catocli 3.0.13__py3-none-any.whl → 3.0.18__py3-none-any.whl

catocli/parsers/custom/scim/scim_client.py

@@ -74,6 +74,9 @@ class CatoSCIMClient:
         self.verbose = verbose
         self.call_count = 0
         
+        # Parse accountId and sourceId from the SCIM URL
+        self.account_id, self.source_id = self._parse_scim_url(self.baseurl)
+        
         # Configure module logger
         if isinstance(log_level, int):
             # Backwards compatibility: 0=CRITICAL+1, 1=ERROR, 2=INFO, 3=DEBUG
@@ -93,6 +96,52 @@ class CatoSCIMClient:
             logger.warning("SSL certificate verification is disabled - this is insecure!")
         
         logger.debug(f"Initialized CatoSCIMClient with baseurl: {self.baseurl}")
+        logger.debug(f"Parsed accountId: {self.account_id}, sourceId: {self.source_id}")
+
+    def _parse_scim_url(self, scim_url):
+        """
+        Parse accountId and sourceId from SCIM URL.
+        
+        Args:
+            scim_url: SCIM URL in format https://scimservice.catonetworks.com:4443/scim/v2/{accountId}/{sourceId}
+        
+        Returns:
+            tuple: (account_id, source_id)
+        
+        Raises:
+            ValueError: If URL format is invalid
+        """
+        if not scim_url:
+            raise ValueError("SCIM URL is required")
+        
+        try:
+            parsed = urllib.parse.urlparse(scim_url)
+            path_parts = parsed.path.strip('/').split('/')
+            
+            # Expected path: ['scim', 'v2', 'accountId', 'sourceId']
+            if len(path_parts) < 4 or path_parts[0] != 'scim' or path_parts[1] != 'v2':
+                raise ValueError(
+                    f"Invalid SCIM URL format. Expected: https://scimservice.catonetworks.com:4443/scim/v2/{{accountId}}/{{sourceId}}, "
+                    f"got: {scim_url}"
+                )
+            
+            account_id = path_parts[2]
+            source_id = path_parts[3]
+            
+            # Validate that they are numeric (optional, but helpful for catching errors)
+            try:
+                int(account_id)
+                int(source_id)
+            except ValueError:
+                logger.warning(f"Non-numeric accountId ({account_id}) or sourceId ({source_id}) in SCIM URL: {scim_url}")
+            
+            return account_id, source_id
+            
+        except (IndexError, AttributeError) as e:
+            raise ValueError(
+                f"Failed to parse SCIM URL: {scim_url}. "
+                f"Expected format: https://scimservice.catonetworks.com:4443/scim/v2/{{accountId}}/{{sourceId}}"
+            ) from e
 
     def send(self, method="GET", path="/", request_data=None):
         """
@@ -477,27 +526,74 @@ class CatoSCIMClient:
 
         return True, groups
 
-    def get_user(self, userid):
+    def get_user(self, userid, excluded_attributes=None):
         """
         Gets a user by their ID.
         
         Args:
             userid: SCIM user ID to retrieve
+            excluded_attributes: Optional comma-separated list of attributes to exclude
         
         Returns:
             Tuple of (success_boolean, user_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
         logger.info(f'Getting user: {userid}')
-        return self.send("GET", f'/Users/{userid}')
+        
+        # Build query parameters if excluded_attributes is provided
+        path = f'/Users/{userid}'
+        if excluded_attributes:
+            path += f'?excludedAttributes={urllib.parse.quote(excluded_attributes)}'
+        
+        return self.send("GET", path)
 
-    def get_users(self):
+    def get_users(self, count=None, start_index=None, params=None):
         """
-        Returns all users.
+        Returns users with optional pagination and filtering support.
+        
+        Args:
+            count: Optional maximum number of users to return
+            start_index: Optional starting index for pagination (1-based)
+            params: Optional additional query parameters
         
         Returns:
-            Tuple of (success_boolean, list_of_users)
+            Tuple of (success_boolean, list_of_users_or_paginated_response)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
-        logger.info('Fetching all users')
+        logger.info('Fetching users')
+        
+        # If specific pagination parameters are provided, return paginated response
+        if count is not None or start_index is not None:
+            # Build query parameters
+            query_params = []
+            if count is not None:
+                query_params.append(f'count={count}')
+            if start_index is not None:
+                query_params.append(f'startIndex={start_index}')
+            
+            # Add any additional params
+            if params and isinstance(params, dict):
+                for key, value in params.items():
+                    query_params.append(f'{key}={urllib.parse.quote(str(value))}')
+            
+            query_string = '&'.join(query_params)
+            path = f'/Users?{query_string}' if query_string else '/Users'
+            
+            logger.debug(f'Sending paginated users request: {path}')
+            success, response = self.send("GET", path)
+            
+            if success:
+                # Return the full paginated response format
+                return True, response
+            else:
+                logger.error(f'Error retrieving users: {response}')
+                return False, response
+        
+        # Default behavior: fetch all users (backward compatibility)
         users = []
         iteration = 0
         while True:
@@ -609,27 +705,34 @@ class CatoSCIMClient:
         
         Returns:
             Tuple of (success_boolean, response_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
         logger.info(f'Updating user {userid}')
 
+        if user_data is None:
+            raise ValueError("user_data is required")
+
         # Send the request
         success, result = self.send("PUT", f'/Users/{userid}', user_data)
         return success, result
 
-    def patch_user(self, user_id, account_id, source_id, patch_request):
+    def patch_user(self, user_id, patch_request):
         """
-        Patch a SCIM user with partial updates (PATCH operation) using the full API schema.
+        Patch a SCIM user with partial updates (PATCH operation).
         
         Args:
             user_id: SCIM user ID to patch
-            account_id: SCIM account identifier
-            source_id: SCIM source identifier
             patch_request: PatchRequestDTO containing Operations array
         
         Returns:
             Tuple of (success_boolean, response_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
-        logger.info(f'Patching user {user_id} in account {account_id}, source {source_id}')
+        logger.info(f'Patching user {user_id} in account {self.account_id}, source {self.source_id}')
 
         # The SCIM API expects the full path format: /scim/v2/{accountId}/{sourceId}/Users/{id}
         # But our base URL already includes the /scim/v2/{accountId}/{sourceId} part,
@@ -638,19 +741,20 @@ class CatoSCIMClient:
         success, result = self.send("PATCH", path, patch_request)
         return success, result
 
-    def delete_user(self, user_id, account_id, source_id):
+    def delete_user(self, user_id):
         """
-        Delete a SCIM user (DELETE operation) using the full API schema.
+        Delete a SCIM user (DELETE operation).
         
         Args:
             user_id: SCIM user ID to delete
-            account_id: SCIM account identifier  
-            source_id: SCIM source identifier
         
         Returns:
             Tuple of (success_boolean, response_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
-        logger.info(f'Deleting user {user_id} in account {account_id}, source {source_id}')
+        logger.info(f'Deleting user {user_id} in account {self.account_id}, source {self.source_id}')
 
         # The SCIM API expects the full path format: /scim/v2/{accountId}/{sourceId}/Users/{id}
         # But our base URL already includes the /scim/v2/{accountId}/{sourceId} part,
@@ -659,20 +763,21 @@ class CatoSCIMClient:
         success, result = self.send("DELETE", path)
         return success, result
 
-    def patch_group(self, group_id, account_id, source_id, patch_request):
+    def patch_group(self, group_id, patch_request):
         """
-        Patch a SCIM group with partial updates (PATCH operation) using the full API schema.
+        Patch a SCIM group with partial updates (PATCH operation).
         
         Args:
             group_id: SCIM group ID to patch
-            account_id: SCIM account identifier
-            source_id: SCIM source identifier
             patch_request: PatchRequestDTO containing Operations array
         
         Returns:
             Tuple of (success_boolean, response_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
-        logger.info(f'Patching group {group_id} in account {account_id}, source {source_id}')
+        logger.info(f'Patching group {group_id} in account {self.account_id}, source {self.source_id}')
 
         # The SCIM API expects the full path format: /scim/v2/{accountId}/{sourceId}/Groups/{id}
         # But our base URL already includes the /scim/v2/{accountId}/{sourceId} part,
@@ -681,19 +786,20 @@ class CatoSCIMClient:
         success, result = self.send("PATCH", path, patch_request)
         return success, result
 
-    def delete_group(self, group_id, account_id, source_id):
+    def delete_group(self, group_id):
         """
-        Delete a SCIM group (DELETE operation) using the full API schema.
+        Delete a SCIM group (DELETE operation).
         
         Args:
             group_id: SCIM group ID to delete
-            account_id: SCIM account identifier  
-            source_id: SCIM source identifier
         
         Returns:
             Tuple of (success_boolean, response_data)
+        
+        Note:
+            accountId and sourceId are automatically extracted from the SCIM URL in credentials
         """
-        logger.info(f'Deleting group {group_id} in account {account_id}, source {source_id}')
+        logger.info(f'Deleting group {group_id} in account {self.account_id}, source {self.source_id}')
 
         # The SCIM API expects the full path format: /scim/v2/{accountId}/{sourceId}/Groups/{id}
         # But our base URL already includes the /scim/v2/{accountId}/{sourceId} part,

catocli/parsers/custom/scim/scim_commands.py

@@ -598,24 +598,17 @@ def scim_get_user(args, configuration=None):
             
         # Extract required path parameters
         user_id = json_data.get('user_id') or json_data.get('id')
-        source_id = json_data.get('source_id')
         
         # Extract optional query parameters
         excluded_attributes = json_data.get('excluded_attributes')
         
-        # Get accountID from configuration
-        account_id = getattr(args, 'accountID', None) or getattr(configuration, 'accountID', None) if configuration else None
-        
         if not user_id:
             return handle_scim_error("Missing required field: user_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing accountID. Please ensure your Cato configuration is set up correctly.", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.get_user(user_id, account_id, source_id, excluded_attributes)
+        success, result = client.get_user(user_id, excluded_attributes)
         
         return format_scim_response(
             success, result, f"Get user {user_id}",
@@ -637,25 +630,15 @@ def scim_get_users(args, configuration=None):
             except json.JSONDecodeError as e:
                 return handle_scim_error(f"Invalid JSON input: {e}", args.verbose)
         
-        # Extract required path parameters
-        source_id = json_data.get('source_id')
-        
         # Extract optional query parameters
         count = json_data.get('count')
         start_index = json_data.get('start_index') or json_data.get('startIndex')
         params = json_data.get('params', {})
         
-        # Get accountID from configuration
-        account_id = getattr(args, 'accountID', None) or getattr(configuration, 'accountID', None) if configuration else None
-        
-        if not account_id:
-            return handle_scim_error("Missing accountID. Please ensure your Cato configuration is set up correctly.", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
-        
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.get_users(account_id, source_id, count, start_index, params)
+        success, result = client.get_users(count, start_index, params)
         
         if success:
             # Handle both direct array response and ListResponse format
@@ -839,16 +822,10 @@ def scim_update_user(args, configuration=None):
         
         # Extract required path parameters
         user_id = json_data.get('user_id') or json_data.get('id')
-        account_id = json_data.get('account_id')
-        source_id = json_data.get('source_id')
         user_data = json_data.get('user_data', json_data)
         
         if not user_id:
             return handle_scim_error("Missing required field: user_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing required field: account_id", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         if not user_data:
             return handle_scim_error("Missing required field: user_data", args.verbose)
         
@@ -857,8 +834,9 @@ def scim_update_user(args, configuration=None):
             return handle_scim_error("User data must be a JSON object", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.update_user(user_id, account_id, source_id, user_data)
+        success, result = client.update_user(user_id, user_data)
         
         return format_scim_response(
             success, result, f"Update user {user_id}",
@@ -890,18 +868,12 @@ def scim_patch_user(args, configuration=None):
         
         # Extract required path parameters
         user_id = json_data.get('user_id') or json_data.get('id')
-        account_id = json_data.get('account_id')
-        source_id = json_data.get('source_id')
         
         # Extract patch request data
         patch_data = json_data.get('patch_data', json_data)
         
         if not user_id:
             return handle_scim_error("Missing required field: user_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing required field: account_id", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         
         # Build PatchRequestDTO according to swagger schema
         patch_request = {
@@ -930,8 +902,9 @@ def scim_patch_user(args, configuration=None):
                 return handle_scim_error(f"Operation {i+1}: Invalid operation '{op['op']}'. Must be 'add', 'remove', or 'replace'", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.patch_user(user_id, account_id, source_id, patch_request)
+        success, result = client.patch_user(user_id, patch_request)
         
         return format_scim_response(
             success, result, f"Patch user {user_id}",
@@ -963,19 +936,14 @@ def scim_delete_user(args, configuration=None):
         
         # Extract required path parameters
         user_id = json_data.get('user_id') or json_data.get('id')
-        account_id = json_data.get('account_id')
-        source_id = json_data.get('source_id')
         
         if not user_id:
             return handle_scim_error("Missing required field: user_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing required field: account_id", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.delete_user(user_id, account_id, source_id)
+        success, result = client.delete_user(user_id)
         
         return format_scim_response(
             success, result, f"Delete user {user_id}",
@@ -1007,18 +975,12 @@ def scim_patch_group(args, configuration=None):
         
         # Extract required path parameters
         group_id = json_data.get('group_id') or json_data.get('id')
-        account_id = json_data.get('account_id')
-        source_id = json_data.get('source_id')
         
         # Extract patch request data
         patch_data = json_data.get('patch_data', json_data)
         
         if not group_id:
             return handle_scim_error("Missing required field: group_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing required field: account_id", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         
         # Build PatchRequestDTO according to swagger schema
         patch_request = {
@@ -1047,8 +1009,9 @@ def scim_patch_group(args, configuration=None):
                 return handle_scim_error(f"Operation {i+1}: Invalid operation '{op['op']}'. Must be 'add', 'remove', or 'replace'", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.patch_group(group_id, account_id, source_id, patch_request)
+        success, result = client.patch_group(group_id, patch_request)
         
         return format_scim_response(
             success, result, f"Patch group {group_id}",
@@ -1080,19 +1043,14 @@ def scim_delete_group(args, configuration=None):
         
         # Extract required path parameters
         group_id = json_data.get('group_id') or json_data.get('id')
-        account_id = json_data.get('account_id')
-        source_id = json_data.get('source_id')
         
         if not group_id:
             return handle_scim_error("Missing required field: group_id (or id)", args.verbose)
-        if not account_id:
-            return handle_scim_error("Missing required field: account_id", args.verbose)
-        if not source_id:
-            return handle_scim_error("Missing required field: source_id", args.verbose)
         
         # Get SCIM client and execute operation
+        # accountId and sourceId are automatically extracted from the SCIM URL in credentials
         client = get_scim_client(verbose=hasattr(args, 'verbose') and args.verbose)
-        success, result = client.delete_group(group_id, account_id, source_id)
+        success, result = client.delete_group(group_id)
         
         return format_scim_response(
             success, result, f"Delete group {group_id}",

catocli/parsers/customParserApiClient.py

@@ -754,6 +754,13 @@ def get_help_enhanced(path):
     doc = f"{path}/README.md"
     abs_path = os.path.join(pwd, doc)
     
+    # If not found, try custom path (for commands like query_eventsFeed)
+    if not os.path.exists(abs_path):
+        custom_doc = f"custom/{path}/README.md"
+        custom_abs_path = os.path.join(pwd, custom_doc)
+        if os.path.exists(custom_abs_path):
+            abs_path = custom_abs_path
+    
     try:
         with open(abs_path, "r", encoding='utf-8') as f:
             content = f.read()

catocli/parsers/query_accountMetrics/README.md

@@ -44,19 +44,19 @@ catocli query accountMetrics '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.accountMetrics ####

catocli/parsers/query_appStats/README.md

@@ -115,19 +115,19 @@ catocli query appStats '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.appStats ####

catocli/parsers/query_appStatsTimeSeries/README.md

@@ -72,7 +72,7 @@ catocli query appStatsTimeSeries '{
             "fieldName": "traffic"
         }
     ],
-    "timeFrame": "last.PT1H"
+    "timeFrame": "last.P1D"
 }'
 ```
 
@@ -124,19 +124,19 @@ catocli query appStatsTimeSeries '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.appStatsTimeSeries ####

catocli/parsers/query_auditFeed/README.md

@@ -40,19 +40,19 @@ catocli query auditFeed '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.auditFeed ####

catocli/parsers/query_events/README.md

@@ -46,19 +46,19 @@ catocli query events '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.events ####

catocli/parsers/query_eventsTimeSeries/README.md

@@ -44,19 +44,19 @@ catocli query eventsTimeSeries '{
 The `timeFrame` parameter supports both relative time ranges and absolute date ranges:
 
 **Relative Time Ranges:**
-- `"last.PT5M"` = Previous 5 minutes
-- `"last.PT1H"` = Previous 1 hour  
-- `"last.P1D"` = Previous 1 day
-- `"last.P14D"` = Previous 14 days
-- `"last.P1M"` = Previous 1 month
+- "last.PT5M" = Previous 5 minutes
+- "last.PT1H" = Previous 1 hour  
+- "last.P1D" = Previous 1 day
+- "last.P14D" = Previous 14 days
+- "last.P1M" = Previous 1 month
 
 **Absolute Date Ranges:**
 Format: `"utc.YYYY-MM-{DD/HH:MM:SS--DD/HH:MM:SS}"`
 
-- Single day: `"utc.2023-02-{28/00:00:00--28/23:59:59}"`
-- Multiple days: `"utc.2023-02-{25/00:00:00--28/23:59:59}"`  
-- Specific hours: `"utc.2023-02-{28/09:00:00--28/17:00:00}"`
-- Across months: `"utc.2023-{01-28/00:00:00--02-03/23:59:59}"`
+- Single day: "utc.2023-02-{28/00:00:00--28/23:59:59}"  
+- Multiple days: "utc.2023-02-{25/00:00:00--28/23:59:59}"  
+- Specific hours: "utc.2023-02-{28/09:00:00--28/17:00:00}"
+- Across months: "utc.2023-{01-28/00:00:00--02-03/23:59:59}"
 
 
 #### Operation Arguments for query.eventsTimeSeries ####