catocli 2.1.0__py3-none-any.whl → 2.1.1__py3-none-any.whl

catocli/Utils/clidriver.py

@@ -18,6 +18,7 @@ profile_manager = get_profile_manager()
 CATO_DEBUG = bool(os.getenv("CATO_DEBUG", False))
 from ..parsers.raw import raw_parse
 from ..parsers.custom import custom_parse
+from ..parsers.custom_private import private_parse
 from ..parsers.query_siteLocation import query_siteLocation_parse
 from ..parsers.mutation_accountManagement import mutation_accountManagement_parse
 from ..parsers.mutation_admin import mutation_admin_parse
@@ -82,6 +83,15 @@ def show_version_info(args, configuration=None):
 			print("Unable to check for updates (check your internet connection)")
 	return [{"success": True, "current_version": catocli.__version__, "latest_version": latest_version if not args.current_only else None}]
 
+def load_private_settings():
+	# Load private settings from ~/.cato/settings.json
+	settings_file = os.path.expanduser("~/.cato/settings.json")
+	try:
+		with open(settings_file, 'r') as f:
+			return json.load(f)
+	except (FileNotFoundError, json.JSONDecodeError):
+		return {}
+	
 def get_configuration(skip_api_key=False):
 	configuration = Configuration()
 	configuration.verify_ssl = False
@@ -104,10 +114,13 @@ def get_configuration(skip_api_key=False):
 		print(f"Run 'catocli configure set --profile {profile_name}' to update your credentials.")
 		exit(1)
 	
+	# Use standard endpoint from profile for regular API calls
+	configuration.host = credentials['endpoint']
+		
 	# Only set API key if not using custom headers file
+	# (Private settings are handled separately in createPrivateRequest)
 	if not skip_api_key:
 		configuration.api_key["x-api-key"] = credentials['cato_token']
-	configuration.host = credentials['endpoint']
 	configuration.accountID = credentials['account_id']
 	
 	return configuration
@@ -136,6 +149,7 @@ version_parser.add_argument('--current-only', action='store_true', help='Show on
 version_parser.set_defaults(func=show_version_info)
 
 custom_parsers = custom_parse(subparsers)
+private_parsers = private_parse(subparsers)
 raw_parsers = subparsers.add_parser('raw', help='Raw GraphQL', usage=get_help("raw"))
 raw_parser = raw_parse(raw_parsers)
 query_parser = subparsers.add_parser('query', help='Query', usage='catocli query <operationName> [options]')
@@ -239,6 +253,7 @@ def main(args=None):
 			response = args.func(args, None)
 		else:
 			# Check if using headers file to determine if we should skip API key
+			# Note: Private settings should NOT affect regular API calls - only private commands
 			using_headers_file = hasattr(args, 'headers_file') and args.headers_file
 			
 			# Get configuration from profiles
@@ -252,8 +267,8 @@ def main(args=None):
 				custom_headers.update(parse_headers_from_file(args.headers_file))
 			if custom_headers:
 				configuration.custom_headers.update(custom_headers)
-			# Handle account ID override
-			if args.func.__name__ != "createRawRequest":
+			# Handle account ID override (applies to all commands except raw)
+			if args.func.__name__ not in ["createRawRequest"]:
 				if hasattr(args, 'accountID') and args.accountID is not None:
 					# Command line override takes precedence
 					configuration.accountID = args.accountID
@@ -266,6 +281,9 @@ def main(args=None):
 		else:
 			if response!=None:
 				print(json.dumps(response[0], sort_keys=True, indent=4))
+	except KeyboardInterrupt:
+		print('Operation cancelled by user (Ctrl+C).')
+		exit(130)  # Standard exit code for SIGINT
 	except Exception as e:
 		if isinstance(e, AttributeError):
 			print('Missing arguments. Usage: catocli <operation> -h')
@@ -275,4 +293,4 @@ def main(args=None):
 		else:
 			print('ERROR: ',e)
 			traceback.print_exc()
-		exit(1)
+	exit(1)

catocli/Utils/version_checker.py

@@ -14,7 +14,7 @@ from .. import __version__
 
 # Cache settings
 CACHE_FILE = os.path.expanduser("~/.catocli_version_cache")
-CACHE_DURATION = 3600 * 24  # 24 hours in seconds
+CACHE_DURATION = 3600 * 4  # 4 hours in seconds
 
 def get_cached_version_info():
     """Get cached version information if still valid"""

catocli/__init__.py

@@ -1,2 +1,2 @@
-__version__ = "2.1.0"
+__version__ = "2.1.1"
 __cato_host__ = "https://api.catonetworks.com/api/v1/graphql2"

catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py

@@ -107,6 +107,9 @@ def run_terraform_import(resource_address, resource_id, timeout=60, verbose=Fals
             print(f"Error: {result.stderr}")
             return False, result.stdout, result.stderr
             
+    except KeyboardInterrupt:
+        print(f"\nImport cancelled by user (Ctrl+C)")
+        raise  # Re-raise to allow higher-level handling
     except subprocess.TimeoutExpired:
         print(f"Timeout: {resource_address} (exceeded {timeout}s)")
         return False, "", f"Command timed out after {timeout} seconds"
@@ -267,7 +270,11 @@ def import_if_rules_to_tf(args, configuration):
             "total_failed": total_failed,
             "module_name": args.module_name
         }]
-        
+    
+    except KeyboardInterrupt:
+        print("\nImport process cancelled by user (Ctrl+C).")
+        print("Partial imports may have been completed.")
+        return [{"success": False, "error": "Import cancelled by user"}]
     except Exception as e:
         print(f"ERROR: {str(e)}")
         return [{"success": False, "error": str(e)}]
@@ -445,7 +452,11 @@ def import_wf_rules_to_tf(args, configuration):
             "total_failed": total_failed,
             "module_name": args.module_name
         }]
-        
+    
+    except KeyboardInterrupt:
+        print("\nImport process cancelled by user (Ctrl+C).")
+        print("Partial imports may have been completed.")
+        return [{"success": False, "error": "Import cancelled by user"}]
     except Exception as e:
         print(f"ERROR: {str(e)}")
         return [{"success": False, "error": str(e)}]

catocli/parsers/custom/import_sites_to_tf/import_sites_to_tf.py

@@ -174,6 +174,9 @@ def run_terraform_import(resource_address, resource_id, timeout=60, verbose=Fals
             print(f"Error: {result.stderr}")
             return False, result.stdout, result.stderr
             
+    except KeyboardInterrupt:
+        print(f"\nImport cancelled by user (Ctrl+C)")
+        raise  # Re-raise to allow higher-level handling
     except subprocess.TimeoutExpired:
         print(f"Timeout: {resource_address} (exceeded {timeout}s)")
         return False, "", f"Command timed out after {timeout} seconds"
@@ -951,7 +954,11 @@ def import_socket_sites_to_tf(args, configuration):
             "total_failed": total_failed,
             "module_name": args.module_name
         }]
-        
+    
+    except KeyboardInterrupt:
+        print("\nImport process cancelled by user (Ctrl+C).")
+        print("Partial imports may have been completed.")
+        return [{"success": False, "error": "Import cancelled by user"}]
     except Exception as e:
         print(f"ERROR: {str(e)}")
         return [{"success": False, "error": str(e)}]

catocli/parsers/custom_private/__init__.py

@@ -0,0 +1,134 @@
+#!/usr/bin/env python3
+"""
+Private commands parser for custom GraphQL payloads
+Dynamically loads commands from ~/.cato/settings.json
+"""
+
+import os
+import json
+import argparse
+from ..parserApiClient import createPrivateRequest, get_private_help
+
+
+def load_private_settings():
+    """Load private settings from ~/.cato/settings.json"""
+    settings_file = os.path.expanduser("~/.cato/settings.json")
+    try:
+        with open(settings_file, 'r') as f:
+            settings = json.load(f)
+            return settings.get('privateCommands', {})
+    except (FileNotFoundError, json.JSONDecodeError, KeyError):
+        return {}
+
+
+def private_parse(subparsers):
+    """Check for private settings and create private parser if found"""
+    private_commands = load_private_settings()
+    
+    if not private_commands:
+        return None
+    
+    # Create the private subparser
+    private_parser = subparsers.add_parser(
+        'private', 
+        help='Private custom commands (configured in ~/.cato/settings.json)',
+        usage='catocli private <command> [options]'
+    )
+    
+    private_subparsers = private_parser.add_subparsers(
+        description='Available private commands',
+        help='Private command help'
+    )
+    
+    # Dynamically create subparsers for each private command
+    for command_name, command_config in private_commands.items():
+        create_private_command_parser(
+            private_subparsers, 
+            command_name, 
+            command_config
+        )
+    
+    return private_parser
+
+
+def create_private_command_parser(subparsers, command_name, command_config):
+    """Create a parser for a specific private command"""
+    
+    # Create the command parser
+    cmd_parser = subparsers.add_parser(
+        command_name,
+        help=f'Execute private command: {command_name}',
+        usage=get_private_help(command_name, command_config)
+    )
+    
+    # Add standard arguments
+    cmd_parser.add_argument(
+        'json', 
+        nargs='?', 
+        default='{}', 
+        help='Variables in JSON format (defaults to empty object if not provided).'
+    )
+    cmd_parser.add_argument(
+        '-t', 
+        const=True, 
+        default=False, 
+        nargs='?', 
+        help='Print GraphQL query without sending API call'
+    )
+    cmd_parser.add_argument(
+        '-v', 
+        const=True, 
+        default=False, 
+        nargs='?', 
+        help='Verbose output'
+    )
+    cmd_parser.add_argument(
+        '-p', 
+        const=True, 
+        default=False, 
+        nargs='?', 
+        help='Pretty print'
+    )
+    cmd_parser.add_argument(
+        '-H', '--header', 
+        action='append', 
+        dest='headers', 
+        help='Add custom headers in "Key: Value" format. Can be used multiple times.'
+    )
+    cmd_parser.add_argument(
+        '--headers-file', 
+        dest='headers_file', 
+        help='Load headers from a file. Each line should contain a header in "Key: Value" format.'
+    )
+    
+    # Add standard accountID argument (like other commands)
+    cmd_parser.add_argument(
+        '-accountID', 
+        help='Override the account ID from profile with this value.'
+    )
+    
+    # Add dynamic arguments based on command configuration (excluding accountId since it's handled above)
+    if 'arguments' in command_config:
+        for arg in command_config['arguments']:
+            arg_name = arg.get('name')
+            # Skip accountId since it's handled by the standard -accountID argument
+            if arg_name and arg_name.lower() != 'accountid':
+                arg_type = arg.get('type', 'string')
+                arg_default = arg.get('default')
+                arg_help = f"Argument: {arg_name}"
+                
+                if arg_default:
+                    arg_help += f" (default: {arg_default})"
+                
+                cmd_parser.add_argument(
+                    f'--{arg_name}',
+                    help=arg_help,
+                    default=arg_default
+                )
+    
+    # Set the function to handle this command
+    cmd_parser.set_defaults(
+        func=createPrivateRequest, 
+        private_command=command_name,
+        private_config=command_config
+    )

catocli/parsers/parserApiClient.py

@@ -7,6 +7,7 @@ from graphql_client.api_client import ApiException
 import logging
 import pprint
 import uuid
+import string
 from urllib3.filepost import encode_multipart_formdata
 
 def createRequest(args, configuration):
@@ -24,7 +25,12 @@ def createRequest(args, configuration):
 	elif not params["t"] and params["json"] is None:
 		# Default to empty object if no json provided and not using -t flag
 		variablesObj = {}
-	if "accountId" in operation["args"]:
+	# Special handling for eventsFeed and auditFeed which use accountIDs array
+	if operationName in ["query.eventsFeed", "query.auditFeed"]:
+		# Only add accountIDs if not already provided in JSON
+		if "accountIDs" not in variablesObj:
+			variablesObj["accountIDs"] = [configuration.accountID]
+	elif "accountId" in operation["args"]:
 		variablesObj["accountId"] = configuration.accountID
 	else:
 		variablesObj["accountID"] = configuration.accountID
@@ -438,6 +444,339 @@ def createRawBinaryRequest(args, configuration):
 			print(f"ERROR: Failed to send multipart request: {error_str}")
 		return None
 
+def get_private_help(command_name, command_config):
+	"""Generate comprehensive help text for a private command"""
+	usage = f"catocli private {command_name}"
+	
+	# Create comprehensive JSON example with all arguments (excluding accountId)
+	if 'arguments' in command_config:
+		json_example = {}
+		for arg in command_config['arguments']:
+			arg_name = arg.get('name')
+			# Skip accountId since it's handled by standard -accountID CLI argument
+			if arg_name and arg_name.lower() != 'accountid':
+				if 'example' in arg:
+					# Use explicit example if provided
+					json_example[arg_name] = arg['example']
+				elif 'default' in arg:
+					# Use default value if available
+					json_example[arg_name] = arg['default']
+				else:
+					# Generate placeholder based on type
+					arg_type = arg.get('type', 'string')
+					if arg_type == 'string':
+						json_example[arg_name] = f"<{arg_name}>"
+					elif arg_type == 'object':
+						if 'struct' in arg:
+							# Use struct definition
+							json_example[arg_name] = arg['struct']
+						else:
+							json_example[arg_name] = {}
+					else:
+						json_example[arg_name] = f"<{arg_name}>"
+					
+		if json_example:
+			# Format JSON nicely for readability in help
+			json_str = json.dumps(json_example, indent=2)
+			usage += f" '{json_str}'"
+	
+	# Add common options
+	usage += " [-t] [-v] [-p]"
+	
+	# Add command-specific arguments with descriptions (excluding accountId)
+	if 'arguments' in command_config:
+		filtered_args = [arg for arg in command_config['arguments'] if arg.get('name', '').lower() != 'accountid']
+		if filtered_args:
+			usage += "\n\nArguments:"
+			for arg in filtered_args:
+				arg_name = arg.get('name')
+				arg_type = arg.get('type', 'string')
+				arg_default = arg.get('default')
+				arg_example = arg.get('example')
+				
+				if arg_name:
+					usage += f"\n  --{arg_name}: {arg_type}"
+					if arg_default is not None:
+						usage += f" (default: {arg_default})"
+					if arg_example is not None and arg_example != arg_default:
+						usage += f" (example: {json.dumps(arg_example) if isinstance(arg_example, (dict, list)) else arg_example})"
+	
+	# Add standard accountID information
+	usage += "\n\nStandard Arguments:"
+	usage += "\n  -accountID: Account ID (taken from profile, can be overridden)"
+	
+	# Add payload file info if available
+	if 'payloadFilePath' in command_config:
+		usage += f"\n\nPayload template: {command_config['payloadFilePath']}"
+	
+	# Add batch processing info if configured
+	if 'batchSize' in command_config:
+		usage += f"\nBatch size: {command_config['batchSize']}"
+		if 'paginationParam' in command_config:
+			usage += f" (pagination: {command_config['paginationParam']})"
+	
+	return usage
+
+
+def load_payload_template(command_config):
+	"""Load and return the GraphQL payload template for a private command"""
+	try:
+		payload_path = command_config.get('payloadFilePath')
+		if not payload_path:
+			raise ValueError(f"Missing payloadFilePath in command configuration")
+		
+		# Construct the full path relative to the settings directory
+		settings_dir = os.path.expanduser("~/.cato")
+		full_payload_path = os.path.join(settings_dir, payload_path)
+		
+		# Load the payload file using the standard JSON loading mechanism
+		try:
+			with open(full_payload_path, 'r') as f:
+				return json.load(f)
+		except FileNotFoundError:
+			raise ValueError(f"Payload file not found: {full_payload_path}")
+		except json.JSONDecodeError as e:
+			raise ValueError(f"Invalid JSON in payload file {full_payload_path}: {e}")
+	except Exception as e:
+		raise ValueError(f"Failed to load payload template: {e}")
+
+
+def set_nested_value(obj, path, value):
+	"""Set a value at a nested path in an object using jQuery-style JSON path syntax
+	
+	Supports:
+	- Simple dot notation: 'a.b.c'
+	- Array access: 'a.b[0].c' or 'a.b[0]'
+	- Mixed paths: 'variables.filters[0].search'
+	- Deep nesting: 'data.results[0].items[1].properties.name'
+	"""
+	import re
+	
+	# Parse the path into components handling both dot notation and array indices
+	# Split by dots first, then handle array indices
+	path_parts = []
+	for part in path.split('.'):
+		# Check if this part contains array notation like 'items[0]'
+		array_matches = re.findall(r'([^\[]+)(?:\[(\d+)\])?', part)
+		for match in array_matches:
+			key, index = match
+			if key:  # Add the key part
+				path_parts.append(key)
+			if index:  # Add the array index part
+				path_parts.append(int(index))
+	
+	current = obj
+	
+	# Navigate to the parent of the target location
+	for i, part in enumerate(path_parts[:-1]):
+		next_part = path_parts[i + 1]
+		
+		if isinstance(part, int):
+			# Current part is an array index
+			if not isinstance(current, list):
+				raise ValueError(f"Expected array at path component {i}, got {type(current).__name__}")
+			
+			# Extend array if necessary
+			while len(current) <= part:
+				current.append(None)
+			
+			# Initialize the array element if it doesn't exist
+			if current[part] is None:
+				if isinstance(next_part, int):
+					current[part] = []  # Next part is array index, so create array
+				else:
+					current[part] = {}  # Next part is object key, so create object
+			
+			current = current[part]
+			
+		else:
+			# Current part is an object key
+			if not isinstance(current, dict):
+				raise ValueError(f"Expected object at path component {i}, got {type(current).__name__}")
+			
+			# Create the key if it doesn't exist
+			if part not in current:
+				if isinstance(next_part, int):
+					current[part] = []  # Next part is array index, so create array
+				else:
+					current[part] = {}  # Next part is object key, so create object
+			
+			current = current[part]
+	
+	# Set the final value
+	final_part = path_parts[-1]
+	if isinstance(final_part, int):
+		# Final part is an array index
+		if not isinstance(current, list):
+			raise ValueError(f"Expected array at final path component, got {type(current).__name__}")
+		
+		# Extend array if necessary
+		while len(current) <= final_part:
+			current.append(None)
+		
+		current[final_part] = value
+	else:
+		# Final part is an object key
+		if not isinstance(current, dict):
+			raise ValueError(f"Expected object at final path component, got {type(current).__name__}")
+		
+		current[final_part] = value
+
+
+def apply_template_variables(template, variables, private_config):
+	"""Apply variables to the template using path-based insertion and template replacement"""
+	if not template or not isinstance(template, dict):
+		return template
+	
+	# Make a deep copy to avoid modifying the original
+	import copy
+	result = copy.deepcopy(template)
+	
+	# First, handle path-based variable insertion from private_config
+	if private_config and 'arguments' in private_config:
+		for arg in private_config['arguments']:
+			arg_name = arg.get('name')
+			arg_paths = arg.get('path', [])
+			
+			if arg_name and arg_name in variables and arg_paths:
+				# Insert the variable value at each specified path
+				for path in arg_paths:
+					try:
+						set_nested_value(result, path, variables[arg_name])
+					except Exception as e:
+						# If path insertion fails, continue to template replacement
+						pass
+	
+	# Second, handle traditional template variable replacement as fallback
+	def traverse_and_replace(obj, path=""):
+		if isinstance(obj, dict):
+			for key, value in list(obj.items()):
+				new_path = f"{path}.{key}" if path else key
+				
+				# Check if this is a template variable (string that starts with '{{')
+				if isinstance(value, str) and value.startswith('{{') and value.endswith('}}'):
+					# Extract variable name
+					var_name = value[2:-2].strip()
+					
+					# Replace with actual value if available
+					if var_name in variables:
+						obj[key] = variables[var_name]
+				
+				# Recursively process nested objects
+				else:
+					traverse_and_replace(value, new_path)
+					
+		elif isinstance(obj, list):
+			for i, item in enumerate(obj):
+				traverse_and_replace(item, f"{path}[{i}]")
+	
+	traverse_and_replace(result)
+	return result
+
+
+def createPrivateRequest(args, configuration):
+	"""Handle private command execution using GraphQL payload templates"""
+	params = vars(args)
+	
+	# Get the private command configuration
+	private_command = params.get('private_command')
+	private_config = params.get('private_config')
+	
+	if not private_command or not private_config:
+		print("ERROR: Missing private command configuration")
+		return None
+	
+	# Load private settings and apply ONLY for private commands
+	try:
+		settings_file = os.path.expanduser("~/.cato/settings.json")
+		with open(settings_file, 'r') as f:
+			private_settings = json.load(f)
+	except (FileNotFoundError, json.JSONDecodeError):
+		private_settings = {}
+	
+	# Override endpoint if specified in private settings
+	if 'baseUrl' in private_settings:
+		configuration.host = private_settings['baseUrl']
+	
+	# Add custom headers from private settings
+	if 'headers' in private_settings and isinstance(private_settings['headers'], dict):
+		if not hasattr(configuration, 'custom_headers'):
+			configuration.custom_headers = {}
+		for key, value in private_settings['headers'].items():
+			configuration.custom_headers[key] = value
+	
+	# Parse input JSON variables
+	try:
+		variables = json.loads(params.get('json', '{}'))
+	except ValueError as e:
+		print(f"ERROR: Invalid JSON input: {e}")
+		return None
+	
+	# Apply default values from settings configuration first
+	for arg in private_config.get('arguments', []):
+		arg_name = arg.get('name')
+		if arg_name and 'default' in arg:
+			variables[arg_name] = arg['default']
+	
+	# Apply profile account ID as fallback (lower priority than settings defaults)
+	# Only apply if accountId is not already set by settings defaults
+	if configuration and hasattr(configuration, 'accountID'):
+		if 'accountID' not in variables and 'accountId' not in variables:
+			# Use both naming conventions to support different payload templates
+			variables['accountID'] = configuration.accountID
+			variables['accountId'] = configuration.accountID
+		# If accountId/accountID exists but not the other variation, add both
+		elif 'accountID' in variables and 'accountId' not in variables:
+			variables['accountId'] = variables['accountID']
+		elif 'accountId' in variables and 'accountID' not in variables:
+			variables['accountID'] = variables['accountId']
+	
+	# Apply CLI argument values (highest priority - overrides everything)
+	for arg in private_config.get('arguments', []):
+		arg_name = arg.get('name')
+		if arg_name:
+			# Handle special case for accountId - CLI uses -accountID but config uses accountId
+			if arg_name.lower() == 'accountid':
+				if hasattr(args, 'accountID') and getattr(args, 'accountID') is not None:
+					arg_value = getattr(args, 'accountID')
+					variables['accountID'] = arg_value
+					variables['accountId'] = arg_value
+				elif hasattr(args, 'accountId') and getattr(args, 'accountId') is not None:
+					arg_value = getattr(args, 'accountId')
+					variables['accountID'] = arg_value
+					variables['accountId'] = arg_value
+			# Handle other arguments normally
+			else:
+				if hasattr(args, arg_name):
+					arg_value = getattr(args, arg_name)
+					if arg_value is not None:
+						variables[arg_name] = arg_value
+	
+	# Load the payload template
+	try:
+		payload_template = load_payload_template(private_config)
+	except ValueError as e:
+		print(f"ERROR: {e}")
+		return None
+	
+	# Apply variables to the template using path-based insertion
+	body = apply_template_variables(payload_template, variables, private_config)
+	
+	# Test mode - just print the request
+	if params.get('t'):
+		if params.get('p'):
+			print(json.dumps(body, indent=2, sort_keys=True))
+		else:
+			print(json.dumps(body))
+		return None
+	
+	# Execute the GraphQL request using custom method (no User-Agent header)
+	try:
+		return sendPrivateGraphQLRequest(configuration, body, params)
+	except Exception as e:
+		return e
+
+
 def sendMultipartRequest(configuration, form_fields, files, params):
 	"""Send a multipart/form-data request directly using urllib3"""
 	import urllib3
@@ -520,3 +859,90 @@ def sendMultipartRequest(configuration, form_fields, files, params):
 			error_str = f"Exception of type {type(e).__name__}"
 		print(f"ERROR: Network/request error: {error_str}")
 		return None
+
+
+def sendPrivateGraphQLRequest(configuration, body, params):
+	"""Send a GraphQL request for private commands without User-Agent header"""
+	import urllib3
+	
+	# Create pool manager
+	pool_manager = urllib3.PoolManager(
+		cert_reqs='CERT_NONE' if not getattr(configuration, 'verify_ssl', False) else 'CERT_REQUIRED'
+	)
+	
+	# Prepare headers WITHOUT User-Agent
+	headers = {
+		'Content-Type': 'application/json'
+	}
+	
+	# Add API key if not using headers file or custom headers
+	using_custom_headers = hasattr(configuration, 'custom_headers') and configuration.custom_headers
+	if not using_custom_headers and hasattr(configuration, 'api_key') and configuration.api_key and 'x-api-key' in configuration.api_key:
+		headers['x-api-key'] = configuration.api_key['x-api-key']
+	
+	# Add custom headers
+	if using_custom_headers:
+		headers.update(configuration.custom_headers)
+	
+	# Encode headers to handle Unicode characters properly
+	encoded_headers = {}
+	for key, value in headers.items():
+		# Ensure header values are properly encoded as strings
+		if isinstance(value, str):
+			# Replace problematic Unicode characters that can't be encoded in latin-1
+			value = value.encode('utf-8', errors='replace').decode('latin-1', errors='replace')
+		encoded_headers[key] = value
+	headers = encoded_headers
+	
+	# Verbose output
+	if params.get("v") == True:
+		print(f"Host: {getattr(configuration, 'host', 'unknown')}")
+		masked_headers = headers.copy()
+		if 'x-api-key' in masked_headers:
+			masked_headers['x-api-key'] = '***MASKED***'
+		# Also mask Cookie for privacy
+		if 'Cookie' in masked_headers:
+			masked_headers['Cookie'] = '***MASKED***'
+		print(f"Request Headers: {json.dumps(masked_headers, indent=4, sort_keys=True)}")
+		print(f"Request Data: {json.dumps(body, indent=4, sort_keys=True)}\n")
+	
+	# Prepare request body
+	body_data = json.dumps(body).encode('utf-8')
+	
+	try:
+		# Make the request
+		resp = pool_manager.request(
+			'POST',
+			getattr(configuration, 'host', 'https://api.catonetworks.com/api/v1/graphql'),
+			body=body_data,
+			headers=headers
+		)
+		
+		# Parse response
+		if resp.status < 200 or resp.status >= 300:
+			reason = resp.reason if resp.reason is not None else "Unknown Error"
+			error_msg = f"HTTP {resp.status}: {reason}"
+			if resp.data:
+				try:
+					error_msg += f"\n{resp.data.decode('utf-8')}"
+				except Exception:
+					error_msg += f"\n{resp.data}"
+			print(f"ERROR: {error_msg}")
+			return None
+		
+		try:
+			response_data = json.loads(resp.data.decode('utf-8'))
+		except json.JSONDecodeError:
+			response_data = resp.data.decode('utf-8')
+		
+		# Return in the same format as the regular API client
+		return [response_data]
+		
+	except Exception as e:
+		# Safely handle exception string conversion
+		try:
+			error_str = str(e)
+		except Exception:
+			error_str = f"Exception of type {type(e).__name__}"
+		print(f"ERROR: Network/request error: {error_str}")
+		return None

{catocli-2.1.0.dist-info → catocli-2.1.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: catocli
-Version: 2.1.0
+Version: 2.1.1
 Summary: Cato Networks cli wrapper for the GraphQL API.
 Home-page: https://github.com/Cato-Networks/cato-cli
 Author: Cato Networks

{catocli-2.1.0.dist-info → catocli-2.1.1.dist-info}/RECORD

@@ -1,9 +1,9 @@
-catocli/__init__.py,sha256=Ag4gOmOVdoJyCHR6YaHm80lnUUfmywqRfwwWYgEoyHo,85
+catocli/__init__.py,sha256=HqBAr27AlpkoQiOSD0gHsZCdJJQ2kVVSjSyJkHAs1nI,85
 catocli/__main__.py,sha256=6Z0ns_k_kUcz1Qtrn1u7UyUnqB-3e85jM_nppOwFsv4,217
-catocli/Utils/clidriver.py,sha256=wxghLxwNkMhMUI5dV4v1AYz39sXC0xJF-FrwH8KEBZw,13239
+catocli/Utils/clidriver.py,sha256=RHZ95heniZSCCHlkP8mNBe22CPdzR78fANxL5F6Q1q8,13991
 catocli/Utils/profile_manager.py,sha256=Stch-cU2rLA7r07hETIRsvG_JxpQx3Q42QwpfD7Qd2I,6379
-catocli/Utils/version_checker.py,sha256=rakF8LIeB1D_bbsT1cX6q4IaxYpGw4Yeq35BWa7QbEA,6698
-catocli/parsers/parserApiClient.py,sha256=lWn0T9IFKelfJPoY-oNhJT3EF-x7hGZqoMgPIWFgsic,20611
+catocli/Utils/version_checker.py,sha256=tCtsCn7xxMIxOm6cWJSA_yPt0j4mNMK4iWSJej0yM6A,6696
+catocli/parsers/parserApiClient.py,sha256=pSzh6IIXxPhytiLUG47DvC6bI3VU7xRczosyRrYoujs,35505
 catocli/parsers/configure/__init__.py,sha256=Kq4OYGq_MXOQBHm8vxNkzJqCXp7zremYBfQ4Ai3_Lb4,3286
 catocli/parsers/configure/configure.py,sha256=GyaOeuf0ZK3-wsZaczmO1OsKVJiPK04h6iI1u-EaKQc,12217
 catocli/parsers/custom/README.md,sha256=UvCWAtF3Yh0UsvADb0ve1qJupgYHeyGu6V3Z0O5HEvo,8180
@@ -14,9 +14,10 @@ catocli/parsers/custom/export_rules/export_rules.py,sha256=gXig4NC29yC5nW48ri-j0
 catocli/parsers/custom/export_sites/__init__.py,sha256=WnTRNA4z4IS0rKR9r_UfuGv3bxp8nlt4YNH1Sed4toU,1378
 catocli/parsers/custom/export_sites/export_sites.py,sha256=DQxCZXGEN35F_kEbAAXo57t0-B-7koVRbe7unExo7F4,24670
 catocli/parsers/custom/import_rules_to_tf/__init__.py,sha256=jFCFceFv8zDW7nGLZOXkFE6NXAMPYRwKQwTbhSawYdM,3908
-catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py,sha256=kHzd3Iw9H6UeuSB-HE6vp3ZY38kGJk_ATgnDI2kus7k,18135
+catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py,sha256=WlyTDxUtWchu9CDs73ILHDfNXCAh7jFARBEKk5WWhwM,18714
 catocli/parsers/custom/import_sites_to_tf/__init__.py,sha256=0EyCGY2qV4wxMoFfqBPs5FoMc0Ufr7J7Ciygb6Xx8Fc,2925
-catocli/parsers/custom/import_sites_to_tf/import_sites_to_tf.py,sha256=9ymOJJgsTLWWJCu9JP8FpBPouwNqgMsnKBg5YlH698k,42520
+catocli/parsers/custom/import_sites_to_tf/import_sites_to_tf.py,sha256=KND-eQOS_rFYVAX01Gm5ChxE8DtHZ1edS0SizoBqyx4,42880
+catocli/parsers/custom_private/__init__.py,sha256=Xy5ODq-JZMBuIZ7HxBpbYlfn09p-NyxMU45TT6Tw9Sc,4170
 catocli/parsers/mutation/README.md,sha256=mdOfOY0sOVGnf9q-GVgtGc7mtxFKigD9q0ILJAw8l0I,32
 catocli/parsers/mutation_accountManagement/README.md,sha256=8ipbdTU8FAAfiH3IYlTZkTbLpPtO0fMblra7Zi8vwAI,249
 catocli/parsers/mutation_accountManagement/__init__.py,sha256=8sDLa3dko18IePLDuskvkKNLYi0CtER-ZEFnAUaTGwg,6380
@@ -335,13 +336,13 @@ catocli/parsers/query_xdr_stories/README.md,sha256=kbnrCmTq7o0T1LMgN0w8lAoiwB3NZ
 catocli/parsers/query_xdr_story/README.md,sha256=Csl2tE511miGOrISgIJyJXVEz2v1ONrMdvYywMeKv1Q,930
 catocli/parsers/raw/README.md,sha256=qvDLcg7U12yqacIQStOPtkqTsTLltJ06SSVmbqvlZhY,739
 catocli/parsers/raw/__init__.py,sha256=wXknxAeTYqjbOG_NFXsenjciD_bagT7P6Oxi2CuV8hg,1077
-catocli-2.1.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+catocli-2.1.1.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
 graphql_client/__init__.py,sha256=2nxD4YsWoOnALXi5cXbmtIN_i0NL_eyDTQRTxs52mkI,315
 graphql_client/api_client.py,sha256=2Rc1Zo1xH9Jnk1AO68kLSofTShkZwSVF-WkVtczfIc4,5786
 graphql_client/api_client_types.py,sha256=dM3zl6FA5SSp6nR6KmLfTL1BKaXX9uPMCZAm4v_FiUs,11569
 graphql_client/configuration.py,sha256=zzcdWjK1HdOxEbWg12ciWAlKV5sVpoiOzHiL5PMTBWU,7706
 graphql_client/api/__init__.py,sha256=UjpnW5LhQScrcYDQhCfk5YkA4pGpEx0JT_G0gUI23Rg,88
-graphql_client/api/call_api.py,sha256=-TWfnqV7Y9YGA53mlndKxw5tkcZkszh2uQkFkxheQT8,3028
+graphql_client/api/call_api.py,sha256=K8IvubNIr6zsXPPiO7l126WnR-kCohyTZG9w4TPYBGw,3874
 graphql_client/models/__init__.py,sha256=beY1dq6H1z0OOWRwvCN84LFOilZKMD_GjrYHuLKJI5c,275
 graphql_client/models/no_schema.py,sha256=NorUxY0NQA6reSS8Os_iF0GRk6cCYxhH7_Su0B9_eJk,1972
 models/mutation.accountManagement.addAccount.json,sha256=2gm59WwGde-8MVU2L4BIB5EpQ4ErBlE20qEaesTO5e8,55479
@@ -587,7 +588,7 @@ models/query.socketPortMetricsTimeSeries.json,sha256=61CJTpxNtWPS_7CnAQFW_rIe_ae
 models/query.subDomains.json,sha256=ySJ-gsBzC8EX4WrtJpasLAGkSK7-3e3orhPbIyx_B8s,7041
 models/query.xdr.stories.json,sha256=2VTpZjf47WbC4MYMoyvOxikkSUJRH2kwAmRLRAMluYk,3835486
 models/query.xdr.story.json,sha256=3WOa45mNzQRXjy3LEQoRw9gHX29AUOISWhu7ohvdhwc,2838778
-schema/catolib.py,sha256=eshJsUuN48eGNDKB5VjaI8S3J3cBUddVb_trmL1JsXQ,57093
+schema/catolib.py,sha256=sProS90AZV8tXuAXhc7H1ycO1tX7o4nvrpWU5ypZrsU,57845
 schema/importSchema.py,sha256=9xg9N0MjgQUiPRczOpk0sTY1Nx9K2F6MRhpUyRTNqZ4,2795
 schema/remove_policyid.py,sha256=DHGEL-Yb8mqNSPelDmmqYtHZi-tjZd2jwA4_ycgC9Rc,2590
 schema/remove_policyid_mutations.py,sha256=TDNC5iMVqGtF_t9s9A4TkNCLMHAYmo77o3jKqjt8Uz8,2944
@@ -637,8 +638,8 @@ vendor/urllib3/util/timeout.py,sha256=4eT1FVeZZU7h7mYD1Jq2OXNe4fxekdNvhoWUkZusRp
 vendor/urllib3/util/url.py,sha256=wHORhp80RAXyTlAIkTqLFzSrkU7J34ZDxX-tN65MBZk,15213
 vendor/urllib3/util/util.py,sha256=j3lbZK1jPyiwD34T8IgJzdWEZVT-4E-0vYIJi9UjeNA,1146
 vendor/urllib3/util/wait.py,sha256=_ph8IrUR3sqPqi0OopQgJUlH4wzkGeM5CiyA7XGGtmI,4423
-catocli-2.1.0.dist-info/METADATA,sha256=rgM6HsdOt6uKB67_BPERpphXTyKISRNwIkM3i3deoCo,1286
-catocli-2.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-catocli-2.1.0.dist-info/entry_points.txt,sha256=p4k9Orre6aWcqVrNmBbckmCs39h-1naMxRo2AjWmWZ4,50
-catocli-2.1.0.dist-info/top_level.txt,sha256=F4qSgcjcW5wR9EFrO8Ud06F7ZQGFr04a9qALNQDyVxU,52
-catocli-2.1.0.dist-info/RECORD,,
+catocli-2.1.1.dist-info/METADATA,sha256=-3qr5BfA-dEs1v2rJObAzEwpkdKayegIMCt7ymG1lYs,1286
+catocli-2.1.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+catocli-2.1.1.dist-info/entry_points.txt,sha256=p4k9Orre6aWcqVrNmBbckmCs39h-1naMxRo2AjWmWZ4,50
+catocli-2.1.1.dist-info/top_level.txt,sha256=F4qSgcjcW5wR9EFrO8Ud06F7ZQGFr04a9qALNQDyVxU,52
+catocli-2.1.1.dist-info/RECORD,,

graphql_client/api/call_api.py

@@ -59,9 +59,27 @@ class CallApi(object):
 				header_params['x-api-key'] = self.api_client.configuration.api_key['x-api-key']
 			header_params['User-Agent'] = "Cato-CLI-v"+self.api_client.configuration.version
 		
-		# Add custom headers from configuration
+		# Add custom headers from configuration with proper encoding handling
 		if using_custom_headers:
-			header_params.update(self.api_client.configuration.custom_headers)
+			for key, value in self.api_client.configuration.custom_headers.items():
+				# Ensure header values can be encoded as latin-1 (HTTP header encoding)
+				try:
+					# Try to encode as latin-1 first (HTTP standard)
+					if isinstance(value, str):
+						value.encode('latin-1')
+					header_params[key] = value
+				except UnicodeEncodeError:
+					# If latin-1 encoding fails, encode as UTF-8 and then decode as latin-1
+					# This handles Unicode characters by converting them to percent-encoded format
+					if isinstance(value, str):
+						try:
+							# URL encode problematic Unicode characters
+							import urllib.parse
+							encoded_value = urllib.parse.quote(value, safe=':;=?@&')
+							header_params[key] = encoded_value
+						except Exception:
+							# As a last resort, replace problematic characters
+							header_params[key] = value.encode('ascii', 'replace').decode('ascii')
 
 		if args.get("v")==True:
 			print("Host: ",self.api_client.configuration.host)

schema/catolib.py

@@ -534,6 +534,7 @@ profile_manager = get_profile_manager()
 CATO_DEBUG = bool(os.getenv("CATO_DEBUG", False))
 from ..parsers.raw import raw_parse
 from ..parsers.custom import custom_parse
+from ..parsers.custom_private import private_parse
 from ..parsers.query_siteLocation import query_siteLocation_parse
 """
 	for parserName in parsers:
@@ -563,6 +564,15 @@ def show_version_info(args, configuration=None):
 			print("Unable to check for updates (check your internet connection)")
 	return [{"success": True, "current_version": catocli.__version__, "latest_version": latest_version if not args.current_only else None}]
 
+def load_private_settings():
+	# Load private settings from ~/.cato/settings.json
+	settings_file = os.path.expanduser("~/.cato/settings.json")
+	try:
+		with open(settings_file, 'r') as f:
+			return json.load(f)
+	except (FileNotFoundError, json.JSONDecodeError):
+		return {}
+	
 def get_configuration(skip_api_key=False):
 	configuration = Configuration()
 	configuration.verify_ssl = False
@@ -585,10 +595,13 @@ def get_configuration(skip_api_key=False):
 		print(f"Run 'catocli configure set --profile {profile_name}' to update your credentials.")
 		exit(1)
 	
+	# Use standard endpoint from profile for regular API calls
+	configuration.host = credentials['endpoint']
+		
 	# Only set API key if not using custom headers file
+	# (Private settings are handled separately in createPrivateRequest)
 	if not skip_api_key:
 		configuration.api_key["x-api-key"] = credentials['cato_token']
-	configuration.host = credentials['endpoint']
 	configuration.accountID = credentials['account_id']
 	
 	return configuration
@@ -613,6 +626,7 @@ version_parser.add_argument('--current-only', action='store_true', help='Show on
 version_parser.set_defaults(func=show_version_info)
 
 custom_parsers = custom_parse(subparsers)
+private_parsers = private_parse(subparsers)
 raw_parsers = subparsers.add_parser('raw', help='Raw GraphQL', usage=get_help("raw"))
 raw_parser = raw_parse(raw_parsers)
 query_parser = subparsers.add_parser('query', help='Query', usage='catocli query <operationName> [options]')
@@ -681,6 +695,7 @@ def main(args=None):
 			response = args.func(args, None)
 		else:
 			# Check if using headers file to determine if we should skip API key
+			# Note: Private settings should NOT affect regular API calls - only private commands
 			using_headers_file = hasattr(args, 'headers_file') and args.headers_file
 			
 			# Get configuration from profiles
@@ -694,8 +709,8 @@ def main(args=None):
 				custom_headers.update(parse_headers_from_file(args.headers_file))
 			if custom_headers:
 				configuration.custom_headers.update(custom_headers)
-			# Handle account ID override
-			if args.func.__name__ != "createRawRequest":
+			# Handle account ID override (applies to all commands except raw)
+			if args.func.__name__ not in ["createRawRequest"]:
 				if hasattr(args, 'accountID') and args.accountID is not None:
 					# Command line override takes precedence
 					configuration.accountID = args.accountID
@@ -708,6 +723,9 @@ def main(args=None):
 		else:
 			if response!=None:
 				print(json.dumps(response[0], sort_keys=True, indent=4))
+	except KeyboardInterrupt:
+		print('Operation cancelled by user (Ctrl+C).')
+		exit(130)  # Standard exit code for SIGINT
 	except Exception as e:
 		if isinstance(e, AttributeError):
 			print('Missing arguments. Usage: catocli <operation> -h')
@@ -717,7 +735,7 @@ def main(args=None):
 		else:
 			print('ERROR: ',e)
 			traceback.print_exc()
-		exit(1)
+	exit(1)
 """
 	writeFile("../catocli/Utils/clidriver.py",cliDriverStr)