzjlM-f75JlN44zOszn8g==
created_at: 2026-05-13 22:22:17.032851 +0000 UTC
expires_at: 2026-11-09 22:22:17.030915 +0000 UTC
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token delete 3146288e-c55f-44af-849c-7719cb4e78a6 
Deleted org scim token "3146288e-c55f-44af-849c-7719cb4e78a6".
➜  cli git:(adong/identity-6269-via-cli-tool) ✗ confluent org scim-token create --expire-duration-mins 60 
Error: unknown flag: --expire-duration-mins
Usage:
  confluent org scim-token create [flags]

Flags:
      --context string   CLI context name.
  -o, --output string    Specify the output format as "human", "json", or "yaml". (default "human")

Global Flags:
  -h, --help            Show help for this command.
      --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which might contain plaintext secrets.
  -v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

[confluent-cla-assistant]

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

[Copilot]

Pull request overview

Adds a new top-level confluent org scim-token command group (create / delete / list) that wraps the org/v2 SCIM tokens API, generated via the CLI tooling. Includes a corresponding test-server handler, integration tests, golden fixtures, a live test, and a bump of the ccloud-sdk-go-v2/org SDK from v0.9.0 to v0.11.0 (currently shadowed by a local replace directive).

Changes:

• New internal/org package and org scim-token {create,delete,list} subcommands, registered at the top level.
• New Client methods (CreateOrgScimToken, DeleteOrgScimToken, ListOrgScimTokens) plus test-server handlers/fixtures.
• Integration tests, live test, golden fixtures, and lint vocabulary additions (Organization, scim); go.mod bumped to org SDK v0.11.0 with a local-path replace.

Reviewed changes

Copilot reviewed 29 out of 30 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
internal/command.go	Registers the new org top-level command.
internal/org/command.go	New org parent command (parallel to existing organization).
internal/org/command_scim_token.go	scim-token parent, shared print/autocomplete helpers.
internal/org/command_scim_token_create.go	create subcommand (currently sends empty InlineObject).
internal/org/command_scim_token_delete.go	delete subcommand using shared deletion.Delete helper.
internal/org/command_scim_token_list.go	list subcommand with paginated client call.
pkg/ccloudv2/org.go	New SCIM token API wrappers on Client.
test/test-server/scim_token_handler.go	Test-server handlers for GET/POST/DELETE scim-tokens.
test/test-server/ccloudv2_router.go	Routes the new test-server endpoints.
test/scim_token_test.go	Integration tests for create/delete/list/autocomplete.
test/live/scim_token_live_test.go	Live CRUD test (uses non-existent describe and an unsupported positional arg).
test/fixtures/input/org/scim_token/*.json	Fixtures consumed by the test-server handler.
test/fixtures/output/org/scim-token/*.golden	Golden outputs for human/json/yaml/help and delete flows.
test/fixtures/output/org/help.golden, help.golden	Updated top-level help to include the new org command.
cmd/lint/main.go	Adds Organization to properNouns and scim to vocabWords.
go.mod / go.sum	Bumps org SDK to v0.11.0 and adds a local-filesystem replace directive.

Comments suppressed due to low confidence (2)

test/live/scim_token_live_test.go:47

• The "Verify deletion" step invokes org scim-token describe, but no describe subcommand is registered on scimTokenCommand (only create, delete, and list are added in command_scim_token.go). When run, this step will fail because the command is unknown, not because the resource was deleted, so the test does not actually verify deletion. Either implement a describe subcommand or change this step to verify deletion via list (e.g. assert the token id is no longer present) or via a second delete --force that should now return non-zero.

		{
			Name:         "Verify deletion",
			Args:         "org scim-token describe {{.scim_token_id}}",
			UseStateVars: true,
			ExitCode:     1,
		},

internal/org/command_scim_token.go:64

• The validArgs method is defined but never referenced — only validArgsMultiple is wired up (via delete's ValidArgsFunction). Dead code; either remove it or use it somewhere.

func (c *scimTokenCommand) validArgs(cmd *cobra.Command, args []string) []string {
	if len(args) > 0 {
		return nil
	}

	return c.validArgsMultiple(cmd, args)
}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.