@p0security/cli 0.11.4 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/__tests__/login.test.js +31 -12
- package/dist/commands/__tests__/login.test.js.map +1 -1
- package/dist/commands/__tests__/ssh.test.js +23 -15
- package/dist/commands/__tests__/ssh.test.js.map +1 -1
- package/dist/commands/login.js +6 -6
- package/dist/commands/login.js.map +1 -1
- package/dist/commands/ls.js +26 -7
- package/dist/commands/ls.js.map +1 -1
- package/dist/commands/scp.js +5 -0
- package/dist/commands/scp.js.map +1 -1
- package/dist/commands/shared/request.d.ts +1 -0
- package/dist/commands/shared/request.js +9 -1
- package/dist/commands/shared/request.js.map +1 -1
- package/dist/commands/shared/ssh.d.ts +11 -1
- package/dist/commands/shared/ssh.js +16 -11
- package/dist/commands/shared/ssh.js.map +1 -1
- package/dist/commands/ssh.js +8 -3
- package/dist/commands/ssh.js.map +1 -1
- package/dist/common/install.d.ts +3 -0
- package/dist/common/install.js +12 -1
- package/dist/common/install.js.map +1 -1
- package/dist/drivers/auth.d.ts +1 -4
- package/dist/drivers/auth.js +4 -8
- package/dist/drivers/auth.js.map +1 -1
- package/dist/drivers/config.d.ts +2 -2
- package/dist/drivers/config.js +11 -1
- package/dist/drivers/config.js.map +1 -1
- package/dist/drivers/firestore.d.ts +4 -3
- package/dist/drivers/firestore.js +11 -6
- package/dist/drivers/firestore.js.map +1 -1
- package/dist/plugins/aws/ssh.js +5 -4
- package/dist/plugins/aws/ssh.js.map +1 -1
- package/dist/plugins/aws/types.d.ts +15 -15
- package/dist/plugins/azure/auth.d.ts +11 -0
- package/dist/plugins/azure/auth.js +56 -0
- package/dist/plugins/azure/auth.js.map +1 -0
- package/dist/plugins/azure/install.d.ts +1 -0
- package/dist/plugins/azure/install.js +33 -0
- package/dist/plugins/azure/install.js.map +1 -0
- package/dist/plugins/azure/keygen.d.ts +13 -0
- package/dist/plugins/azure/keygen.js +69 -0
- package/dist/plugins/azure/keygen.js.map +1 -0
- package/dist/plugins/azure/ssh.d.ts +13 -0
- package/dist/plugins/azure/ssh.js +124 -0
- package/dist/plugins/azure/ssh.js.map +1 -0
- package/dist/plugins/azure/tunnel.d.ts +14 -0
- package/dist/plugins/azure/tunnel.js +160 -0
- package/dist/plugins/azure/tunnel.js.map +1 -0
- package/dist/plugins/azure/types.d.ts +47 -0
- package/dist/plugins/azure/types.js +3 -0
- package/dist/plugins/azure/types.js.map +1 -0
- package/dist/plugins/google/ssh.js +5 -4
- package/dist/plugins/google/ssh.js.map +1 -1
- package/dist/plugins/google/types.d.ts +5 -6
- package/dist/plugins/ssh/index.js +44 -24
- package/dist/plugins/ssh/index.js.map +1 -1
- package/dist/types/request.d.ts +3 -1
- package/dist/types/ssh.d.ts +14 -6
- package/dist/types/ssh.js +1 -1
- package/dist/types/ssh.js.map +1 -1
- package/package.json +1 -1
package/dist/drivers/auth.js
CHANGED
|
@@ -32,7 +32,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
32
32
|
});
|
|
33
33
|
};
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.authenticate = exports.
|
|
35
|
+
exports.authenticate = exports.cached = exports.IDENTITY_CACHE_PATH = exports.IDENTITY_FILE_PATH = void 0;
|
|
36
36
|
/** Copyright © 2024-present P0 Security
|
|
37
37
|
|
|
38
38
|
This file is part of @p0security/cli
|
|
@@ -45,7 +45,6 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
45
45
|
**/
|
|
46
46
|
const login_1 = require("../commands/login");
|
|
47
47
|
const util_1 = require("../util");
|
|
48
|
-
const config_1 = require("./config");
|
|
49
48
|
const firestore_1 = require("./firestore");
|
|
50
49
|
const stdio_1 = require("./stdio");
|
|
51
50
|
const fs = __importStar(require("fs/promises"));
|
|
@@ -88,7 +87,7 @@ const cached = (name, loader, options, hasExpired) => __awaiter(void 0, void 0,
|
|
|
88
87
|
}
|
|
89
88
|
});
|
|
90
89
|
exports.cached = cached;
|
|
91
|
-
const
|
|
90
|
+
const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
92
91
|
try {
|
|
93
92
|
const buffer = yield fs.readFile(exports.IDENTITY_FILE_PATH);
|
|
94
93
|
const identity = JSON.parse(buffer.toString());
|
|
@@ -96,7 +95,7 @@ const loadCredentials = (options) => __awaiter(void 0, void 0, void 0, function*
|
|
|
96
95
|
identity.credential.expires_at < Date.now() * 1e-3) {
|
|
97
96
|
yield (0, login_1.login)({ org: identity.org.slug }, { skipAuthenticate: true });
|
|
98
97
|
(0, stdio_1.print2)("\u200B"); // Force a new line
|
|
99
|
-
return (
|
|
98
|
+
return loadCredentialsWithAutoLogin({ noRefresh: true });
|
|
100
99
|
}
|
|
101
100
|
return identity;
|
|
102
101
|
}
|
|
@@ -107,11 +106,8 @@ const loadCredentials = (options) => __awaiter(void 0, void 0, void 0, function*
|
|
|
107
106
|
throw error;
|
|
108
107
|
}
|
|
109
108
|
});
|
|
110
|
-
exports.loadCredentials = loadCredentials;
|
|
111
109
|
const authenticate = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
112
|
-
yield (
|
|
113
|
-
(0, firestore_1.initializeFirebase)();
|
|
114
|
-
const identity = yield (0, exports.loadCredentials)(options);
|
|
110
|
+
const identity = yield loadCredentialsWithAutoLogin(options);
|
|
115
111
|
const userCredential = yield (0, firestore_1.authenticateToFirebase)(identity);
|
|
116
112
|
return { userCredential, identity };
|
|
117
113
|
});
|
package/dist/drivers/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/drivers/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,6CAA0C;AAE1C,kCAAkC;AAClC,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/drivers/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,6CAA0C;AAE1C,kCAAkC;AAClC,2CAAqD;AACrD,mCAAiC;AACjC,gDAAkC;AAClC,2CAA6B;AAEhB,QAAA,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,eAAe,CAAC,CAAC;AACzD,QAAA,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAC1C,IAAI,CAAC,OAAO,CAAC,0BAAkB,CAAC,EAChC,OAAO,CACR,CAAC;AAEK,MAAM,MAAM,GAAG,CACpB,IAAY,EACZ,MAAwB,EACxB,OAA6B,EAC7B,UAAiC,EACrB,EAAE;;IACd,iCAAiC;IACjC,mHAAmH;IACnH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,2BAAmB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC;IACzE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,2BAAmB,CAAC,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;KAC3C;IAED,MAAM,SAAS,GAAG,GAAS,EAAE;QAC3B,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,MAAM,mCAAmC,IAAI,GAAG,CAAC;QAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;YACxD,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAM,CAAC;QACzE,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAG,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ;YAC1B,IAAA,cAAM,EACJ,+BAA+B,IAAI,iBAAiB,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,EAAE,CAC7E,CAAC;QACJ,OAAO,MAAM,SAAS,EAAE,CAAC;KAC1B;AACH,CAAC,CAAA,CAAC;AAzCW,QAAA,MAAM,UAyCjB;AAEF,MAAM,4BAA4B,GAAG,CAAO,OAE3C,EAAqB,EAAE;IACtB,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAAkB,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAa,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,IACE,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;YACnB,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAClD;YACA,MAAM,IAAA,aAAK,EAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,IAAA,cAAM,EAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB;YACrC,OAAO,4BAA4B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;SAC1D;QACD,OAAO,QAAQ,CAAC;KACjB;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ,EAAE;YAC5B,MAAM,yDAAyD,CAAC;SACjE;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,YAAY,GAAG,CAAO,OAElC,EAAkB,EAAE;IACnB,MAAM,QAAQ,GAAG,MAAM,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,MAAM,IAAA,kCAAsB,EAAC,QAAQ,CAAC,CAAC;IAE9D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC;AACtC,CAAC,CAAA,CAAC;AAPW,QAAA,YAAY,gBAOvB"}
|
package/dist/drivers/config.d.ts
CHANGED
|
@@ -11,5 +11,5 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
11
11
|
import { Config } from "../types/org";
|
|
12
12
|
export declare const CONFIG_FILE_PATH: string;
|
|
13
13
|
export declare function getTenantConfig(): Config;
|
|
14
|
-
export declare function saveConfig(
|
|
15
|
-
export declare function loadConfig(): Promise<
|
|
14
|
+
export declare function saveConfig(orgId: string): Promise<void>;
|
|
15
|
+
export declare function loadConfig(): Promise<Config>;
|
package/dist/drivers/config.js
CHANGED
|
@@ -14,7 +14,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.loadConfig = exports.saveConfig = exports.getTenantConfig = exports.CONFIG_FILE_PATH = void 0;
|
|
16
16
|
const util_1 = require("../util");
|
|
17
|
+
const env_1 = require("./env");
|
|
18
|
+
const firestore_1 = require("./firestore");
|
|
17
19
|
const stdio_1 = require("./stdio");
|
|
20
|
+
const firestore_2 = require("firebase/firestore");
|
|
18
21
|
const promises_1 = __importDefault(require("fs/promises"));
|
|
19
22
|
const path_1 = __importDefault(require("path"));
|
|
20
23
|
exports.CONFIG_FILE_PATH = path_1.default.join(util_1.P0_PATH, "config.json");
|
|
@@ -23,8 +26,14 @@ function getTenantConfig() {
|
|
|
23
26
|
return tenantConfig;
|
|
24
27
|
}
|
|
25
28
|
exports.getTenantConfig = getTenantConfig;
|
|
26
|
-
function saveConfig(
|
|
29
|
+
function saveConfig(orgId) {
|
|
30
|
+
var _a;
|
|
27
31
|
return __awaiter(this, void 0, void 0, function* () {
|
|
32
|
+
const orgDoc = yield (0, firestore_2.getDoc)((0, firestore_1.bootstrapDoc)(`orgs/${orgId}`));
|
|
33
|
+
const orgData = orgDoc.data();
|
|
34
|
+
if (!orgData)
|
|
35
|
+
throw "Could not find organization";
|
|
36
|
+
const config = (_a = orgData.config) !== null && _a !== void 0 ? _a : env_1.bootstrapConfig;
|
|
28
37
|
(0, stdio_1.print2)(`Saving config to ${exports.CONFIG_FILE_PATH}.`);
|
|
29
38
|
const dir = path_1.default.dirname(exports.CONFIG_FILE_PATH);
|
|
30
39
|
yield promises_1.default.mkdir(dir, { recursive: true });
|
|
@@ -37,6 +46,7 @@ function loadConfig() {
|
|
|
37
46
|
return __awaiter(this, void 0, void 0, function* () {
|
|
38
47
|
const buffer = yield promises_1.default.readFile(exports.CONFIG_FILE_PATH);
|
|
39
48
|
tenantConfig = JSON.parse(buffer.toString());
|
|
49
|
+
return tenantConfig;
|
|
40
50
|
});
|
|
41
51
|
}
|
|
42
52
|
exports.loadConfig = loadConfig;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,mCAAiC;AACjC,2DAA6B;AAC7B,gDAAwB;AAEX,QAAA,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAElE,IAAI,YAAoB,CAAC;AAEzB,SAAgB,eAAe;IAC7B,OAAO,YAAY,CAAC;AACtB,CAAC;AAFD,0CAEC;AAED,SAAsB,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AAEX,QAAA,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAElE,IAAI,YAAoB,CAAC;AAEzB,SAAgB,eAAe;IAC7B,OAAO,YAAY,CAAC;AACtB,CAAC;AAFD,0CAEC;AAED,SAAsB,UAAU,CAAC,KAAa;;;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EACzB,IAAA,wBAAY,EAAC,QAAQ,KAAK,EAAE,CAAC,CAC9B,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAI,CAAC,OAAO;YAAE,MAAM,6BAA6B,CAAC;QAElD,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,qBAAe,CAAC;QAEjD,IAAA,cAAM,EAAC,oBAAoB,wBAAgB,GAAG,CAAC,CAAC;QAEhD,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,wBAAgB,CAAC,CAAC;QAC3C,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,wBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAE9E,YAAY,GAAG,MAAM,CAAC;;CACvB;AAjBD,gCAiBC;AAED,SAAsB,UAAU;;QAC9B,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,wBAAgB,CAAC,CAAC;QACnD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7C,OAAO,YAAY,CAAC;IACtB,CAAC;CAAA;AAJD,gCAIC"}
|
|
@@ -9,12 +9,13 @@ This file is part of @p0security/cli
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
11
|
import { Identity } from "../types/identity";
|
|
12
|
+
import { UserCredential } from "firebase/auth";
|
|
12
13
|
import { CollectionReference, DocumentReference } from "firebase/firestore";
|
|
13
|
-
export declare function initializeFirebase(): void
|
|
14
|
-
export declare function authenticateToFirebase(identity: Identity): Promise<
|
|
14
|
+
export declare function initializeFirebase(): Promise<void>;
|
|
15
|
+
export declare function authenticateToFirebase(identity: Identity): Promise<UserCredential>;
|
|
15
16
|
export declare const collection: <T>(path: string, ...pathSegments: string[]) => CollectionReference<T, import("@firebase/firestore").DocumentData>;
|
|
16
17
|
export declare const doc: <T>(path: string) => DocumentReference<T, import("@firebase/firestore").DocumentData>;
|
|
17
|
-
export declare const
|
|
18
|
+
export declare const bootstrapDoc: <T>(path: string) => DocumentReference<T, import("@firebase/firestore").DocumentData>;
|
|
18
19
|
/** Ensures that Firestore is shutdown at command termination
|
|
19
20
|
*
|
|
20
21
|
* This prevents Firestore from holding the command on execution completion or failure.
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.fsShutdownGuard = exports.
|
|
12
|
+
exports.fsShutdownGuard = exports.bootstrapDoc = exports.doc = exports.collection = exports.authenticateToFirebase = exports.initializeFirebase = void 0;
|
|
13
13
|
const config_1 = require("./config");
|
|
14
14
|
const env_1 = require("./env");
|
|
15
15
|
const app_1 = require("firebase/app");
|
|
@@ -20,9 +20,13 @@ const bootstrapFirestore = (0, firestore_1.getFirestore)(bootstrapApp);
|
|
|
20
20
|
let app;
|
|
21
21
|
let firestore;
|
|
22
22
|
function initializeFirebase() {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
24
|
+
if (!firestore) {
|
|
25
|
+
const tenantConfig = yield (0, config_1.loadConfig)();
|
|
26
|
+
app = (0, app_1.initializeApp)(tenantConfig.fs, "authFirebase");
|
|
27
|
+
firestore = (0, firestore_1.getFirestore)(app);
|
|
28
|
+
}
|
|
29
|
+
});
|
|
26
30
|
}
|
|
27
31
|
exports.initializeFirebase = initializeFirebase;
|
|
28
32
|
function authenticateToFirebase(identity) {
|
|
@@ -30,6 +34,7 @@ function authenticateToFirebase(identity) {
|
|
|
30
34
|
return __awaiter(this, void 0, void 0, function* () {
|
|
31
35
|
const { credential } = identity;
|
|
32
36
|
const tenantId = identity.org.tenantId;
|
|
37
|
+
yield initializeFirebase();
|
|
33
38
|
// TODO: Move to map lookup
|
|
34
39
|
const provider = new auth_1.OAuthProvider(identity.org.ssoProvider === "google"
|
|
35
40
|
? auth_1.SignInMethod.GOOGLE
|
|
@@ -56,10 +61,10 @@ const doc = (path) => {
|
|
|
56
61
|
return (0, firestore_1.doc)(firestore, path);
|
|
57
62
|
};
|
|
58
63
|
exports.doc = doc;
|
|
59
|
-
const
|
|
64
|
+
const bootstrapDoc = (path) => {
|
|
60
65
|
return (0, firestore_1.doc)(bootstrapFirestore, path);
|
|
61
66
|
};
|
|
62
|
-
exports.
|
|
67
|
+
exports.bootstrapDoc = bootstrapDoc;
|
|
63
68
|
/** Ensures that Firestore is shutdown at command termination
|
|
64
69
|
*
|
|
65
70
|
* This prevents Firestore from holding the command on execution completion or failure.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"firestore.js","sourceRoot":"","sources":["../../src/drivers/firestore.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,
|
|
1
|
+
{"version":3,"file":"firestore.js","sourceRoot":"","sources":["../../src/drivers/firestore.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAAsC;AACtC,+BAAwC;AACxC,sCAA0D;AAC1D,wCAMuB;AACvB,kDAQ4B;AAE5B,MAAM,YAAY,GAAG,IAAA,mBAAa,EAAC,qBAAe,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;AACvE,MAAM,kBAAkB,GAAG,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;AAEtD,IAAI,GAAgB,CAAC;AACrB,IAAI,SAAoB,CAAC;AAEzB,SAAsB,kBAAkB;;QACtC,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAU,GAAE,CAAC;YACxC,GAAG,GAAG,IAAA,mBAAa,EAAC,YAAY,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;YACrD,SAAS,GAAG,IAAA,wBAAY,EAAC,GAAG,CAAC,CAAC;SAC/B;IACH,CAAC;CAAA;AAND,gDAMC;AAED,SAAsB,sBAAsB,CAC1C,QAAkB;;;QAElB,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;QAChC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;QAEvC,MAAM,kBAAkB,EAAE,CAAC;QAE3B,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,IAAI,oBAAa,CAChC,QAAQ,CAAC,GAAG,CAAC,WAAW,KAAK,QAAQ;YACnC,CAAC,CAAC,mBAAY,CAAC,MAAM;YACrB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAC5B,CAAC;QAEF,MAAM,kBAAkB,GAAG,QAAQ,CAAC,UAAU,CAAC;YAC7C,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,OAAO,EAAE,UAAU,CAAC,QAAQ;SAC7B,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,IAAA,cAAO,EAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzB,MAAM,cAAc,GAAG,MAAM,IAAA,2BAAoB,EAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;QAE5E,IAAI,CAAC,CAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,0CAAE,KAAK,CAAA,EAAE;YAChC,MAAM,6IAA6I,CAAC;SACrJ;QAED,OAAO,cAAc,CAAC;;CACvB;AA9BD,wDA8BC;AAEM,MAAM,UAAU,GAAG,CAAI,IAAY,EAAE,GAAG,YAAsB,EAAE,EAAE;IACvE,OAAO,IAAA,sBAAY,EACjB,SAAS,EACT,IAAI,EACJ,GAAG,YAAY,CACU,CAAC;AAC9B,CAAC,CAAC;AANW,QAAA,UAAU,cAMrB;AAEK,MAAM,GAAG,GAAG,CAAI,IAAY,EAAE,EAAE;IACrC,OAAO,IAAA,eAAK,EAAC,SAAS,EAAE,IAAI,CAAyB,CAAC;AACxD,CAAC,CAAC;AAFW,QAAA,GAAG,OAEd;AAEK,MAAM,YAAY,GAAG,CAAI,IAAY,EAAE,EAAE;IAC9C,OAAO,IAAA,eAAK,EAAC,kBAAkB,EAAE,IAAI,CAAyB,CAAC;AACjE,CAAC,CAAC;AAFW,QAAA,YAAY,gBAEvB;AAEF;;;GAGG;AACI,MAAM,eAAe,GAC1B,CAAO,EAA2B,EAAE,EAAE,CACtC,CAAO,IAAO,EAAE,EAAE;IAChB,IAAI;QACF,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC;KAChB;YAAS;QACR,IAAI,kBAAkB;YAAE,KAAK,IAAA,qBAAS,EAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,SAAS;YAAE,KAAK,IAAA,qBAAS,EAAC,SAAS,CAAC,CAAC;KAC1C;AACH,CAAC,CAAA,CAAC;AATS,QAAA,eAAe,mBASxB"}
|
package/dist/plugins/aws/ssh.js
CHANGED
|
@@ -55,6 +55,7 @@ exports.awsSshProvider = {
|
|
|
55
55
|
? yield (0, aws_1.assumeRoleWithOktaSaml)(authn, request)
|
|
56
56
|
: (0, util_1.throwAssertNever)(config.login);
|
|
57
57
|
}),
|
|
58
|
+
validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
|
|
58
59
|
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
59
60
|
if (!(yield (0, install_1.ensureSsmInstall)())) {
|
|
60
61
|
throw "Please try again after installing the required AWS utilities";
|
|
@@ -89,10 +90,10 @@ exports.awsSshProvider = {
|
|
|
89
90
|
},
|
|
90
91
|
requestToSsh: (request) => {
|
|
91
92
|
const { permission, generated } = request;
|
|
92
|
-
const {
|
|
93
|
-
const { idcId, idcRegion } =
|
|
94
|
-
const {
|
|
95
|
-
const {
|
|
93
|
+
const { resource, region } = permission;
|
|
94
|
+
const { idcId, idcRegion, instanceId, accountId } = resource;
|
|
95
|
+
const { linuxUserName, resource: generatedResource } = generated;
|
|
96
|
+
const { name } = generatedResource;
|
|
96
97
|
const common = { linuxUserName, accountId, region, id: instanceId };
|
|
97
98
|
return !idcId || !idcRegion
|
|
98
99
|
? Object.assign(Object.assign({}, common), { role: name, type: "aws", access: "role" }) : Object.assign(Object.assign({}, common), { idc: { id: idcId, region: idcRegion }, permissionSet: name, type: "aws", access: "idc" });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,IAAI;YACJ,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,IAAI;YACJ,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -53,26 +53,26 @@ export type AwsItem = {
|
|
|
53
53
|
export type AwsConfig = {
|
|
54
54
|
"iam-write": Record<string, AwsItemConfig>;
|
|
55
55
|
};
|
|
56
|
-
export type AwsSshPermission = {
|
|
57
|
-
|
|
58
|
-
|
|
56
|
+
export type AwsSshPermission = CommonSshPermissionSpec & {
|
|
57
|
+
provider: "aws";
|
|
58
|
+
region: string;
|
|
59
|
+
alias: string;
|
|
60
|
+
resource: {
|
|
61
|
+
account: string;
|
|
59
62
|
accountId: string;
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
};
|
|
67
|
-
};
|
|
63
|
+
arn: string;
|
|
64
|
+
idcId: string;
|
|
65
|
+
idcRegion: string;
|
|
66
|
+
instanceId: string;
|
|
67
|
+
name: string;
|
|
68
|
+
userName: string;
|
|
68
69
|
};
|
|
69
|
-
type: "session";
|
|
70
70
|
};
|
|
71
71
|
export type AwsSshGenerated = {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
linuxUserName: string;
|
|
72
|
+
resource: {
|
|
73
|
+
name: string;
|
|
75
74
|
};
|
|
75
|
+
linuxUserName: string;
|
|
76
76
|
};
|
|
77
77
|
export type AwsSshPermissionSpec = PermissionSpec<"ssh", AwsSshPermission, AwsSshGenerated>;
|
|
78
78
|
export type AwsSsh = CliPermissionSpec<AwsSshPermissionSpec, undefined>;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export declare const azLoginCommand: () => {
|
|
2
|
+
command: string;
|
|
3
|
+
args: string[];
|
|
4
|
+
};
|
|
5
|
+
export declare const azAccountSetCommand: (subscriptionId: string) => {
|
|
6
|
+
command: string;
|
|
7
|
+
args: string[];
|
|
8
|
+
};
|
|
9
|
+
export declare const azLogin: (subscriptionId: string, options?: {
|
|
10
|
+
debug?: boolean;
|
|
11
|
+
}) => Promise<void>;
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.azLogin = exports.azAccountSetCommand = exports.azLoginCommand = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
24
|
+
const util_1 = require("../../util");
|
|
25
|
+
const azLoginCommand = () => ({
|
|
26
|
+
command: "az",
|
|
27
|
+
args: ["login"],
|
|
28
|
+
});
|
|
29
|
+
exports.azLoginCommand = azLoginCommand;
|
|
30
|
+
const azAccountSetCommand = (subscriptionId) => ({
|
|
31
|
+
command: "az",
|
|
32
|
+
args: ["account", "set", "--subscription", subscriptionId],
|
|
33
|
+
});
|
|
34
|
+
exports.azAccountSetCommand = azAccountSetCommand;
|
|
35
|
+
const azLogin = (subscriptionId, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
36
|
+
const { debug } = options;
|
|
37
|
+
if (debug)
|
|
38
|
+
(0, stdio_1.print2)("Logging in to Azure...");
|
|
39
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, exports.azLoginCommand)();
|
|
40
|
+
const loginResult = yield (0, util_1.exec)(azLoginExe, azLoginArgs, { check: true });
|
|
41
|
+
if (debug) {
|
|
42
|
+
(0, stdio_1.print2)(loginResult.stdout);
|
|
43
|
+
(0, stdio_1.print2)(loginResult.stderr);
|
|
44
|
+
(0, stdio_1.print2)(`Setting active Azure subscription to ${subscriptionId}...`);
|
|
45
|
+
}
|
|
46
|
+
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, exports.azAccountSetCommand)(subscriptionId);
|
|
47
|
+
const accountSetResult = yield (0, util_1.exec)(azAccountSetExe, azAccountSetArgs, {
|
|
48
|
+
check: true,
|
|
49
|
+
});
|
|
50
|
+
if (debug) {
|
|
51
|
+
(0, stdio_1.print2)(accountSetResult.stdout);
|
|
52
|
+
(0, stdio_1.print2)(accountSetResult.stderr);
|
|
53
|
+
}
|
|
54
|
+
});
|
|
55
|
+
exports.azLogin = azLogin;
|
|
56
|
+
//# sourceMappingURL=auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAE3B,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,CAAC;IACnC,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,OAAO,CAAC;CAChB,CAAC,CAAC;AAHU,QAAA,cAAc,kBAGxB;AAEI,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAAC,CAAC;IAC9D,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC;CAC3D,CAAC,CAAC;AAHU,QAAA,mBAAmB,uBAG7B;AAEI,MAAM,OAAO,GAAG,CACrB,cAAsB,EACtB,UAA+B,EAAE,EACjC,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;IAE5C,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,sBAAc,GAAE,CAAC;IACpE,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzE,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAA,cAAM,EAAC,wCAAwC,cAAc,KAAK,CAAC,CAAC;KACrE;IAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,cAAc,CAAC,CAAC;IACtC,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;QACrE,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;KACjC;AACH,CAAC,CAAA,CAAC;AA3BW,QAAA,OAAO,WA2BlB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ensureAzInstall: () => Promise<boolean>;
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ensureAzInstall = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const install_1 = require("../../common/install");
|
|
24
|
+
const AzItems = [...install_1.HomebrewItems, "az"];
|
|
25
|
+
const AzInstall = Object.assign(Object.assign({}, install_1.HomebrewInstall), { az: {
|
|
26
|
+
label: "Azure command-line interface",
|
|
27
|
+
commands: {
|
|
28
|
+
darwin: ["brew update", "brew install azure-cli"],
|
|
29
|
+
},
|
|
30
|
+
} });
|
|
31
|
+
const ensureAzInstall = () => __awaiter(void 0, void 0, void 0, function* () { return yield (0, install_1.ensureInstall)(AzItems, AzInstall); });
|
|
32
|
+
exports.ensureAzInstall = ensureAzInstall;
|
|
33
|
+
//# sourceMappingURL=install.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/plugins/azure/install.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,kDAK8B;AAE9B,MAAM,OAAO,GAAG,CAAC,GAAG,uBAAa,EAAE,IAAI,CAAU,CAAC;AAGlD,MAAM,SAAS,mCACV,yBAAe,KAClB,EAAE,EAAE;QACF,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE;YACR,MAAM,EAAE,CAAC,aAAa,EAAE,wBAAwB,CAAC;SAClD;KACF,GACF,CAAC;AAEK,MAAM,eAAe,GAAG,GAAS,EAAE,kDACxC,OAAA,MAAM,IAAA,uBAAa,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA,GAAA,CAAC;AAD7B,QAAA,eAAe,mBACc"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export declare const AD_CERT_FILENAME = "p0cli-azure-ad-ssh-cert.pub";
|
|
2
|
+
export declare const AD_SSH_KEY_PRIVATE = "id_rsa";
|
|
3
|
+
export declare const azSshCertCommand: (keyPath: string) => {
|
|
4
|
+
command: string;
|
|
5
|
+
args: string[];
|
|
6
|
+
};
|
|
7
|
+
export declare const createTempDirectoryForKeys: () => Promise<{
|
|
8
|
+
path: string;
|
|
9
|
+
cleanup: () => Promise<void>;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const generateSshKeyAndAzureAdCert: (keyPath: string, options?: {
|
|
12
|
+
debug?: boolean;
|
|
13
|
+
}) => Promise<void>;
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.generateSshKeyAndAzureAdCert = exports.createTempDirectoryForKeys = exports.azSshCertCommand = exports.AD_SSH_KEY_PRIVATE = exports.AD_CERT_FILENAME = void 0;
|
|
16
|
+
/** Copyright © 2024-present P0 Security
|
|
17
|
+
|
|
18
|
+
This file is part of @p0security/cli
|
|
19
|
+
|
|
20
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
21
|
+
|
|
22
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
23
|
+
|
|
24
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
|
+
**/
|
|
26
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
27
|
+
const util_1 = require("../../util");
|
|
28
|
+
const node_path_1 = __importDefault(require("node:path"));
|
|
29
|
+
const tmp_promise_1 = __importDefault(require("tmp-promise"));
|
|
30
|
+
// We pass in the name of the certificate file to generate
|
|
31
|
+
exports.AD_CERT_FILENAME = "p0cli-azure-ad-ssh-cert.pub";
|
|
32
|
+
// The `az ssh cert` command manages key generation, and generates SSH RSA keys with the standard names
|
|
33
|
+
exports.AD_SSH_KEY_PRIVATE = "id_rsa";
|
|
34
|
+
const azSshCertCommand = (keyPath) => ({
|
|
35
|
+
command: "az",
|
|
36
|
+
args: ["ssh", "cert", "--file", node_path_1.default.join(keyPath, exports.AD_CERT_FILENAME)],
|
|
37
|
+
});
|
|
38
|
+
exports.azSshCertCommand = azSshCertCommand;
|
|
39
|
+
const createTempDirectoryForKeys = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
40
|
+
// unsafeCleanup lets us delete the directory even if there are still files in it, which is fine since the
|
|
41
|
+
// files are no longer needed once we've authenticated to the remote system.
|
|
42
|
+
const { path, cleanup } = yield tmp_promise_1.default.dir({
|
|
43
|
+
mode: 0o700,
|
|
44
|
+
prefix: "p0cli-",
|
|
45
|
+
unsafeCleanup: true,
|
|
46
|
+
});
|
|
47
|
+
return { path, cleanup };
|
|
48
|
+
});
|
|
49
|
+
exports.createTempDirectoryForKeys = createTempDirectoryForKeys;
|
|
50
|
+
const generateSshKeyAndAzureAdCert = (keyPath, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
51
|
+
const { debug } = options;
|
|
52
|
+
if (debug)
|
|
53
|
+
(0, stdio_1.print2)("Generating Azure AD SSH certificate...");
|
|
54
|
+
try {
|
|
55
|
+
const { command, args } = (0, exports.azSshCertCommand)(keyPath);
|
|
56
|
+
const { stdout, stderr } = yield (0, util_1.exec)(command, args, { check: true });
|
|
57
|
+
if (debug) {
|
|
58
|
+
(0, stdio_1.print2)(stdout);
|
|
59
|
+
(0, stdio_1.print2)(stderr);
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
catch (error) {
|
|
63
|
+
(0, stdio_1.print2)(error.stdout);
|
|
64
|
+
(0, stdio_1.print2)(error.stderr);
|
|
65
|
+
throw `Failed to generate Azure AD SSH certificate: ${error}`;
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
exports.generateSshKeyAndAzureAdCert = generateSshKeyAndAzureAdCert;
|
|
69
|
+
//# sourceMappingURL=keygen.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keygen.js","sourceRoot":"","sources":["../../../src/plugins/azure/keygen.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAClC,0DAA6B;AAC7B,8DAA8B;AAE9B,0DAA0D;AAC7C,QAAA,gBAAgB,GAAG,6BAA6B,CAAC;AAE9D,uGAAuG;AAC1F,QAAA,kBAAkB,GAAG,QAAQ,CAAC;AAEpC,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,wBAAgB,CAAC,CAAC;CACtE,CAAC,CAAC;AAHU,QAAA,gBAAgB,oBAG1B;AAEI,MAAM,0BAA0B,GAAG,GAGvC,EAAE;IACH,0GAA0G;IAC1G,4EAA4E;IAC5E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,qBAAG,CAAC,GAAG,CAAC;QACtC,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,QAAQ;QAChB,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAA,CAAC;AAbW,QAAA,0BAA0B,8BAarC;AAEK,MAAM,4BAA4B,GAAG,CAC1C,OAAe,EACf,UAA+B,EAAE,EACjC,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,wCAAwC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAgB,EAAC,OAAO,CAAC,CAAC;QACpD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;YACf,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;SAChB;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,MAAM,gDAAgD,KAAK,EAAE,CAAC;KAC/D;AACH,CAAC,CAAA,CAAC;AArBW,QAAA,4BAA4B,gCAqBvC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/** Copyright © 2024-present P0 Security
|
|
2
|
+
|
|
3
|
+
This file is part of @p0security/cli
|
|
4
|
+
|
|
5
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
+
|
|
7
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
+
|
|
9
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
+
**/
|
|
11
|
+
import { SshProvider } from "../../types/ssh";
|
|
12
|
+
import { AzureLocalData, AzureSshPermissionSpec, AzureSshRequest } from "./types";
|
|
13
|
+
export declare const azureSshProvider: SshProvider<AzureSshPermissionSpec, AzureLocalData, AzureSshRequest>;
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.azureSshProvider = void 0;
|
|
16
|
+
const auth_1 = require("./auth");
|
|
17
|
+
const install_1 = require("./install");
|
|
18
|
+
const keygen_1 = require("./keygen");
|
|
19
|
+
const tunnel_1 = require("./tunnel");
|
|
20
|
+
const node_path_1 = __importDefault(require("node:path"));
|
|
21
|
+
// TODO: Determine what this value should be for Azure
|
|
22
|
+
const PROPAGATION_TIMEOUT_LIMIT_MS = 2 * 60 * 1000;
|
|
23
|
+
exports.azureSshProvider = {
|
|
24
|
+
// TODO: Natively support Azure login in P0 CLI
|
|
25
|
+
cloudProviderLogin: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
26
|
+
// Login is handled as part of setup() below
|
|
27
|
+
return undefined;
|
|
28
|
+
}),
|
|
29
|
+
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
30
|
+
if (!(yield (0, install_1.ensureAzInstall)())) {
|
|
31
|
+
throw "Please try again after installing the Azure CLI tool.";
|
|
32
|
+
}
|
|
33
|
+
}),
|
|
34
|
+
friendlyName: "Microsoft Azure",
|
|
35
|
+
loginRequiredMessage: "Please log in to Azure with 'az login' to continue.",
|
|
36
|
+
// TODO: Determine value
|
|
37
|
+
loginRequiredPattern: undefined,
|
|
38
|
+
propagationTimeoutMs: PROPAGATION_TIMEOUT_LIMIT_MS,
|
|
39
|
+
// TODO(ENG-3149): Implement sudo access checks here
|
|
40
|
+
preTestAccessPropagationArgs: () => undefined,
|
|
41
|
+
// Azure doesn't support ProxyCommand, as nice as that would be. Yet.
|
|
42
|
+
proxyCommand: () => [],
|
|
43
|
+
reproCommands: (request, additionalData) => {
|
|
44
|
+
var _a;
|
|
45
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, auth_1.azLoginCommand)();
|
|
46
|
+
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, auth_1.azAccountSetCommand)(request.subscriptionId);
|
|
47
|
+
const getKeyPath = () => {
|
|
48
|
+
// Use the same key path as the one generated in setup() so it matches the ssh command that is generated
|
|
49
|
+
// elsewhere. It'll be an annoying long temporary directory name, but it strictly will work for reproduction. If
|
|
50
|
+
// additionalData isn't present (which it always should be for the azureSshProvider), we'll use the user's home
|
|
51
|
+
// directory.
|
|
52
|
+
if (additionalData) {
|
|
53
|
+
return node_path_1.default.dirname(additionalData.identityFile);
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
const basePath = process.env.HOME || process.env.USERPROFILE || "";
|
|
57
|
+
return node_path_1.default.join(basePath, "p0cli-azure-ssh-keys");
|
|
58
|
+
}
|
|
59
|
+
};
|
|
60
|
+
const keyPath = getKeyPath();
|
|
61
|
+
const { command: azCertGenExe, args: azCertGenArgs } = (0, keygen_1.azSshCertCommand)(keyPath);
|
|
62
|
+
// If additionalData is undefined (which, again, should be never), use the default port for Azure Network Bastion
|
|
63
|
+
// tunnels instead of generating a random one
|
|
64
|
+
const { command: azTunnelExe, args: azTunnelArgs } = (0, tunnel_1.azBastionTunnelCommand)(request, (_a = additionalData === null || additionalData === void 0 ? void 0 : additionalData.port) !== null && _a !== void 0 ? _a : "50022", { debug: true } // reproCommands() is only invoked in debug mode, so this is a safe assumption
|
|
65
|
+
);
|
|
66
|
+
return [
|
|
67
|
+
`${azLoginExe} ${azLoginArgs.join(" ")}`,
|
|
68
|
+
`${azAccountSetExe} ${azAccountSetArgs.join(" ")}`,
|
|
69
|
+
`mkdir ${keyPath}`,
|
|
70
|
+
`${azCertGenExe} ${azCertGenArgs.join(" ")}`,
|
|
71
|
+
`${azTunnelExe} ${azTunnelArgs.join(" ")}`,
|
|
72
|
+
];
|
|
73
|
+
},
|
|
74
|
+
setup: (request, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
75
|
+
const { debug } = options;
|
|
76
|
+
// The subscription ID here is used to ensure that the user is logged in to the correct tenant/directory.
|
|
77
|
+
// As long as a subscription ID in the correct tenant is provided, this will work; it need not be the same
|
|
78
|
+
// subscription as which contains the Bastion host or the target VM.
|
|
79
|
+
yield (0, auth_1.azLogin)(request.subscriptionId, { debug }); // Always re-login to Azure CLI
|
|
80
|
+
const { path: keyPath, cleanup: sshKeyPathCleanup } = yield (0, keygen_1.createTempDirectoryForKeys)();
|
|
81
|
+
const wrappedCreateCertAndTunnel = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
82
|
+
try {
|
|
83
|
+
yield (0, keygen_1.generateSshKeyAndAzureAdCert)(keyPath, { debug });
|
|
84
|
+
return yield (0, tunnel_1.trySpawnBastionTunnel)(request, { debug });
|
|
85
|
+
}
|
|
86
|
+
catch (error) {
|
|
87
|
+
yield sshKeyPathCleanup();
|
|
88
|
+
throw error;
|
|
89
|
+
}
|
|
90
|
+
});
|
|
91
|
+
const { killTunnel, tunnelLocalPort } = yield wrappedCreateCertAndTunnel();
|
|
92
|
+
const sshPrivateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_SSH_KEY_PRIVATE);
|
|
93
|
+
const sshCertificateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_CERT_FILENAME);
|
|
94
|
+
const teardown = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
95
|
+
yield killTunnel();
|
|
96
|
+
yield sshKeyPathCleanup();
|
|
97
|
+
});
|
|
98
|
+
return {
|
|
99
|
+
sshOptions: [
|
|
100
|
+
`CertificateFile=${sshCertificateKeyPath}`,
|
|
101
|
+
// Because we connect to the Azure Network Bastion tunnel via a local port instead of a ProxyCommand, every
|
|
102
|
+
// instance connected to will appear to `ssh` to be the same host but presenting a different host key (i.e.,
|
|
103
|
+
// `ssh` always connects to localhost but each VM will present its own host key), which will trigger MITM attack
|
|
104
|
+
// warnings. We disable host key checking to avoid this. This is ordinarily very dangerous, but in this case,
|
|
105
|
+
// security of the connection is ensured by the Azure Bastion Network tunnel, which utilizes HTTPS and thus has
|
|
106
|
+
// its own MITM protection.
|
|
107
|
+
"StrictHostKeyChecking=no",
|
|
108
|
+
"UserKnownHostsFile=/dev/null",
|
|
109
|
+
],
|
|
110
|
+
identityFile: sshPrivateKeyPath,
|
|
111
|
+
port: tunnelLocalPort,
|
|
112
|
+
teardown,
|
|
113
|
+
};
|
|
114
|
+
}),
|
|
115
|
+
requestToSsh: (request) => (Object.assign(Object.assign({ type: "azure", id: "localhost" }, request.cliLocalData), { instanceId: request.permission.resource.instanceId, subscriptionId: request.permission.resource.subscriptionId, instanceResourceGroup: request.permission.resource.resourceGroupId, bastionId: request.permission.bastionHostId })),
|
|
116
|
+
// TODO: Implement
|
|
117
|
+
unprovisionedAccessPatterns: [],
|
|
118
|
+
toCliRequest: (request) => __awaiter(void 0, void 0, void 0, function* () {
|
|
119
|
+
return Object.assign(Object.assign({}, request), { cliLocalData: {
|
|
120
|
+
linuxUserName: request.principal,
|
|
121
|
+
} });
|
|
122
|
+
}),
|
|
123
|
+
};
|
|
124
|
+
//# sourceMappingURL=ssh.js.map
|