anaplan-sdk 0.3.1__py3-none-any.whl → 0.4.0a1__py3-none-any.whl

anaplan_sdk/_auth.py

@@ -1,17 +1,9 @@
-"""
-Custom Authentication class to pass to httpx alongside some helper functions.
-"""
-
 import logging
 import os
 from base64 import b64encode
+from typing import Callable
 
 import httpx
-from cryptography.exceptions import InvalidKey, UnsupportedAlgorithm
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
-from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
 
 from .exceptions import AnaplanException, InvalidCredentialsException, InvalidPrivateKeyException
 
@@ -21,12 +13,12 @@ logger = logging.getLogger("anaplan_sdk")
 class _AnaplanAuth(httpx.Auth):
     requires_response_body = True
 
-    def __init__(self):
-        self._auth_request = self._build_auth_request()
-        logger.info("Creating Authentication Token.")
-        with httpx.Client(timeout=15.0) as client:
-            res = client.send(self._auth_request)
-            self._parse_auth_response(res)
+    def __init__(self, pre_authed: bool = False):
+        if not pre_authed:
+            logger.info("Creating Authentication Token.")
+            with httpx.Client(timeout=15.0) as client:
+                res = client.send(self._build_auth_request())
+                self._parse_auth_response(res)
 
     def _build_auth_request(self) -> httpx.Request:
         raise NotImplementedError("Must be implemented in subclass.")
@@ -36,7 +28,7 @@ class _AnaplanAuth(httpx.Auth):
         response = yield request
         if response.status_code == 401:
             logger.info("Token expired, refreshing.")
-            auth_res = yield self._auth_request
+            auth_res = yield self._build_auth_request()
             self._parse_auth_response(auth_res)
             request.headers["Authorization"] = f"AnaplanAuthToken {self._token}"
             yield request
@@ -67,9 +59,14 @@ class AnaplanBasicAuth(_AnaplanAuth):
 class AnaplanCertAuth(_AnaplanAuth):
     requires_request_body = True
 
-    def __init__(self, certificate: bytes, private_key: RSAPrivateKey):
-        self._certificate = certificate
-        self._private_key = private_key
+    def __init__(
+        self,
+        certificate: str | bytes,
+        private_key: str | bytes,
+        private_key_password: str | bytes | None = None,
+    ):
+        self.__set_certificate(certificate)
+        self.__set_private_key(private_key, private_key_password)
         super().__init__()
 
     def _build_auth_request(self) -> httpx.Request:
@@ -85,6 +82,9 @@ class AnaplanCertAuth(_AnaplanAuth):
         )
 
     def _prep_credentials(self) -> tuple[str, str, str]:
+        from cryptography.hazmat.primitives import hashes
+        from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
+
         message = os.urandom(150)
         return (
             b64encode(self._certificate).decode(),
@@ -92,44 +92,157 @@ class AnaplanCertAuth(_AnaplanAuth):
             b64encode(self._private_key.sign(message, PKCS1v15(), hashes.SHA512())).decode(),
         )
 
-
-def get_certificate(certificate: str | bytes) -> bytes:
-    """
-    Get the certificate from a file or string.
-    :param certificate: The certificate to use.
-    :return: The certificate as bytes.
-    """
-    if isinstance(certificate, str):
-        if os.path.isfile(certificate):
-            with open(certificate, "rb") as f:
-                return f.read()
-        return certificate.encode()
-    return certificate
-
-
-def get_private_key(private_key: str | bytes, private_key_password: str | bytes) -> RSAPrivateKey:
-    """
-    Get the private key from a file or string.
-    :param private_key: The private key to use.
-    :param private_key_password: The password for the private key.
-    :return: The private key as an RSAPrivateKey object.
-    """
-    try:
-        if isinstance(private_key, str):
-            if os.path.isfile(private_key):
-                with open(private_key, "rb") as f:
-                    data = f.read()
+    def __set_certificate(self, certificate: str | bytes) -> None:
+        if isinstance(certificate, str):
+            if os.path.isfile(certificate):
+                with open(certificate, "rb") as f:
+                    self._certificate = f.read()
             else:
-                data = private_key.encode()
+                self._certificate = certificate.encode()
         else:
-            data = private_key
-
-        password = None
-        if private_key_password:
-            if isinstance(private_key_password, str):
-                password = private_key_password.encode()
+            self._certificate = certificate
+
+    def __set_private_key(
+        self, private_key: str | bytes, private_key_password: str | bytes
+    ) -> None:
+        try:
+            from cryptography.exceptions import InvalidKey, UnsupportedAlgorithm
+            from cryptography.hazmat.backends import default_backend
+            from cryptography.hazmat.primitives import serialization
+            from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
+        except ImportError as e:
+            raise AnaplanException(
+                "cryptography is not available. Please install anaplan-sdk with the cert extra "
+                "`pip install anaplan-sdk[cert]` or install cryptography separately."
+            ) from e
+        try:
+            if isinstance(private_key, str):
+                if os.path.isfile(private_key):
+                    with open(private_key, "rb") as f:
+                        data = f.read()
+                else:
+                    data = private_key.encode()
             else:
-                password = private_key_password
-        return serialization.load_pem_private_key(data, password, backend=default_backend())
-    except (IOError, InvalidKey, UnsupportedAlgorithm) as error:
-        raise InvalidPrivateKeyException from error
+                data = private_key
+            password = (
+                private_key_password.encode()
+                if isinstance(private_key_password, str)
+                else private_key_password
+            )
+            self._private_key: RSAPrivateKey = serialization.load_pem_private_key(
+                data, password, backend=default_backend()
+            )
+        except (IOError, InvalidKey, UnsupportedAlgorithm) as error:
+            raise InvalidPrivateKeyException from error
+
+
+class AnaplanOauth2AuthCodeAuth(_AnaplanAuth):
+    def __init__(
+        self,
+        client_id: str,
+        client_secret: str,
+        redirect_uri: str,
+        refresh_token: str | None = None,
+        scope: str = "openid profile email offline_access",
+        on_token_refresh: Callable[[dict[str, str]], None] | None = None,
+    ):
+        try:
+            from oauthlib.oauth2 import WebApplicationClient
+        except ImportError as e:
+            raise AnaplanException(
+                "oauthlib is not available. Please install anaplan-sdk with the oauth extra "
+                "`pip install anaplan-sdk[oauth]` or install oauthlib separately."
+            ) from e
+        self._oauth = WebApplicationClient(
+            client_id=client_id, client_secret=client_secret, refresh_token=refresh_token
+        )
+        self._token_url = "https://us1a.app.anaplan.com/oauth/token"
+        self._client_id = client_id
+        self._client_secret = client_secret
+        self._redirect_uri = redirect_uri
+        self._refresh_token = refresh_token
+        self._scope = scope
+        self._id_token = None
+        self._on_token_refresh = on_token_refresh
+        if not refresh_token:
+            self.__auth_code_flow()
+        super().__init__(pre_authed=not refresh_token)
+
+    def _build_auth_request(self) -> httpx.Request:
+        url, headers, body = self._oauth.prepare_refresh_token_request(
+            token_url=self._token_url,
+            refresh_token=self._refresh_token,
+            client_secret=self._client_secret,
+            client_id=self._client_id,
+        )
+        return httpx.Request(method="post", url=url, headers=headers, content=body)
+
+    def _parse_auth_response(self, response: httpx.Response) -> None:
+        if response.status_code == 401:
+            raise InvalidCredentialsException
+        if not response.is_success:
+            raise AnaplanException(f"Authentication failed: {response.status_code} {response.text}")
+        token = response.json()
+        self._token = token["access_token"]
+        self._refresh_token = token["refresh_token"]
+        if self._on_token_refresh:
+            self._on_token_refresh(token)
+        self._id_token = token.get("id_token")
+
+    def __auth_code_flow(self):
+        from oauthlib.oauth2 import OAuth2Error
+
+        try:
+            logger.info("Creating Authentication Token with OAuth2 Authorization Code Flow.")
+            url, _, _ = self._oauth.prepare_authorization_request(
+                "https://us1a.app.anaplan.com/auth/authorize",
+                redirect_url=self._redirect_uri,
+                scope=self._scope,
+            )
+            authorization_response = input(
+                f"Please go to {url} and authorize the app.\n"
+                "Then paste the entire redirect URL here: "
+            )
+            url, headers, body = self._oauth.prepare_token_request(
+                token_url=self._token_url,
+                redirect_url=self._redirect_uri,
+                authorization_response=authorization_response,
+                client_secret=self._client_secret,
+            )
+            self._parse_auth_response(httpx.post(url=url, headers=headers, content=body))
+        except (httpx.HTTPError, ValueError, TypeError, OAuth2Error) as error:
+            raise AnaplanException("Error during OAuth2 authorization flow.") from error
+
+
+def create_auth(
+    user_email: str | None = None,
+    password: str | None = None,
+    certificate: str | bytes | None = None,
+    private_key: str | bytes | None = None,
+    private_key_password: str | bytes | None = None,
+    client_id: str | None = None,
+    client_secret: str | None = None,
+    redirect_uri: str | None = None,
+    refresh_token: str | None = None,
+    oauth2_scope: str = "openid profile email offline_access",
+    on_token_refresh: Callable[[dict[str, str]], None] | None = None,
+) -> _AnaplanAuth:
+    if certificate and private_key:
+        return AnaplanCertAuth(certificate, private_key, private_key_password)
+    if user_email and password:
+        return AnaplanBasicAuth(user_email=user_email, password=password)
+    if client_id and client_secret and redirect_uri:
+        return AnaplanOauth2AuthCodeAuth(
+            client_id=client_id,
+            client_secret=client_secret,
+            redirect_uri=redirect_uri,
+            refresh_token=refresh_token,
+            scope=oauth2_scope,
+            on_token_refresh=on_token_refresh,
+        )
+    raise ValueError(
+        "No valid authentication parameters provided. Please provide either:\n"
+        "- user_email and password, or\n"
+        "- certificate and private_key, or\n"
+        "- client_id, client_secret, and redirect_uri"
+    )

anaplan_sdk/_base.py

@@ -1,7 +1,3 @@
-"""
-Provides Base Classes for this project.
-"""
-
 import asyncio
 import logging
 import random
@@ -11,19 +7,34 @@ from concurrent.futures import ThreadPoolExecutor
 from gzip import compress
 from itertools import chain
 from math import ceil
-from typing import Any, Callable, Coroutine, Iterator, Literal
+from typing import Any, Callable, Coroutine, Iterator, Literal, Type, TypeVar
 
 import httpx
 from httpx import HTTPError, Response
 
-from anaplan_sdk.exceptions import (
+from .exceptions import (
     AnaplanException,
     AnaplanTimeoutException,
     InvalidIdentifierException,
 )
+from .models import AnaplanModel
+from .models.cloud_works import (
+    AmazonS3ConnectionInput,
+    AzureBlobConnectionInput,
+    ConnectionBody,
+    GoogleBigQueryConnectionInput,
+    IntegrationInput,
+    IntegrationProcessInput,
+    ScheduleInput,
+)
 
 logger = logging.getLogger("anaplan_sdk")
 
+_json_header = {"Content-Type": "application/json"}
+_gzip_header = {"Content-Type": "application/x-gzip"}
+
+T = TypeVar("T", bound=AnaplanModel)
+
 
 class _BaseClient:
     def __init__(self, retry_count: int, client: httpx.Client):
@@ -37,27 +48,34 @@ class _BaseClient:
         return self._run_with_retry(self._client.get, url).content
 
     def _post(self, url: str, json: dict | list) -> dict[str, Any]:
-        return self._run_with_retry(
-            self._client.post, url, headers={"Content-Type": "application/json"}, json=json
+        return self._run_with_retry(self._client.post, url, headers=_json_header, json=json).json()
+
+    def _put(self, url: str, json: dict | list) -> dict[str, Any]:
+        return (self._run_with_retry(self._client.put, url, headers=_json_header, json=json)).json()
+
+    def _patch(self, url: str, json: dict | list) -> dict[str, Any]:
+        return (
+            self._run_with_retry(self._client.patch, url, headers=_json_header, json=json)
         ).json()
 
-    def _post_empty(self, url: str) -> None:
-        self._run_with_retry(self._client.post, url)
+    def _delete(self, url: str) -> dict[str, Any]:
+        return (self._run_with_retry(self._client.delete, url, headers=_json_header)).json()
+
+    def _post_empty(self, url: str) -> dict[str, Any]:
+        res = self._run_with_retry(self._client.post, url)
+        return res.json() if res.num_bytes_downloaded > 0 else {}
 
     def _put_binary_gzip(self, url: str, content: bytes) -> Response:
         return self._run_with_retry(
-            self._client.put,
-            url,
-            headers={"Content-Type": "application/x-gzip"},
-            content=compress(content),
+            self._client.put, url, headers=_gzip_header, content=compress(content)
         )
 
     def __get_page(self, url: str, limit: int, offset: int, result_key: str, **kwargs) -> list:
-        kwargs["params"] = kwargs.get("params", {}) | {"limit": limit, "offset": offset}
+        kwargs["params"] = kwargs.get("params") or {} | {"limit": limit, "offset": offset}
         return self._get(url, **kwargs).get(result_key, [])
 
     def __get_first_page(self, url: str, limit: int, result_key: str, **kwargs) -> tuple[list, int]:
-        kwargs["params"] = kwargs.get("params", {}) | {"limit": limit}
+        kwargs["params"] = kwargs.get("params") or {} | {"limit": limit}
         res = self._get(url, **kwargs)
         return res.get(result_key, []), res["meta"]["paging"]["totalSize"]
 
@@ -111,32 +129,41 @@ class _AsyncBaseClient:
 
     async def _post(self, url: str, json: dict | list) -> dict[str, Any]:
         return (
-            await self._run_with_retry(
-                self._client.post, url, headers={"Content-Type": "application/json"}, json=json
-            )
+            await self._run_with_retry(self._client.post, url, headers=_json_header, json=json)
+        ).json()
+
+    async def _put(self, url: str, json: dict | list) -> dict[str, Any]:
+        return (
+            await self._run_with_retry(self._client.put, url, headers=_json_header, json=json)
+        ).json()
+
+    async def _patch(self, url: str, json: dict | list) -> dict[str, Any]:
+        return (
+            await self._run_with_retry(self._client.patch, url, headers=_json_header, json=json)
         ).json()
 
-    async def _post_empty(self, url: str) -> None:
-        await self._run_with_retry(self._client.post, url)
+    async def _delete(self, url: str) -> dict[str, Any]:
+        return (await self._run_with_retry(self._client.delete, url, headers=_json_header)).json()
+
+    async def _post_empty(self, url: str) -> dict[str, Any]:
+        res = await self._run_with_retry(self._client.post, url)
+        return res.json() if res.num_bytes_downloaded > 0 else {}
 
     async def _put_binary_gzip(self, url: str, content: bytes) -> Response:
         return await self._run_with_retry(
-            self._client.put,
-            url,
-            headers={"Content-Type": "application/x-gzip"},
-            content=compress(content),
+            self._client.put, url, headers=_gzip_header, content=compress(content)
         )
 
     async def __get_page(
         self, url: str, limit: int, offset: int, result_key: str, **kwargs
     ) -> list:
-        kwargs["params"] = kwargs.get("params", {}) | {"limit": limit, "offset": offset}
+        kwargs["params"] = kwargs.get("params") or {} | {"limit": limit, "offset": offset}
         return (await self._get(url, **kwargs)).get(result_key, [])
 
     async def __get_first_page(
         self, url: str, limit: int, result_key: str, **kwargs
     ) -> tuple[list, int]:
-        kwargs["params"] = kwargs.get("params", {}) | {"limit": limit}
+        kwargs["params"] = kwargs.get("params") or {} | {"limit": limit}
         res = await self._get(url, **kwargs)
         return res.get(result_key, []), res["meta"]["paging"]["totalSize"]
 
@@ -178,6 +205,68 @@ class _AsyncBaseClient:
         raise AnaplanException("Exhausted all retries without a successful response or Error.")
 
 
+def construct_payload(model: Type[T], body: T | dict[str, Any]) -> dict[str, Any]:
+    """
+    Construct a payload for the given model and body.
+    :param model: The model class to use for validation.
+    :param body: The body to validate and optionally convert to a dictionary.
+    :return: A dictionary representation of the validated body.
+    """
+    if isinstance(body, dict):
+        body = model.model_validate(body)
+    return body.model_dump(exclude_none=True, by_alias=True)
+
+
+def connection_body_payload(body: ConnectionBody | dict[str, Any]) -> dict[str, Any]:
+    """
+    Construct a payload for the given integration body.
+    :param body: The body to validate and optionally convert to a dictionary.
+    :return: A dictionary representation of the validated body.
+    """
+    if isinstance(body, dict):
+        if "sasToken" in body:
+            body = AzureBlobConnectionInput.model_validate(body)
+        elif "secretAccessKey" in body:
+            body = AmazonS3ConnectionInput.model_validate(body)
+        else:
+            body = GoogleBigQueryConnectionInput.model_validate(body)
+    return body.model_dump(exclude_none=True, by_alias=True)
+
+
+def integration_payload(
+    body: IntegrationInput | IntegrationProcessInput | dict[str, Any],
+) -> dict[str, Any]:
+    """
+    Construct a payload for the given integration body.
+    :param body: The body to validate and optionally convert to a dictionary.
+    :return: A dictionary representation of the validated body.
+    """
+    if isinstance(body, dict):
+        body = (
+            IntegrationInput.model_validate(body)
+            if "jobs" in body
+            else IntegrationProcessInput.model_validate(body)
+        )
+    return body.model_dump(exclude_none=True, by_alias=True)
+
+
+def schedule_payload(
+    integration_id: str, schedule: ScheduleInput | dict[str, Any]
+) -> dict[str, Any]:
+    """
+    Construct a payload for the given integration ID and schedule.
+    :param integration_id: The ID of the integration.
+    :param schedule: The schedule to validate and optionally convert to a dictionary.
+    :return: A dictionary representation of the validated schedule.
+    """
+    if isinstance(schedule, dict):
+        schedule = ScheduleInput.model_validate(schedule)
+    return {
+        "integrationId": integration_id,
+        "schedule": schedule.model_dump(exclude_none=True, by_alias=True),
+    }
+
+
 def action_url(action_id: int) -> Literal["imports", "exports", "actions", "processes"]:
     """
     Determine the type of action based on its identifier.

anaplan_sdk/_clients/_alm.py

@@ -10,7 +10,6 @@ warnings.filterwarnings("always", category=DeprecationWarning)
 
 class _AlmClient(_BaseClient):
     def __init__(self, client: httpx.Client, model_id: str, retry_count: int) -> None:
-        self._client = client
         self._url = f"https://api.anaplan.com/2/0/models/{model_id}/alm"
         super().__init__(retry_count, client)
 

anaplan_sdk/_clients/_audit.py

@@ -10,7 +10,6 @@ Event = Literal["all", "byok", "user_activity"]
 
 class _AuditClient(_BaseClient):
     def __init__(self, client: httpx.Client, retry_count: int, thread_count: int) -> None:
-        self._client = client
         self._limit = 10_000
         self._thread_count = thread_count
         self._url = "https://audit.anaplan.com/audit/api/1/events"
@@ -26,6 +25,15 @@ class _AuditClient(_BaseClient):
             for e in self._get_paginated("https://api.anaplan.com/2/0/users", "users")
         ]
 
+    def get_user(self, user_id: str = "me") -> User:
+        """
+        Retrieves information about the specified user, or the authenticated user if none specified.
+        :return: The requested or currently authenticated User.
+        """
+        return User.model_validate(
+            self._get(f"https://api.anaplan.com/2/0/users/{user_id}").get("user")
+        )
+
     def get_events(self, days_into_past: int = 30, event_type: Event = "all") -> list:
         """
         Get audit events from Anaplan Audit API.

anaplan_sdk/_clients/_bulk.py

@@ -1,18 +1,14 @@
-"""
-Synchronous Client.
-"""
-
 import logging
 import multiprocessing
 import time
 from concurrent.futures import ThreadPoolExecutor
 from copy import copy
-from typing import Iterator
+from typing import Callable, Iterator
 
 import httpx
 from typing_extensions import Self
 
-from anaplan_sdk._auth import AnaplanBasicAuth, AnaplanCertAuth, get_certificate, get_private_key
+from anaplan_sdk._auth import create_auth
 from anaplan_sdk._base import _BaseClient, action_url
 from anaplan_sdk.exceptions import AnaplanActionError, InvalidIdentifierException
 from anaplan_sdk.models import (
@@ -29,6 +25,7 @@ from anaplan_sdk.models import (
 
 from ._alm import _AlmClient
 from ._audit import _AuditClient
+from ._cloud_works import _CloudWorksClient
 from ._transactional import _TransactionalClient
 
 logging.getLogger("httpx").setLevel(logging.CRITICAL)
@@ -56,7 +53,13 @@ class Client(_BaseClient):
         certificate: str | bytes | None = None,
         private_key: str | bytes | None = None,
         private_key_password: str | bytes | None = None,
-        timeout: float = 30,
+        client_id: str | None = None,
+        client_secret: str | None = None,
+        redirect_uri: str | None = None,
+        refresh_token: str | None = None,
+        oauth2_scope: str = "openid profile email offline_access",
+        on_token_refresh: Callable[[dict[str, str]], None] | None = None,
+        timeout: float | httpx.Timeout = 30,
         retry_count: int = 2,
         status_poll_delay: int = 1,
         upload_parallel: bool = True,
@@ -85,7 +88,19 @@ class Client(_BaseClient):
                             itself.
         :param private_key: The absolute path to the private key file or the private key itself.
         :param private_key_password: The password to access the private key if there is one.
-        :param timeout: The timeout in seconds for the HTTP requests.
+        :param client_id: The client Id of the Oauth2 Anaplan Client.
+        :param client_secret: The client secret for your Oauth2 Anaplan Client.
+        :param redirect_uri: The redirect URI for your Oauth2 Anaplan Client.
+        :param refresh_token: If you have a valid refresh token, you can pass it to skip the
+                              interactive authentication code step.
+        :param oauth2_scope: The scope of the Oauth2 token, if you want to narrow it.
+        :param on_token_refresh: A callback function that is called whenever the token is refreshed.
+                                 With this you can for example securely store the token in your
+                                 application or on your server for later reuse. The function
+                                 must accept a single argument, which is the token dictionary
+                                 returned by the Oauth2 token endpoint.
+        :param timeout: The timeout in seconds for the HTTP requests. Alternatively, you can pass
+                        an instance of `httpx.Timeout` to set the timeout for the HTTP requests.
         :param retry_count: The number of times to retry an HTTP request if it fails. Set this to 0
                             to never retry. Defaults to 2, meaning each HTTP Operation will be
                             tried a total number of 2 times.
@@ -102,36 +117,38 @@ class Client(_BaseClient):
                                     manually assigned so there is typically no value in dynamically
                                     creating new files and uploading content to them.
         """
-        if not ((user_email and password) or (certificate and private_key)):
-            raise ValueError(
-                "Either `certificate` and `private_key` or `user_email` and `password` must be "
-                "provided."
-            )
-        self._client = httpx.Client(
+        _client = httpx.Client(
             auth=(
-                AnaplanCertAuth(
-                    get_certificate(certificate), get_private_key(private_key, private_key_password)
+                create_auth(
+                    user_email=user_email,
+                    password=password,
+                    certificate=certificate,
+                    private_key=private_key,
+                    private_key_password=private_key_password,
+                    client_id=client_id,
+                    client_secret=client_secret,
+                    redirect_uri=redirect_uri,
+                    refresh_token=refresh_token,
+                    oauth2_scope=oauth2_scope,
+                    on_token_refresh=on_token_refresh,
                 )
-                if certificate
-                else AnaplanBasicAuth(user_email=user_email, password=password)
             ),
             timeout=timeout,
         )
         self._retry_count = retry_count
         self._url = f"https://api.anaplan.com/2/0/workspaces/{workspace_id}/models/{model_id}"
         self._transactional_client = (
-            _TransactionalClient(self._client, model_id, self._retry_count) if model_id else None
-        )
-        self._alm_client = (
-            _AlmClient(self._client, model_id, self._retry_count) if model_id else None
+            _TransactionalClient(_client, model_id, self._retry_count) if model_id else None
         )
+        self._alm_client = _AlmClient(_client, model_id, self._retry_count) if model_id else None
+        self._cloud_works = _CloudWorksClient(_client, self._retry_count)
         self._thread_count = multiprocessing.cpu_count()
-        self.audit = _AuditClient(self._client, self._retry_count, self._thread_count)
+        self._audit = _AuditClient(_client, self._retry_count, self._thread_count)
         self.status_poll_delay = status_poll_delay
         self.upload_parallel = upload_parallel
         self.upload_chunk_size = upload_chunk_size
         self.allow_file_creation = allow_file_creation
-        super().__init__(self._retry_count, self._client)
+        super().__init__(self._retry_count, _client)
 
     @classmethod
     def from_existing(cls, existing: Self, workspace_id: str, model_id: str) -> Self:
@@ -153,6 +170,22 @@ class Client(_BaseClient):
         client._alm_client = _AlmClient(existing._client, model_id, existing._retry_count)
         return client
 
+    @property
+    def audit(self) -> _AuditClient:
+        """
+        The Audit Client provides access to the Anaplan Audit API.
+        For details, see https://vinzenzklass.github.io/anaplan-sdk/guides/audit/.
+        """
+        return self._audit
+
+    @property
+    def cw(self) -> _CloudWorksClient:
+        """
+        The Cloud Works Client provides access to the Anaplan Cloud Works API.
+        For details, see https://vinzenzklass.github.io/anaplan-sdk/guides/cloud_works/.
+        """
+        return self._cloud_works
+
     @property
     def transactional(self) -> _TransactionalClient:
         """