dayhoff-tools 1.1.15__tar.gz → 1.1.16__tar.gz

{dayhoff_tools-1.1.15 → dayhoff_tools-1.1.16}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: dayhoff-tools
-Version: 1.1.15
+Version: 1.1.16
 Summary: Common tools for all the repos at Dayhoff Labs
 Author: Daniel Martin-Alarcon
 Author-email: dma@dayhofflabs.com

{dayhoff_tools-1.1.15 → dayhoff_tools-1.1.16}/dayhoff_tools/cli/cloud_commands.py

@@ -256,6 +256,32 @@ def _get_adc_status() -> str:
     return "Not configured"
 
 
+def _is_adc_authenticated() -> bool:
+    """Check if Application Default Credentials (ADC) are valid.
+
+    Returns:
+        True if `gcloud auth application-default print-access-token --quiet` succeeds,
+        False otherwise.
+    """
+    try:
+        gcloud_path = _find_executable("gcloud")
+        returncode, _, _ = _run_command(
+            [
+                gcloud_path,
+                "auth",
+                "application-default",
+                "print-access-token",
+                "--quiet",
+            ],
+            capture=True,
+            check=False,
+            suppress_output=True,
+        )
+        return returncode == 0
+    except FileNotFoundError:
+        return False
+
+
 def _is_gcp_user_authenticated() -> bool:
     """Check if the current gcloud user authentication is valid and non-interactive.
 
@@ -347,7 +373,7 @@ def _run_gcloud_login() -> None:
 
 
 def _test_gcp_credentials(user: str, impersonation_sa: str) -> None:
-    """Test GCP credentials. Only prints output on failure (to stderr)."""
+    """Test GCP credentials. Prints output on failure (to stderr) and success (to stdout)."""
     gcloud_path = _find_executable("gcloud")
     user_short = _get_short_name(user)
     impersonation_short = _get_short_name(impersonation_sa)
@@ -363,64 +389,73 @@ def _test_gcp_credentials(user: str, impersonation_sa: str) -> None:
         ]
 
         if impersonation_sa != "None":
+            # Test 1: Access as the user directly (temporarily disable impersonation)
+            print(f"  Testing direct access as user ({user_short})...")
             orig_sa = impersonation_sa
             unset_rc, _, unset_err = _gcloud_unset_config(
                 "auth/impersonate_service_account"
             )
             if unset_rc != 0:
-                # Failure to unset is an error state
                 print(
-                    f"{RED}✗ Test Error: Failed to temporarily disable impersonation: {unset_err}{NC}",
+                    f"    {RED}✗ Test Error: Failed to temporarily disable impersonation: {unset_err}{NC}",
                     file=sys.stderr,
                 )
-
-            user_returncode, _, _ = _run_command(cmd, suppress_output=True, check=False)
-            if user_returncode != 0:
-                # Failure to access as user
-                print(
-                    f"{RED}✗ Test Failure: Cannot access resources directly as user '{user_short}'. Check roles/project.{NC}",
-                    file=sys.stderr,
+                # Even if unsetting fails, attempt to restore and continue with impersonation test
+            else:
+                user_returncode, _, _ = _run_command(
+                    cmd, suppress_output=True, check=False
                 )
+                if user_returncode != 0:
+                    print(
+                        f"    {RED}✗ User Test Failure: Cannot access resources directly as user '{user_short}'. Check roles/project.{NC}",
+                        file=sys.stderr,
+                    )
+                else:
+                    print(
+                        f"    {GREEN}✓ User Test ({user_short}): Direct access OK{NC}"
+                    )
 
+            # Restore impersonation setting
             set_rc, _, set_err = _gcloud_set_config(
                 "auth/impersonate_service_account", orig_sa
             )
             if set_rc != 0:
-                # Failure to restore is an error state
                 print(
-                    f"{RED}✗ Test Error: Failed to restore impersonation config for {impersonation_short}: {set_err}{NC}",
+                    f"    {RED}✗ Test Error: Failed to restore impersonation config for {impersonation_short}: {set_err}{NC}",
                     file=sys.stderr,
                 )
+                # If restoring fails, it's a significant issue for the next test
 
+            # Test 2: Access while impersonating the SA
+            print(f"  Testing access while impersonating SA ({impersonation_short})...")
             impersonation_returncode, _, _ = _run_command(
                 cmd, suppress_output=True, check=False
             )
             if impersonation_returncode != 0:
-                # Failure to access while impersonating
                 print(
-                    f"{RED}✗ Test Failure: Cannot access resources impersonating '{impersonation_short}'. Check permissions/config.{NC}",
+                    f"    {RED}✗ Impersonation Test Failure: Cannot access resources impersonating '{impersonation_short}'. Check permissions/config.{NC}",
                     file=sys.stderr,
                 )
+            else:
+                print(
+                    f"    {GREEN}✓ Impersonation Test ({impersonation_short}): Access OK{NC}"
+                )
 
         else:
             # Test user account directly (no impersonation config)
+            print(f"  Testing direct access as user ({user_short})...")
             returncode, _, _ = _run_command(cmd, suppress_output=True, check=False)
             if returncode != 0:
-                # Failure to access as user
                 print(
-                    f"{RED}✗ Test Failure: Cannot access resources directly as user '{user_short}'. Check roles/project.{NC}",
+                    f"    {RED}✗ User Test Failure: Cannot access resources directly as user '{user_short}'. Check roles/project.{NC}",
                     file=sys.stderr,
                 )
-            # Success: No output
-            # else:
-            #    print(f"{GREEN}✓ Direct access as user {user_short}: OK{NC}")
-            # Correctly indented pass statement if no action needed on success
-            pass
+            else:
+                print(f"    {GREEN}✓ User Test ({user_short}): Direct access OK{NC}")
     else:
-        # If user isn't authenticated at all, maybe print a warning?
-        # print(f"{YELLOW}User not authenticated, skipping credential test.{NC}")
-        # Decided against this to keep output minimal unless actual test fails.
-        pass  # Explicit pass for the outer else
+        print(
+            f"  {YELLOW}User not authenticated, skipping credential access tests.{NC}"
+        )
 
 
 # --- AWS Functions ---
@@ -516,30 +551,54 @@ aws_app = typer.Typer(help="Manage AWS SSO authentication using RC files.")
 # --- GCP Commands ---
 @gcp_app.command("status")
 def gcp_status():
-    """Show active GCP credentials for CLI and Libraries/ADC."""
+    """Show active GCP credentials for CLI and Libraries/ADC, including staleness."""
     cli_user = _get_current_gcp_user()
     cli_impersonation = _get_current_gcp_impersonation()
-    adc_principal = _get_adc_status()
+    adc_principal_raw = _get_adc_status()  # Raw status string, potentially complex
+
+    user_auth_valid = _is_gcp_user_authenticated()
+    adc_auth_valid = _is_adc_authenticated()
 
     # Determine active principal for CLI
     if cli_impersonation != "None":
         cli_active_short = _get_short_name(cli_impersonation)
+        cli_is_impersonating = True
     else:
         cli_active_short = _get_short_name(cli_user)
+        cli_is_impersonating = False
 
-    # Get short name for ADC principal
-    adc_active_short = _get_short_name(adc_principal)
+    adc_active_short = _get_short_name(adc_principal_raw)
 
-    # Define a fixed width for the principal name field
-    name_width = 10
+    print(f"{BLUE}--- GCP CLI Credentials ---{NC}")
+    print(f"  Effective Principal: {GREEN}{cli_active_short}{NC}")
+    print(f"  User Account ({_get_short_name(cli_user)}):")
+    if user_auth_valid:
+        print(f"    └─ Authentication: {GREEN}VALID{NC}")
+    else:
+        print(
+            f"    └─ Authentication: {RED}STALE/EXPIRED{NC} (Hint: run 'dh gcp login')"
+        )
 
-    print(
-        f"Using {GREEN}{cli_active_short:<{name_width}}{NC} for {BLUE}gcloud CLI{NC} (gcloud, gsutil)"
-    )
-    print(
-        f"Using {GREEN}{adc_active_short:<{name_width}}{NC} for {BLUE}Libraries/Tools{NC} (warehouse, Terraform, Python clients)\n"
-    )
+    if cli_is_impersonating:
+        print(
+            f"  Impersonation ({_get_short_name(cli_impersonation)}): {GREEN}Active{NC}"
+        )
+        print(f"    └─ Access Test: (see results below)")
+    else:
+        print(f"  Impersonation: {YELLOW}Not Active{NC}")
+
+    print(f"\n{BLUE}--- GCP Library/ADC Credentials ---{NC}")
+    print(f"  Effective Principal: {GREEN}{adc_active_short}{NC}")
+    if adc_principal_raw in ["Not configured", "Error reading", "Invalid format"]:
+        print(f"    └─ Status: {RED}{adc_principal_raw}{NC}")
+    elif adc_auth_valid:
+        print(f"    └─ Authentication: {GREEN}VALID{NC}")
+    else:
+        print(
+            f"    └─ Authentication: {RED}STALE/EXPIRED{NC} (Hint: run 'dh gcp use-...-adc' or 'gcloud auth application-default login ...')"
+        )
 
+    print(f"\n{BLUE}--- GCP Access Tests (for CLI configuration) ---{NC}")
     # Run tests silently, they will print to stderr only on failure
     _test_gcp_credentials(cli_user, cli_impersonation)
 

{dayhoff_tools-1.1.15 → dayhoff_tools-1.1.16}/dayhoff_tools/cli/utility_commands.py

@@ -26,20 +26,40 @@ def _warn_if_gcp_default_sa(force_prompt: bool = False) -> None:
         user = _cc._get_current_gcp_user()
         active = impersonation if impersonation != "None" else user
         short = _cc._get_short_name(active)
+
+        # Determine if user creds are valid
+        auth_valid = _cc._is_gcp_user_authenticated()
     except Exception:
+        # If any helper errors out, don't block execution
         return
 
-    if short != "default VM service account":
-        return
+    problem_type = None  # "default_sa" | "stale"
+    if short == "default VM service account":
+        problem_type = "default_sa"
+    elif not auth_valid:
+        problem_type = "stale"
+
+    if problem_type is None:
+        return  # Everything looks good
 
     YELLOW = getattr(_cc, "YELLOW", "\033[0;33m")
     BLUE = getattr(_cc, "BLUE", "\033[0;36m")
     RED = getattr(_cc, "RED", "\033[0;31m")
     NC = getattr(_cc, "NC", "\033[0m")
 
+    if problem_type == "default_sa":
+        msg_body = (
+            f"You are currently authenticated as the *default VM service account*.\n"
+            f"   This will block gsutil/DVC access to private buckets (e.g. warehouse)."
+        )
+    else:  # stale creds
+        msg_body = (
+            f"Your GCP credentials appear to be *expired/stale*.\n"
+            f"   Re-authenticate to refresh the access token."
+        )
+
     print(
-        f"{YELLOW}⚠  You are currently authenticated as the *default VM service account*.{NC}\n"
-        f"{YELLOW}   This will block gsutil/DVC access to private buckets (e.g. warehouse).{NC}\n"
+        f"{YELLOW}⚠  {msg_body}{NC}\n"
         f"{YELLOW}   Run {BLUE}dh gcp login{YELLOW} or {BLUE}dh gcp use-devcon{YELLOW} before retrying.{NC}",
         file=sys.stderr,
     )

{dayhoff_tools-1.1.15 → dayhoff_tools-1.1.16}/dayhoff_tools/deployment/processors.py

@@ -409,15 +409,14 @@ class MMSeqsProfileProcessor(Processor):
             self._run_mmseqs_command(
                 [
                     "mmseqs",
-                    "result2flat",
-                    str(profile_db),  # queryDB used in search
-                    str(target_db),  # targetDB
-                    str(result_db),  # resultDB
+                    "createseqfiledb",
+                    str(result_db),  # resultDB containing target hits
+                    str(target_db),  # targetDB containing actual sequences
                     str(intermediate_hits_fasta_file),  # output FASTA
-                    "--use-fasta-header",
-                    "1",
+                    "--db-output",
+                    "1",  # Output in FASTA format
                 ],
-                "Extract hit sequences to FASTA via result2flat",
+                "Extract hit sequences to FASTA via createseqfiledb",
                 run_base_dir,
             )
 

{dayhoff_tools-1.1.15 → dayhoff_tools-1.1.16}/pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api"
 
 [project]
 name = "dayhoff-tools"
-version = "1.1.15"
+version = "1.1.16"
 description = "Common tools for all the repos at Dayhoff Labs"
 authors = [
     {name = "Daniel Martin-Alarcon", email = "dma@dayhofflabs.com"}