lkr-dev-cli 0.0.0__py3-none-any.whl

lkr/auth/main.py

@@ -0,0 +1,217 @@
+import urllib.parse
+from typing import Annotated, List, Union, cast
+
+import typer
+from looker_sdk.rtl.auth_token import AccessToken, AuthToken
+from pick import Option, pick
+from pydash import get
+from rich.console import Console
+from rich.table import Table
+
+from lkr.auth.oauth import OAuth2PKCE
+from lkr.auth_service import get_auth
+from lkr.logging import logger
+
+__all__ = ["group"]
+
+group = typer.Typer(name="auth", help="Authentication commands for LookML Repository")
+
+@group.callback()
+def callback(ctx: typer.Context):
+    if ctx.invoked_subcommand == "whoami":
+        return
+    if ctx.obj['ctx_lkr'].use_sdk == "api_key":
+        logger.error("API key authentication is not supported for auth commands")
+        raise typer.Exit(1)
+
+@group.command()
+def login(ctx: typer.Context):
+    """
+    Login to Looker instance using OAuth2 PKCE flow
+    """
+
+    base_url = typer.prompt("Enter your Looker instance base URL")
+    if not base_url.startswith("http"):
+        base_url = f"https://{base_url}"
+    # Parse the URL and reconstruct it to get the origin (scheme://hostname[:port])
+    parsed_url = urllib.parse.urlparse(base_url)
+    origin = urllib.parse.urlunparse(
+        (parsed_url.scheme, parsed_url.netloc, "", "", "", "")
+    )
+    instance_name = typer.prompt(
+        "Enter a name for this Looker instance", default=parsed_url.netloc
+    )
+    auth = get_auth(ctx)
+    def add_auth(token: Union[AuthToken, AccessToken]):
+        auth.add_auth(instance_name, origin, token)
+    # Initialize OAuth2 PKCE flow
+    oauth = OAuth2PKCE(new_token_callback=add_auth)
+
+    # Open browser for authentication and wait for callback
+    logger.info(f"Opening browser for authentication at {origin + '/auth'}...")
+
+    login_response = oauth.initiate_login(origin)
+    if login_response["auth_code"]:
+        logger.info("Successfully received authorization code!")
+        try:
+            # Store the auth code in the OAuth instance
+            oauth.auth_code = login_response["auth_code"]
+            # Exchange the code for tokens
+            token = oauth.exchange_code_for_token()
+            if token:
+                logger.info("Successfully authenticated!")
+            else:
+                logger.error("Failed to exchange authorization code for tokens")
+                raise typer.Exit(1)
+        except Exception as e:
+            logger.error(f"Failed to exchange authorization code for tokens: {str(e)}")
+            raise typer.Exit(1)
+    else:
+        logger.error("Failed to receive authorization code")
+        raise typer.Exit(1)
+
+
+@group.command()
+def logout(
+    ctx: typer.Context,
+    instance_name: Annotated[
+        str | None,
+        typer.Option(
+            help="Name of the Looker instance to logout from. If not provided, logs out from all instances."
+        ),
+    ] = None,
+    all: Annotated[
+        bool,
+        typer.Option(
+            "--all", help="Logout from all instances"
+        ),
+    ] = False,
+):
+    """
+    Logout and clear saved credentials
+    """
+    auth = get_auth(ctx)
+    if instance_name:
+        message = f"Are you sure you want to logout from instance '{instance_name}'?"
+    elif all:
+        message = "Are you sure you want to logout from all instances?"
+    else:
+        instance_name = auth.get_current_instance()
+        if not instance_name:
+            logger.error("No instance currently authenticated")
+            raise typer.Exit(1)
+        message = f"Are you sure you want to logout from instance '{instance_name}'?"
+
+    if not typer.confirm(message, default=False):
+        logger.info("Logout cancelled")
+        raise typer.Exit()
+
+    if instance_name:   
+        logger.info(f"Logging out from instance: {instance_name}")
+        auth.delete_auth(instance_name=instance_name)
+    else:
+        logger.info("Logging out from all instances...")
+        all_instances = auth.list_auth()
+        for instance in all_instances:
+            auth.delete_auth(instance_name=instance[0])
+    logger.info("Logged out successfully!")
+
+
+@group.command()
+def whoami(ctx: typer.Context):
+    """
+    Check current authentication
+    """
+    auth = get_auth(ctx)
+    sdk = auth.get_current_sdk(prompt_refresh_invalid_token=True)
+    if not sdk:
+        logger.error(
+            "Not currently authenticated - use `lkr auth login` or `lkr auth switch` to authenticate"
+        )
+        raise typer.Exit(1)
+    user = sdk.me()
+    logger.info(
+        f"Currently authenticated as {user.first_name} {user.last_name} ({user.email}) to {sdk.auth.settings.base_url}"
+    )
+
+
+@group.command()
+def switch(
+    ctx: typer.Context,
+    instance_name: Annotated[
+        str | None,
+        typer.Option(
+            "-I", "--instance-name", help="Name of the Looker instance to switch to"
+        ),
+    ] = None,
+):
+    """
+    Switch to a different authenticated Looker instance
+    """
+    auth = get_auth(ctx)
+    all_instances = auth.list_auth()
+    if not all_instances:
+        logger.error("No authenticated instances found")
+        raise typer.Exit(1)
+    
+    if instance_name:
+        # If instance name provided, verify it exists
+        instance_names = [name for name, url, current in all_instances]
+        if instance_name not in instance_names:
+            logger.error(f"Instance '{instance_name}' not found")
+            raise typer.Exit(1)
+    else:
+        # If no instance name provided, show selection menu
+        current_index = 0
+        instance_names = []
+        options: List[Option] = []
+        max_name_length = 0
+        for index, (name, _, current) in enumerate(all_instances):
+            if current:
+                current_index = index
+            max_name_length = max(max_name_length, len(name))
+            instance_names.append(name)
+        options = [
+            Option(label=f"{name:{max_name_length}} ({url})", value=name)
+            for name, url, _ in all_instances
+        ]
+
+        picked = pick(
+            options,
+            "Select instance to switch to",
+            min_selection_count=1,
+            default_index=current_index,
+            clear_screen=False,
+        )[0]
+        instance_name = cast(str, get(picked, "value"))
+    # Switch to selected instance
+    auth.set_current_instance(instance_name)
+    sdk = auth.get_current_sdk()
+    if not sdk:
+        logger.error("No looker instance currently authenticated")
+        raise typer.Exit(1)
+    user = sdk.me()
+    logger.info(
+        f"Successfully switched to {instance_name} ({sdk.auth.settings.base_url}) as {user.first_name} {user.last_name} ({user.email})"
+    )
+
+
+@group.command()
+def list(ctx: typer.Context):
+    """
+    List all authenticated Looker instances
+    """
+    console = Console()
+    auth = get_auth(ctx)
+    all_instances = auth.list_auth()
+    if not all_instances:
+        logger.error("No authenticated instances found")
+        raise typer.Exit(1)
+    table = Table(" ", "Instance", "URL")
+    for instance in all_instances:
+        table.add_row("*" if instance[2] else " ", instance[0], instance[1])
+    console.print(table)
+
+
+if __name__ == "__main__":
+    group()

lkr/auth/oauth.py

@@ -0,0 +1,145 @@
+import http.server
+import os
+import secrets
+import socket
+import socketserver
+import threading
+import urllib.parse
+import webbrowser
+from typing import Optional, TypedDict
+from urllib.parse import parse_qs
+
+from lkr.types import NewTokenCallback
+
+
+def kill_process_on_port(port: int) -> None:
+    """Kill any process currently using the specified port."""
+    try:
+        # Try to create a socket binding to check if port is in use
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.bind(('localhost', port))
+        sock.close()
+        return  # Port is free, no need to kill anything
+    except socket.error:
+        # Port is in use, try to kill the process
+        if os.name == 'posix':  # macOS/Linux
+            os.system(f'lsof -ti tcp:{port} | xargs kill -9 2>/dev/null')
+        elif os.name == 'nt':  # Windows
+            os.system(f'for /f "tokens=5" %a in (\'netstat -aon ^| find ":{port}"\') do taskkill /F /PID %a 2>nul')
+
+
+class OAuthCallbackHandler(http.server.BaseHTTPRequestHandler):
+    def do_GET(self):
+        """Handle the callback from OAuth authorization"""
+        self.send_response(200)
+        self.send_header('Content-type', 'text/html')
+        self.end_headers()
+        
+        # Parse the authorization code from query parameters
+        query_components = parse_qs(urllib.parse.urlparse(self.path).query)
+        
+        # Store the code in the server instance
+        if 'code' in query_components:
+            self.auth_code = query_components['code'][0]
+        
+        # Display a success message to the user
+        self.wfile.write(b"Authentication successful! You can close this window.")
+        
+        # Shutdown the server
+        threading.Thread(target=self.server.shutdown).start()
+
+    def log_message(self, format, *args):
+        """Suppress logging of requests"""
+        pass
+
+class OAuthCallbackServer(socketserver.TCPServer):
+    def __init__(self, server_address):
+        super().__init__(server_address, OAuthCallbackHandler)
+        self.auth_code: Optional[str] = None
+
+class LoginResponse(TypedDict):
+    auth_code: Optional[str]
+    code_verifier: Optional[str]
+
+class OAuth2PKCE:
+    def __init__(self, new_token_callback: NewTokenCallback):
+        from lkr.auth_service import DbOAuthSession
+        self.auth_code: Optional[str] = None
+        self.state = secrets.token_urlsafe(16)
+        self.new_token_callback: NewTokenCallback = new_token_callback
+        self.auth_session: DbOAuthSession | None = None
+        self.server_thread: threading.Thread | None = None
+        self.server: OAuthCallbackServer | None = None
+        self.port: int = 8000
+        
+    def cleanup(self):
+        """Clean up the server and its thread."""
+        if self.server:
+            self.server.shutdown()
+            self.server.server_close()
+            self.server = None
+        if self.server_thread:
+            self.server_thread.join(timeout=1.0)
+            self.server_thread = None
+
+    def initiate_login(self, base_url: str) -> LoginResponse:
+        """
+        Initiates the OAuth2 PKCE login flow by opening the browser with the authorization URL
+        and starting a local server to catch the callback.
+        
+        Returns:
+            Optional[str]: The authorization code if successful, None otherwise
+        """
+        from lkr.auth_service import get_auth_session
+        
+        # Kill any process using port 8000
+        kill_process_on_port(self.port)
+        
+        # Start the local server
+        self.server = OAuthCallbackServer(('localhost', self.port))
+        
+        # Start the server in a separate thread
+        self.server_thread = threading.Thread(target=self.server.serve_forever)
+        self.server_thread.daemon = True
+        self.server_thread.start()
+        
+        # Construct and open the OAuth URL
+        self.auth_session = get_auth_session(base_url, self.new_token_callback)
+        oauth_url = self.auth_session.create_auth_code_request_url('cors_api', self.state)
+        
+        webbrowser.open(oauth_url)
+        
+        # Wait for the callback
+        self.server_thread.join()
+        
+        
+        # Get the authorization code
+        return LoginResponse(auth_code=self.server.auth_code, code_verifier=self.auth_session.code_verifier)
+
+    def exchange_code_for_token(self):
+        """
+        Exchange the authorization code for access and refresh tokens.
+        
+        Args:
+            base_url: The base URL of the Looker instance
+            client_id: The OAuth client ID
+            
+        Returns:
+            Dict containing access_token, refresh_token, token_type, and expires_in
+        """
+        if not self.auth_code:
+            raise ValueError("No authorization code available. Must call initiate_login first.")
+        if not self.auth_session:
+            raise ValueError("No auth session available. Must call initiate_login first.")
+        self.auth_session.redeem_auth_code(self.auth_code, self.auth_session.code_verifier)
+        self.cleanup()
+        return self.auth_session.token
+
+    def __del__(self):
+        self.cleanup()
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        self.cleanup()

lkr/auth_service.py

@@ -0,0 +1,382 @@
+import os
+import sqlite3
+from datetime import datetime, timedelta, timezone
+from typing import List, Self, Tuple, Union
+
+import typer
+from looker_sdk.rtl import serialize
+from looker_sdk.rtl.api_settings import ApiSettings, SettingsConfig
+from looker_sdk.rtl.auth_session import AuthSession, CryptoHash, OAuthSession
+from looker_sdk.rtl.auth_token import AccessToken, AuthToken
+from looker_sdk.rtl.requests_transport import RequestsTransport
+from looker_sdk.sdk.api40.methods import Looker40SDK
+from pydantic import BaseModel, Field, computed_field
+from pydash import get
+
+from lkr.classes import LkrCtxObj, LookerApiKey
+from lkr.constants import LOOKER_API_VERSION, OAUTH_CLIENT_ID, OAUTH_REDIRECT_URI
+from lkr.logging import logger
+from lkr.types import NewTokenCallback
+
+__all__ = ["get_auth"]
+
+def get_auth(ctx: typer.Context) -> Union["SqlLiteAuth", "ApiKeyAuth"]:
+    lkr_ctx = get(ctx, ["obj", "ctx_lkr"])
+    if not lkr_ctx:
+        logger.error("No Looker context found")
+        raise typer.Exit(1)
+    elif lkr_ctx.use_sdk == "api_key":
+        logger.info("Using API key authentication")
+        return ApiKeyAuth(lkr_ctx.api_key)
+    else:
+        return SqlLiteAuth(lkr_ctx)
+
+
+class ApiKeyApiSettings(ApiSettings):
+    def __init__(self, api_key: LookerApiKey):
+        self.api_key = api_key
+        super().__init__()
+
+    def read_config(self) -> SettingsConfig:
+        return SettingsConfig(
+            base_url=self.api_key.base_url,
+            client_id=self.api_key.client_id,
+            client_secret=self.api_key.client_secret,
+        )
+
+class OAuthApiSettings(ApiSettings):
+    def __init__(self, base_url: str):
+        self.base_url = base_url
+        super().__init__()
+
+    def read_config(self) -> SettingsConfig:
+        return SettingsConfig(
+            base_url=self.base_url,
+            looker_url=self.base_url,
+            client_id=OAUTH_CLIENT_ID,
+            client_secret="",  # PKCE doesn't need client secret
+            redirect_uri=OAUTH_REDIRECT_URI
+        )
+
+class DbOAuthSession(OAuthSession):
+    def __init__(self, *args, new_token_callback: NewTokenCallback, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.new_token_callback = new_token_callback
+
+    def _login(self, *args, **kwargs):
+        super()._login(*args, **kwargs)
+        self.new_token_callback(self.token)
+
+    def redeem_auth_code(self, *args, **kwargs):
+        super().redeem_auth_code(*args, **kwargs)
+        self.new_token_callback(self.token)
+
+
+def get_auth_session(
+    base_url: str,
+    new_token_callback: NewTokenCallback,
+    *,
+    access_token: AccessToken | None = None,
+) -> DbOAuthSession:
+    settings = OAuthApiSettings(base_url)
+    transport = RequestsTransport.configure(settings)
+    auth = DbOAuthSession(
+        settings=settings,
+        transport=transport,
+        deserialize=serialize.deserialize40,
+        serialize=serialize.serialize40,
+        crypto=CryptoHash(),
+        version=LOOKER_API_VERSION,
+        new_token_callback=new_token_callback,
+    )
+    if access_token:
+        auth.token.set_token(access_token)
+    return auth
+
+def init_api_key_sdk(api_key: LookerApiKey) -> Looker40SDK:
+    from looker_sdk.rtl import serialize
+    settings = ApiKeyApiSettings(api_key)
+    settings.is_configured()
+    transport = RequestsTransport.configure(settings)
+    return Looker40SDK(
+        auth = AuthSession(settings, transport, serialize.deserialize40, LOOKER_API_VERSION), # type: ignore
+        deserialize = serialize.deserialize40, # type: ignore
+        serialize = serialize.serialize40, # type: ignore
+        transport = transport,
+        api_version = LOOKER_API_VERSION,
+    )
+
+
+def init_oauth_sdk(
+    base_url: str,
+    new_token_callback: NewTokenCallback,
+    *,
+    access_token: AccessToken | None = None,
+) -> Looker40SDK:
+    """Default dependency configuration"""
+    settings = OAuthApiSettings(base_url)
+    settings.is_configured()
+    transport = RequestsTransport.configure(settings)
+    auth = get_auth_session(base_url, new_token_callback, access_token=access_token)
+
+    return Looker40SDK(
+        auth=auth,
+        deserialize=serialize.deserialize40, # type: ignore
+        serialize=serialize.serialize40, # type: ignore
+        transport=transport,
+        api_version=LOOKER_API_VERSION,
+    )
+
+
+class CurrentAuth(BaseModel):
+    instance_name: str
+    access_token: str
+    refresh_token: str
+    refresh_expires_at: str = Field(default_factory=lambda: (datetime.now(timezone.utc) + timedelta(days=30)).isoformat())
+    token_type: str
+    expires_in: int
+    base_url: str
+    from_db: bool = False
+
+    @property
+    def valid_refresh_token(self) -> bool:
+        if not self.refresh_expires_at:
+            return False
+        return datetime.fromisoformat(self.refresh_expires_at).replace(tzinfo=timezone.utc) > (datetime.now(timezone.utc) + timedelta(hours=24))
+
+    @computed_field
+    @property
+    def expires_at(self) -> str:
+        return (datetime.now() + timedelta(seconds=self.expires_in)).isoformat()
+    
+    def __add__(self, other: Union[AccessToken, AuthToken]) -> Self:
+        self.access_token = other.access_token or ""
+        self.refresh_token = other.refresh_token or ""
+        self.token_type = other.token_type or ""    
+        self.expires_in = other.expires_in or 0
+        self.refresh_expires_at = (datetime.now(timezone.utc) + timedelta(days=30)).isoformat()
+        return self
+
+    @classmethod
+    def from_access_token(
+        cls, *, access_token: Union[AccessToken, AuthToken], instance_name: str, base_url: str
+    ) -> "CurrentAuth":
+        return cls(
+            instance_name=instance_name,
+            access_token=access_token.access_token or "",
+            refresh_token=access_token.refresh_token or "",
+            token_type=access_token.token_type or "",
+            expires_in=access_token.expires_in or 0,
+            base_url=base_url,
+            from_db=False,
+        )
+
+    @classmethod
+    def from_db_row(cls, row: sqlite3.Row) -> "CurrentAuth":
+        expires_in = int(
+            (datetime.fromisoformat(row["expires_at"]) - datetime.now()).total_seconds()
+        )
+        return cls(
+            instance_name=row["instance_name"],
+            access_token=row["access_token"],
+            refresh_token=row["refresh_token"],
+            token_type=row["token_type"],
+            expires_in=max(1, expires_in),
+            refresh_expires_at=row["refresh_expires_at"],
+            base_url=row["base_url"],
+            from_db=True,
+        )
+
+    def to_access_token(self) -> AccessToken:
+        return AccessToken(
+            access_token=self.access_token,
+            refresh_token=self.refresh_token,
+            token_type=self.token_type,
+            expires_in=self.expires_in,
+        )
+
+    def update_refresh_expires_at(self, connection: sqlite3.Connection, commit: bool = True):
+        connection.execute(
+            "UPDATE auth SET refresh_expires_at = ? WHERE instance_name = ?",
+            (self.refresh_expires_at, self.instance_name),
+        )
+        if commit:
+            connection.commit()
+
+    def set_token(
+        self, connection: sqlite3.Connection, *, new_token: Union[AccessToken, AuthToken] | None = None, commit: bool = True
+    ):
+        expires_at = (
+            datetime.now() + timedelta(seconds=(new_token.expires_in or 0) if new_token else 0)
+        ).isoformat()
+        refresh_expires_at = (
+            datetime.fromisoformat(expires_at) + timedelta(days=30)
+        ).isoformat()
+        if self.from_db and new_token:
+            connection.execute(
+                "UPDATE auth SET access_token = ?, token_type = ?, expires_at = ? WHERE current_instance = 1",
+                (
+                    new_token.access_token,
+                    new_token.token_type,
+                    expires_at,
+                ),
+            )
+        else:
+            connection.execute(
+                "INSERT INTO auth (instance_name, access_token, refresh_token, refresh_expires_at, token_type, expires_at, current_instance, base_url) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
+                (
+                    self.instance_name,
+                    self.access_token,
+                    self.refresh_token,
+                    refresh_expires_at,
+                    self.token_type,
+                    expires_at,
+                    1,
+                    self.base_url,
+                ),
+            )
+        if commit:
+            connection.commit()
+
+
+
+class SqlLiteAuth:
+    def __init__(self, ctx: LkrCtxObj, db_path: str = "~/.lkr/auth.db"):
+        self.db_path = os.path.expanduser(db_path)
+        # Ensure the directory exists
+        db_dir = os.path.dirname(self.db_path)
+        os.makedirs(db_dir, exist_ok=True)
+        self.conn = sqlite3.connect(self.db_path)
+        self.conn.row_factory = sqlite3.Row
+        self.conn.execute(
+            "CREATE TABLE IF NOT EXISTS auth (id INTEGER PRIMARY KEY AUTOINCREMENT, instance_name TEXT, access_token TEXT, refresh_token TEXT, refresh_expires_at TEXT, token_type TEXT, expires_at TEXT, current_instance BOOLEAN, base_url TEXT)"
+        )
+        self.conn.execute(
+            "CREATE UNIQUE INDEX IF NOT EXISTS idx_auth_instance_name ON auth(instance_name)"
+        )
+        self.conn.commit()
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        pass
+
+    def add_auth(self, instance_name: str, base_url: str, access_token: Union[AuthToken, AccessToken]):
+        self.conn.execute("UPDATE auth SET current_instance = 0")
+        CurrentAuth.from_access_token(
+            access_token=access_token, instance_name=instance_name, base_url=base_url
+        ).set_token(self.conn, commit=False, new_token=access_token)
+        self.conn.commit()
+
+    def set_current_instance(self, instance_name: str):
+        self.conn.execute(
+            "UPDATE auth SET current_instance = CASE WHEN instance_name = ? THEN 1 ELSE 0 END",
+            (instance_name,),
+        )
+        self.conn.commit()
+
+    def _get_current_auth(self) -> CurrentAuth | None:
+        cursor = self.conn.execute(
+            "SELECT instance_name, access_token, refresh_token, refresh_expires_at, token_type, expires_at, base_url FROM auth WHERE current_instance = 1"
+        )
+        row = cursor.fetchone()
+        if row:
+            return CurrentAuth.from_db_row(row)
+        return None
+
+    def get_current_instance(self) -> str | None:
+        current_auth = self._get_current_auth()
+        if current_auth:
+            return current_auth.instance_name
+        return None
+    
+    def get_current_sdk(self, prompt_refresh_invalid_token: bool = False) -> Looker40SDK | None:
+        current_auth = self._get_current_auth()
+        if current_auth:
+            if not current_auth.valid_refresh_token:
+                from lkr.exceptions import InvalidRefreshTokenError
+                if prompt_refresh_invalid_token:
+                    self._cli_confirm_refresh_token(current_auth)
+                else:
+                    raise InvalidRefreshTokenError(current_auth.instance_name)
+            def refresh_current_token(token: Union[AccessToken, AuthToken]):
+                current_auth.set_token(self.conn, new_token=token, commit=True)
+            return init_oauth_sdk(
+                current_auth.base_url, 
+                new_token_callback=refresh_current_token,
+                access_token=current_auth.to_access_token()
+            )
+        return None
+
+    def delete_auth(self, instance_name: str):
+        self.conn.execute("DELETE FROM auth WHERE instance_name = ?", (instance_name,))
+        self.conn.commit()
+
+    def list_auth(self) -> List[Tuple[str, str, bool]]:
+        cursor = self.conn.execute(
+            "SELECT instance_name, base_url, current_instance FROM auth ORDER BY instance_name ASC"
+        )
+        rows = cursor.fetchall()
+        return [
+            (row["instance_name"], row["base_url"], row["current_instance"])
+            for row in rows
+        ]
+    
+    def _cli_confirm_refresh_token(self, current_auth: CurrentAuth):
+        from typer import confirm
+
+        from lkr.auth.oauth import OAuth2PKCE
+        from lkr.exceptions import InvalidRefreshTokenError
+        if confirm(f"Press enter to refresh the token for {current_auth.instance_name}", default=True):
+            def add_auth(token: Union[AccessToken, AuthToken]):
+                current_auth + token
+                current_auth.update_refresh_expires_at(self.conn, commit=False)
+                current_auth.set_token(self.conn, commit=True, new_token=token)
+            # Initialize OAuth2 PKCE flow
+            oauth = OAuth2PKCE(new_token_callback=add_auth)
+            login_response = oauth.initiate_login(current_auth.base_url)
+            oauth.auth_code = login_response["auth_code"]
+            token = oauth.exchange_code_for_token()
+            if not token:
+                raise InvalidRefreshTokenError(current_auth.instance_name)
+            else:
+                from lkr.logging import logger
+                logger.info(f"Successfully refreshed token for {current_auth.instance_name}")
+                return self.get_current_sdk(prompt_refresh_invalid_token=False)
+
+
+
+class ApiKeyAuth:
+    def __init__(self, api_key: LookerApiKey):
+        self.api_key = api_key
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        pass
+
+    def add_auth(self, instance_name: str, base_url: str, access_token: Union[AuthToken, AccessToken]):
+        raise NotImplementedError("ApiKeyAuth does not support adding auth")
+
+    def delete_auth(self, instance_name: str):
+        raise NotImplementedError("ApiKeyAuth does not support deleting auth")
+    
+    def list_auth(self) -> List[Tuple[str, str, bool]]:
+        raise NotImplementedError("ApiKeyAuth does not support listing auth")
+    
+    def set_current_instance(self, instance_name: str):
+        raise NotImplementedError("ApiKeyAuth does not support setting current instance")
+
+    def _get_current_auth(self) -> CurrentAuth | None:
+        raise NotImplementedError("ApiKeyAuth does not support getting current auth")
+    
+    def _cli_confirm_refresh_token(self, current_auth: CurrentAuth):
+        raise NotImplementedError("ApiKeyAuth does not support confirming refresh token")
+    
+    def get_current_sdk(self, **kwargs) -> Looker40SDK:
+        return init_api_key_sdk(self.api_key)
+    
+    def get_current_instance(self) -> str | None:
+        raise NotImplementedError("ApiKeyAuth does not support getting current instance")

lkr/classes.py

@@ -0,0 +1,48 @@
+import os
+from enum import Enum
+from typing import Literal
+
+from pydantic import BaseModel, Field
+
+
+class LogLevel(str, Enum):
+    DEBUG = "DEBUG"
+    INFO = "INFO"
+    WARNING = "WARNING"
+    ERROR = "ERROR"
+    CRITICAL = "CRITICAL"
+
+
+
+
+class LookerApiKey(BaseModel):
+    client_id: str = Field(..., min_length=1)
+    client_secret: str = Field(..., min_length=1)
+    base_url: str = Field(..., min_length=1)
+
+    @classmethod
+    def from_env(cls):
+        try:
+            return cls(
+                client_id=os.environ.get("LOOKERSDK_CLIENT_ID"), # type: ignore
+                client_secret=os.environ.get("LOOKERSDK_CLIENT_SECRET"), # type: ignore
+                base_url=os.environ.get("LOOKERSDK_BASE_URL"), # type: ignore
+            )
+        except Exception:
+            return None
+
+        
+class LkrCtxObj(BaseModel):
+    api_key: LookerApiKey | None
+    force_oauth: bool = False
+    
+    @property
+    def use_sdk(self) -> Literal["oauth", "api_key"]:
+        if self.force_oauth:
+            return "oauth"
+        return "api_key" if self.api_key else "oauth"
+    
+    def __init__(self, api_key: LookerApiKey | None = None, *args, **kwargs):
+        super().__init__(api_key=api_key, *args, **kwargs)
+        if not self.api_key:
+            self.api_key = LookerApiKey.from_env()

lkr/constants.py

@@ -0,0 +1,3 @@
+OAUTH_CLIENT_ID = "lkr-cli"
+OAUTH_REDIRECT_URI = "http://localhost:8000/callback"
+LOOKER_API_VERSION = "4.0"

lkr/embed/observability/utils.py

@@ -0,0 +1,104 @@
+import random
+import re
+from datetime import datetime, timezone
+from typing import Dict, List, Tuple
+
+from pydantic import BaseModel, Field
+from pydash import set_
+
+from lkr.logging import logger
+
+MAX_SESSION_LENGTH = 2592000
+
+PERMISSIONS = [
+    "access_data",
+    "see_user_dashboards",
+    "see_lookml_dashboards",
+    "see_looks",
+    "explore",
+]
+
+
+def get_user_id() -> str:
+    return "embed-" + str(random.randint(1000000000, 9999999999))
+
+
+def invalid_attribute_format(attr: str) -> bool:
+    logger.error(f"Invalid attribute: {attr}")
+    return False
+
+
+def check_random_int_format(val: str) -> Tuple[bool, str | None]:
+    if re.match(r"^random\.randint\(\d+,\d+\)$", val):
+        # check if #  random.randint(0, 1000000) 0 and 100000 are integers
+        numbers = re.findall(r"\d+", val.split("(")[1])
+        if len(numbers) == 2:
+            return True, str(
+                random.randint(
+                    int(numbers[0]),
+                    int(numbers[1]),
+                )
+            )
+        else:
+            return False, None
+    else:
+        return False, None
+
+
+def format_attributes(
+    attributes: List[str] = [], seperator: str = ":"
+) -> Dict[str, str]:
+    formatted_attributes: Dict[str, str] = {}
+    if attributes:
+        for attr in attributes:
+            valid = True
+            split_attr = [x.strip() for x in attr.split(seperator) if x.strip()]
+            if len(split_attr) == 2:
+                val = split_attr[1]
+                # regex to check if for string random.randint(0,1000000)
+                is_valid, val = check_random_int_format(val)
+                if is_valid:
+                    set_(split_attr, 1, val)
+                    set_(formatted_attributes, [split_attr[0]], split_attr[1])
+                else:
+                    valid = False
+            else:
+                valid = False
+            if valid:
+                formatted_attributes[split_attr[0]] = split_attr[1]
+            else:
+                invalid_attribute_format(attr)
+
+    return formatted_attributes
+
+
+def now():
+    return datetime.now(timezone.utc)
+
+def ms_diff(start: datetime):
+    return int((now() - start).total_seconds() * 1000)
+
+class LogEventResponse(BaseModel):
+    timestamp: datetime = Field(default_factory=now)
+    event_name: str
+    event_prefix: str
+
+    def make_previous(self):
+        return dict(
+            previous_event_name=self.event_name,
+            previous_event_timestamp=self.timestamp,
+            previous_event_duration_ms=ms_diff(self.timestamp),
+        )
+
+def log_event(event_name: str, prefix: str, **kwargs):
+    if "timestamp" not in kwargs:
+        kwargs["timestamp"] = now().isoformat()
+    logger.info(
+        f"{prefix}:{event_name}",
+        **kwargs
+    )
+    return LogEventResponse(
+        timestamp=datetime.fromisoformat(kwargs["timestamp"]), 
+        event_name=event_name, 
+        event_prefix=prefix
+    )

lkr/exceptions.py

@@ -0,0 +1,4 @@
+class InvalidRefreshTokenError(Exception):
+    def __init__(self, instance_name: str):
+        self.instance_name = instance_name
+        super().__init__(f"Invalid refresh token for instance {instance_name}")

lkr/logging.py

@@ -0,0 +1,59 @@
+import logging
+import os
+
+import structlog
+from rich.console import Console
+from rich.logging import RichHandler
+from rich.theme import Theme
+
+from lkr.types import LogLevel
+
+# Define a custom theme for our logging
+theme = Theme({
+    "logging.level.debug": "dim blue",
+    "logging.level.info": "bold green",
+    "logging.level.warning": "bold yellow",
+    "logging.level.error": "bold red",
+    "logging.level.critical": "bold white on red",
+})
+
+# Create a console for logging
+console = Console(theme=theme)
+
+# Configure the logging handler
+handler = RichHandler(
+    console=console,
+    show_time=True,
+    show_path=True,
+    markup=True,
+    rich_tracebacks=True,
+    tracebacks_show_locals=True,
+)
+
+# Get log level from environment variable, defaulting to INFO
+DEFAULT_LOG_LEVEL = "INFO"
+log_level = os.getenv("LOG_LEVEL", DEFAULT_LOG_LEVEL).upper()
+
+# Configure the root logger
+logging.basicConfig(
+    level=getattr(logging, log_level, logging.INFO),  # Fallback to INFO if invalid level
+    format="%(message)s",
+    datefmt="[%X]",
+    handlers=[handler],
+)
+
+# Create a logger for the application
+logger = logging.getLogger("lkr")
+structured_logger = structlog.get_logger("lkr.structured")
+
+# Configure the requests_transport logger to only show debug messages when LOG_LEVEL is DEBUG
+requests_logger = logging.getLogger("looker_sdk.rtl.requests_transport")
+if log_level != "DEBUG":
+    requests_logger.setLevel(logging.WARNING)
+
+def set_log_level(level: LogLevel):
+    """Set the logging level for the application."""
+    logger.setLevel(getattr(logging, level.value))
+    structured_logger.setLevel(getattr(logging, level.value))
+    # Update requests_transport logger level based on the new level
+    requests_logger.setLevel(logging.DEBUG if level == LogLevel.DEBUG else logging.WARNING) 

lkr/main.py

@@ -0,0 +1,51 @@
+import os
+from typing import Annotated
+
+import typer
+
+from lkr.auth.main import group as auth_group
+from lkr.classes import LkrCtxObj, LogLevel
+from lkr.logging import logger
+
+app = typer.Typer(
+    name="lkr", help="LookML Repository CLI", add_completion=True, no_args_is_help=True
+)
+
+app.add_typer(auth_group, name="auth")
+
+
+@app.callback()
+def callback(
+    ctx: typer.Context,
+    client_id: Annotated[str | None, typer.Option(envvar="LOOKERSDK_CLIENT_ID")] = None,
+    client_secret: Annotated[
+        str | None, typer.Option(envvar="LOOKERSDK_CLIENT_SECRET")
+    ] = None,
+    base_url: Annotated[str | None, typer.Option(envvar="LOOKERSDK_BASE_URL")] = None,
+    log_level: Annotated[LogLevel | None, typer.Option(envvar="LOG_LEVEL")] = None,
+    quiet: Annotated[bool, typer.Option("--quiet")] = False,
+    force_oauth: Annotated[bool, typer.Option("--force-oauth")] = False,
+):
+    if client_id:
+        os.environ["LOOKERSDK_CLIENT_ID"] = client_id
+        logger.debug("Set LOOKERSDK_CLIENT_ID from command line")
+    if client_secret:
+        os.environ["LOOKERSDK_CLIENT_SECRET"] = client_secret
+        logger.debug("Set LOOKERSDK_CLIENT_SECRET from command line")
+    if base_url:
+        os.environ["LOOKERSDK_BASE_URL"] = base_url
+        logger.debug("Set LOOKERSDK_BASE_URL from command line")
+    # Initialize ctx.obj as a dictionary if it's None
+    if ctx.obj is None:
+        ctx.obj = {}
+    ctx.obj["ctx_lkr"] = LkrCtxObj(force_oauth=force_oauth)
+    if log_level:
+        from lkr.logging import set_log_level
+        set_log_level(log_level)
+    if quiet:
+        from lkr.logging import set_log_level
+        set_log_level(LogLevel.ERROR)
+
+
+if __name__ == "__main__":
+    app()

lkr/types.py

@@ -0,0 +1,13 @@
+from enum import Enum
+from typing import Callable, Union
+
+from looker_sdk.rtl.auth_token import AccessToken, AuthToken
+
+NewTokenCallback = Callable[[Union[AuthToken, AccessToken]], None]
+
+class LogLevel(str, Enum):
+    DEBUG = "DEBUG"
+    INFO = "INFO"
+    WARNING = "WARNING"
+    ERROR = "ERROR"
+    CRITICAL = "CRITICAL"

lkr_dev_cli-0.0.0.dist-info/METADATA

@@ -0,0 +1,19 @@
+Metadata-Version: 2.4
+Name: lkr-dev-cli
+Version: 0.0.0
+Summary: lkr: a command line interface for looker
+Author: bwebs
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.12
+Requires-Dist: cryptography>=42.0.0
+Requires-Dist: looker-sdk>=25.4.0
+Requires-Dist: pick>=2.4.0
+Requires-Dist: pydantic>=2.11.4
+Requires-Dist: pydash>=8.0.5
+Requires-Dist: requests>=2.31.0
+Requires-Dist: structlog>=25.3.0
+Requires-Dist: typer>=0.15.2
+Description-Content-Type: text/markdown
+
+# lkr cli

lkr_dev_cli-0.0.0.dist-info/RECORD

@@ -0,0 +1,18 @@
+lkr/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+lkr/auth_service.py,sha256=O8a0ZqNHnQNEZAbXXTQdbYx9V9hv_VVqvZCCC-s2EOs,14623
+lkr/classes.py,sha256=Exz4jIA3GIfsebXrakDqrWJzFgpDcO6HBenMitkrj6g,1305
+lkr/constants.py,sha256=DdCfsV6q8wgs2iHpIQeb6oDP_2XejusEHyPvCbaM3yY,108
+lkr/exceptions.py,sha256=M_aR4YaCZtY4wyxhcoqJCVkxVu9z3Wwo5KgSDyOoEnI,210
+lkr/logging.py,sha256=cuqIiYUVTAknWLjcu7eiu8Ji7Pl6o7nWLLUJeoKFtMs,1804
+lkr/main.py,sha256=hVUEk2Acn2iD46dR6kDUADbhMH3wDFVyH-vyw6t0hpA,1708
+lkr/types.py,sha256=feJ-W2U61PJTiotMLuZJqxrotA53er95kO1O30mooy4,323
+lkr/utils.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+lkr/auth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+lkr/auth/main.py,sha256=qKC7qnzFR_yYcplA9oWksrhTpNnktg4mP_glS7YBFsU,7103
+lkr/auth/oauth.py,sha256=S57mJdp66Q-MXvT8K1_mzhw6xu0kJZ3gR11mDrNdjRI,5261
+lkr/embed/observability/utils.py,sha256=Hv3g60cI03cQwyEe8QV7bUMssE6pyrZKnDyl9rxm5b8,2915
+lkr_dev_cli-0.0.0.dist-info/METADATA,sha256=BTAYb6jwCAfxGleSZxKQCUBFtUvVgelyGP_CV4eezAA,491
+lkr_dev_cli-0.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+lkr_dev_cli-0.0.0.dist-info/entry_points.txt,sha256=nn2sFMGDpwUVE61ZUpbDPnQZkW7Gc08nV-tyLGo8q34,37
+lkr_dev_cli-0.0.0.dist-info/licenses/LICENSE,sha256=hKnCOORW1JRE_M2vStz8dblS5u1iR-2VpqS9xagKNa0,1063
+lkr_dev_cli-0.0.0.dist-info/RECORD,,

lkr_dev_cli-0.0.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

lkr_dev_cli-0.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+lkr = lkr.main:app

lkr_dev_cli-0.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 lkrdev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.