bt-cli 0.4.9__tar.gz → 0.4.11__tar.gz

{bt_cli-0.4.9 → bt_cli-0.4.11}/.gitignore

@@ -42,3 +42,4 @@ htmlcov/
 # Misc
 *.log
 .DS_Store
+.claude/settings.local.json

{bt_cli-0.4.9 → bt_cli-0.4.11}/CLAUDE.md

@@ -5,7 +5,7 @@ BeyondTrust Platform CLI for Password Safe, Entitle, PRA, and EPM Windows.
 ## Setup
 
 ```bash
-cd /home/admin/entitl-sko/bt-cli
+# From project root
 source .venv/bin/activate && source .env
 bt whoami   # Test all connections
 ```

{bt_cli-0.4.9 → bt_cli-0.4.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bt-cli
-Version: 0.4.9
+Version: 0.4.11
 Summary: BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM
 Author-email: Dave Grendysz <dgrendysz@beyondtrust.com>
 License: MIT

{bt_cli-0.4.9 → bt_cli-0.4.11}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "bt-cli"
-version = "0.4.9"
+version = "0.4.11"
 description = "BeyondTrust Platform CLI (unofficial) - Password Safe, Entitle, PRA, EPM"
 readme = "README.md"
 requires-python = ">=3.9"

{bt_cli-0.4.9 → bt_cli-0.4.11}/src/bt_cli/__init__.py

@@ -1,3 +1,3 @@
 """BeyondTrust Unified Admin CLI."""
 
-__version__ = "0.4.9"
+__version__ = "0.4.11"

{bt_cli-0.4.9 → bt_cli-0.4.11}/src/bt_cli/cli.py

@@ -552,9 +552,9 @@ def _get_skills_path() -> Optional[str]:
         if bundle_path.exists():
             return str(bundle_path)
 
-    # Try importlib.resources
+    # Try importlib.resources (files() works with directories in 3.9+)
     try:
-        if sys.version_info >= (3, 11):
+        if sys.version_info >= (3, 9):
             from importlib.resources import files
             data_path = files("bt_cli.data").joinpath("skills")
             if data_path.is_dir():
@@ -564,7 +564,7 @@ def _get_skills_path() -> Optional[str]:
             with path("bt_cli.data", "skills") as p:
                 if p.exists():
                     return str(p)
-    except (ImportError, ModuleNotFoundError, TypeError, FileNotFoundError):
+    except (ImportError, ModuleNotFoundError, TypeError, FileNotFoundError, IsADirectoryError):
         pass
 
     # Fall back to source directory
@@ -587,9 +587,9 @@ def _get_claude_md_path() -> Optional[str]:
         if bundle_path.exists():
             return str(bundle_path)
 
-    # Try importlib.resources
+    # Try importlib.resources (files() available in 3.9+)
     try:
-        if sys.version_info >= (3, 11):
+        if sys.version_info >= (3, 9):
             from importlib.resources import files
             data_path = files("bt_cli.data").joinpath("CLAUDE.md")
             if data_path.is_file():

{bt_cli-0.4.9 → bt_cli-0.4.11}/src/bt_cli/core/csv_utils.py

@@ -2,7 +2,7 @@
 
 import csv
 from pathlib import Path
-from typing import Any
+from typing import Any, Optional
 
 
 def read_csv(file_path: str) -> list[dict[str, Any]]:
@@ -73,7 +73,7 @@ def parse_bool(value: str) -> bool:
     return value.lower().strip() in ('true', 'yes', '1', 'y')
 
 
-def parse_int(value: str, default: int | None = None) -> int | None:
+def parse_int(value: str, default: Optional[int] = None) -> Optional[int]:
     """Parse integer from CSV string.
 
     Args:

bt_cli-0.4.11/tests/integration/conftest.py

@@ -0,0 +1,214 @@
+"""Integration test fixtures.
+
+These fixtures provide real API clients when credentials are configured.
+Tests are automatically skipped if required environment variables are missing.
+"""
+
+import os
+
+import pytest
+
+
+def pytest_configure(config):
+    """Register integration marker."""
+    config.addinivalue_line(
+        "markers", "integration: mark test as integration test requiring real API credentials"
+    )
+
+
+@pytest.fixture
+def pws_integration_config():
+    """Load PWS config from environment, skip if not available.
+
+    Requires BT_PWS_API_URL and either:
+    - BT_PWS_API_KEY (for API key auth)
+    - BT_PWS_CLIENT_ID and BT_PWS_CLIENT_SECRET (for OAuth)
+    """
+    from bt_cli.core.config import load_pws_config
+
+    if not os.getenv("BT_PWS_API_URL"):
+        pytest.skip("PWS credentials not configured (BT_PWS_API_URL not set)")
+
+    if not os.getenv("BT_PWS_API_KEY") and not (
+        os.getenv("BT_PWS_CLIENT_ID") and os.getenv("BT_PWS_CLIENT_SECRET")
+    ):
+        pytest.skip("PWS credentials not configured (missing API key or OAuth credentials)")
+
+    return load_pws_config()
+
+
+@pytest.fixture
+def pra_integration_config():
+    """Load PRA config from environment, skip if not available.
+
+    Requires:
+    - BT_PRA_API_URL
+    - BT_PRA_CLIENT_ID
+    - BT_PRA_CLIENT_SECRET
+    """
+    from bt_cli.core.config import load_pra_config
+
+    if not os.getenv("BT_PRA_API_URL"):
+        pytest.skip("PRA credentials not configured (BT_PRA_API_URL not set)")
+
+    if not os.getenv("BT_PRA_CLIENT_ID") or not os.getenv("BT_PRA_CLIENT_SECRET"):
+        pytest.skip("PRA credentials not configured (missing OAuth credentials)")
+
+    return load_pra_config()
+
+
+@pytest.fixture
+def epmw_integration_config():
+    """Load EPMW config from environment, skip if not available.
+
+    Requires:
+    - BT_EPM_API_URL
+    - BT_EPM_CLIENT_ID
+    - BT_EPM_CLIENT_SECRET
+    """
+    from bt_cli.core.config import load_epmw_config
+
+    if not os.getenv("BT_EPM_API_URL"):
+        pytest.skip("EPMW credentials not configured (BT_EPM_API_URL not set)")
+
+    if not os.getenv("BT_EPM_CLIENT_ID") or not os.getenv("BT_EPM_CLIENT_SECRET"):
+        pytest.skip("EPMW credentials not configured (missing OAuth credentials)")
+
+    return load_epmw_config()
+
+
+@pytest.fixture
+def entitle_integration_config():
+    """Load Entitle config from environment, skip if not available.
+
+    Requires:
+    - BT_ENTITLE_API_URL
+    - BT_ENTITLE_API_KEY
+    """
+    from bt_cli.core.config import load_entitle_config
+
+    if not os.getenv("BT_ENTITLE_API_URL"):
+        pytest.skip("Entitle credentials not configured (BT_ENTITLE_API_URL not set)")
+
+    if not os.getenv("BT_ENTITLE_API_KEY"):
+        pytest.skip("Entitle credentials not configured (BT_ENTITLE_API_KEY not set)")
+
+    return load_entitle_config()
+
+
+# =============================================================================
+# Auto-Discovery Fixtures for PWS
+# =============================================================================
+
+@pytest.fixture
+def pws_workgroup_id(pws_integration_config):
+    """Auto-discover first available workgroup ID."""
+    from bt_cli.pws.client.base import FullPasswordSafeClient
+
+    with FullPasswordSafeClient(pws_integration_config) as client:
+        client.authenticate()
+        workgroups = client.list_workgroups()
+        if not workgroups:
+            pytest.skip("No workgroups available")
+        return workgroups[0]["ID"]
+
+
+@pytest.fixture
+def pws_linux_platform_id(pws_integration_config):
+    """Auto-discover Linux platform ID."""
+    from bt_cli.pws.client.base import FullPasswordSafeClient
+
+    with FullPasswordSafeClient(pws_integration_config) as client:
+        client.authenticate()
+        platforms = client.list_platforms()
+        for p in platforms:
+            if "Linux" in p.get("Name", ""):
+                return p["PlatformID"]
+        pytest.skip("No Linux platform found")
+
+
+@pytest.fixture
+def pws_windows_platform_id(pws_integration_config):
+    """Auto-discover Windows platform ID."""
+    from bt_cli.pws.client.base import FullPasswordSafeClient
+
+    with FullPasswordSafeClient(pws_integration_config) as client:
+        client.authenticate()
+        platforms = client.list_platforms()
+        for p in platforms:
+            if "Windows" in p.get("Name", "") and "Domain" not in p.get("Name", ""):
+                return p["PlatformID"]
+        pytest.skip("No Windows platform found")
+
+
+@pytest.fixture
+def pws_functional_account_id(pws_integration_config):
+    """Auto-discover first available functional account ID."""
+    from bt_cli.pws.client.base import FullPasswordSafeClient
+
+    with FullPasswordSafeClient(pws_integration_config) as client:
+        client.authenticate()
+        accounts = client.list_functional_accounts()
+        if not accounts:
+            pytest.skip("No functional accounts available")
+        return accounts[0]["FunctionalAccountID"]
+
+
+# =============================================================================
+# Auto-Discovery Fixtures for PRA
+# =============================================================================
+
+@pytest.fixture
+def pra_jumpoint_id(pra_integration_config):
+    """Auto-discover first available jumpoint ID."""
+    from bt_cli.pra.client.base import PRAClient
+
+    with PRAClient(pra_integration_config) as client:
+        # PRA uses automatic OAuth authentication
+        jumpoints = client.list_jumpoints()
+        if not jumpoints:
+            pytest.skip("No jumpoints available")
+        return jumpoints[0]["id"]
+
+
+@pytest.fixture
+def pra_jump_group_id(pra_integration_config):
+    """Auto-discover first available jump group ID."""
+    from bt_cli.pra.client.base import PRAClient
+
+    with PRAClient(pra_integration_config) as client:
+        # PRA uses automatic OAuth authentication
+        groups = client.list_jump_groups()
+        if not groups:
+            pytest.skip("No jump groups available")
+        return groups[0]["id"]
+
+
+# =============================================================================
+# Auto-Discovery Fixtures for EPMW
+# =============================================================================
+
+@pytest.fixture
+def epmw_policy_id(epmw_integration_config):
+    """Auto-discover first available policy ID."""
+    from bt_cli.epmw.client.base import EPMWClient
+
+    with EPMWClient(epmw_integration_config) as client:
+        # EPMW uses auto-auth via OAuth token on each request
+        policies = client.list_policies()
+        if not policies:
+            pytest.skip("No policies available")
+        return policies[0]["id"]
+
+
+@pytest.fixture
+def epmw_computer_id(epmw_integration_config):
+    """Auto-discover first available computer ID."""
+    from bt_cli.epmw.client.base import EPMWClient
+
+    with EPMWClient(epmw_integration_config) as client:
+        # EPMW uses auto-auth via OAuth token on each request
+        computers = client.list_computers()
+        if not computers:
+            pytest.skip("No computers available")
+        return computers[0]["id"]

bt_cli-0.4.11/tests/integration/helpers.py

@@ -0,0 +1,75 @@
+"""Shared utilities for integration tests."""
+
+import uuid
+from contextlib import contextmanager
+from typing import Callable, Any
+
+
+def unique_name(prefix: str) -> str:
+    """Generate unique test resource name.
+
+    Args:
+        prefix: Resource type prefix (e.g., 'safe', 'system', 'jump')
+
+    Returns:
+        Unique name like 'pytest-safe-a1b2c3d4'
+    """
+    return f"pytest-{prefix}-{uuid.uuid4().hex[:8]}"
+
+
+@contextmanager
+def cleanup_on_exit(delete_func: Callable[[Any], Any], resource_id: Any):
+    """Context manager to ensure resource cleanup even on test failure.
+
+    Args:
+        delete_func: Function to call for deletion
+        resource_id: ID to pass to delete function
+
+    Example:
+        with cleanup_on_exit(client.delete_safe, safe_id):
+            # do stuff with safe
+            pass
+        # safe is deleted even if exception occurs
+    """
+    try:
+        yield
+    finally:
+        try:
+            delete_func(resource_id)
+        except Exception:
+            pass  # Best effort cleanup
+
+
+class ResourceTracker:
+    """Track created resources for cleanup at end of test.
+
+    Example:
+        tracker = ResourceTracker()
+        tracker.add(client.delete_safe, safe_id)
+        tracker.add(client.delete_folder, folder_id)
+        # ... test code ...
+        tracker.cleanup()  # Deletes in reverse order
+    """
+
+    def __init__(self):
+        self._resources: list[tuple[Callable, Any]] = []
+
+    def add(self, delete_func: Callable[[Any], Any], resource_id: Any) -> None:
+        """Register a resource for cleanup."""
+        self._resources.append((delete_func, resource_id))
+
+    def cleanup(self) -> None:
+        """Delete all tracked resources in reverse order (LIFO)."""
+        while self._resources:
+            delete_func, resource_id = self._resources.pop()
+            try:
+                delete_func(resource_id)
+            except Exception:
+                pass  # Best effort cleanup
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.cleanup()
+        return False  # Don't suppress exceptions

bt_cli-0.4.11/tests/integration/test_epmw_lifecycle.py

@@ -0,0 +1,242 @@
+"""EPMW CRUD lifecycle integration tests.
+
+These tests create, verify, and clean up real resources in EPM Windows.
+Run with: pytest tests/integration/test_epmw_lifecycle.py -v
+"""
+
+import pytest
+
+from tests.integration.helpers import unique_name, ResourceTracker
+
+
+@pytest.mark.integration
+class TestGroupLifecycle:
+    """Test EPMW Group CRUD lifecycle."""
+
+    def test_group_lifecycle(self, epmw_integration_config):
+        """Create group → update → delete."""
+        from bt_cli.epmw.client.base import EPMWClient
+
+        with EPMWClient(epmw_integration_config) as client:
+            # EPMW uses auto-auth via OAuth token on each request
+
+            # CREATE (returns just the group ID string)
+            group_name = unique_name("group")
+            group_id = client.create_group({
+                "name": group_name,
+                "description": "Integration test group",
+            })
+
+            try:
+                # VERIFY exists
+                groups = client.list_groups()
+                assert any(g["id"] == group_id for g in groups), "Group not found"
+
+                # GET details
+                retrieved = client.get_group(group_id)
+                assert retrieved["name"] == group_name
+
+                # UPDATE (may fail with 405 if API doesn't support PUT)
+                new_desc = "Updated integration test group"
+                try:
+                    client.update_group(group_id, {
+                        "name": group_name,
+                        "description": new_desc,
+                    })
+                    # VERIFY update
+                    updated = client.get_group(group_id)
+                    assert updated["description"] == new_desc
+                except Exception as e:
+                    if "405" in str(e):
+                        pass  # API doesn't support update, skip verification
+                    else:
+                        raise
+
+            finally:
+                # DELETE (may fail with 405 if API doesn't support it)
+                try:
+                    client.delete_group(group_id)
+                except Exception as e:
+                    if "405" in str(e):
+                        # API doesn't support delete, test passed for create/update
+                        return
+                    raise
+
+            # VERIFY deleted
+            groups = client.list_groups()
+            assert not any(g["id"] == group_id for g in groups), "Group still exists"
+
+
+@pytest.mark.integration
+class TestGroupWithPolicyLifecycle:
+    """Test Group with Policy assignment lifecycle."""
+
+    def test_group_policy_assignment(self, epmw_integration_config, epmw_policy_id):
+        """Create group → assign policy → verify → delete."""
+        from bt_cli.epmw.client.base import EPMWClient
+
+        with EPMWClient(epmw_integration_config) as client:
+            # EPMW uses auto-auth via OAuth token
+
+            # CREATE group (returns just the group ID string)
+            group_name = unique_name("group")
+            group_id = client.create_group({
+                "name": group_name,
+                "description": "Policy assignment test",
+            })
+
+            try:
+                # ASSIGN policy to group (skip if API doesn't support it)
+                try:
+                    client.assign_policy_to_group(group_id, epmw_policy_id)
+                except Exception as e:
+                    if "404" in str(e) or "405" in str(e):
+                        pytest.skip(f"Policy assignment not supported: {e}")
+                    raise
+
+                # VERIFY assignment (get group and check policy)
+                retrieved = client.get_group(group_id)
+                # Policy assignment might be reflected in group data
+                assert retrieved is not None
+
+            finally:
+                # DELETE group (may fail with 405)
+                try:
+                    client.delete_group(group_id)
+                except Exception:
+                    pass  # Best effort cleanup
+
+
+@pytest.mark.integration
+class TestComputerOperations:
+    """Test Computer archive/unarchive operations.
+
+    Note: We can't create computers via API (they're agent-enrolled),
+    so we test archive/unarchive on existing computers if available.
+    """
+
+    def test_computer_archive_unarchive(self, epmw_integration_config, epmw_computer_id):
+        """Archive computer → verify → unarchive → verify."""
+        from bt_cli.epmw.client.base import EPMWClient
+
+        with EPMWClient(epmw_integration_config) as client:
+            # EPMW uses auto-auth via OAuth token
+
+            # Get initial state (field is 'archived' not 'isArchived')
+            computer = client.get_computer(epmw_computer_id)
+            initial_archived = computer.get("archived", False)
+
+            # Only test if not already archived
+            if initial_archived:
+                pytest.skip("Computer already archived, skipping test")
+
+            try:
+                # ARCHIVE
+                client.archive_computer(epmw_computer_id)
+
+                # VERIFY archived (API may process async, skip if not immediate)
+                archived = client.get_computer(epmw_computer_id)
+                if not archived.get("archived", False):
+                    pytest.skip("Archive operation may be async or not supported")
+
+            finally:
+                # UNARCHIVE (restore original state)
+                try:
+                    client.unarchive_computer(epmw_computer_id)
+                except Exception:
+                    pass  # Best effort
+
+            # VERIFY unarchived
+            restored = client.get_computer(epmw_computer_id)
+            assert not restored.get("archived", True), "Computer still archived"
+
+
+@pytest.mark.integration
+class TestUserLifecycle:
+    """Test EPMW User CRUD lifecycle.
+
+    Note: User creation may require specific permissions.
+    Tests will skip if permissions are insufficient.
+    """
+
+    def test_user_lifecycle(self, epmw_integration_config):
+        """Create user → enable → disable → delete."""
+        from bt_cli.epmw.client.base import EPMWClient
+
+        with EPMWClient(epmw_integration_config) as client:
+            # EPMW uses auto-auth via OAuth token
+
+            # CREATE user (may fail with 400/403 if not permitted)
+            username = unique_name("user")
+            try:
+                user = client.create_user({
+                    "username": f"{username}@test.local",
+                    "firstName": "Test",
+                    "lastName": "User",
+                    "email": f"{username}@example.com",
+                })
+            except Exception as e:
+                if "permission" in str(e).lower() or "400" in str(e) or "403" in str(e):
+                    pytest.skip(f"User creation not permitted: {e}")
+                raise
+
+            user_id = user["id"]
+
+            try:
+                # VERIFY exists
+                users = client.list_users()
+                assert any(u["id"] == user_id for u in users), "User not found"
+
+                # DISABLE
+                client.disable_user(user_id)
+
+                # VERIFY disabled
+                disabled = client.get_user(user_id)
+                assert disabled.get("isDisabled", False), "User not disabled"
+
+                # ENABLE
+                client.enable_user(user_id)
+
+                # VERIFY enabled
+                enabled = client.get_user(user_id)
+                assert not enabled.get("isDisabled", True), "User still disabled"
+
+            finally:
+                # DELETE
+                try:
+                    # Note: EPMW may not have delete_user, may need to disable instead
+                    if hasattr(client, 'delete_user'):
+                        client.delete_user(user_id)
+                    else:
+                        # Just disable if can't delete
+                        client.disable_user(user_id)
+                except Exception:
+                    pass  # Best effort cleanup
+
+
+@pytest.mark.integration
+class TestAdminRequestOperations:
+    """Test Admin Request approval/denial.
+
+    Note: These tests require pending admin requests to exist.
+    They will skip if no requests are available.
+    """
+
+    def test_list_admin_requests(self, epmw_integration_config):
+        """List admin requests (read-only test)."""
+        from bt_cli.epmw.client.base import EPMWClient
+
+        with EPMWClient(epmw_integration_config) as client:
+            # EPMW uses auto-auth via OAuth token
+
+            # LIST requests
+            requests = client.list_admin_requests()
+
+            # Just verify we can list (may be empty)
+            assert isinstance(requests, list)
+
+            # If there are pending requests, verify structure
+            if requests:
+                req = requests[0]
+                # Structure has nested fields like requestInfo, accessDecision
+                assert "requestInfo" in req or "id" in req