datamasque-cli 1.0.0__py3-none-any.whl

datamasque_cli/commands/system.py

@@ -0,0 +1,118 @@
+"""System-level commands: health, licence, logs, admin-install."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+import typer
+
+from datamasque_cli.client import get_client
+from datamasque_cli.commands.rulesets import export_bundle, import_bundle
+from datamasque_cli.output import print_json, print_success, print_warning, render_output
+
+app = typer.Typer(help="System administration commands.")
+
+
+@app.command()
+def health(
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+    is_json: bool = typer.Option(False, "--json", help="Output as JSON"),
+) -> None:
+    """Check DataMasque instance health."""
+    client = get_client(profile)
+    client.healthcheck()
+
+    if is_json:
+        print_json({"status": "healthy"})
+    else:
+        print_success("Instance is healthy.")
+
+
+@app.command("licence")
+def licence(
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+    is_json: bool = typer.Option(False, "--json", help="Output as JSON"),
+) -> None:
+    """Show licence information."""
+    client = get_client(profile)
+    info = client.get_current_license_info()
+    # Project to the fields a user actually checks. The full pydantic dump
+    # also includes nested SwitchableLicenseMetadata which is noisy.
+    expiry = info.expiry_date.isoformat() if info.expiry_date else None
+    data = {
+        "uuid": info.uuid,
+        "name": info.name,
+        "type": info.type,
+        "is_expired": info.is_expired,
+        "expiry_date": expiry,
+        "days_until_expiry": info.days_until_expiry,
+        "platform_name": info.platform_name,
+    }
+    render_output(data, is_json=is_json, title="Licence")
+
+
+@app.command()
+def logs(
+    output_path: Path = typer.Option("datamasque-logs.tar.gz", "--output", "-o", help="Where to save the log file"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Download application logs."""
+    client = get_client(profile)
+    client.retrieve_application_logs(output_path)
+    print_success(f"Logs saved to {output_path}")
+
+
+@app.command("export", hidden=True, deprecated=True)
+def export_config(
+    output_path: Path = typer.Option("datamasque-export.zip", "--output", "-o", help="Where to save the export"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Deprecated alias for `dm rulesets export-bundle`."""
+    print_warning("`dm system export` is deprecated; use `dm rulesets export-bundle` instead.")
+    export_bundle(output_path=output_path, profile=profile)
+
+
+@app.command("import", hidden=True, deprecated=True)
+def import_config(
+    file: Path = typer.Option(..., "--file", "-f", help="Path to import file", exists=True, readable=True),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+    is_confirmed: bool = typer.Option(False, "--yes", "-y", help="Skip confirmation"),
+) -> None:
+    """Deprecated alias for `dm rulesets import-bundle`."""
+    print_warning("`dm system import` is deprecated; use `dm rulesets import-bundle` instead.")
+    import_bundle(file=file, profile=profile, is_confirmed=is_confirmed)
+
+
+@app.command("upload-licence")
+def upload_licence(
+    file: Path = typer.Argument(help="Path to .lic licence file", exists=True, readable=True),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Upload a DataMasque licence file."""
+    client = get_client(profile)
+    client.upload_license_file(str(file))
+    print_success(f"Licence file '{file.name}' uploaded.")
+
+
+@app.command("admin-install")
+def admin_install(
+    email: str = typer.Option(..., help="Admin email address"),
+    username: str = typer.Option("admin", help="Admin username"),
+    password: str = typer.Option(..., prompt=True, hide_input=True, help="Admin password"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Initial admin setup for a fresh DataMasque instance."""
+    client = get_client(profile)
+    client.admin_install(email=email, username=username, password=password)
+    print_success(f"Admin user '{username}' created.")
+
+
+@app.command("set-locality")
+def set_locality(
+    locality: str = typer.Argument(help="Locality string to set"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Set the system locality."""
+    client = get_client(profile)
+    client.set_locality(locality)
+    print_success(f"Locality set to '{locality}'.")

datamasque_cli/commands/users.py

@@ -0,0 +1,86 @@
+"""User management commands."""
+
+from __future__ import annotations
+
+import typer
+from datamasque.client.models.user import User, UserRole
+
+from datamasque_cli.client import get_client
+from datamasque_cli.output import abort, print_success, render_output
+
+app = typer.Typer(help="Manage users.")
+
+
+@app.command("list")
+def list_users(
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+    is_json: bool = typer.Option(False, "--json", help="Output as JSON"),
+) -> None:
+    """List all users."""
+    client = get_client(profile)
+    users = client.list_users()
+
+    data = [
+        {
+            "id": u.id,
+            "username": u.username,
+            "email": u.email,
+            "roles": ", ".join(r.value for r in u.roles),
+        }
+        for u in users
+    ]
+
+    render_output(data, is_json=is_json, columns=["id", "username", "email", "roles"], title="Users")
+
+
+@app.command("create")
+def create_user(
+    username: str = typer.Option(..., help="Username"),
+    email: str = typer.Option(..., help="Email address"),
+    role: list[str] = typer.Option(..., help="Role(s): superuser, mask_builder, mask_runner"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Create a new user."""
+    roles = [UserRole(r) for r in role]
+    user = User(username=username, email=email, password="", roles=roles)
+
+    client = get_client(profile)
+    created = client.create_or_update_user(user)
+    print_success(f"User '{username}' created. Temporary password: {created.password}")
+
+
+@app.command("delete")
+def delete_user(
+    username: str = typer.Argument(help="Username to delete"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+    is_confirmed: bool = typer.Option(False, "--yes", "-y", help="Skip confirmation"),
+) -> None:
+    """Delete a user by username."""
+    client = get_client(profile)
+    users = client.list_users()
+
+    if not any(u.username == username for u in users):
+        abort(f"User '{username}' not found.")
+
+    if not is_confirmed:
+        typer.confirm(f"Delete user '{username}'?", abort=True)
+
+    client.delete_user_by_username_if_exists(username)
+    print_success(f"User '{username}' deleted.")
+
+
+@app.command("reset-password")
+def reset_password(
+    username: str = typer.Argument(help="Username to reset password for"),
+    profile: str | None = typer.Option(None, "--profile", "-p", help="Profile to use"),
+) -> None:
+    """Reset a user's password."""
+    client = get_client(profile)
+    users = client.list_users()
+
+    match = next((u for u in users if u.username == username), None)
+    if match is None:
+        abort(f"User '{username}' not found.")
+
+    new_password = client.reset_password_for_user(match)
+    print_success(f"Password reset for '{username}'. New temporary password: {new_password}")

datamasque_cli/config.py

@@ -0,0 +1,82 @@
+"""Profile-based configuration management.
+
+Stores credentials and connection details in ~/.config/datamasque-cli/config.toml.
+Supports named profiles (default, staging, prod, etc.).
+"""
+
+from __future__ import annotations
+
+import tomllib
+from pathlib import Path
+
+import tomli_w
+from pydantic import BaseModel, Field
+
+CONFIG_DIR = Path.home() / ".config" / "datamasque-cli"
+CONFIG_FILE = CONFIG_DIR / "config.toml"
+DEFAULT_PROFILE = "default"
+
+
+class Profile(BaseModel):
+    url: str = ""
+    username: str = ""
+    password: str = ""
+    # Disable TLS verification for instances with self-signed or expired certs
+    # (typically local dev). Persisted to config so you don't re-pass it per call.
+    verify_ssl: bool = True
+
+    @property
+    def is_configured(self) -> bool:
+        return bool(self.url and self.username and self.password)
+
+
+class Config(BaseModel):
+    profiles: dict[str, Profile] = Field(default_factory=dict)
+    active_profile: str = DEFAULT_PROFILE
+
+    def get_profile(self, name: str | None = None) -> Profile:
+        name = name or self.active_profile
+        # Return a fresh default for unknown names so callers can check
+        # `is_configured` without mutating the stored profile dict.
+        return self.profiles.get(name, Profile())
+
+    def set_profile(self, name: str, profile: Profile) -> None:
+        self.profiles[name] = profile
+
+    def delete_profile(self, name: str) -> bool:
+        if name not in self.profiles:
+            return False
+        del self.profiles[name]
+        return True
+
+    def list_profile_names(self) -> list[str]:
+        return list(self.profiles.keys())
+
+
+def load_config() -> Config:
+    if not CONFIG_FILE.exists():
+        return Config()
+
+    with open(CONFIG_FILE, "rb") as f:
+        data = tomllib.load(f)
+
+    # Ignore unknown top-level or per-profile keys (e.g. the dead `verify_ssl`
+    # that older configs may still carry) so on-disk files written by previous
+    # releases keep loading cleanly.
+    profiles_raw = data.get("profiles", {}) or {}
+    profiles = {
+        name: Profile.model_validate({k: v for k, v in profile.items() if k in Profile.model_fields})
+        for name, profile in profiles_raw.items()
+    }
+    return Config(profiles=profiles, active_profile=data.get("active_profile", DEFAULT_PROFILE))
+
+
+def save_config(config: Config) -> None:
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+    data = config.model_dump()
+
+    with open(CONFIG_FILE, "wb") as f:
+        tomli_w.dump(data, f)
+
+    CONFIG_FILE.chmod(0o600)

datamasque_cli/main.py

@@ -0,0 +1,58 @@
+"""DataMasque CLI entry point.
+
+Usage:
+    dm auth login
+    dm run start --connection mydb --ruleset myrules
+    dm run list --status running
+    dm rulesets list --json
+"""
+
+from __future__ import annotations
+
+from importlib.metadata import version as pkg_version
+
+import typer
+from rich.console import Console
+
+from datamasque_cli.commands import (
+    auth,
+    connections,
+    discovery,
+    files,
+    ruleset_libraries,
+    rulesets,
+    runs,
+    seeds,
+    system,
+    users,
+)
+
+app = typer.Typer(
+    name="dm",
+    help="DataMasque CLI — manage data masking from the command line.",
+    no_args_is_help=True,
+)
+
+app.add_typer(auth.app, name="auth")
+app.add_typer(connections.app, name="connections")
+app.add_typer(rulesets.app, name="rulesets")
+app.add_typer(runs.app, name="run")
+app.add_typer(users.app, name="users")
+app.add_typer(discovery.app, name="discover")
+app.add_typer(seeds.app, name="seeds")
+app.add_typer(files.app, name="files")
+app.add_typer(system.app, name="system")
+app.add_typer(ruleset_libraries.app, name="libraries")
+
+
+@app.command()
+def version() -> None:
+    """Show the CLI version."""
+    console = Console(stderr=True)
+    console.print("  [#7B36F5]▷◁[/#7B36F5]  ", end="")
+    console.print("[bold #7B36F5]DataMasque[/bold #7B36F5] CLI", end="  ")
+    typer.echo(f"v{pkg_version('datamasque-cli')}")
+
+
+if __name__ == "__main__":
+    app()

datamasque_cli/output.py

@@ -0,0 +1,133 @@
+"""Output formatting for the CLI.
+
+Supports JSON output (--json) for machine consumption,
+and rich tables for human-readable display.
+"""
+
+from __future__ import annotations
+
+import json
+from typing import Any, NoReturn
+
+import typer
+from rich.console import Console
+from rich.table import Table
+from rich.theme import Theme
+
+_DM_THEME = Theme(
+    {
+        "status.finished": "bold green",
+        "status.finished_with_warnings": "bold yellow",
+        "status.running": "bold cyan",
+        "status.queued": "dim",
+        "status.failed": "bold red",
+        "status.cancelled": "dim strike",
+    }
+)
+
+# Diagnostic messages go to stderr so piped JSON output stays clean.
+console = Console(stderr=True, theme=_DM_THEME)
+stdout_console = Console(theme=_DM_THEME)
+
+
+# Any top-level field whose lowercased name contains one of these substrings
+# is replaced by `<redacted>` when a value dict passes through
+# `redact_sensitive_fields`. Matches datamasque-python's SENSITIVE_REQUEST_DATA_KEYS.
+_SENSITIVE_FIELD_SUBSTRINGS = ("password", "secret", "token", "key", "credential")
+_REDACTED = "<redacted>"
+
+
+def redact_sensitive_fields(data: dict[str, Any]) -> dict[str, Any]:
+    """Return a copy of `data` with values of sensitive-named keys replaced by `<redacted>`.
+
+    Matches any key whose lowercased name contains `password`, `secret`, `token`,
+    `key`, or `credential`. Does not recurse into nested dicts/lists.
+    """
+    return {
+        key: _REDACTED if any(word in key.lower() for word in _SENSITIVE_FIELD_SUBSTRINGS) else value
+        for key, value in data.items()
+    }
+
+
+def print_json(data: object) -> None:
+    typer.echo(json.dumps(data, indent=2, default=str))
+
+
+def print_table(
+    columns: list[str],
+    rows: list[list[Any]],
+    title: str | None = None,
+) -> None:
+    table = Table(title=title, show_header=True, header_style="bold cyan")
+    for col in columns:
+        table.add_column(col)
+    for row in rows:
+        table.add_row(*[str(v) if v is not None else "" for v in row])
+    stdout_console.print(table)
+
+
+def print_kv(data: dict[str, Any], title: str | None = None) -> None:
+    """Print key-value pairs as a two-column table."""
+    table = Table(title=title, show_header=False, show_edge=False, padding=(0, 2))
+    table.add_column("Key", style="bold")
+    table.add_column("Value")
+    for key, value in data.items():
+        table.add_row(key, str(value) if value is not None else "")
+    stdout_console.print(table)
+
+
+def print_success(message: str) -> None:
+    console.print(f"[green]{message}[/green]")
+
+
+def print_error(message: str) -> None:
+    console.print(f"[red]Error:[/red] {message}")
+
+
+def print_warning(message: str) -> None:
+    console.print(f"[yellow]Warning:[/yellow] {message}")
+
+
+def print_info(message: str) -> None:
+    console.print(f"[dim]{message}[/dim]")
+
+
+def style_status(status: str) -> str:
+    """Wrap a run status string in the appropriate colour tag."""
+    style_name = f"status.{status}"
+    return f"[{style_name}]{status}[/{style_name}]"
+
+
+def render_output(
+    data: object,
+    *,
+    is_json: bool,
+    columns: list[str] | None = None,
+    title: str | None = None,
+) -> None:
+    """Unified output dispatcher.
+
+    When `is_json` is True, dumps `data` as JSON to stdout.
+    Otherwise renders a rich table from a list-of-dicts or a key-value dict.
+    """
+    if is_json:
+        print_json(data)
+        return
+
+    if not data:
+        print_info("No results.")
+        return
+
+    if isinstance(data, list) and len(data) > 0 and isinstance(data[0], dict):
+        cols = columns or list(data[0].keys())
+        rows = [[item.get(c) for c in cols] for item in data]
+        print_table(cols, rows, title=title)
+    elif isinstance(data, dict):
+        print_kv(data, title=title)
+    else:
+        typer.echo(data)
+
+
+def abort(message: str) -> NoReturn:
+    print_error(message)
+    raise SystemExit(1)