vgs-cli 0.0.1.dev0__py3-none-any.whl

vgs_cli-0.0.1.dev0.data/data/vgscli/vault-schema.yaml

@@ -0,0 +1,36 @@
+---
+"$schema": http://json-schema.org/draft-07/schema#
+type: object
+properties:
+  apiVersion:
+    type: string
+    enum:
+      - 1.0.0
+  kind:
+    type: string
+    enum:
+      - Vault
+  data:
+    type: object
+    properties:
+      name:
+        type: string
+        minLength: 3
+        maxLength: 50
+      environment:
+        type: string
+        enum:
+          - SANDBOX
+          - LIVE
+      organizationId:
+        type: string
+        pattern: ^AC[A-Za-z0-9]{22}$
+    required:
+      - name
+      - environment
+    additionalProperties: false
+required:
+  - apiVersion
+  - kind
+  - data
+additionalProperties: false

vgs_cli-0.0.1.dev0.data/data/vgscli/vault-template.yaml

@@ -0,0 +1,12 @@
+apiVersion: 1.0.0
+kind: Vault
+data:
+  # Name of the vault to create. (Must be between 3 and 50 characters long.)
+  name: Very Good Vault
+
+  # Environment to create the vault within.
+  # See https://www.verygoodsecurity.com/docs/terminology/vaults#environments
+  environment: SANDBOX
+
+  # ID of the organization to associate the vault with.
+  organizationId: AC6mGNNRecR7K5N7AjX5niz4

vgs_cli-0.0.1.dev0.data/data/vgscli/vgs-cli.yaml

@@ -0,0 +1,17 @@
+apiVersion: 1.0.0
+kind: ServiceAccount
+data:
+  name: vgs-cli
+  {%- if vaults | length == 0 %}
+      {{- cli_warn("Service Account won't have access to any vaults inside organization. If you need it to access vault(s) please use --vault <vault-identifier>.") or "" }}
+  {%- else %}
+  vaults:
+    {%- for vault_id in vaults %}
+    - {{ vault_id }}
+    {%- endfor %}
+  {%- endif %}
+  scopes:
+    - name: access-logs:read
+    - name: organizations:read
+    - name: routes:write
+    - name: vaults:write

vgs_cli-0.0.1.dev0.dist-info/METADATA

@@ -0,0 +1,139 @@
+Metadata-Version: 2.4
+Name: vgs-cli
+Version: 0.0.1.dev0
+Summary: VGS Client
+Home-page: https://github.com/verygoodsecurity/vgs-cli
+Author: Very Good Security
+Author-email: dev@verygoodsecurity.com
+License: BSD
+Platform: any
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: base58<3,>=2.1.1
+Requires-Dist: click-plugins<2,>=1.1.1
+Requires-Dist: click<9,>=7
+Requires-Dist: configobj-dev>=2019.9.1
+Requires-Dist: cryptography>=44.0.1
+Requires-Dist: jsonschema<5,>=3.2.0
+Requires-Dist: keyring<26,>=16.1.0
+Requires-Dist: keyrings.alt<6,>=3.1
+Requires-Dist: pyhumps
+Requires-Dist: semver<4,>=3
+Requires-Dist: termcolor<3,>=2
+Requires-Dist: Jinja2>=2.10
+Requires-Dist: vgs-api-client<1,>=0.0.51
+Requires-Dist: async-timeout
+Requires-Dist: pip>=25.3
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: platform
+Dynamic: requires-dist
+Dynamic: summary
+
+# VGS CLI
+
+[![CircleCI](https://dl.circleci.com/status-badge/img/gh/verygoodsecurity/vgs-cli/tree/master.svg?style=svg&circle-token=6d4536882cc1d60a7ecf15cf4b4c93286abff2d8)](https://dl.circleci.com/status-badge/redirect/gh/verygoodsecurity/vgs-cli/tree/master)
+
+Command Line Tool for programmatic configurations on VGS.
+
+[Official Documentation](https://www.verygoodsecurity.com/docs/vgs-cli/getting-started)
+
+## Table of Contents
+
+- [Requirements](#requirements)
+- [Installation](#installation)
+  - [PyPI](#pypi)
+- [Run](#run)
+- [Running in Docker](#running-in-docker)
+- [Commands](#commands)
+- [Code Standards](#code-standards)
+- [Automation with VGS CLI](#automation-with-vgs-cli)
+- [Sphinx Documentation](#sphinx-documentation)
+- [Plugins Development](#plugins-development)
+
+## Requirements
+[Python 3](https://www.python.org/downloads/) or [Docker](https://docs.docker.com/get-docker/).
+
+## Installation
+
+### PyPI
+Install the latest version from [PyPI](https://pypi.org/project/vgs-cli/):
+```
+pip install vgs-cli
+```
+
+## Run
+
+Verify your installation by running:
+```
+vgs --version
+```
+
+## Running in Docker
+
+Check our [official documentation](https://www.verygoodsecurity.com/docs/vgs-cli/docker).
+
+## Commands
+
+- [`help`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#exploring-the-cli)
+- [`login`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#login)
+- [`logout`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#logout)
+- [`routes get`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#get)
+- [`routes apply`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#apply)
+- [`logs access`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#access)
+- [`access-credentials get`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#get)
+- [`access-credentials generate`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#generate)
+- [`organizations get`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#get)
+- [`vaults get`](https://www.verygoodsecurity.com/docs/vgs-cli/commands#get)
+
+## Code Standards
+
+We follow the defaults enforced by [Black](https://black.readthedocs.io/en/stable/) and [isort](https://pycqa.github.io/isort/) (with the Black profile). A formatting workflow runs in CI and installs `black`, `isort`, and `ruff`. Before opening a pull request, install the tools with `pip install black isort ruff` and run:
+
+```
+black .
+isort --profile black .
+ruff check .
+```
+
+## Automation with VGS CLI
+
+If you want to use the VGS CLI for automation you might be interested in creating a [service account](https://www.verygoodsecurity.com/docs/vgs-cli/service-account).
+
+## Plugins Development
+
+See [Click - Developing Plugins](https://github.com/click-contrib/click-plugins#developing-plugins).
+
+In order to develop a plugin you need to register your commands to an entrypoint in `setup.py`.
+
+Supported entrypoints:
+
+- `vgs.plugins` - for extending `vgs` with sub-commands
+- `vgs.get.plugins` - for extending `vgs get` with sub-commands
+- `vgs.apply.plugins` - for extending `vgs apply` with sub-commands
+- `vgs.logs.plugins` - for extending `vgs logs` with sub-commands
+
+Example:
+```python
+entry_points='''
+    [vgs.plugins]
+    activate=vgscliplugin.myplugin:new_command
+
+    [vgs.get.plugins]
+    preferences=vgscliplugin.myplugin:new_get_command
+'''
+```
+
+### Plugin catalog
+- [vgs-cli-admin-plugin](https://github.com/verygoodsecurity/vgs-cli-admin-plugin)

vgs_cli-0.0.1.dev0.dist-info/RECORD

@@ -0,0 +1,56 @@
+vgs_cli-0.0.1.dev0.data/data/vgscli/calm.yaml,sha256=kkZKW_D2gQHq5uDRn2eS8AMMVfSRP72gDerDY5q4hQU,482
+vgs_cli-0.0.1.dev0.data/data/vgscli/checkout.yaml,sha256=ig5MZXQFiAAsQcRpLhdoBM-6eWq7hhV69H3IkLntjwA,588
+vgs_cli-0.0.1.dev0.data/data/vgscli/http-route-template.yaml,sha256=nIXh_oF0pirA_dtFeyO-SG4p72No9KE7J_ShqAb_HyM,1662
+vgs_cli-0.0.1.dev0.data/data/vgscli/mft-route-template.yaml,sha256=3TwiVS6yDir3uc0g0G_p5Hj4Gje2aq8Zi6vnnRa4j5Q,142
+vgs_cli-0.0.1.dev0.data/data/vgscli/payments-admin.yaml,sha256=hXLVSB-6QYuvCEa3ozUdw8LBClxjVMs7t5ZSXsSsHJg,733
+vgs_cli-0.0.1.dev0.data/data/vgscli/service-account-schema.yaml,sha256=L1pjNXgnks15N1wNgf_1GmGcOvxn0nu49v7ersUjFno,1090
+vgs_cli-0.0.1.dev0.data/data/vgscli/sub-account-checkout.yaml,sha256=pDl0BRa8TZowlOJ8exs8JC--6JW8NPY_UFzaKXdDXqc,662
+vgs_cli-0.0.1.dev0.data/data/vgscli/vault-resources.yaml,sha256=oOdNs5yhfipKS3VMGMeewz49RHyE77pBnzW6fxVPOIk,26334
+vgs_cli-0.0.1.dev0.data/data/vgscli/vault-schema.yaml,sha256=sNiIIyIQ_iwfW234dSzsolyN4MADZLtV2mkcoG2A8Rs,622
+vgs_cli-0.0.1.dev0.data/data/vgscli/vault-template.yaml,sha256=IlDisL3H5LXUDMkhUaouKMarRdu0-pJxpTz8ij_lp_M,383
+vgs_cli-0.0.1.dev0.data/data/vgscli/vgs-cli.yaml,sha256=qvRq9_rmg1Wp1w6bO0JAVZrJmeOcvmBfbdMY8OnKn4Q,498
+vgs_cli-0.0.1.dev0.dist-info/licenses/LICENSE,sha256=NwSyzgDYdzv6O2ns2C6UODGI8LN1VnVe_FPTnWS4eXY,1082
+vgscli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+vgscli/_version.py,sha256=voOYriGKhzp76O3vbl7xYBRZGbaFSxSBjgP5ksZuebg,812
+vgscli/access_logs.py,sha256=G0GjlLjWiC-N6OzK6-RCvWddcVGQlLCLAcyO9pLWIOM,1928
+vgscli/audits_api.py,sha256=6FjpS1yTALio-DejgIS2eDw75ChjDp4GoAGXh4uZExU,3211
+vgscli/auth.py,sha256=vdUZ12nqtefIuSHNmwCFvxoqwS3m6ZP5TqLZFNwKnSU,2104
+vgscli/auth_server.py,sha256=e-xYoVebWM6cQNxuMr5rYzKuswNIrexnLSYo1ma48WY,4096
+vgscli/auth_utils.py,sha256=aC1VI0dFdFeupLS9Okz4uDz-wHhhFabqiLUg2R5vO2s,600
+vgscli/callback_server.py,sha256=oFFF5AGbbwhF7Hsc5fzS7jeGFzIMbebc9Qdq8uEl1PY,1055
+vgscli/cert_manager_api.py,sha256=uBrqbk5Qn7z1bSugSdCBHde6XksclNsW9358UDii2fc,1061
+vgscli/cli_utils.py,sha256=NzXK29_yIDrB-3T_XdLLB8NCWneQ-cpZFi9mazQL9tQ,3810
+vgscli/click_extensions.py,sha256=y59iSxnh-BW_GUyRoBmWeH6dsiyXf6WNr6OKea72Z-Q,2962
+vgscli/config_file.py,sha256=HB8lANU0qoO09Wnkf-QDzPh2qtrnFcqcetnCaQgtQ3U,1543
+vgscli/errors.py,sha256=rQ8M3MbtcirwE3vxICEekga_JqWeOvZbqReswiOEzv8,8682
+vgscli/file_token_util.py,sha256=537b54paMGw0u5PL5VJgQqQ7awKa9lQP88n3tUc_lyw,771
+vgscli/id_generator.py,sha256=3CbvSOUSyLON76p6M8wUhVQVig8j75_rnWdpxLhBifM,1510
+vgscli/keyring_token_util.py,sha256=Meo1XxlSpIUjYF1TqKqWCUKiNaidroiavUAGPmWS254,4215
+vgscli/testing.py,sha256=MLrsvy3mEwvjtqyuG0UjwEX-rDkbWUo52aXvu2H2sTk,1437
+vgscli/text.py,sha256=c2d1As7awq8PlEF9NiI6JrjsYYousj9YT0o1xOQ2MQM,172
+vgscli/token_handler.py,sha256=MvtmlicqnGrcopNkTr8Q2RlKE7IDj_sJFxF_39Jd7W8,183
+vgscli/vgs.py,sha256=n2_to8Dcb2cetkI9hYyyRehAJx3EOttMNZgxlPUsSeI,7097
+vgscli/cli/__init__.py,sha256=4g6-RMMhl907F-MegDac28V1y8fDVhLGp3Scz27afNo,628
+vgscli/cli/commands/__init__.py,sha256=h9vpkJzjaRQVZ6eR3FkSXvAjiDvngbxYzMSA30tiBCM,77
+vgscli/cli/commands/apply.py,sha256=b74CFIIZ6R8CPz08EAlSIje5vt1S2sVqbMrDG7Gn4rc,8968
+vgscli/cli/commands/generate.py,sha256=CIEcLnH5hEBftKP9mMjYWLh4ZvblwKXLw13PH4w88zs,3674
+vgscli/cli/commands/get.py,sha256=48Q2rfAi3A1zmalQ9eUXn1v8hXSNf9cJWSNyg96JNWk,5102
+vgscli/cli/types/__init__.py,sha256=a-P-SoGHpLzMg7CL1hhg5x_nf6sHq0qAuGm_AtIITmw,107
+vgscli/cli/types/resource_id.py,sha256=7JILR-KjoVGQDHB40tXJfTcU53iR8wM9Zr24fY5le3o,1172
+vgscli/cli/types/variable.py,sha256=IVcszPoWmTjeo_evDsLN06LuUZGTLL-wcZCVfBNBP8I,414
+vgscli/resource-templates/http-route-template.yaml,sha256=nIXh_oF0pirA_dtFeyO-SG4p72No9KE7J_ShqAb_HyM,1662
+vgscli/resource-templates/mft-route-template.yaml,sha256=3TwiVS6yDir3uc0g0G_p5Hj4Gje2aq8Zi6vnnRa4j5Q,142
+vgscli/resource-templates/vault-template.yaml,sha256=IlDisL3H5LXUDMkhUaouKMarRdu0-pJxpTz8ij_lp_M,383
+vgscli/resource-templates/service-account/calm.yaml,sha256=kkZKW_D2gQHq5uDRn2eS8AMMVfSRP72gDerDY5q4hQU,482
+vgscli/resource-templates/service-account/checkout.yaml,sha256=ig5MZXQFiAAsQcRpLhdoBM-6eWq7hhV69H3IkLntjwA,588
+vgscli/resource-templates/service-account/payments-admin.yaml,sha256=hXLVSB-6QYuvCEa3ozUdw8LBClxjVMs7t5ZSXsSsHJg,733
+vgscli/resource-templates/service-account/sub-account-checkout.yaml,sha256=pDl0BRa8TZowlOJ8exs8JC--6JW8NPY_UFzaKXdDXqc,662
+vgscli/resource-templates/service-account/vgs-cli.yaml,sha256=qvRq9_rmg1Wp1w6bO0JAVZrJmeOcvmBfbdMY8OnKn4Q,498
+vgscli/validation-schemas/service-account-schema.yaml,sha256=L1pjNXgnks15N1wNgf_1GmGcOvxn0nu49v7ersUjFno,1090
+vgscli/validation-schemas/vault-resources.yaml,sha256=oOdNs5yhfipKS3VMGMeewz49RHyE77pBnzW6fxVPOIk,26334
+vgscli/validation-schemas/vault-schema.yaml,sha256=sNiIIyIQ_iwfW234dSzsolyN4MADZLtV2mkcoG2A8Rs,622
+vgs_cli-0.0.1.dev0.dist-info/METADATA,sha256=iH5mcBiJXL7iEpZjPE3fGnjMbL_NKliqjqlO8fTQtd0,4684
+vgs_cli-0.0.1.dev0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+vgs_cli-0.0.1.dev0.dist-info/entry_points.txt,sha256=wCWhRQiMX4Ja6kkqJlYr8LbuiywpmXyyRAZPsau-_RY,39
+vgs_cli-0.0.1.dev0.dist-info/top_level.txt,sha256=gabTxCWMkl80q6ha_m-hs_1wQMfGntZcv5DEmkl8JEw,7
+vgs_cli-0.0.1.dev0.dist-info/RECORD,,

vgs_cli-0.0.1.dev0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.10.2)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

vgs_cli-0.0.1.dev0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+vgs = vgscli.vgs:cli

vgs_cli-0.0.1.dev0.dist-info/licenses/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2018 Very Good Security, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

vgs_cli-0.0.1.dev0.dist-info/top_level.txt

@@ -0,0 +1 @@
+vgscli

vgscli/_version.py

@@ -0,0 +1,32 @@
+from typing import Optional
+
+import click
+import requests
+from semver import VersionInfo
+
+from vgscli.text import bold, green
+
+__version__ = "0.0.1-dev"
+
+
+# noinspection PyBroadException
+def get_latest_version(**kwargs) -> Optional[VersionInfo]:
+    try:
+        response_json = requests.get(
+            "https://pypi.org/pypi/vgs-cli/json", **kwargs
+        ).json()
+        return VersionInfo.parse(response_json["info"]["version"])
+    except Exception:
+        return None
+
+
+def check_for_updates() -> None:
+    latest_version = get_latest_version(timeout=2)
+
+    if latest_version and latest_version > __version__:
+        message = f"CLI update available from {bold(green(__version__))} to {bold(green(str(latest_version)))}."
+        click.echo(message, err=True)
+
+
+def version():
+    return __version__

vgscli/access_logs.py

@@ -0,0 +1,65 @@
+import math
+
+
+def calculate_start_page(total_records, tail, records_per_page):
+    if tail > total_records or total_records <= records_per_page:
+        return 1
+    total_pages_num = math.ceil(total_records / records_per_page)
+    tail_pages_num = math.ceil(
+        (tail - total_records % records_per_page) / records_per_page
+    )
+    return total_pages_num - tail_pages_num
+
+
+def calculate_start_index(total_records, tail, records_per_page):
+    if tail > total_records:
+        return 0
+    offset_total = total_records % records_per_page
+    offset_tail = tail % records_per_page
+    return offset_total - offset_tail
+
+
+def fetch_logs(api, params, tail):
+    records_per_page = 30
+    count = 0
+    current_page = 1
+    start_page = None
+
+    params["sort"] = "occurred_at"
+
+    while True:
+        params["page[number]"] = current_page
+        result = api.access_logs.list(params=params)
+        page_data = result.body["data"]
+
+        if tail:
+            if not start_page:
+                start_page = calculate_start_page(
+                    result.body["meta"]["count"], tail, records_per_page
+                )
+                current_page = start_page
+                if start_page != 1:
+                    continue
+
+            if current_page == start_page:
+                start_index = calculate_start_index(
+                    result.body["meta"]["count"], tail, records_per_page
+                )
+                page_data = page_data[start_index:]
+            elif tail - count < records_per_page:
+                page_data = page_data[: (tail - count)]
+
+        yield page_data
+
+        count += len(page_data)
+        current_page += 1
+
+        if not result.body["links"].get("next") or (tail and tail <= count):
+            break
+
+
+def prepare_filter(filter_options):
+    result = {}
+    for pair in filter_options.items():
+        result["filter[{}]".format(pair[0])] = pair[1]
+    return result

vgscli/audits_api.py

@@ -0,0 +1,102 @@
+import logging
+from copy import deepcopy
+from typing import Dict
+
+from simple_rest_client.api import API
+from simple_rest_client.resource import Resource
+
+from vgscli._version import __version__
+from vgscli.errors import VaultNotFoundError
+
+logger = logging.getLogger(__name__)
+
+env_url = {
+    "dev": "https://audits.verygoodsecurity.io",
+    "prod": "https://audits.apps.verygood.systems",
+}
+
+
+class AccessLogsResource(Resource):
+    actions = {
+        "retrieve": {"method": "GET", "url": "access-logs/{}"},
+        "list": {"method": "GET", "url": "access-logs"},
+    }
+
+
+class OperationsLogsResource(Resource):
+    actions = {
+        "list": {"method": "GET", "url": "op-pipeline-logs"},
+    }
+
+
+class OperationLogsQueryConfig:
+
+    TENANT_ID_KEY = "filter[tenant_id]"
+    TRACE_ID_KEY = "filter[trace_id]"
+
+    PAGE_SIZE_KEY = "page[size]"
+
+    def __init__(self, tenant_id: str, trace_id: str, page_size: int = 1000):
+        self._configs: Dict[str, str] = {
+            OperationLogsQueryConfig.TENANT_ID_KEY: tenant_id,
+            OperationLogsQueryConfig.PAGE_SIZE_KEY: page_size,
+            OperationLogsQueryConfig.TRACE_ID_KEY: trace_id,
+        }
+
+    def to_query_params(self):
+        return deepcopy({k: v for k, v in self._configs.items() if v is not None})
+
+    @property
+    def tenant_id(self):
+        return self._configs.get(OperationLogsQueryConfig.TENANT_ID_KEY)
+
+    @tenant_id.setter
+    def tenant_id(self, value: str):
+        self._configs[OperationLogsQueryConfig.TENANT_ID_KEY] = value
+
+    @property
+    def page_size(self):
+        return self._configs.get(OperationLogsQueryConfig.PAGE_SIZE_KEY)
+
+    @page_size.setter
+    def page_size(self, value: str):
+        self._configs[OperationLogsQueryConfig.PAGE_SIZE_KEY] = value
+
+    @property
+    def trace_id(self):
+        return self._configs.get(OperationLogsQueryConfig.TRACE_ID_KEY)
+
+    @page_size.setter
+    def trace_id(self, value: str):
+        self._configs[OperationLogsQueryConfig.TRACE_ID_KEY] = value
+
+
+def create_api(ctx, vault_id, environment, token):
+    api = API(
+        api_root_url=env_url[environment],
+        params={},  # default params
+        headers={
+            "VGS-Tenant": vault_id,
+            "Content-Type": "application/vnd.api+json",
+            "Accept": "application/vnd.api+json",
+            "User-Agent": "VGS CLI {}".format(__version__),
+            "Authorization": "Bearer {}".format(token),
+        },  # default headers
+        timeout=50,  # default timeout in seconds
+        append_slash=False,  # append slash to final url
+        json_encode_body=True,  # encode body as json
+    )
+    api.add_resource(resource_name="access_logs", resource_class=AccessLogsResource)
+    api.add_resource(
+        resource_name="operations_logs", resource_class=OperationsLogsResource
+    )
+    return api
+
+
+def get_api_url(ctx, vault_id, api):
+    response = api.accounts_api.get_vault_by_id(vault_id)
+    try:
+        return response.body["data"][0]["links"]["vault_management_api"]
+    except (KeyError, IndexError):
+        # if we weren't able to extract the vault_management_api it means that the provided vault_id doesn't exist
+        raise VaultNotFoundError(vault_id, ctx)

vgscli/auth.py

@@ -0,0 +1,68 @@
+import click
+from simple_rest_client.exceptions import ClientError
+
+from vgscli.auth_server import AuthServer
+from vgscli.errors import (
+    AuthenticationError,
+    AuthenticationRequiredError,
+    ClientCredentialsAuthenticationError,
+    TokenNotValidError,
+)
+from vgscli.keyring_token_util import KeyringTokenUtil
+
+token_util = KeyringTokenUtil()
+TOKEN_FILE_NAME = "vgs_token"
+
+
+def handshake(ctx, environment):
+    try:
+        if not token_util.validate_access_token():
+            token_util.validate_refresh_token()
+            AuthServer(environment).refresh_authentication()
+    except ClientError as e:
+        if (
+            e.response.body
+            and e.response.body.get("error_description") == "Invalid refresh token"
+        ):
+            raise AuthenticationRequiredError(ctx)
+        else:
+            raise AuthenticationError(ctx, e.args[0])
+    except TokenNotValidError:
+        raise AuthenticationRequiredError(ctx)
+    except Exception as e:
+        raise AuthenticationError(ctx, e.args[0])
+
+
+def login(ctx, environment, **kwargs):
+    try:
+        access_token = AuthServer(environment).login(environment, **kwargs)
+        click.echo("Success!")
+        return access_token
+    except Exception as e:
+        raise AuthenticationError(ctx, e.args[0])
+
+
+def logout(ctx, environment):
+    try:
+        if token_util.tokens_exist():
+            AuthServer(environment).logout()
+            token_util.clear_tokens()
+            token_util.remove_encryption_secret()
+            click.echo("Success!")
+        else:
+            click.echo("Login data not found.")
+    except Exception as e:
+        raise AuthenticationError(ctx, e.args[0])
+
+
+def client_credentials_login(ctx, client_id, client_secret, environment):
+    try:
+        if (
+            not token_util.is_access_token_valid()
+            or token_util.is_access_token_azp_changed(client_id)
+        ):
+            AuthServer(environment).client_credentials_login(client_id, client_secret)
+    except (TokenNotValidError, ClientError):
+        raise ClientCredentialsAuthenticationError(ctx)
+
+    return True