Bootstrap CLI for provisioning cloud resources
Project description
remove the existing package: rm -rf build/ dist/ *.egg-info build again: python -m build
upload to pypi: twine upload dist/*
📦 Overview
The CLI now supports:
- 🔐 Secure login via browser-based device authorization (OAuth2-compliant)
- 🏢 Organization-scoped login (per session)
- 🔁 Automatic token refresh using offline tokens
- 👤 User context inspection (
whoami) - 👋 Session clearing (
logout)
🧑💻 Commands
All auth-related commands are grouped under:
intctl auth <subcommand>
1. 🔐 intctl auth login
Start login flow via browser:
intctl auth login
Flow:
-
Prompts for organization ID or name
-
Opens Keycloak device login via browser
-
User authenticates (e.g., via password or IdP)
-
Token is issued and saved locally:
access_token: short-livedrefresh_token: long-livedusername,org: stored with token
Stored at: ~/.intctl_token
2. 🧾 intctl auth whoami
Displays the current authenticated user and selected organization:
intctl auth whoami
Output:
👤 User: saeid
🏢 Org: org-abc
3. 🚪 intctl auth logout
Clears the local session:
intctl auth logout
This deletes the token and org information stored in ~/.intctl_token.
🔁 Token Refresh
The CLI automatically refreshes your token when it's near expiry:
- Refreshes if token expires in less than 60 seconds
- Uses stored
refresh_token(offline token) - Seamless; no user input required
🔧 Use in Code
from login import get_valid_access_token
headers = {
"Authorization": f"Bearer {get_valid_access_token()}",
"X-Org": load_login_data()["org"]
}
🗂️ Token Storage Format
Stored as JSON at ~/.intctl_token:
{
"access_token": "eyJhbGci...",
"refresh_token": "eyJhbGci...",
"username": "saeid",
"org": "intellithing"
}
🔐 Keycloak Client Configuration Summary
| Field | Value |
|---|---|
| Client Type | OpenID Connect (Public) |
| Device Auth Grant | ✅ Enabled |
| Offline Access Scope | ✅ Assigned |
| Access Type | Public |
🔄 Future Ideas (Optional Enhancements)
intctl auth switch-org: change org context without full re-login- Encrypt token file using
keyringor GPG - Add
intctl auth refresh(manual token refresh)
📎 Example Usage
intctl auth login
intctl configure
intctl setup
intctl auth whoami
intctl auth logout
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file intctl-0.0.1.tar.gz.
File metadata
- Download URL: intctl-0.0.1.tar.gz
- Upload date:
- Size: 53.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d6c9b96f94f192957886b6f0e63c897fee308bca15ca16ac89caf420a04541f
|
|
| MD5 |
926c1bded5ee841a131655739bb4485e
|
|
| BLAKE2b-256 |
c9cacc03b3b3d38cc5dfddfd84edb0b4f697635d675d63b9f5fb01126442e6f2
|
File details
Details for the file intctl-0.0.1-py3-none-any.whl.
File metadata
- Download URL: intctl-0.0.1-py3-none-any.whl
- Upload date:
- Size: 85.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0ea90fb0b16f7c859aa30e1eae8b4bd9fee7bd9cd23507cf5055dba21bc45d4f
|
|
| MD5 |
76d138c207214a2fa7f4104c2f8f6bc4
|
|
| BLAKE2b-256 |
d1391c757a5820007ce6457e0956d3203249ae126e1eaf8d817fe7575390047b
|
