pyxecm 2.0.2__py3-none-any.whl → 2.0.3__py3-none-any.whl

pyxecm/customizer/customizer.py

@@ -12,7 +12,6 @@ import sys
 import tempfile
 import time
 from datetime import datetime, timezone
-from typing import TYPE_CHECKING
 
 import requests
 
@@ -20,15 +19,12 @@ import requests
 import yaml
 from pydantic import HttpUrl
 
-from pyxecm import AVTS, OTAC, OTAWP, OTCS, OTDS, OTIV, OTPD, CoreShare
+from pyxecm import AVTS, OTAC, OTAWP, OTCA, OTCS, OTDS, OTIV, OTKD, OTPD, CoreShare
 from pyxecm.customizer.k8s import K8s
 from pyxecm.customizer.m365 import M365
 from pyxecm.customizer.payload import Payload
 from pyxecm.customizer.settings import Settings
 
-if TYPE_CHECKING:
-    from pyxecm.customizer.browser_automation import BrowserAutomation
-
 default_logger = logging.getLogger("pyxecm.customizer")
 
 
@@ -71,8 +67,9 @@ class Customizer:
         self.k8s_object: K8s | None = None
         self.m365_object: M365 | None = None
         self.core_share_object: CoreShare | None = None
-        self.browser_automation_object: BrowserAutomation | None = None
         self.otawp_object: OTAWP | None = None
+        self.otca_object: OTCA | None = None
+        self.otkd_object: OTKD | None = None
         self.avts_object: AVTS | None = None
 
     # end initializer
@@ -383,8 +380,87 @@ class Customizer:
 
     # end method definition
 
+    def init_otca(self) -> OTCA:
+        """Initialize the Content Aviator object we use to talk to the CSAI REST API.
+
+        Args:
+            None
+
+        Returns:
+            OTCA object:
+                Content Aviator object or None if the object couldn't be created or
+                the authentication fails.
+
+        """
+
+        self.logger.info(
+            "Content Aviator Chat URL  = %s",
+            self.settings.aviator.chat_svc_url,
+        )
+        self.logger.info(
+            "Content Aviator Embed URL = %s",
+            self.settings.aviator.embed_svc_url,
+        )
+        self.logger.info(
+            "Content Aviator Client ID = %s",
+            self.settings.aviator.oauth_client,
+        )
+        self.logger.debug(
+            "Content Aviator Client Secret = %s",
+            self.settings.aviator.oauth_secret,
+        )
+
+        return OTCA(
+            chat_url=str(self.settings.aviator.chat_svc_url),
+            embed_url=str(self.settings.aviator.embed_svc_url),
+            client_id=self.settings.avts.client_id,
+            client_secret=self.settings.avts.client_secret,
+            otds_url=str(self.settings.otds.url),
+            otcs_object=self.otcs_backend_object,
+            logger=self.logger,
+        )
+
+    # end method definition
+
+    def init_otkd(self) -> OTKD:
+        """Initialize the Knowledge Discovery object we use to talk to the Nifi REST API.
+
+        Args:
+            None
+
+        Returns:
+            OTKD object:
+                Knowledge Discovery (Nifi) object or None if the object couldn't be created or
+                the authentication fails.
+
+        """
+
+        self.logger.info(
+            "Knowledge Discovery Nifi URL  = %s",
+            self.settings.otkd.url,
+        )
+        self.logger.info(
+            "Knowledge Discovery User Name = %s",
+            self.settings.otkd.username,
+        )
+        self.logger.debug(
+            "Knowledge Discovery Password = %s",
+            self.settings.otkd.password.get_secret_value(),
+        )
+
+        return OTKD(
+            protocol=self.settings.otkd.url.scheme,
+            hostname=self.settings.otkd.url.host,
+            port=self.settings.otkd.url.port,
+            username=self.settings.otkd.username,
+            password=self.settings.otkd.password.get_secret_value(),
+            logger=self.logger,
+        )
+
+    # end method definition
+
     def init_avts(self) -> AVTS:
-        """Initialize the Core Share object we use to talk to the Core Share API.
+        """Initialize the Aviator Search object we use to talk to the REST API.
 
         Args:
             None
@@ -418,7 +494,7 @@ class Customizer:
         )
         self.logger.debug(
             "Aviator Search User Password = %s",
-            self.settings.avts.password,
+            self.settings.avts.password.get_secret_value(),
         )
 
         return AVTS(
@@ -426,7 +502,7 @@ class Customizer:
             client_id=self.settings.avts.client_id,
             client_secret=self.settings.avts.client_secret,
             username=self.settings.avts.username,
-            password=self.settings.avts.password,
+            password=self.settings.avts.password.get_secret_value(),
             otds_url=str(self.settings.otds.url),
             logger=self.logger,
         )
@@ -467,7 +543,11 @@ class Customizer:
         )
         self.logger.debug(
             "Core Share Password             = %s",
-            (self.settings.coreshare.password if self.settings.coreshare.password != "" else "<not configured>"),
+            (
+                self.settings.coreshare.password.get_secret_value()
+                if self.settings.coreshare.password.get_secret_value() != ""
+                else "<not configured>"
+            ),
         )
 
         core_share_object = CoreShare(
@@ -591,7 +671,7 @@ class Customizer:
         self.logger.info("OTDS Public URL        = %s", self.settings.otds.url.host)
         self.logger.info("OTDS Public Port       = %s", self.settings.otds.url.port)
         self.logger.info("OTDS Admin User        = %s", self.settings.otds.username)
-        self.logger.debug("OTDS Admin Password   = %s", self.settings.otds.password)
+        self.logger.debug("OTDS Admin Password   = %s", self.settings.otds.password.get_secret_value())
         self.logger.debug("OTDS Ticket           = %s", self.settings.otds.ticket)
         self.logger.info(
             "OTDS Admin Partition   = %s",
@@ -655,7 +735,7 @@ class Customizer:
         self.logger.info("OTAC URL            = %s", str(self.settings.otac.url))
         self.logger.info("OTAC URL internal   = %s", str(self.settings.otac.url_internal))
         self.logger.info("OTAC Admin User     = %s", self.settings.otac.username)
-        self.logger.debug("OTAC Admin Password = %s", self.settings.otac.password)
+        self.logger.debug("OTAC Admin Password = %s", self.settings.otac.password.get_secret_value())
         self.logger.info(
             "OTAC Known Server   = %s",
             (self.settings.otac.known_server if self.settings.otac.known_server != "" else "<not configured>"),
@@ -752,7 +832,7 @@ class Customizer:
         self.logger.info("OTCS Admin User            = %s", self.settings.otcs.username)
         self.logger.debug(
             "OTCS Admin Password        = %s",
-            self.settings.otcs.password,
+            self.settings.otcs.password.get_secret_value(),
         )
         self.logger.info(
             "OTCS User Partition        = %s",
@@ -972,7 +1052,7 @@ class Customizer:
             self.settings.otpd.url.host,
             self.settings.otpd.url.port,
             self.settings.otpd.username,
-            self.settings.otpd.password,
+            self.settings.otpd.password.get_secret_value(),
             logger=self.logger,
         )
 
@@ -1026,13 +1106,13 @@ class Customizer:
             self.settings.otawp.access_role_name,
         )
         self.logger.info("OTAWP Admin User       = %s", self.settings.otawp.username)
-        self.logger.debug("OTAWP Password         = %s", self.settings.otawp.password)
+        self.logger.debug("OTAWP Password         = %s", self.settings.otawp.password.get_secret_value())
         self.logger.info("OTAWP Organization     = %s", self.settings.otawp.organization)
         self.logger.info("OTAWP K8s Stateful Set = %s", self.settings.k8s.sts_otawp)
         self.logger.info("OTAWP K8s Config Map   = %s", self.settings.k8s.cm_otawp)
 
         self.logger.info(
-            "Wait for OTCS to create its OTDS resource with name -> '%s'...",
+            "Wait for OTCS to create its OTDS resource -> '%s'...",
             self.settings.otcs.resource_name,
         )
 
@@ -1472,7 +1552,7 @@ class Customizer:
             )
             self.k8s_object.update_ingress_backend_services(
                 self.settings.k8s.ingress_otxecm,
-                "otcs",
+                self.settings.otcs.url.host,
                 self.settings.k8s.maintenance_service_name,
                 self.settings.k8s.maintenance_service_port,
             )
@@ -1489,7 +1569,7 @@ class Customizer:
             )
             self.k8s_object.update_ingress_backend_services(
                 self.settings.k8s.ingress_otxecm,
-                "otcs",
+                self.settings.otcs.url.host,
                 self.settings.otcs.url_frontend.host,
                 self.settings.otcs.url_frontend.port,
             )
@@ -1620,11 +1700,31 @@ class Customizer:
             self.logger.info("Microsoft 365 is disabled or credentials are missing.")
             self.m365_object = None
 
+        if self.settings.aviator.enabled:
+            self.log_header("Initialize Content Aviator")
+            self.otca_object = self.init_otca()
+            if not self.otca_object:
+                self.logger.error("Failed to initialize Content Aviator!")
+                return False
+        else:
+            self.logger.info("Content Aviator is disabled.")
+            self.otca_object = None
+
+        if self.settings.otkd.enabled:
+            self.log_header("Initialize Knowledge Discovery")
+            self.otkd_object = self.init_otkd()
+            if not self.otkd_object:
+                self.logger.error("Failed to initialize Knowledge Discovery!")
+                return False
+        else:
+            self.logger.info("Knowledge Discovery is disabled.")
+            self.otkd_object = None
+
         if self.settings.avts.enabled:
             self.log_header("Initialize Aviator Search")
             self.avts_object = self.init_avts()
             if not self.avts_object:
-                self.logger.error("Failed to initialize Aviator Search")
+                self.logger.error("Failed to initialize Aviator Search!")
                 return False
         else:
             self.logger.info("Aviator Search is disabled.")
@@ -1708,7 +1808,6 @@ class Customizer:
                 otpd_object=self.otpd_object,
                 m365_object=self.m365_object,
                 core_share_object=self.core_share_object,
-                browser_automation_object=self.browser_automation_object,
                 browser_headless=self.settings.headless_browser,
                 placeholder_values=self.settings.placeholder_values,  # this dict includes placeholder replacements for the Ressource IDs of OTAWP and OTCS
                 log_header_callback=self.log_header,
@@ -1716,6 +1815,8 @@ class Customizer:
                 aviator_enabled=self.settings.aviator.enabled,
                 upload_status_files=self.settings.otcs.upload_status_files,
                 otawp_object=self.otawp_object,
+                otca_object=self.otca_object,
+                otkd_object=self.otkd_object,
                 avts_object=self.avts_object,
                 logger=self.logger,
             )
@@ -1736,7 +1837,7 @@ class Customizer:
 
             # Upload payload file for later review to Enterprise Workspace
             if self.settings.otcs.upload_config_files:
-                self.log_header("Upload Payload file to Extended ECM")
+                self.log_header("Upload Payload file to OpenText Content Management")
                 response = self.otcs_backend_object.get_node_from_nickname(
                     nickname=self.settings.cust_target_folder_nickname,
                 )
@@ -1845,7 +1946,7 @@ class Customizer:
         # Upload log file for later review to "Deployment" folder
         # in "Administration" folder in OTCS Enterprise volume:
         if os.path.exists(self.settings.cust_log_file) and self.settings.otcs.upload_log_file:
-            self.log_header("Upload log file to Extended ECM")
+            self.log_header("Upload log file to OpenText Content Management")
             response = self.otcs_backend_object.get_node_from_nickname(
                 nickname=self.settings.cust_target_folder_nickname,
             )

pyxecm/customizer/guidewire.py

@@ -1,6 +1,8 @@
 """Guidewire Module to interact with the Guidewire REST API ("Cloud API").
 
-See: https://www.guidewire.com/de/developers/apis/cloud-apis
+See:
+https://www.guidewire.com/de/developers/apis/cloud-apis
+https://docs.guidewire.com/cloud/pc/202407/apiref/
 """
 
 __author__ = "Dr. Marc Diefenbruch"
@@ -41,16 +43,18 @@ class Guidewire:
     _config: dict
     _scope = None
     _access_token = None
+    logger: logging.Logger = default_logger
 
     def __init__(
         self,
         base_url: str,
-        auth_type: str,
+        auth_type: str = "",
         client_id: str = "",
         client_secret: str = "",
         username: str = "",
         password: str = "",
         scope: str = "",
+        token_url: str = "",
         logger: logging.Logger = default_logger,
     ) -> None:
         """Initialize the Guidewire API client.
@@ -60,16 +64,31 @@ class Guidewire:
                 The base URL of the Guidewire Cloud API.
             auth_type (str):
                 The authorization type, either "oauth" or "basic".
-            client_id (str):
-                The Client ID for authentication (optional, required for client credential flow).
-            client_secret (str):
-                The Client Secret for authentication (optional, required for client credential flow).
-            username (str):
-                The username for authentication (optional, required for password-based authentication).
-            password (str):
-                The password for authentication (optional, required for password-based authentication).
-            scope (str):
-                The OAuth2 scope (optional).
+            client_id (str, optional):
+                The Client ID for authentication (required for client credential flow).
+            client_secret (str, optional):
+                The Client Secret for authentication (required for client credential flow).
+            username (str, optional):
+                The username for authentication (required for password-based authentication).
+            password (str, optional):
+                The password for authentication (required for password-based authentication).
+            scope (str, optional):
+                The OAuth2 scope(s). Multiple scopes needs to be separated by spaces.
+                Typical scopes for Guidewire:
+                    "grantedAuthorities",
+                    "groups",
+                    "openid",
+                    "profile",
+                    "email",
+                    "address",
+                    "phone",
+                    "offline_access",
+                    "device_sso"
+                You can get the IDP configuration via the IDP URL - like this for OKTA:
+                https://guidewire-hub.okta.com/oauth2/default/.well-known/openid-configuration
+            token_url (str, optional):
+                If native OAuth2 is not enabled in Guidewire but an external IDP (like OKTA) ist used
+                then the IDP token URL can to be provided via this parameter.
             logger:
                 The logging object used for all log messages. Default is default_logger.
 
@@ -91,7 +110,11 @@ class Guidewire:
         guidewire_config["username"] = username
         guidewire_config["password"] = password
         guidewire_config["restUrl"] = guidewire_config["baseUrl"] + "/rest"  # "/api/v1"
-        guidewire_config["tokenUrl"] = guidewire_config["restUrl"] + "/oauth2/token"
+        #        guidewire_config["tokenUrl"] = guidewire_config["restUrl"] + "/oauth2/token"
+        if token_url:
+            guidewire_config["tokenUrl"] = token_url
+        else:
+            guidewire_config["tokenUrl"] = guidewire_config["baseUrl"] + "/oauth2/token"
 
         guidewire_config["adminUrl"] = guidewire_config["restUrl"] + "/admin/v1"
         guidewire_config["claimUrl"] = guidewire_config["restUrl"] + "/claim/v1"
@@ -116,11 +139,11 @@ class Guidewire:
 
     # end method definition
 
-    def authenticate(self, auth_type: str) -> HTTPBasicAuth | str | None:
+    def authenticate(self, auth_type: str | None = None) -> HTTPBasicAuth | str | None:
         """Authenticate with the Guidewire API using either client credentials or username/password.
 
         Args:
-            auth_type (str):
+            auth_type (str | None):
                 The Authorization type. This can be "basic" or "oauth".
 
         Returns:
@@ -129,7 +152,11 @@ class Guidewire:
 
         """
 
-        self._session.headers.update(self.request_header())
+        header = self.request_header()
+        self._session.headers.update(header)
+
+        if auth_type is None:
+            auth_type = self.config()["authType"]
 
         if auth_type == "basic":
             username = self.config()["username"]
@@ -141,13 +168,21 @@ class Guidewire:
 
         request_url = self.config()["tokenUrl"]
 
-        if self.config()["clientId"] and self.config()["clientSecret"]:
-            auth_data = {
-                "grant_type": "client_credentials",
-                "client_id": self.config()["clientId"],
-                "client_secret": self.config()["clientSecret"],
-            }
-        elif self.config()["username"] and self.config()["password"]:
+        # Check if both Resource Owner credentials (username/password) AND client credentials (clientId/clientSecret) are provided
+        if (
+            self.config()["username"]
+            and self.config()["password"]
+            and self.config()["clientId"]
+            and self.config()["clientSecret"]
+        ):
+            # Use the OAuth2 "Resource Owner Password Credentials Grant" (ROPC)
+            # This flow is suitable when the application has direct access to the user's credentials (e.g., in highly trusted apps).
+            # It's generally discouraged in modern apps due to security concerns.
+            # Required parameters:
+            # - grant_type: must be "password"
+            # - username: the resource owner (user)'s username
+            # - password: the resource owner (user)'s password
+            # - client_id/client_secret: the app's credentials issued by the authorization server
             auth_data = {
                 "grant_type": "password",
                 "username": self.config()["username"],
@@ -155,17 +190,39 @@ class Guidewire:
                 "client_id": self.config()["clientId"],  # Required for some OAuth2 flows
                 "client_secret": self.config()["clientSecret"],  # Required for some OAuth2 flows
             }
+        # If only clientId and clientSecret are provided, use the Client Credentials Grant
+        elif self.config()["clientId"] and self.config()["clientSecret"]:
+            # Use the OAuth2 "Client Credentials Grant"
+            # This flow is used when the application (client) is acting on its own behalf, not on behalf of a user.
+            # Suitable for service-to-service interactions or background jobs (no user context).
+            # Required parameters:
+            # - grant_type: must be "client_credentials"
+            # - client_id/client_secret: the app's credentials issued by the authorization server
+            auth_data = {
+                "grant_type": "client_credentials",
+                "client_id": self.config()["clientId"],
+                "client_secret": self.config()["clientSecret"],
+            }
+        # If neither of the above combinations is satisfied, authentication can't proceed
         else:
+            # Log an error if required credentials are missing
+            # Either username/password AND client credentials (for ROPC)
+            # OR just client credentials (for Client Credentials Grant)
             self.logger.error("Authentication requires either client credentials or username/password.")
             return False
 
         if self._scope:
             auth_data["scope"] = self._scope
 
-        response = requests.post(request_url, data=auth_data)
-        if response.status_code == 200:
-            self.token = response.json().get("access_token")
-            return True
+        try:
+            response = requests.post(request_url, data=auth_data)
+            if response.status_code == 200:
+                self.token = response.json().get("access_token")
+                return True
+            else:
+                self.logger.error("OAuth2 authentication failed: %s - %s", response.status_code, response.text)
+        except requests.RequestException as e:
+            self.logger.error("OAuth2 token request failed; error -> %s", str(e))
 
         return False
 
@@ -190,10 +247,7 @@ class Guidewire:
             "Content-Type": content_type,
         }
 
-        if self.config()["authType"] == "oauth":
-            if not self._access_token:
-                self.logger.error("Authentication required. Call authenticate() first.")
-                return None
+        if self.config()["authType"] == "oauth" and self._access_token:
             request_header["Authorization"] = ("Bearer {}".format(self._access_token),)
 
         return request_header
@@ -717,7 +771,7 @@ class Guidewire:
         """Retrieve details of a specific user.
 
         Args:
-            user_id:
+            user_id (str):
                 The unique identifier of the group.
 
         Returns:
@@ -785,9 +839,9 @@ class Guidewire:
         """Update an existing user.
 
         Args:
-            user_id:
+            user_id (str):
                 The unique identifier of the user.
-            user_data:
+            user_data (dict):
                 Dictionary containing updated user information.
 
         Returns:
@@ -888,6 +942,48 @@ class Guidewire:
             for account in accounts:
                 logger.info("Traversing Guidewire account -> '%s'...", account.get("attributes", {}).get("displayName"))
 
+        Args:
+            fields (list):
+                The list of fields in the results. If None, all default
+                fields are returned.
+                Fields for Guidewire accounts:
+                - *all = return all fields
+                - *default = return just the default list of fields
+                - *summary = return the fields defined for giving a summary
+                - *detail = details
+                - accountNumber
+                - accountHolder
+                - accountStatus
+                - businessOperationsDescription
+                - createdDate
+                - frozen
+                - id
+                - industryCode
+                - organizationType
+                - preferredCoverageCurrency
+                - preferredSettlementCurrency
+                - primaryLanguage
+                - primaryLocale
+                - primaryLocation
+                - producerCodes
+            filters (list):
+                List of dictionaries with three keys each:
+                - "attribute" - name of the attribute to use for the filter (available attributes see above)
+                - "op" - operator:
+                    * eq - equal
+                    * ne - not equal
+                    * lt - less than - also usable for dates (before)
+                    * gt - greater than - also usable for dates (after)
+                    * le - less or equal
+                    * ge - greater or equal
+                    * in - is in list
+                    * ni - is NOT in list
+                    * sw - starts with
+                    * cn - contains
+                - "value": the filue to filter for. Either literal or list of values
+            page_size (int, optional):
+                The maximum number of groups to return.
+
         Returns:
             iter:
                 A generator yielding one Guidewire account per iteration.
@@ -1007,6 +1103,7 @@ class Guidewire:
     ) -> dict | None:
         """Retrieve a list of claims.
 
+        Args:
             fields (list):
                 The list of fields in the results. If None, all default
                 fields are returned.
@@ -1075,6 +1172,42 @@ class Guidewire:
             for claim in claims:
                 logger.info("Traversing Guidewire claim -> '%s'...", claim.get("attributes", {}).get("displayName"))
 
+        Args:
+            fields (list):
+                The list of fields in the results. If None, all default
+                fields are returned.
+                Fields for Guidewire accounts:
+                - *all = return all fields
+                - *default = return just the default list of fields
+                - *summary = return the fields defined for giving a summary
+                - *detail = details
+                - displayName
+                - groupType
+                - id
+                - loadFactor
+                - name
+                - organization
+                - parent
+                - securityZone
+                - supervisor
+            filters (list):
+                List of dictionaries with three keys each:
+                - "attribute" - name of the attribute to use for the filter (available attributes see above)
+                - "op" - operator:
+                    * eq - equal
+                    * ne - not equal
+                    * lt - less than - also usable for dates (before)
+                    * gt - greater than - also usable for dates (after)
+                    * le - less or equal
+                    * ge - greater or equal
+                    * in - is in list
+                    * ni - is NOT in list
+                    * sw - starts with
+                    * cn - contains
+                - "value": the value to filter for. Either literal or list of values
+            page_size (int, optional):
+                The maximum number of groups to return.
+
         Returns:
             iter:
                 A generator yielding one Guidewire claim per iteration.
@@ -1111,7 +1244,7 @@ class Guidewire:
         """Retrieve details of a specific claim.
 
         Args:
-            claim_id:
+            claim_id (str):
                 The unique identifier of the claim.
 
         Returns:
@@ -1149,9 +1282,9 @@ class Guidewire:
         """Update an existing claim.
 
         Args:
-            claim_id:
+            claim_id (str):
                 The unique identifier of the claim.
-            claim_data:
+            claim_data (dict):
                 Dictionary containing updated claim information.
 
         Returns: