Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Added

- Directory protection write endpoints (#123, #13 write slice):
`kasapi-cli directoryprotection add <path> <user> --password <pw>
[--authname <name>]`, `… update <path> <user> [--password <pw>]
[--authname <name>]` and `… delete <path> <user>` wire
`add_directoryprotection` / `update_directoryprotection` /
`delete_directoryprotection`. A protection entry is identified by the
`(path, user)` pair taken as two positional arguments (a single path
can protect several users). `update` and `delete` are gated by the
#109 confirmation prompt — `update` replaces the access password (the
previous one is unrecoverable) and `delete` revokes access, so both
can lock users out; `add` is reversible and not prompted. All three
honour `--dry-run` (#132) and emit a #131 audit record;
`directory_password` is redacted in both sinks. There is **no**
`_new_password` split — `update` sends the replacement under the same
`directory_password` key `add` uses — and `update` sends only the
explicitly-changed `--password`/`--authname` (keyed on cobra
`Changed`), so an omitted password keeps the current one. KAS also
accepts parallel `directory_user`/`directory_password` arrays to
create several protected users in one call (hence the
`directory_user_count_neq_passcount` fault); the captured request
fixtures only exercise the scalar single-user form, and the array
wire-encoding is not captured, so this slice deliberately models one
`(path, user)` protection per call rather than inventing the array
shape.

- Mail standard filter write endpoints (#116, #13 write slice):
`kasapi-cli mail filters add <mail-login> --filter <item> [--filter
<item>...]` and `… delete <mail-login>` wire
Expand Down
2 changes: 1 addition & 1 deletion docs/cli/kasapi-cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ kasapi-cli [flags]
* [kasapi-cli cronjobs](kasapi-cli_cronjobs.md) - Inspect and manage cronjobs (get/add/update/delete_cronjob)
* [kasapi-cli databases](kasapi-cli_databases.md) - Inspect and manage databases (get/add/update/delete_database)
* [kasapi-cli ddnsusers](kasapi-cli_ddnsusers.md) - Inspect and manage DDNS users (get/add/update/delete_ddnsuser)
* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect directory (htaccess) protections (get_directoryprotection)
* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)
* [kasapi-cli dns](kasapi-cli_dns.md) - Inspect DNS records for a zone
* [kasapi-cli domains](kasapi-cli_domains.md) - Inspect domains owned by the authenticated account
* [kasapi-cli ftpusers](kasapi-cli_ftpusers.md) - Inspect and manage FTP users (get/add/update/delete_ftpuser)
Expand Down
5 changes: 4 additions & 1 deletion docs/cli/kasapi-cli_directoryprotection.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## kasapi-cli directoryprotection

Inspect directory (htaccess) protections (get_directoryprotection)
Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)

### Options

Expand Down Expand Up @@ -29,5 +29,8 @@ Inspect directory (htaccess) protections (get_directoryprotection)
### SEE ALSO

* [kasapi-cli](kasapi-cli.md) - Command-line client for the All-Inkl KAS API
* [kasapi-cli directoryprotection add](kasapi-cli_directoryprotection_add.md) - Protect a path for a user (add_directoryprotection)
* [kasapi-cli directoryprotection delete](kasapi-cli_directoryprotection_delete.md) - Revoke a user's directory protection on a path (delete_directoryprotection)
* [kasapi-cli directoryprotection list](kasapi-cli_directoryprotection_list.md) - List directory protections, optionally filtered by --path
* [kasapi-cli directoryprotection update](kasapi-cli_directoryprotection_update.md) - Replace the password and/or realm of a directory protection (update_directoryprotection)

38 changes: 38 additions & 0 deletions docs/cli/kasapi-cli_directoryprotection_add.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
## kasapi-cli directoryprotection add

Protect a path for a user (add_directoryprotection)

```
kasapi-cli directoryprotection add <path> <user> --password <pw> [--authname <name>] [flags]
```

### Options

```
--authname string htaccess realm label shown in the browser auth dialog (optional; directory_authname)
-h, --help help for add
--password string access password for the protected user (required)
```

### Options inherited from parent commands

```
--audit-log string append a JSON-Lines audit record for each write action to this file (also KAS_AUDIT_LOG); a logfmt line always goes to stderr regardless
--auth-data string KAS auth data (overrides config and KAS_AUTHDATA)
--auth-type string KAS auth strategy: 'plain' = send password on each KasApi call (no KasAuth, no 2FA support); 'session' = bootstrap via KasAuth and reuse the credential token. Overrides config and KAS_AUTHTYPE.
--config string path to the kasapi-cli config file (overrides the default location)
--dry-run preview a destructive command's KAS request (action + redacted parameters) and exit 0 without dispatching or prompting; honours --output
--login string KAS login (overrides config and KAS_LOGIN)
--otp string 2FA one-time PIN — sent to KasAuth as session_2fa during the credential-token bootstrap. Requires auth_type=session; the KAS API does not document 2FA on direct kas_auth_type=plain calls.
-o, --output string output format: json|yaml|table (default table)
--profile string profile to select from the config file (overrides default_profile)
--session-lifetime int session_lifetime in seconds passed to KasAuth (1..30000); 0 keeps the server default. Requires auth_type=session.
--session-update-lifetime string session_update_lifetime passed to KasAuth ('Y' = sliding window, 'N' = fixed). Empty omits the parameter. Requires auth_type=session.
-v, --verbose enable verbose logging on stderr
-y, --yes skip confirmation prompts on destructive operations
```

### SEE ALSO

* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)

36 changes: 36 additions & 0 deletions docs/cli/kasapi-cli_directoryprotection_delete.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## kasapi-cli directoryprotection delete

Revoke a user's directory protection on a path (delete_directoryprotection)

```
kasapi-cli directoryprotection delete <path> <user> [flags]
```

### Options

```
-h, --help help for delete
```

### Options inherited from parent commands

```
--audit-log string append a JSON-Lines audit record for each write action to this file (also KAS_AUDIT_LOG); a logfmt line always goes to stderr regardless
--auth-data string KAS auth data (overrides config and KAS_AUTHDATA)
--auth-type string KAS auth strategy: 'plain' = send password on each KasApi call (no KasAuth, no 2FA support); 'session' = bootstrap via KasAuth and reuse the credential token. Overrides config and KAS_AUTHTYPE.
--config string path to the kasapi-cli config file (overrides the default location)
--dry-run preview a destructive command's KAS request (action + redacted parameters) and exit 0 without dispatching or prompting; honours --output
--login string KAS login (overrides config and KAS_LOGIN)
--otp string 2FA one-time PIN — sent to KasAuth as session_2fa during the credential-token bootstrap. Requires auth_type=session; the KAS API does not document 2FA on direct kas_auth_type=plain calls.
-o, --output string output format: json|yaml|table (default table)
--profile string profile to select from the config file (overrides default_profile)
--session-lifetime int session_lifetime in seconds passed to KasAuth (1..30000); 0 keeps the server default. Requires auth_type=session.
--session-update-lifetime string session_update_lifetime passed to KasAuth ('Y' = sliding window, 'N' = fixed). Empty omits the parameter. Requires auth_type=session.
-v, --verbose enable verbose logging on stderr
-y, --yes skip confirmation prompts on destructive operations
```

### SEE ALSO

* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)

2 changes: 1 addition & 1 deletion docs/cli/kasapi-cli_directoryprotection_list.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,5 +33,5 @@ kasapi-cli directoryprotection list [flags]

### SEE ALSO

* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect directory (htaccess) protections (get_directoryprotection)
* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)

38 changes: 38 additions & 0 deletions docs/cli/kasapi-cli_directoryprotection_update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
## kasapi-cli directoryprotection update

Replace the password and/or realm of a directory protection (update_directoryprotection)

```
kasapi-cli directoryprotection update <path> <user> [--password <pw>] [--authname <name>] [flags]
```

### Options

```
--authname string replacement htaccess realm label (directory_authname)
-h, --help help for update
--password string replacement access password (sent as directory_password)
```

### Options inherited from parent commands

```
--audit-log string append a JSON-Lines audit record for each write action to this file (also KAS_AUDIT_LOG); a logfmt line always goes to stderr regardless
--auth-data string KAS auth data (overrides config and KAS_AUTHDATA)
--auth-type string KAS auth strategy: 'plain' = send password on each KasApi call (no KasAuth, no 2FA support); 'session' = bootstrap via KasAuth and reuse the credential token. Overrides config and KAS_AUTHTYPE.
--config string path to the kasapi-cli config file (overrides the default location)
--dry-run preview a destructive command's KAS request (action + redacted parameters) and exit 0 without dispatching or prompting; honours --output
--login string KAS login (overrides config and KAS_LOGIN)
--otp string 2FA one-time PIN — sent to KasAuth as session_2fa during the credential-token bootstrap. Requires auth_type=session; the KAS API does not document 2FA on direct kas_auth_type=plain calls.
-o, --output string output format: json|yaml|table (default table)
--profile string profile to select from the config file (overrides default_profile)
--session-lifetime int session_lifetime in seconds passed to KasAuth (1..30000); 0 keeps the server default. Requires auth_type=session.
--session-update-lifetime string session_update_lifetime passed to KasAuth ('Y' = sliding window, 'N' = fixed). Empty omits the parameter. Requires auth_type=session.
-v, --verbose enable verbose logging on stderr
-y, --yes skip confirmation prompts on destructive operations
```

### SEE ALSO

* [kasapi-cli directoryprotection](kasapi-cli_directoryprotection.md) - Inspect and manage directory (htaccess) protections (get/add/update/delete_directoryprotection)

1 change: 1 addition & 0 deletions docs/usage/destructive-writes.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ the deviations.
| [`ddnsusers`](https://github.com/chmmou/kasapi-cli/issues/121) | **No `_new_password` split**: `--password` maps to `dyndns_password` on both `add` and `update`. `update_ddnsuser` accepts `--target-ipv4` / `--target-ipv6` instead of `add`'s legacy `--target-ip`; the ipv4/ipv6 keys are undocumented in the KAS API docs but verified to work against the live system (the captured update request fixture is authoritative). |
| [`mail accounts`](https://github.com/chmmou/kasapi-cli/issues/114) | **Louder delete prompt**: `delete_mailaccount` uses `"permanently delete"` (shared with `databases`) — it drops the mailbox AND every message in it. `add` splits the address on the last `@` into `local_part` / `domain_part`; `update`/`delete` address the account by its generated `mail_login`. Password key splits between actions: `--password` → `mail_password` on add, `mail_new_password` on update. `add`'s Y/N/text toggles and XLIST folder names default to the KAS API's own defaults; `--responder` is passed through verbatim (`N`, `Y`, or a `<start>\|<end>` timestamp range). |
| [`mail filters`](https://github.com/chmmou/kasapi-cli/issues/116) | **Both `add` and `delete` are gated**, not just `delete`: there is no `update_mailstandardfilter`, so `add_mailstandardfilter` *replaces* the configured chain wholesale (any previously-set items not in the new `--filter` list are dropped). Repeatable `--filter <item>` is joined with `;` on the wire (items must not contain `;` and not be empty). `delete_mailstandardfilter` takes only `<mail-login>` and removes the whole chain in one shot; the prompt phrases this as *"remove all standard filters of mail account &lt;login&gt;"* to make the all-at-once effect explicit. **Known API quirk**: `delete` sometimes returns an envelope-level SOAP fault (an internal `sizeof()` PHP error) even when the chain was in fact removed on the server. The fault is surfaced verbatim — if you see it, verify the actual outcome via `kasapi-cli mail accounts get <login>` (the configured chain is reported in the `mail_spamfilter` field). |
| [`directoryprotection`](https://github.com/chmmou/kasapi-cli/issues/123) | **Composite `(path, user)` identity**: `add`/`update`/`delete` take two positional args `<path> <user>` (a single path can protect several users), not one server-generated login — so the `add` identifier is user-supplied and not echoed back. **No `_new_password` split**: `--password` maps to `directory_password` on both `add` and `update`. `--authname` (the htaccess realm label) is optional and always sent on `add`; `update` sends only the changed `--password`/`--authname` (sparse), so an omitted password keeps the current one. KAS also accepts parallel `directory_user`/`directory_password` arrays to create several users in one call (hence the `directory_user_count_neq_passcount` fault); only the captured scalar single-user form is modelled. |

## The contract

Expand Down
Loading
Loading