python4cpm 1.0.10__tar.gz

python4cpm-1.0.10/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gonzalo Atienza Rela
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

python4cpm-1.0.10/PKG-INFO

@@ -0,0 +1,243 @@
+Metadata-Version: 2.4
+Name: python4cpm
+Version: 1.0.10
+Summary: Python for CPM
+Author-email: Gonzalo Atienza Rela <gonatienza@gmail.com>
+License: MIT License
+        
+        Copyright (c) 2026 Gonzalo Atienza Rela
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in
+        all copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+        THE SOFTWARE.
+        
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: dev
+Requires-Dist: ruff; extra == "dev"
+Dynamic: license-file
+
+# Python4CPM
+
+A simple way of using python scripts with CyberArk CPM rotations.  This module levereages the [Terminal Plugin Controller](https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/plug-in-terminal-plugin-controller.htm) (TPC) in CPM to offload a password rotation logic into a script.
+
+This platform allows you to duplicate it multiple times, simply changing its settings from Privilege Cloud/PVWA to point to different python scripts leveraging the module included with the base platform.
+
+## Installation
+
+### Preparing Python
+
+1. Install Python in CPM.  **Python must be installed for all users when running the install wizard**.
+2. Create a venv in CPM, by running `py -m venv c:\venv`.  Use the default location `c:\venv` or a custom one (e.g., `c:\my-venv-path`).
+3. Install `python4cpm` in your venv:
+    - If your CPM can connect to the internet, install with `c:\venv\Scripts\pip install python4cpm`.
+    - If your CPM cannot connect to the internet:
+        - Download the [latest wheel](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-wheel.zip).
+        - Copy the file to CPM, extract to a temporary location.
+        - From the temporary location run `c:\venv\Scripts\pip install --no-index --find-links=.\python4cpm-wheel python4cpm`.
+
+
+### Importing the platform
+
+1. Download the [latest platform zip file](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-platform.zip).
+2. Import the platform zip file into Privilege Cloud/PVWA `(Administration -> Platform Management -> Import platform)`.
+3. Craft your python script and place it within the bin folder of CPM (`C:\Program Files (x86)\CyberArk\Password Manager\bin`).
+4. Duplicate the imported platform in Privilege Cloud/PVWA `(Administration -> Platform Management -> Application -> Python for CPM)` and name it after your application (e.g., My App).
+5. Edit the duplicated platform and specify the path of your placed script in the bin folder of CPM, under `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonScriptPath -> Value` (e.g., `bin\myapp.py`).
+6. If you used a custom venv location, also update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonExePath -> Value` with the custom path for the venv's `python.exe` file (e.g., `c:\my-venv-path\Scripts\python.exe`).
+7. If you want to disable logging, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging -> Value` to `no`.
+8. If you want to change the logging level to `debug`, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel -> Value` to `debug`.
+9. For new applications repeat steps from 3 to 8.
+
+
+## Python Script
+
+### Example:
+
+```python
+from python4cpm import Python4CPM
+
+
+p4cpm = Python4CPM("MyApp") # this instantiates the object and grabs all arguments and secrets shared by TPC
+
+# These are the usable properties and related methods from the object:
+p4cpm.args.action # action requested from CPM
+p4cpm.args.address # address from the account address field
+p4cpm.args.username # username from the account username field
+p4cpm.args.reconcile_username # reconcile username from the linked reconcile account
+p4cpm.args.logon_username # logon username from the linked logon account
+p4cpm.args.logging # used to carry the platform logging settings for python
+p4cpm.secrets.password.get() # get str from password received from the vault
+p4cpm.secrets.new_password.get() # get str from new password in case of a rotation
+p4cpm.secrets.logon_password.get() # get str from linked logon account password
+p4cpm.secrets.reconcile_password.get() # get str from linked reconcile account password
+
+# Logging methods -> Will only log if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging is set to yes (default is yes)
+p4cpm.log_error("this is an error message") # logs error into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_warning("this is a warning message") # logs warning into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_info("this is an info message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log
+# Logging level -> Will only log debug messages if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel is set to debug (default is info)
+p4cpm.log_debug("this is an debug message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log if logging level is set to debug
+
+# Terminate signals -> ALWAYS use one of the following three signals to terminate the script
+## p4cpm.close_success() # terminate with success state
+## p4cpm.close_fail() # terminate with recoverable failed state
+## p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+# If no signal is call, CPM will not know if the action was successful and display an error
+
+
+# Verification example -> verify the username and password are valid
+def verify(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # for your logic in a verification
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.reconcile_username, p4cpm.secrets.reconcile_password.get()
+        # for your logic in a verification
+    result = True
+    if result is True:
+        p4cpm.log_info("verification successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("verify failed") # raise to trigger failed termination signal
+
+
+# Rotation example -> rotate the password of the account
+def change(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # and p4cpm.secrets.new_password.get() for your logic in a rotation
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.args.reconcile_username,
+        # p4cpm.secrets.reconcile_password.get() and p4cpm.secrets.new_password.get() for your logic in a reconciliation
+    result = True
+    if result is True:
+        p4cpm.log_info("rotation successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("change failed") # raise to trigger failed termination signal
+
+
+if __name__ == "__main__":
+    try:
+        if action == Python4CPM.ACTION_VERIFY: # class attribute ACTION_VERIFY holds the verify action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_LOGON: # class attribute ACTION_LOGON holds the logon action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_CHANGE: # class attribute ACTION_CHANGE holds the password change action value
+            change()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_PRERECONCILE: # class attribute ACTION_PRERECONCILE holds the pre-reconcile action value
+            verify(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        elif p4cpm.args.action == Python4CPM.ACTION_RECONCILE: # class attribute ACTION_RECONCILE holds the reconcile action value
+            change(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        else:
+            p4cpm.log_error(f"invalid action: '{action}'") # logs into Logs/ThirdParty/Python4CPM/MyApp.log
+            p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+    except Exception as e:
+        p4cpm.log_error(f"{type(e).__name__}: {e}")
+        p4cpm.close_fail()
+```
+(*) a more realistic examples can be found [here](https://github.com/gonatienza/python4cpm/blob/main/examples).
+
+When doing `verify`, `change` or `reconcile` from Privilege Cloud/PVWA:
+1. Verify -> the sciprt will be executed once with the `p4cpm.args.action` as `Python4CPM.ACTION_VERIFY`.
+2. Change -> the sciprt will be executed twice, once with the action `p4cpm.args.action` as `Python4CPM.ACTION_LOGON` and once as `Python4CPM.ACTION_CHANGE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall change will fail.
+3. Reconcile -> the sciprt will be executed twice, once with the `p4cpm.args.action` as `Python4CPM.ACTION_PRERECONCILE` and once as `Python4CPM.ACTION_RECONCILE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall reconcile will fail.
+4. When `p4cpm.args.action` comes as `Python4CPM.ACTION_VERIFY`, `Python4CPM.ACTION_LOGON` or `Python4CPM.ACTION_PRERECONCILE`: `p4cpm.secrets.new_password.get()` will always return an empty string.
+5. If a logon account is not linked, `p4cpm.args.logon_username` and `p4cpm.secrets.logon_password.get()` will return an empty string.
+6. If a reconcile account is not linked, `p4cpm.args.reconcile_username` and `p4cpm.secrets.reconcile_password.get()` will return an empty string.
+
+
+### Installing dependancies in python venv
+
+As with any python venv, you can install dependancies in your venv.
+1. If your CPM can connect to the internet:
+   - You can use regular pip install commands (e.g., `c:\venv\Scripts\pip.exe install requests`).
+2. If your CPM cannot connect to the internet:
+   - You can download packages for an offline install.  More info [here](https://pip.pypa.io/en/stable/cli/pip_download/).
+
+
+## Dev Helper:
+
+TPC is a binary Terminal Plugin Controller in CPM.  It passes information to Python4CPM through arguments and prompts when calling the script.
+For dev purposes, `TPCHelper` is a companion helper that simplifies the instantiation of the `Python4CPM` object by simulating how TPC passes those arguments and prompts.
+Install this module (in a dev workstation) with:
+
+```bash
+pip install https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-latest-py3-none-any.whl
+```
+
+### Example:
+
+```python
+from python4cpm import TPCHelper, Python4CPM
+from getpass import getpass
+
+# Get secrets for your password, logon account password, reconcile account password and new password
+# You can use an empty string if it does not apply
+password = getpass("password: ") # password from account
+logon_password = getpass("logon_password: ") # password from linked logon account
+reconcile_password = getpass("reconcile_password: ") # password from linked reconcile account
+new_password = getpass("new_password: ") # new password for the rotation
+
+p4cpm = TPCHelper.run(
+    action=Python4CPM.ACTION_LOGON, # use actions from Python4CPM.ACTION_*
+    address="myapp.corp.local", # populate with the address from your account properties
+    username="jdoe", # populate with the username from your account properties
+    logon_username="ldoe", # populate with the logon account username from your linked logon account
+    reconcile_username="rdoe", # ppopulate with the reconcile account username from your linked logon account
+    logging="yes", # populate with the PythonLogging parameter from the platform: "yes" or "no"
+    logging_level="info", # populate with the PythonLoggingLevel parameter from the platform: "info" or "debug"
+    password=password,
+    logon_password=logon_password,
+    reconcile_password=reconcile_password,
+    new_password=new_password
+)
+
+# Use the p4cpm object during dev to build your script logic
+assert password == p4cpm.secrets.password.get()
+p4cpm.log_info("success!")
+p4cpm.close_success()
+
+# Remember for your final script:
+## changing the definition of p4cpm from TPCHelper.run() to Python4CPM("MyApp")
+## remove any secrets prompting
+## remove the TPCHelper import
+```
+
+Remember for your final script:
+- Change the definition of `p4cpm` from `p4cpm = TPCHelper.run(**kwargs)` to `p4cpm = Python4CPM("MyApp")`.
+- Remove any secrets prompting or interactive interruptions.
+- Remove the import of `TPCHelper`.

python4cpm-1.0.10/README.md

@@ -0,0 +1,209 @@
+# Python4CPM
+
+A simple way of using python scripts with CyberArk CPM rotations.  This module levereages the [Terminal Plugin Controller](https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/plug-in-terminal-plugin-controller.htm) (TPC) in CPM to offload a password rotation logic into a script.
+
+This platform allows you to duplicate it multiple times, simply changing its settings from Privilege Cloud/PVWA to point to different python scripts leveraging the module included with the base platform.
+
+## Installation
+
+### Preparing Python
+
+1. Install Python in CPM.  **Python must be installed for all users when running the install wizard**.
+2. Create a venv in CPM, by running `py -m venv c:\venv`.  Use the default location `c:\venv` or a custom one (e.g., `c:\my-venv-path`).
+3. Install `python4cpm` in your venv:
+    - If your CPM can connect to the internet, install with `c:\venv\Scripts\pip install python4cpm`.
+    - If your CPM cannot connect to the internet:
+        - Download the [latest wheel](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-wheel.zip).
+        - Copy the file to CPM, extract to a temporary location.
+        - From the temporary location run `c:\venv\Scripts\pip install --no-index --find-links=.\python4cpm-wheel python4cpm`.
+
+
+### Importing the platform
+
+1. Download the [latest platform zip file](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-platform.zip).
+2. Import the platform zip file into Privilege Cloud/PVWA `(Administration -> Platform Management -> Import platform)`.
+3. Craft your python script and place it within the bin folder of CPM (`C:\Program Files (x86)\CyberArk\Password Manager\bin`).
+4. Duplicate the imported platform in Privilege Cloud/PVWA `(Administration -> Platform Management -> Application -> Python for CPM)` and name it after your application (e.g., My App).
+5. Edit the duplicated platform and specify the path of your placed script in the bin folder of CPM, under `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonScriptPath -> Value` (e.g., `bin\myapp.py`).
+6. If you used a custom venv location, also update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonExePath -> Value` with the custom path for the venv's `python.exe` file (e.g., `c:\my-venv-path\Scripts\python.exe`).
+7. If you want to disable logging, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging -> Value` to `no`.
+8. If you want to change the logging level to `debug`, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel -> Value` to `debug`.
+9. For new applications repeat steps from 3 to 8.
+
+
+## Python Script
+
+### Example:
+
+```python
+from python4cpm import Python4CPM
+
+
+p4cpm = Python4CPM("MyApp") # this instantiates the object and grabs all arguments and secrets shared by TPC
+
+# These are the usable properties and related methods from the object:
+p4cpm.args.action # action requested from CPM
+p4cpm.args.address # address from the account address field
+p4cpm.args.username # username from the account username field
+p4cpm.args.reconcile_username # reconcile username from the linked reconcile account
+p4cpm.args.logon_username # logon username from the linked logon account
+p4cpm.args.logging # used to carry the platform logging settings for python
+p4cpm.secrets.password.get() # get str from password received from the vault
+p4cpm.secrets.new_password.get() # get str from new password in case of a rotation
+p4cpm.secrets.logon_password.get() # get str from linked logon account password
+p4cpm.secrets.reconcile_password.get() # get str from linked reconcile account password
+
+# Logging methods -> Will only log if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging is set to yes (default is yes)
+p4cpm.log_error("this is an error message") # logs error into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_warning("this is a warning message") # logs warning into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_info("this is an info message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log
+# Logging level -> Will only log debug messages if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel is set to debug (default is info)
+p4cpm.log_debug("this is an debug message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log if logging level is set to debug
+
+# Terminate signals -> ALWAYS use one of the following three signals to terminate the script
+## p4cpm.close_success() # terminate with success state
+## p4cpm.close_fail() # terminate with recoverable failed state
+## p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+# If no signal is call, CPM will not know if the action was successful and display an error
+
+
+# Verification example -> verify the username and password are valid
+def verify(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # for your logic in a verification
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.reconcile_username, p4cpm.secrets.reconcile_password.get()
+        # for your logic in a verification
+    result = True
+    if result is True:
+        p4cpm.log_info("verification successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("verify failed") # raise to trigger failed termination signal
+
+
+# Rotation example -> rotate the password of the account
+def change(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # and p4cpm.secrets.new_password.get() for your logic in a rotation
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.args.reconcile_username,
+        # p4cpm.secrets.reconcile_password.get() and p4cpm.secrets.new_password.get() for your logic in a reconciliation
+    result = True
+    if result is True:
+        p4cpm.log_info("rotation successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("change failed") # raise to trigger failed termination signal
+
+
+if __name__ == "__main__":
+    try:
+        if action == Python4CPM.ACTION_VERIFY: # class attribute ACTION_VERIFY holds the verify action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_LOGON: # class attribute ACTION_LOGON holds the logon action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_CHANGE: # class attribute ACTION_CHANGE holds the password change action value
+            change()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_PRERECONCILE: # class attribute ACTION_PRERECONCILE holds the pre-reconcile action value
+            verify(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        elif p4cpm.args.action == Python4CPM.ACTION_RECONCILE: # class attribute ACTION_RECONCILE holds the reconcile action value
+            change(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        else:
+            p4cpm.log_error(f"invalid action: '{action}'") # logs into Logs/ThirdParty/Python4CPM/MyApp.log
+            p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+    except Exception as e:
+        p4cpm.log_error(f"{type(e).__name__}: {e}")
+        p4cpm.close_fail()
+```
+(*) a more realistic examples can be found [here](https://github.com/gonatienza/python4cpm/blob/main/examples).
+
+When doing `verify`, `change` or `reconcile` from Privilege Cloud/PVWA:
+1. Verify -> the sciprt will be executed once with the `p4cpm.args.action` as `Python4CPM.ACTION_VERIFY`.
+2. Change -> the sciprt will be executed twice, once with the action `p4cpm.args.action` as `Python4CPM.ACTION_LOGON` and once as `Python4CPM.ACTION_CHANGE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall change will fail.
+3. Reconcile -> the sciprt will be executed twice, once with the `p4cpm.args.action` as `Python4CPM.ACTION_PRERECONCILE` and once as `Python4CPM.ACTION_RECONCILE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall reconcile will fail.
+4. When `p4cpm.args.action` comes as `Python4CPM.ACTION_VERIFY`, `Python4CPM.ACTION_LOGON` or `Python4CPM.ACTION_PRERECONCILE`: `p4cpm.secrets.new_password.get()` will always return an empty string.
+5. If a logon account is not linked, `p4cpm.args.logon_username` and `p4cpm.secrets.logon_password.get()` will return an empty string.
+6. If a reconcile account is not linked, `p4cpm.args.reconcile_username` and `p4cpm.secrets.reconcile_password.get()` will return an empty string.
+
+
+### Installing dependancies in python venv
+
+As with any python venv, you can install dependancies in your venv.
+1. If your CPM can connect to the internet:
+   - You can use regular pip install commands (e.g., `c:\venv\Scripts\pip.exe install requests`).
+2. If your CPM cannot connect to the internet:
+   - You can download packages for an offline install.  More info [here](https://pip.pypa.io/en/stable/cli/pip_download/).
+
+
+## Dev Helper:
+
+TPC is a binary Terminal Plugin Controller in CPM.  It passes information to Python4CPM through arguments and prompts when calling the script.
+For dev purposes, `TPCHelper` is a companion helper that simplifies the instantiation of the `Python4CPM` object by simulating how TPC passes those arguments and prompts.
+Install this module (in a dev workstation) with:
+
+```bash
+pip install https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-latest-py3-none-any.whl
+```
+
+### Example:
+
+```python
+from python4cpm import TPCHelper, Python4CPM
+from getpass import getpass
+
+# Get secrets for your password, logon account password, reconcile account password and new password
+# You can use an empty string if it does not apply
+password = getpass("password: ") # password from account
+logon_password = getpass("logon_password: ") # password from linked logon account
+reconcile_password = getpass("reconcile_password: ") # password from linked reconcile account
+new_password = getpass("new_password: ") # new password for the rotation
+
+p4cpm = TPCHelper.run(
+    action=Python4CPM.ACTION_LOGON, # use actions from Python4CPM.ACTION_*
+    address="myapp.corp.local", # populate with the address from your account properties
+    username="jdoe", # populate with the username from your account properties
+    logon_username="ldoe", # populate with the logon account username from your linked logon account
+    reconcile_username="rdoe", # ppopulate with the reconcile account username from your linked logon account
+    logging="yes", # populate with the PythonLogging parameter from the platform: "yes" or "no"
+    logging_level="info", # populate with the PythonLoggingLevel parameter from the platform: "info" or "debug"
+    password=password,
+    logon_password=logon_password,
+    reconcile_password=reconcile_password,
+    new_password=new_password
+)
+
+# Use the p4cpm object during dev to build your script logic
+assert password == p4cpm.secrets.password.get()
+p4cpm.log_info("success!")
+p4cpm.close_success()
+
+# Remember for your final script:
+## changing the definition of p4cpm from TPCHelper.run() to Python4CPM("MyApp")
+## remove any secrets prompting
+## remove the TPCHelper import
+```
+
+Remember for your final script:
+- Change the definition of `p4cpm` from `p4cpm = TPCHelper.run(**kwargs)` to `p4cpm = Python4CPM("MyApp")`.
+- Remove any secrets prompting or interactive interruptions.
+- Remove the import of `TPCHelper`.

python4cpm-1.0.10/pyproject.toml

@@ -0,0 +1,27 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "python4cpm"
+version = "1.0.10"
+description = "Python for CPM"
+authors = [
+  { name = "Gonzalo Atienza Rela", email = "gonatienza@gmail.com" }
+]
+dependencies = []
+requires-python = ">=3.8"
+readme = { file = "README.md", content-type = "text/markdown" }
+license = { file = "LICENSE" }
+
+[project.optional-dependencies]
+dev = ["ruff"]
+
+[tool.setuptools]
+package-dir = { "" = "src" }
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "S"]

python4cpm-1.0.10/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

python4cpm-1.0.10/src/python4cpm/__init__.py

@@ -0,0 +1,13 @@
+from python4cpm.python4cpm import Args, Secret, Secrets, Python4CPM
+from python4cpm.tpchelper import TPCHelper
+from importlib.metadata import version as __version
+
+__version__ = __version(__name__)
+
+__all__ = [
+    Args,
+    Secret,
+    Secrets,
+    Python4CPM,
+    TPCHelper
+]

python4cpm-1.0.10/src/python4cpm/python4cpm.py

@@ -0,0 +1,257 @@
+import os
+import sys
+import logging
+from logging.handlers import RotatingFileHandler
+from argparse import ArgumentParser
+
+
+class Args:
+    ARGS = (
+        "action",
+        "address",
+        "username",
+        "logon_username",
+        "reconcile_username",
+        "logging",
+        "logging_level"
+    )
+
+    def __init__(
+        self: str,
+        action: str,
+        address: str,
+        username: str,
+        reconcile_username: str,
+        logon_username: str,
+        logging: str,
+        logging_level: str
+    ) -> None:
+        self._action = action
+        self._address = address
+        self._username = username
+        self._reconcile_username = reconcile_username
+        self._logon_username = logon_username
+        self._logging = logging
+        self._logging_level = logging_level
+
+    @property
+    def action(self) -> str:
+        return self._action
+
+    @property
+    def address(self) -> str:
+        return self._address
+
+    @property
+    def username(self) -> str:
+        return self._username
+
+    @property
+    def reconcile_username(self) -> str:
+        return self._reconcile_username
+
+    @property
+    def logon_username(self) -> str:
+        return self._logon_username
+
+    @property
+    def logging(self) -> str:
+        return self._logging
+
+    @property
+    def logging_level(self) -> str:
+        return self._logging_level
+
+
+class Secret:
+    def __init__(self, value: str) -> None:
+        self._secret = value
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}('***')"
+
+    def get(self) -> str:
+        return self._secret
+
+
+class Secrets:
+    SECRETS = (
+        "password",
+        "logon_password",
+        "reconcile_password",
+        "new_password"
+    )
+
+    def __init__(
+        self: str,
+        password: str,
+        logon_password: str,
+        reconcile_password: str,
+        new_password: str
+    ) -> None:
+        self._password = Secret(password)
+        self._logon_password = Secret(logon_password)
+        self._reconcile_password = Secret(reconcile_password)
+        self._new_password = Secret(new_password)
+
+    @property
+    def password(self) -> str:
+        return self._password
+
+    @property
+    def new_password(self) -> str:
+        return self._new_password
+
+    @property
+    def logon_password(self) -> str:
+        return self._logon_password
+
+    @property
+    def reconcile_password(self) -> str:
+        return self._reconcile_password
+
+
+class Python4CPM:
+    ACTION_VERIFY = "verifypass"
+    ACTION_LOGON = "logon"
+    ACTION_CHANGE = "changepass"
+    ACTION_PRERECONCILE = "prereconcilepass"
+    ACTION_RECONCILE = "reconcilepass"
+    _VALID_ACTIONS = (
+        ACTION_VERIFY,
+        ACTION_LOGON,
+        ACTION_CHANGE,
+        ACTION_PRERECONCILE,
+        ACTION_RECONCILE,
+    )
+    _LOGS_DIR = os.path.join("Logs", "ThirdParty", "Python4CPM")
+    _CPM_ROOT_DIR = "C:\\Program Files (x86)\\CyberArk\\Password Manager"
+    if os.path.exists(_CPM_ROOT_DIR):
+        _LOGS_DIR = os.path.join(_CPM_ROOT_DIR, _LOGS_DIR)
+    _LOGGING_ENABLED_VALUE = "yes"
+    _LOGGING_LEVELS = {
+        "info": logging.INFO,
+        "debug": logging.DEBUG
+    }
+    _SECRETS_PADDING = "@@@"
+    _SUCCESS_PROMPT = "~~~SUCCESS~~~"
+    _FAILED_RECOVERABLE_PROMPT = "~~~FAILED_RECOVERABLE~~~"
+    _FAILED_UNRECOVERABLE_PROMPT = "~~~FAILED_UNRECOVERABLE~~~"
+
+    def __init__(self, name: str) -> None:
+        self._name = name
+        args = self._get_args()
+        self._args = Args(**args)
+        self._logger = self._get_logger(self._name)
+        self.log_info("Python4CPM.__init__: initiating...")
+        self._log_args()
+        self._verify_action()
+        secrets = self._get_secrets()
+        self._secrets = Secrets(**secrets)
+
+    @property
+    def args(self) -> Args:
+        return self._args
+
+    @property
+    def secrets(self) -> Secrets:
+        return self._secrets
+
+    @property
+    def logger(self) -> logging.Logger:
+        return self._logger
+
+    def log_debug(self, message: str) -> None:
+        if self._logger is not None:
+            self._logger.debug(message)
+
+    def log_info(self, message: str) -> None:
+        if self._logger is not None:
+            self._logger.info(message)
+
+    def log_warning(self, message: str) -> None:
+        if self._logger is not None:
+            self._logger.warning(message)
+
+    def log_error(self, message: str) -> None:
+        if self._logger is not None:
+            self._logger.error(message)
+
+    @staticmethod
+    def _get_args() -> dict:
+        parser = ArgumentParser()
+        for arg in Args.ARGS:
+            parser.add_argument(f"--{arg}")
+        args = parser.parse_args()
+        return dict(vars(args))
+
+    def _get_secrets(self) -> dict:
+        secrets = {}
+        try:
+            for secret in Secrets.SECRETS:
+                prompt = self._SECRETS_PADDING + secret + self._SECRETS_PADDING
+                secrets[secret] = input(prompt)
+                common_message = f"Python4CPM._get_secrets: {secret} ->"
+                if secrets[secret]:
+                    self.log_info(f"{common_message} [*******]")
+                else:
+                    self.log_info(f"{common_message} [NOT SET]")
+        except Exception as e:
+            self.log_error(f"Python4CPM._get_secrets: {type(e).__name__}: {e}")
+            self.close_fail()
+        return secrets
+
+    def _verify_action(self) -> None:
+        if self.args.action not in self._VALID_ACTIONS:
+            self.log_warning(
+                f"Python4CPM._verify_action: unkonwn action -> {self.args.action}"
+            )
+
+    def _log_args(self) -> None:
+        for key, value in vars(self._args).items():
+            common_message = f"Python4CPM._log_args: {key.strip('_')} ->"
+            if value:
+                self.log_info(f"{common_message} {value}")
+            else:
+                self.log_info(f"{common_message} [NOT SET]")
+
+    def _get_logger(self, name: str) -> logging.Logger:
+        if self._args.logging is None:
+            return None
+        if self._args.logging.lower() != self._LOGGING_ENABLED_VALUE:
+            return None
+        os.makedirs(self._LOGS_DIR, exist_ok=True)
+        logs_file = os.path.join(self._LOGS_DIR, f"{name}.log")
+        logger = logging.getLogger(name)
+        logging_level = self._args.logging_level.lower()
+        if logging_level in self._LOGGING_LEVELS:
+            logger.setLevel(self._LOGGING_LEVELS[logging_level])
+        else:
+            logger.setLevel(self._LOGGING_LEVELS["info"])
+        handler = RotatingFileHandler(
+            filename=logs_file,
+            maxBytes=1 * 1024 * 1024,
+            backupCount=2
+        )
+        formatter = logging.Formatter(
+            fmt="%(asctime)s | %(levelname)s | %(message)s",
+            datefmt="%Y-%m-%d %H:%M:%S"
+        )
+        handler.setFormatter(formatter)
+        logger.addHandler(handler)
+        return logger
+
+    def close_fail(self, unrecoverable: bool = False) -> None:
+        if unrecoverable is False:
+            prompt = self._FAILED_RECOVERABLE_PROMPT
+        else:
+            prompt = self._FAILED_UNRECOVERABLE_PROMPT
+        self.log_error(f"Python4CPM.close_fail: closing with {prompt}")
+        print(prompt)
+        sys.exit(1)
+
+    def close_success(self) -> None:
+        prompt = self._SUCCESS_PROMPT
+        self.log_info(f"Python4CPM.close_success: closing with {prompt}")
+        print(prompt)
+        sys.exit(0)

python4cpm-1.0.10/src/python4cpm/tpchelper.py

@@ -0,0 +1,44 @@
+from .python4cpm import Python4CPM, Args
+from unittest import mock
+
+
+class TPCHelper:
+    @classmethod
+    def run(
+        cls,
+        action: str = "",
+        address: str = "",
+        username: str = "",
+        logon_username: str = "",
+        reconcile_username: str = "",
+        logging: str = "",
+        logging_level: str = "",
+        password: str = "",
+        logon_password: str = "",
+        reconcile_password: str = "",
+        new_password: str = ""
+    ) -> Python4CPM:
+        args = [
+            "", # sys.argv[0] is ignored by argparse
+            f"--{Args.ARGS[0]}={action}",
+            f"--{Args.ARGS[1]}={address}",
+            f"--{Args.ARGS[2]}={username}",
+            f"--{Args.ARGS[3]}={logon_username}",
+            f"--{Args.ARGS[4]}={reconcile_username}",
+            f"--{Args.ARGS[5]}={logging}",
+            f"--{Args.ARGS[6]}={logging_level}"
+        ]
+        secrets = (
+            password,
+            logon_password,
+            reconcile_password,
+            new_password
+        )
+        with mock.patch(
+            "sys.argv",
+            args
+        ), mock.patch(
+            "builtins.input",
+            side_effect=secrets
+        ):
+            return Python4CPM(cls.__name__)

python4cpm-1.0.10/src/python4cpm.egg-info/PKG-INFO

@@ -0,0 +1,243 @@
+Metadata-Version: 2.4
+Name: python4cpm
+Version: 1.0.10
+Summary: Python for CPM
+Author-email: Gonzalo Atienza Rela <gonatienza@gmail.com>
+License: MIT License
+        
+        Copyright (c) 2026 Gonzalo Atienza Rela
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in
+        all copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+        THE SOFTWARE.
+        
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Provides-Extra: dev
+Requires-Dist: ruff; extra == "dev"
+Dynamic: license-file
+
+# Python4CPM
+
+A simple way of using python scripts with CyberArk CPM rotations.  This module levereages the [Terminal Plugin Controller](https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/plug-in-terminal-plugin-controller.htm) (TPC) in CPM to offload a password rotation logic into a script.
+
+This platform allows you to duplicate it multiple times, simply changing its settings from Privilege Cloud/PVWA to point to different python scripts leveraging the module included with the base platform.
+
+## Installation
+
+### Preparing Python
+
+1. Install Python in CPM.  **Python must be installed for all users when running the install wizard**.
+2. Create a venv in CPM, by running `py -m venv c:\venv`.  Use the default location `c:\venv` or a custom one (e.g., `c:\my-venv-path`).
+3. Install `python4cpm` in your venv:
+    - If your CPM can connect to the internet, install with `c:\venv\Scripts\pip install python4cpm`.
+    - If your CPM cannot connect to the internet:
+        - Download the [latest wheel](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-wheel.zip).
+        - Copy the file to CPM, extract to a temporary location.
+        - From the temporary location run `c:\venv\Scripts\pip install --no-index --find-links=.\python4cpm-wheel python4cpm`.
+
+
+### Importing the platform
+
+1. Download the [latest platform zip file](https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-platform.zip).
+2. Import the platform zip file into Privilege Cloud/PVWA `(Administration -> Platform Management -> Import platform)`.
+3. Craft your python script and place it within the bin folder of CPM (`C:\Program Files (x86)\CyberArk\Password Manager\bin`).
+4. Duplicate the imported platform in Privilege Cloud/PVWA `(Administration -> Platform Management -> Application -> Python for CPM)` and name it after your application (e.g., My App).
+5. Edit the duplicated platform and specify the path of your placed script in the bin folder of CPM, under `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonScriptPath -> Value` (e.g., `bin\myapp.py`).
+6. If you used a custom venv location, also update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonExePath -> Value` with the custom path for the venv's `python.exe` file (e.g., `c:\my-venv-path\Scripts\python.exe`).
+7. If you want to disable logging, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging -> Value` to `no`.
+8. If you want to change the logging level to `debug`, update `Target Account Platform -> Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel -> Value` to `debug`.
+9. For new applications repeat steps from 3 to 8.
+
+
+## Python Script
+
+### Example:
+
+```python
+from python4cpm import Python4CPM
+
+
+p4cpm = Python4CPM("MyApp") # this instantiates the object and grabs all arguments and secrets shared by TPC
+
+# These are the usable properties and related methods from the object:
+p4cpm.args.action # action requested from CPM
+p4cpm.args.address # address from the account address field
+p4cpm.args.username # username from the account username field
+p4cpm.args.reconcile_username # reconcile username from the linked reconcile account
+p4cpm.args.logon_username # logon username from the linked logon account
+p4cpm.args.logging # used to carry the platform logging settings for python
+p4cpm.secrets.password.get() # get str from password received from the vault
+p4cpm.secrets.new_password.get() # get str from new password in case of a rotation
+p4cpm.secrets.logon_password.get() # get str from linked logon account password
+p4cpm.secrets.reconcile_password.get() # get str from linked reconcile account password
+
+# Logging methods -> Will only log if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLogging is set to yes (default is yes)
+p4cpm.log_error("this is an error message") # logs error into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_warning("this is a warning message") # logs warning into Logs/ThirdParty/Python4CPM/MyApp.log
+p4cpm.log_info("this is an info message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log
+# Logging level -> Will only log debug messages if Automatic Platform Management -> Additional Policy Settings -> Parameters -> PythonLoggingLevel is set to debug (default is info)
+p4cpm.log_debug("this is an debug message") # logs info into Logs/ThirdParty/Python4CPM/MyApp.log if logging level is set to debug
+
+# Terminate signals -> ALWAYS use one of the following three signals to terminate the script
+## p4cpm.close_success() # terminate with success state
+## p4cpm.close_fail() # terminate with recoverable failed state
+## p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+# If no signal is call, CPM will not know if the action was successful and display an error
+
+
+# Verification example -> verify the username and password are valid
+def verify(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # for your logic in a verification
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.reconcile_username, p4cpm.secrets.reconcile_password.get()
+        # for your logic in a verification
+    result = True
+    if result is True:
+        p4cpm.log_info("verification successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("verify failed") # raise to trigger failed termination signal
+
+
+# Rotation example -> rotate the password of the account
+def change(from_reconcile=False):
+    if from_reconcile is False:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.secrets.password.get()
+        # and p4cpm.secrets.new_password.get() for your logic in a rotation
+    else:
+        pass
+        # Use p4cpm.args.address, p4cpm.args.username, p4cpm.args.reconcile_username,
+        # p4cpm.secrets.reconcile_password.get() and p4cpm.secrets.new_password.get() for your logic in a reconciliation
+    result = True
+    if result is True:
+        p4cpm.log_info("rotation successful") # logs info message into Logs/ThirdParty/Python4CPM/MyApp.log
+    else:
+        p4cpm.log_error("something went wrong") # logs error message Logs/ThirdParty/Python4CPM/MyApp.log
+        raise Exception("change failed") # raise to trigger failed termination signal
+
+
+if __name__ == "__main__":
+    try:
+        if action == Python4CPM.ACTION_VERIFY: # class attribute ACTION_VERIFY holds the verify action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_LOGON: # class attribute ACTION_LOGON holds the logon action value
+            verify()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_CHANGE: # class attribute ACTION_CHANGE holds the password change action value
+            change()
+            p4cpm.close_success() # terminate with success state
+        elif p4cpm.args.action == Python4CPM.ACTION_PRERECONCILE: # class attribute ACTION_PRERECONCILE holds the pre-reconcile action value
+            verify(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        elif p4cpm.args.action == Python4CPM.ACTION_RECONCILE: # class attribute ACTION_RECONCILE holds the reconcile action value
+            change(from_reconcile=True)
+            p4cpm.close_success() # terminate with success state
+            # Alternatively ->
+            ## p4cpm.log_error("reconciliation is not supported") # let the logs know that reconciliation is not supported
+            ## p4cpm.close_fail() # let CPM know to check the logs
+        else:
+            p4cpm.log_error(f"invalid action: '{action}'") # logs into Logs/ThirdParty/Python4CPM/MyApp.log
+            p4cpm.close_fail(unrecoverable=True) # terminate with unrecoverable failed state
+    except Exception as e:
+        p4cpm.log_error(f"{type(e).__name__}: {e}")
+        p4cpm.close_fail()
+```
+(*) a more realistic examples can be found [here](https://github.com/gonatienza/python4cpm/blob/main/examples).
+
+When doing `verify`, `change` or `reconcile` from Privilege Cloud/PVWA:
+1. Verify -> the sciprt will be executed once with the `p4cpm.args.action` as `Python4CPM.ACTION_VERIFY`.
+2. Change -> the sciprt will be executed twice, once with the action `p4cpm.args.action` as `Python4CPM.ACTION_LOGON` and once as `Python4CPM.ACTION_CHANGE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall change will fail.
+3. Reconcile -> the sciprt will be executed twice, once with the `p4cpm.args.action` as `Python4CPM.ACTION_PRERECONCILE` and once as `Python4CPM.ACTION_RECONCILE`.
+    - If all actions are not terminated with `p4cpm.close_success()` the overall reconcile will fail.
+4. When `p4cpm.args.action` comes as `Python4CPM.ACTION_VERIFY`, `Python4CPM.ACTION_LOGON` or `Python4CPM.ACTION_PRERECONCILE`: `p4cpm.secrets.new_password.get()` will always return an empty string.
+5. If a logon account is not linked, `p4cpm.args.logon_username` and `p4cpm.secrets.logon_password.get()` will return an empty string.
+6. If a reconcile account is not linked, `p4cpm.args.reconcile_username` and `p4cpm.secrets.reconcile_password.get()` will return an empty string.
+
+
+### Installing dependancies in python venv
+
+As with any python venv, you can install dependancies in your venv.
+1. If your CPM can connect to the internet:
+   - You can use regular pip install commands (e.g., `c:\venv\Scripts\pip.exe install requests`).
+2. If your CPM cannot connect to the internet:
+   - You can download packages for an offline install.  More info [here](https://pip.pypa.io/en/stable/cli/pip_download/).
+
+
+## Dev Helper:
+
+TPC is a binary Terminal Plugin Controller in CPM.  It passes information to Python4CPM through arguments and prompts when calling the script.
+For dev purposes, `TPCHelper` is a companion helper that simplifies the instantiation of the `Python4CPM` object by simulating how TPC passes those arguments and prompts.
+Install this module (in a dev workstation) with:
+
+```bash
+pip install https://github.com/gonatienza/python4cpm/releases/download/latest/python4cpm-latest-py3-none-any.whl
+```
+
+### Example:
+
+```python
+from python4cpm import TPCHelper, Python4CPM
+from getpass import getpass
+
+# Get secrets for your password, logon account password, reconcile account password and new password
+# You can use an empty string if it does not apply
+password = getpass("password: ") # password from account
+logon_password = getpass("logon_password: ") # password from linked logon account
+reconcile_password = getpass("reconcile_password: ") # password from linked reconcile account
+new_password = getpass("new_password: ") # new password for the rotation
+
+p4cpm = TPCHelper.run(
+    action=Python4CPM.ACTION_LOGON, # use actions from Python4CPM.ACTION_*
+    address="myapp.corp.local", # populate with the address from your account properties
+    username="jdoe", # populate with the username from your account properties
+    logon_username="ldoe", # populate with the logon account username from your linked logon account
+    reconcile_username="rdoe", # ppopulate with the reconcile account username from your linked logon account
+    logging="yes", # populate with the PythonLogging parameter from the platform: "yes" or "no"
+    logging_level="info", # populate with the PythonLoggingLevel parameter from the platform: "info" or "debug"
+    password=password,
+    logon_password=logon_password,
+    reconcile_password=reconcile_password,
+    new_password=new_password
+)
+
+# Use the p4cpm object during dev to build your script logic
+assert password == p4cpm.secrets.password.get()
+p4cpm.log_info("success!")
+p4cpm.close_success()
+
+# Remember for your final script:
+## changing the definition of p4cpm from TPCHelper.run() to Python4CPM("MyApp")
+## remove any secrets prompting
+## remove the TPCHelper import
+```
+
+Remember for your final script:
+- Change the definition of `p4cpm` from `p4cpm = TPCHelper.run(**kwargs)` to `p4cpm = Python4CPM("MyApp")`.
+- Remove any secrets prompting or interactive interruptions.
+- Remove the import of `TPCHelper`.

python4cpm-1.0.10/src/python4cpm.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+LICENSE
+README.md
+pyproject.toml
+src/python4cpm/__init__.py
+src/python4cpm/python4cpm.py
+src/python4cpm/tpchelper.py
+src/python4cpm.egg-info/PKG-INFO
+src/python4cpm.egg-info/SOURCES.txt
+src/python4cpm.egg-info/dependency_links.txt
+src/python4cpm.egg-info/requires.txt
+src/python4cpm.egg-info/top_level.txt
+tests/tests.py

python4cpm-1.0.10/src/python4cpm.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

python4cpm-1.0.10/src/python4cpm.egg-info/requires.txt

@@ -0,0 +1,3 @@
+
+[dev]
+ruff

python4cpm-1.0.10/src/python4cpm.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+plugin
+python4cpm

python4cpm-1.0.10/tests/tests.py

@@ -0,0 +1,181 @@
+from python4cpm import Python4CPM, Secrets, Args, TPCHelper
+from configparser import ConfigParser
+import json
+import pytest
+import os
+import sys
+
+
+def get_prompts_and_inputs():
+    file_dir = os.path.dirname(__file__)
+    inputs_path = os.path.join(file_dir, "inputs.json")
+    with open(inputs_path, "r") as f:
+        inputs = json.load(f)
+    root_dir = os.path.dirname(file_dir)
+    prompts_file = os.path.join(root_dir, "src", "plugin", "Python4CPMPrompts.ini")
+    _prompts = ConfigParser()
+    _prompts.read(prompts_file)
+    prompts = _prompts["conditions"]
+    return inputs, prompts
+
+
+INPUTS, PROMPTS = get_prompts_and_inputs()
+ARGS = [
+    "", # sys.argv[0] is ignored by argparse
+    f"--{Args.ARGS[1]}={INPUTS['address']}",
+    f"--{Args.ARGS[2]}={INPUTS['username']}",
+    f"--{Args.ARGS[3]}={INPUTS['logon_username']}",
+    f"--{Args.ARGS[4]}={INPUTS['reconcile_username']}"
+]
+LOGGING = ["yes", "YES", "bad"]
+LOGGING_LEVELS = ["info", "debug", "DEBUG", "bad"]
+ARGS_PARAMS = [
+    (action, logging, logging_level)
+    for logging in LOGGING
+    for logging_level in LOGGING_LEVELS
+    for action in Python4CPM._VALID_ACTIONS
+]
+INPUTS_WITHOUT_NEW_PASSWORD = [
+    INPUTS[Secrets.SECRETS[0]],
+    INPUTS[Secrets.SECRETS[1]],
+    INPUTS[Secrets.SECRETS[2]],
+    ""
+]
+INPUTS_WITH_NEW_PASSWORD = [
+    INPUTS[Secrets.SECRETS[0]],
+    INPUTS[Secrets.SECRETS[1]],
+    INPUTS[Secrets.SECRETS[2]],
+    INPUTS[Secrets.SECRETS[3]]
+]
+ACTIONS_WITH_NEW_PASSWORD = (
+    Python4CPM.ACTION_CHANGE,
+    Python4CPM.ACTION_RECONCILE
+)
+ACTIONS_WITHOUT_NEW_PASSWORD = (
+    Python4CPM.ACTION_VERIFY,
+    Python4CPM.ACTION_LOGON,
+    Python4CPM.ACTION_PRERECONCILE
+)
+INPUT_PROMPTS = [
+    PROMPTS["SetPasswordPrompt"],
+    PROMPTS["SetLogonPasswordPrompt"],
+    PROMPTS["SetReconcilePasswordPronmpt"],
+    PROMPTS["SetNewPasswordPrompt"]
+]
+SUCCESS_PROMPT_FROM_INI = PROMPTS["SuccessPrompt"]
+FAILED_RECOVERABLE_PROMPT_FROM_INI = PROMPTS["FailedRecoverablePrompt"]
+FAILED_UNRECOVERABLE_PROMPT_FROM_INI = PROMPTS["FailedUnrecoverablePrompt"]
+CLOSE_SIGNALS = [
+    Python4CPM._SUCCESS_PROMPT,
+    Python4CPM._FAILED_RECOVERABLE_PROMPT,
+    Python4CPM._FAILED_UNRECOVERABLE_PROMPT
+]
+
+
+class InputHandler:
+    def __init__(self, inputs):
+        self.iter_inputs = iter(inputs)
+
+    def __call__(self, prompt):
+        print(prompt)
+        return next(self.iter_inputs)
+
+
+@pytest.mark.parametrize("action,logging,logging_level", ARGS_PARAMS)
+def test_main(action, logging, logging_level,  monkeypatch):
+    args = ARGS + [
+        f"--action={action}",
+        f"--logging={logging}",
+        f"--logging_level={logging_level}"
+    ]
+    print(f"arguments -> {args}")
+    monkeypatch.setattr(sys, "argv", args)
+    if action in ACTIONS_WITHOUT_NEW_PASSWORD:
+        inputs = INPUTS_WITHOUT_NEW_PASSWORD
+    elif action in ACTIONS_WITH_NEW_PASSWORD:
+        inputs = INPUTS_WITH_NEW_PASSWORD
+    print(f"inputs -> {inputs}")
+    input_handler = InputHandler(inputs)
+    monkeypatch.setattr("builtins.input", input_handler)
+    p4cpm = Python4CPM("PyTest")
+    for k, v in vars(p4cpm.args).items():
+        print(f"{k} -> {v}")
+    for k, v in vars(p4cpm.secrets).items():
+        print(f"{k} -> {v}")
+    assert p4cpm.args.action == action # noqa: S101
+    assert p4cpm.args.address == INPUTS["address"] # noqa: S101
+    assert p4cpm.args.username == INPUTS["username"] # noqa: S101
+    assert p4cpm.args.logon_username == INPUTS["logon_username"] # noqa: S101
+    assert p4cpm.args.reconcile_username == INPUTS["reconcile_username"] # noqa: S101
+    assert p4cpm.args.logging == logging # noqa: S101
+    assert p4cpm.args.logging_level == logging_level # noqa: S101
+    assert p4cpm.secrets.password.get() == INPUTS["password"] # noqa: S101
+    assert p4cpm.secrets.logon_password.get() == INPUTS["logon_password"] # noqa: S101
+    assert p4cpm.secrets.reconcile_password.get() == INPUTS["reconcile_password"] # noqa: S101
+    assert p4cpm.secrets.new_password.get() == inputs[3] # noqa: S101
+    if logging.lower() in Python4CPM._LOGGING_ENABLED_VALUE:
+        assert p4cpm._logger # noqa: S101
+        if logging_level.lower() == LOGGING_LEVELS[1]:
+            assert p4cpm._logger.level == p4cpm._LOGGING_LEVELS[LOGGING_LEVELS[1]] # noqa: S101
+        else:
+            assert p4cpm._logger.level == p4cpm._LOGGING_LEVELS[LOGGING_LEVELS[0]] # noqa: S101
+    else:
+            assert p4cpm._logger is None # noqa: S101
+
+
+@pytest.mark.parametrize("close", CLOSE_SIGNALS)
+def test_prompts(close, monkeypatch, capsys):
+    args = ARGS + ["--action=verifypass", "--logging=no"]
+    monkeypatch.setattr(sys, "argv", args)
+    input_handler = InputHandler(INPUTS_WITH_NEW_PASSWORD)
+    monkeypatch.setattr("builtins.input", input_handler)
+    p4cpm = Python4CPM("PyTest")
+    if close == CLOSE_SIGNALS[0]:
+        with pytest.raises(SystemExit) as e:
+            p4cpm.close_success()
+        assert e.value.code == 0 # noqa: S101
+        close_prompt = SUCCESS_PROMPT_FROM_INI
+    elif close == CLOSE_SIGNALS[1]:
+        with pytest.raises(SystemExit) as e:
+            p4cpm.close_fail()
+        assert e.value.code == 1 # noqa: S101
+        close_prompt = FAILED_RECOVERABLE_PROMPT_FROM_INI
+    elif close == CLOSE_SIGNALS[2]:
+        with pytest.raises(SystemExit) as e:
+            p4cpm.close_fail(unrecoverable=True)
+        assert e.value.code == 1 # noqa: S101
+        close_prompt = FAILED_UNRECOVERABLE_PROMPT_FROM_INI
+    prompts = INPUT_PROMPTS + [close_prompt]
+    out = capsys.readouterr().out.splitlines()
+    assert out == prompts # noqa: S101
+
+
+def test_tpc_helper():
+    action = Python4CPM.ACTION_VERIFY
+    logging = LOGGING[0]
+    logging_level = LOGGING_LEVELS[0]
+    p4cpm = TPCHelper.run(
+        action=action,
+        address=INPUTS["address"],
+        username=INPUTS["username"],
+        logon_username=INPUTS["logon_username"],
+        reconcile_username=INPUTS["reconcile_username"],
+        logging=logging,
+        logging_level=logging_level,
+        password=INPUTS["password"],
+        logon_password=INPUTS["logon_password"],
+        reconcile_password=INPUTS["reconcile_password"],
+        new_password=INPUTS["new_password"]
+    )
+    assert isinstance(p4cpm, Python4CPM) # noqa: S101
+    assert p4cpm.args.action == action # noqa: S101
+    assert p4cpm.args.address == INPUTS["address"] # noqa: S101
+    assert p4cpm.args.username == INPUTS["username"] # noqa: S101
+    assert p4cpm.args.logon_username == INPUTS["logon_username"] # noqa: S101
+    assert p4cpm.args.reconcile_username == INPUTS["reconcile_username"] # noqa: S101
+    assert p4cpm.args.logging == logging # noqa: S101
+    assert p4cpm.args.logging_level == logging_level # noqa: S101
+    assert p4cpm.secrets.password.get() == INPUTS["password"] # noqa: S101
+    assert p4cpm.secrets.logon_password.get() == INPUTS["logon_password"] # noqa: S101
+    assert p4cpm.secrets.reconcile_password.get() == INPUTS["reconcile_password"] # noqa: S101
+    assert p4cpm.secrets.new_password.get() == INPUTS["new_password"] # noqa: S101