ibm-watsonx-orchestrate 1.6.0b0__py3-none-any.whl → 1.6.2__py3-none-any.whl

ibm_watsonx_orchestrate/cli/commands/channels/webchat/channels_webchat_controller.py

@@ -1,9 +1,10 @@
 import logging
 import rich
 import jwt
+import sys
 
 from ibm_watsonx_orchestrate.cli.config import Config, ENV_WXO_URL_OPT, ENVIRONMENTS_SECTION_HEADER, CONTEXT_SECTION_HEADER, CONTEXT_ACTIVE_ENV_OPT, CHAT_UI_PORT
-from ibm_watsonx_orchestrate.client.utils import is_local_dev, AUTH_CONFIG_FILE_FOLDER, AUTH_SECTION_HEADER, AUTH_MCSP_TOKEN_OPT, AUTH_CONFIG_FILE
+from ibm_watsonx_orchestrate.client.utils import is_local_dev, is_ibm_cloud, AUTH_CONFIG_FILE_FOLDER, AUTH_SECTION_HEADER, AUTH_MCSP_TOKEN_OPT, AUTH_CONFIG_FILE
 
 from ibm_watsonx_orchestrate.client.agents.agent_client import AgentClient
 
@@ -19,7 +20,41 @@ class ChannelsWebchatController:
     def get_native_client(self):
         self.native_client = instantiate_client(AgentClient)
         return self.native_client
-
+    
+    def extract_tenant_id_from_crn(self, crn: str) -> str:
+        is_ibm_cloud_env = is_ibm_cloud()
+        if is_ibm_cloud_env:
+            try:
+                parts = crn.split("a/")[1].split(":")
+                account_part = parts[0]
+                instance_part = parts[1]
+                tenant_id = f"{account_part}_{instance_part}"
+                return tenant_id
+            except (IndexError, AttributeError):
+                raise ValueError(f"Invalid CRN format: {crn}")
+        else:
+            try:
+                parts = crn.split("sub/")[1].split(":")
+                account_part = parts[0]
+                instance_part = parts[1]
+                tenant_id = f"{account_part}_{instance_part}"
+                return tenant_id
+            except (IndexError, AttributeError):
+                raise ValueError(f"Invalid CRN format: {crn}")
+
+        
+            
+    def check_crn_is_correct(self, crn: str):
+        parts = crn.split("a/")[1].split(":")
+        instance_part_crn = parts[1]
+        cfg = Config()
+        active_env = cfg.read(CONTEXT_SECTION_HEADER, CONTEXT_ACTIVE_ENV_OPT)
+        url = cfg.get(ENVIRONMENTS_SECTION_HEADER, active_env, ENV_WXO_URL_OPT)
+        instance_part_url = url.rstrip("/").split("/")[-1]
+        if instance_part_crn == instance_part_url:
+            return True
+        else:
+            return False
 
     def get_agent_id(self, agent_name: str):
         native_client = self.get_native_client()
@@ -39,7 +74,7 @@ class ChannelsWebchatController:
             raise ValueError(f"No agent found with the name '{agent_name}'")
 
         agent = existing_native_agents[0]
-        agent_environments = agent.get("environments", [])
+        agent_environments = agent.get("environments", [])        
 
         is_local = is_local_dev()
         target_env = env or 'draft'
@@ -56,15 +91,37 @@ class ChannelsWebchatController:
                 logger.error(f'This agent does not exist in the {env} environment. You need to deploy it to {env} before you can embed the agent')
             exit(1)
 
-        return filtered_environments[0].get("id")
+        if target_env == 'draft' and is_local == False:
+            logger.error(f'For SAAS, please ensure this agent exists in a Live Environment')
+            exit(1)
+             
 
 
+        return filtered_environments[0].get("id")
+
     def get_tennent_id(self):
         auth_cfg = Config(AUTH_CONFIG_FILE_FOLDER, AUTH_CONFIG_FILE)
 
         cfg = Config()
         active_env = cfg.read(CONTEXT_SECTION_HEADER, CONTEXT_ACTIVE_ENV_OPT)
-        is_local = is_local_dev()
+
+        existing_auth_config = auth_cfg.get(AUTH_SECTION_HEADER).get(active_env, {})
+
+        existing_token = existing_auth_config.get(AUTH_MCSP_TOKEN_OPT) if existing_auth_config else None
+        token = jwt.decode(existing_token, options={"verify_signature": False})
+        crn = ""
+        crn = token.get('aud', None)
+
+        tenant_id = self.extract_tenant_id_from_crn(crn)
+        return tenant_id
+
+
+
+    def get_tenant_id_local(self):
+        auth_cfg = Config(AUTH_CONFIG_FILE_FOLDER, AUTH_CONFIG_FILE)
+
+        cfg = Config()
+        active_env = cfg.read(CONTEXT_SECTION_HEADER, CONTEXT_ACTIVE_ENV_OPT)
 
         existing_auth_config = auth_cfg.get(AUTH_SECTION_HEADER).get(active_env, {})
 
@@ -72,10 +129,7 @@ class ChannelsWebchatController:
 
         token = jwt.decode(existing_token, options={"verify_signature": False})
         tenant_id = ""
-        if is_local:
-            tenant_id = token.get('woTenantId', None)
-        else:
-            tenant_id = token.get('tenantId', None)
+        tenant_id = token.get('woTenantId', None)
 
         return tenant_id
 
@@ -99,41 +153,70 @@ class ChannelsWebchatController:
 
             
     def create_webchat_embed_code(self):
-        tenant_id = self.get_tennent_id()
+        crn = None
+        is_ibm_cloud_env = is_ibm_cloud()
+        is_local = is_local_dev()
+        if is_ibm_cloud_env is True:
+            crn = input("Please enter your CRN which can be gotten from the IBM Cloud UI: ")
+            if crn == "":
+                logger.error("You must enter your CRN for IBM Cloud instances")
+                sys.exit(1)
+            is_crn_correct = self.check_crn_is_correct(crn)
+            if is_crn_correct == False:
+                logger.error("Invalid CRN format provided.")
+
+        if is_ibm_cloud_env and crn is not None:
+            tenant_id = self.extract_tenant_id_from_crn(crn)
+        elif is_ibm_cloud_env is False and is_local is False:
+            tenant_id = self.get_tennent_id()
+        elif is_local:
+            tenant_id = self.get_tenant_id_local()
         host_url = self.get_host_url()
         agent_id = self.get_agent_id(self.agent_name)
         agent_env_id = self.get_environment_id(self.agent_name, self.env)
 
-        is_local = is_local_dev()
         script_path = (
             "/wxoLoader.js?embed=true"
             if is_local
             else "/wxochat/wxoLoader.js?embed=true"
         )
 
+        config_lines = [
+            f'orchestrationID: "{tenant_id}"',
+            f'hostURL: "{host_url}"',
+            'rootElementID: "root"',
+            'showLauncher: true',
+        ]
+
+        # Conditional fields for IBM Cloud
+        if is_ibm_cloud_env:
+            config_lines.append(f'crn: "{crn}"')
+        if is_ibm_cloud_env:
+            config_lines.append(f'deploymentPlatform: "ibmcloud"')
+
+        config_lines.append(f"""chatOptions: {{
+            agentId: "{agent_id}",
+            agentEnvironmentId: "{agent_env_id}"
+        }}""")
+
+        config_body = ",\n                    ".join(config_lines)
+
         script = f"""
             <script>
                 window.wxOConfiguration = {{
-                    orchestrationID: "{tenant_id}",
-                    hostURL: "{host_url}",
-                    rootElementID: "root",
-                    showLauncher: true,
-                    chatOptions: {{
-                        agentId: "{agent_id}",
-                        agentEnvironmentId: "{agent_env_id}"
-                    }},
+                    {config_body}
                 }};
 
                 setTimeout(function () {{
                     const script = document.createElement('script');
                     script.src = `${{window.wxOConfiguration.hostURL}}{script_path}`;
                     script.addEventListener('load', function () {{
-                    wxoLoader.init();
+                        wxoLoader.init();
                     }});
                     document.head.appendChild(script);
                 }}, 0);
             </script>
-        """ 
+            """
 
         rich.print(script)
         return script

ibm_watsonx_orchestrate/cli/commands/chat/chat_command.py

@@ -24,6 +24,8 @@ def chat_start(
         url = "http://localhost:3000/chat-lite"
         webbrowser.open(url)
         logger.info(f"Opening chat interface at {url}")
+        # TODO: Remove when connections UI is added
+        logger.warning("When using local chat, requests that the user 'Connect Apps' must be resolved by running `orchestrate connections set-credentials`")
     else:
         logger.error("Unable to start orchestrate UI chat service.  Please check error messages and logs")
 

ibm_watsonx_orchestrate/cli/commands/connections/connections_command.py

@@ -191,31 +191,31 @@ def set_credentials_connection_command(
         typer.Option(
             '--client-id',
             # help='For oauth_auth_on_behalf_of_flow, oauth_auth_code_flow, oauth_auth_implicit_flow, oauth_auth_password_flow and oauth_auth_client_credentials_flow, the client_id to authenticate against the application token server'
-            help='For oauth_auth_on_behalf_of_flow, the client_id to authenticate against the application token server'
+            help='For oauth_auth_on_behalf_of_flow and oauth_auth_client_credentials_flow, the client_id to authenticate against the application token server'
+        )
+    ] = None,
+    client_secret: Annotated[
+        str,
+        typer.Option(
+            '--client-secret',
+            help='For oauth_auth_client_credentials_flow, the client_secret to authenticate with'
         )
     ] = None,
-    # client_secret: Annotated[
-    #     str,
-    #     typer.Option(
-    #         '--client-secret',
-    #         help='For oauth_auth_code_flow, oauth_auth_password_flow and oauth_auth_client_credentials_flow, the client_secret to authenticate with'
-    #     )
-    # ] = None,
     token_url: Annotated[
         str,
         typer.Option(
             '--token-url',
             # help='For oauth_auth_on_behalf_of_flow, oauth_auth_code_flow, oauth_auth_password_flow and oauth_auth_client_credentials_flow, the url of the application token server'
-            help='For oauth_auth_on_behalf_of_flow, the url of the application token server'
+            help='For oauth_auth_on_behalf_of_flow and oauth_auth_client_credentials_flow, the url of the application token server'
+        )
+    ] = None,
+    auth_url: Annotated[
+        str,
+        typer.Option(
+            '--auth-url',
+            help='For oauth_auth_code_flow, the url of the application token server'
         )
     ] = None,
-    # auth_url: Annotated[
-    #     str,
-    #     typer.Option(
-    #         '--auth-url',
-    #         help='For oauth_auth_code_flow, oauth_auth_implicit_flow and oauth_auth_password_flow, the url of the application token server'
-    #     )
-    # ] = None,
     grant_type: Annotated[
         str,
         typer.Option(
@@ -223,6 +223,13 @@ def set_credentials_connection_command(
             help='For oauth_auth_on_behalf_of_flow, the grant type used by the application token server'
         )
     ] = None,
+    scopes: Annotated[
+        List[str],
+        typer.Option(
+            '--scopes',
+            help='For oauth_auth_code_flow and oauth_auth_client_credentials_flow, the optional scopes used by the application token server'
+        )
+    ] = None,
     entries: Annotated[
         List[str],
         typer.Option(
@@ -239,10 +246,11 @@ def set_credentials_connection_command(
         token=token,
         api_key=api_key,
         client_id=client_id,
-        # client_secret=client_secret,
+        client_secret=client_secret,
         token_url=token_url,
-        # auth_url=auth_url,
+        auth_url=auth_url,
         grant_type=grant_type,
+        scopes=scopes,
         entries=entries
     )
 

ibm_watsonx_orchestrate/cli/commands/connections/connections_controller.py

@@ -15,19 +15,19 @@ from ibm_watsonx_orchestrate.agent_builder.connections.types import (
     ConnectionType,
     IdpConfigData,
     IdpConfigDataBody,
-    AppConfigData, 
+    AppConfigData,
     BasicAuthCredentials,
     BearerTokenAuthCredentials,
     APIKeyAuthCredentials,
     # OAuth2AuthCodeCredentials,
-    # OAuth2ClientCredentials,
+    OAuth2ClientCredentials,
     # OAuth2ImplicitCredentials,
     # OAuth2PasswordCredentials,
     OAuthOnBehalfOfCredentials,
     KeyValueConnectionCredentials,
     CREDENTIALS,
     IdentityProviderCredentials,
-    OAUTH_CONNECTION_TYPES
+    OAUTH_CONNECTION_TYPES, OAuth2AuthCodeCredentials
 
 )
 
@@ -136,40 +136,31 @@ def _validate_connection_params(type: ConnectionType, **args) -> None:
             f"Missing flags --api-key is required for type {type}"
         )
 
-    # if type in OAUTH_CONNECTION_TYPES and args.get('client_id') is None:
-    #     raise typer.BadParameter(
-    #         f"Missing flags --client-id is required for type {type}"
-    #     )
-
-    # if type in (OAUTH_CONNECTION_TYPES.difference({ConnectionType.OAUTH2_IMPLICIT, ConnectionType.OAUTH_ON_BEHALF_OF_FLOW})) and args.get('client_secret') is None:
-    #     raise typer.BadParameter(
-    #         f"Missing flags --client-secret is required for type {type}"
-    #     )
-    
-    # if type in (OAUTH_CONNECTION_TYPES.difference({ConnectionType.OAUTH2_IMPLICIT})) and args.get('token_url') is None:
-    #     raise typer.BadParameter(
-    #         f"Missing flags --token-url is required for type {type}"
-    #     )
+    if type in {ConnectionType.OAUTH2_CLIENT_CREDS, ConnectionType.OAUTH2_AUTH_CODE} and args.get('client_secret') is None:
+        raise typer.BadParameter(
+            f"Missing flags --client-secret is required for type {type}"
+        )
     
-    # if type in (OAUTH_CONNECTION_TYPES.difference({ConnectionType.OAUTH2_CLIENT_CREDS, ConnectionType.OAUTH_ON_BEHALF_OF_FLOW})) and args.get('auth_url') is None:
-    #     raise typer.BadParameter(
-    #         f"Missing flags --auth-url is required for type {type}"
-    #     )
+    if type in {ConnectionType.OAUTH2_AUTH_CODE} and args.get('auth_url') is None:
+        raise typer.BadParameter(
+            f"Missing flags --auth-url is required for type {type}"
+        )
 
-    if type == ConnectionType.OAUTH_ON_BEHALF_OF_FLOW and (
+    if type in {ConnectionType.OAUTH_ON_BEHALF_OF_FLOW, ConnectionType.OAUTH2_CLIENT_CREDS, ConnectionType.OAUTH2_AUTH_CODE} and (
             args.get('client_id') is None
     ):
         raise typer.BadParameter(
             f"Missing flags --client-id is required for type {type}"
         )
     
-    if type == ConnectionType.OAUTH_ON_BEHALF_OF_FLOW and (
+    if type in {ConnectionType.OAUTH_ON_BEHALF_OF_FLOW, ConnectionType.OAUTH2_CLIENT_CREDS, ConnectionType.OAUTH2_AUTH_CODE} and (
             args.get('token_url') is None
     ):
         raise typer.BadParameter(
             f"Missing flags --token-url is required for type {type}"
         )
 
+
     if type == ConnectionType.OAUTH_ON_BEHALF_OF_FLOW and (
             args.get('grant_type') is None
     ):
@@ -200,19 +191,21 @@ def _get_credentials(type: ConnectionType, **kwargs):
             return APIKeyAuthCredentials(
                 api_key=kwargs.get("api_key")
             )
-        # case ConnectionType.OAUTH2_AUTH_CODE:
-        #     return OAuth2AuthCodeCredentials(
-        #         authorization_url=kwargs.get("auth_url"),
-        #         client_id=kwargs.get("client_id"),
-        #         client_secret=kwargs.get("client_secret"),
-        #         token_url=kwargs.get("token_url")
-        #     )
-        # case ConnectionType.OAUTH2_CLIENT_CREDS:
-        #     return OAuth2ClientCredentials(
-        #         client_id=kwargs.get("client_id"),
-        #         client_secret=kwargs.get("client_secret"),
-        #         token_url=kwargs.get("token_url")
-        #     )
+        case ConnectionType.OAUTH2_AUTH_CODE:
+            return OAuth2AuthCodeCredentials(
+                authorization_url=kwargs.get("auth_url"),
+                client_id=kwargs.get("client_id"),
+                client_secret=kwargs.get("client_secret"),
+                token_url=kwargs.get("token_url"),
+                scopes=kwargs.get("scopes")
+            )
+        case ConnectionType.OAUTH2_CLIENT_CREDS:
+            return OAuth2ClientCredentials(
+                client_id=kwargs.get("client_id"),
+                client_secret=kwargs.get("client_secret"),
+                token_url=kwargs.get("token_url"),
+                scopes=kwargs.get("scopes")
+            )
         # case ConnectionType.OAUTH2_IMPLICIT:
         #     return OAuth2ImplicitCredentials(
         #         authorization_url=kwargs.get("auth_url"),
@@ -267,11 +260,14 @@ def add_configuration(config: ConnectionConfiguration) -> None:
                 logger.warning(f"Detected a change in sso from '{existing_configuration.sso}' to '{config.sso}'. The associated credentials will be removed.")
                 should_delete_credentials = True
 
+            existing_conn_type = get_connection_type(security_scheme=existing_configuration.security_scheme, auth_type=existing_configuration.auth_type)
+            use_app_credentials = existing_conn_type in OAUTH_CONNECTION_TYPES
+
             if should_delete_credentials:
                 try:
-                    existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_sso=existing_configuration.sso)
+                    existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_app_credentials=use_app_credentials)
                     if existing_credentials:
-                        client.delete_credentials(app_id=app_id, env=environment, use_sso=existing_configuration.sso)
+                        client.delete_credentials(app_id=app_id, env=environment, use_app_credentials=use_app_credentials)
                 except:
                     logger.error(f"Error removing credentials for connection '{app_id}' in environment '{environment}'. No changes have been made to the configuration.")
                     sys.exit(1)
@@ -289,11 +285,11 @@ def add_configuration(config: ConnectionConfiguration) -> None:
         logger.error(response_text)
         exit(1)
 
-def add_credentials(app_id: str, environment: ConnectionEnvironment, use_sso: bool, credentials: CREDENTIALS) -> None:
+def add_credentials(app_id: str, environment: ConnectionEnvironment, use_app_credentials: bool, credentials: CREDENTIALS) -> None:
     client = get_connections_client()
     try:
-        existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_sso=use_sso)
-        if use_sso:
+        existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_app_credentials=use_app_credentials)
+        if use_app_credentials:
             payload = {
                 "app_credentials": credentials.model_dump(exclude_none=True)
             }
@@ -304,9 +300,9 @@ def add_credentials(app_id: str, environment: ConnectionEnvironment, use_sso: bo
         
         logger.info(f"Setting credentials for environment '{environment}' on connection '{app_id}'")
         if existing_credentials:
-            client.update_credentials(app_id=app_id, env=environment, use_sso=use_sso, payload=payload)
+            client.update_credentials(app_id=app_id, env=environment, use_app_credentials=use_app_credentials, payload=payload)
         else:
-            client.create_credentials(app_id=app_id,env=environment, use_sso=use_sso, payload=payload)
+            client.create_credentials(app_id=app_id,env=environment, use_app_credentials=use_app_credentials, payload=payload)
         logger.info(f"Credentials successfully set for '{environment}' environment of connection '{app_id}'")
     except requests.HTTPError as e:
         response = e.response
@@ -318,7 +314,7 @@ def add_identity_provider(app_id: str, environment: ConnectionEnvironment, idp:
     client = get_connections_client()
 
     try:
-        existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_sso=True)
+        existing_credentials = client.get_credentials(app_id=app_id, env=environment, use_app_credentials=True)
         
         payload = {
             "idp_credentials": idp.model_dump()
@@ -326,9 +322,9 @@ def add_identity_provider(app_id: str, environment: ConnectionEnvironment, idp:
 
         logger.info(f"Setting identity provider for environment '{environment}' on connection '{app_id}'")
         if existing_credentials:
-            client.update_credentials(app_id=app_id, env=environment, use_sso=True, payload=payload)
+            client.update_credentials(app_id=app_id, env=environment, use_app_credentials=True, payload=payload)
         else:
-            client.create_credentials(app_id=app_id,env=environment, use_sso=True, payload=payload)
+            client.create_credentials(app_id=app_id,env=environment, use_app_credentials=True, payload=payload)
         logger.info(f"Identity provider successfully set for '{environment}' environment of connection '{app_id}'")
     except requests.HTTPError as e:
         response = e.response
@@ -350,7 +346,7 @@ def add_connection(app_id: str) -> None:
         status_code = response.status_code
         try:
             if status_code == 409:
-                response_text = f"Failed to create connection. A connection with the App ID '{app_id}' already exists. Please select a diffrent App ID or delete the existing resource."
+                response_text = f"Failed to create connection. A connection with the App ID '{app_id}' already exists. Please select a different App ID or delete the existing resource."
             else:
                 resp = json.loads(response_text)
                 response_text = resp.get('detail')
@@ -374,12 +370,14 @@ def remove_connection(app_id: str) -> None:
 
 def list_connections(environment: ConnectionEnvironment | None, verbose: bool = False) -> None:
     client = get_connections_client()
-
     connections = client.list()
-    
+    is_local = is_local_dev()
+
     if verbose:
         connections_list = []
         for conn in connections:
+            if is_local and  conn.environment == ConnectionEnvironment.LIVE:
+                continue
             connections_list.append(json.loads(conn.model_dump_json()))
 
         rich.print_json(json.dumps(connections_list, indent=4))
@@ -387,11 +385,17 @@ def list_connections(environment: ConnectionEnvironment | None, verbose: bool =
         non_configured_table = rich.table.Table(show_header=True, header_style="bold white", show_lines=True, title="*Non-Configured")
         draft_table = rich.table.Table(show_header=True, header_style="bold white", show_lines=True, title="Draft")
         live_table = rich.table.Table(show_header=True, header_style="bold white", show_lines=True, title="Live")
-        columns = ["App ID", "Auth Type", "Type", "Credentials Set"]
-        for column in columns:
-            draft_table.add_column(column, justify='center', no_wrap=True)
-            live_table.add_column(column, justify='center', no_wrap=True)
-            non_configured_table.add_column(column, justify='center', no_wrap=True)
+        default_args = {"justify": "center", "no_wrap": True}
+        column_args = {
+            "App ID": {"overflow": "fold"}, 
+            "Auth Type": {}, 
+            "Type": {}, 
+            "Credentials Set/ Connected": {}
+        }
+        for column in column_args:
+            draft_table.add_column(column,**default_args, **column_args[column])
+            live_table.add_column(column,**default_args, **column_args[column])
+            non_configured_table.add_column(column,**default_args, **column_args[column])
         
         for conn in connections:
             if conn.environment is None:
@@ -412,7 +416,7 @@ def list_connections(environment: ConnectionEnvironment | None, verbose: bool =
                     conn.preference,
                     "✅" if conn.credentials_entered else "❌"
                 )
-            elif conn.environment == ConnectionEnvironment.LIVE:
+            elif conn.environment == ConnectionEnvironment.LIVE and not is_local:
                 live_table.add_row(
                     conn.app_id,
                     connection_type,
@@ -463,11 +467,6 @@ def configure_connection(**kwargs) -> None:
 
     config = ConnectionConfiguration.model_validate(kwargs)
 
-    # TODO: Remove once Oauth is supported on local
-    if config.security_scheme == ConnectionSecurityScheme.OAUTH2 and is_local_dev():
-        logger.error("Use of OAuth connections unsupported for local development at this time.")
-        sys.exit(1)
-
     add_configuration(config)
 
 def set_credentials_connection(
@@ -484,11 +483,12 @@ def set_credentials_connection(
 
     sso_enabled = config.sso
     conn_type = get_connection_type(security_scheme=config.security_scheme, auth_type=config.auth_type)
+    use_app_credentials = conn_type in OAUTH_CONNECTION_TYPES
 
     _validate_connection_params(type=conn_type, **kwargs)
     credentials = _get_credentials(type=conn_type, **kwargs)
 
-    add_credentials(app_id=app_id, environment=environment, use_sso=sso_enabled, credentials=credentials)
+    add_credentials(app_id=app_id, environment=environment, use_app_credentials=use_app_credentials, credentials=credentials)
 
 def set_identity_provider_connection(
     app_id: str,

ibm_watsonx_orchestrate/cli/commands/environment/environment_controller.py

@@ -167,7 +167,7 @@ def activate(name: str, apikey: str=None, username: str=None, password: str=None
 
 def add(name: str, url: str, should_activate: bool=False, iam_url: str=None, type: EnvironmentAuthType=None, insecure: bool=None, verify: str=None) -> None:
     if name == PROTECTED_ENV_NAME:
-        logger.error(f"The name '{PROTECTED_ENV_NAME}' is a reserved environment name. Please select a diffrent name or use `orchestrate env activate {PROTECTED_ENV_NAME}` to swap to '{PROTECTED_ENV_NAME}'")
+        logger.error(f"The name '{PROTECTED_ENV_NAME}' is a reserved environment name. Please select a different name or use `orchestrate env activate {PROTECTED_ENV_NAME}` to swap to '{PROTECTED_ENV_NAME}'")
         return
 
     cfg = Config()