cmem-cmemc 25.5.0rc1__py3-none-any.whl → 26.1.0rc1__py3-none-any.whl

cmem_cmemc/commands/acl.py

@@ -1,8 +1,11 @@
 """access control"""
 
+import json
+import os
+
 import click
 import requests.exceptions
-from click import Option
+from click import Context, Option
 from cmem.cmempy.dp.authorization.conditions import (
     create_access_condition,
     delete_access_condition,
@@ -12,12 +15,21 @@ from cmem.cmempy.dp.authorization.conditions import (
     update_access_condition,
 )
 from cmem.cmempy.keycloak.user import get_user_by_username, user_groups
+from jinja2 import Template
 
 from cmem_cmemc import completion
 from cmem_cmemc.command import CmemcCommand
 from cmem_cmemc.command_group import CmemcGroup
 from cmem_cmemc.constants import NS_ACL, NS_ACTION, NS_GROUP, NS_USER
-from cmem_cmemc.context import ApplicationContext
+from cmem_cmemc.context import ApplicationContext, build_caption
+from cmem_cmemc.object_list import (
+    DirectListPropertyFilter,
+    DirectMultiValuePropertyFilter,
+    DirectValuePropertyFilter,
+    ObjectList,
+)
+from cmem_cmemc.parameter_types.path import ClickSmartPath
+from cmem_cmemc.smart_path import SmartPath as Path
 from cmem_cmemc.utils import (
     convert_iri_to_qname,
     convert_qname_to_iri,
@@ -51,6 +63,10 @@ HELP_TEXTS = {
         "end of the pattern or the wildcard alone."
     ),
     "query": "Dynamic access condition query (file or the query catalog IRI).",
+    "replace": (
+        "Replace (overwrite) existing access condition, if present. "
+        "Can be used only in combination with '--id'."
+    ),
 }
 
 WARNING_UNKNOWN_USER = "Unknown User or no access to get user info."
@@ -113,6 +129,96 @@ def generate_acl_name(user: str | None, groups: list[str], query: str | None) ->
     return "Condition for ALL users"
 
 
+def get_acls(ctx: Context) -> list[dict]:  # noqa: ARG001
+    """Get access conditions for object list"""
+    return fetch_all_acls()  # type: ignore[no-any-return]
+
+
+acl_list = ObjectList(
+    name="access conditions",
+    get_objects=get_acls,
+    filters=[
+        DirectMultiValuePropertyFilter(
+            name="ids",
+            description="Access conditions with a specific ID.",
+            property_key="iri",
+        ),
+        DirectValuePropertyFilter(
+            name="name",
+            description="List only access conditions with a specific name.",
+            property_key="name",
+        ),
+        DirectValuePropertyFilter(
+            name="user",
+            description="List only access conditions that require a specific user account.",
+            property_key="requiresAccount",
+        ),
+        DirectListPropertyFilter(
+            name="group",
+            description="List only access conditions that require membership in a specific group.",
+            property_key="requiresGroup",
+        ),
+        DirectListPropertyFilter(
+            name="read-graph",
+            description="List only access conditions that grant read access to a specific graph.",
+            property_key="readableGraphs",
+        ),
+        DirectListPropertyFilter(
+            name="write-graph",
+            description="List only access conditions that grant write access to a specific graph.",
+            property_key="writableGraphs",
+        ),
+    ],
+)
+
+
+def _validate_acl_ids(access_condition_ids: tuple[str, ...]) -> None:
+    """Validate that all provided access condition IDs exist."""
+    if not access_condition_ids:
+        return
+    all_acls = fetch_all_acls()
+    all_iris = {acl["iri"] for acl in all_acls}
+    for acl_id in access_condition_ids:
+        iri = convert_qname_to_iri(qname=acl_id, default_ns=NS_ACL)
+        if iri not in all_iris:
+            raise click.ClickException(
+                f"Access condition {acl_id} not available. Use the 'admin acl list' "
+                "command to get a list of existing access conditions."
+            )
+
+
+def _get_acls_to_delete(
+    ctx: Context,
+    access_condition_ids: tuple[str, ...],
+    all_: bool,
+    filter_: tuple[tuple[str, str], ...],
+) -> list[dict]:
+    """Get the list of access conditions to delete based on selection method."""
+    if all_:
+        # Get all access conditions
+        return fetch_all_acls()  # type: ignore[no-any-return]
+
+    # Validate provided IDs exist before proceeding
+    _validate_acl_ids(access_condition_ids)
+
+    # Build filter list
+    filter_to_apply = list(filter_) if filter_ else []
+
+    # Add IDs if provided (using internal multi-value filter)
+    if access_condition_ids:
+        iris = [convert_qname_to_iri(qname=_, default_ns=NS_ACL) for _ in access_condition_ids]
+        filter_to_apply.append(("ids", ",".join(iris)))
+
+    # Apply filters
+    acls = acl_list.apply_filters(ctx=ctx, filter_=filter_to_apply)
+
+    # Validation: ensure we found access conditions
+    if not acls and not access_condition_ids:
+        raise click.ClickException("No access conditions found matching the provided filters.")
+
+    return acls
+
+
 @click.command(cls=CmemcCommand, name="list")
 @click.option("--raw", is_flag=True, help="Outputs raw JSON.")
 @click.option(
@@ -120,20 +226,29 @@ def generate_acl_name(user: str | None, groups: list[str], query: str | None) ->
     is_flag=True,
     help="Lists only URIs. This is useful for piping the IDs into other commands.",
 )
-@click.pass_obj
-def list_command(app: ApplicationContext, raw: bool, id_only: bool) -> None:
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    multiple=True,
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+)
+@click.pass_context
+def list_command(ctx: Context, raw: bool, id_only: bool, filter_: tuple[tuple[str, str]]) -> None:
     """List access conditions.
 
     This command retrieves and lists all access conditions, which are manageable
     by the current account.
     """
-    acls = fetch_all_acls()
+    app: ApplicationContext = ctx.obj
+    acls = acl_list.apply_filters(ctx=ctx, filter_=filter_)
     if raw:
         app.echo_info_json(acls)
         return
     if id_only:
-        for graph in acls:
-            app.echo_info(convert_iri_to_qname(iri=graph.get("iri"), default_ns=NS_ACL))
+        for _ in acls:
+            app.echo_info(convert_iri_to_qname(iri=_.get("iri"), default_ns=NS_ACL))
         return
     table = [
         (convert_iri_to_qname(iri=_.get("iri"), default_ns=NS_ACL), _.get("name", "-"))
@@ -143,6 +258,7 @@ def list_command(app: ApplicationContext, raw: bool, id_only: bool) -> None:
         table,
         headers=["URI", "Name"],
         sort_column=0,
+        caption=build_caption(len(table), "access condition"),
         empty_table_message="No access conditions found. "
         "Use the `admin acl create` command to create a new access condition.",
     )
@@ -255,8 +371,8 @@ def inspect_command(app: ApplicationContext, access_condition_id: str, raw: bool
     type=click.STRING,
     help=HELP_TEXTS["description"],
 )
+@click.option("--replace", is_flag=True, help=HELP_TEXTS["replace"])
 @click.pass_obj
-# pylint: disable-msg=too-many-arguments
 def create_command(  # noqa: PLR0913
     app: ApplicationContext,
     name: str,
@@ -271,6 +387,7 @@ def create_command(  # noqa: PLR0913
     write_graph_patterns: tuple[str],
     action_patterns: tuple[str],
     query: str,
+    replace: bool,
 ) -> None:
     """Create an access condition.
 
@@ -293,6 +410,9 @@ def create_command(  # noqa: PLR0913
 
     Example: cmemc admin acl create --group local-users --write-graph https://example.org/
     """
+    if replace and not id_:
+        raise click.UsageError("To replace an access condition, you must specify an ID.")
+
     if (
         not read_graphs
         and not write_graphs
@@ -312,7 +432,7 @@ def create_command(  # noqa: PLR0913
         query_str = get_query_text(query, {"user", "group", "readGraph", "writeGraph"})
 
     if not user and not groups and not query:
-        app.echo_warning("Access conditions without a user or group assignment affect ALL users.")
+        app.echo_warning("Access conditions without a user or group assignment affects ALL users.")
 
     if not name:
         name = generate_acl_name(user=user, groups=groups, query=query)
@@ -320,11 +440,11 @@ def create_command(  # noqa: PLR0913
     if not description:
         description = "This access condition was created with cmemc."
 
-    app.echo_info(
-        f"Creating access condition '{name}' ... ",
-        nl=False,
-    )
-
+    if replace and NS_ACL + id_ in [_["iri"] for _ in fetch_all_acls()]:
+        app.echo_info(f"Replacing access condition '{id_}' ... ", nl=False)
+        delete_access_condition(iri=NS_ACL + id_)
+    else:
+        app.echo_info(f"Creating access condition '{name}' ... ", nl=False)
     create_access_condition(
         name=name,
         static_id=id_,
@@ -431,7 +551,6 @@ def create_command(  # noqa: PLR0913
     help=HELP_TEXTS["query"],
 )
 @click.pass_obj
-# pylint: disable-msg=too-many-arguments
 def update_command(  # noqa: PLR0913
     app: ApplicationContext,
     access_condition_id: str,
@@ -480,6 +599,14 @@ def update_command(  # noqa: PLR0913
 
 
 @click.command(cls=CmemcCommand, name="delete")
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+    multiple=True,
+)
 @click.option(
     "-a",
     "--all",
@@ -493,27 +620,275 @@ def update_command(  # noqa: PLR0913
     type=click.STRING,
     shell_complete=completion.acl_ids,
 )
-@click.pass_obj
-def delete_command(app: ApplicationContext, all_: bool, access_condition_ids: list[str]) -> None:
+@click.pass_context
+def delete_command(
+    ctx: Context, access_condition_ids: tuple[str], filter_: tuple[tuple[str, str]], all_: bool
+) -> None:
     """Delete access conditions.
 
     This command deletes existing access conditions from the account.
 
-    Note: Access conditions can be listed by using the `cmemc admin acs list` command.
+    Warning: Access conditions will be deleted without prompting.
+
+    Note: Access conditions can be listed by using the `admin acl list` command.
     """
-    if access_condition_ids == () and not all_:
+    app: ApplicationContext = ctx.obj
+
+    # Validation: require at least one selection method
+    if not access_condition_ids and not filter_ and not all_:
         raise click.UsageError(
-            "Either specify at least one access condition ID,"
-            " or use the --all option to delete all access conditions."
+            "Either provide at least one access condition ID, a filter, or use the --all flag."
         )
+
+    if access_condition_ids and (all_ or filter_):
+        raise click.UsageError(
+            "Either specify access condition IDs OR use a --filter or the --all option."
+        )
+
+    # Get access conditions to delete based on selection method
+    acls_to_delete = _get_acls_to_delete(ctx, access_condition_ids, all_, filter_)
+
+    # Avoid double removal as well as sort IRIs
+    iris_to_delete = sorted({acl["iri"] for acl in acls_to_delete}, key=lambda v: v.lower())
+    count = len(iris_to_delete)
+
+    # Delete each access condition
+    for current, iri in enumerate(iris_to_delete, start=1):
+        current_string = str(current).zfill(len(str(count)))
+        app.echo_info(f"Delete access condition {current_string}/{count}: {iri} ... ", nl=False)
+        delete_access_condition(iri=iri)
+        app.echo_success("deleted")
+
+
+@click.command(cls=CmemcCommand, name="export")
+@click.option(
+    "-a",
+    "--all",
+    "all_",
+    is_flag=True,
+    help="Export all access conditions.",
+)
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+    multiple=True,
+)
+@click.option(
+    "--output-file",
+    type=ClickSmartPath(writable=True, allow_dash=True, dir_okay=False),
+    help="Export to this file. Use '-' for stdout. "
+    "If specified, overrides --output-dir and --filename-template.",
+)
+@click.option(
+    "--output-dir",
+    default=".",
+    show_default=True,
+    type=ClickSmartPath(writable=True, file_okay=False),
+    help="The base directory, where the ACL files will be created. "
+    "If this directory does not exist, it will be silently created. "
+    "Ignored if --output-file is specified.",
+)
+@click.option(
+    "--filename-template",
+    "-t",
+    "template",
+    default="{{date}}-{{connection}}.acls.json",
+    show_default=True,
+    type=click.STRING,
+    help="Template for the export file name(s). Possible placeholders are (Jinja2): "
+    "{{connection}} (from the --connection option) and "
+    "{{date}} (the current date as YYYY-MM-DD). "
+    "Needed directories will be created. "
+    "Ignored if --output-file is specified.",
+)
+@click.option(
+    "--replace",
+    is_flag=True,
+    help="Replace existing files. This is a dangerous option, so use it with care.",
+)
+@click.argument(
+    "access_condition_ids",
+    nargs=-1,
+    type=click.STRING,
+    shell_complete=completion.acl_ids,
+)
+@click.pass_context
+def export_command(  # noqa: PLR0913
+    ctx: Context,
+    all_: bool,
+    filter_: tuple[tuple[str, str]],
+    output_file: str | None,
+    output_dir: str,
+    template: str,
+    replace: bool,
+    access_condition_ids: tuple[str],
+) -> None:
+    """Export access conditions to a JSON file.
+
+    Access conditions can be exported based on IDs, filters, or all at once.
+    The exported JSON can be imported back using the `acl import` command.
+
+    By default, uses template-based file naming with the current date and connection name.
+    You can override this by specifying an explicit output file path with --output-file.
+
+    Example: cmemc admin acl export --all
+
+    Example: cmemc admin acl export --all --output-file acls.json
+
+    Example: cmemc admin acl export --filter group local-users
+
+    Example: cmemc admin acl export :my-acl-iri
+    """
+    app: ApplicationContext = ctx.obj
+
+    if not access_condition_ids and not filter_ and not all_:
+        raise click.UsageError(
+            "Either provide at least one access condition ID, a filter, or use the --all flag."
+        )
+
     if all_:
-        access_condition_ids = [_["iri"] for _ in fetch_all_acls()]
+        acls_to_export = fetch_all_acls()
+    else:
+        # Apply user-provided filters first
+        filter_to_apply = list(filter_) if filter_ else []
+
+        # If IDs provided, add internal list-of-ids filter (with OR logic)
+        if access_condition_ids:
+            iris = [convert_qname_to_iri(qname=_, default_ns=NS_ACL) for _ in access_condition_ids]
+            filter_to_apply.append(("ids", ",".join(iris)))
+
+        acls_to_export = acl_list.apply_filters(ctx=ctx, filter_=filter_to_apply)
 
-    count = len(access_condition_ids)
-    for index, _ in enumerate(access_condition_ids, 1):
-        app.echo_info(f"Delete access condition {index}/{count}: {_} ... ", nl=False)
-        delete_access_condition(iri=convert_qname_to_iri(qname=_, default_ns=NS_ACL))
+    if not acls_to_export:
+        raise click.ClickException("No access conditions found to export.")
+
+    count = len(acls_to_export)
+    output = json.dumps(acls_to_export, indent=2)
+
+    # Handle stdout special case early
+    if output_file == "-":
+        click.echo(output)
+        return
+
+    # Determine output path based on mode
+    if output_file:
+        # Mode 1: Explicit output file (overrides template parameters)
+        export_path = output_file
+    else:
+        # Mode 2: Template-based output (default)
+        template_data = app.get_template_data()
+        local_name = Template(template).render(template_data)
+        export_path = os.path.normpath(str(Path(output_dir) / local_name))
+        # Create parent directory if needed (only in template mode)
+        Path(export_path).parent.mkdir(exist_ok=True, parents=True)
+
+    # Write to file
+    app.echo_info(f"Exporting {count} access condition(s) to {export_path} ... ", nl=False)
+    if Path(export_path).exists() and replace is not True:
+        app.echo_error("file exists")
+        return
+
+    with click.open_file(export_path, "w") as f:
+        f.write(output)
+    app.echo_success("done")
+
+
+@click.command(cls=CmemcCommand, name="import")
+@click.option(
+    "--replace",
+    is_flag=True,
+    help="Replace existing access conditions with the same IRI. "
+    "By default, import will fail if an access condition already exists.",
+)
+@click.argument(
+    "input_file",
+    required=True,
+    type=ClickSmartPath(readable=True, allow_dash=False, dir_okay=False),
+    shell_complete=completion.acl_files,
+)
+@click.pass_context
+def import_command(ctx: Context, replace: bool, input_file: str) -> None:
+    """Import access conditions from a JSON file.
+
+    This command imports access conditions from a JSON file that was created
+    using the `acl export` command.
+
+    If --replace is specified, existing access conditions with matching IRIs
+    will be deleted before importing. Otherwise, the import will skip if an
+    access condition with the same IRI already exists.
+
+    Example: cmemc admin acl import acls.json
+
+    Example: cmemc admin acl import --replace acls.json
+    """
+    app: ApplicationContext = ctx.obj
+
+    # Read and parse JSON file
+    try:
+        with click.open_file(input_file, "r") as f:
+            acls_to_import = json.load(f)
+    except json.JSONDecodeError as e:
+        raise click.ClickException(f"Invalid JSON file: {e}") from e
+
+    if not isinstance(acls_to_import, list):
+        raise click.ClickException("JSON file must contain a list of access conditions.")
+
+    if not acls_to_import:
+        app.echo_warning("No access conditions found in file.")
+        return
+
+    existing_acls = {acl["iri"]: acl for acl in fetch_all_acls()}
+    count = len(acls_to_import)
+    imported = 0
+    skipped = 0
+
+    for current, acl_data in enumerate(acls_to_import, start=1):
+        iri = acl_data.get("iri")
+        name = acl_data.get("name", "Unnamed")
+
+        if not iri:
+            app.echo_warning(f"Skipping ACL {current}/{count}: missing IRI")
+            skipped += 1
+            continue
+
+        # Extract ID from IRI
+        acl_id = iri.split("/")[-1]
+
+        app.echo_info(f"Import ACL {current}/{count}: {name} ({acl_id}) ... ", nl=False)
+
+        # Check if already exists
+        if iri in existing_acls:
+            if replace:
+                app.echo_info("replacing ... ", nl=False)
+                delete_access_condition(iri=iri)
+            else:
+                app.echo_warning("skipped (already exists)")
+                skipped += 1
+                continue
+
+        # Create the access condition
+        create_access_condition(
+            name=acl_data.get("name", "Imported ACL"),
+            static_id=acl_id,
+            description=acl_data.get("comment", "Created with cmemc"),
+            user=acl_data.get("requiresAccount"),
+            groups=acl_data.get("requiresGroup", []),
+            read_graphs=acl_data.get("readableGraphs", []),
+            write_graphs=acl_data.get("writableGraphs", []),
+            actions=acl_data.get("allowedActions", []),
+            read_graph_patterns=acl_data.get("grantReadPatterns", []),
+            write_graph_patterns=acl_data.get("grantWritePatterns", []),
+            action_patterns=acl_data.get("grantAllowedActions", []),
+            query=None,  # Queries not supported in import
+        )
         app.echo_success("done")
+        imported += 1
+
+    # Summary
+    app.echo_info(f"Import complete: {imported} imported, {skipped} skipped")
 
 
 @click.command(name="review")
@@ -581,4 +956,6 @@ acl.add_command(inspect_command)
 acl.add_command(create_command)
 acl.add_command(update_command)
 acl.add_command(delete_command)
+acl.add_command(export_command)
+acl.add_command(import_command)
 acl.add_command(review_command)

cmem_cmemc/commands/admin.py

@@ -4,12 +4,11 @@ from datetime import datetime, timezone
 
 import click
 import jwt
-import timeago
-from click import ClickException
 from cmem.cmempy.api import get_access_token, get_token
 from cmem.cmempy.config import get_cmem_base_uri
 from cmem.cmempy.health import get_complete_status_info
 from dateutil.relativedelta import relativedelta
+from humanize import naturaltime
 
 from cmem_cmemc import completion
 from cmem_cmemc.command import CmemcCommand
@@ -22,6 +21,7 @@ from cmem_cmemc.commands.store import store
 from cmem_cmemc.commands.user import user
 from cmem_cmemc.commands.workspace import workspace
 from cmem_cmemc.context import ApplicationContext
+from cmem_cmemc.exceptions import CmemcError
 from cmem_cmemc.utils import struct_to_table
 
 WARNING_MIGRATION = (
@@ -45,7 +45,7 @@ def _check_cmem_license(app: ApplicationContext, data: dict, exit_1: str) -> Non
         cmem_license_end = license_["validDate"]
         output = f"Your Corporate Memory license expired on {cmem_license_end}."
         if exit_1 in ("error", "always"):
-            raise ClickException(output)
+            raise CmemcError(output)
         app.echo_error(output)
 
 
@@ -61,7 +61,7 @@ def _check_graphdb_license(app: ApplicationContext, data: dict, months: int, exi
         graphdb_license_end = data["explore"]["info"]["store"]["licenseExpiration"]
         output = f"Your GraphDB license expires on {graphdb_license_end}."
         if exit_1 == "always":
-            raise ClickException(output)
+            raise CmemcError(output)
         app.echo_warning(output)
 
 
@@ -125,7 +125,7 @@ def status_command(  # noqa: C901, PLR0912
         app.echo_debug(_["explore"]["error"])
 
     if exit_1 in ("always", "error") and (_["overall"]["healthy"] != "UP"):
-        raise ClickException(
+        raise CmemcError(
             f"One or more major status flags are DOWN or UNKNOWN: {_!r}",
         )
     if raw:
@@ -137,19 +137,19 @@ def status_command(  # noqa: C901, PLR0912
             app.echo_info(table[0][1])
             return
         if len(table) == 0:
-            raise ClickException(f"No values for key(s): {key}")
+            raise CmemcError(f"No values for key(s): {key}")
         app.echo_info_table(table, headers=["Key", "Value"], sort_column=0)
         return
     app.check_versions()
     _workspace_config = _["explore"]["info"].get("workspaceConfiguration", {})
     if _workspace_config.get("workspacesToMigrate"):
         if exit_1 == "always":
-            raise ClickException(WARNING_MIGRATION)
+            raise CmemcError(WARNING_MIGRATION)
         app.echo_warning(WARNING_MIGRATION)
 
     if _["shapes"]["version"] not in (_["explore"]["version"], "UNKNOWN"):
         if exit_1 == "always":
-            raise ClickException(WARNING_SHAPES)
+            raise CmemcError(WARNING_SHAPES)
         app.echo_warning(WARNING_SHAPES)
 
     _check_cmem_license(app=app, data=_, exit_1=exit_1)
@@ -221,8 +221,8 @@ def token_command(app: ApplicationContext, raw: bool, decode: bool, ttl: bool) -
             return
         exp_time = datetime.fromtimestamp(exp_ts, tz=timezone.utc)
         now_time = datetime.now(tz=timezone.utc)
-        ttl_delta = timeago.format(exp_time, now_time)
-        if ttl_delta.startswith("in"):
+        ttl_delta = naturaltime(exp_time, when=now_time)
+        if exp_time > now_time:
             app.echo_info(
                 f"The provided access token will expire {ttl_delta} "
                 f"(TTL is {ttl_in_seconds} seconds)."

cmem_cmemc/commands/client.py

@@ -1,7 +1,7 @@
 """Keycloak client management commands"""
 
 import click
-from click import ClickException, UsageError
+from click import UsageError
 from cmem.cmempy.config import get_keycloak_base_uri, get_keycloak_realm_id
 from cmem.cmempy.keycloak.client import (
     generate_client_secret,
@@ -13,7 +13,8 @@ from cmem.cmempy.keycloak.client import (
 from cmem_cmemc import completion
 from cmem_cmemc.command import CmemcCommand
 from cmem_cmemc.command_group import CmemcGroup
-from cmem_cmemc.context import ApplicationContext
+from cmem_cmemc.context import ApplicationContext, build_caption
+from cmem_cmemc.exceptions import CmemcError
 
 NO_CLIENT_ERROR = (
     "{} is not a valid client account. "
@@ -47,7 +48,13 @@ def list_command(app: ApplicationContext, raw: bool, id_only: bool) -> None:
             app.echo_info(cnt["clientId"])
         return
     table = [(_["clientId"], _.get("description", "-")) for _ in clients]
-    app.echo_info_table(table, headers=["Client ID", "Description"], sort_column=0)
+    app.echo_info_table(
+        table,
+        headers=["Client ID", "Description"],
+        sort_column=0,
+        caption=build_caption(len(table), "client"),
+        empty_table_message="No client accounts found.",
+    )
 
 
 @click.command(cls=CmemcCommand, name="secret")
@@ -66,7 +73,7 @@ def secret_command(app: ApplicationContext, client_id: str, generate: bool, outp
 
     clients = get_client_by_client_id(client_id)
     if not clients:
-        raise ClickException(NO_CLIENT_ERROR.format(client_id))
+        raise CmemcError(NO_CLIENT_ERROR.format(client_id))
 
     if generate:
         if not output:
@@ -106,7 +113,7 @@ def open_command(app: ApplicationContext, client_ids: tuple[str]) -> None:
         client_id_map = {c["clientId"]: c["id"] for c in clients}
         for _ in client_ids:
             if _ not in client_id_map:
-                raise ClickException(NO_CLIENT_ERROR.format(_))
+                raise CmemcError(NO_CLIENT_ERROR.format(_))
             client_id = client_id_map[_]
             open_user_uri = f"{open_client_base_uri}/{client_id}/settings"