bt-cli 0.4.30__tar.gz → 0.4.32__tar.gz

{bt_cli-0.4.30 → bt_cli-0.4.32}/CLAUDE.md

@@ -1,6 +1,6 @@
 # BT-CLI
 
-BeyondTrust Platform CLI for Password Safe, Entitle, PRA, and EPM Windows. **Version: 0.4.29**
+BeyondTrust Platform CLI for Password Safe, Entitle, PRA, and EPM Windows. **Version: 0.4.32**
 
 ## Setup
 

{bt_cli-0.4.30 → bt_cli-0.4.32}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bt-cli
-Version: 0.4.30
+Version: 0.4.32
 Summary: BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM
 Author-email: Dave Grendysz <dgrendysz@beyondtrust.com>
 License: MIT

{bt_cli-0.4.30 → bt_cli-0.4.32}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "bt-cli"
-version = "0.4.30"
+version = "0.4.32"
 description = "BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM"
 readme = "README.md"
 requires-python = ">=3.9"

{bt_cli-0.4.30 → bt_cli-0.4.32}/src/bt_cli/__init__.py

@@ -1,3 +1,3 @@
 """BeyondTrust Unified Admin CLI."""
 
-__version__ = "0.4.30"
+__version__ = "0.4.32"

{bt_cli-0.4.30 → bt_cli-0.4.32}/src/bt_cli/pws/client/beyondinsight.py

@@ -160,23 +160,24 @@ class BeyondInsightMixin:
         search_term: str,
         limit: Optional[int] = None,
     ) -> list[dict[str, Any]]:
-        """Search for assets.
-
-        Args:
-            search_term: Search term
-            limit: Maximum number of results
-
-        Returns:
-            List of matching asset objects
-        """
-        data = {"SearchTerm": search_term}
-        if limit:
-            data["Limit"] = limit
-
-        response = self.post("/Assets/Search", json=data)
-        if isinstance(response, list):
-            return response
-        return response.get("Data", response.get("data", []))
+        """Search for assets by substring across name, DNS, IP, domain.
+
+        POST /Assets/Search only supports exact-match on specific fields
+        (AssetName, DnsName, IPAddress, etc.), so we fetch and filter
+        client-side for a fuzzy search experience.
+        """
+        assets = self.list_assets()
+        term = search_term.lower()
+        matched = [
+            a for a in assets
+            if term in (a.get("AssetName", "") or "").lower()
+            or term in (a.get("DnsName", "") or "").lower()
+            or term in (a.get("IPAddress", "") or "").lower()
+            or term in (a.get("DomainName", "") or "").lower()
+        ]
+        if limit is not None:
+            matched = matched[:limit]
+        return matched
 
     # =========================================================================
     # Managed Systems
@@ -190,25 +191,31 @@ class BeyondInsightMixin:
     ) -> list[dict[str, Any]]:
         """List managed systems.
 
-        Args:
-            workgroup_id: Optional workgroup filter
-            search: Optional search filter
-            limit: Maximum number of results
-
-        Returns:
-            List of managed system objects
+        /ManagedSystems only supports an exact-match ``name`` query param,
+        so ``search`` is applied client-side as a substring match across
+        SystemName / IPAddress / Description for parity with other commands.
         """
-        params = {}
-        if search:
-            params["search"] = search
+        params: dict[str, Any] = {}
         if limit:
             params["limit"] = limit
 
         if workgroup_id:
-            return self.paginate(
+            systems = self.paginate(
                 f"/Workgroups/{workgroup_id}/ManagedSystems", params=params
             )
-        return self.paginate("/ManagedSystems", params=params)
+        else:
+            systems = self.paginate("/ManagedSystems", params=params)
+
+        if search:
+            term = search.lower()
+            systems = [
+                s for s in systems
+                if term in (s.get("SystemName", "") or "").lower()
+                or term in (s.get("IPAddress", "") or "").lower()
+                or term in (s.get("Description", "") or "").lower()
+            ]
+
+        return systems
 
     def get_managed_system(
         self: "PasswordSafeClient", system_id: int

{bt_cli-0.4.30 → bt_cli-0.4.32}/src/bt_cli/pws/client/passwordsafe.py

@@ -821,16 +821,29 @@ class PasswordSafeMixin:
     ) -> list[dict[str, Any]]:
         """List user groups.
 
-        Args:
-            search: Optional name filter
-
-        Returns:
-            List of user group objects
+        /UserGroups does not support pagination. The ``name`` server-side
+        param is an exact match, so filtering is handled client-side.
         """
-        params = {}
+        result = self.get("/UserGroups")
+        if isinstance(result, list):
+            groups = result
+        elif isinstance(result, dict):
+            if "GroupID" in result:
+                groups = [result]
+            else:
+                groups = result.get("Data", result.get("results", []))
+        else:
+            groups = []
+
         if search:
-            params["name"] = search
-        return self.paginate("/UserGroups", params=params)
+            search_lower = search.lower()
+            groups = [
+                g for g in groups
+                if search_lower in (g.get("Name", "") or "").lower()
+                or search_lower in (g.get("Description", "") or "").lower()
+            ]
+
+        return groups
 
     def get_user_group(self: "PasswordSafeClient", group_id: int) -> dict[str, Any]:
         """Get a user group by ID.
@@ -848,13 +861,16 @@ class PasswordSafeMixin:
     ) -> list[dict[str, Any]]:
         """Get users in a user group.
 
-        Args:
-            group_id: User group ID
-
-        Returns:
-            List of user objects (includes ClientID, AccessPolicyID for API users)
+        /UserGroups/{id}/Users does not support pagination.
         """
-        return self.paginate(f"/UserGroups/{group_id}/Users")
+        result = self.get(f"/UserGroups/{group_id}/Users")
+        if isinstance(result, list):
+            return result
+        if isinstance(result, dict):
+            if "UserID" in result:
+                return [result]
+            return result.get("Data", result.get("results", []))
+        return []
 
     # =========================================================================
     # Users
@@ -864,20 +880,29 @@ class PasswordSafeMixin:
         self: "PasswordSafeClient",
         search: Optional[str] = None,
         limit: Optional[int] = None,
+        include_inactive: bool = False,
     ) -> list[dict[str, Any]]:
         """List users.
 
-        Args:
-            search: Optional username search filter (client-side filtering)
-            limit: Maximum number of results (None for all)
-
-        Returns:
-            List of user objects
+        /Users does not support pagination. The ``username`` server-side
+        param is an exact match (returns a single user dict or 404), so
+        searching is handled client-side across username/first/last/email.
         """
-        # API doesn't support server-side search, so we fetch all and filter client-side
-        users = self.paginate("/Users")
+        params: dict[str, Any] = {}
+        if include_inactive:
+            params["includeInactive"] = "true"
+
+        result = self.get("/Users", params=params)
+        if isinstance(result, list):
+            users = result
+        elif isinstance(result, dict):
+            if "UserID" in result:
+                users = [result]
+            else:
+                users = result.get("Data", result.get("results", []))
+        else:
+            users = []
 
-        # Apply client-side search filter
         if search:
             search_lower = search.lower()
             users = [
@@ -888,7 +913,6 @@ class PasswordSafeMixin:
                 or search_lower in (u.get("EmailAddress", "") or "").lower()
             ]
 
-        # Apply limit
         if limit is not None:
             users = users[:limit]
 
@@ -905,6 +929,30 @@ class PasswordSafeMixin:
         """
         return self.get(f"/Users/{user_id}")
 
+    def get_user_by_username(
+        self: "PasswordSafeClient", username: str
+    ) -> Optional[dict[str, Any]]:
+        """Look up a single user by exact username (case-insensitive).
+
+        Uses the /Users?username= server-side lookup (single round trip,
+        no full-list fetch). Returns None on 404. Username match is
+        case-insensitive but exact — no substring matching.
+        """
+        import httpx as _httpx
+
+        try:
+            result = self.get("/Users", params={"username": username})
+        except _httpx.HTTPStatusError as e:
+            if e.response.status_code == 404:
+                return None
+            raise
+
+        if isinstance(result, dict) and "UserID" in result:
+            return result
+        if isinstance(result, list):
+            return result[0] if result else None
+        return None
+
     # =========================================================================
     # Roles
     # =========================================================================

{bt_cli-0.4.30 → bt_cli-0.4.32}/src/bt_cli/pws/commands/search.py

@@ -42,6 +42,7 @@ def search(
         "managed_accounts": [],
         "managed_systems": [],
         "assets": [],
+        "users": [],
         "secrets": [],
     }
 
@@ -51,7 +52,6 @@ def search(
 
             console.print(f"[dim]Searching PWS for '{query}'...[/dim]\n")
 
-            # Search functional accounts
             try:
                 functional = client.list_functional_accounts()
                 results["functional_accounts"] = [
@@ -63,52 +63,35 @@ def search(
             except Exception as e:
                 console.print(f"[dim]Functional accounts: {e}[/dim]")
 
-            # Search managed accounts
             try:
-                # Use API search if available
-                accounts = client.list_managed_accounts(account_name=query, limit=50)
-                if not accounts:
-                    # Fall back to listing and filtering
-                    all_accounts = client.list_managed_accounts(limit=200)
-                    accounts = [
-                        a for a in all_accounts
-                        if query_lower in str(a.get("AccountName", "")).lower()
-                        or query_lower in str(a.get("SystemName", "")).lower()
-                    ]
-                results["managed_accounts"] = accounts[:10]
+                all_accounts = client.list_managed_accounts(limit=500)
+                results["managed_accounts"] = [
+                    a for a in all_accounts
+                    if query_lower in str(a.get("AccountName", "")).lower()
+                    or query_lower in str(a.get("SystemName", "")).lower()
+                ][:10]
             except Exception as e:
                 console.print(f"[dim]Managed accounts: {e}[/dim]")
 
-            # Search managed systems
             try:
-                systems = client.list_managed_systems(search=query, limit=50)
-                if not systems:
-                    all_systems = client.list_managed_systems(limit=200)
-                    systems = [
-                        s for s in all_systems
-                        if query_lower in str(s.get("SystemName", "")).lower()
-                        or query_lower in str(s.get("IPAddress", "")).lower()
-                        or query_lower in str(s.get("Description", "")).lower()
-                    ]
-                results["managed_systems"] = systems[:10]
+                results["managed_systems"] = client.list_managed_systems(search=query)[:10]
             except Exception as e:
                 console.print(f"[dim]Managed systems: {e}[/dim]")
 
-            # Search assets
             try:
-                assets = client.search_assets(query, limit=50)
-                if not assets:
-                    all_assets = client.list_assets(limit=200)
-                    assets = [
-                        a for a in all_assets
-                        if query_lower in str(a.get("AssetName", "")).lower()
-                        or query_lower in str(a.get("IPAddress", "")).lower()
-                        or query_lower in str(a.get("DnsName", "")).lower()
-                    ]
-                results["assets"] = assets[:10]
+                results["assets"] = client.search_assets(query, limit=10)
             except Exception as e:
                 console.print(f"[dim]Assets: {e}[/dim]")
 
+            try:
+                exact_user = client.get_user_by_username(query)
+                if exact_user:
+                    results["users"] = [exact_user]
+                else:
+                    results["users"] = client.list_users(search=query, limit=10)
+            except Exception as e:
+                console.print(f"[dim]Users: {e}[/dim]")
+
             # Search secrets (if accessible)
             try:
                 # Get all safes and search folders/secrets
@@ -222,6 +205,28 @@ def search(
             console.print(table)
             console.print()
 
+        # Users
+        if results["users"]:
+            total_found += len(results["users"])
+            table = Table(title="Users")
+            table.add_column("ID", style="cyan")
+            table.add_column("Username", style="green")
+            table.add_column("Name", style="yellow")
+            table.add_column("Email", style="blue")
+
+            for u in results["users"]:
+                first = u.get("FirstName") or ""
+                last = u.get("LastName") or ""
+                display_name = f"{first} {last}".strip() or "-"
+                table.add_row(
+                    str(u.get("UserID", "")),
+                    u.get("UserName", ""),
+                    display_name,
+                    u.get("EmailAddress") or "-",
+                )
+            console.print(table)
+            console.print()
+
         # Secrets
         if results["secrets"]:
             total_found += len(results["secrets"])

{bt_cli-0.4.30 → bt_cli-0.4.32}/src/bt_cli/pws/commands/users.py

@@ -179,23 +179,29 @@ def print_roles_table(roles: list[dict], title: str = "Roles") -> None:
 
 @app.command("list")
 def list_users(
-    search: Optional[str] = typer.Option(None, "--search", "-s", help="Search by username"),
+    search: Optional[str] = typer.Option(None, "--search", "-s", help="Search by username (also matches first/last/email)"),
     limit: int = typer.Option(50, "--limit", "-l", help="Maximum results (default: 50)"),
-    fetch_all: bool = typer.Option(False, "--all", help="Fetch all results (may be slow)"),
+    fetch_all: bool = typer.Option(False, "--all", help="Fetch all results"),
+    include_inactive: bool = typer.Option(False, "--include-inactive", help="Include inactive users"),
     output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
 ) -> None:
     """List all users.
 
     Examples:
-        bt pws users list                    # First 50 users
-        bt pws users list --all              # All users
+        bt pws users list                    # First 50 active users
+        bt pws users list --all              # All active users
+        bt pws users list --include-inactive # Include inactive users
         bt pws users list -s "admin"         # Search by username
         bt pws users list -o json            # JSON output
     """
     try:
         with get_client() as client:
             client.authenticate()
-            users = client.list_users(search=search, limit=None if fetch_all else limit)
+            users = client.list_users(
+                search=search,
+                limit=None if fetch_all else limit,
+                include_inactive=include_inactive,
+            )
 
         if output == "json":
             console.print_json(json.dumps(users, default=str))
@@ -222,25 +228,39 @@ def list_users(
 
 @app.command("get")
 def get_user(
-    user_id: int = typer.Argument(..., help="User ID"),
+    user: str = typer.Argument(..., help="User ID (int) or exact username"),
     output: str = typer.Option("table", "--output", "-o", help="Output format: table or json"),
 ) -> None:
-    """Get a user by ID.
+    """Get a user by ID or exact username (case-insensitive).
+
+    Username lookup uses /Users?username= — one round trip, no full list
+    fetch. Username match is exact (no substring); use ``list -s`` for
+    fuzzy search.
 
     Examples:
-        bt pws users get 1                   # Get user ID 1
+        bt pws users get 1                   # Lookup by ID
+        bt pws users get Administrator       # Lookup by exact username
+        bt pws users get dave@example.com    # If username is an email
         bt pws users get 4 -o json           # JSON output
     """
     try:
         with get_client() as client:
             client.authenticate()
-            user = client.get_user(user_id)
+            if user.isdigit():
+                user_obj = client.get_user(int(user))
+            else:
+                user_obj = client.get_user_by_username(user)
+                if user_obj is None:
+                    console.print(f"[yellow]No user found with username '{user}'.[/yellow]")
+                    raise typer.Exit(1)
 
         if output == "json":
-            console.print_json(json.dumps(user, default=str))
+            console.print_json(json.dumps(user_obj, default=str))
         else:
-            print_user_detail(user)
+            print_user_detail(user_obj)
 
+    except typer.Exit:
+        raise
     except httpx.HTTPStatusError as e:
         print_api_error(e, "get user")
         raise typer.Exit(1)