lkr-dev-cli 0.0.29__py3-none-any.whl → 0.0.31__py3-none-any.whl

lkr/main.py

@@ -12,7 +12,10 @@ from lkr.observability.main import group as observability_group
 from lkr.tools.main import group as tools_group
 
 app = typer.Typer(
-    name="lkr", help="LookML Repository CLI", add_completion=True, no_args_is_help=True
+    name="lkr",
+    help="A CLI for Looker with helpful tools",
+    add_completion=True,
+    no_args_is_help=True,
 )
 
 app.add_typer(auth_group, name="auth")

lkr/tools/classes.py

@@ -1,6 +1,5 @@
 from typing import Literal, Optional, Self, cast
 
-from fastapi import Request
 from looker_sdk.sdk.api40.methods import Looker40SDK
 from looker_sdk.sdk.api40.models import (
     UserAttributeGroupValue,
@@ -46,10 +45,12 @@ class UserAttributeUpdater(BaseModel):
                 )
         return self
 
-    def get_request_authorization_for_value(self, request: Request):
-        authorization_token = request.headers.get("Authorization")
+    def get_request_authorization_for_value(self, headers: list[tuple[str, str]]):
+        authorization_token = next(
+            (header for header in headers if header[0] == "Authorization"), None
+        )
         if authorization_token:
-            self.value = authorization_token
+            self.value = authorization_token[1]
         else:
             logger.error("No authorization token found")
 
@@ -68,6 +69,17 @@ class UserAttributeUpdater(BaseModel):
             return None
         return init_api_key_sdk(api_key, True)
 
+    def _get_looker_user_id(self, sdk: Looker40SDK) -> str | None:
+        if self.looker_user_id:
+            return self.looker_user_id
+        elif self.email:
+            user = sdk.user_for_credential("email", self.email)
+            return user.id if user else None
+        elif self.external_user_id:
+            user = sdk.user_for_credential("embed", self.external_user_id)
+            return user.id if user else None
+        return None
+
     def _get_group_id(self, sdk: Looker40SDK) -> str | None:
         if self.group_id:
             return self.group_id
@@ -107,25 +119,24 @@ class UserAttributeUpdater(BaseModel):
             else:
                 raise ValueError("Group not found")
         elif self.update_type == "default":
-            sdk.delete_user_attribute(user_attribute_id)
+            user_attribute = sdk.user_attribute(user_attribute_id, "name,label,type")
+            sdk.update_user_attribute(
+                user_attribute_id,
+                WriteUserAttribute(
+                    default_value=None,
+                    name=user_attribute.name,
+                    label=user_attribute.label,
+                    type=user_attribute.type,
+                ),
+            )
         elif self.update_type == "user":
-            if self.looker_user_id:
-                sdk.delete_user_attribute_user_value(
-                    user_id=self.looker_user_id,
-                    user_attribute_id=user_attribute_id,
-                )
-            elif self.external_user_id:
-                sdk.delete_user_attribute_user_value(
-                    user_id=self.external_user_id,
-                    user_attribute_id=user_attribute_id,
-                )
-            elif self.email:
-                sdk.delete_user_attribute_user_value(
-                    user_id=self.email,
-                    user_attribute_id=user_attribute_id,
-                )
-            else:
+            looker_user_id = self._get_looker_user_id(sdk)
+            if not looker_user_id:
                 raise ValueError("User not found")
+            sdk.delete_user_attribute_user_value(
+                user_id=looker_user_id,
+                user_attribute_id=user_attribute_id,
+            )
 
     def update_user_attribute_value(self):
         if not self.value:
@@ -170,35 +181,16 @@ class UserAttributeUpdater(BaseModel):
                 ),
             )
         elif self.update_type == "user":
-
-            def set_user_attribute_user_value(user_id: str):
-                sdk.set_user_attribute_user_value(
-                    user_id=user_id,
-                    user_attribute_id=user_attribute_id,
-                    body=WriteUserAttributeWithValue(
-                        value=self.value,
-                    ),
-                )
-
-            if self.looker_user_id:
-                set_user_attribute_user_value(self.looker_user_id)
-
-            elif self.external_user_id:
-                user = sdk.user_for_credential("embed", self.external_user_id)
-                if not (user and user.id):
-                    raise ValueError("User not found")
-                set_user_attribute_user_value(user.id)
-
-            elif self.email:
-                user = sdk.user_for_credential("email", self.email)
-                if not (user and user.id):
-                    raise ValueError("User not found")
-                set_user_attribute_user_value(user.id)
-
-            else:
+            looker_user_id = self._get_looker_user_id(sdk)
+            if not looker_user_id:
                 raise ValueError("User not found")
-        else:
-            raise ValueError("Invalid update_type")
+            sdk.set_user_attribute_user_value(
+                user_id=looker_user_id,
+                user_attribute_id=user_attribute_id,
+                body=WriteUserAttributeWithValue(
+                    value=self.value,
+                ),
+            )
 
 
 class AttributeUpdaterResponse(BaseModel):

lkr/tools/main.py

@@ -14,16 +14,15 @@ group = typer.Typer()
 
 @group.command()
 def user_attribute_updater(
-    ctx: typer.Context,
     host: str = typer.Option(default="127.0.0.1", envvar="HOST"),
-    port: int = typer.Option(default=8080, envvar="x`"),
+    port: int = typer.Option(default=8080, envvar="PORT"),
 ):
     api = FastAPI()
 
     @api.post("/identity_token")
     def identity_token(request: Request, body: UserAttributeUpdater):
         try:
-            body.get_request_authorization_for_value(request)
+            body.get_request_authorization_for_value(request.headers.items())
             body.update_user_attribute_value()
             raw_urls = os.getenv("LOOKER_WHITELISTED_BASE_URLS", "")
             whitelisted_base_urls = (

{lkr_dev_cli-0.0.29.dist-info → lkr_dev_cli-0.0.31.dist-info}/METADATA

@@ -1,23 +1,32 @@
 Metadata-Version: 2.4
 Name: lkr-dev-cli
-Version: 0.0.29
+Version: 0.0.31
 Summary: lkr: a command line interface for looker
 Author: bwebs
 License-Expression: MIT
 License-File: LICENSE
 Requires-Python: >=3.12
 Requires-Dist: cryptography>=42.0.0
-Requires-Dist: duckdb>=1.2.2
-Requires-Dist: fastapi>=0.115.12
 Requires-Dist: looker-sdk>=25.4.0
-Requires-Dist: mcp[cli]>=1.9.2
 Requires-Dist: pydantic>=2.11.4
 Requires-Dist: pydash>=8.0.5
 Requires-Dist: questionary>=2.1.0
 Requires-Dist: requests>=2.31.0
-Requires-Dist: selenium>=4.32.0
 Requires-Dist: structlog>=25.3.0
 Requires-Dist: typer>=0.15.2
+Provides-Extra: all
+Requires-Dist: duckdb>=1.2.2; extra == 'all'
+Requires-Dist: fastapi>=0.115.12; extra == 'all'
+Requires-Dist: mcp[cli]>=1.9.2; extra == 'all'
+Requires-Dist: selenium>=4.32.0; extra == 'all'
+Provides-Extra: embed-observability
+Requires-Dist: fastapi>=0.115.12; extra == 'embed-observability'
+Requires-Dist: selenium>=4.32.0; extra == 'embed-observability'
+Provides-Extra: mcp
+Requires-Dist: duckdb>=1.2.2; extra == 'mcp'
+Requires-Dist: mcp[cli]>=1.9.2; extra == 'mcp'
+Provides-Extra: user-attribute-updater
+Requires-Dist: fastapi>=0.115.12; extra == 'user-attribute-updater'
 Description-Content-Type: text/markdown
 
 # lkr cli
@@ -129,7 +138,7 @@ The observability command provides tools for monitoring and interacting with Loo
 - `GET /health`: Launches a headless browser to simulate embedding a dashboard, waits for a completion indicator, and logs the process for health checking. This endpoint accepts query parameters to help login users with custom attributes.
 
 > [!IMPORTANT]
-> Make sure you add the http://host:port to your domain allowlist in Admin Embed. [docs](https://cloud.google.com/looker/docs/embedded-javascript-events#adding_the_embed_domain_to_the_allowlist) Unless overridden, the default would be http://0.0.0.0:8080. These can also set via cli arguments. E.g., `lkr observability embed --host localhost --port 7777` or by setting the environment variables `HOST` and `PORT`. You can check the embed_domain by sending a request to the `/settings` endpoint.
+> Make sure you add the `http://host:port` to your domain allowlist in Admin Embed. [docs](https://cloud.google.com/looker/docs/embedded-javascript-events#adding_the_embed_domain_to_the_allowlist) Unless overridden, the default would be http://0.0.0.0:8080. These can also set via cli arguments. E.g., `lkr observability embed --host localhost --port 7777` or by setting the environment variables `HOST` and `PORT`. You can check the embed_domain by sending a request to the `/settings` endpoint.
 
 
 For example:
@@ -209,4 +218,192 @@ gcloud monitoring uptime create lkr-observability-health-check \
 ```
 
 ### Alternative Usage
-This can also be used to stress test your Looker environment as it serves an API that logs into a Looker embedded dashboard and runs queries like a user would within Chromium. If you wrote a script to repeatedly call this API with different parameters, you could use it to stress test your Looker environment and/or your database.
+This can also be used to stress test your Looker environment as it serves an API that logs into a Looker embedded dashboard and runs queries like a user would within Chromium. If you wrote a script to repeatedly call this API with different parameters, you could use it to stress test your Looker environment and/or your database.
+
+## User Attribute Updater (OIDC Token)
+
+1. Create a new cloud run using the `lkr-cli` public docker image `us-central1-docker.pkg.dev/lkr-dev-production/lkr-cli/cli:latest`
+2. Put in the environment variables LOOKERSDK_CLIENT_ID, LOOKERSDK_CLIENT_SECRET, LOOKERSDK_BASE_URL, LOOKER_WHITELISTED_BASE_URLS. The `LOOKER_WHITELISTED_BASE_URLS` would be the same url as the `LOOKERSDK_BASE_URL` if you are only using this for a single Looker instance. For more advanced use cases, you can set the `LOOKER_WHITELISTED_BASE_URLS` to a comma separated list of urls. The body of the request also accepts a `base_url`, `client_id`, and `client_secret` key that will override these settings. See example [`gcloud` command](#example-gcloud-command)
+3. For the command and arguments use:
+   - command: `lkr`
+   - args: `tools` `user-attribute-updater`
+4. Deploy the cloud run
+5. Retrieve the URL of the cloud run
+6. Create the user attribute 
+   - Name: cloud_run_access_token 
+   - Data Type: String
+   - User Access: None
+   - Hide values: Yes
+   - Domain Allowlist: The URL of the cloud run from step 4. Looker will only allow the user attribute to be set if the request is going to this URL
+
+> [!NOTE]
+> The user attribute name can be anything you want. Typically you will be using this with an extension, so you should follow the naming convention of the type of user attribute you will be using with the extension. I would recommend using a `scoped user attributes` for this. See [Extension User Attributes](https://www.npmjs.com/package/@looker/extension-sdk#user-attributes). If you are using a `global_user_attribute`, then you can just use the name of it like `cloud_run_access_token`.
+
+6. Create a new cloud scheduler
+   - cron: `0 * * * *`
+   - Target Type: Cloud Run
+   - URL: The URL of the cloud run from step 4 with a path of `/identity_token`. E.g. `https://your-cloud-run-url.com/identity_token`
+   - HTTP Method: POST
+   - Headers: `Content-Type: application/json`
+   - Body: Use the user attribute_name from  step 5, or use the user_attribute_id found in the Looker URL after you created it or are editing it
+
+    ```json
+    {
+      "user_attribute": "cloud_run_access_token",
+      "update_type": "default"
+    }
+    ```
+   - Auth Header: OIDC Token
+   - Service Account: Choose the service account you want to use to run the cloud scheduler
+   - Audience: The URL of the cloud run
+   - Max Retries: >0
+7. Make sure the Service Account has the `Cloud Run Invoker` role
+8. Navigate the the cloud scheduler page, select the one you just created, and click Force Run
+9. Check the logs of the cloud run to see if there was a 200 response
+
+
+### Example `gcloud` command
+```bash
+export REGION=<your region>
+export PROJECT=<your project id>
+
+gcloud run deploy lkr-access-token-updater \
+  --image us-central1-docker.pkg.dev/lkr-dev-production/lkr-cli/cli:latest \
+  --command lkr \
+  --args tools,user-attribute-updater \
+  --platform managed \
+  --region $REGION \
+  --project $PROJECT \
+  --cpu 1 \
+  --memory 2Gi \
+  --set-env-vars LOOKERSDK_CLIENT_ID=<your client id>,LOOKERSDK_CLIENT_SECRET=<your client secret>,LOOKERSDK_BASE_URL=<your instance url>,LOOKER_WHITELISTED_BASE_URLS=<your instance url>
+  ```
+
+## UserAttributeUpdater `lkr-dev-cli`
+
+Exported from the `lkr-dev-cli` package is the `UserAttributeUpdater` pydantic class. This class has all the necessary logic to update a user attribute value. 
+
+It supports the following operations:
+- Updating a default value
+- Updating a group value
+- Updating a user value
+- Deleting a default value
+- Deleting a group value
+- Deleting a user value
+
+It can also support looking up looker ids. It will lookup the following if the id is not provided:
+- user_attribute_id by the name
+- user_id by the email or external_user_id
+- group_id by the name
+
+
+### Example Usage
+
+```python
+from lkr import UserAttributeUpdater
+
+# without credentials
+updater = UserAttributeUpdater(
+    user_attribute="cloud_run_access_token",
+    update_type="default",
+    value="123",
+)
+
+
+# with credentials
+updater = UserAttributeUpdater(
+    user_attribute="cloud_run_access_token",
+    update_type="default",
+    value="123",
+    base_url="https://your-looker-instance.com",
+    client_id="your-client-id",
+    client_secret="your-client-secret",
+)
+
+updater.update_user_attribute_value()
+
+# Getting authorization header from a FastAPI request
+from fastapi import Request
+from lkr import UserAttributeUpdater
+
+@app.post("/request_authorization")
+def request_authorization(request: Request):
+    body = await request.json()
+    updater = UserAttributeUpdater.model_validate(body)
+    updater.get_request_authorization_for_value(request.headers.items())
+    updater.update_user_attribute_value()
+
+@app.post("/as_body")
+def as_body(request: Request, body: UserAttributeUpdater):
+    body.get_request_authorization_for_value(request.headers.items())
+    body.update_user_attribute_value()
+
+@app.post("/assigning_value")
+def assigning_value(request: Request):
+    updater = UserAttributeUpdater(
+      user_attribute="cloud_run_access_token",
+      update_type="default"
+    )
+    updater.value = request.headers.get("my_custom_header")
+    updater.update_user_attribute_value()
+
+@app.delete("/:user_attribute_name/:email")
+def delete_user_attribute(user_attribute_name: str, email: str):
+    updater = UserAttributeUpdater(
+      user_attribute=user_attribute_name,
+      update_type="user",
+      email=email,
+    )
+    updater.delete_user_attribute_value()
+
+## Optional Dependencies
+
+The `lkr` CLI supports optional dependencies that enable additional functionality. You can install these individually or all at once.
+
+### Available Extras
+
+- **`mcp`**: Enables the MCP (Model Context Protocol) server functionality
+  - Includes: `mcp[cli]>=1.9.2`, `duckdb>=1.2.2`
+- **`embed-observability`**: Enables the observability embed monitoring features
+  - Includes: `fastapi>=0.115.12`, `selenium>=4.32.0`
+- **`user-attribute-updater`**: Enables the user attribute updater functionality
+  - Includes: `fastapi>=0.115.12`
+
+### Installing Optional Dependencies
+
+**Install all optional dependencies:**
+```bash
+uv sync --extra all
+```
+
+**Install specific extras:**
+```bash
+# Install MCP functionality
+uv sync --extra mcp
+
+# Install observability features
+uv sync --extra embed-observability
+
+# Install user attribute updater
+uv sync --extra user-attribute-updater
+
+# Install multiple extras
+uv sync --extra mcp --extra embed-observability
+```
+
+**Using pip:**
+```bash
+# Install all optional dependencies
+pip install lkr-dev-cli[all]
+
+# Install specific extras
+pip install lkr-dev-cli[mcp,embed-observability,user-attribute-updater]
+```
+
+### What Each Extra Enables
+
+- **`mcp`**: Use the MCP server with tools like Cursor for enhanced IDE integration
+- **`embed-observability`**: Run the observability embed server for monitoring Looker dashboard performance
+- **`user-attribute-updater`**: Deploy the user attribute updater service for OIDC token management
+
+All extras are designed to work together seamlessly, and installing `all` is equivalent to installing all individual extras.

{lkr_dev_cli-0.0.29.dist-info → lkr_dev_cli-0.0.31.dist-info}/RECORD

@@ -5,7 +5,7 @@ lkr/constants.py,sha256=DdCfsV6q8wgs2iHpIQeb6oDP_2XejusEHyPvCbaM3yY,108
 lkr/custom_types.py,sha256=feJ-W2U61PJTiotMLuZJqxrotA53er95kO1O30mooy4,323
 lkr/exceptions.py,sha256=M_aR4YaCZtY4wyxhcoqJCVkxVu9z3Wwo5KgSDyOoEnI,210
 lkr/logger.py,sha256=vKlJZqiMzJbYBzmiiD0HzJp-J-rHd4nWX-7P4ZKgh78,2033
-lkr/main.py,sha256=pTVibYNb7Wh-dKVbqAozUGWPbeofqIo0gQceZSXoySQ,2464
+lkr/main.py,sha256=TZR6GQ0Yc5Tp6XlUAVHi6Zpj3JcQ_DSZp9YuGhymu-c,2491
 lkr/auth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 lkr/auth/main.py,sha256=7tWGPWokzbBnrX1enZ9YP4rdDJqYBlGfuYe0Wg-fXT4,7532
 lkr/auth/oauth.py,sha256=n2yAcccdBZaloGVtFRTwCPBfh1cvVYNbXLsFCxmWc5M,7207
@@ -16,10 +16,10 @@ lkr/observability/classes.py,sha256=LgGuUnY-J1csPrlAKnw4PPOqOfbvaOx2cxENlQgJYcE,
 lkr/observability/embed_container.html,sha256=IcDG-QVsYYNGQGrkDrx9OMZ2Pmo4C8oAjRHddFQ7Tlw,2939
 lkr/observability/main.py,sha256=XbejIdqhNNUMqHVezb5EnLaJ32dO9-Bt0o5d8lc0kyw,9544
 lkr/observability/utils.py,sha256=UpaBrp_ufaXLoz4p3xG3K6lHKBpP9wBhvP8rDmeGoWg,2148
-lkr/tools/classes.py,sha256=7QJwm0Ywm8QIqkvgCWnpRI12C-DxLUznXj_BNF_gifI,7759
-lkr/tools/main.py,sha256=5Ak_VWziE-U2RiXy0bfGkAGHcjyD36OFxILdS06L0qg,2689
-lkr_dev_cli-0.0.29.dist-info/METADATA,sha256=Ldb4fpu2ztX7-07ynB3crjqhA9LxWx2IJwFMhYeJIWk,10953
-lkr_dev_cli-0.0.29.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-lkr_dev_cli-0.0.29.dist-info/entry_points.txt,sha256=nn2sFMGDpwUVE61ZUpbDPnQZkW7Gc08nV-tyLGo8q34,37
-lkr_dev_cli-0.0.29.dist-info/licenses/LICENSE,sha256=hKnCOORW1JRE_M2vStz8dblS5u1iR-2VpqS9xagKNa0,1063
-lkr_dev_cli-0.0.29.dist-info/RECORD,,
+lkr/tools/classes.py,sha256=ZyRRCQjjwV4WVWGmKlTfXiLiOGUf67XgrboYhOLuLts,7508
+lkr/tools/main.py,sha256=u9O5JgGVFscav9wFcrHd5ZPUUue_KpeK0QukYKqzros,2683
+lkr_dev_cli-0.0.31.dist-info/METADATA,sha256=8QimDm78NO_wvLUt3XJ_SlwdMkCY3pk5Jt8KY1FuGxo,18527
+lkr_dev_cli-0.0.31.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+lkr_dev_cli-0.0.31.dist-info/entry_points.txt,sha256=nn2sFMGDpwUVE61ZUpbDPnQZkW7Gc08nV-tyLGo8q34,37
+lkr_dev_cli-0.0.31.dist-info/licenses/LICENSE,sha256=hKnCOORW1JRE_M2vStz8dblS5u1iR-2VpqS9xagKNa0,1063
+lkr_dev_cli-0.0.31.dist-info/RECORD,,