@p0security/cli 0.10.0 → 0.11.0

package/dist/plugins/kubeconfig/types.d.ts

@@ -9,7 +9,7 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 import { PermissionSpec } from "../../types/request";
-export declare type K8sClusterConfig = {
+export type K8sClusterConfig = {
     label?: string;
     clusterServer: string;
     clusterCertificate: string;
@@ -25,11 +25,11 @@ export declare type K8sClusterConfig = {
     };
     state: string;
 };
-export declare type K8sConfig = {
+export type K8sConfig = {
     "iam-write": Record<string, K8sClusterConfig>;
 };
-export declare type K8sPermissionSpec = PermissionSpec<"k8s", K8sResourcePermission, K8sGenerated>;
-export declare type K8sResourcePermission = {
+export type K8sPermissionSpec = PermissionSpec<"k8s", K8sResourcePermission, K8sGenerated>;
+export type K8sResourcePermission = {
     resource: {
         name: string;
         namespace: string;
@@ -39,7 +39,7 @@ export declare type K8sResourcePermission = {
     clusterId: string;
     type: "resource";
 };
-export declare type K8sGenerated = {
+export type K8sGenerated = {
     eksGenerated: {
         name: string;
         idc?: {

package/dist/plugins/kubeconfig/types.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/plugins/kubeconfig/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/kubeconfig/types.ts"],"names":[],"mappings":""}

package/dist/plugins/login.d.ts

@@ -11,6 +11,6 @@ You should have received a copy of the GNU General Public License along with @p0
 import { TokenResponse } from "../types/oidc";
 import { OrgData } from "../types/org";
 declare const loginPlugins: readonly ["google", "okta", "ping", "oidc-pkce", "microsoft", "azure-oidc", "google-oidc", "aws-oidc"];
-export declare type LoginPluginType = (typeof loginPlugins)[number];
+export type LoginPluginType = (typeof loginPlugins)[number];
 export declare const pluginLoginMap: Record<string, (org: OrgData) => Promise<TokenResponse>>;
 export {};

package/dist/plugins/login.js

@@ -29,3 +29,4 @@ exports.pluginLoginMap = {
     ping: login_3.pingLogin,
     "oidc-pkce": (org) => __awaiter(void 0, void 0, void 0, function* () { return yield exports.pluginLoginMap[org.providerType](org); }),
 };
+//# sourceMappingURL=login.js.map

package/dist/plugins/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/plugins/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYA,0CAA6C;AAC7C,wCAAyC;AACzC,wCAAyC;AAEzC,MAAM,YAAY,GAAG;IACnB,QAAQ;IACR,MAAM;IACN,MAAM;IACN,WAAW;IACX,WAAW;IACX,YAAY;IACZ,aAAa;IACb,UAAU;CACF,CAAC;AAIE,QAAA,cAAc,GAGvB;IACF,MAAM,EAAE,mBAAW;IACnB,IAAI,EAAE,iBAAS;IACf,IAAI,EAAE,iBAAS;IACf,WAAW,EAAE,CAAO,GAAG,EAAE,EAAE,kDAAC,OAAA,MAAM,sBAAc,CAAC,GAAG,CAAC,YAAa,CAAE,CAAC,GAAG,CAAC,CAAA,GAAA;CAC1E,CAAC"}

package/dist/plugins/oidc/login.js

@@ -171,3 +171,4 @@ const oidcLogin = (steps) => __awaiter(void 0, void 0, void 0, function* () {
     return yield (0, exports.waitForActivation)(deviceAuthorizationResponse, processAuthzExpiry, buildTokenRequest(deviceAuthorizationResponse));
 });
 exports.oidcLogin = oidcLogin;
+//# sourceMappingURL=login.js.map

package/dist/plugins/oidc/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/oidc/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AACjE,+CAA6C;AAG7C,qCAAqD;AAErD,gDAAwB;AAEX,QAAA,iBAAiB,GAAG,8CAA8C,CAAC;AAEzE,MAAM,sBAAsB,GAAG,CAAC,GAAY,EAAE,EAAE;IACrD,IAAI,CAAC,GAAG,CAAC,cAAc;QAAE,MAAM,8CAA8C,CAAC;AAChF,CAAC,CAAC;AAFW,QAAA,sBAAsB,0BAEjC;AAEF,MAAM,kBAAkB,GAAG,CAAC,YAA6B,EAAE,EAAE;IAC3D,QAAQ,YAAY,EAAE;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,aAAa;YAChB,OAAO,QAAQ,CAAC;QAClB,KAAK,WAAW;YACd,OAAO,MAAM,CAAC;QAChB,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,YAAY,CAAC;QAClB,KAAK,WAAW;YACd,OAAO,UAAU,CAAC;QACpB;YACE,IAAA,uBAAgB,EAAC,YAAY,CAAC,CAAC;KAClC;IACD,MAAM,uBAAuB,CAAC;AAChC,CAAC,CAAC;AAEF,mEAAmE;AACnE,8EAA8E;AACvE,MAAM,SAAS,GAAG,CACvB,OAGC,EACD,gBAA2D,EAC3D,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;AACtC,CAAC,CAAA,CAAC;AAXW,QAAA,SAAS,aAWpB;AAEF;;;;;GAKG;AACI,MAAM,cAAc,GAAG,CAAU,OAGvC,EAAE,EAAE;IACH,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,KAAK,uBAAuB;gBAAE,OAAO,SAAS,CAAC;YAC7D,IAAI,IAAI,CAAC,KAAK,KAAK,eAAe;gBAAE,MAAM,0BAA0B,CAAC;SACtE;QACD,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;KAClC;IACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;AACtC,CAAC,CAAA,CAAC;AAfW,QAAA,cAAc,kBAezB;AAEF;;;GAGG;AACI,MAAM,iBAAiB,GAAG,CAC/B,SAAY,EACZ,qBAGC,EAAE,0FAA0F;AAC7F,YAAgD,EAChD,EAAE;IACF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,UAAU,GAAG,GAAG,EAAE;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAc,EAAI,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAA,YAAK,EAAC,QAAQ,GAAG,GAAG,CAAC,CAAC;;YACtC,OAAO,QAAQ,CAAC;KACtB;IACD,MAAM,4CAA4C,CAAC;AACrD,CAAC,CAAA,CAAC;AAhBW,QAAA,iBAAiB,qBAgB5B;AAEK,MAAM,cAAc,GAAG,CAC5B,GAAY,EACZ,KAAa,EACb,IAAgE,EAChE,EAAE;IACF,MAAM,EAAE,sBAAsB,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC;IACpD,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,EAAE;QAClC,MAAM,0KAA0K,CAAC;KAClL;IACD,MAAM,yBAAyB,GAAG,GAAG,EAAE;QACrC,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,mBAAY;gBACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;oBACd,SAAS,EAAE,GAAG,CAAC,QAAQ;oBACvB,KAAK;iBACN,CAAC;aACH;YACD,GAAG,EAAE,sBAAsB;SAC5B,CAAC;IACJ,CAAC,CAAC;IACF,MAAM,qBAAqB,GAAG,CAAC,SAA4B,EAAE,EAAE;QAC7D,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;QAE5B,OAAO;YACL,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,mBAAY;gBACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;oBACd,SAAS,EAAE,GAAG,CAAC,QAAQ;oBACvB,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,UAAU,EAAE,yBAAiB;iBAC9B,CAAC;aACH;SACF,CAAC;IACJ,CAAC,CAAC;IACF,OAAO;QACL,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,gBAAgB,EAAhB,wBAAgB;QAChB,qBAAqB,EAAE,yBAAyB;QAChD,iBAAiB,EAAE,qBAAqB;QACxC,kBAAkB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAClC,UAAU,EAAE,SAAS,CAAC,UAAU;YAChC,QAAQ,EAAE,SAAS,CAAC,QAAQ;SAC7B,CAAC;QACF,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACpC,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,yBAAyB,EAAE,SAAS,CAAC,yBAAyB;SAC/D,CAAC;KACkC,CAAC;AACzC,CAAC,CAAC;AArDW,QAAA,cAAc,kBAqDzB;AAEF,+CAA+C;AACxC,MAAM,SAAS,GAAG,CAAa,KAAwB,EAAE,EAAE;IAChE,MAAM,EACJ,YAAY,EACZ,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,GACjB,GAAG,KAAK,CAAC;IACV,MAAM,2BAA2B,GAAG,MAAM,IAAA,iBAAS,EACjD,qBAAqB,EAAE,EACvB,gBAAgB,CACjB,CAAC;IACF,MAAM,EAAE,SAAS,EAAE,yBAAyB,EAAE,GAAG,oBAAoB,CACnE,2BAA2B,CAC5B,CAAC;IACF,IAAA,cAAM,EAAC;;kCAEyB,kBAAkB,CAAC,YAAY,CAAC;;QAE1D,SAAS;;;KAGZ,CAAC,CAAC;IACL,KAAK,IAAA,cAAI,EAAC,yBAAyB,CAAC,CAAC;IACrC,OAAO,MAAM,IAAA,yBAAiB,EAC5B,2BAA2B,EAC3B,kBAAkB,EAClB,iBAAiB,CAAC,2BAA2B,CAAC,CAC/C,CAAC;AACJ,CAAC,CAAA,CAAC;AA9BW,QAAA,SAAS,aA8BpB"}

package/dist/plugins/okta/aws.js

@@ -40,3 +40,4 @@ const assumeRoleWithOktaSaml = (authn, args) => __awaiter(void 0, void 0, void 0
     }), { duration: 3600e3 });
 });
 exports.assumeRoleWithOktaSaml = assumeRoleWithOktaSaml;
+//# sourceMappingURL=aws.js.map

package/dist/plugins/okta/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,kDAAsE;AACtE,6CAA4C;AAE5C,kDAAuD;AAEhD,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,mBAAY,EAC1D,KAAK,EACL,IAAI,CAAC,SAAS,CACf,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,yCAAyC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACzF,OAAO,MAAM,IAAA,+BAAkB,EAAC;YAC9B,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE;gBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;gBACpD,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAC;IACL,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAxBS,QAAA,sBAAsB,0BAwB/B"}

package/dist/plugins/okta/login.js

@@ -89,3 +89,4 @@ const getSamlResponse = (identity, config) => __awaiter(void 0, void 0, void 0,
     return samlResponse;
 });
 exports.getSamlResponse = getSamlResponse;
+//# sourceMappingURL=login.js.map

package/dist/plugins/okta/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AAKjE,yCAIuB;AACvB,iCAA8B;AAC9B,mCAA8B;AAE9B,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,aAAa,GAAG,2CAA2C,CAAC;AAClE,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAC9E,MAAM,kBAAkB,GAAG,yCAAyC,CAAC;AAErE,iEAAiE;AACjE,MAAM,gBAAgB,GAAG,CACvB,KAAa,EACb,EAAE,GAAG,EAAE,UAAU,EAAY,EAC7B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;YACd,QAAQ,EAAE,iBAAiB,KAAK,EAAE;YAClC,SAAS,EAAE,GAAG,CAAC,QAAQ;YACvB,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,gBAAgB,EAAE,iBAAiB;YACnC,aAAa,EAAE,UAAU,CAAC,QAAQ;YAClC,kBAAkB,EAAE,aAAa;YACjC,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,kBAAkB;SACzC,CAAC;KACH,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,SAAS,GAAG,CAAC,cAAc,kBAAkB,EAC7C,IAAI,CACL,CAAC;IACF,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC,CAAA,CAAC;AAEF,4CAA4C;AAC5C,MAAM,iBAAiB,GAAG,CACxB,GAAY,EACZ,EAAE,YAAY,EAAiB,EAC/B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAA,aAAI,EAAC,mBAAY,EAAE,cAAc,CAAC;KAC5C,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,WACV,GAAG,CAAC,cACN,0BAA0B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;IAC7D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,aAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CACjD,4BAA4B,CAC7B,CAAC;IACF,OAAQ,SAA0C,aAA1C,SAAS,uBAAT,SAAS,CAAmC,KAAK,CAAC;AAC5D,CAAC,CAAA,CAAC;AAEF,+BAA+B;AACxB,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,oCAAoC,EAAE,GAAG,EAAE;QAC7D,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,EAAE;YAC/B,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,6BAA6B;YAClF,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,kBAAkB;SAC1D,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB;AAEJ,gDAAgD;AAChD,wBAAwB;AACjB,MAAM,eAAe,GAAG,CAC7B,QAAkB,EAClB,MAAyB,EACzB,EAAE;IACF,MAAM,gBAAgB,GAAG,MAAM,gBAAgB,CAC7C,MAAM,CAAC,QAAQ,CAAC,KAAK,EACrB,QAAQ,CACT,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC7E,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,uCAAuC,CAAC;KAC/C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAbW,QAAA,eAAe,mBAa1B"}

package/dist/plugins/ping/login.js

@@ -24,3 +24,4 @@ const pingLogin = (org) => __awaiter(void 0, void 0, void 0, function* () {
     }));
 });
 exports.pingLogin = pingLogin;
+//# sourceMappingURL=login.js.map

package/dist/plugins/ping/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/ping/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYA,yCAA0D;AAE1D,kCAAkC;AAC3B,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;QAC/C,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,EAAE;YACjE,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,0BAA0B;YACpG,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,aAAa,WAAW;SACxE,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB"}

package/dist/plugins/ssh/index.js

@@ -23,7 +23,7 @@ You should have received a copy of the GNU General Public License along with @p0
 const ssh_1 = require("../../commands/shared/ssh");
 const keys_1 = require("../../common/keys");
 const stdio_1 = require("../../drivers/stdio");
-const ssh_agent_1 = require("../ssh-agent");
+const util_1 = require("../../util");
 const node_child_process_1 = require("node:child_process");
 /** Matches the error message that AWS SSM print1 when access is not propagated */
 // Note that the resource will randomly be either the SSM document or the EC2 instance
@@ -46,6 +46,7 @@ const SUDO_MESSAGE = /Sorry, user .+ may not run sudo on .+/; // The output of `
  *  in the process's stderr
  */
 const DEFAULT_VALIDATION_WINDOW_MS = 5e3;
+const RETRY_DELAY_MS = 1000;
 /**
  * AWS
  * There are 2 cases of unprovisioned access in AWS
@@ -157,7 +158,8 @@ function spawnSshNode(options) {
                         reject(`Access did not propagate through ${provider.friendlyName} before max retry attempts were exceeded. Please contact support@p0.dev for assistance.`);
                         return;
                     }
-                    spawnSshNode(Object.assign(Object.assign({}, options), { attemptsRemaining: attemptsRemaining - 1 }))
+                    (0, util_1.delay)(RETRY_DELAY_MS)
+                        .then(() => spawnSshNode(Object.assign(Object.assign({}, options), { attemptsRemaining: attemptsRemaining - 1 })))
                         .then((code) => resolve(code))
                         .catch(reject);
                     return;
@@ -175,23 +177,13 @@ function spawnSshNode(options) {
     });
 }
 const createCommand = (data, args, proxyCommand) => {
-    const commonArgs = [
-        ...(args.debug ? ["-v"] : []),
-        "-o",
-        `ProxyCommand=${proxyCommand.join(" ")}`,
-    ];
+    addCommonArgs(args, proxyCommand);
     if ("source" in args) {
+        addScpArgs(args);
         return {
             command: "scp",
             args: [
-                ...commonArgs,
-                // if a response is not received after three 5 minute attempts,
-                // the connection will be closed.
-                "-o",
-                "ServerAliveCountMax=3",
-                `-o`,
-                "ServerAliveInterval=300",
-                ...(args.recursive ? ["-r"] : []),
+                ...(args.sshOptions ? args.sshOptions : []),
                 args.source,
                 args.destination,
             ],
@@ -200,12 +192,7 @@ const createCommand = (data, args, proxyCommand) => {
     return {
         command: "ssh",
         args: [
-            ...commonArgs,
-            ...(args.A ? ["-A"] : []),
-            ...(args.L ? ["-L", args.L] : []),
-            ...(args.R ? ["-R", args.R] : []),
-            ...(args.N ? ["-N"] : []),
-            ...(args.o ? ["-o", args.o] : []),
+            ...(args.sshOptions ? args.sshOptions : []),
             `${data.linuxUserName}@${data.id}`,
             ...(args.command ? [args.command] : []),
             ...args.arguments.map((argument) => 
@@ -215,6 +202,53 @@ const createCommand = (data, args, proxyCommand) => {
         ],
     };
 };
+/** Add common args used by both SSH & SCP to args.sshOptions.
+ *
+ * These common args are only added if they have not been explicitly specified by the end user.
+ */
+const addCommonArgs = (args, proxyCommand) => {
+    const sshOptions = args.sshOptions ? args.sshOptions : [];
+    const identityFileOptionExists = sshOptions.some((opt, idx) => {
+        var _a;
+        return (opt === "-i" && sshOptions[idx + 1]) ||
+            (opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("IdentityFile")));
+    });
+    const identitiesOnlyOptionExists = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("IdentitiesOnly")); });
+    // Explicitly specify which private key to use to avoid "Too many authentication failures"
+    // error caused by SSH trying every available key
+    if (!identityFileOptionExists) {
+        sshOptions.push("-i", keys_1.PRIVATE_KEY_PATH);
+        // Only use the authentication identity specified by -i above
+        if (!identitiesOnlyOptionExists) {
+            sshOptions.push("-o", "IdentitiesOnly=yes");
+        }
+    }
+    const proxyCommandExists = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ProxyCommand")); });
+    if (!proxyCommandExists) {
+        sshOptions.push("-o", `ProxyCommand=${proxyCommand.join(" ")}`);
+    }
+    const verboseOptionExists = sshOptions.some((opt) => opt === "-v");
+    if (!verboseOptionExists) {
+        sshOptions.push("-v");
+    }
+};
+const addScpArgs = (args) => {
+    const sshOptions = args.sshOptions ? args.sshOptions : [];
+    // if a response is not received after three 5 minute attempts,
+    // the connection will be closed.
+    const serverAliveCountMaxOptionExists = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ServerAliveCountMax")); });
+    if (!serverAliveCountMaxOptionExists) {
+        sshOptions.push("-o", "ServerAliveCountMax=3");
+    }
+    const serverAliveIntervalOptionExists = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ServerAliveInterval")); });
+    if (!serverAliveIntervalOptionExists) {
+        sshOptions.push("-o", "ServerAliveInterval=300");
+    }
+    const recursiveOptionExists = sshOptions.some((opt) => opt === "-r");
+    if (!recursiveOptionExists) {
+        sshOptions.push("-r");
+    }
+};
 /** Converts arguments for manual execution - arguments may have to be quoted or certain characters escaped when executing the commands from a shell */
 const transformForShell = (args) => {
     return args.map((arg) => {
@@ -255,34 +289,31 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
     }
     const credential = yield sshProvider.cloudProviderLogin(authn, request);
     const proxyCommand = sshProvider.proxyCommand(request);
-    return (0, ssh_agent_1.withSshAgent)(cmdArgs, () => __awaiter(void 0, void 0, void 0, function* () {
-        const { command, args } = createCommand(request, cmdArgs, proxyCommand);
-        if (cmdArgs.debug) {
-            const reproCommands = sshProvider.reproCommands(request);
-            if (reproCommands) {
-                const repro = [
-                    `eval $(ssh-agent)`,
-                    `ssh-add "${keys_1.PRIVATE_KEY_PATH}"`,
-                    ...reproCommands,
-                    `${command} ${transformForShell(args).join(" ")}`,
-                ].join("\n");
-                (0, stdio_1.print2)(`Execute the following commands to create a similar SSH/SCP session:\n*** COMMANDS BEGIN ***\n${repro}\n*** COMMANDS END ***"\n`);
-            }
-        }
-        const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential);
-        if (exitCode && exitCode !== 0) {
-            return exitCode; // Only exit if there was an error when pre-testing
+    const { command, args: commandArgs } = createCommand(request, cmdArgs, proxyCommand);
+    if (cmdArgs.debug) {
+        const reproCommands = sshProvider.reproCommands(request);
+        if (reproCommands) {
+            const repro = [
+                ...reproCommands,
+                `${command} ${transformForShell(commandArgs).join(" ")}`,
+            ].join("\n");
+            (0, stdio_1.print2)(`Execute the following commands to create a similar SSH/SCP session:\n*** COMMANDS BEGIN ***\n${repro}\n*** COMMANDS END ***"\n`);
         }
-        return spawnSshNode({
-            credential,
-            abortController: new AbortController(),
-            command,
-            args,
-            stdio: ["inherit", "inherit", "pipe"],
-            debug: cmdArgs.debug,
-            provider: request.type,
-            attemptsRemaining: sshProvider.maxRetries,
-        });
-    }));
+    }
+    const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential);
+    if (exitCode && exitCode !== 0) {
+        return exitCode; // Only exit if there was an error when pre-testing
+    }
+    return spawnSshNode({
+        credential,
+        abortController: new AbortController(),
+        command,
+        args: commandArgs,
+        stdio: ["inherit", "inherit", "pipe"],
+        debug: cmdArgs.debug,
+        provider: request.type,
+        attemptsRemaining: sshProvider.maxRetries,
+    });
 });
 exports.sshOrScp = sshOrScp;
+//# sourceMappingURL=index.js.map

package/dist/plugins/ssh/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B,kFAAkF;AAClF,sFAAsF;AACtF,MAAM,kCAAkC,GACtC,0RAA0R,CAAC;AAC7R;;;;;;GAMG;AACH,MAAM,yBAAyB,GAC7B,kEAAkE,CAAC;AACrE,MAAM,yBAAyB,GAAG,iCAAiC,CAAC;AACpE,MAAM,gCAAgC,GACpC,mDAAmD,CAAC;AACtD,MAAM,kCAAkC,GACtC,+CAA+C,CAAC;AAClD,MAAM,sBAAsB,GAC1B,4DAA4D,CAAC;AAC/D,MAAM,oBAAoB,GACxB,sDAAsD,CAAC;AACzD,MAAM,YAAY,GAAG,uCAAuC,CAAC,CAAC,mEAAmE;AAEjI;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,6BAA6B,GAAG;IACpC,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC/C,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,YAAY,EAAE;IACzB,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAC7C,EAAE,OAAO,EAAE,kCAAkC,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACzE,EAAE,OAAO,EAAE,sBAAsB,EAAE;CACpC,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,KAAgD,EAChD,KAAe,EACf,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,sBAAsB,GAAG,KAAK,CAAC;IACnC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC;QAE/B,MAAM,KAAK,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC3D,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IACE,KAAK;YACL,IAAI,CAAC,GAAG,EAAE;gBACR,WAAW,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,4BAA4B,CAAC,EAC1E;YACA,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACjE,sBAAsB,GAAG,sBAAsB,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC,yBAAyB;QAChG,IAAI,sBAAsB,EAAE;YAC1B,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,sBAAsB,EAAE,GAAG,EAAE,CAAC,sBAAsB;KACrD,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL;;;GAGG;AAEH,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;YACpD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,IAAA,cAAM,EACJ,oCAAoC,MAAM,wCAAwC,iBAAiB,GAAG,CACvG,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,GAClD,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAE/C,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,iBAAiB,IAAI,CAAC,EAAE;wBAC1B,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yFAAyF,CACnJ,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CACT,YAAY,iCACP,OAAO,KACV,iBAAiB,EAAE,iBAAiB,GAAG,CAAC,IACxC,CACH;yBACA,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBAEjB,OAAO;iBACR;qBAAM,IAAI,sBAAsB,EAAE,EAAE;oBACnC,MAAM,CAAC,2DAA2D,CAAC,CAAC;oBACpE,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAElC,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CAAC,IAAiB,EAAE,YAAsB,EAAE,EAAE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAgB,CAAC,CAAC;QACxC,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KACjE;IAED,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;YACzC,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAElE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,CACX,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;KAC1C,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA1DW,QAAA,QAAQ,YA0DnB"}

package/dist/plugins/ssh/types.d.ts

@@ -8,14 +8,14 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-declare type SshItemConfig = {
+type SshItemConfig = {
     label?: string;
     state: string;
 };
-export declare type SshConfig = {
+export type SshConfig = {
     "iam-write": Record<string, SshItemConfig>;
 };
-export declare type CommonSshPermissionSpec = {
+export type CommonSshPermissionSpec = {
     publicKey: string;
     sudo?: boolean;
 };

package/dist/plugins/ssh/types.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/plugins/ssh/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/ssh/types.ts"],"names":[],"mappings":""}

package/dist/testing/firestore.js

@@ -14,3 +14,4 @@ You should have received a copy of the GNU General Public License along with @p0
 const firestore_1 = require("firebase/firestore");
 const mockGetDoc = (data) => firestore_1.getDoc.mockResolvedValue({ data: () => data });
 exports.mockGetDoc = mockGetDoc;
+//# sourceMappingURL=firestore.js.map

package/dist/testing/firestore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"firestore.js","sourceRoot":"","sources":["../../src/testing/firestore.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,kDAA4C;AAErC,MAAM,UAAU,GAAG,CAAC,IAAS,EAAE,EAAE,CACrC,kBAAoB,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;AADnD,QAAA,UAAU,cACyC"}

package/dist/testing/yargs.js

@@ -21,3 +21,4 @@ const failure = (spec, command) => __awaiter(void 0, void 0, void 0, function* (
     return error;
 });
 exports.failure = failure;
+//# sourceMappingURL=yargs.js.map

package/dist/testing/yargs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yargs.js","sourceRoot":"","sources":["../../src/testing/yargs.ts"],"names":[],"mappings":";;;;;;;;;;;;AAYO,MAAM,OAAO,GAAG,CAAO,IAAgB,EAAE,OAAe,EAAE,EAAE;IACjE,IAAI,KAAU,CAAC;IACf,IAAI;QACF,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;KAC3D;IAAC,OAAO,MAAW,EAAE;QACpB,KAAK,GAAG,MAAM,CAAC;KAChB;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AARW,QAAA,OAAO,WAQlB"}

package/dist/types/allow.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AllowResponse = {
+export type AllowResponse = {
     ok: true;
     message: string;
 };

package/dist/types/allow.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=allow.js.map

package/dist/types/allow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allow.js","sourceRoot":"","sources":["../../src/types/allow.ts"],"names":[],"mappings":""}

package/dist/types/aws/oidc.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AWSClientInformation = {
+export type AWSClientInformation = {
     authorizationEndpoint: string;
     clientId: string;
     clientIdIssuedAt: number;
@@ -19,14 +19,14 @@ export declare type AWSClientInformation = {
 /**
  * AWS OIDC token response uses camelCase instead of snake_case
  */
-export declare type AWSTokenResponse = {
+export type AWSTokenResponse = {
     accessToken: string;
     expiresIn: number;
     idToken: string;
     refreshToken: string;
     tokenType: string;
 };
-export declare type AWSAuthorizeResponse = {
+export type AWSAuthorizeResponse = {
     deviceCode: string;
     expiresIn: number;
     interval: number;

package/dist/types/aws/oidc.js

@@ -10,3 +10,4 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=oidc.js.map

package/dist/types/aws/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../../src/types/aws/oidc.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/dist/types/identity.d.ts

@@ -11,13 +11,13 @@ You should have received a copy of the GNU General Public License along with @p0
 import { TokenResponse } from "./oidc";
 import { OrgData } from "./org";
 import { UserCredential } from "firebase/auth";
-export declare type Identity = {
+export type Identity = {
     credential: TokenResponse & {
         expires_at: number;
     };
     org: OrgData;
 };
-export declare type Authn = {
+export type Authn = {
     identity: Identity;
     userCredential: UserCredential;
 };

package/dist/types/identity.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=identity.js.map

package/dist/types/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/types/identity.ts"],"names":[],"mappings":""}

package/dist/types/index.js

@@ -13,3 +13,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.isa = void 0;
 const isa = (values) => (item) => values.includes(item);
 exports.isa = isa;
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEI,MAAM,GAAG,GACd,CAAI,MAAoB,EAAE,EAAE,CAC5B,CAAC,IAAS,EAAa,EAAE,CACvB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAHb,QAAA,GAAG,OAGU"}

package/dist/types/oidc.d.ts

@@ -9,7 +9,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-export declare type AuthorizeRequest = {
+export type AuthorizeRequest = {
     client_id: string;
     code_challenge: string;
     code_challenge_method: "plain" | "S256";
@@ -19,7 +19,7 @@ export declare type AuthorizeRequest = {
     state?: string;
     login_hint?: string;
 };
-export declare type AuthorizeResponse = {
+export type AuthorizeResponse = {
     device_code: string;
     user_code: string;
     verification_uri: string;
@@ -27,7 +27,7 @@ export declare type AuthorizeResponse = {
     expires_in: number;
     interval: number;
 };
-export declare type TokenResponse = {
+export type TokenResponse = {
     access_token: string;
     id_token: string;
     token_type: string;
@@ -37,10 +37,10 @@ export declare type TokenResponse = {
     device_secret: string;
     expiry: string;
 };
-export declare type TokenErrorResponse = {
+export type TokenErrorResponse = {
     error: "access_denied" | "authorization_pending" | "bad grant type" | "expired_token" | "missing parameter" | "not found" | "slow_down";
 };
-export declare type OidcLoginSteps<A> = {
+export type OidcLoginSteps<A> = {
     providerType: LoginPluginType;
     validateResponse: (response: Response) => Promise<Response>;
     buildAuthorizeRequest: () => {

package/dist/types/oidc.js

@@ -1,2 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=oidc.js.map

package/dist/types/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/types/oidc.ts"],"names":[],"mappings":""}

package/dist/types/org.d.ts

@@ -8,7 +8,7 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-declare type BaseOrgData = {
+type BaseOrgData = {
     clientId: string;
     providerId: string;
     providerDomain?: string;
@@ -16,13 +16,13 @@ declare type BaseOrgData = {
     tenantId: string;
 };
 /** Publicly readable organization data */
-export declare type RawOrgData = BaseOrgData & ({
+export type RawOrgData = BaseOrgData & ({
     providerType?: "okta";
 } | {
     providerType?: "ping";
     environmentId: string;
 });
-export declare type OrgData = RawOrgData & {
+export type OrgData = RawOrgData & {
     slug: string;
 };
 export {};

package/dist/types/org.js

@@ -10,3 +10,4 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=org.js.map

package/dist/types/org.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"org.js","sourceRoot":"","sources":["../../src/types/org.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/dist/types/request.d.ts

@@ -13,19 +13,19 @@ import { PluginSshRequest } from "./ssh";
 export declare const DONE_STATUSES: readonly ["DONE", "DONE_NOTIFIED"];
 export declare const DENIED_STATUSES: readonly ["DENIED", "DENIED_NOTIFIED"];
 export declare const ERROR_STATUSES: readonly ["ERRORED", "ERRORED", "ERRORED_NOTIFIED"];
-export declare type PermissionSpec<K extends string, P extends {
+export type PermissionSpec<K extends string, P extends {
     type: string;
 }, G extends object | undefined = undefined> = {
     type: K;
     permission: P;
     generated: G;
 };
-export declare type PluginRequest = K8sPermissionSpec | PluginSshRequest;
-export declare type Request<P extends PluginRequest> = P & {
+export type PluginRequest = K8sPermissionSpec | PluginSshRequest;
+export type Request<P extends PluginRequest> = P & {
     status: string;
     principal: string;
 };
-export declare type RequestResponse<T> = {
+export type RequestResponse<T> = {
     ok: true;
     message: string;
     id: string;

package/dist/types/request.js

@@ -8,3 +8,4 @@ exports.ERROR_STATUSES = [
     "ERRORED",
     "ERRORED_NOTIFIED",
 ];
+//# sourceMappingURL=request.js.map

package/dist/types/request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../src/types/request.ts"],"names":[],"mappings":";;;AAaa,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}

package/dist/types/ssh.d.ts

@@ -13,14 +13,14 @@ import { AwsSsh, AwsSshPermissionSpec, AwsSshRequest } from "../plugins/aws/type
 import { GcpSsh, GcpSshPermissionSpec, GcpSshRequest } from "../plugins/google/types";
 import { Authn } from "./identity";
 import { Request } from "./request";
-export declare type CliSshRequest = AwsSsh | GcpSsh;
-export declare type PluginSshRequest = AwsSshPermissionSpec | GcpSshPermissionSpec;
-export declare type CliPermissionSpec<P extends PluginSshRequest, C extends object | undefined> = P & {
+export type CliSshRequest = AwsSsh | GcpSsh;
+export type PluginSshRequest = AwsSshPermissionSpec | GcpSshPermissionSpec;
+export type CliPermissionSpec<P extends PluginSshRequest, C extends object | undefined> = P & {
     cliLocalData: C;
 };
 export declare const SupportedSshProviders: readonly ["aws", "gcloud"];
-export declare type SupportedSshProvider = (typeof SupportedSshProviders)[number];
-export declare type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
+export type SupportedSshProvider = (typeof SupportedSshProviders)[number];
+export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
     requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
     /** Converts a backend request to a CLI request */
     toCliRequest: (request: Request<PR>, options?: {
@@ -45,4 +45,4 @@ export declare type SshProvider<PR extends PluginSshRequest = PluginSshRequest,
     maxRetries: number;
     friendlyName: string;
 };
-export declare type SshRequest = AwsSshRequest | GcpSshRequest;
+export type SshRequest = AwsSshRequest | GcpSshRequest;

package/dist/types/ssh.js

@@ -3,3 +3,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SupportedSshProviders = void 0;
 // The prefix of installed SSH accounts in P0 is the provider name
 exports.SupportedSshProviders = ["aws", "gcloud"];
+//# sourceMappingURL=ssh.js.map

package/dist/types/ssh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/types/ssh.ts"],"names":[],"mappings":";;;AAkCA,kEAAkE;AACrD,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAU,CAAC"}