kernelci.cli: implement main parts of user subcommand

Implement the main parts of the `kci user` subcommand with whoami,
find, token, password update / add.

Some missing features on the API side mean we can't yet implement
update, activate, deactivate and password reset.  Also the token
expiry date can't yet be specified.  These things will need to be
implemented as follow-ups when the features become available.

Signed-off-by: Guillaume Tucker <[email protected]>

Author: gctucker

kernelci/cli/user.py

@@ -3,16 +3,18 @@
 # Copyright (C) 2023 Collabora Limited
 # Author: Guillaume Tucker <[email protected]>
 # Author: Jeny Sadadia <[email protected]>
+# Author: Paweł Wieczorek <[email protected]>
 
 """Tool to manage KernelCI API users"""
 
+import getpass
 import json
 
 import click
 
 import kernelci.api
 import kernelci.config
-from . import Args, kci
+from . import Args, kci, split_attributes
 
 
 @kci.group(name='user')
@@ -25,9 +27,83 @@ def kci_user():
 @Args.api
 @Args.indent
 def whoami(config, api, indent, secrets):
-    """Use whoami to get current user info with API authentication"""
+    """Get the current user's details with API authentication"""
     configs = kernelci.config.load(config)
     api_config = configs['api'][api]
     api = kernelci.api.get_api(api_config, secrets.api.token)
     data = api.whoami()
     click.echo(json.dumps(data, indent=indent))
+
+
+@kci_user.command
+@click.argument('attributes', nargs=-1)
+@Args.config
+@Args.api
+@Args.indent
+def find(attributes, config, api, indent):
+    """Find user profiles with arbitrary attributes"""
+    configs = kernelci.config.load(config)
+    api_config = configs['api'][api]
+    api = kernelci.api.get_api(api_config)
+    users = api.get_user_profiles(split_attributes(attributes))
+    data = json.dumps(users, indent=indent)
+    echo = click.echo_via_pager if len(users) > 1 else click.echo
+    echo(data)
+
+
+@kci_user.command
+@click.argument('username')
+@Args.config
+@Args.api
+@Args.indent
+@click.option('--scope', multiple=True, help="Security scope(s)")
+def token(username, config, api, indent, scope):
+    """Create a new API token using a user name and password"""
+    password = getpass.getpass()
+    configs = kernelci.config.load(config)
+    api_config = configs['api'][api]
+    api = kernelci.api.get_api(api_config)
+    user_token = api.create_token(username, password, scope)
+    click.echo(json.dumps(user_token, indent=indent))
+
+
+@kci_user.group(name='password')
+def user_password():
+    """Manage user passwords"""
+
+
+@user_password.command
+@click.argument('username')
+@Args.config
+@Args.api
+def update(username, config, api):
+    """Update the password for a given user"""
+    current = getpass.getpass("Current password: ")
+    new = getpass.getpass("New password: ")
+    retyped = getpass.getpass("Retype new password: ")
+    if new != retyped:
+        raise click.ClickException("Sorry, passwords do not match")
+    configs = kernelci.config.load(config)
+    api_config = configs['api'][api]
+    api = kernelci.api.get_api(api_config)
+    api.change_password(username, current, new)
+
+
+@kci_user.command(secrets=True)
+@click.argument('username')
+@click.argument('email')
+@Args.config
+@Args.api
+def add(username, email, config, api, secrets):
+    """Add a new user account"""
+    profile = {
+        'email': email,
+    }
+    password = getpass.getpass()
+    retyped = getpass.getpass("Confirm password: ")
+    if password != retyped:
+        raise click.ClickException("Sorry, passwords do not match")
+    configs = kernelci.config.load(config)
+    api_config = configs['api'][api]
+    api = kernelci.api.get_api(api_config, secrets.api.token)
+    api.create_user(username, password, profile)