Updated CLI

trustgraph-cli/pyproject.toml

@@ -45,6 +45,7 @@ tg-login = "trustgraph.cli.login:main"
 tg-create-user = "trustgraph.cli.create_user:main"
 tg-list-users = "trustgraph.cli.list_users:main"
 tg-disable-user = "trustgraph.cli.disable_user:main"
+tg-enable-user = "trustgraph.cli.enable_user:main"
 tg-change-password = "trustgraph.cli.change_password:main"
 tg-reset-password = "trustgraph.cli.reset_password:main"
 tg-create-api-key = "trustgraph.cli.create_api_key:main"

trustgraph-cli/trustgraph/cli/create_api_key.py

@@ -17,10 +17,10 @@ def do_create_api_key(args):
     if args.expires:
         key["expires"] = args.expires
 
-    resp = call_iam(args.api_url, args.token, {
-        "operation": "create-api-key",
-        "key": key,
-    })
+    req = {"operation": "create-api-key", "key": key}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    resp = call_iam(args.api_url, args.token, req)
 
     plaintext = resp.get("api_key_plaintext", "")
     rec = resp.get("api_key", {})
@@ -57,6 +57,13 @@ def main():
         "--expires", default=None,
         help="ISO-8601 expiry (optional; empty = no expiry)",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_create_api_key, parser)
 
 

trustgraph-cli/trustgraph/cli/create_user.py

@@ -29,6 +29,8 @@ def do_create_user(args):
         user["must_change_password"] = True
 
     req = {"operation": "create-user", "user": user}
+    if args.workspace:
+        req["workspace"] = args.workspace
     resp = call_iam(args.api_url, args.token, req)
 
     rec = resp.get("user", {})
@@ -71,6 +73,13 @@ def main():
         "--must-change-password", action="store_true",
         help="Force password change on next login",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_create_user, parser)
 
 

trustgraph-cli/trustgraph/cli/disable_user.py

@@ -9,10 +9,10 @@ from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
 
 
 def do_disable_user(args):
-    call_iam(args.api_url, args.token, {
-        "operation": "disable-user",
-        "user_id": args.user_id,
-    })
+    req = {"operation": "disable-user", "user_id": args.user_id}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    call_iam(args.api_url, args.token, req)
     print(f"Disabled user {args.user_id}")
 
 
@@ -31,6 +31,13 @@ def main():
     parser.add_argument(
         "--user-id", required=True, help="User id to disable",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_disable_user, parser)
 
 

trustgraph-cli/trustgraph/cli/enable_user.py

@@ -0,0 +1,45 @@
+"""
+Re-enable a previously disabled user.  Does not restore their API
+keys — those must be re-issued by an admin.
+"""
+
+import argparse
+
+from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
+
+
+def do_enable_user(args):
+    req = {"operation": "enable-user", "user_id": args.user_id}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    call_iam(args.api_url, args.token, req)
+    print(f"Enabled user {args.user_id}")
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="tg-enable-user", description=__doc__,
+    )
+    parser.add_argument(
+        "-u", "--api-url", default=DEFAULT_URL,
+        help=f"API URL (default: {DEFAULT_URL})",
+    )
+    parser.add_argument(
+        "-t", "--token", default=DEFAULT_TOKEN,
+        help="Auth token (default: $TRUSTGRAPH_TOKEN)",
+    )
+    parser.add_argument(
+        "--user-id", required=True, help="User id to enable",
+    )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
+    run_main(do_enable_user, parser)
+
+
+if __name__ == "__main__":
+    main()

trustgraph-cli/trustgraph/cli/list_api_keys.py

@@ -10,10 +10,10 @@ from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
 
 
 def do_list_api_keys(args):
-    resp = call_iam(args.api_url, args.token, {
-        "operation": "list-api-keys",
-        "user_id": args.user_id,
-    })
+    req = {"operation": "list-api-keys", "user_id": args.user_id}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    resp = call_iam(args.api_url, args.token, req)
 
     keys = resp.get("api_keys", [])
     if not keys:
@@ -55,6 +55,13 @@ def main():
         "--user-id", required=True,
         help="Owner user id",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_list_api_keys, parser)
 
 

trustgraph-cli/trustgraph/cli/list_users.py

@@ -10,9 +10,10 @@ from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
 
 
 def do_list_users(args):
-    resp = call_iam(
-        args.api_url, args.token, {"operation": "list-users"},
-    )
+    req = {"operation": "list-users"}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    resp = call_iam(args.api_url, args.token, req)
 
     users = resp.get("users", [])
     if not users:
@@ -50,6 +51,13 @@ def main():
         "-t", "--token", default=DEFAULT_TOKEN,
         help="Auth token (default: $TRUSTGRAPH_TOKEN)",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_list_users, parser)
 
 

trustgraph-cli/trustgraph/cli/reset_password.py

@@ -10,10 +10,10 @@ from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
 
 
 def do_reset_password(args):
-    resp = call_iam(args.api_url, args.token, {
-        "operation": "reset-password",
-        "user_id": args.user_id,
-    })
+    req = {"operation": "reset-password", "user_id": args.user_id}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    resp = call_iam(args.api_url, args.token, req)
 
     tmp = resp.get("temporary_password", "")
     if not tmp:
@@ -40,6 +40,13 @@ def main():
         "--user-id", required=True,
         help="Target user id",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_reset_password, parser)
 
 

trustgraph-cli/trustgraph/cli/revoke_api_key.py

@@ -8,10 +8,10 @@ from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
 
 
 def do_revoke_api_key(args):
-    call_iam(args.api_url, args.token, {
-        "operation": "revoke-api-key",
-        "key_id": args.key_id,
-    })
+    req = {"operation": "revoke-api-key", "key_id": args.key_id}
+    if args.workspace:
+        req["workspace"] = args.workspace
+    call_iam(args.api_url, args.token, req)
     print(f"Revoked key {args.key_id}")
 
 
@@ -30,6 +30,13 @@ def main():
     parser.add_argument(
         "--key-id", required=True, help="Key id to revoke",
     )
+    parser.add_argument(
+        "-w", "--workspace", default=None,
+        help=(
+            "Target workspace (admin only; defaults to caller's "
+            "assigned workspace)"
+        ),
+    )
     run_main(do_revoke_api_key, parser)