remotivelabs-cli 0.5.0a1__py3-none-any.whl

remotivelabs/cli/cloud/__init__.py

@@ -0,0 +1,17 @@
+from remotivelabs.cli.cloud import auth, brokers, configs, organisations, projects, recordings, sample_recordings, service_accounts, storage
+from remotivelabs.cli.cloud.licenses.cmd import licenses
+from remotivelabs.cli.typer import typer_utils
+
+app = typer_utils.create_typer()
+
+app.command(name="licenses", help="List licenses for an organization")(licenses)
+
+app.add_typer(organisations.app, name="organizations", help="Manage organizations")
+app.add_typer(projects.app, name="projects", help="Manage projects")
+app.add_typer(auth.app, name="auth")
+app.add_typer(brokers.app, name="brokers", help="Manage cloud broker lifecycle")
+app.add_typer(recordings.app, name="recordings", help="Manage recordings")
+app.add_typer(configs.app, name="signal-databases", help="Manage signal databases")
+app.add_typer(storage.app, name="storage")
+app.add_typer(service_accounts.app, name="service-accounts", help="Manage project service account keys")
+app.add_typer(sample_recordings.app, name="samples", help="Manage sample recordings")

remotivelabs/cli/cloud/auth/__init__.py

@@ -0,0 +1,3 @@
+from remotivelabs.cli.cloud.auth.cmd import app
+
+__all__ = ["app"]

remotivelabs/cli/cloud/auth/cmd.py

@@ -0,0 +1,128 @@
+from __future__ import annotations
+
+import os
+import sys
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from remotivelabs.cli.cloud import auth_tokens
+from remotivelabs.cli.cloud.auth.login import login as do_login
+from remotivelabs.cli.settings import settings
+from remotivelabs.cli.typer import typer_utils
+from remotivelabs.cli.utils.console import print_generic_error, print_generic_message, print_success, print_unformatted
+from remotivelabs.cli.utils.rest_helper import RestHelper as Rest
+
+console = Console(stderr=False)
+
+HELP = """
+Manage how you authenticate with our cloud platform
+"""
+app = typer_utils.create_typer(help=HELP)
+
+
+@app.command(name="login")
+def login(browser: bool = typer.Option(default=True, help="Does not automatically open browser, instead shows a link")) -> None:
+    """
+    Login to the cli using browser
+
+    If not able to open a browser it will show fallback to headless login and show a link that
+    users can copy into any browser when this is unsupported where running the cli - such as in docker,
+    virtual machine or ssh sessions.
+    """
+    do_login(headless=not browser)
+
+
+@app.command()
+def whoami() -> None:
+    """
+    Validates authentication and fetches your account information
+    """
+    Rest.handle_get("/api/whoami")
+
+
+@app.command()
+def print_access_token(
+    account: str = typer.Option(None, help="Email of the account you want to print access token for, defaults to active"),
+) -> None:
+    """
+    Print current active access token or the token for the specified account
+    """
+    if not account:
+        active_token = settings.get_active_token() or os.getenv("REMOTIVE_CLOUD_ACCESS_TOKEN", None)
+        if not active_token:
+            print_generic_error("You have no active account")
+            sys.exit(1)
+
+        print_generic_message(active_token)
+        return
+
+    accounts = settings.list_accounts()
+    if account not in accounts:
+        print_generic_error(f"No account for {account} was found")
+        sys.exit(1)
+
+    token_file_name = accounts[account].credentials_file
+    token_file = settings.get_token_file(token_file_name)
+    if not token_file:
+        print_generic_error(f"Token file for {account} could not be found")
+        sys.exit(1)
+
+    print_generic_message(token_file.token)
+
+
+def print_access_token_file() -> None:
+    """
+    Print current active token and its metadata
+    """
+    active_token_file = settings.get_active_token_file()
+    if not active_token_file:
+        print_generic_error("You have no active account")
+        sys.exit(1)
+
+    print_generic_message(str(active_token_file))
+
+
+@app.command(name="deactivate")
+def deactivate() -> None:
+    """
+    Clears active account
+    """
+    settings.clear_active_account()
+    print_success("Account no longer active")
+
+
+@app.command("activate")
+def activate(token_name: str = typer.Argument(None, help="Name, filename or path to a credentials file")) -> None:
+    """
+    Set the active account
+    """
+    auth_tokens.do_activate(token_name)
+
+
+@app.command(name="list")
+def list() -> None:
+    """
+    Lists available credential files on filesystem
+
+    TODO: Support output format
+    """
+    accounts = settings.list_accounts()
+
+    table = Table("#", "Active", "Type", "Token", "Account", "Organization", "Created", "Expires")
+    for idx, (email, account) in enumerate(accounts.items(), start=1):
+        token_file = settings.get_token_file_by_email(email)
+        is_active = settings.is_active_account(email)
+
+        table.add_row(
+            f"[yellow]{idx}",
+            ":white_check_mark:" if is_active else "",
+            "unknown" if not token_file else "user" if token_file.type == "authorized_user" else "sa",
+            token_file.name if token_file else "",
+            f"[bold]{email}[/bold]",
+            account.default_organization if account.default_organization else "",
+            str(token_file.created) if token_file else "",
+            str(token_file.expires) if token_file else "",
+        )
+    print_unformatted(table)

remotivelabs/cli/cloud/auth/login.py

@@ -0,0 +1,283 @@
+from __future__ import annotations
+
+import base64
+import hashlib
+import os
+import secrets
+import sys
+import time
+import webbrowser
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from threading import Thread
+from typing import Any, Optional, Tuple
+from urllib.parse import parse_qs, urlparse
+
+import typer
+from typing_extensions import override
+
+from remotivelabs.cli.cloud.auth_tokens import do_activate, prompt_to_set_org
+from remotivelabs.cli.settings import settings
+from remotivelabs.cli.settings.token_file import TokenFile
+from remotivelabs.cli.utils.console import print_generic_error, print_newline, print_success, print_unformatted, print_url
+from remotivelabs.cli.utils.rest_helper import RestHelper as Rest
+
+httpd: HTTPServer
+
+
+def generate_pkce_pair() -> Tuple[str, str]:
+    """
+    PKCE is used for all cli login flows, both headless and browser.
+    """
+    code_verifier_ = secrets.token_urlsafe(64)  # High-entropy string
+    code_challenge_ = base64.urlsafe_b64encode(hashlib.sha256(code_verifier_.encode("ascii")).digest()).rstrip(b"=").decode("ascii")
+    return code_verifier_, code_challenge_
+
+
+code_verifier, code_challenge = generate_pkce_pair()
+state = secrets.token_urlsafe(16)
+
+short_lived_token = None
+
+
+class S(BaseHTTPRequestHandler):
+    def _set_response(self) -> None:
+        self.send_response(200)
+        self.send_header("Content-type", "text/html")
+        self.end_headers()
+
+    @override
+    def log_message(self, format: Any, *args: Any) -> None:
+        return
+
+    # Please do not change this into lowercase!
+    @override
+    def do_GET(self) -> None:  # type: ignore # noqa: PLR0912
+        self._set_response()
+
+        parsed_url = urlparse(self.path)
+
+        # Get query parameters as a dict
+        query_params = parse_qs(parsed_url.query)
+
+        # Example: Get the value of the "error" parameter if it exists
+        error_value = query_params.get("error", [None])[0]
+        path = self.path
+        auth_code = path[1:]  # Remotive /
+        time.sleep(1)
+        httpd.server_close()
+
+        killerthread = Thread(target=httpd.shutdown)
+        killerthread.start()
+        if error_value is None:
+            res = Rest.handle_get(
+                f"/api/open/token?code={auth_code}&code_verifier={code_verifier}",
+                return_response=True,
+                skip_access_token=True,
+                allow_status_codes=[401, 400],
+            )
+            if res.status_code != 200:
+                print_generic_error(
+                    "Failed to fetch token. Please try again, if the problem persists please reach out to support@remotivelabs.com"
+                )
+                self.wfile.write(
+                    "Failed to fetch token. Please try again, if the problem persists please reach out to support@remotivelabs.com".encode(
+                        "utf-8"
+                    )
+                )
+                sys.exit(1)
+
+            # TODO - This is written before we are done...
+            self.wfile.write(
+                """Successfully setup CLI, you may close this window now. Return to your terminal to continue""".encode("utf-8")
+            )
+            access_token = res.json()["access_token"]
+            global short_lived_token  # noqa: PLW0603
+            short_lived_token = access_token
+
+        else:
+            if error_value == "no_consent":
+                self.wfile.write(
+                    """
+                Authorization was cancelled.<br/>
+                To use RemotiveCLI, you need to grant access to your RemotiveCloud account.
+                <br/><br/>
+                Run `remotive cloud auth login` to try again.
+                """.encode("utf-8")
+                )
+                print_generic_error("You did not grant access to RemotiveCloud, login aborted")
+            elif error_value == "user_not_exists":
+                self.wfile.write(
+                    """
+                It seems like you do not have an account at RemotiveCloud with that user<br/>
+                To use RemotiveCLI you must first sign up at <a href="https://cloud.remotivelabs.com">cloud.remotivelabs.com</a>
+                and approve our agreements.<br/>
+                <br/><br/>
+                Once you are signed up, Run `remotive cloud auth login` again.
+                """.encode("utf-8")
+                )
+                print_generic_error(
+                    "To use RemotiveCLI you must first sign up at https://cloud.remotivelabs.com and approve our agreements"
+                )
+            else:
+                self.wfile.write(f"Unknown error {error_value}, please contact support@remotivelabs.com".encode("utf-8"))
+                print_generic_error(f"Unexpected error {error_value}, please contact support@remotivelabs.com")
+            sys.exit(1)
+
+
+def prepare_local_webserver(server_class: type = HTTPServer, handler_class: type = S, port: Optional[int] = None) -> None:
+    if port is None:
+        env_val = os.getenv("REMOTIVE_LOGIN_CALLBACK_PORT" or "")
+        port = int(env_val) if env_val and env_val.isdigit() else 0
+
+    server_address = ("", port)
+    global httpd  # noqa: PLW0603
+    httpd = server_class(server_address, handler_class)
+
+
+def create_personal_token() -> None:
+    response = Rest.handle_post(
+        url="/api/me/keys",
+        return_response=True,
+        access_token=short_lived_token,
+        # TODO - add body with alias
+    )
+    token = response.json()
+    email = token["account"]["email"]
+    existing_file = settings.get_token_file_by_email(email=email)
+    if existing_file is not None:
+        res = Rest.handle_patch(
+            f"/api/me/keys/{existing_file.name}/revoke",
+            quiet=True,
+            access_token=short_lived_token,
+            allow_status_codes=[400, 404],
+        )
+        if res is not None and res.status_code == 204:
+            Rest.handle_delete(
+                f"/api/me/keys/{existing_file.name}",
+                quiet=True,
+                access_token=short_lived_token,
+            )
+        settings.remove_token_file(existing_file.name)
+
+    settings.add_personal_token(response.text, activate=True)
+
+    print_success("Logged in")
+
+
+def _do_prompt_to_use_existing_credentials() -> Optional[TokenFile]:
+    token_files = settings.list_personal_token_files()
+    if len(token_files) > 0:
+        should_select_token = typer.confirm(
+            "You have credentials available already, would you like to choose one of these instead?", default=True
+        )
+        if should_select_token:
+            token = do_activate(token_name=None)
+            if token is not None:
+                return token
+            # TODO - fix so this is not needed
+            sys.exit(0)
+    return None
+
+
+def login(headless: bool = False) -> bool:  # noqa: C901, PLR0915
+    """
+    Initiate login
+    """
+
+    newly_activated_token_file = _do_prompt_to_use_existing_credentials()
+    if newly_activated_token_file:
+        return True
+
+    prepare_local_webserver()
+
+    def force_use_webserver_callback() -> bool:
+        env_val = os.getenv("REMOTIVE_LOGIN_FORCE_CALLBACK" or "no")
+        if env_val and env_val == "yes":
+            return True
+        return False
+
+    def login_with_callback_but_copy_url() -> None:
+        """
+        This will print a url the will trigger a callback later so the webserver must be up and running.
+        """
+        print_unformatted("Copy the following link in a browser to login to cloud, and complete the sign-in prompts:")
+        print_newline()
+
+        url = (
+            f"{Rest.get_base_frontend_url()}/login"
+            f"?state={state}"
+            f"&cli_version={Rest.get_cli_version()}"
+            f"&response_type=code"
+            f"&code_challenge={code_challenge}"
+            f"&redirect_uri=http://localhost:{httpd.server_address[1]}"
+        )
+        print_url(url)
+        httpd.serve_forever()
+
+    def login_headless() -> None:
+        """
+        Full headless, opens a browser and expects a auth code to be entered and exchanged for the token
+        """
+        print_unformatted("Copy the following link in a browser to login to cloud, and complete the sign-in prompts:")
+        print_newline()
+
+        url = (
+            f"{Rest.get_base_frontend_url()}/login"
+            f"?state={state}"
+            f"&cli_version={Rest.get_cli_version()}"
+            f"&response_type=code"
+            f"&code_challenge={code_challenge}"
+        )
+        print_url(url)
+
+        code = typer.prompt(
+            "Once finished, enter the verification code provided in your browser",
+            hide_input=False,
+        )
+        res = Rest.handle_get(
+            f"/api/open/token?code={code}&code_verifier={code_verifier}",
+            return_response=True,
+            skip_access_token=True,
+            allow_status_codes=[401],
+        )
+        if res.status_code == 401:
+            print_generic_error(
+                "Failed to fetch token. Please try again, if the problem persists please reach out to support@remotivelabs.com"
+            )
+            sys.exit(1)
+        access_token = res.json()["access_token"]
+        global short_lived_token  # noqa: PLW0603
+        short_lived_token = access_token
+        create_personal_token()
+        prompt_to_set_org()
+
+    if headless and not force_use_webserver_callback():
+        login_headless()
+    elif headless and force_use_webserver_callback():
+        login_with_callback_but_copy_url()
+    else:
+        could_open = webbrowser.open_new_tab(
+            f"{Rest.get_base_frontend_url()}/login"
+            f"?state={state}"
+            f"&cli_version={Rest.get_cli_version()}"
+            f"&response_type=code"
+            f"&code_challenge={code_challenge}"
+            f"&redirect_uri=http://localhost:{httpd.server_address[1]}"
+        )
+
+        if not could_open:
+            print_generic_error(
+                "Could not open a browser on this machine, this is likely because you are in an environment where no browser is available"
+            )
+            print_newline()
+            if force_use_webserver_callback():
+                login_with_callback_but_copy_url()
+                create_personal_token()
+            else:
+                login_headless()
+        else:
+            httpd.serve_forever()
+            create_personal_token()
+            prompt_to_set_org()
+
+    return True

remotivelabs/cli/cloud/auth_tokens.py

@@ -0,0 +1,149 @@
+from __future__ import annotations
+
+from typing import List, Optional
+
+import typer
+from rich.table import Table
+
+from remotivelabs.cli.cloud.organisations import do_select_default_org
+from remotivelabs.cli.settings import settings
+from remotivelabs.cli.settings.token_file import TokenFile
+from remotivelabs.cli.utils.console import (
+    print_generic_error,
+    print_generic_message,
+    print_hint,
+    print_newline,
+    print_success,
+    print_unformatted,
+)
+from remotivelabs.cli.utils.rest_helper import RestHelper as Rest
+
+
+def _prompt_choice(  # noqa: C901
+    choices: List[TokenFile],
+    skip_prompt: bool = False,
+    info_message: Optional[str] = None,
+) -> Optional[TokenFile]:
+    accounts = settings.list_accounts()
+
+    table = Table("#", "Active", "Type", "Token ID", "Account", "Created", "Expires")
+
+    included_tokens: list[TokenFile] = []
+    excluded_tokens: list[TokenFile] = []
+
+    for token in choices:
+        account = accounts.get(token.account.email)
+        if account and account.credentials_file:
+            token_file = settings.get_token_file(account.credentials_file)
+            if token_file and token_file.name in (token.name or ""):
+                included_tokens.append(token)
+            else:
+                excluded_tokens.append(token)
+        else:
+            excluded_tokens.append(token)
+
+    if len(included_tokens) == 0:
+        return None
+
+    included_tokens.sort(key=lambda token: token.created, reverse=True)
+
+    active_token = settings.get_active_token_file()
+    active_token_index = None
+    for idx, choice in enumerate(included_tokens, start=1):
+        is_active = active_token is not None and active_token.name == choice.name
+        active_token_index = idx if is_active else active_token_index
+
+        table.add_row(
+            f"[yellow]{idx}",
+            ":white_check_mark:" if is_active else "",
+            "user" if choice.type == "authorized_user" else "sa",
+            choice.name,
+            f"[bold]{choice.account.email if choice.account else 'unknown'}[/bold]",
+            str(choice.created),
+            str(choice.expires),
+        )
+    print_unformatted(table)
+    print_unformatted(
+        ":point_right: To get the access token for your activated account, use [bold]remotive cloud auth print-access-token[/bold]"
+    )
+
+    if skip_prompt:
+        return None
+
+    print_newline()
+    if info_message:
+        print_generic_message(info_message)
+
+    selection = typer.prompt(
+        f"Enter the number(# 1-{len(included_tokens)}) of the account to select (q to quit)",
+        default=f"{active_token_index}" if active_token_index is not None else None,
+    )
+
+    if selection == "q":
+        return None
+    try:
+        index = int(selection) - 1
+        if 0 <= index < len(included_tokens):
+            return included_tokens[index]
+        raise ValueError
+    except ValueError:
+        typer.echo("Invalid choice, please try again")
+        return _prompt_choice(included_tokens, skip_prompt, info_message)
+
+
+def prompt_to_set_org() -> None:
+    active_account = settings.get_active_account()
+    if active_account and not active_account.default_organization:
+        set_default_organisation = typer.confirm(
+            "You have not set a default organization\nWould you like to choose one now?",
+            abort=False,
+            default=True,
+        )
+        if set_default_organisation:
+            do_select_default_org(get=False)
+
+
+def do_activate(token_name: Optional[str]) -> Optional[TokenFile]:
+    if token_name:
+        token_file = settings.get_token_file(token_name)
+        if not token_file:
+            print_generic_error(f"Token with filename or name {token_name} could not be found")
+            return None
+        return settings.activate_token(token_file)
+
+    token_files = settings.list_personal_token_files()
+    token_files.extend(settings.list_service_account_token_files())
+    if len(token_files) > 0:
+        token_selected = list_and_select_personal_token(include_service_accounts=True)
+        if token_selected is not None:
+            is_logged_in = Rest.has_access("/api/whoami")
+            if not is_logged_in:
+                print_generic_error("Could not access RemotiveCloud with selected token")
+            else:
+                print_success("Access to RemotiveCloud granted")
+                # Only select default if activate was done with selection and successful
+                # and not SA since SA cannot list available organizations
+                if token_selected.type == "authorized_user":
+                    prompt_to_set_org()
+        return token_selected
+
+    print_hint("No credentials available, login to activate credentials")
+    return None
+
+
+def list_and_select_personal_token(
+    skip_prompt: bool = False,
+    include_service_accounts: bool = False,
+    info_message: Optional[str] = None,
+) -> Optional[TokenFile]:
+    personal_tokens = settings.list_personal_token_files()
+
+    if include_service_accounts:
+        sa_tokens = settings.list_service_account_token_files()
+        personal_tokens.extend(sa_tokens)
+
+    selected_token = _prompt_choice(personal_tokens, skip_prompt=skip_prompt, info_message=info_message)
+    if selected_token is not None:
+        settings.activate_token(selected_token)
+
+    return selected_token

remotivelabs/cli/cloud/brokers.py

@@ -0,0 +1,109 @@
+from __future__ import annotations
+
+import json
+import os
+import signal as os_signal
+from typing import Any, Union
+
+import requests
+import typer
+import websocket
+
+from remotivelabs.cli.typer import typer_utils
+from remotivelabs.cli.utils.console import print_generic_message
+from remotivelabs.cli.utils.rest_helper import RestHelper as Rest
+
+app = typer_utils.create_typer()
+
+
+@app.command("list", help="Lists brokers in project")
+def list(project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT")) -> None:
+    Rest.handle_get(f"/api/project/{project}/brokers")
+
+
+@app.command("describe", help="Shows details about a specific broker")
+def describe(name: str, project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT")) -> None:
+    Rest.handle_get(f"/api/project/{project}/brokers/{name}")
+
+
+@app.command("delete", help="Stops and deletes a broker from project")
+def stop(name: str, project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT")) -> None:
+    Rest.handle_delete(f"/api/project/{project}/brokers/{name}")
+
+
+@app.command(help="Deletes your personal broker from project")
+def delete_personal(project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT")) -> None:
+    Rest.handle_delete(f"/api/project/{project}/brokers/personal")
+
+
+def do_start(name: str, project: str, api_key: str, tag: str, return_response: bool = False) -> Union[requests.Response, None]:
+    if tag == "":
+        tag_to_use = None
+    else:
+        tag_to_use = tag
+
+    if api_key == "":
+        body = {"size": "S", "tag": tag_to_use}
+    else:
+        body = {"size": "S", "apiKey": api_key, "tag": tag_to_use}
+    return Rest.handle_post(
+        f"/api/project/{project}/brokers/{name}",
+        body=json.dumps(body),
+        return_response=return_response,
+        progress_label=f"Starting {name}...",
+    )
+
+
+@app.command(name="create", help="Create a broker in project")
+def start(
+    name: str,
+    project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT"),
+    tag: str = typer.Option("", help="Optional specific tag/version"),
+    silent: bool = typer.Option(False, help="Optional specific tag/version"),
+    api_key: str = typer.Option("", help="Start with your own api-key"),
+) -> None:
+    do_start(name, project, api_key, tag, return_response=silent)
+
+
+@app.command(name="logs")
+def logs(
+    broker_name: str = typer.Argument(..., help="Broker name to see logs for"),
+    tail: bool = typer.Option(False, help="Tail the broker log"),
+    history_minutes: str = typer.Option(10, help="History in minutes minutes to fetch"),
+    project: str = typer.Option(..., help="Project ID", envvar="REMOTIVE_CLOUD_PROJECT"),
+) -> None:
+    """
+    Exposes broker logs history or real-time tail of the broker.
+
+    When using --tail option, --history always skipped even if supplied
+    """
+
+    def exit_on_ctrlc(_sig: Any, _frame: Any) -> None:
+        wsapp.close()
+        os._exit(0)
+
+    os_signal.signal(os_signal.SIGINT, exit_on_ctrlc)
+
+    def on_message(_wsapp: Any, message: str) -> None:
+        # TODO: use log instead of print for debug information?
+        print_generic_message(message)
+
+    def on_error(_wsapp: Any, err: str) -> None:
+        # TODO: use log instead of print for debug information?
+        print_generic_message(f"Error encountered: {err}")
+
+    Rest.ensure_auth_token()
+    # This will work with both http -> ws and https -> wss
+    ws_url = Rest.get_base_url().replace("http", "ws")
+
+    if tail:
+        q = "?tail=yes"
+    elif history_minutes != "10":
+        q = f"?history={history_minutes}"
+    else:
+        q = ""
+
+    wsapp = websocket.WebSocketApp(
+        f"{ws_url}/api/project/{project}/brokers/{broker_name}/logs{q}", header=Rest.get_headers(), on_message=on_message, on_error=on_error
+    )
+    wsapp.run_forever()