cwms-cli 0.5.0__tar.gz → 0.7.0__tar.gz

{cwms_cli-0.5.0 → cwms_cli-0.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cwms-cli
-Version: 0.5.0
+Version: 0.7.0
 Summary: Command line utilities for Corps Water Management Systems (CWMS) python scripts. This is a collection of shared scripts across the enterprise Water Management Enterprise System (WMES) teams.
 License: LICENSE
 License-File: LICENSE
@@ -18,6 +18,7 @@ Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: 3.14
 Requires-Dist: click (>=8.1.8,<9.0.0)
 Requires-Dist: colorama (>=0.4.6,<0.5.0)
+Requires-Dist: requests (>=2.30.0,<3.0.0)
 Project-URL: Repository, https://github.com/HydrologicEngineeringCenter/cwms-cli
 Description-Content-Type: text/markdown
 

{cwms_cli-0.5.0 → cwms_cli-0.7.0}/cwmscli/__main__.py

@@ -81,8 +81,9 @@ def cli(
 
 
 cli.add_command(usgs_group, name="usgs")
-cli.add_command(commands_cwms.shefcritimport)
+cli.add_command(commands_cwms.shef_group)
 cli.add_command(commands_cwms.csv2cwms_cmd)
+cli.add_command(commands_cwms.login_cmd)
 cli.add_command(commands_cwms.update_cli_cmd)
 cli.add_command(commands_cwms.blob_group)
 cli.add_command(commands_cwms.clob_group)

{cwms_cli-0.5.0 → cwms_cli-0.7.0}/cwmscli/commands/blob.py

@@ -9,7 +9,13 @@ import sys
 from collections import defaultdict
 from typing import Optional, Sequence, Tuple, Union
 
-from cwmscli.utils import colors, get_api_key, log_scoped_read_hint
+from cwmscli.utils import (
+    colors,
+    get_api_key,
+    has_invalid_chars,
+    init_cwms_session,
+    log_scoped_read_hint,
+)
 from cwmscli.utils.click_help import DOCS_BASE_URL
 from cwmscli.utils.deps import requires
 
@@ -133,11 +139,30 @@ def _resolve_optional_api_key(api_key: Optional[str], anonymous: bool) -> Option
     return get_api_key(api_key, None)
 
 
+def _resolve_credential_kind(api_key: Optional[str], anonymous: bool) -> Optional[str]:
+    if anonymous:
+        return None
+    from cwmscli.utils import get_saved_login_token
+
+    if get_saved_login_token():
+        return "token"
+    if _resolve_optional_api_key(api_key, anonymous):
+        return "api_key"
+    return None
+
+
 def _response_status_code(exc: BaseException) -> Optional[int]:
     response = getattr(exc, "response", None)
     return getattr(response, "status_code", None)
 
 
+def _blob_endpoint_id(blob_id: str) -> tuple[str, Optional[str]]:
+    normalized = blob_id.upper()
+    if has_invalid_chars(normalized):
+        return "ignored", normalized
+    return normalized, None
+
+
 def store_blob(**kwargs):
     import cwms
     import requests
@@ -411,7 +436,7 @@ def upload_cmd(
     import cwms
     import requests
 
-    cwms.init_session(api_root=api_root, api_key=get_api_key(api_key, None))
+    init_cwms_session(cwms, api_root=api_root, api_key=api_key)
 
     using_single = bool(input_file)
     using_multi = bool(input_dir)
@@ -570,8 +595,8 @@ def download_cmd(
             f"DRY RUN: would GET {api_root} blob with blob-id={blob_id} office={office}."
         )
         return
-    resolved_api_key = _resolve_optional_api_key(api_key, anonymous)
-    cwms.init_session(api_root=api_root, api_key=resolved_api_key)
+    credential_kind = _resolve_credential_kind(api_key, anonymous)
+    init_cwms_session(cwms, api_root=api_root, api_key=api_key, anonymous=anonymous)
     bid = blob_id.upper()
     logging.debug(f"Office={office} BlobID={bid}")
 
@@ -588,7 +613,7 @@ def download_cmd(
         detail = getattr(e.response, "text", "") or str(e)
         logging.error(f"Failed to download (HTTP): {detail}")
         log_scoped_read_hint(
-            api_key=resolved_api_key,
+            credential_kind=credential_kind,
             anonymous=anonymous,
             office=office,
             action="download",
@@ -598,7 +623,7 @@ def download_cmd(
     except Exception as e:
         logging.error(f"Failed to download: {e}")
         log_scoped_read_hint(
-            api_key=resolved_api_key,
+            credential_kind=credential_kind,
             anonymous=anonymous,
             office=office,
             action="download",
@@ -616,19 +641,27 @@ def delete_cmd(blob_id: str, office: str, api_root: str, api_key: str, dry_run:
             f"DRY RUN: would DELETE {api_root} blob with blob-id={blob_id} office={office}"
         )
         return
-    cwms.init_session(api_root=api_root, api_key=api_key)
+    init_cwms_session(cwms, api_root=api_root, api_key=api_key)
+    bid = blob_id.upper()
+    path_id, query_id = _blob_endpoint_id(bid)
     try:
-        cwms.delete_blob(office_id=office, blob_id=blob_id)
+        if query_id is None:
+            cwms.delete_blob(office_id=office, blob_id=bid)
+        else:
+            cwms.api.delete(
+                f"blobs/{path_id}",
+                params={"office": office, "blob-id": query_id},
+            )
     except requests.HTTPError as e:
         if _response_status_code(e) == 404:
             logging.info(
                 "Blob %s was already absent in office %s. Nothing to delete.",
-                blob_id,
+                bid,
                 office,
             )
             return
         raise
-    logging.info(f"Deleted blob: {blob_id} for office: {office}")
+    logging.info(f"Deleted blob: {bid} for office: {office}")
 
 
 def update_cmd(
@@ -649,7 +682,7 @@ def update_cmd(
             f"DRY RUN: would PATCH {api_root} blob with blob-id={blob_id} office={office}"
         )
         return
-    cwms.init_session(api_root=api_root, api_key=api_key)
+    init_cwms_session(cwms, api_root=api_root, api_key=api_key)
     file_data = None
     if input_file:
         try:
@@ -695,8 +728,8 @@ def list_cmd(
     import cwms
     import pandas as pd
 
-    resolved_api_key = _resolve_optional_api_key(api_key, anonymous)
-    cwms.init_session(api_root=api_root, api_key=resolved_api_key)
+    credential_kind = _resolve_credential_kind(api_key, anonymous)
+    init_cwms_session(cwms, api_root=api_root, api_key=api_key, anonymous=anonymous)
     try:
         df = list_blobs(
             office=office,
@@ -709,7 +742,7 @@ def list_cmd(
         )
     except Exception:
         log_scoped_read_hint(
-            api_key=resolved_api_key,
+            credential_kind=credential_kind,
             anonymous=anonymous,
             office=office,
             action="list",

{cwms_cli-0.5.0 → cwms_cli-0.7.0}/cwmscli/commands/commands_cwms.py

@@ -1,7 +1,9 @@
+import logging
 import os
 import subprocess
 import sys
 import textwrap
+from pathlib import Path
 from typing import Optional
 
 import click
@@ -20,6 +22,7 @@ from cwmscli.utils import (
     office_option_notrequired,
     to_uppercase,
 )
+from cwmscli.utils.auth import DEFAULT_REDIRECT_HOST, DEFAULT_REDIRECT_PORT
 from cwmscli.utils.deps import requires
 from cwmscli.utils.update import (
     build_update_package_spec,
@@ -30,7 +33,224 @@ from cwmscli.utils.version import get_cwms_cli_version
 
 
 @click.command(
-    "shefcritimport",
+    "login",
+    help="Authenticate with CWBI OIDC using PKCE and save tokens for reuse.",
+)
+@click.option(
+    "--provider",
+    type=click.Choice(["federation-eams", "login.gov"], case_sensitive=False),
+    default="federation-eams",
+    show_default=True,
+    help="Identity provider hint to send to Keycloak.",
+)
+@click.option(
+    "--client-id",
+    default="cwms",
+    show_default=True,
+    help="OIDC client ID.",
+)
+@click.option(
+    "-a",
+    "--api-root",
+    default="https://cwms-data.usace.army.mil/cwms-data",
+    envvar="CDA_API_ROOT",
+    show_default=True,
+    help="CDA API root used to discover the OpenID Connect configuration.",
+)
+@click.option(
+    "--oidc-base-url",
+    default=None,
+    show_default=True,
+    hidden=True,
+    help="Override the discovered OIDC realm base URL ending in /protocol/openid-connect.",
+)
+@click.option(
+    "--scope",
+    default="openid profile",
+    show_default=True,
+    help="OIDC scopes to request.",
+)
+@click.option(
+    "--redirect-host",
+    default=DEFAULT_REDIRECT_HOST,
+    show_default=True,
+    help="Local host for the login callback listener.",
+)
+@click.option(
+    "--redirect-port",
+    default=DEFAULT_REDIRECT_PORT,
+    type=int,
+    show_default=True,
+    help="Local port for the login callback listener.",
+)
+@click.option(
+    "--token-file",
+    type=click.Path(dir_okay=False, path_type=Path),
+    default=None,
+    help="Path to save the login session JSON. Defaults to a provider-specific file under ~/.config/cwms-cli/auth/.",
+)
+@click.option(
+    "--refresh",
+    "refresh_only",
+    is_flag=True,
+    default=False,
+    help="Refresh an existing saved session instead of opening a new browser login.",
+)
+@click.option(
+    "--no-browser",
+    is_flag=True,
+    default=False,
+    help="Print the authorization URL instead of trying to open a browser automatically.",
+)
+@click.option(
+    "--timeout",
+    default=30,
+    type=int,
+    show_default=True,
+    help="Seconds to wait for the local login callback.",
+)
+@click.option(
+    "--ca-bundle",
+    type=click.Path(exists=True, dir_okay=False, resolve_path=True, path_type=Path),
+    default=None,
+    help="CA bundle to use for TLS verification.",
+)
+@requires(reqs.requests)
+def login_cmd(
+    provider: str,
+    client_id: str,
+    api_root: str,
+    oidc_base_url: Optional[str],
+    scope: str,
+    redirect_host: str,
+    redirect_port: int,
+    token_file: Path,
+    refresh_only: bool,
+    no_browser: bool,
+    timeout: int,
+    ca_bundle: Path,
+):
+    from cwmscli.utils.auth import (
+        DEFAULT_CDA_API_ROOT,
+        AuthError,
+        CallbackBindError,
+        LoginTimeoutError,
+        OIDCLoginConfig,
+        default_token_file,
+        discover_oidc_base_url,
+        discover_oidc_configuration,
+        login_with_browser,
+        refresh_saved_login,
+        refresh_token_expiry_text,
+        save_login,
+        token_expiry_text,
+    )
+    from cwmscli.utils.colors import c, err
+
+    provider = provider.lower()
+    token_file = token_file or default_token_file(provider)
+    verify = str(ca_bundle) if ca_bundle else None
+    api_root = (api_root or DEFAULT_CDA_API_ROOT).rstrip("/")
+    action = (
+        "refreshed your saved sign-in for" if refresh_only else "authenticated against"
+    )
+
+    try:
+        if refresh_only:
+            result = refresh_saved_login(token_file=token_file, verify=verify)
+            config = result["config"]
+            token = result["token"]
+        else:
+            discovered_oidc = (
+                {
+                    "oidc_base_url": oidc_base_url.rstrip("/"),
+                    "authorization_endpoint": f"{oidc_base_url.rstrip('/')}/auth",
+                    "token_endpoint": f"{oidc_base_url.rstrip('/')}/token",
+                }
+                if oidc_base_url
+                else discover_oidc_configuration(
+                    api_root=api_root,
+                    verify=verify,
+                )
+            )
+            config = OIDCLoginConfig(
+                client_id=client_id,
+                oidc_base_url=discovered_oidc["oidc_base_url"].rstrip("/"),
+                authorization_endpoint_url=discovered_oidc["authorization_endpoint"],
+                token_endpoint_url=discovered_oidc["token_endpoint"],
+                redirect_host=redirect_host,
+                redirect_port=redirect_port,
+                scope=scope,
+                provider=provider,
+                timeout_seconds=timeout,
+                verify=verify,
+            )
+            auth_url_shown = False
+
+            def show_auth_url(url: str) -> None:
+                nonlocal auth_url_shown
+                click.echo("Visit this URL to authenticate:")
+                click.echo(url)
+                auth_url_shown = True
+
+            result = login_with_browser(
+                config=config,
+                launch_browser=not no_browser,
+                authorization_url_callback=show_auth_url if no_browser else None,
+            )
+            config = result.get("config", config)
+            if (not auth_url_shown) and (not result["browser_opened"]):
+                click.echo("Visit this URL to authenticate:")
+                click.echo(result["authorization_url"])
+            token = result["token"]
+
+        save_login(token_file=token_file, config=config, token=token)
+    except LoginTimeoutError as e:
+        click.echo(err(f"ALERT: {e}"), err=True)
+        raise click.exceptions.Exit(1) from e
+    except CallbackBindError as e:
+        click.echo(err(f"ALERT: {e}"), err=True)
+        raise click.exceptions.Exit(1) from e
+    except AuthError as e:
+        raise click.ClickException(str(e)) from e
+    except OSError as e:
+        raise click.ClickException(f"Login setup failed: {e}") from e
+
+    click.echo(f"You have successfully {action} CWBI.")
+    refresh_expiry = refresh_token_expiry_text(token)
+    if refresh_expiry:
+        click.echo(
+            c(
+                f"Your refresh session is good until {refresh_expiry}.",
+                "blue",
+                bright=True,
+            )
+        )
+    logging.debug("Saved login session to %s", token_file)
+    expiry = token_expiry_text(token)
+    if expiry:
+        logging.debug("Access token expires at %s", expiry)
+    if token.get("refresh_token"):
+        logging.debug("A refresh token is available for future reuse.")
+
+
+# region SHEF
+# ================================================================================
+#  SHEF
+# ================================================================================
+@click.group(
+    "shef",
+    help="Manage SHEF file imports (crit files, .in configuration files)",
+)
+def shef_group():
+    pass
+
+
+# ================================================================================
+#       Import Crit File
+# ================================================================================
+@shef_group.command(
+    "import_crit",
     help="Import SHEF crit file into timeseries group for SHEF file processing",
 )
 @click.option(
@@ -42,9 +262,10 @@ from cwmscli.utils.version import get_cwms_cli_version
 )
 @common_api_options
 @api_key_loc_option
+@click.option("--dry-run", is_flag=True, help="Show request; do not send.")
 @requires(reqs.cwms)
-def shefcritimport(filename, office, api_root, api_key, api_key_loc):
-    from cwmscli.commands.shef_critfile_import import import_shef_critfile
+def shef_import_crit(filename, office, api_root, api_key, api_key_loc, dry_run):
+    from cwmscli.commands.shef.import_critfile import import_shef_critfile
     from cwmscli.utils import get_api_key
 
     api_key = get_api_key(api_key, api_key_loc)
@@ -53,9 +274,67 @@ def shefcritimport(filename, office, api_root, api_key, api_key_loc):
         office_id=office,
         api_root=api_root,
         api_key=api_key,
+        dry_run=dry_run,
+    )
+
+
+# ================================================================================
+#       Import .in File
+# ================================================================================
+@shef_group.command(
+    "import_infile",
+    help="Import SHEF .in file into timeseries group for SHEF file processing",
+)
+@click.option(
+    "-f",
+    "--filename",
+    required=True,
+    type=str,
+    help="filename of SHEF .in file to be processed",
+)
+@click.option(
+    "-g",
+    "--group-name",
+    required=True,
+    type=str,
+    help="CWMS timeseries group name",
+)
+@click.option(
+    "--category",
+    type=str,
+    default="SHEF Export",
+    show_default=True,
+    help="Timeseries category ID",
+)
+@common_api_options
+@api_key_loc_option
+@click.option(
+    "--dry-run",
+    is_flag=True,
+    help="Parse the .in file and print the JSON payload without posting to the API.",
+)
+@requires(reqs.cwms)
+def shef_import_infile(
+    filename, group_name, category, office, api_root, api_key, api_key_loc, dry_run
+):
+    from cwmscli.commands.shef.import_infile import import_shef_infile
+    from cwmscli.utils import get_api_key
+
+    api_key = get_api_key(api_key, api_key_loc)
+    import_shef_infile(
+        in_file=filename,
+        group_name=group_name,
+        office_id=office,
+        api_root=api_root,
+        api_key=api_key,
+        category_id=category,
+        dry_run=dry_run,
     )
 
 
+# endregion
+
+
 @click.command("csv2cwms", help="Store CSV TimeSeries data to CWMS using a config file")
 @common_api_options
 @click.option(

{cwms_cli-0.5.0 → cwms_cli-0.7.0}/cwmscli/commands/csv2cwms/__main__.py

@@ -6,6 +6,8 @@ from datetime import datetime
 
 import cwms
 
+from cwmscli.utils import init_cwms_session
+
 # Add the current directory to the path
 # This is necessary for the script to be run as a standalone script
 sys.path.insert(0, os.path.abspath(os.path.dirname(__file__)))
@@ -70,8 +72,8 @@ def main(*args, **kwargs):
     tz = safe_zoneinfo(kwargs.get("tz"))
     begin_time = _resolve_begin_time(tz, kwargs.get("begin"))
 
-    cwms.api.init_session(
-        api_root=kwargs.get("api_root"), api_key=kwargs.get("api_key")
+    init_cwms_session(
+        cwms, api_root=kwargs.get("api_root"), api_key=kwargs.get("api_key")
     )
     setup_logger(kwargs.get("log"), verbose=kwargs.get("verbose"))
     logger.info(f"Begin time: {begin_time}")

cwms_cli-0.5.0/cwmscli/commands/shef_critfile_import.py → cwms_cli-0.7.0/cwmscli/commands/shef/import_critfile.py

@@ -5,6 +5,8 @@ from typing import Dict, List
 import cwms
 import pandas as pd
 
+from cwmscli.utils import init_cwms_session
+
 
 def import_shef_critfile(
     file_path: str,
@@ -16,6 +18,7 @@ def import_shef_critfile(
     group_office_id: str = "CWMS",
     category_office_id: str = "CWMS",
     replace_assigned_ts: bool = False,
+    dry_run: bool = False,
 ) -> None:
     """
     Processes a .crit file and saves the information to the SHEF Data Acquisition time series group.
@@ -34,19 +37,40 @@ def import_shef_critfile(
         The specified office group associated with the timeseries data. Defaults to "CWMS".
     replace_assigned_ts : bool, optional
         Specifies whether to unassign all existing time series before assigning new time series specified in the content body. Default is False.
+    dry_run : bool, optional
+        Parse the .crit file and print the JSON payload without posting to the API. Default is False.
 
     Returns
     -------
     None
     """
 
-    api_key = "apikey " + api_key
-    cwms.api.init_session(api_root=api_root, api_key=api_key)
-    logging.info(f"CDA connection: {api_root}")
+    if not dry_run:
+        init_cwms_session(cwms, api_root=api_root, api_key="apikey " + api_key)
+        logging.info(f"CDA connection: {api_root}")
 
     # Parse the file and get the parsed data
     parsed_data = parse_crit_file(file_path)
     logging.info("CRIT file has been parsed")
+    logging.info(f"Found {len(parsed_data)} timeseries entries:")
+    for data in parsed_data:
+        logging.info(f"  {data['Timeseries ID']} --> alias={data['Alias']}")
+
+    if not parsed_data:
+        logging.error("No timeseries entries found in the CRIT file")
+        return
+
+    if dry_run:
+        logging.info(
+            f"\n--- DRY RUN: The following timeseries entries will be added to {group_id} ---"
+        )
+        for data in parsed_data:
+            logging.info(
+                f"  timeseries-id: {data['Timeseries ID']}, alias-id: {data['Alias']}"
+            )
+        logging.info(f"--- Dry run complete. Nothing was posted to the API. ---\n")
+        return
+
     # df = pd.DataFrame()
     logging.info(f"Saving Timeseries IDs to group: {group_id}")
     for data in parsed_data: