amplify-excel-migrator 1.1.5__py3-none-any.whl → 1.2.15__py3-none-any.whl

amplify_excel_migrator/__init__.py

@@ -0,0 +1,17 @@
+"""Amplify Excel Migrator - Migrate Excel data to AWS Amplify GraphQL API."""
+
+__version__ = "1.2.5"
+
+from amplify_excel_migrator.client import AmplifyClient
+from amplify_excel_migrator.migration import MigrationOrchestrator
+from amplify_excel_migrator.auth import AuthenticationProvider, CognitoAuthProvider
+from amplify_excel_migrator.core import ConfigManager
+
+__all__ = [
+    "AmplifyClient",
+    "MigrationOrchestrator",
+    "AuthenticationProvider",
+    "CognitoAuthProvider",
+    "ConfigManager",
+    "__version__",
+]

amplify_excel_migrator/auth/__init__.py

@@ -0,0 +1,6 @@
+"""Authentication module for Amplify Excel Migrator."""
+
+from .provider import AuthenticationProvider
+from .cognito_auth import CognitoAuthProvider
+
+__all__ = ["AuthenticationProvider", "CognitoAuthProvider"]

amplify_excel_migrator/auth/cognito_auth.py

@@ -0,0 +1,306 @@
+"""AWS Cognito authentication provider implementation."""
+
+import logging
+from typing import Optional
+from getpass import getpass
+
+import boto3
+import jwt
+from botocore.exceptions import NoCredentialsError, ProfileNotFound, NoRegionError, ClientError
+from pycognito import Cognito, MFAChallengeException
+from pycognito.exceptions import ForceChangePasswordException
+
+from .provider import AuthenticationProvider
+
+logger = logging.getLogger(__name__)
+
+
+class CognitoAuthProvider(AuthenticationProvider):
+    """AWS Cognito authentication provider."""
+
+    def __init__(
+        self,
+        user_pool_id: str,
+        client_id: str,
+        region: str,
+        admin_group_name: str = "ADMINS",
+    ):
+        """
+        Initialize the Cognito authentication provider.
+
+        Args:
+            user_pool_id: Cognito User Pool ID
+            client_id: Cognito App Client ID
+            region: AWS region
+            admin_group_name: Name of the admin group to check membership
+        """
+        self.user_pool_id = user_pool_id
+        self.client_id = client_id
+        self.region = region
+        self.admin_group_name = admin_group_name
+
+        self.cognito_client: Optional[Cognito] = None
+        self.boto_cognito_admin_client: Optional[any] = None
+        self._id_token: Optional[str] = None
+        self._mfa_tokens: Optional[dict] = None
+
+    def authenticate(self, username: str, password: str, mfa_code: Optional[str] = None) -> bool:
+        """
+        Authenticate using standard Cognito user authentication.
+
+        Args:
+            username: User's username or email
+            password: User's password
+            mfa_code: Optional MFA code if MFA is enabled
+
+        Returns:
+            True if authentication successful, False otherwise
+        """
+        try:
+            if not self.cognito_client:
+                self._init_cognito_client(username)
+
+            if mfa_code and self._mfa_tokens:
+                if not self._complete_mfa_challenge(mfa_code):
+                    return False
+            else:
+                self.cognito_client.authenticate(password=password)
+
+            self._id_token = self.cognito_client.id_token
+
+            self._check_user_in_admins_group(self._id_token)
+
+            logger.info("✅ Authentication successful")
+            return True
+
+        except MFAChallengeException as e:
+            logger.warning("MFA required")
+            if hasattr(e, "get_tokens"):
+                self._mfa_tokens = e.get_tokens()
+
+                mfa_code = input("Enter MFA code: ").strip()
+                if mfa_code:
+                    return self.authenticate(username, password, mfa_code)
+                else:
+                    logger.error("MFA code required but not provided")
+                    return False
+            else:
+                logger.error("MFA challenge received but no session tokens available")
+                return False
+
+        except ForceChangePasswordException:
+            logger.warning("Password change required")
+            new_password = input("Your password has expired. Enter new password: ").strip()
+            confirm_password = input("Confirm new password: ").strip()
+            if new_password != confirm_password:
+                logger.error("Passwords do not match")
+                return False
+
+            try:
+                self.cognito_client.new_password_challenge(password, new_password)
+                return self.authenticate(username, new_password)
+
+            except Exception as e:
+                logger.error(f"Failed to change password: {e}")
+                return False
+
+        except Exception as e:
+            logger.error(f"Authentication failed: {e}")
+            return False
+
+    def authenticate_admin(self, username: str, password: str, aws_profile: Optional[str] = None) -> bool:
+        """
+        Authenticate using AWS admin credentials (ADMIN_USER_PASSWORD_AUTH flow).
+
+        Requires AWS credentials with cognito-idp:ListUserPoolClients permission.
+
+        Args:
+            username: User's username or email
+            password: User's password
+            aws_profile: Optional AWS profile name
+
+        Returns:
+            True if authentication successful, False otherwise
+        """
+        try:
+            if not self.boto_cognito_admin_client:
+                self._init_boto_admin_client(aws_profile)
+
+            logger.info(f"Authenticating {username} using ADMIN_USER_PASSWORD_AUTH flow...")
+
+            response = self.boto_cognito_admin_client.admin_initiate_auth(
+                UserPoolId=self.user_pool_id,
+                ClientId=self.client_id,
+                AuthFlow="ADMIN_USER_PASSWORD_AUTH",
+                AuthParameters={"USERNAME": username, "PASSWORD": password},
+            )
+
+            self._check_for_mfa_challenges(response, username)
+
+            if "AuthenticationResult" in response:
+                self._id_token = response["AuthenticationResult"]["IdToken"]
+            else:
+                logger.error("❌ Authentication failed: No AuthenticationResult in response")
+                return False
+
+            self._check_user_in_admins_group(self._id_token)
+
+            logger.info("✅ Authentication successful")
+            return True
+
+        except Exception as e:
+            if hasattr(e, "response"):
+                error_code = e.response.get("Error", {}).get("Code", "Unknown")
+                if error_code == "NotAuthorizedException":
+                    logger.error(f"❌ Authentication failed: {e}")
+                elif error_code == "UserNotFoundException":
+                    logger.error(f"❌ User not found: {username}")
+                else:
+                    logger.error(f"❌ Error during authentication: {e}")
+            else:
+                logger.error(f"❌ Error during authentication: {e}")
+            return False
+
+    def get_id_token(self) -> Optional[str]:
+        """
+        Get the ID token from the last successful authentication.
+
+        Returns:
+            ID token string if authenticated, None otherwise
+        """
+        return self._id_token
+
+    def is_authenticated(self) -> bool:
+        """
+        Check if the provider is currently authenticated.
+
+        Returns:
+            True if authenticated, False otherwise
+        """
+        return self._id_token is not None
+
+    def _init_cognito_client(self, username: str) -> None:
+        """Initialize the standard Cognito client."""
+        try:
+            self.cognito_client = Cognito(
+                user_pool_id=self.user_pool_id,
+                client_id=self.client_id,
+                user_pool_region=self.region,
+                username=username,
+            )
+        except ValueError as e:
+            logger.error(f"Invalid parameter: {e}")
+            raise
+
+    def _init_boto_admin_client(self, aws_profile: Optional[str] = None) -> None:
+        """Initialize the boto3 Cognito admin client."""
+        try:
+            if aws_profile:
+                session = boto3.Session(profile_name=aws_profile)
+                self.boto_cognito_admin_client = session.client("cognito-idp", region_name=self.region)
+            else:
+                # Use default AWS credentials (from ~/.aws/credentials, env vars, or IAM role)
+                self.boto_cognito_admin_client = boto3.client("cognito-idp", region_name=self.region)
+
+        except NoCredentialsError:
+            logger.error("AWS credentials not found. Please configure AWS credentials.")
+            logger.error("Options: 1) AWS CLI: 'aws configure', 2) Environment variables, 3) Pass credentials directly")
+            raise RuntimeError(
+                "Failed to initialize client: No AWS credentials found. "
+                "Run 'aws configure' or set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+            )
+
+        except ProfileNotFound:
+            logger.error(f"AWS profile '{aws_profile}' not found")
+            raise RuntimeError(
+                f"Failed to initialize client: AWS profile '{aws_profile}' not found. "
+                f"Available profiles can be found in ~/.aws/credentials"
+            )
+
+        except NoRegionError:
+            logger.error("No AWS region specified")
+            raise RuntimeError(
+                "Failed to initialize client: No AWS region specified. "
+                "Provide region parameter or set AWS_DEFAULT_REGION environment variable."
+            )
+
+        except ClientError as e:
+            error_code = e.response.get("Error", {}).get("Code", "Unknown")
+            error_msg = e.response.get("Error", {}).get("Message", str(e))
+            logger.error(f"AWS Client Error [{error_code}]: {error_msg}")
+            raise RuntimeError(f"Failed to initialize client: AWS error [{error_code}]: {error_msg}")
+
+        except Exception as e:
+            logger.error(f"Error during client initialization: {e}")
+            raise RuntimeError(f"Failed to initialize client: {e}")
+
+    def _complete_mfa_challenge(self, mfa_code: str) -> bool:
+        """Complete MFA challenge."""
+        try:
+            if not self._mfa_tokens:
+                logger.error("No MFA session tokens available")
+                return False
+
+            challenge_name = self._mfa_tokens.get("ChallengeName", "SMS_MFA")
+
+            if "SOFTWARE_TOKEN" in challenge_name:
+                self.cognito_client.respond_to_software_token_mfa_challenge(code=mfa_code, mfa_tokens=self._mfa_tokens)
+            else:
+                self.cognito_client.respond_to_sms_mfa_challenge(code=mfa_code, mfa_tokens=self._mfa_tokens)
+
+            logger.info("✅ MFA challenge successful")
+            return True
+
+        except Exception as e:
+            logger.error(f"MFA challenge failed: {e}")
+            return False
+
+    def _check_for_mfa_challenges(self, response: dict, username: str) -> bool:
+        """Check and handle MFA challenges in admin auth response."""
+        if "ChallengeName" in response:
+            challenge = response["ChallengeName"]
+
+            if challenge == "MFA_SETUP":
+                logger.error("MFA setup required")
+                return False
+
+            elif challenge == "SMS_MFA" or challenge == "SOFTWARE_TOKEN_MFA":
+                mfa_code = input("Enter MFA code: ")
+                _ = self.boto_cognito_admin_client.admin_respond_to_auth_challenge(
+                    UserPoolId=self.user_pool_id,
+                    ClientId=self.client_id,
+                    ChallengeName=challenge,
+                    Session=response["Session"],
+                    ChallengeResponses={
+                        "USERNAME": username,
+                        "SMS_MFA_CODE" if challenge == "SMS_MFA" else "SOFTWARE_TOKEN_MFA_CODE": mfa_code,
+                    },
+                )
+
+            elif challenge == "NEW_PASSWORD_REQUIRED":
+                new_password = getpass("Enter new password: ")
+                _ = self.boto_cognito_admin_client.admin_respond_to_auth_challenge(
+                    UserPoolId=self.user_pool_id,
+                    ClientId=self.client_id,
+                    ChallengeName=challenge,
+                    Session=response["Session"],
+                    ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
+                )
+
+        return False
+
+    def _check_user_in_admins_group(self, id_token: str) -> None:
+        """
+        Check if user belongs to the admin group.
+
+        Args:
+            id_token: JWT ID token
+
+        Raises:
+            PermissionError: If user is not in admin group
+        """
+        claims = jwt.decode(id_token, options={"verify_signature": False})
+        groups = claims.get("cognito:groups", [])
+
+        if self.admin_group_name not in groups:
+            raise PermissionError(f"User is not in {self.admin_group_name} group")

amplify_excel_migrator/auth/provider.py

@@ -0,0 +1,42 @@
+"""Abstract authentication provider interface."""
+
+from abc import ABC, abstractmethod
+from typing import Optional
+
+
+class AuthenticationProvider(ABC):
+    """Abstract base class for authentication providers."""
+
+    @abstractmethod
+    def authenticate(self, username: str, password: str) -> bool:
+        """
+        Authenticate a user with username and password.
+
+        Args:
+            username: User's username or email
+            password: User's password
+
+        Returns:
+            True if authentication successful, False otherwise
+        """
+        pass
+
+    @abstractmethod
+    def get_id_token(self) -> Optional[str]:
+        """
+        Get the ID token from the last successful authentication.
+
+        Returns:
+            ID token string if authenticated, None otherwise
+        """
+        pass
+
+    @abstractmethod
+    def is_authenticated(self) -> bool:
+        """
+        Check if the provider is currently authenticated.
+
+        Returns:
+            True if authenticated, False otherwise
+        """
+        pass

amplify_excel_migrator/cli/__init__.py

@@ -0,0 +1,5 @@
+"""CLI module for Amplify Excel Migrator."""
+
+from .commands import cmd_show, cmd_config, cmd_migrate, main
+
+__all__ = ["cmd_show", "cmd_config", "cmd_migrate", "main"]

amplify_excel_migrator/cli/commands.py

@@ -0,0 +1,165 @@
+"""CLI command handlers for Amplify Excel Migrator."""
+
+import argparse
+import sys
+
+from amplify_excel_migrator.client import AmplifyClient
+from amplify_excel_migrator.core import ConfigManager
+from amplify_excel_migrator.schema import FieldParser
+from amplify_excel_migrator.data import ExcelReader, DataTransformer
+from amplify_excel_migrator.migration import (
+    FailureTracker,
+    ProgressReporter,
+    BatchUploader,
+    MigrationOrchestrator,
+)
+
+
+def cmd_show(args=None):
+    print(
+        """
+    ╔════════════════════════════════════════════════════╗
+    ║        Amplify Migrator - Current Configuration    ║
+    ╚════════════════════════════════════════════════════╝
+    """
+    )
+
+    config_manager = ConfigManager()
+    cached_config = config_manager.load()
+
+    if not cached_config:
+        print("\n❌ No configuration found!")
+        print("💡 Run 'amplify-migrator config' first to set up your configuration.")
+        return
+
+    print("\n📋 Cached Configuration:")
+    print("-" * 54)
+    print(f"Excel file path:      {cached_config.get('excel_path', 'N/A')}")
+    print(f"API endpoint:         {cached_config.get('api_endpoint', 'N/A')}")
+    print(f"AWS Region:           {cached_config.get('region', 'N/A')}")
+    print(f"User Pool ID:         {cached_config.get('user_pool_id', 'N/A')}")
+    print(f"Client ID:            {cached_config.get('client_id', 'N/A')}")
+    print(f"Admin Username:       {cached_config.get('username', 'N/A')}")
+    print("-" * 54)
+    print(f"\n📍 Config location: {config_manager.config_path}")
+    print(f"💡 Run 'amplify-migrator config' to update configuration.")
+
+
+def cmd_config(args=None):
+    print(
+        """
+    ╔════════════════════════════════════════════════════╗
+    ║        Amplify Migrator - Configuration Setup      ║
+    ╚════════════════════════════════════════════════════╝
+    """
+    )
+
+    config_manager = ConfigManager()
+    cached_config = config_manager.load()
+
+    config = {
+        "excel_path": config_manager.prompt_for_value("Excel file path", cached_config.get("excel_path", "")),
+        "api_endpoint": config_manager.prompt_for_value(
+            "AWS Amplify API endpoint", cached_config.get("api_endpoint", "")
+        ),
+        "region": config_manager.prompt_for_value("AWS Region", cached_config.get("region", "")),
+        "user_pool_id": config_manager.prompt_for_value("Cognito User Pool ID", cached_config.get("user_pool_id", "")),
+        "client_id": config_manager.prompt_for_value("Cognito Client ID", cached_config.get("client_id", "")),
+        "username": config_manager.prompt_for_value("Admin Username", cached_config.get("username", "")),
+    }
+
+    config_manager.save(config)
+    print("\n✅ Configuration saved successfully!")
+    print(f"💡 You can now run 'amplify-migrator migrate' to start the migration.")
+
+
+def cmd_migrate(args=None):
+    print(
+        """
+    ╔════════════════════════════════════════════════════╗
+    ║             Migrator Tool for Amplify              ║
+    ╠════════════════════════════════════════════════════╣
+    ║   This tool requires admin privileges to execute   ║
+    ╚════════════════════════════════════════════════════╝
+    """
+    )
+
+    config_manager = ConfigManager()
+    cached_config = config_manager.load()
+
+    if not cached_config:
+        print("\n❌ No configuration found!")
+        print("💡 Run 'amplify-migrator config' first to set up your configuration.")
+        sys.exit(1)
+
+    excel_path = config_manager.get_or_prompt("excel_path", "Excel file path", "data.xlsx")
+    api_endpoint = config_manager.get_or_prompt("api_endpoint", "AWS Amplify API endpoint")
+    region = config_manager.get_or_prompt("region", "AWS Region", "us-east-1")
+    user_pool_id = config_manager.get_or_prompt("user_pool_id", "Cognito User Pool ID")
+    client_id = config_manager.get_or_prompt("client_id", "Cognito Client ID")
+    username = config_manager.get_or_prompt("username", "Admin Username")
+
+    print("\n🔐 Authentication:")
+    print("-" * 54)
+    password = config_manager.prompt_for_value("Admin Password", secret=True)
+
+    from amplify_excel_migrator.auth import CognitoAuthProvider
+
+    auth_provider = CognitoAuthProvider(
+        user_pool_id=user_pool_id,
+        client_id=client_id,
+        region=region,
+    )
+
+    amplify_client = AmplifyClient(
+        api_endpoint=api_endpoint,
+        auth_provider=auth_provider,
+    )
+
+    if not auth_provider.authenticate(username, password):
+        return
+
+    excel_reader = ExcelReader(excel_path)
+    field_parser = FieldParser()
+    data_transformer = DataTransformer(field_parser)
+    failure_tracker = FailureTracker()
+    progress_reporter = ProgressReporter()
+    batch_uploader = BatchUploader(amplify_client)
+
+    orchestrator = MigrationOrchestrator(
+        excel_reader=excel_reader,
+        data_transformer=data_transformer,
+        amplify_client=amplify_client,
+        failure_tracker=failure_tracker,
+        progress_reporter=progress_reporter,
+        batch_uploader=batch_uploader,
+        field_parser=field_parser,
+    )
+
+    orchestrator.run()
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Amplify Excel Migrator - Migrate Excel data to AWS Amplify GraphQL API",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+
+    subparsers = parser.add_subparsers(dest="command", help="Available commands")
+
+    config_parser = subparsers.add_parser("config", help="Configure the migration tool")
+    config_parser.set_defaults(func=cmd_config)
+
+    show_parser = subparsers.add_parser("show", help="Show current configuration")
+    show_parser.set_defaults(func=cmd_show)
+
+    migrate_parser = subparsers.add_parser("migrate", help="Run the migration")
+    migrate_parser.set_defaults(func=cmd_migrate)
+
+    args = parser.parse_args()
+
+    if args.command is None:
+        parser.print_help()
+        sys.exit(1)
+
+    args.func(args)

amplify_excel_migrator/client.py

@@ -0,0 +1,47 @@
+import logging
+from typing import Dict, Any, Optional, List
+
+from amplify_excel_migrator.graphql import GraphQLClient, QueryExecutor
+from amplify_excel_migrator.auth import AuthenticationProvider
+
+logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")
+logger = logging.getLogger(__name__)
+
+
+class AmplifyClient:
+    """
+    Simplified client for Amplify GraphQL API operations.
+
+    Provides a clean interface for schema introspection, foreign key lookup,
+    and batch uploading. Delegates to GraphQLClient and QueryExecutor.
+    """
+
+    def __init__(self, api_endpoint: str, auth_provider: Optional[AuthenticationProvider] = None):
+        self.api_endpoint = api_endpoint
+        self._auth_provider = auth_provider
+
+        self._client = GraphQLClient(api_endpoint, auth_provider)
+        self._executor = QueryExecutor(self._client, batch_size=20)
+
+    @property
+    def auth_provider(self) -> Optional[AuthenticationProvider]:
+        return self._auth_provider
+
+    @auth_provider.setter
+    def auth_provider(self, value: Optional[AuthenticationProvider]):
+        self._auth_provider = value
+        self._client.auth_provider = value
+
+    def get_model_structure(self, model_type: str) -> Dict[str, Any]:
+        return self._executor.get_model_structure(model_type)
+
+    def get_primary_field_name(self, model_name: str, parsed_model_structure: Dict[str, Any]) -> tuple[str, bool, str]:
+        return self._executor.get_primary_field_name(model_name, parsed_model_structure)
+
+    def build_foreign_key_lookups(self, df, parsed_model_structure: Dict[str, Any]) -> Dict[str, Dict[str, str]]:
+        return self._executor.build_foreign_key_lookups(df, parsed_model_structure)
+
+    def upload(
+        self, records: List[Dict], model_name: str, parsed_model_structure: Dict[str, Any]
+    ) -> tuple[int, int, List[Dict]]:
+        return self._executor.upload(records, model_name, parsed_model_structure)

amplify_excel_migrator/core/__init__.py

@@ -0,0 +1,5 @@
+"""Core module for configuration and utilities."""
+
+from .config import ConfigManager
+
+__all__ = ["ConfigManager"]