bt-cli 0.4.13__py3-none-any.whl

bt_cli/pws/commands/clouds.py

@@ -0,0 +1,221 @@
+"""CLI commands for managing cloud systems (AWS, Azure, GCP)."""
+
+from typing import Optional
+import json
+
+import httpx
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from ...core.output import print_api_error
+from ..client.base import get_client
+
+app = typer.Typer(no_args_is_help=True, help="Manage cloud systems (AWS, Azure, GCP)")
+console = Console()
+
+# Cloud platform IDs
+CLOUD_PLATFORMS = {
+    "aws": 47,
+    "amazon": 47,
+}
+
+
+def print_clouds_table(systems: list[dict], title: str = "Cloud Systems") -> None:
+    """Print cloud systems in a formatted table."""
+    table = Table(title=title)
+    table.add_column("ID", style="cyan", no_wrap=True)
+    table.add_column("Name", style="green")
+    table.add_column("Platform", style="yellow")
+    table.add_column("Workgroup", style="magenta")
+    table.add_column("FA ID", style="blue")
+    table.add_column("Access URL", style="dim")
+
+    for s in systems:
+        table.add_row(
+            str(s.get("ManagedSystemID", "")),
+            s.get("SystemName", "-"),
+            str(s.get("PlatformID", "-")),
+            str(s.get("WorkgroupID", "-")),
+            str(s.get("FunctionalAccountID", "-")),
+            (s.get("AccessURL", "-") or "-")[:40],
+        )
+
+    console.print(table)
+
+
+@app.command("list")
+def list_clouds(
+    workgroup: Optional[int] = typer.Option(None, "--workgroup", "-w", help="Filter by workgroup ID"),
+    limit: int = typer.Option(50, "--limit", "-l", help="Maximum results (default: 50)"),
+    fetch_all: bool = typer.Option(False, "--all", help="Fetch all results (may be slow)"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """List cloud managed systems (AWS, Azure, GCP).
+
+    Examples:
+        bt pws clouds list              # First 50 cloud systems
+        bt pws clouds list --all        # All cloud systems
+        bt pws clouds list -w 3         # Cloud systems in workgroup 3
+    """
+    try:
+        with get_client() as client:
+            client.authenticate()
+            # Get all managed systems and filter for cloud (EntityTypeID=4)
+            systems = client.paginate("/ManagedSystems")
+            cloud_systems = [s for s in systems if s.get("EntityTypeID") == 4]
+
+            if workgroup:
+                cloud_systems = [s for s in cloud_systems if s.get("WorkgroupID") == workgroup]
+
+        # Apply limit after filtering
+        total_count = len(cloud_systems)
+        if not fetch_all and len(cloud_systems) > limit:
+            cloud_systems = cloud_systems[:limit]
+
+        if output == "json":
+            console.print_json(json.dumps(cloud_systems, default=str))
+        else:
+            if cloud_systems:
+                print_clouds_table(cloud_systems)
+                if not fetch_all and total_count > limit:
+                    console.print(f"[dim]Showing {len(cloud_systems)} of {total_count} results. Use --all to fetch all results.[/dim]")
+            else:
+                console.print("[yellow]No cloud systems found.[/yellow]")
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+
+
+@app.command("get")
+def get_cloud(
+    system_id: int = typer.Argument(..., help="Managed System ID"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Get a cloud managed system by ID."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            system = client.get_managed_system(system_id)
+
+        if system.get("EntityTypeID") != 4:
+            console.print(f"[yellow]Warning: System {system_id} is not a cloud system (EntityTypeID={system.get('EntityTypeID')})[/yellow]")
+
+        if output == "json":
+            console.print_json(json.dumps(system, default=str))
+        else:
+            console.print(f"\n[bold cyan]Cloud System: {system.get('SystemName', 'Unknown')}[/bold cyan]\n")
+
+            info_table = Table(show_header=False, box=None)
+            info_table.add_column("Field", style="dim")
+            info_table.add_column("Value")
+
+            fields = [
+                ("ID", "ManagedSystemID"),
+                ("Name", "SystemName"),
+                ("Host Name", "HostName"),
+                ("Platform ID", "PlatformID"),
+                ("Cloud ID", "CloudID"),
+                ("Workgroup ID", "WorkgroupID"),
+                ("Access URL", "AccessURL"),
+                ("Description", "Description"),
+                ("Functional Account ID", "FunctionalAccountID"),
+                ("Auto Management", "AutoManagementFlag"),
+                ("Change Frequency", "ChangeFrequencyType"),
+                ("Change Days", "ChangeFrequencyDays"),
+                ("Change Time", "ChangeTime"),
+            ]
+
+            for label, key in fields:
+                value = system.get(key)
+                if value is not None:
+                    if isinstance(value, bool):
+                        value = "Yes" if value else "No"
+                    info_table.add_row(label, str(value))
+
+            console.print(info_table)
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+
+
+@app.command("add-system")
+def add_managed_system(
+    workgroup_id: int = typer.Option(..., "--workgroup", "-w", help="Workgroup ID"),
+    platform: str = typer.Option(..., "--platform", "-p", help="Platform: aws, amazon, or numeric ID"),
+    host_name: str = typer.Option(..., "--host", "-h", help="Host name / identifier"),
+    name: Optional[str] = typer.Option(None, "--name", "-n", help="System name"),
+    access_url: Optional[str] = typer.Option(None, "--access-url", "-u", help="Access URL (e.g., https://account-id.signin.aws.amazon.com/console)"),
+    functional_account: Optional[int] = typer.Option(None, "--functional-account", "-f", help="Functional account ID"),
+    description: Optional[str] = typer.Option(None, "--description", help="Description"),
+    auto_manage: bool = typer.Option(False, "--auto-manage", help="Enable automatic password management"),
+    change_frequency: Optional[str] = typer.Option(None, "--change-frequency", help="Change frequency: first, last, or xdays"),
+    change_days: Optional[int] = typer.Option(90, "--change-days", help="Days between changes (if xdays)"),
+    change_time: Optional[str] = typer.Option("23:30", "--change-time", help="Time for changes (HH:MM)"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Create a managed system for a cloud platform (AWS).
+
+    Example for AWS:
+        pws clouds add-system -w 3 -p aws -h "aws-nexus-123456789" -u "https://123456789.signin.aws.amazon.com/console" -f 12 --auto-manage
+    """
+    try:
+        # Resolve platform ID
+        if platform.isdigit():
+            platform_id = int(platform)
+        else:
+            platform_lower = platform.lower().replace("_", "").replace("-", "")
+            if platform_lower not in CLOUD_PLATFORMS:
+                console.print(f"[red]Unknown platform:[/red] {platform}")
+                console.print("Valid platforms: aws, amazon, or numeric ID")
+                raise typer.Exit(1)
+            platform_id = CLOUD_PLATFORMS[platform_lower]
+
+        with get_client() as client:
+            client.authenticate()
+            system = client.create_cloud_managed_system(
+                workgroup_id=workgroup_id,
+                platform_id=platform_id,
+                host_name=host_name,
+                system_name=name,
+                access_url=access_url,
+                functional_account_id=functional_account,
+                description=description,
+                auto_management_flag=auto_manage,
+                change_frequency_type=change_frequency,
+                change_frequency_days=change_days,
+                change_time=change_time,
+            )
+
+        if output == "json":
+            console.print_json(json.dumps(system, default=str))
+        else:
+            console.print(f"[green]Created cloud managed system:[/green] {system.get('SystemName', 'Unknown')}")
+            console.print(f"  ID: {system.get('ManagedSystemID', 'N/A')}")
+            console.print(f"  Cloud ID: {system.get('CloudID', 'N/A')}")
+            console.print(f"  Platform: {system.get('PlatformID', 'N/A')}")
+            console.print(f"  Auto-Management: {'Yes' if system.get('AutoManagementFlag') else 'No'}")
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage cloud systems")
+        raise typer.Exit(1)

bt_cli/pws/commands/config.py

@@ -0,0 +1,344 @@
+"""CLI commands for Password Safe configuration (access policies, user groups, etc.)."""
+
+from typing import Optional
+import json
+
+import httpx
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from ...core.output import print_api_error
+from ..client.base import get_client
+
+app = typer.Typer(no_args_is_help=True, help="View Password Safe configuration")
+console = Console()
+
+# Sub-apps for different config areas
+policies_app = typer.Typer(no_args_is_help=True, help="Access policies")
+groups_app = typer.Typer(no_args_is_help=True, help="User groups")
+rules_app = typer.Typer(no_args_is_help=True, help="Password rules")
+
+app.add_typer(policies_app, name="policies")
+app.add_typer(groups_app, name="groups")
+app.add_typer(rules_app, name="rules")
+
+
+# =========================================================================
+# Access Policies
+# =========================================================================
+
+@policies_app.command("list")
+def list_policies(
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """List access policies."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            policies = client.list_access_policies()
+
+        if output == "json":
+            console.print_json(json.dumps(policies, default=str))
+        else:
+            table = Table(title="Access Policies")
+            table.add_column("ID", style="cyan")
+            table.add_column("Name", style="green")
+            table.add_column("Description", style="yellow")
+            table.add_column("Schedules", style="magenta")
+
+            for policy in policies:
+                schedules = policy.get("Schedules", [])
+                access_types = []
+                for sched in schedules:
+                    for at in sched.get("AccessTypes", []):
+                        access_types.append(at.get("AccessType", ""))
+
+                table.add_row(
+                    str(policy.get("AccessPolicyID", "")),
+                    policy.get("Name", ""),
+                    (policy.get("Description", "") or "-")[:50],
+                    ", ".join(access_types) if access_types else "-",
+                )
+
+            console.print(table)
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+@policies_app.command("get")
+def get_policy(
+    policy_id: int = typer.Argument(..., help="Access policy ID"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Get an access policy by ID."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            policy = client.get_access_policy(policy_id)
+
+        if output == "json":
+            console.print_json(json.dumps(policy, default=str))
+        else:
+            console.print(f"\n[bold cyan]Access Policy: {policy.get('Name', 'Unknown')}[/bold cyan]\n")
+            console.print(f"  ID: {policy.get('AccessPolicyID')}")
+            console.print(f"  Description: {policy.get('Description', '-')}")
+
+            for sched in policy.get("Schedules", []):
+                console.print(f"\n  [bold]Schedule {sched.get('ScheduleID')}:[/bold]")
+                console.print(f"    Require Reason: {sched.get('RequireReason', False)}")
+                console.print(f"    Require Ticket: {sched.get('RequireTicketSystem', False)}")
+
+                for at in sched.get("AccessTypes", []):
+                    console.print(f"\n    [yellow]{at.get('AccessType')}:[/yellow]")
+                    console.print(f"      Min Approvers: {at.get('MinApprovers', 0)}")
+                    console.print(f"      Is Session: {at.get('IsSession', False)}")
+                    console.print(f"      Record Session: {at.get('RecordSession', False)}")
+                    console.print(f"      Max Concurrent: {at.get('MaxConcurrent', 1)}")
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+@policies_app.command("assignees")
+def get_policy_assignees(
+    policy_id: int = typer.Argument(..., help="Access policy ID"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Get assignees for an access policy.
+
+    Shows which user groups can access which managed accounts (smart rules)
+    and with what role permissions.
+    """
+    try:
+        with get_client() as client:
+            client.authenticate()
+            assignees = client.get_access_policy_assignees(policy_id)
+
+        if output == "json":
+            console.print_json(json.dumps(assignees, default=str))
+        else:
+            table = Table(title=f"Assignees for Policy {policy_id}")
+            table.add_column("User Group", style="cyan")
+            table.add_column("Role", style="green")
+            table.add_column("Smart Rule (Accounts)", style="yellow")
+
+            for a in assignees:
+                group_name = a.get("UserGroupName", "-")
+                if not a.get("UserGroupIsActive", True):
+                    group_name += " (inactive)"
+                role_name = a.get("RoleName", "-")
+                smart_rule = a.get("SmartRuleTitle", "-")
+                if not a.get("SmartRuleIsActive", True):
+                    smart_rule += " (inactive)"
+                table.add_row(group_name, role_name, smart_rule)
+
+            console.print(table)
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+# =========================================================================
+# User Groups
+# =========================================================================
+
+@groups_app.command("list")
+def list_groups(
+    search: Optional[str] = typer.Option(None, "--search", "-s", help="Search by name"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """List user groups."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            groups = client.list_user_groups(search=search)
+
+        if output == "json":
+            console.print_json(json.dumps(groups, default=str))
+        else:
+            table = Table(title="User Groups")
+            table.add_column("ID", style="cyan")
+            table.add_column("Name", style="green")
+            table.add_column("Type", style="yellow")
+            table.add_column("Active", style="magenta")
+            table.add_column("API Reg IDs", style="blue")
+
+            for group in groups:
+                table.add_row(
+                    str(group.get("GroupID", "")),
+                    group.get("Name", ""),
+                    group.get("GroupType", "-"),
+                    "Yes" if group.get("IsActive") else "No",
+                    group.get("ApplicationRegistrationIDs") or "-",
+                )
+
+            console.print(table)
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+@groups_app.command("get")
+def get_group(
+    group_id: int = typer.Argument(..., help="User group ID"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Get a user group by ID."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            group = client.get_user_group(group_id)
+
+        if output == "json":
+            console.print_json(json.dumps(group, default=str))
+        else:
+            console.print(f"\n[bold cyan]User Group: {group.get('Name', 'Unknown')}[/bold cyan]\n")
+
+            fields = [
+                ("ID", "GroupID"),
+                ("Name", "Name"),
+                ("Description", "Description"),
+                ("Type", "GroupType"),
+                ("Active", "IsActive"),
+                ("Role Type", "RoleType"),
+                ("API Registration IDs", "ApplicationRegistrationIDs"),
+                ("Distinguished Name", "DistinguishedName"),
+            ]
+
+            for label, key in fields:
+                value = group.get(key)
+                if value is not None:
+                    if isinstance(value, bool):
+                        value = "Yes" if value else "No"
+                    console.print(f"  {label}: {value}")
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+# =========================================================================
+# Password Rules
+# =========================================================================
+
+@rules_app.command("list")
+def list_rules(
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """List password rules."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            rules = client.list_password_rules()
+
+        if output == "json":
+            console.print_json(json.dumps(rules, default=str))
+        else:
+            table = Table(title="Password Rules")
+            table.add_column("ID", style="cyan")
+            table.add_column("Name", style="green")
+            table.add_column("Min Len", style="yellow")
+            table.add_column("Max Len", style="magenta")
+            table.add_column("Upper", style="blue")
+            table.add_column("Lower", style="blue")
+            table.add_column("Numeric", style="blue")
+            table.add_column("Symbol", style="blue")
+
+            for rule in rules:
+                table.add_row(
+                    str(rule.get("PasswordRuleID", "")),
+                    rule.get("Name", ""),
+                    str(rule.get("MinimumLength", "-")),
+                    str(rule.get("MaximumLength", "-")),
+                    rule.get("UppercaseRequirement", "-"),
+                    rule.get("LowercaseRequirement", "-"),
+                    rule.get("NumericRequirement", "-"),
+                    rule.get("SymbolRequirement", "-"),
+                )
+
+            console.print(table)
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+
+
+@rules_app.command("get")
+def get_rule(
+    rule_id: int = typer.Argument(..., help="Password rule ID"),
+    output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
+) -> None:
+    """Get a password rule by ID."""
+    try:
+        with get_client() as client:
+            client.authenticate()
+            rule = client.get_password_rule(rule_id)
+
+        if output == "json":
+            console.print_json(json.dumps(rule, default=str))
+        else:
+            console.print(f"\n[bold cyan]Password Rule: {rule.get('Name', 'Unknown')}[/bold cyan]\n")
+            console.print(f"  ID: {rule.get('PasswordRuleID')}")
+            console.print(f"  Description: {rule.get('Description', '-')}")
+            console.print(f"  Min Length: {rule.get('MinimumLength')}")
+            console.print(f"  Max Length: {rule.get('MaximumLength')}")
+            console.print(f"  First Char: {rule.get('FirstCharacterRequirement')}")
+            console.print(f"  Uppercase: {rule.get('UppercaseRequirement')}")
+            console.print(f"  Lowercase: {rule.get('LowercaseRequirement')}")
+            console.print(f"  Numeric: {rule.get('NumericRequirement')}")
+            console.print(f"  Symbol: {rule.get('SymbolRequirement')}")
+
+            if rule.get("ValidSymbols"):
+                console.print(f"  Valid Symbols: {''.join(rule.get('ValidSymbols', []))}")
+
+    except httpx.HTTPStatusError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except httpx.RequestError as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)
+    except Exception as e:
+        print_api_error(e, "manage configuration")
+        raise typer.Exit(1)