feat(rbac): rbac commands in the sdk (#215)

* feat(models): Add Workspace and Organization models

Introduce new data models for Workspace and Organization in dreadnode/api/models.py. Also updates the Project model to include a 'workspace_id'.

* feat(api): Add methods for Organization and Workspace management

Introduce four new client methods: list_organizations, get_organization, list_workspaces, and get_workspace. These methods handle CRUD-like operations for the newly introduced RBAC-related models.

* feat(sdk): Integrate Organization and Workspace into Dreadnode client

Adds support for specifying default Organization and Workspace via environment variables (DREADNODE_ORGANIZATION, DREADNODE_WORKSPACE) or initialization parameters. The client now includes logic to automatically select an organization and workspace if only one exists, and raises errors for ambiguity or non-existence, enforcing the new RBAC structure.

* feat(api): Implement organization, workspace, and project resolution logic

This commit refactors the initialization logic in `Dreadnode` to automatically resolve or create the current organization, workspace, and project based on configuration or defaults.

The changes include:
* **API Client Enhancements**: Added methods for `create_workspace`, `create_project`, and updated existing `list_projects`, `get_project`, `list_workspaces`, `get_organization`, and `get_workspace` to support filters, pagination (for workspaces), and UUID identifiers.
* **RBAC Resolution**: New private methods (`_resolve_organization`, `_resolve_workspace`, `_resolve_project`, `_resolve_rbac`) handle the full resolution workflow, including default creation for workspaces and projects if they don't exist.
* **Model Updates**: Introduced `WorkspaceFilter`, and `PaginatedWorkspaces` Pydantic models.
* **RunSpan Update**: Renamed `project` attribute to `project_id` in `RunSpan` for clarity, reflecting the use of the ID in traces/spans.
* **Constants**: Added `DEFAULT_WORKSPACE_NAME` and `DEFAULT_PROJECT_NAME`.

This enables a much smoother initialization experience for users, automatically provisioning necessary resources.

* chore: updates to fix typing

* refactor(config): Improve organization, workspace, and project resolution

Introduce robust logic for resolving organization, workspace, and project from configuration, environment variables, or path strings (e.g., 'org/ws/project').

Updates include:

* Add organization/workspace to `DreadnodeConfig`.

* `ApiClient.get_workspace` now optionally accepts `org_id`.

* Project creation now uses 'org_id' in API payload.

* Add `_extract_project_components` to parse project path format.

* Centralize configuration logging with `_log_configuration`.

* Renamed `Workspace.owner_id` to `Workspace.created_by` in models.

* fix: updated regex to handle spaces

* feat(otel): Include SDK version in OTLP User-Agent

* refactor(workspace): remove automatic default workspace creation

* fix(exporter): decode User-Agent bytes and add type hints

* feat(rbac): new CLI commands for managing organizations and workspaces

* feat(rbac): Add CLI commands for organizations and workspaces

Author: briangreunke

dreadnode/api/client.py

@@ -868,6 +868,7 @@ def create_workspace(
         self,
         name: str,
         organization_id: UUID,
+        description: str | None = None,
     ) -> Workspace:
         """
         Creates a new workspace.
@@ -882,8 +883,19 @@ def create_workspace(
 
         payload = {
             "name": name,
+            "description": description,
             "org_id": str(organization_id),
         }
 
         response = self.request("POST", "/workspaces", json_data=payload)
         return Workspace(**response.json())
+
+    def delete_workspace(self, workspace_id: str | UUID) -> None:
+        """
+        Deletes a specific workspace.
+
+        Args:
+            workspace_id (str | UUID): The workspace identifier.
+        """
+
+        self.request("DELETE", f"/workspaces/{workspace_id!s}")

dreadnode/cli/main.py

@@ -25,6 +25,8 @@
 )
 from dreadnode.cli.platform import cli as platform_cli
 from dreadnode.cli.profile import cli as profile_cli
+from dreadnode.cli.rbac.organizations import cli as rbac_organizations_cli
+from dreadnode.cli.rbac.workspaces import cli as rbac_workspaces_cli
 from dreadnode.cli.study import cli as study_cli
 from dreadnode.cli.task import cli as task_cli
 from dreadnode.constants import DEBUG, PLATFORM_BASE_URL
@@ -46,6 +48,8 @@
 cli.command(eval_cli)
 cli.command(study_cli)
 cli.command(attack_cli)
+cli.command(rbac_organizations_cli)
+cli.command(rbac_workspaces_cli)
 cli.command(platform_cli)
 cli.command(profile_cli)
 

dreadnode/cli/rbac/__init__.py

@@ -0,0 +1,3 @@
+from dreadnode.cli.platform.cli import cli
+
+__all__ = ["cli"]

dreadnode/cli/rbac/organizations.py

@@ -0,0 +1,15 @@
+import cyclopts
+
+from dreadnode.cli.api import create_api_client
+from dreadnode.logging_ import print_info
+
+cli = cyclopts.App("organizations", help="View and manage organizations.", help_flags=[])
+
+
+@cli.command(name=["list", "ls", "show"])
+def show() -> None:
+    # get the client and call the list organizations endpoint
+    client = create_api_client()
+    organizations = client.list_organizations()
+    for org in organizations:
+        print_info(f"- {org.name} (ID: {org.id})")

dreadnode/cli/rbac/workspaces.py

@@ -0,0 +1,117 @@
+import cyclopts
+from click import confirm
+
+from dreadnode.api.models import Organization, Workspace, WorkspaceFilter
+from dreadnode.cli.api import create_api_client
+from dreadnode.logging_ import print_error, print_info
+
+cli = cyclopts.App("workspaces", help="View and manage workspaces.", help_flags=[])
+
+
+@cli.command(name=["list", "ls", "show"])
+def show(
+    # optional parameter of organization name or id
+    organization: str | None = None,
+) -> None:
+    # get the client and call the list workspaces endpoint
+    client = create_api_client()
+    matched_organization: Organization
+    if organization:
+        matched_organization = client.get_organization(organization)
+        if not matched_organization:
+            print_info(f"Organization '{organization}' not found.")
+            return
+    else:
+        user_organizations = client.list_organizations()
+        if len(user_organizations) == 0:
+            print_info("No organizations found.")
+            return
+        if len(user_organizations) > 1:
+            print_error(
+                "Multiple organizations found. Please specify an organization to list workspaces from."
+            )
+            return
+        matched_organization = user_organizations[0]
+
+    workspace_filter = WorkspaceFilter(org_id=matched_organization.id)
+    workspaces = client.list_workspaces(filters=workspace_filter)
+    print_info(f"Workspaces in Organization '{matched_organization.name}':")
+    for workspace in workspaces:
+        print_info(f"- {workspace.name} (ID: {workspace.id})")
+    print_info("")
+
+
+@cli.command(name=["create", "new"])
+def create(
+    name: str,
+    description: str | None = None,
+    organization: str | None = None,
+) -> None:
+    # get the client and call the create workspace endpoint
+    client = create_api_client()
+    if organization:
+        matched_organization = client.get_organization(organization)
+        if not matched_organization:
+            print_info(f"Organization '{organization}' not found.")
+            return
+    else:
+        user_organizations = client.list_organizations()
+        if len(user_organizations) == 0:
+            print_info("No organizations found. Please specify an organization.")
+            return
+        if len(user_organizations) > 1:
+            print_error(
+                "Multiple organizations found. Please specify an organization to create the workspace in."
+            )
+            return
+        matched_organization = user_organizations[0]
+        print_info(f"The workspace will be created in organization '{matched_organization.name}'")
+        # verify with the user
+        if not confirm("Do you want to continue?"):
+            print_info("Workspace creation cancelled.")
+            return
+
+    workspace: Workspace = client.create_workspace(
+        name=name, organization_id=matched_organization.id, description=description
+    )
+    print_info(f"Workspace '{workspace.name}' created inwith ID: {workspace.id}")
+
+
+@cli.command(name=["delete", "rm"])
+def delete(
+    workspace: str,
+    organization: str | None = None,
+) -> None:
+    # get the client and call the delete workspace endpoint
+    client = create_api_client()
+    if organization:
+        matched_organization = client.get_organization(organization)
+        if not matched_organization:
+            print_info(f"Organization '{organization}' not found.")
+            return
+    else:
+        user_organizations = client.list_organizations()
+        if len(user_organizations) == 0:
+            print_info("No organizations found. Please specify an organization.")
+            return
+        if len(user_organizations) > 1:
+            print_error(
+                "Multiple organizations found. Please specify an organization to delete the workspace from."
+            )
+            return
+        matched_organization = user_organizations[0]
+
+    matched_workspace = client.get_workspace(workspace, org_id=matched_organization.id)
+    if not matched_workspace:
+        print_info(f"Workspace '{workspace}' not found.")
+        return
+
+    # verify with the user
+    if not confirm(
+        f"Do you want to delete workspace '{matched_workspace.name}' from organization '{matched_organization.name}'? This will remove all associated data and access for all users."
+    ):
+        print_info("Workspace deletion cancelled.")
+        return
+
+    client.delete_workspace(matched_workspace.id)
+    print_info(f"Workspace '{matched_workspace.name}' deleted.")