@p0security/cli 0.11.1 → 0.11.3

package/dist/plugins/kubeconfig/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA4D;AAC5D,2DAAwD;AACxD,uDAA8C;AAC9C,+CAA6C;AAG7C,qCAAyC;AACzC,0CAA6C;AAC7C,oCAA+C;AAE/C,qCAAqD;AAErD,kDAA4C;AAC5C,mCAA8B;AAGvB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EAQhB,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,kBAAM,EAC5B,IAAA,eAAG,EAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACzD,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,EAAE,0CAAG,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC5D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK,EAAE;QAClE,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IAExE,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE;QACnC,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,2EAA2E,CAC5E,CAAC;KACH;IAED,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACtE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,kJAAkJ,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE;YACb,SAAS;YACT,YAAY;YACZ,aAAa;SACd;QACD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AAnDW,QAAA,4BAA4B,gCAmDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACyB,EAAE;IACvC,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAElC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,WAAW;YACX,SAAS;YACT,QAAQ;YACR,IAAI;YACJ,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,iBAAiB;gBACxB,CAAC,CAAC,CAAC,sBAAsB,EAAE,IAAI,CAAC,iBAAiB,CAAC;gBAClD,CAAC,CAAC,EAAE,CAAC;SACR,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IACD,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IACvC,IAAI,CAAC,aAAa,EAAE;QAClB,IAAA,cAAM,EACJ,qEAAqE,CACtE,CAAC;KACH;IAED,OAAO,MAAM,IAAA,4BAAmB,EAAoB,KAAK,EAAE,EAAE,CAAC,CAAC;AACjE,CAAC,CAAA,CAAC;AAvCW,QAAA,sBAAsB,0BAuCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,qBAAqB,aAAa,EAAE,CAAC;AAD1B,QAAA,WAAW,eACe;AAEhC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,YAAoB,EACpB,SAAuB,EACvB,SAA8B,EACL,EAAE;IAC3B,MAAM,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC;IACnC,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC;IAEnC,QAAQ,SAAS,EAAE;QACjB,KAAK,KAAK;YACR,IAAI,CAAC,GAAG,EAAE;gBACR,MAAM,+FAA+F,CAAC;aACvG;YAED,OAAO,MAAM,IAAA,uBAAiB,EAAC;gBAC7B,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,IAAI;gBACnB,GAAG;aACJ,CAAC,CAAC;QACL,KAAK,WAAW;YACd,OAAO,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE;gBACzC,SAAS,EAAE,YAAY;gBACvB,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;QACL;YACE,MAAM,IAAA,kBAAW,EAAC,SAAS,CAAC,CAAC;KAChC;AACH,CAAC,CAAA,CAAC;AA5BW,QAAA,YAAY,gBA4BvB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA4D;AAC5D,2DAAwD;AACxD,uDAA8C;AAC9C,+CAAgD;AAGhD,qCAAyC;AACzC,0CAA6C;AAC7C,oCAA+C;AAE/C,wCAAwC;AACxC,qCAAqD;AAErD,kDAA4C;AAC5C,mCAA8B;AAGvB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EAQhB,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,kBAAM,EAC5B,IAAA,eAAG,EAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACzD,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,MAAA,SAAS,CAAC,IAAI,EAAE,0CAAG,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC5D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAChC,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;QAC1B,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,2EAA2E,CAC5E,CAAC;KACH;IAED,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAA,gBAAQ,EAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACtE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,kJAAkJ,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE;YACb,SAAS;YACT,YAAY;YACZ,aAAa;SACd;QACD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AApDW,QAAA,4BAA4B,gCAoDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACyB,EAAE;IACvC,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAElC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,WAAW;YACX,SAAS;YACT,QAAQ;YACR,IAAI;YACJ,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,iBAAiB;gBACxB,CAAC,CAAC,CAAC,sBAAsB,EAAE,IAAI,CAAC,iBAAiB,CAAC;gBAClD,CAAC,CAAC,EAAE,CAAC;SACR,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC;IAExB,OAAO,MAAM,IAAA,iBAAS,EACpB,qEAAqE,EACrE,IAAA,4BAAmB,EAAoB,KAAK,EAAE,EAAE,CAAC,CAClD,CAAC;AACJ,CAAC,CAAA,CAAC;AArCW,QAAA,sBAAsB,0BAqCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,qBAAqB,aAAa,EAAE,CAAC;AAD1B,QAAA,WAAW,eACe;AAEhC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,YAAoB,EACpB,OAAmC,EACnC,SAA8B,EACL,EAAE;;IAC3B,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAC1C,MAAM,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC;IACnC,MAAM,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;IAE9B,QAAQ,SAAS,EAAE;QACjB,KAAK,KAAK,CAAC,CAAC;YACV,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAA,UAAU,CAAC,qBAAqB,mCAAI,EAAE,CAAC;YAEpE,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE;gBACxB,MAAM,+FAA+F,CAAC;aACvG;YAED,OAAO,MAAM,IAAA,uBAAiB,EAAC;gBAC7B,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,IAAI;gBACnB,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,KAAK,WAAW;YACd,OAAO,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE;gBACzC,SAAS,EAAE,YAAY;gBACvB,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;QACL;YACE,MAAM,IAAA,kBAAW,EAAC,SAAS,CAAC,CAAC;KAChC;AACH,CAAC,CAAA,CAAC;AAhCW,QAAA,YAAY,gBAgCvB"}

package/dist/plugins/kubeconfig/types.d.ts

@@ -16,12 +16,13 @@ export type K8sClusterConfig = {
     isProxy: boolean;
     token: string;
     publicJwk?: string;
-    provider: {
+    hosting: {
         type: "aws";
-        clusterArn: string;
-        accountId: string;
+        arn: string;
     } | {
-        type: "email";
+        type: "azure";
+    } | {
+        type: "gcp";
     };
     state: string;
 };
@@ -38,14 +39,14 @@ export type K8sResourcePermission = {
     role: string;
     clusterId: string;
     type: "resource";
+    awsResourcePermission?: {
+        idcRegion?: string;
+        idcId?: string;
+    };
 };
 export type K8sGenerated = {
     eksGenerated: {
         name: string;
-        idc?: {
-            id: string;
-            region: string;
-        };
     };
     role: string;
 };

package/dist/plugins/ssh/index.js

@@ -25,65 +25,11 @@ const keys_1 = require("../../common/keys");
 const stdio_1 = require("../../drivers/stdio");
 const util_1 = require("../../util");
 const node_child_process_1 = require("node:child_process");
-/** Matches the error message that AWS SSM print1 when access is not propagated */
-// Note that the resource will randomly be either the SSM document or the EC2 instance
-const UNAUTHORIZED_START_SESSION_MESSAGE = /An error occurred \(AccessDeniedException\) when calling the StartSession operation: User: arn:aws:sts::.*:assumed-role\/P0GrantsRole.* is not authorized to perform: ssm:StartSession on resource: arn:aws:.*:.*:.* because no identity-based policy allows the ssm:StartSession action/;
-/**
- * Matches the following error messages that AWS SSM print1 when ssh authorized
- * key access hasn't propagated to the instance yet.
- * - Connection closed by UNKNOWN port 65535
- * - scp: Connection closed
- * - kex_exchange_identification: Connection closed by remote host
- */
-const CONNECTION_CLOSED_MESSAGE = /\bConnection closed\b.*\b(?:by UNKNOWN port \d+|by remote host)?/;
-const PUBLIC_KEY_DENIED_MESSAGE = /Permission denied \(publickey\)/;
-const UNAUTHORIZED_TUNNEL_USER_MESSAGE = /Error while connecting \[4033: 'not authorized'\]/;
-const UNAUTHORIZED_INSTANCES_GET_MESSAGE = /Required 'compute\.instances\.get' permission/;
-const DESTINATION_READ_ERROR = /Error while connecting \[4010: 'destination read failed'\]/;
-const GOOGLE_LOGIN_MESSAGE = /You do not currently have an active account selected/;
-const SUDO_MESSAGE = /Sorry, user .+ may not run sudo on .+/; // The output of `sudo -v` when the user is not allowed to run sudo
 /** Maximum amount of time after SSH subprocess starts to check for {@link UNPROVISIONED_ACCESS_MESSAGES}
  *  in the process's stderr
  */
 const DEFAULT_VALIDATION_WINDOW_MS = 5e3;
-const RETRY_DELAY_MS = 1000;
-/**
- * AWS
- * There are 2 cases of unprovisioned access in AWS
- * 1. SSM:StartSession action is missing either on the SSM document (AWS-StartSSHSession) or the EC2 instance
- * 2. Temporary error when issuing an SCP command
- *
- * 1: results in UNAUTHORIZED_START_SESSION_MESSAGE
- * 2: results in CONNECTION_CLOSED_MESSAGE
- *
- * Google Cloud
- * There are 7 cases of unprovisioned access in Google Cloud.
- * These are all potentially subject to propagation delays.
- * 1. The linux user name is not present in the user's Google Workspace profile `posixAccounts` attribute
- * 2. The public key is not present in the user's Google Workspace profile `sshPublicKeys` attribute
- * 3. The user cannot act as the service account of the compute instance
- * 4. The user cannot tunnel through the IAP tunnel to the instance
- * 5. The user doesn't have osLogin or osAdminLogin role to the instance
- * 5.a. compute.instances.get permission is missing
- * 5.b. compute.instances.osLogin permission is missing
- * 6. compute.instances.osAdminLogin is not provisioned but compute.instances.osLogin is - happens when a user upgrades existing access to sudo
- * 7: Rare occurrence, the exact conditions so far undetermined (together with CONNECTION_CLOSED_MESSAGE)
- *
- * 1, 2, 3 (yes!), 5b: result in PUBLIC_KEY_DENIED_MESSAGE
- * 4: results in UNAUTHORIZED_TUNNEL_USER_MESSAGE and also CONNECTION_CLOSED_MESSAGE
- * 5a: results in UNAUTHORIZED_INSTANCES_GET_MESSAGE
- * 6: results in SUDO_MESSAGE
- * 7: results in DESTINATION_READ_ERROR and also CONNECTION_CLOSED_MESSAGE
- */
-const UNPROVISIONED_ACCESS_MESSAGES = [
-    { pattern: UNAUTHORIZED_START_SESSION_MESSAGE },
-    { pattern: CONNECTION_CLOSED_MESSAGE },
-    { pattern: PUBLIC_KEY_DENIED_MESSAGE },
-    { pattern: SUDO_MESSAGE },
-    { pattern: UNAUTHORIZED_TUNNEL_USER_MESSAGE },
-    { pattern: UNAUTHORIZED_INSTANCES_GET_MESSAGE, validationWindowMs: 30e3 },
-    { pattern: DESTINATION_READ_ERROR },
-];
+const RETRY_DELAY_MS = 5000;
 /** Checks if access has propagated through AWS to the SSM agent
  *
  * AWS takes about 8 minutes, GCP takes under 1 minute
@@ -100,75 +46,96 @@ const UNPROVISIONED_ACCESS_MESSAGES = [
  * This works because AWS SSM wraps the session in a single-stream pty, so we
  * do not capture stderr emitted from the wrapped shell session.
  */
-const accessPropagationGuard = (child, debug) => {
+const accessPropagationGuard = (provider, child, options) => {
     let isEphemeralAccessDeniedException = false;
-    let isGoogleLoginException = false;
-    const beforeStart = Date.now();
+    let isLoginException = false;
     child.stderr.on("data", (chunk) => {
         const chunkString = chunk.toString("utf-8");
-        if (debug)
-            (0, stdio_1.print2)(chunkString);
-        const match = UNPROVISIONED_ACCESS_MESSAGES.find((message) => chunkString.match(message.pattern));
-        if (match &&
-            Date.now() <=
-                beforeStart + (match.validationWindowMs || DEFAULT_VALIDATION_WINDOW_MS)) {
+        parseAndPrintSshOutputToStderr(chunkString, options);
+        const match = provider.unprovisionedAccessPatterns.find((message) => chunkString.match(message.pattern));
+        if (match) {
             isEphemeralAccessDeniedException = true;
         }
-        const googleLoginMatch = chunkString.match(GOOGLE_LOGIN_MESSAGE);
-        isGoogleLoginException = isGoogleLoginException || !!googleLoginMatch; // once true, always true
-        if (isGoogleLoginException) {
+        if (provider.loginRequiredPattern) {
+            const loginMatch = chunkString.match(provider.loginRequiredPattern);
+            isLoginException = isLoginException || !!loginMatch; // once true, always true
+        }
+        if (isLoginException) {
             isEphemeralAccessDeniedException = false; // always overwrite to false so we don't retry the access
         }
     });
     return {
         isAccessPropagated: () => !isEphemeralAccessDeniedException,
-        isGoogleLoginException: () => isGoogleLoginException,
+        isLoginException: () => isLoginException,
     };
 };
+/**
+ * Parses and prints a chunk of SSH output to stderr.
+ *
+ * If debug is enabled, all output is printed. Otherwise, only selected messages are printed.
+ *
+ * @param chunkString the chunk to print
+ * @param options SSH spawn options
+ */
+const parseAndPrintSshOutputToStderr = (chunkString, options) => {
+    const lines = chunkString.split("\n");
+    const isPreTest = options.isAccessPropagationPreTest;
+    for (const line of lines) {
+        if (options.debug) {
+            (0, stdio_1.print2)(line);
+        }
+        else {
+            if (!isPreTest && line.includes("Authenticated to")) {
+                // We want to let the user know that they successfully authenticated
+                (0, stdio_1.print2)(line);
+            }
+            else if (!isPreTest && line.includes("port forwarding failed")) {
+                // We also want to let the user know if port forwarding failed
+                (0, stdio_1.print2)(line);
+            }
+        }
+    }
+};
 const spawnChildProcess = (credential, command, args, stdio) => (0, node_child_process_1.spawn)(command, args, {
     env: Object.assign(Object.assign({}, process.env), credential),
     stdio,
     shell: false,
 });
-/** Starts an SSM session in the terminal by spawning `aws ssm` as a subprocess
- *
- * Requires `aws ssm` to be installed on the client machine.
- */
 function spawnSshNode(options) {
     return __awaiter(this, void 0, void 0, function* () {
         return new Promise((resolve, reject) => {
             const provider = ssh_1.SSH_PROVIDERS[options.provider];
-            const attemptsRemaining = options.attemptsRemaining;
             if (options.debug) {
                 const gerund = options.isAccessPropagationPreTest
                     ? "Pre-testing"
                     : "Trying";
-                (0, stdio_1.print2)(`Waiting for access to propagate. ${gerund} SSH session... (remaining attempts: ${attemptsRemaining})`);
+                const remainingSeconds = ((options.endTime - Date.now()) / 1e3).toFixed(1);
+                (0, stdio_1.print2)(`Waiting for access to propagate. ${gerund} SSH session... (will wait up to ${remainingSeconds} seconds)`);
             }
             const child = spawnChildProcess(options.credential, options.command, options.args, options.stdio);
             // TODO ENG-2284 support login with Google Cloud: currently return a boolean to indicate if the exception was a Google login error.
-            const { isAccessPropagated, isGoogleLoginException } = accessPropagationGuard(child, options.debug);
+            const { isAccessPropagated, isLoginException } = accessPropagationGuard(provider, child, options);
             const exitListener = child.on("exit", (code) => {
-                var _a;
+                var _a, _b;
                 exitListener.unref();
                 // In the case of ephemeral AccessDenied exceptions due to unpropagated
                 // permissions, continually retry access until success
                 if (!isAccessPropagated()) {
-                    if (attemptsRemaining <= 0) {
-                        reject(`Access did not propagate through ${provider.friendlyName} before max retry attempts were exceeded. Please contact support@p0.dev for assistance.`);
+                    if (options.endTime < Date.now()) {
+                        reject(`Access did not propagate through ${provider.friendlyName} in time. Please contact support@p0.dev for assistance.`);
                         return;
                     }
                     (0, util_1.delay)(RETRY_DELAY_MS)
-                        .then(() => spawnSshNode(Object.assign(Object.assign({}, options), { attemptsRemaining: attemptsRemaining - 1 })))
+                        .then(() => spawnSshNode(options))
                         .then((code) => resolve(code))
                         .catch(reject);
                     return;
                 }
-                else if (isGoogleLoginException()) {
-                    reject(`Please login to Google Cloud CLI with 'gcloud auth login'`);
+                else if (isLoginException()) {
+                    reject((_a = provider.loginRequiredMessage) !== null && _a !== void 0 ? _a : `Please log in to the ${provider.friendlyName} CLI to SSH`);
                     return;
                 }
-                (_a = options.abortController) === null || _a === void 0 ? void 0 : _a.abort(code);
+                (_b = options.abortController) === null || _b === void 0 ? void 0 : _b.abort(code);
                 if (!options.isAccessPropagationPreTest)
                     (0, stdio_1.print2)(`SSH session terminated`);
                 resolve(code);
@@ -227,6 +194,7 @@ const addCommonArgs = (args, proxyCommand) => {
     if (!proxyCommandExists) {
         sshOptions.push("-o", `ProxyCommand=${proxyCommand.join(" ")}`);
     }
+    // Force verbose output from SSH so we can parse the output
     const verboseOptionExists = sshOptions.some((opt) => opt === "-v");
     if (!verboseOptionExists) {
         sshOptions.push("-v");
@@ -261,7 +229,7 @@ const transformForShell = (args) => {
     });
 };
 /** Construct another command to use for testing access propagation prior to actually logging in the user to the ssh session */
-const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCommand, credential) => __awaiter(void 0, void 0, void 0, function* () {
+const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCommand, credential, endTime) => __awaiter(void 0, void 0, void 0, function* () {
     const testCmdArgs = sshProvider.preTestAccessPropagationArgs(cmdArgs);
     // Pre-testing comes at a performance cost because we have to execute another ssh subprocess after
     // a successful test. Only do when absolutely necessary.
@@ -276,7 +244,7 @@ const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCo
             stdio: ["inherit", "inherit", "pipe"],
             debug: cmdArgs.debug,
             provider: request.type,
-            attemptsRemaining: sshProvider.maxRetries,
+            endTime: endTime,
             isAccessPropagationPreTest: true,
         });
     }
@@ -300,7 +268,8 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
             (0, stdio_1.print2)(`Execute the following commands to create a similar SSH/SCP session:\n*** COMMANDS BEGIN ***\n${repro}\n*** COMMANDS END ***"\n`);
         }
     }
-    const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential);
+    const endTime = Date.now() + sshProvider.propagationTimeoutMs;
+    const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential, endTime);
     if (exitCode && exitCode !== 0) {
         return exitCode; // Only exit if there was an error when pre-testing
     }
@@ -312,7 +281,7 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
         stdio: ["inherit", "inherit", "pipe"],
         debug: cmdArgs.debug,
         provider: request.type,
-        attemptsRemaining: sshProvider.maxRetries,
+        endTime: endTime,
     });
 });
 exports.sshOrScp = sshOrScp;

package/dist/plugins/ssh/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B,kFAAkF;AAClF,sFAAsF;AACtF,MAAM,kCAAkC,GACtC,0RAA0R,CAAC;AAC7R;;;;;;GAMG;AACH,MAAM,yBAAyB,GAC7B,kEAAkE,CAAC;AACrE,MAAM,yBAAyB,GAAG,iCAAiC,CAAC;AACpE,MAAM,gCAAgC,GACpC,mDAAmD,CAAC;AACtD,MAAM,kCAAkC,GACtC,+CAA+C,CAAC;AAClD,MAAM,sBAAsB,GAC1B,4DAA4D,CAAC;AAC/D,MAAM,oBAAoB,GACxB,sDAAsD,CAAC;AACzD,MAAM,YAAY,GAAG,uCAAuC,CAAC,CAAC,mEAAmE;AAEjI;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,6BAA6B,GAAG;IACpC,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC/C,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtC,EAAE,OAAO,EAAE,YAAY,EAAE;IACzB,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAC7C,EAAE,OAAO,EAAE,kCAAkC,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACzE,EAAE,OAAO,EAAE,sBAAsB,EAAE;CACpC,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,KAAgD,EAChD,KAAe,EACf,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,sBAAsB,GAAG,KAAK,CAAC;IACnC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAEpD,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC;QAE/B,MAAM,KAAK,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAC3D,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IACE,KAAK;YACL,IAAI,CAAC,GAAG,EAAE;gBACR,WAAW,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,4BAA4B,CAAC,EAC1E;YACA,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACjE,sBAAsB,GAAG,sBAAsB,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC,yBAAyB;QAChG,IAAI,sBAAsB,EAAE;YAC1B,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,sBAAsB,EAAE,GAAG,EAAE,CAAC,sBAAsB;KACrD,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL;;;GAGG;AAEH,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;YACpD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,IAAA,cAAM,EACJ,oCAAoC,MAAM,wCAAwC,iBAAiB,GAAG,CACvG,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,GAClD,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAE/C,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,iBAAiB,IAAI,CAAC,EAAE;wBAC1B,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yFAAyF,CACnJ,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CACT,YAAY,iCACP,OAAO,KACV,iBAAiB,EAAE,iBAAiB,GAAG,CAAC,IACxC,CACH;yBACA,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBAEjB,OAAO;iBACR;qBAAM,IAAI,sBAAsB,EAAE,EAAE;oBACnC,MAAM,CAAC,2DAA2D,CAAC,CAAC;oBACpE,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAElC,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CAAC,IAAiB,EAAE,YAAsB,EAAE,EAAE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAgB,CAAC,CAAC;QACxC,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KACjE;IAED,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;YACzC,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAElE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,CACX,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,iBAAiB,EAAE,WAAW,CAAC,UAAU;KAC1C,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA1DW,QAAA,QAAQ,YA0DnB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,QAAqB,EACrB,KAAgD,EAChD,OAA4B,EAC5B,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,8BAA8B,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAClE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IAAI,KAAK,EAAE;YACT,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YACpE,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,yBAAyB;SAC/E;QAED,IAAI,gBAAgB,EAAE;YACpB,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,gBAAgB,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,8BAA8B,GAAG,CACrC,WAAmB,EACnB,OAA4B,EAC5B,EAAE;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,IAAI,OAAO,CAAC,KAAK,EAAE;YACjB,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;SACd;aAAM;YACL,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;gBACnD,oEAAoE;gBACpE,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;iBAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBAChE,8DAA8D;gBAC9D,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;SACF;KACF;AACH,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CACrE,CAAC,CACF,CAAC;gBACF,IAAA,cAAM,EACJ,oCAAoC,MAAM,oCAAoC,gBAAgB,WAAW,CAC1G,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,sBAAsB,CACrE,QAAQ,EACR,KAAK,EACL,OAAO,CACR,CAAC;YAEF,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;wBAChC,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yDAAyD,CACnH,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;yBACjC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBACjB,OAAO;iBACR;qBAAM,IAAI,gBAAgB,EAAE,EAAE;oBAC7B,MAAM,CACJ,MAAA,QAAQ,CAAC,oBAAoB,mCAC3B,wBAAwB,QAAQ,CAAC,YAAY,aAAa,CAC7D,CAAC;oBACF,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAElC,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CAAC,IAAiB,EAAE,YAAsB,EAAE,EAAE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAgB,CAAC,CAAC;QACxC,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KACjE;IAED,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,OAAe,EACf,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAEtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;YAChB,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAElE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC;IAE9D,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,EACV,OAAO,CACR,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA7DW,QAAA,QAAQ,YA6DnB"}

package/dist/types/ssh.d.ts

@@ -21,19 +21,18 @@ export type CliPermissionSpec<P extends PluginSshRequest, C extends object | und
 export declare const SupportedSshProviders: readonly ["aws", "gcloud"];
 export type SupportedSshProvider = (typeof SupportedSshProviders)[number];
 export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
-    requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
-    /** Converts a backend request to a CLI request */
-    toCliRequest: (request: Request<PR>, options?: {
-        debug?: boolean;
-    }) => Promise<Request<CliSshRequest>>;
-    ensureInstall: () => Promise<void>;
     /** Logs in the user to the cloud provider */
     cloudProviderLogin: (authn: Authn, request: SR) => Promise<C>;
-    /** Returns the command and its arguments that are going to be injected as the ssh ProxyCommand option */
-    proxyCommand: (request: SR) => string[];
-    /** Each element in the returned array is a command that can be run to reproduce the
-     * steps of logging in the user to the ssh session. */
-    reproCommands: (request: SR) => string[] | undefined;
+    /** Callback to ensure that this provider's CLI utils are installed */
+    ensureInstall: () => Promise<void>;
+    /** A human-readable name for this CSP */
+    friendlyName: string;
+    /** Friendly message to ask the user to log in to the CSP */
+    loginRequiredMessage?: string;
+    /** Regex match for error string indicating that CSP login is required */
+    loginRequiredPattern?: RegExp;
+    /** Amount of time, in ms, to wait between granting access and giving up on attempting an SSH connection */
+    propagationTimeoutMs: number;
     /** Arguments for a pre-test command to verify access propagation prior
      * to actually logging in the user to the ssh session.
      * This must return arguments for a non-interactive command - meaning the `command`
@@ -42,7 +41,23 @@ export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extend
      * the actual ssh/scp command.
      */
     preTestAccessPropagationArgs: (cmdArgs: CommandArgs) => CommandArgs | undefined;
-    maxRetries: number;
-    friendlyName: string;
+    /** Returns the command and its arguments that are going to be injected as the ssh ProxyCommand option */
+    proxyCommand: (request: SR) => string[];
+    /** Each element in the returned array is a command that can be run to reproduce the
+     * steps of logging in the user to the ssh session. */
+    reproCommands: (request: SR) => string[] | undefined;
+    /** Unwraps this provider's types */
+    requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
+    /** Regex matches for error strings indicating that the provider has not yet fully provisioned node acces */
+    unprovisionedAccessPatterns: readonly {
+        /** If the error matches this string, indicates that access is not provisioned */
+        readonly pattern: RegExp;
+        /** Maximum amount of time to wait for provisioning after encountering this error */
+        readonly validationWindowMs?: number;
+    }[];
+    /** Converts a backend request to a CLI request */
+    toCliRequest: (request: Request<PR>, options?: {
+        debug?: boolean;
+    }) => Promise<Request<CliSshRequest>>;
 };
 export type SshRequest = AwsSshRequest | GcpSshRequest;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@p0security/cli",
-  "version": "0.11.1",
+  "version": "0.11.3",
   "description": "Execute infra CLI commands with P0 grants",
   "main": "index.ts",
   "repository": {
@@ -65,8 +65,8 @@
     "eslint-plugin-promise": "^6.1.1",
     "jest": "^29.7.0",
     "prettier": "^3.2.4",
-    "ts-node": "^10.9.2",
-    "ts-jest": "^29.1.2"
+    "ts-jest": "^29.1.2",
+    "ts-node": "^10.9.2"
   },
   "scripts": {
     "build": "tsc && cp -r public dist/",