@p0security/cli 0.11.4 → 0.13.0

package/dist/plugins/azure/ssh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,iCAAsE;AACtE,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,sDAAsD;AACtD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,oDAAoD;IACpD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,qEAAqE;IACrE,YAAY,EAAE,GAAG,EAAE,CAAC,EAAE;IAEtB,aAAa,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE;;QACzC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,qBAAc,GAAE,CAAC;QACpE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,0BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,wGAAwG;YACxG,gHAAgH;YAChH,+GAA+G;YAC/G,aAAa;YACb,IAAI,cAAc,EAAE;gBAClB,OAAO,mBAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;aAClD;iBAAM;gBACL,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;gBACnE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;aACpD;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,GAClD,IAAA,yBAAgB,EAAC,OAAO,CAAC,CAAC;QAE5B,iHAAiH;QACjH,6CAA6C;QAC7C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,+BAAsB,EACzE,OAAO,EACP,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,mCAAI,OAAO,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,8EAA8E;SAC/F,CAAC;QAEF,OAAO;YACL,GAAG,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACxC,GAAG,eAAe,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAClD,SAAS,OAAO,EAAE;YAClB,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC5C,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,EAAE,CAAO,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,EAAE;QACrC,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAE1B,yGAAyG;QACzG,0GAA0G;QAC1G,oEAAoE;QACpE,MAAM,IAAA,cAAO,EAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,+BAA+B;QAEjF,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,GACjD,MAAM,IAAA,mCAA0B,GAAE,CAAC;QAErC,MAAM,0BAA0B,GAAG,GAAS,EAAE;YAC5C,IAAI;gBACF,MAAM,IAAA,qCAA4B,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACvD,OAAO,MAAM,IAAA,8BAAqB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;aACxD;YAAC,OAAO,KAAU,EAAE;gBACnB,MAAM,iBAAiB,EAAE,CAAC;gBAC1B,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAA,CAAC;QAEF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,0BAA0B,EAAE,CAAC;QAE3E,MAAM,iBAAiB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAAkB,CAAC,CAAC;QACjE,MAAM,qBAAqB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAgB,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,GAAS,EAAE;YAC1B,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAA,CAAC;QAEF,OAAO;YACL,UAAU,EAAE;gBACV,mBAAmB,qBAAqB,EAAE;gBAE1C,2GAA2G;gBAC3G,4GAA4G;gBAC5G,gHAAgH;gBAChH,6GAA6G;gBAC7G,+GAA+G;gBAC/G,2BAA2B;gBAC3B,0BAA0B;gBAC1B,8BAA8B;aAC/B;YACD,YAAY,EAAE,iBAAiB;YAC/B,IAAI,EAAE,eAAe;YACrB,QAAQ;SACT,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,+BACzB,IAAI,EAAE,OAAO,EACb,EAAE,EAAE,WAAW,IACZ,OAAO,CAAC,YAAY,KACvB,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAClD,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,EAC1D,qBAAqB,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAClE,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,aAAa,IAC3C;IAEF,kBAAkB;IAClB,2BAA2B,EAAE,EAAE;IAE/B,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE;QAC9B,uCACK,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,OAAO,CAAC,SAAS;aACjC,IACD;IACJ,CAAC,CAAA;CACF,CAAC"}

package/dist/plugins/azure/tunnel.d.ts

@@ -0,0 +1,14 @@
+import { AzureSshRequest } from "./types";
+export type BastionTunnelMeta = {
+    killTunnel: () => Promise<void>;
+    tunnelLocalPort: string;
+};
+export declare const azBastionTunnelCommand: (request: AzureSshRequest, port: string, options?: {
+    debug?: boolean;
+}) => {
+    command: string;
+    args: string[];
+};
+export declare const trySpawnBastionTunnel: (request: AzureSshRequest, options?: {
+    debug?: boolean;
+}) => Promise<BastionTunnelMeta>;

package/dist/plugins/azure/tunnel.js

@@ -0,0 +1,160 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.trySpawnBastionTunnel = exports.azBastionTunnelCommand = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const retry_1 = require("../../common/retry");
+const stdio_1 = require("../../drivers/stdio");
+const util_1 = require("../../util");
+const node_child_process_1 = require("node:child_process");
+const TUNNEL_READY_STRING = "Tunnel is ready";
+const SPAWN_TUNNEL_TRIES = 3;
+// Ignore these debug messages from the tunnel process; they are far too noisy and spam the terminal with useless info
+// anytime the SSH/SCP session has network activity.
+const tunnelDebugOutputIgnorePatterns = [
+    /Waiting for (debugger|websocket) data/i,
+    /Received (debugger|websocket)/i,
+    /Sending to (debugger|websocket)/i,
+];
+const azBastionTunnelCommand = (request, port, options = {}) => ({
+    command: "az",
+    args: [
+        "network",
+        "bastion",
+        "tunnel",
+        "--ids",
+        request.bastionId,
+        "--target-resource-id",
+        request.instanceId,
+        "--resource-port",
+        "22",
+        "--port",
+        port,
+        ...(options.debug ? ["--debug"] : []),
+    ],
+});
+exports.azBastionTunnelCommand = azBastionTunnelCommand;
+const selectRandomPort = () => {
+    // The IANA ephemeral port range is 49152 to 65535, inclusive. Pick a random value in that range.
+    // If the port is in use (unlikely but possible), we can just generate a new value and try again.
+    // 16384 is 65535 - 49152 + 1, the number of possible ports in the range.
+    const port = Math.floor(Math.random() * 16384) + 49152;
+    return port.toString();
+};
+const spawnBastionTunnelInBackground = (request, port, options = {}) => {
+    const { debug } = options;
+    return new Promise((resolve, reject) => {
+        let processSignalledToExit = false;
+        let processExited = false;
+        let stdout = "";
+        let stderr = "";
+        const { command, args } = (0, exports.azBastionTunnelCommand)(request, port, { debug });
+        if (debug)
+            (0, stdio_1.print2)("Spawning Azure Bastion tunnel process...");
+        // Spawn the process in detached mode so that it is in its own process group; this lets us kill it and all
+        // descendent processes together.
+        const child = (0, node_child_process_1.spawn)(command, args, { detached: true });
+        child.on("exit", (code) => {
+            processExited = true;
+            if (code === 0) {
+                if (debug)
+                    (0, stdio_1.print2)("Azure Bastion tunnel process exited normally.");
+                return;
+            }
+            if (!debug) {
+                // stdout and stderr are printed in real-time when debugging is enabled, so we don't need to print them here
+                (0, stdio_1.print2)(stdout);
+                (0, stdio_1.print2)(stderr);
+            }
+            reject(`Error running Azure Network Bastion tunnel; tunnel process ended with status ${code}`);
+        });
+        child.stdout.on("data", (data) => {
+            const str = data.toString("utf-8");
+            stdout += str;
+            if (debug &&
+                !tunnelDebugOutputIgnorePatterns.some((regex) => str.match(regex))) {
+                (0, stdio_1.print2)(str);
+            }
+        });
+        child.stderr.on("data", (data) => {
+            const str = data.toString("utf-8");
+            stderr += str;
+            if (debug &&
+                !tunnelDebugOutputIgnorePatterns.some((regex) => str.match(regex))) {
+                (0, stdio_1.print2)(str);
+            }
+            if (str.includes(TUNNEL_READY_STRING)) {
+                (0, stdio_1.print2)("Azure Bastion tunnel is ready.");
+                resolve({
+                    killTunnel: () => __awaiter(void 0, void 0, void 0, function* () {
+                        if (processSignalledToExit || processExited)
+                            return;
+                        processSignalledToExit = true;
+                        if (child.pid) {
+                            // Kill the process and all its descendents via killing the process group; this is only possible
+                            // because we launched the process with `detached: true` above. This is necessary because `az` is
+                            // actually a bash script that spawns a Python process, and we need to kill the Python process as well.
+                            // SIGINT is equivalent to pressing Ctrl-C in the terminal; allows for the tunnel process to perform any
+                            // necessary cleanup of its own before exiting. The negative PID is what indicates that we want to kill
+                            // the whole process group.
+                            try {
+                                if (debug) {
+                                    (0, stdio_1.print2)(`Sending SIGINT to Azure Bastion tunnel process (${child.pid})...`);
+                                }
+                                process.kill(-child.pid, "SIGINT");
+                                // Give the tunnel a chance to quit gracefully after the SIGINT by waiting at least 250 ms and up to
+                                // 5 seconds. If the process is still running after that, it's probably hung; SIGKILL it to force it to
+                                // end immediately.
+                                const SPIN_WAIT_MS = 250;
+                                for (let spins = 0; spins < 20; spins++) {
+                                    yield (0, util_1.sleep)(SPIN_WAIT_MS);
+                                    if (processExited) {
+                                        if (debug) {
+                                            (0, stdio_1.print2)(`Azure Bastion tunnel process exited after SIGINT after ${spins * SPIN_WAIT_MS} ms.`);
+                                        }
+                                        return;
+                                    }
+                                }
+                                if (debug) {
+                                    (0, stdio_1.print2)(`Azure Bastion tunnel process (${child.pid}) not responding, sending SIGKILL...`);
+                                }
+                                process.kill(-child.pid, "SIGKILL");
+                            }
+                            catch (error) {
+                                // Ignore the error and move on; we might as well just exit without waiting since we can't control
+                                // the child process, for whatever reason
+                                (0, stdio_1.print2)(`Failed to kill Azure Bastion tunnel process: ${error}`);
+                                child.unref();
+                            }
+                        }
+                    }),
+                    tunnelLocalPort: port,
+                });
+            }
+        });
+    });
+};
+const trySpawnBastionTunnel = (request, options) => __awaiter(void 0, void 0, void 0, function* () {
+    // Attempt to spawn the tunnel SPAWN_TUNNEL_TRIES times, picking a new port each time. If we fail
+    // too many times, then the problem is likely not the port, but something else.
+    return yield (0, retry_1.retryWithSleep)(() => spawnBastionTunnelInBackground(request, selectRandomPort(), options), () => true, SPAWN_TUNNEL_TRIES, 1000);
+});
+exports.trySpawnBastionTunnel = trySpawnBastionTunnel;
+//# sourceMappingURL=tunnel.js.map

package/dist/plugins/azure/tunnel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnel.js","sourceRoot":"","sources":["../../../src/plugins/azure/tunnel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,+CAA6C;AAC7C,qCAAmC;AAEnC,2DAA2C;AAE3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,sHAAsH;AACtH,oDAAoD;AACpD,MAAM,+BAA+B,GAAa;IAChD,wCAAwC;IACxC,gCAAgC;IAChC,kCAAkC;CACnC,CAAC;AAOK,MAAM,sBAAsB,GAAG,CACpC,OAAwB,EACxB,IAAY,EACZ,UAA+B,EAAE,EACjC,EAAE,CAAC,CAAC;IACJ,OAAO,EAAE,IAAI;IACb,IAAI,EAAE;QACJ,SAAS;QACT,SAAS;QACT,QAAQ;QACR,OAAO;QACP,OAAO,CAAC,SAAS;QACjB,sBAAsB;QACtB,OAAO,CAAC,UAAU;QAClB,iBAAiB;QACjB,IAAI;QACJ,QAAQ;QACR,IAAI;QACJ,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACtC;CACF,CAAC,CAAC;AApBU,QAAA,sBAAsB,0BAoBhC;AAEH,MAAM,gBAAgB,GAAG,GAAW,EAAE;IACpC,iGAAiG;IACjG,iGAAiG;IACjG,yEAAyE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC;IACvD,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,CACrC,OAAwB,EACxB,IAAY,EACZ,UAA+B,EAAE,EACL,EAAE;IAC9B,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,OAAO,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxD,IAAI,sBAAsB,GAAG,KAAK,CAAC;QACnC,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,8BAAsB,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,0CAA0C,CAAC,CAAC;QAE9D,0GAA0G;QAC1G,iCAAiC;QACjC,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvD,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,aAAa,GAAG,IAAI,CAAC;YACrB,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,IAAI,KAAK;oBAAE,IAAA,cAAM,EAAC,+CAA+C,CAAC,CAAC;gBACnE,OAAO;aACR;YAED,IAAI,CAAC,KAAK,EAAE;gBACV,4GAA4G;gBAC5G,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;gBACf,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;aAChB;YAED,MAAM,CACJ,gFAAgF,IAAI,EAAE,CACvF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;YAED,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;gBACrC,IAAA,cAAM,EAAC,gCAAgC,CAAC,CAAC;gBAEzC,OAAO,CAAC;oBACN,UAAU,EAAE,GAAS,EAAE;wBACrB,IAAI,sBAAsB,IAAI,aAAa;4BAAE,OAAO;wBAEpD,sBAAsB,GAAG,IAAI,CAAC;wBAE9B,IAAI,KAAK,CAAC,GAAG,EAAE;4BACb,gGAAgG;4BAChG,iGAAiG;4BACjG,uGAAuG;4BACvG,wGAAwG;4BACxG,uGAAuG;4BACvG,2BAA2B;4BAC3B,IAAI;gCACF,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,mDAAmD,KAAK,CAAC,GAAG,MAAM,CACnE,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gCAEnC,oGAAoG;gCACpG,uGAAuG;gCACvG,mBAAmB;gCACnB,MAAM,YAAY,GAAG,GAAG,CAAC;gCACzB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE;oCACvC,MAAM,IAAA,YAAK,EAAC,YAAY,CAAC,CAAC;oCAE1B,IAAI,aAAa,EAAE;wCACjB,IAAI,KAAK,EAAE;4CACT,IAAA,cAAM,EACJ,0DAA0D,KAAK,GAAG,YAAY,MAAM,CACrF,CAAC;yCACH;wCACD,OAAO;qCACR;iCACF;gCAED,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,iCAAiC,KAAK,CAAC,GAAG,sCAAsC,CACjF,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;6BACrC;4BAAC,OAAO,KAAU,EAAE;gCACnB,kGAAkG;gCAClG,yCAAyC;gCACzC,IAAA,cAAM,EAAC,gDAAgD,KAAK,EAAE,CAAC,CAAC;gCAChE,KAAK,CAAC,KAAK,EAAE,CAAC;6BACf;yBACF;oBACH,CAAC,CAAA;oBACD,eAAe,EAAE,IAAI;iBACtB,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CACnC,OAAwB,EACxB,OAA6B,EACD,EAAE;IAC9B,iGAAiG;IACjG,+EAA+E;IAE/E,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAG,EAAE,CAAC,8BAA8B,CAAC,OAAO,EAAE,gBAAgB,EAAE,EAAE,OAAO,CAAC,EAC1E,GAAG,EAAE,CAAC,IAAI,EACV,kBAAkB,EAClB,IAAI,CACL,CAAC;AACJ,CAAC,CAAA,CAAC;AAbW,QAAA,qBAAqB,yBAahC"}

package/dist/plugins/azure/types.d.ts

@@ -0,0 +1,47 @@
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+import { PermissionSpec } from "../../types/request";
+import { CliPermissionSpec } from "../../types/ssh";
+import { CommonSshPermissionSpec } from "../ssh/types";
+export type AzureSshPermissionSpec = PermissionSpec<"ssh", AzureSshPermission>;
+export type AzureSsh = CliPermissionSpec<AzureSshPermissionSpec, AzureLocalData>;
+export type AzureSshPermission = CommonSshPermissionSpec & {
+    provider: "azure";
+    destination: string;
+    parent: string | undefined;
+    group: string | undefined;
+    bastionHostId: string;
+    principal: string;
+    resource: {
+        instanceId: string;
+        instanceName: string;
+        subscriptionName: string;
+        resourceGroupId: string;
+        subscriptionId: string;
+        region: string;
+        networkInterfaceIds: string[];
+    };
+};
+export type AzureNodeSpec = {
+    instanceId: string;
+    sudo?: boolean;
+};
+export type AzureBastionSpec = {
+    bastionId: string;
+};
+export type AzureSshRequest = AzureNodeSpec & AzureBastionSpec & AzureLocalData & {
+    type: "azure";
+    id: "localhost";
+    subscriptionId: string;
+};
+export type AzureLocalData = {
+    linuxUserName: string;
+};

package/dist/plugins/azure/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/plugins/azure/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/azure/types.ts"],"names":[],"mappings":""}

package/dist/plugins/google/ssh.js

@@ -65,6 +65,7 @@ exports.gcpSshProvider = {
             throw "Please try again after installing the required GCP utilities";
         }
     }),
+    validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
     friendlyName: "Google Cloud",
     loginRequiredMessage: "Please login to Google Cloud CLI with 'gcloud auth login'",
     loginRequiredPattern: /You do not currently have an active account selected/,
@@ -97,9 +98,9 @@ exports.gcpSshProvider = {
     reproCommands: () => undefined,
     requestToSsh: (request) => {
         return {
-            id: request.permission.spec.instanceName,
-            projectId: request.permission.spec.projectId,
-            zone: request.permission.spec.zone,
+            id: request.permission.resource.instanceName,
+            projectId: request.permission.resource.projectId,
+            zone: request.permission.zone,
             linuxUserName: request.cliLocalData.linuxUserName,
             type: "gcloud",
         };
@@ -107,7 +108,7 @@ exports.gcpSshProvider = {
     unprovisionedAccessPatterns,
     toCliRequest: (request, options) => __awaiter(void 0, void 0, void 0, function* () {
         return (Object.assign(Object.assign({}, request), { cliLocalData: {
-                linuxUserName: yield (0, ssh_key_1.importSshKey)(request.permission.spec.publicKey, options),
+                linuxUserName: yield (0, ssh_key_1.importSshKey)(request.permission.publicKey, options),
             } }));
     }),
 };

package/dist/plugins/google/ssh.js.map

@@ -1 +1 @@
-{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,uCAAgD;AAChD,uCAAyC;AAGzC,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,uCAAuC;IACvC,kBAAkB,EAAE,GAAS,EAAE,kDAAC,OAAA,SAAS,CAAA,GAAA;IAEzC,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,QAAQ;YACR,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI;YACJ,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY;YACxC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS;YAC5C,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI;YAClC,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAC/B,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EACjC,OAAO,CACR;aACF,IACD,CAAA;MAAA;CACH,CAAC"}
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,uCAAgD;AAChD,uCAAyC;AAGzC,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,uCAAuC;IACvC,kBAAkB,EAAE,GAAS,EAAE,kDAAC,OAAA,SAAS,CAAA,GAAA;IAEzC,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,QAAQ;YACR,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI;YACJ,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY;YAC5C,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS;YAChD,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;aACzE,IACD,CAAA;MAAA;CACH,CAAC"}

package/dist/plugins/google/types.d.ts

@@ -11,25 +11,24 @@ You should have received a copy of the GNU General Public License along with @p0
 import { PermissionSpec } from "../../types/request";
 import { CliPermissionSpec } from "../../types/ssh";
 import { CommonSshPermissionSpec } from "../ssh/types";
-export type GcpSshPermission = {
-    spec: CommonSshPermissionSpec & {
+export type GcpSshPermission = CommonSshPermissionSpec & {
+    provider: "gcloud";
+    zone: string;
+    resource: {
         instanceName: string;
         projectId: string;
-        zone: string;
-        type: "gcloud";
     };
-    type: "session";
 };
 export type GcpSshPermissionSpec = PermissionSpec<"ssh", GcpSshPermission>;
 export type GcpSsh = CliPermissionSpec<GcpSshPermissionSpec, {
     linuxUserName: string;
 }>;
 export type GcpSshRequest = {
+    type: "gcloud";
     linuxUserName: string;
     projectId: string;
     zone: string;
     id: string;
-    type: "gcloud";
 };
 type PosixAccount = {
     username: string;

package/dist/plugins/ssh/index.js

@@ -143,14 +143,20 @@ function spawnSshNode(options) {
         });
     });
 }
-const createCommand = (data, args, proxyCommand) => {
-    addCommonArgs(args, proxyCommand);
+const createCommand = (data, args, setupData, proxyCommand) => {
+    var _a;
+    addCommonArgs(args, proxyCommand, setupData);
+    const sshOptionsOverrides = (_a = setupData === null || setupData === void 0 ? void 0 : setupData.sshOptions) !== null && _a !== void 0 ? _a : [];
+    const port = setupData === null || setupData === void 0 ? void 0 : setupData.port;
+    const argsOverride = sshOptionsOverrides.flatMap((opt) => ["-o", opt]);
     if ("source" in args) {
         addScpArgs(args);
         return {
             command: "scp",
             args: [
                 ...(args.sshOptions ? args.sshOptions : []),
+                ...argsOverride,
+                ...(port ? ["-P", port] : []),
                 args.source,
                 args.destination,
             ],
@@ -160,6 +166,8 @@ const createCommand = (data, args, proxyCommand) => {
         command: "ssh",
         args: [
             ...(args.sshOptions ? args.sshOptions : []),
+            ...argsOverride,
+            ...(port ? ["-p", port] : []),
             `${data.linuxUserName}@${data.id}`,
             ...(args.command ? [args.command] : []),
             ...args.arguments.map((argument) => 
@@ -173,7 +181,8 @@ const createCommand = (data, args, proxyCommand) => {
  *
  * These common args are only added if they have not been explicitly specified by the end user.
  */
-const addCommonArgs = (args, proxyCommand) => {
+const addCommonArgs = (args, sshProviderProxyCommand, setupData) => {
+    var _a;
     const sshOptions = args.sshOptions ? args.sshOptions : [];
     const identityFileOptionExists = sshOptions.some((opt, idx) => {
         var _a;
@@ -184,15 +193,15 @@ const addCommonArgs = (args, proxyCommand) => {
     // Explicitly specify which private key to use to avoid "Too many authentication failures"
     // error caused by SSH trying every available key
     if (!identityFileOptionExists) {
-        sshOptions.push("-i", keys_1.PRIVATE_KEY_PATH);
+        sshOptions.push("-i", (_a = setupData === null || setupData === void 0 ? void 0 : setupData.identityFile) !== null && _a !== void 0 ? _a : keys_1.PRIVATE_KEY_PATH);
         // Only use the authentication identity specified by -i above
         if (!identitiesOnlyOptionExists) {
             sshOptions.push("-o", "IdentitiesOnly=yes");
         }
     }
-    const proxyCommandExists = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ProxyCommand")); });
-    if (!proxyCommandExists) {
-        sshOptions.push("-o", `ProxyCommand=${proxyCommand.join(" ")}`);
+    const userSpecifiedProxyCommand = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ProxyCommand")); });
+    if (!userSpecifiedProxyCommand && sshProviderProxyCommand.length > 0) {
+        sshOptions.push("-o", `ProxyCommand=${sshProviderProxyCommand.join(" ")}`);
     }
     // Force verbose output from SSH so we can parse the output
     const verboseOptionExists = sshOptions.some((opt) => opt === "-v");
@@ -234,7 +243,8 @@ const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCo
     // Pre-testing comes at a performance cost because we have to execute another ssh subprocess after
     // a successful test. Only do when absolutely necessary.
     if (testCmdArgs) {
-        const { command, args } = createCommand(request, testCmdArgs, proxyCommand);
+        const { command, args } = createCommand(request, testCmdArgs, undefined, // No need to re-apply SSH options from setupData
+        proxyCommand);
         // Assumes that this is a non-interactive ssh command that exits automatically
         return spawnSshNode({
             credential,
@@ -251,15 +261,18 @@ const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCo
     return null;
 });
 const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a;
     const { authn, request, cmdArgs, privateKey, sshProvider } = args;
+    const { debug } = cmdArgs;
     if (!privateKey) {
         throw "Failed to load a private key for this request. Please contact support@p0.dev for assistance.";
     }
     const credential = yield sshProvider.cloudProviderLogin(authn, request);
     const proxyCommand = sshProvider.proxyCommand(request);
-    const { command, args: commandArgs } = createCommand(request, cmdArgs, proxyCommand);
-    if (cmdArgs.debug) {
-        const reproCommands = sshProvider.reproCommands(request);
+    const setupData = yield ((_a = sshProvider.setup) === null || _a === void 0 ? void 0 : _a.call(sshProvider, request, { debug }));
+    const { command, args: commandArgs } = createCommand(request, cmdArgs, setupData, proxyCommand);
+    if (debug) {
+        const reproCommands = sshProvider.reproCommands(request, setupData);
         if (reproCommands) {
             const repro = [
                 ...reproCommands,
@@ -269,20 +282,27 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
         }
     }
     const endTime = Date.now() + sshProvider.propagationTimeoutMs;
-    const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential, endTime);
-    if (exitCode && exitCode !== 0) {
-        return exitCode; // Only exit if there was an error when pre-testing
+    let sshNodeExit;
+    try {
+        const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential, endTime);
+        if (exitCode && exitCode !== 0) {
+            return exitCode; // Only exit if there was an error when pre-testing
+        }
+        sshNodeExit = yield spawnSshNode({
+            credential,
+            abortController: new AbortController(),
+            command,
+            args: commandArgs,
+            stdio: ["inherit", "inherit", "pipe"],
+            debug,
+            provider: request.type,
+            endTime: endTime,
+        });
     }
-    return spawnSshNode({
-        credential,
-        abortController: new AbortController(),
-        command,
-        args: commandArgs,
-        stdio: ["inherit", "inherit", "pipe"],
-        debug: cmdArgs.debug,
-        provider: request.type,
-        endTime: endTime,
-    });
+    finally {
+        yield (setupData === null || setupData === void 0 ? void 0 : setupData.teardown());
+    }
+    return sshNodeExit;
 });
 exports.sshOrScp = sshOrScp;
 //# sourceMappingURL=index.js.map

package/dist/plugins/ssh/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,QAAqB,EACrB,KAAgD,EAChD,OAA4B,EAC5B,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,8BAA8B,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAClE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IAAI,KAAK,EAAE;YACT,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YACpE,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,yBAAyB;SAC/E;QAED,IAAI,gBAAgB,EAAE;YACpB,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,gBAAgB,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,8BAA8B,GAAG,CACrC,WAAmB,EACnB,OAA4B,EAC5B,EAAE;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,IAAI,OAAO,CAAC,KAAK,EAAE;YACjB,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;SACd;aAAM;YACL,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;gBACnD,oEAAoE;gBACpE,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;iBAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBAChE,8DAA8D;gBAC9D,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;SACF;KACF;AACH,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CACrE,CAAC,CACF,CAAC;gBACF,IAAA,cAAM,EACJ,oCAAoC,MAAM,oCAAoC,gBAAgB,WAAW,CAC1G,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,sBAAsB,CACrE,QAAQ,EACR,KAAK,EACL,OAAO,CACR,CAAC;YAEF,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;wBAChC,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yDAAyD,CACnH,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;yBACjC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBACjB,OAAO;iBACR;qBAAM,IAAI,gBAAgB,EAAE,EAAE;oBAC7B,MAAM,CACJ,MAAA,QAAQ,CAAC,oBAAoB,mCAC3B,wBAAwB,QAAQ,CAAC,YAAY,aAAa,CAC7D,CAAC;oBACF,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAElC,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CAAC,IAAiB,EAAE,YAAsB,EAAE,EAAE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAgB,CAAC,CAAC;QACxC,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KACjE;IAED,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,OAAe,EACf,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAEtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;YAChB,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAElE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC;IAE9D,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,EACV,OAAO,CACR,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA7DW,QAAA,QAAQ,YA6DnB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAImC;AACnC,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,QAAqB,EACrB,KAAgD,EAChD,OAA4B,EAC5B,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,8BAA8B,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAClE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IAAI,KAAK,EAAE;YACT,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YACpE,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,yBAAyB;SAC/E;QAED,IAAI,gBAAgB,EAAE;YACpB,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,gBAAgB,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,8BAA8B,GAAG,CACrC,WAAmB,EACnB,OAA4B,EAC5B,EAAE;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,IAAI,OAAO,CAAC,KAAK,EAAE;YACjB,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;SACd;aAAM;YACL,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;gBACnD,oEAAoE;gBACpE,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;iBAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBAChE,8DAA8D;gBAC9D,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;SACF;KACF;AACH,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CACrE,CAAC,CACF,CAAC;gBACF,IAAA,cAAM,EACJ,oCAAoC,MAAM,oCAAoC,gBAAgB,WAAW,CAC1G,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,sBAAsB,CACrE,QAAQ,EACR,KAAK,EACL,OAAO,CACR,CAAC;YAEF,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;wBAChC,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yDAAyD,CACnH,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;yBACjC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBACjB,OAAO;iBACR;qBAAM,IAAI,gBAAgB,EAAE,EAAE;oBAC7B,MAAM,CACJ,MAAA,QAAQ,CAAC,oBAAoB,mCAC3B,wBAAwB,QAAQ,CAAC,YAAY,aAAa,CAC7D,CAAC;oBACF,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,SAAyC,EACzC,YAAsB,EACtB,EAAE;;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAE7C,MAAM,mBAAmB,GAAG,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,UAAU,mCAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,IAAI,CAAC;IAE7B,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;IAEvE,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,GAAG,YAAY;gBACf,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,YAAY;YACf,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CACpB,IAAiB,EACjB,uBAAiC,EACjC,SAAyC,EACzC,EAAE;;IACF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,YAAY,mCAAI,uBAAgB,CAAC,CAAC;QAEnE,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,yBAAyB,GAAG,UAAU,CAAC,IAAI,CAC/C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,yBAAyB,IAAI,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE;QACpE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KAC5E;IAED,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,OAAe,EACf,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAEtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CACrC,OAAO,EACP,WAAW,EACX,SAAS,EAAE,iDAAiD;QAC5D,YAAY,CACb,CAAC;QACF,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;YAChB,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,MAAM,CAAA,MAAA,WAAW,CAAC,KAAK,4DAAG,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA,CAAC;IAEhE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,SAAS,EACT,YAAY,CACb,CAAC;IAEF,IAAI,KAAK,EAAE;QACT,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACpE,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC;IAE9D,IAAI,WAAW,CAAC;IAEhB,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,EACV,OAAO,CACR,CAAC;QACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;YAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;SACrE;QAED,WAAW,GAAG,MAAM,YAAY,CAAC;YAC/B,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK;YACL,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;KACJ;YAAS;QACR,MAAM,CAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,EAAE,CAAA,CAAC;KAC7B;IAED,OAAO,WAAW,CAAC;AACrB,CAAC,CAAA,CAAC;AAzEW,QAAA,QAAQ,YAyEnB"}

package/dist/types/request.d.ts

@@ -9,11 +9,13 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 import { K8sPermissionSpec } from "../plugins/kubeconfig/types";
-import { PluginSshRequest } from "./ssh";
+import { PluginSshRequest, SupportedSshProvider } from "./ssh";
 export declare const DONE_STATUSES: readonly ["DONE", "DONE_NOTIFIED"];
 export declare const DENIED_STATUSES: readonly ["DENIED", "DENIED_NOTIFIED"];
 export declare const ERROR_STATUSES: readonly ["ERRORED", "ERRORED", "ERRORED_NOTIFIED"];
 export type PermissionSpec<K extends string, P extends {
+    provider: SupportedSshProvider;
+} | {
     type: string;
 }, G extends object | undefined = undefined> = {
     type: K;

package/dist/types/ssh.d.ts

@@ -8,23 +8,26 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-import { CommandArgs } from "../commands/shared/ssh";
+import { CommandArgs, SshAdditionalSetup } from "../commands/shared/ssh";
 import { AwsSsh, AwsSshPermissionSpec, AwsSshRequest } from "../plugins/aws/types";
+import { AzureSsh, AzureSshPermissionSpec, AzureSshRequest } from "../plugins/azure/types";
 import { GcpSsh, GcpSshPermissionSpec, GcpSshRequest } from "../plugins/google/types";
 import { Authn } from "./identity";
 import { Request } from "./request";
-export type CliSshRequest = AwsSsh | GcpSsh;
-export type PluginSshRequest = AwsSshPermissionSpec | GcpSshPermissionSpec;
+export type CliSshRequest = AwsSsh | AzureSsh | GcpSsh;
+export type PluginSshRequest = AwsSshPermissionSpec | AzureSshPermissionSpec | GcpSshPermissionSpec;
 export type CliPermissionSpec<P extends PluginSshRequest, C extends object | undefined> = P & {
     cliLocalData: C;
 };
-export declare const SupportedSshProviders: readonly ["aws", "gcloud"];
+export declare const SupportedSshProviders: readonly ["aws", "azure", "gcloud"];
 export type SupportedSshProvider = (typeof SupportedSshProviders)[number];
 export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
     /** Logs in the user to the cloud provider */
     cloudProviderLogin: (authn: Authn, request: SR) => Promise<C>;
     /** Callback to ensure that this provider's CLI utils are installed */
     ensureInstall: () => Promise<void>;
+    /** Validate the SSH key if necessary; throw an exception if the key is invalid */
+    validateSshKey?: (request: Request<PR>, publicKey: string) => boolean;
     /** A human-readable name for this CSP */
     friendlyName: string;
     /** Friendly message to ask the user to log in to the CSP */
@@ -41,11 +44,16 @@ export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extend
      * the actual ssh/scp command.
      */
     preTestAccessPropagationArgs: (cmdArgs: CommandArgs) => CommandArgs | undefined;
+    /** Perform any setup required before running the SSH command. Returns a list of additional arguments to pass to the
+     * SSH command. */
+    setup?: (request: SR, options?: {
+        debug?: boolean;
+    }) => Promise<SshAdditionalSetup>;
     /** Returns the command and its arguments that are going to be injected as the ssh ProxyCommand option */
     proxyCommand: (request: SR) => string[];
     /** Each element in the returned array is a command that can be run to reproduce the
      * steps of logging in the user to the ssh session. */
-    reproCommands: (request: SR) => string[] | undefined;
+    reproCommands: (request: SR, additionalData?: SshAdditionalSetup) => string[] | undefined;
     /** Unwraps this provider's types */
     requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
     /** Regex matches for error strings indicating that the provider has not yet fully provisioned node acces */
@@ -60,4 +68,4 @@ export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extend
         debug?: boolean;
     }) => Promise<Request<CliSshRequest>>;
 };
-export type SshRequest = AwsSshRequest | GcpSshRequest;
+export type SshRequest = AwsSshRequest | AzureSshRequest | GcpSshRequest;

package/dist/types/ssh.js

@@ -2,5 +2,5 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SupportedSshProviders = void 0;
 // The prefix of installed SSH accounts in P0 is the provider name
-exports.SupportedSshProviders = ["aws", "gcloud"];
+exports.SupportedSshProviders = ["aws", "azure", "gcloud"];
 //# sourceMappingURL=ssh.js.map

package/dist/types/ssh.js.map

@@ -1 +1 @@
-{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/types/ssh.ts"],"names":[],"mappings":";;;AAkCA,kEAAkE;AACrD,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAU,CAAC"}
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/types/ssh.ts"],"names":[],"mappings":";;;AA0CA,kEAAkE;AACrD,QAAA,qBAAqB,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAU,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@p0security/cli",
-  "version": "0.11.4",
+  "version": "0.13.0",
   "description": "Execute infra CLI commands with P0 grants",
   "main": "index.ts",
   "repository": {