gravi-cli 0.1.1__py3-none-any.whl

gravi_cli/__init__.py

@@ -0,0 +1,9 @@
+"""
+Gravi CLI - Command-line tool for Gravitate infrastructure management.
+
+This package provides CLI access to Gravitate's mom infrastructure,
+allowing developers to authenticate, manage tokens, and access instance
+configurations and credentials.
+"""
+
+__version__ = "0.1.1"

gravi_cli/api.py

@@ -0,0 +1,49 @@
+"""
+Public Python API for gravi_cli.
+
+This module provides the programmatic interface for using gravi_cli
+as a library in Python scripts and applications.
+
+Example usage:
+    from gravi_cli.api import get_instance_config, get_instance_token
+
+    # Get database credentials
+    config = get_instance_config("prod")
+    db_url = config["config"]["database_url"]
+
+    # Get ServiceNow access token
+    token_response = get_instance_token("dev")
+    sn_token = token_response["access_token"]
+"""
+
+# Re-export the main API functions from auth module
+from .auth import (
+    get_mom_token,
+    get_instance_config,
+    get_instance_token,
+)
+
+# Re-export exceptions for library users
+from .exceptions import (
+    GraviError,
+    NotAuthenticatedError,
+    InvalidTokenError,
+    APIError,
+    RateLimitError,
+    ConfigError,
+)
+
+# Public API
+__all__ = [
+    # Authentication functions
+    "get_mom_token",
+    "get_instance_config",
+    "get_instance_token",
+    # Exceptions
+    "GraviError",
+    "NotAuthenticatedError",
+    "InvalidTokenError",
+    "APIError",
+    "RateLimitError",
+    "ConfigError",
+]

gravi_cli/auth.py

@@ -0,0 +1,139 @@
+"""
+Authentication and token management for gravi CLI.
+
+Handles token refresh, auto-renewal, and provides the main API
+for accessing mom and instance credentials.
+"""
+
+import os
+from datetime import datetime, timedelta, UTC
+
+from .client import MomClient
+from .config import load_config, save_config, config_exists
+from .exceptions import NotAuthenticatedError, InvalidTokenError
+
+
+def get_mom_url() -> str:
+    """
+    Get mom URL from environment or use default.
+
+    Returns:
+        Mom API base URL
+
+    Priority:
+        1. GRAVI_MOM_URL environment variable
+        2. Default: https://mom.gravitate.energy/api
+    """
+    return os.getenv("GRAVI_MOM_URL", "https://mom.gravitate.energy/api")
+
+
+def get_mom_token() -> str:
+    """
+    Get valid Mom access token, refreshing if necessary.
+
+    This function:
+    1. Checks for GRAVI_REFRESH_TOKEN environment variable (CI/CD usage)
+    2. Falls back to config file refresh token
+    3. Refreshes the access token using the refresh token
+    4. Auto-renews refresh token if <7 days remaining (saves to config)
+    5. Returns fresh access token (in-memory only, not persisted)
+
+    Returns:
+        Valid mom access token
+
+    Raises:
+        NotAuthenticatedError: If not logged in or token expired
+        InvalidTokenError: If refresh token is invalid or revoked
+    """
+    # Check for CI/CD environment variable first
+    refresh_token = os.getenv("GRAVI_REFRESH_TOKEN")
+
+    # Fall back to config file if not in CI/CD
+    if not refresh_token:
+        if not config_exists():
+            raise NotAuthenticatedError("Please run 'gravi login' first")
+
+        config = load_config()
+        refresh_token = config.refresh_token
+    else:
+        # CI/CD mode - load config if it exists (for potential auto-renewal)
+        config = None
+        if config_exists():
+            config = load_config()
+
+    if not refresh_token:
+        raise NotAuthenticatedError("Please run 'gravi login' first")
+
+    # Always get fresh access token from refresh token
+    mom_url = get_mom_url()
+    client = MomClient(mom_url)
+
+    try:
+        response = client.refresh_token(refresh_token)
+    except InvalidTokenError:
+        raise NotAuthenticatedError("Refresh token expired or revoked. Please run 'gravi login' again")
+
+    # Check if refresh token was renewed (auto-renewal if <7 days remaining)
+    if "refresh_token" in response and config:
+        config.refresh_token = response["refresh_token"]
+        config.refresh_token_expires_at = datetime.now(UTC) + timedelta(seconds=response["refresh_expires_in"])
+        save_config(config)
+
+    # Return access token (in-memory only, not persisted)
+    return response["access_token"]
+
+
+def get_instance_config(instance_key: str) -> dict:
+    """
+    Get instance configuration (credentials, URLs, etc.).
+
+    Args:
+        instance_key: Instance identifier (e.g., "dev", "prod")
+
+    Returns:
+        Instance configuration dictionary:
+        {
+            "instance_key": "dev",
+            "name": "Development Environment",
+            "api_url": "https://dev-api.gravitate.com",
+            "config": {
+                "database_url": "postgresql://...",
+                "redis_url": "redis://...",
+                ...
+            }
+        }
+
+    Raises:
+        NotAuthenticatedError: If not logged in or token expired
+        InvalidTokenError: If token is invalid or revoked
+        APIError: If API request fails
+    """
+    mom_url = get_mom_url()
+    mom_token = get_mom_token()
+    client = MomClient(mom_url)
+    return client.get_instance_config(instance_key, mom_token)
+
+
+def get_instance_token(instance_key: str) -> dict:
+    """
+    Get instance access token/credentials.
+
+    Args:
+        instance_key: Instance identifier (e.g., "dev", "prod")
+
+    Returns:
+        Instance-specific credentials (format varies by instance type)
+        Examples:
+        - ServiceNow OAuth: {"access_token": "...", "token_type": "Bearer", "expires_in": 3600}
+        - API Key based: {"api_key": "...", "environment": "production"}
+        - Custom format: Any JSON structure the instance provides
+
+    Raises:
+        NotAuthenticatedError: If not logged in or token expired
+        InvalidTokenError: If token is invalid or revoked
+        APIError: If API request fails
+    """
+    mom_url = get_mom_url()
+    mom_token = get_mom_token()
+    client = MomClient(mom_url)
+    return client.get_instance_token(instance_key, mom_token)

gravi_cli/cli.py

@@ -0,0 +1,401 @@
+"""
+Main CLI interface for gravi.
+
+Implements all CLI commands using Click framework.
+"""
+
+import os
+import sys
+import json
+import time
+import socket
+import shlex
+import webbrowser
+from datetime import datetime, UTC
+
+import click
+
+from . import __version__
+from .auth import get_mom_url, get_mom_token, get_instance_config, get_instance_token
+from .client import MomClient
+from .config import (
+    Config,
+    load_config,
+    save_config,
+    delete_config,
+    config_exists,
+    get_config_path,
+)
+from .exceptions import (
+    NotAuthenticatedError,
+    InvalidTokenError,
+    APIError,
+    RateLimitError,
+    ConfigError,
+)
+
+
+@click.group()
+@click.version_option(version=__version__, prog_name="gravi")
+def main():
+    """Gravi CLI - Gravitate infrastructure management tool."""
+    pass
+
+
+@main.command()
+@click.option(
+    "--mom-url",
+    envvar="GRAVI_MOM_URL",
+    default="https://mom.gravitate.energy/api",
+    help="Mom API URL (default: https://mom.gravitate.energy/api)",
+)
+def login(mom_url):
+    """Authenticate with mom via browser."""
+    client = MomClient(mom_url)
+
+    # Check if already logged in
+    if config_exists():
+        try:
+            config = load_config()
+            click.echo(f"Already logged in as {config.user_email}")
+            if click.confirm("Do you want to log in again?", default=False):
+                delete_config()
+            else:
+                return
+        except Exception:
+            # Config corrupted, proceed with login
+            pass
+
+    # Step 1: Initiate device authorization
+    click.echo("Initiating authentication...")
+
+    # Get device name from hostname with fallback
+    try:
+        device_name = socket.gethostname()
+        if not device_name or device_name == "localhost":
+            device_name = "unknown-device"
+    except Exception:
+        device_name = "unknown-device"
+
+    try:
+        device_auth = client.initiate_device_auth(device_name=device_name)
+    except APIError as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+
+    # Step 2: Display instructions
+    click.echo("\n" + "=" * 60)
+    click.echo("Please authorize this CLI tool:")
+    click.echo(f"  1. Opening browser to: {device_auth['verification_uri_complete']}")
+    click.echo(f"  2. Or manually visit: {device_auth['verification_uri']}")
+    click.echo(f"     and enter code: {device_auth['user_code']}")
+    click.echo("=" * 60 + "\n")
+
+    # Step 3: Open browser automatically
+    try:
+        webbrowser.open(device_auth["verification_uri_complete"])
+    except Exception:
+        click.echo("Could not open browser automatically. Please visit the URL manually.")
+
+    # Step 4: Poll for authorization
+    device_code = device_auth["device_code"]
+    interval = device_auth["interval"]
+    expires_in = device_auth["expires_in"]
+
+    click.echo("Waiting for authorization...", nl=False)
+
+    start_time = time.time()
+    while time.time() - start_time < expires_in:
+        time.sleep(interval)
+
+        try:
+            result = client.poll_device_auth(device_code)
+        except APIError as e:
+            if "expired" in str(e).lower():
+                click.echo(" ✗")
+                click.echo("\nError: Authorization timed out. Please try again.", err=True)
+                sys.exit(1)
+            # Continue polling on other errors
+            click.echo(".", nl=False)
+            continue
+
+        if result.get("error"):
+            if result["error"] == "expired_token":
+                click.echo(" ✗")
+                click.echo("\nError: Authorization timed out. Please try again.", err=True)
+                sys.exit(1)
+            # Continue polling for other errors
+            click.echo(".", nl=False)
+            continue
+
+        if result.get("authorized"):
+            click.echo(" ✓")
+
+            # Step 5: Extract credentials from response
+            user_email = result["user_email"]
+            token_id = result["token_id"]
+            refresh_token = result["refresh_token"]
+            refresh_expires_in = result["refresh_expires_in"]
+            device_name = result["device_name"]  # Final device name (may have been edited by user)
+
+            # Save config (without mom_url - it's runtime only)
+            config = Config(
+                user_email=user_email,
+                refresh_token=refresh_token,
+                refresh_token_expires_at=datetime.now(UTC) + timedelta(seconds=refresh_expires_in),
+                token_id=token_id,
+                device_name=device_name,
+            )
+
+            try:
+                save_config(config)
+            except ConfigError as e:
+                click.echo(f"\nError saving config: {e}", err=True)
+                sys.exit(1)
+
+            click.echo(f"\n✓ Successfully logged in as {user_email}")
+            click.echo(f"  Credentials saved to: {get_config_path()}")
+            return
+
+        click.echo(".", nl=False)
+
+    # Timeout
+    click.echo(" ✗")
+    click.echo("\nError: Authorization timed out or cancelled. Please try again.", err=True)
+    sys.exit(1)
+
+
+@main.command()
+def logout():
+    """Clear local credentials and revoke token on backend."""
+    try:
+        config = load_config()
+
+        # Try to revoke token on backend
+        try:
+            mom_token = get_mom_token()
+            mom_url = get_mom_url()
+            client = MomClient(mom_url)
+            # Delete this specific token by token_id
+            client.delete_cli_token(config.token_id, mom_token)
+            click.echo("✓ Token revoked on server")
+        except Exception as e:
+            click.echo(f"⚠  Could not revoke token on server: {e}")
+            click.echo("  (Will still clear local credentials)")
+
+        # Delete local config file
+        config_path = get_config_path()
+        if delete_config():
+            click.echo(f"✓ Local credentials cleared from {config_path}")
+        else:
+            click.echo("No local credentials found")
+
+    except FileNotFoundError:
+        click.echo("✓ Logged out (no existing session)")
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+
+
+@main.command()
+def status():
+    """Show login status and token expiry."""
+    try:
+        config = load_config()
+
+        mom_url = get_mom_url()
+
+        click.echo("Gravi CLI Status")
+        click.echo("=" * 40)
+        click.echo(f"User:         {config.user_email}")
+        click.echo(f"Mom URL:      {mom_url}")
+        click.echo(f"Device:       {config.device_name}")
+        click.echo(f"Token ID:     {config.token_id}")
+
+        # Calculate expiry
+        # Handle both string (from config file) and datetime object
+        if isinstance(config.refresh_token_expires_at, str):
+            expires_at = datetime.fromisoformat(config.refresh_token_expires_at.replace("Z", "+00:00"))
+        else:
+            expires_at = config.refresh_token_expires_at
+
+        time_remaining = expires_at - datetime.now(UTC)
+        days_remaining = time_remaining.days
+
+        if days_remaining < 0:
+            click.echo("Token:        ✗ EXPIRED")
+            click.echo("Action:       Run 'gravi login' to re-authenticate")
+        elif days_remaining < 2:
+            click.echo(f"Token:        ⚠  Expires in {days_remaining} day(s)")
+            click.echo("Action:       Will auto-renew on next use")
+        else:
+            click.echo(f"Token:        ✓ Valid for {days_remaining} more days")
+
+    except FileNotFoundError:
+        click.echo("Not logged in. Run 'gravi login' to authenticate.")
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+
+
+@main.command()
+def whoami():
+    """Show current user info and mom URL."""
+    try:
+        config = load_config()
+
+        # Get fresh access token to verify we're still authenticated
+        mom_token = get_mom_token()
+        mom_url = get_mom_url()
+
+        click.echo(f"Logged in as: {config.user_email}")
+        click.echo(f"Mom URL:      {mom_url}")
+        click.echo(f"Device:       {config.device_name}")
+
+    except FileNotFoundError:
+        click.echo("Not logged in. Run 'gravi login' to authenticate.")
+    except NotAuthenticatedError:
+        click.echo("Session expired. Run 'gravi login' to re-authenticate.")
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+
+
+@main.group()
+def tokens():
+    """Manage CLI authorization tokens."""
+    pass
+
+
+@tokens.command("list")
+def tokens_list():
+    """List all authorized CLI tokens."""
+    try:
+        config = load_config()
+        mom_token = get_mom_token()
+        mom_url = get_mom_url()
+        client = MomClient(mom_url)
+
+        response = client.list_cli_tokens(mom_token)
+
+        if not response["tokens"]:
+            click.echo("No active tokens found.")
+            return
+
+        click.echo("Active CLI Tokens:")
+        click.echo("=" * 80)
+
+        for token in response["tokens"]:
+            is_current = token["id"] == config.token_id
+            marker = "→" if is_current else " "
+
+            click.echo(f"{marker} ID: {token['id']}")
+            click.echo(f"  Device:      {token['device_name']}")
+            click.echo(f"  Type:        {token['token_type']}")
+            click.echo(f"  Created:     {token['created_at']}")
+            click.echo(f"  Last used:   {token.get('last_used_at', 'Never')}")
+            click.echo(f"  Expires in:  {token['days_until_expiry']} days")
+            if is_current:
+                click.echo("  (Current session)")
+            click.echo()
+
+    except NotAuthenticatedError as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+
+
+@tokens.command("revoke")
+@click.argument("token_id", required=False)
+@click.option("--all", is_flag=True, help="Revoke all tokens")
+def tokens_revoke(token_id, all):
+    """Revoke a CLI token by ID, or all tokens."""
+    try:
+        config = load_config()
+        mom_token = get_mom_token()
+        mom_url = get_mom_url()
+        client = MomClient(mom_url)
+
+        if all:
+            if not click.confirm(
+                "Are you sure you want to revoke ALL tokens? This will log you out everywhere.",
+                default=False,
+            ):
+                click.echo("Cancelled.")
+                return
+
+            # Get all tokens and revoke them
+            response = client.list_cli_tokens(mom_token)
+            for token in response["tokens"]:
+                client.delete_cli_token(token["id"], mom_token)
+                click.echo(f"✓ Revoked token: {token['device_name']}")
+
+            # Clear local config
+            delete_config()
+            click.echo("\n✓ All tokens revoked. You are now logged out.")
+
+        elif token_id:
+            client.delete_cli_token(token_id, mom_token)
+            click.echo(f"✓ Token {token_id} revoked")
+
+            # If revoking current token, clear local config
+            # Compare as strings to handle both string and ObjectId types
+            if str(token_id) == str(config.token_id):
+                delete_config()
+                click.echo("✓ Current session ended. Run 'gravi login' to re-authenticate.")
+
+        else:
+            click.echo("Error: Specify a token ID or use --all flag", err=True)
+            click.echo("Usage: gravi tokens revoke <token_id>")
+            click.echo("       gravi tokens revoke --all")
+            sys.exit(1)
+
+    except NotAuthenticatedError as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+
+
+@main.command()
+@click.argument("instance_key")
+@click.option(
+    "--format",
+    type=click.Choice(["json", "env"]),
+    default="json",
+    help="Output format (default: json)",
+)
+def config(instance_key, format):
+    """Get instance configuration (credentials, URLs, etc.)."""
+    try:
+        config_data = get_instance_config(instance_key)
+
+        if format == "json":
+            click.echo(json.dumps(config_data, indent=2))
+        elif format == "env":
+            # Flatten config for environment variables
+            click.echo(f"# Environment variables for {instance_key}")
+            click.echo(f"export INSTANCE_KEY={shlex.quote(config_data['instance_key'])}")
+            click.echo(f"export INSTANCE_NAME={shlex.quote(config_data['name'])}")
+            click.echo(f"export API_URL={shlex.quote(config_data['api_url'])}")
+
+            for key, value in config_data.get("config", {}).items():
+                env_key = key.upper()
+                # Quote values to handle special characters and spaces
+                click.echo(f"export {env_key}={shlex.quote(str(value))}")
+
+    except NotAuthenticatedError as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+    except Exception as e:
+        click.echo(f"Error: {e}", err=True)
+        sys.exit(1)
+
+
+# Add missing import for timedelta
+from datetime import timedelta
+
+
+if __name__ == "__main__":
+    main()