@p0security/cli 0.12.0 → 0.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/ls.js +24 -4
- package/dist/commands/ls.js.map +1 -1
- package/dist/commands/scp.js +5 -0
- package/dist/commands/scp.js.map +1 -1
- package/dist/commands/shared/ssh.d.ts +11 -1
- package/dist/commands/shared/ssh.js +6 -5
- package/dist/commands/shared/ssh.js.map +1 -1
- package/dist/commands/ssh.js +8 -3
- package/dist/commands/ssh.js.map +1 -1
- package/dist/plugins/aws/ssh.js +1 -0
- package/dist/plugins/aws/ssh.js.map +1 -1
- package/dist/plugins/azure/auth.d.ts +11 -0
- package/dist/plugins/azure/auth.js +56 -0
- package/dist/plugins/azure/auth.js.map +1 -0
- package/dist/plugins/azure/keygen.d.ts +13 -0
- package/dist/plugins/azure/keygen.js +69 -0
- package/dist/plugins/azure/keygen.js.map +1 -0
- package/dist/plugins/azure/ssh.d.ts +2 -14
- package/dist/plugins/azure/ssh.js +118 -23
- package/dist/plugins/azure/ssh.js.map +1 -1
- package/dist/plugins/azure/tunnel.d.ts +14 -0
- package/dist/plugins/azure/tunnel.js +160 -0
- package/dist/plugins/azure/tunnel.js.map +1 -0
- package/dist/plugins/azure/types.d.ts +14 -8
- package/dist/plugins/google/ssh.js +1 -0
- package/dist/plugins/google/ssh.js.map +1 -1
- package/dist/plugins/ssh/index.js +60 -32
- package/dist/plugins/ssh/index.js.map +1 -1
- package/dist/types/ssh.d.ts +22 -9
- package/package.json +1 -1
package/dist/commands/ls.js
CHANGED
|
@@ -30,6 +30,7 @@ const firestore_1 = require("../drivers/firestore");
|
|
|
30
30
|
const stdio_1 = require("../drivers/stdio");
|
|
31
31
|
const lodash_1 = require("lodash");
|
|
32
32
|
const pluralize_1 = __importDefault(require("pluralize"));
|
|
33
|
+
const DEFAULT_RESPONSE_SIZE = 15;
|
|
33
34
|
const lsArgs = (yargs) => yargs
|
|
34
35
|
.parserConfiguration({ "unknown-options-as-args": true })
|
|
35
36
|
.help(false)
|
|
@@ -40,9 +41,27 @@ const lsArgs = (yargs) => yargs
|
|
|
40
41
|
});
|
|
41
42
|
const lsCommand = (yargs) => yargs.command("ls [arguments..]", "List request-command arguments", lsArgs, (0, firestore_1.fsShutdownGuard)(ls));
|
|
42
43
|
exports.lsCommand = lsCommand;
|
|
44
|
+
/**
|
|
45
|
+
* If the user has requested a size, replace it with double the requested size,
|
|
46
|
+
* otherwise request double the default.
|
|
47
|
+
*
|
|
48
|
+
* This is done so that we can give the user a sense of the number of results
|
|
49
|
+
* that are not displayed.
|
|
50
|
+
*/
|
|
51
|
+
const convertLsSizeArg = (args) => {
|
|
52
|
+
var _a;
|
|
53
|
+
const convertedArgs = [...args];
|
|
54
|
+
const sizeIndex = convertedArgs.findIndex((a) => a === "--size");
|
|
55
|
+
const requestedSize = +((_a = (sizeIndex >= 0
|
|
56
|
+
? (0, lodash_1.pullAt)(convertedArgs, sizeIndex, sizeIndex + 1)[1]
|
|
57
|
+
: undefined)) !== null && _a !== void 0 ? _a : DEFAULT_RESPONSE_SIZE);
|
|
58
|
+
convertedArgs.push("--size", String(requestedSize * 2));
|
|
59
|
+
return { convertedArgs, requestedSize };
|
|
60
|
+
};
|
|
43
61
|
const ls = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
44
62
|
const authn = yield (0, auth_1.authenticate)();
|
|
45
|
-
const
|
|
63
|
+
const { convertedArgs, requestedSize } = convertLsSizeArg(args.arguments);
|
|
64
|
+
const data = yield (0, stdio_1.spinUntil)("Listing accessible resources", (0, api_1.fetchCommand)(authn, args, ["ls", ...convertedArgs]));
|
|
46
65
|
const allArguments = [...args._, ...args.arguments];
|
|
47
66
|
if (data && "ok" in data && data.ok) {
|
|
48
67
|
const label = (0, pluralize_1.default)(data.arg);
|
|
@@ -50,8 +69,8 @@ const ls = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
50
69
|
(0, stdio_1.print2)(`No ${label}`);
|
|
51
70
|
return;
|
|
52
71
|
}
|
|
53
|
-
const truncationPart = data.
|
|
54
|
-
? ` the first ${data.items.length}`
|
|
72
|
+
const truncationPart = data.items.length > requestedSize
|
|
73
|
+
? ` the first ${requestedSize} (of ${data.isTruncated ? "many" : data.items.length})`
|
|
55
74
|
: "";
|
|
56
75
|
const postfixPart = data.term
|
|
57
76
|
? ` matching '${data.term}'`
|
|
@@ -59,7 +78,8 @@ const ls = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
59
78
|
? ` (use \`p0 ${allArguments.join(" ")} <like>\` to narrow results)`
|
|
60
79
|
: "";
|
|
61
80
|
(0, stdio_1.print2)(`Showing${truncationPart} ${label}${postfixPart}.\nResources labeled with * are already accessible to you:`);
|
|
62
|
-
const
|
|
81
|
+
const truncated = (0, lodash_1.slice)(data.items, 0, requestedSize);
|
|
82
|
+
const sortedItems = (0, lodash_1.orderBy)(truncated, "isPreexisting", "desc");
|
|
63
83
|
const isSameValue = sortedItems.every((i) => !i.group && i.key === i.value);
|
|
64
84
|
const maxLength = (0, lodash_1.max)(sortedItems.map((i) => i.key.length)) || 0;
|
|
65
85
|
for (const item of sortedItems) {
|
package/dist/commands/ls.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ls.js","sourceRoot":"","sources":["../../src/commands/ls.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA0C;AAC1C,wCAA8C;AAC9C,0CAA+C;AAC/C,oDAAuD;AACvD,4CAA6D;AAC7D,
|
|
1
|
+
{"version":3,"file":"ls.js","sourceRoot":"","sources":["../../src/commands/ls.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA0C;AAC1C,wCAA8C;AAC9C,0CAA+C;AAC/C,oDAAuD;AACvD,4CAA6D;AAC7D,mCAAqD;AACrD,0DAAkC;AAGlC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAejC,MAAM,MAAM,GAAG,CAAI,KAAoB,EAAE,EAAE,CACzC,KAAK;KACF,mBAAmB,CAAC,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC;KACxD,IAAI,CAAC,KAAK,CAAC;KACX,MAAM,CAAC,WAAW,EAAE;IACnB,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC,CAAC;AAEA,MAAM,SAAS,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC7C,KAAK,CAAC,OAAO,CACX,kBAAkB,EAClB,gCAAgC,EAChC,MAAM,EACN,IAAA,2BAAe,EAAC,EAAE,CAAC,CACpB,CAAC;AANS,QAAA,SAAS,aAMlB;AAEJ;;;;;;GAMG;AACH,MAAM,gBAAgB,GAAG,CAAC,IAAc,EAAE,EAAE;;IAC1C,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IACjE,MAAM,aAAa,GAAG,CAAC,CACrB,MAAA,CAAC,SAAS,IAAI,CAAC;QACb,CAAC,CAAC,IAAA,eAAM,EAAC,aAAa,EAAE,SAAS,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,CAAC,SAAS,CAAC,mCAAI,qBAAqB,CACxC,CAAC;IACF,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC;IACxD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC;AAC1C,CAAC,CAAC;AAEF,MAAM,EAAE,GAAG,CACT,IAEE,EACF,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IACnC,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE1E,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAS,EAC1B,8BAA8B,EAC9B,IAAA,kBAAY,EAAa,KAAK,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,aAAa,CAAC,CAAC,CAChE,CAAC;IACF,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAEpD,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE;QACnC,MAAM,KAAK,GAAG,IAAA,mBAAS,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;YAC3B,IAAA,cAAM,EAAC,MAAM,KAAK,EAAE,CAAC,CAAC;YACtB,OAAO;SACR;QACD,MAAM,cAAc,GAClB,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,aAAa;YAC/B,CAAC,CAAC,cAAc,aAAa,QAAQ,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG;YACrF,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI;YAC3B,CAAC,CAAC,cAAc,IAAI,CAAC,IAAI,GAAG;YAC5B,CAAC,CAAC,IAAI,CAAC,WAAW;gBAChB,CAAC,CAAC,cAAc,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,8BAA8B;gBACpE,CAAC,CAAC,EAAE,CAAC;QAET,IAAA,cAAM,EACJ,UAAU,cAAc,IAAI,KAAK,GAAG,WAAW,4DAA4D,CAC5G,CAAC;QACF,MAAM,SAAS,GAAG,IAAA,cAAK,EAAC,IAAI,CAAC,KAAK,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC;QACtD,MAAM,WAAW,GAAG,IAAA,gBAAO,EAAC,SAAS,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,IAAA,YAAG,EAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC;QACjE,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE;YAC9B,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YACvE,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAChD,IAAA,cAAM,EACJ,GAAG,MAAM,GACP,WAAW;gBACT,CAAC,CAAC,IAAI,CAAC,GAAG;gBACV,CAAC,CAAC,SAAS,GAAG,EAAE;oBACd,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,OAAO,cAAO,CAAC,GAAG,GAAG,OAAO,GAAG,cAAO,CAAC,KAAK,EAAE;oBAC3D,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,cAAO,CAAC,GAAG,MAAM,OAAO,GAAG,cAAO,CAAC,KAAK,EAChF,EAAE,CACH,CAAC;SACH;KACF;SAAM;QACL,MAAM,IAAI,CAAC;KACZ;AACH,CAAC,CAAA,CAAC"}
|
package/dist/commands/scp.js
CHANGED
|
@@ -83,6 +83,11 @@ const scpAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
83
83
|
? args["--"].map(String)
|
|
84
84
|
: [];
|
|
85
85
|
args.sshOptions = sshOptions;
|
|
86
|
+
// TODO(ENG-3142): Azure SSH currently doesn't support specifying a port; throw an error if one is set.
|
|
87
|
+
if (args.provider === "azure" &&
|
|
88
|
+
sshOptions.some((opt) => opt.startsWith("-P"))) {
|
|
89
|
+
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
90
|
+
}
|
|
86
91
|
const host = getHostIdentifier(args.source, args.destination);
|
|
87
92
|
if (!host) {
|
|
88
93
|
throw "Could not determine host identifier from source or destination";
|
package/dist/commands/scp.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,oDAAuD;AACvD,wCAA0C;AAC1C,sCAAiE;AACjE,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,4BAA4B;AAC5B,6DAA6D;AAC7D,mDAAmD,EACnD,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,MAAM,CAAC,GAAG,EAAE;IACX,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,qCAAqC;CAChD,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,8CAA8C;CACzD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,2BAAqB;CAC/B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,8CAA8C,CAAC;IACtD,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;sGAE4F,CAC7F,EAEL,IAAA,2BAAe,EAAC,SAAS,CAAC,CAC3B,CAAC;AAvDS,QAAA,UAAU,cAuDnB;AAEJ;;;GAGG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9D,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,gEAAgE,CAAC;KACxE;IAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC/D,KAAK,EACL,IAAI,EACJ,IAAI,CACL,CAAC;IAEF,qDAAqD;IACrD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvE,MAAM,IAAA,cAAQ,EAAC;QACb,KAAK;QACL,OAAO;QACP,OAAO,kCACF,IAAI,KACP,MAAM;YACN,WAAW,GACZ;QACD,UAAU;QACV,WAAW;KACZ,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,sFAAsF;AACtF,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,CAAC,sBAAsB;AAErE,gFAAgF;AAChF,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAW,EAAE;IACnD,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,WAAmB,EAAE,EAAE;IAChE,6FAA6F;IAC7F,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC;IAErD,IAAI,cAAc,IAAI,mBAAmB,EAAE;QACzC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7B;IAED,6DAA6D;IAC7D,MAAM,0DAA0D,CAAC;AACnE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,MAAkB,EAAE,IAAoB,EAAE,EAAE;IAC3E,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAEnC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACzE;IAED,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACnF;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,oDAAuD;AACvD,wCAA0C;AAC1C,sCAAiE;AACjE,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,4BAA4B;AAC5B,6DAA6D;AAC7D,mDAAmD,EACnD,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,MAAM,CAAC,GAAG,EAAE;IACX,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,qCAAqC;CAChD,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,8CAA8C;CACzD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,2BAAqB;CAC/B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,8CAA8C,CAAC;IACtD,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;sGAE4F,CAC7F,EAEL,IAAA,2BAAe,EAAC,SAAS,CAAC,CAC3B,CAAC;AAvDS,QAAA,UAAU,cAuDnB;AAEJ;;;GAGG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9D,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,gEAAgE,CAAC;KACxE;IAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC/D,KAAK,EACL,IAAI,EACJ,IAAI,CACL,CAAC;IAEF,qDAAqD;IACrD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvE,MAAM,IAAA,cAAQ,EAAC;QACb,KAAK;QACL,OAAO;QACP,OAAO,kCACF,IAAI,KACP,MAAM;YACN,WAAW,GACZ;QACD,UAAU;QACV,WAAW;KACZ,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AAEF,sFAAsF;AACtF,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,CAAC,sBAAsB;AAErE,gFAAgF;AAChF,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAW,EAAE;IACnD,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,WAAmB,EAAE,EAAE;IAChE,6FAA6F;IAC7F,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC;IAErD,IAAI,cAAc,IAAI,mBAAmB,EAAE;QACzC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7B;IAED,6DAA6D;IAC7D,MAAM,0DAA0D,CAAC;AACnE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,MAAkB,EAAE,IAAoB,EAAE,EAAE;IAC3E,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAEnC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACzE;IAED,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACnF;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC,CAAC"}
|
|
@@ -5,7 +5,7 @@ import yargs from "yargs";
|
|
|
5
5
|
export type BaseSshCommandArgs = {
|
|
6
6
|
sudo?: boolean;
|
|
7
7
|
reason?: string;
|
|
8
|
-
|
|
8
|
+
parent?: string;
|
|
9
9
|
provider?: SupportedSshProvider;
|
|
10
10
|
debug?: boolean;
|
|
11
11
|
sshOptions?: string[];
|
|
@@ -22,6 +22,16 @@ export type SshCommandArgs = BaseSshCommandArgs & {
|
|
|
22
22
|
command?: string;
|
|
23
23
|
};
|
|
24
24
|
export type CommandArgs = ScpCommandArgs | SshCommandArgs;
|
|
25
|
+
export type SshAdditionalSetup = {
|
|
26
|
+
/** A list of SSH configuration options, as would be used after '-o' in an SSH command */
|
|
27
|
+
sshOptions: string[];
|
|
28
|
+
/** The path to the private key file to use for the SSH connection, instead of the default P0 CLI managed key */
|
|
29
|
+
identityFile: string;
|
|
30
|
+
/** The port to connect to, overriding the default */
|
|
31
|
+
port: string;
|
|
32
|
+
/** Perform any teardown required after the SSH command exits but before terminating the P0 CLI */
|
|
33
|
+
teardown: () => Promise<void>;
|
|
34
|
+
};
|
|
25
35
|
export declare const SSH_PROVIDERS: Record<SupportedSshProvider, SshProvider<any, any, any, any>>;
|
|
26
36
|
export declare const isSudoCommand: (args: {
|
|
27
37
|
sudo?: boolean;
|
|
@@ -66,7 +66,7 @@ const provisionRequest = (authn, args, destination) => __awaiter(void 0, void 0,
|
|
|
66
66
|
...(args.provider ? ["--provider", args.provider] : []),
|
|
67
67
|
...((0, exports.isSudoCommand)(args) ? ["--sudo"] : []),
|
|
68
68
|
...(args.reason ? ["--reason", args.reason] : []),
|
|
69
|
-
...(args.
|
|
69
|
+
...(args.parent ? ["--parent", args.parent] : []),
|
|
70
70
|
], wait: true }), authn, { message: "approval-required" });
|
|
71
71
|
if (!response) {
|
|
72
72
|
(0, stdio_1.print2)("Did not receive access ID from server");
|
|
@@ -78,9 +78,6 @@ const provisionRequest = (authn, args, destination) => __awaiter(void 0, void 0,
|
|
|
78
78
|
else
|
|
79
79
|
(0, stdio_1.print2)("Existing access found. Connecting to instance.");
|
|
80
80
|
const provisionedRequest = yield (0, _1.waitForProvisioning)(authn, id);
|
|
81
|
-
if (provisionedRequest.permission.publicKey !== publicKey) {
|
|
82
|
-
throw "Public key mismatch. Please revoke the request and try again.";
|
|
83
|
-
}
|
|
84
81
|
return { provisionedRequest, publicKey, privateKey };
|
|
85
82
|
});
|
|
86
83
|
exports.provisionRequest = provisionRequest;
|
|
@@ -89,8 +86,12 @@ const prepareRequest = (authn, args, destination) => __awaiter(void 0, void 0, v
|
|
|
89
86
|
if (!result) {
|
|
90
87
|
throw "Server did not return a request id. Please contact support@p0.dev for assistance.";
|
|
91
88
|
}
|
|
92
|
-
const { provisionedRequest } = result;
|
|
89
|
+
const { provisionedRequest, publicKey } = result;
|
|
93
90
|
const sshProvider = exports.SSH_PROVIDERS[provisionedRequest.permission.provider];
|
|
91
|
+
if (sshProvider.validateSshKey &&
|
|
92
|
+
!sshProvider.validateSshKey(provisionedRequest, publicKey)) {
|
|
93
|
+
throw "Public key mismatch. Please revoke the request and try again.";
|
|
94
|
+
}
|
|
94
95
|
yield sshProvider.ensureInstall();
|
|
95
96
|
const cliRequest = yield pluginToCliRequest(provisionedRequest, {
|
|
96
97
|
debug: args.debug,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAAwC;AACxC,4CAAkD;AAClD,uDAA8C;AAC9C,+CAA6C;AAC7C,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAI1D,yCAMyB;AACzB,uCAAoC;AACpC,kDAA4C;AAC5C,mCAA8B;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAAwC;AACxC,4CAAkD;AAClD,uDAA8C;AAC9C,+CAA6C;AAC7C,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAI1D,yCAMyB;AACzB,uCAAoC;AACpC,kDAA4C;AAC5C,mCAA8B;AAyCjB,QAAA,aAAa,GAGtB;IACF,GAAG,EAAE,oBAAc;IACnB,KAAK,EAAE,sBAAgB;IACvB,MAAM,EAAE,oBAAc;CACvB,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,KAAY,EACZ,IAAkD,EAClD,EAAE;;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,kBAAM,EAC5B,IAAA,eAAG,EAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACzD,CAAC;IACF,MAAM,WAAW,GAAG,MAAA,SAAS,CAAC,IAAI,EAAE,0CAAG,WAAW,CAAC,CAAC;IAEpD,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ;QACpC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjB,CAAC,CAAC,2BAAqB,CAAC;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,EAAE,CAAC,CAAC,MAAM,CACpD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACf,KAAK,CAAC,KAAK,IAAI,WAAW;QAC1B,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAC5D,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,mEAAmE,CAAC;KAC3E;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,OAAkC,EAClC,OAA6B,EACI,EAAE;IACnC,OAAA,MAAM,qBAAa,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAC3D,OAAc,EACd,OAAO,CACR,CAAA;EAAA,CAAC;AAEG,MAAM,aAAa,GAAG,CAAC,IAA0C,EAAE,EAAE,CAC1E,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,CAAC;AAD1B,QAAA,aAAa,iBACa;AAEhC,MAAM,gBAAgB,GAAG,CAC9B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,EAAE;IACF,MAAM,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,oBAAa,GAAE,CAAC;IAExD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAElC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,SAAS;YACT,WAAW;YACX,cAAc;YACd,SAAS;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAA,qBAAa,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;QAChD,OAAO;KACR;IACD,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IACvC,IAAI,CAAC,aAAa;QAAE,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;;QAC9D,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;IAE/D,MAAM,kBAAkB,GAAG,MAAM,IAAA,sBAAmB,EAClD,KAAK,EACL,EAAE,CACH,CAAC;IAEF,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvD,CAAC,CAAA,CAAC;AA3CW,QAAA,gBAAgB,oBA2C3B;AAEK,MAAM,cAAc,GAAG,CAC5B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mFAAmF,CAAC;KAC3F;IAED,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAEjD,MAAM,WAAW,GAAG,qBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1E,IACE,WAAW,CAAC,cAAc;QAC1B,CAAC,WAAW,CAAC,cAAc,CAAC,kBAAkB,EAAE,SAAS,CAAC,EAC1D;QACA,MAAM,+DAA+D,CAAC;KACvE;IAED,MAAM,WAAW,CAAC,aAAa,EAAE,CAAC;IAElC,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,EAAE;QAC9D,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAErD,uCAAY,MAAM,KAAE,OAAO,EAAE,WAAW,IAAG;AAC7C,CAAC,CAAA,CAAC;AA7BW,QAAA,cAAc,kBA6BzB"}
|
package/dist/commands/ssh.js
CHANGED
|
@@ -48,14 +48,14 @@ const sshCommand = (yargs) => yargs.command("ssh <destination> [command [argumen
|
|
|
48
48
|
describe: "Reason access is needed",
|
|
49
49
|
type: "string",
|
|
50
50
|
})
|
|
51
|
-
.option("
|
|
51
|
+
.option("parent", {
|
|
52
52
|
type: "string",
|
|
53
|
-
describe: "The
|
|
53
|
+
describe: "The containing parent resource which the instance belongs to (account, project, subscription, etc.)",
|
|
54
54
|
})
|
|
55
55
|
.option("provider", {
|
|
56
56
|
type: "string",
|
|
57
57
|
describe: "The cloud provider where the instance is hosted",
|
|
58
|
-
choices: ["aws", "gcloud"],
|
|
58
|
+
choices: ["aws", "azure", "gcloud"],
|
|
59
59
|
})
|
|
60
60
|
.option("debug", {
|
|
61
61
|
type: "boolean",
|
|
@@ -86,6 +86,11 @@ const sshAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
86
86
|
? args["--"].map(String)
|
|
87
87
|
: [];
|
|
88
88
|
args.sshOptions = sshOptions;
|
|
89
|
+
// TODO(ENG-3142): Azure SSH currently doesn't support specifying a port; throw an error if one is set.
|
|
90
|
+
if (args.provider === "azure" &&
|
|
91
|
+
sshOptions.some((opt) => opt.startsWith("-p"))) {
|
|
92
|
+
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
93
|
+
}
|
|
89
94
|
const { request, privateKey, sshProvider } = yield (0, ssh_2.prepareRequest)(authn, args, args.destination);
|
|
90
95
|
yield (0, ssh_1.sshOrScp)({
|
|
91
96
|
authn,
|
package/dist/commands/ssh.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,oDAAuD;AACvD,wCAA0C;AAC1C,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,2CAA2C,EAC3C,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,UAAU,CAAC,SAAS,EAAE;IACrB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,2BAA2B;CACtC,CAAC;KACD,UAAU,CAAC,WAAW,EAAE;IACvB,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;IACF,8BAA8B;KAC7B,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,oDAAuD;AACvD,wCAA0C;AAC1C,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,2CAA2C,EAC3C,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,UAAU,CAAC,SAAS,EAAE;IACrB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,2BAA2B;CACtC,CAAC;KACD,UAAU,CAAC,WAAW,EAAE;IACvB,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;IACF,8BAA8B;KAC7B,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,gEAAgE,CAAC;IACxE,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;;;mGAIyF,CAC1F,EAEL,IAAA,2BAAe,EAAC,SAAS,CAAC,CAC3B,CAAC;AAzDS,QAAA,UAAU,cAyDnB;AAEJ;;;;;;GAMG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,0FAA0F;IAC1F,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC/D,KAAK,EACL,IAAI,EACJ,IAAI,CAAC,WAAW,CACjB,CAAC;IAEF,MAAM,IAAA,cAAQ,EAAC;QACb,KAAK;QACL,OAAO;QACP,OAAO,EAAE,IAAI;QACb,UAAU;QACV,WAAW;KACZ,CAAC,CAAC;AACL,CAAC,CAAA,CAAC"}
|
package/dist/plugins/aws/ssh.js
CHANGED
|
@@ -55,6 +55,7 @@ exports.awsSshProvider = {
|
|
|
55
55
|
? yield (0, aws_1.assumeRoleWithOktaSaml)(authn, request)
|
|
56
56
|
: (0, util_1.throwAssertNever)(config.login);
|
|
57
57
|
}),
|
|
58
|
+
validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
|
|
58
59
|
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
59
60
|
if (!(yield (0, install_1.ensureSsmInstall)())) {
|
|
60
61
|
throw "Please try again after installing the required AWS utilities";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,IAAI;YACJ,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,IAAI;YACJ,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export declare const azLoginCommand: () => {
|
|
2
|
+
command: string;
|
|
3
|
+
args: string[];
|
|
4
|
+
};
|
|
5
|
+
export declare const azAccountSetCommand: (subscriptionId: string) => {
|
|
6
|
+
command: string;
|
|
7
|
+
args: string[];
|
|
8
|
+
};
|
|
9
|
+
export declare const azLogin: (subscriptionId: string, options?: {
|
|
10
|
+
debug?: boolean;
|
|
11
|
+
}) => Promise<void>;
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.azLogin = exports.azAccountSetCommand = exports.azLoginCommand = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
24
|
+
const util_1 = require("../../util");
|
|
25
|
+
const azLoginCommand = () => ({
|
|
26
|
+
command: "az",
|
|
27
|
+
args: ["login"],
|
|
28
|
+
});
|
|
29
|
+
exports.azLoginCommand = azLoginCommand;
|
|
30
|
+
const azAccountSetCommand = (subscriptionId) => ({
|
|
31
|
+
command: "az",
|
|
32
|
+
args: ["account", "set", "--subscription", subscriptionId],
|
|
33
|
+
});
|
|
34
|
+
exports.azAccountSetCommand = azAccountSetCommand;
|
|
35
|
+
const azLogin = (subscriptionId, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
36
|
+
const { debug } = options;
|
|
37
|
+
if (debug)
|
|
38
|
+
(0, stdio_1.print2)("Logging in to Azure...");
|
|
39
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, exports.azLoginCommand)();
|
|
40
|
+
const loginResult = yield (0, util_1.exec)(azLoginExe, azLoginArgs, { check: true });
|
|
41
|
+
if (debug) {
|
|
42
|
+
(0, stdio_1.print2)(loginResult.stdout);
|
|
43
|
+
(0, stdio_1.print2)(loginResult.stderr);
|
|
44
|
+
(0, stdio_1.print2)(`Setting active Azure subscription to ${subscriptionId}...`);
|
|
45
|
+
}
|
|
46
|
+
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, exports.azAccountSetCommand)(subscriptionId);
|
|
47
|
+
const accountSetResult = yield (0, util_1.exec)(azAccountSetExe, azAccountSetArgs, {
|
|
48
|
+
check: true,
|
|
49
|
+
});
|
|
50
|
+
if (debug) {
|
|
51
|
+
(0, stdio_1.print2)(accountSetResult.stdout);
|
|
52
|
+
(0, stdio_1.print2)(accountSetResult.stderr);
|
|
53
|
+
}
|
|
54
|
+
});
|
|
55
|
+
exports.azLogin = azLogin;
|
|
56
|
+
//# sourceMappingURL=auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAE3B,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,CAAC;IACnC,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,OAAO,CAAC;CAChB,CAAC,CAAC;AAHU,QAAA,cAAc,kBAGxB;AAEI,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAAC,CAAC;IAC9D,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC;CAC3D,CAAC,CAAC;AAHU,QAAA,mBAAmB,uBAG7B;AAEI,MAAM,OAAO,GAAG,CACrB,cAAsB,EACtB,UAA+B,EAAE,EACjC,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;IAE5C,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,sBAAc,GAAE,CAAC;IACpE,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAEzE,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAA,cAAM,EAAC,wCAAwC,cAAc,KAAK,CAAC,CAAC;KACrE;IAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,cAAc,CAAC,CAAC;IACtC,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;QACrE,KAAK,EAAE,IAAI;KACZ,CAAC,CAAC;IAEH,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;KACjC;AACH,CAAC,CAAA,CAAC;AA3BW,QAAA,OAAO,WA2BlB"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export declare const AD_CERT_FILENAME = "p0cli-azure-ad-ssh-cert.pub";
|
|
2
|
+
export declare const AD_SSH_KEY_PRIVATE = "id_rsa";
|
|
3
|
+
export declare const azSshCertCommand: (keyPath: string) => {
|
|
4
|
+
command: string;
|
|
5
|
+
args: string[];
|
|
6
|
+
};
|
|
7
|
+
export declare const createTempDirectoryForKeys: () => Promise<{
|
|
8
|
+
path: string;
|
|
9
|
+
cleanup: () => Promise<void>;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const generateSshKeyAndAzureAdCert: (keyPath: string, options?: {
|
|
12
|
+
debug?: boolean;
|
|
13
|
+
}) => Promise<void>;
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.generateSshKeyAndAzureAdCert = exports.createTempDirectoryForKeys = exports.azSshCertCommand = exports.AD_SSH_KEY_PRIVATE = exports.AD_CERT_FILENAME = void 0;
|
|
16
|
+
/** Copyright © 2024-present P0 Security
|
|
17
|
+
|
|
18
|
+
This file is part of @p0security/cli
|
|
19
|
+
|
|
20
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
21
|
+
|
|
22
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
23
|
+
|
|
24
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
|
+
**/
|
|
26
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
27
|
+
const util_1 = require("../../util");
|
|
28
|
+
const node_path_1 = __importDefault(require("node:path"));
|
|
29
|
+
const tmp_promise_1 = __importDefault(require("tmp-promise"));
|
|
30
|
+
// We pass in the name of the certificate file to generate
|
|
31
|
+
exports.AD_CERT_FILENAME = "p0cli-azure-ad-ssh-cert.pub";
|
|
32
|
+
// The `az ssh cert` command manages key generation, and generates SSH RSA keys with the standard names
|
|
33
|
+
exports.AD_SSH_KEY_PRIVATE = "id_rsa";
|
|
34
|
+
const azSshCertCommand = (keyPath) => ({
|
|
35
|
+
command: "az",
|
|
36
|
+
args: ["ssh", "cert", "--file", node_path_1.default.join(keyPath, exports.AD_CERT_FILENAME)],
|
|
37
|
+
});
|
|
38
|
+
exports.azSshCertCommand = azSshCertCommand;
|
|
39
|
+
const createTempDirectoryForKeys = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
40
|
+
// unsafeCleanup lets us delete the directory even if there are still files in it, which is fine since the
|
|
41
|
+
// files are no longer needed once we've authenticated to the remote system.
|
|
42
|
+
const { path, cleanup } = yield tmp_promise_1.default.dir({
|
|
43
|
+
mode: 0o700,
|
|
44
|
+
prefix: "p0cli-",
|
|
45
|
+
unsafeCleanup: true,
|
|
46
|
+
});
|
|
47
|
+
return { path, cleanup };
|
|
48
|
+
});
|
|
49
|
+
exports.createTempDirectoryForKeys = createTempDirectoryForKeys;
|
|
50
|
+
const generateSshKeyAndAzureAdCert = (keyPath, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
51
|
+
const { debug } = options;
|
|
52
|
+
if (debug)
|
|
53
|
+
(0, stdio_1.print2)("Generating Azure AD SSH certificate...");
|
|
54
|
+
try {
|
|
55
|
+
const { command, args } = (0, exports.azSshCertCommand)(keyPath);
|
|
56
|
+
const { stdout, stderr } = yield (0, util_1.exec)(command, args, { check: true });
|
|
57
|
+
if (debug) {
|
|
58
|
+
(0, stdio_1.print2)(stdout);
|
|
59
|
+
(0, stdio_1.print2)(stderr);
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
catch (error) {
|
|
63
|
+
(0, stdio_1.print2)(error.stdout);
|
|
64
|
+
(0, stdio_1.print2)(error.stderr);
|
|
65
|
+
throw `Failed to generate Azure AD SSH certificate: ${error}`;
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
exports.generateSshKeyAndAzureAdCert = generateSshKeyAndAzureAdCert;
|
|
69
|
+
//# sourceMappingURL=keygen.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keygen.js","sourceRoot":"","sources":["../../../src/plugins/azure/keygen.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAClC,0DAA6B;AAC7B,8DAA8B;AAE9B,0DAA0D;AAC7C,QAAA,gBAAgB,GAAG,6BAA6B,CAAC;AAE9D,uGAAuG;AAC1F,QAAA,kBAAkB,GAAG,QAAQ,CAAC;AAEpC,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAE,EAAE,CAAC,CAAC;IACpD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,wBAAgB,CAAC,CAAC;CACtE,CAAC,CAAC;AAHU,QAAA,gBAAgB,oBAG1B;AAEI,MAAM,0BAA0B,GAAG,GAGvC,EAAE;IACH,0GAA0G;IAC1G,4EAA4E;IAC5E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,qBAAG,CAAC,GAAG,CAAC;QACtC,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,QAAQ;QAChB,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAA,CAAC;AAbW,QAAA,0BAA0B,8BAarC;AAEK,MAAM,4BAA4B,GAAG,CAC1C,OAAe,EACf,UAA+B,EAAE,EACjC,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,wCAAwC,CAAC,CAAC;IAE5D,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAgB,EAAC,OAAO,CAAC,CAAC;QACpD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;YACf,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;SAChB;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,MAAM,gDAAgD,KAAK,EAAE,CAAC;KAC/D;AACH,CAAC,CAAA,CAAC;AArBW,QAAA,4BAA4B,gCAqBvC"}
|
|
@@ -1,15 +1,3 @@
|
|
|
1
|
-
/** Copyright © 2024-present P0 Security
|
|
2
|
-
|
|
3
|
-
This file is part of @p0security/cli
|
|
4
|
-
|
|
5
|
-
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
-
|
|
7
|
-
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
-
|
|
9
|
-
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
-
**/
|
|
11
1
|
import { SshProvider } from "../../types/ssh";
|
|
12
|
-
import { AzureSshPermissionSpec, AzureSshRequest } from "./types";
|
|
13
|
-
export declare const azureSshProvider: SshProvider<AzureSshPermissionSpec,
|
|
14
|
-
linuxUserName: string;
|
|
15
|
-
}, AzureSshRequest>;
|
|
2
|
+
import { AzureLocalData, AzureSshPermissionSpec, AzureSshRequest } from "./types";
|
|
3
|
+
export declare const azureSshProvider: SshProvider<AzureSshPermissionSpec, AzureLocalData, AzureSshRequest>;
|
|
@@ -8,19 +8,44 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
15
|
exports.azureSshProvider = void 0;
|
|
13
|
-
|
|
14
|
-
|
|
16
|
+
/** Copyright © 2024-present P0 Security
|
|
17
|
+
|
|
18
|
+
This file is part of @p0security/cli
|
|
19
|
+
|
|
20
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
21
|
+
|
|
22
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
23
|
+
|
|
24
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
|
+
**/
|
|
26
|
+
const ssh_1 = require("../../commands/shared/ssh");
|
|
27
|
+
const auth_1 = require("./auth");
|
|
15
28
|
const install_1 = require("./install");
|
|
29
|
+
const keygen_1 = require("./keygen");
|
|
30
|
+
const tunnel_1 = require("./tunnel");
|
|
31
|
+
const node_path_1 = __importDefault(require("node:path"));
|
|
32
|
+
const unprovisionedAccessPatterns = [
|
|
33
|
+
{
|
|
34
|
+
// The output of `sudo -v` when the user is not allowed to run sudo
|
|
35
|
+
pattern: /Sorry, user .+ may not run sudo on .+/,
|
|
36
|
+
},
|
|
37
|
+
];
|
|
38
|
+
const provisionedAccessPatterns = [
|
|
39
|
+
{
|
|
40
|
+
pattern: /sudo: a password is required/,
|
|
41
|
+
},
|
|
42
|
+
];
|
|
16
43
|
// TODO: Determine what this value should be for Azure
|
|
17
44
|
const PROPAGATION_TIMEOUT_LIMIT_MS = 2 * 60 * 1000;
|
|
18
45
|
exports.azureSshProvider = {
|
|
19
46
|
// TODO: Natively support Azure login in P0 CLI
|
|
20
47
|
cloudProviderLogin: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
|
-
//
|
|
22
|
-
// Azure permissions are only updated upon login.
|
|
23
|
-
yield (0, util_1.exec)("az", ["login"]);
|
|
48
|
+
// Login is handled as part of setup() below
|
|
24
49
|
return undefined;
|
|
25
50
|
}),
|
|
26
51
|
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -33,26 +58,96 @@ exports.azureSshProvider = {
|
|
|
33
58
|
// TODO: Determine value
|
|
34
59
|
loginRequiredPattern: undefined,
|
|
35
60
|
propagationTimeoutMs: PROPAGATION_TIMEOUT_LIMIT_MS,
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
61
|
+
preTestAccessPropagationArgs: (cmdArgs) => {
|
|
62
|
+
if ((0, ssh_1.isSudoCommand)(cmdArgs)) {
|
|
63
|
+
return Object.assign(Object.assign({}, cmdArgs), {
|
|
64
|
+
// `sudo -v` prints `Sorry, user <user> may not run sudo on <hostname>.` to stderr when user is not a sudoer.
|
|
65
|
+
// we have to use `-n` flag to avoid the oauth prompt on azure cli.
|
|
66
|
+
command: "sudo", arguments: ["-nv"] });
|
|
67
|
+
}
|
|
68
|
+
return undefined;
|
|
69
|
+
},
|
|
70
|
+
// Azure doesn't support ProxyCommand, as nice as that would be. Yet.
|
|
39
71
|
proxyCommand: () => [],
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
72
|
+
reproCommands: (request, additionalData) => {
|
|
73
|
+
var _a;
|
|
74
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, auth_1.azLoginCommand)();
|
|
75
|
+
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, auth_1.azAccountSetCommand)(request.subscriptionId);
|
|
76
|
+
const getKeyPath = () => {
|
|
77
|
+
// Use the same key path as the one generated in setup() so it matches the ssh command that is generated
|
|
78
|
+
// elsewhere. It'll be an annoying long temporary directory name, but it strictly will work for reproduction. If
|
|
79
|
+
// additionalData isn't present (which it always should be for the azureSshProvider), we'll use the user's home
|
|
80
|
+
// directory.
|
|
81
|
+
if (additionalData) {
|
|
82
|
+
return node_path_1.default.dirname(additionalData.identityFile);
|
|
83
|
+
}
|
|
84
|
+
else {
|
|
85
|
+
const basePath = process.env.HOME || process.env.USERPROFILE || "";
|
|
86
|
+
return node_path_1.default.join(basePath, "p0cli-azure-ssh-keys");
|
|
87
|
+
}
|
|
88
|
+
};
|
|
89
|
+
const keyPath = getKeyPath();
|
|
90
|
+
const { command: azCertGenExe, args: azCertGenArgs } = (0, keygen_1.azSshCertCommand)(keyPath);
|
|
91
|
+
// If additionalData is undefined (which, again, should be never), use the default port for Azure Network Bastion
|
|
92
|
+
// tunnels instead of generating a random one
|
|
93
|
+
const { command: azTunnelExe, args: azTunnelArgs } = (0, tunnel_1.azBastionTunnelCommand)(request, (_a = additionalData === null || additionalData === void 0 ? void 0 : additionalData.port) !== null && _a !== void 0 ? _a : "50022", { debug: true } // reproCommands() is only invoked in debug mode, so this is a safe assumption
|
|
94
|
+
);
|
|
95
|
+
return [
|
|
96
|
+
`${azLoginExe} ${azLoginArgs.join(" ")}`,
|
|
97
|
+
`${azAccountSetExe} ${azAccountSetArgs.join(" ")}`,
|
|
98
|
+
`mkdir ${keyPath}`,
|
|
99
|
+
`${azCertGenExe} ${azCertGenArgs.join(" ")}`,
|
|
100
|
+
`${azTunnelExe} ${azTunnelArgs.join(" ")}`,
|
|
101
|
+
];
|
|
102
|
+
},
|
|
103
|
+
setup: (request, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
104
|
+
const { debug } = options;
|
|
105
|
+
// The subscription ID here is used to ensure that the user is logged in to the correct tenant/directory.
|
|
106
|
+
// As long as a subscription ID in the correct tenant is provided, this will work; it need not be the same
|
|
107
|
+
// subscription as which contains the Bastion host or the target VM.
|
|
108
|
+
yield (0, auth_1.azLogin)(request.subscriptionId, { debug }); // Always re-login to Azure CLI
|
|
109
|
+
const { path: keyPath, cleanup: sshKeyPathCleanup } = yield (0, keygen_1.createTempDirectoryForKeys)();
|
|
110
|
+
const wrappedCreateCertAndTunnel = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
111
|
+
try {
|
|
112
|
+
yield (0, keygen_1.generateSshKeyAndAzureAdCert)(keyPath, { debug });
|
|
113
|
+
return yield (0, tunnel_1.trySpawnBastionTunnel)(request, { debug });
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
yield sshKeyPathCleanup();
|
|
117
|
+
throw error;
|
|
118
|
+
}
|
|
119
|
+
});
|
|
120
|
+
const { killTunnel, tunnelLocalPort } = yield wrappedCreateCertAndTunnel();
|
|
121
|
+
const sshPrivateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_SSH_KEY_PRIVATE);
|
|
122
|
+
const sshCertificateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_CERT_FILENAME);
|
|
123
|
+
const teardown = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
124
|
+
yield killTunnel();
|
|
125
|
+
yield sshKeyPathCleanup();
|
|
126
|
+
});
|
|
127
|
+
return {
|
|
128
|
+
sshOptions: [
|
|
129
|
+
`CertificateFile=${sshCertificateKeyPath}`,
|
|
130
|
+
// Because we connect to the Azure Network Bastion tunnel via a local port instead of a ProxyCommand, every
|
|
131
|
+
// instance connected to will appear to `ssh` to be the same host but presenting a different host key (i.e.,
|
|
132
|
+
// `ssh` always connects to localhost but each VM will present its own host key), which will trigger MITM attack
|
|
133
|
+
// warnings. We disable host key checking to avoid this. This is ordinarily very dangerous, but in this case,
|
|
134
|
+
// security of the connection is ensured by the Azure Bastion Network tunnel, which utilizes HTTPS and thus has
|
|
135
|
+
// its own MITM protection.
|
|
136
|
+
"StrictHostKeyChecking=no",
|
|
137
|
+
"UserKnownHostsFile=/dev/null",
|
|
138
|
+
],
|
|
139
|
+
identityFile: sshPrivateKeyPath,
|
|
140
|
+
port: tunnelLocalPort,
|
|
141
|
+
teardown,
|
|
142
|
+
};
|
|
48
143
|
}),
|
|
49
|
-
|
|
50
|
-
unprovisionedAccessPatterns
|
|
51
|
-
|
|
52
|
-
toCliRequest: (request
|
|
53
|
-
return
|
|
54
|
-
linuxUserName:
|
|
55
|
-
} })
|
|
144
|
+
requestToSsh: (request) => (Object.assign(Object.assign({ type: "azure", id: "localhost" }, request.cliLocalData), { instanceId: request.permission.resource.instanceId, subscriptionId: request.permission.resource.subscriptionId, instanceResourceGroup: request.permission.resource.resourceGroupId, bastionId: request.permission.bastionHostId })),
|
|
145
|
+
unprovisionedAccessPatterns,
|
|
146
|
+
provisionedAccessPatterns,
|
|
147
|
+
toCliRequest: (request) => __awaiter(void 0, void 0, void 0, function* () {
|
|
148
|
+
return Object.assign(Object.assign({}, request), { cliLocalData: {
|
|
149
|
+
linuxUserName: request.principal,
|
|
150
|
+
} });
|
|
56
151
|
}),
|
|
57
152
|
};
|
|
58
153
|
//# sourceMappingURL=ssh.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,iCAAsE;AACtE,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,MAAM,2BAA2B,GAAG;IAClC;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;CACO,CAAC;AAEX,MAAM,yBAAyB,GAAG;IAChC;QACE,OAAO,EAAE,8BAA8B;KACxC;CACO,CAAC;AAEX,sDAAsD;AACtD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,mEAAmE;gBACnE,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,KAAK,CAAC,IAClB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qEAAqE;IACrE,YAAY,EAAE,GAAG,EAAE,CAAC,EAAE;IAEtB,aAAa,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE;;QACzC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,qBAAc,GAAE,CAAC;QACpE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,0BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,wGAAwG;YACxG,gHAAgH;YAChH,+GAA+G;YAC/G,aAAa;YACb,IAAI,cAAc,EAAE;gBAClB,OAAO,mBAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;aAClD;iBAAM;gBACL,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;gBACnE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;aACpD;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,GAClD,IAAA,yBAAgB,EAAC,OAAO,CAAC,CAAC;QAE5B,iHAAiH;QACjH,6CAA6C;QAC7C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,+BAAsB,EACzE,OAAO,EACP,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,mCAAI,OAAO,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,8EAA8E;SAC/F,CAAC;QAEF,OAAO;YACL,GAAG,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACxC,GAAG,eAAe,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAClD,SAAS,OAAO,EAAE;YAClB,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC5C,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,EAAE,CAAO,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,EAAE;QACrC,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAE1B,yGAAyG;QACzG,0GAA0G;QAC1G,oEAAoE;QACpE,MAAM,IAAA,cAAO,EAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,+BAA+B;QAEjF,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,GACjD,MAAM,IAAA,mCAA0B,GAAE,CAAC;QAErC,MAAM,0BAA0B,GAAG,GAAS,EAAE;YAC5C,IAAI;gBACF,MAAM,IAAA,qCAA4B,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACvD,OAAO,MAAM,IAAA,8BAAqB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;aACxD;YAAC,OAAO,KAAU,EAAE;gBACnB,MAAM,iBAAiB,EAAE,CAAC;gBAC1B,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAA,CAAC;QAEF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,0BAA0B,EAAE,CAAC;QAE3E,MAAM,iBAAiB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAAkB,CAAC,CAAC;QACjE,MAAM,qBAAqB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAgB,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,GAAS,EAAE;YAC1B,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAA,CAAC;QAEF,OAAO;YACL,UAAU,EAAE;gBACV,mBAAmB,qBAAqB,EAAE;gBAE1C,2GAA2G;gBAC3G,4GAA4G;gBAC5G,gHAAgH;gBAChH,6GAA6G;gBAC7G,+GAA+G;gBAC/G,2BAA2B;gBAC3B,0BAA0B;gBAC1B,8BAA8B;aAC/B;YACD,YAAY,EAAE,iBAAiB;YAC/B,IAAI,EAAE,eAAe;YACrB,QAAQ;SACT,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,+BACzB,IAAI,EAAE,OAAO,EACb,EAAE,EAAE,WAAW,IACZ,OAAO,CAAC,YAAY,KACvB,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAClD,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,EAC1D,qBAAqB,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAClE,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,aAAa,IAC3C;IAEF,2BAA2B;IAC3B,yBAAyB;IAEzB,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE;QAC9B,uCACK,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,OAAO,CAAC,SAAS;aACjC,IACD;IACJ,CAAC,CAAA;CACF,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { AzureSshRequest } from "./types";
|
|
2
|
+
export type BastionTunnelMeta = {
|
|
3
|
+
killTunnel: () => Promise<void>;
|
|
4
|
+
tunnelLocalPort: string;
|
|
5
|
+
};
|
|
6
|
+
export declare const azBastionTunnelCommand: (request: AzureSshRequest, port: string, options?: {
|
|
7
|
+
debug?: boolean;
|
|
8
|
+
}) => {
|
|
9
|
+
command: string;
|
|
10
|
+
args: string[];
|
|
11
|
+
};
|
|
12
|
+
export declare const trySpawnBastionTunnel: (request: AzureSshRequest, options?: {
|
|
13
|
+
debug?: boolean;
|
|
14
|
+
}) => Promise<BastionTunnelMeta>;
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.trySpawnBastionTunnel = exports.azBastionTunnelCommand = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const retry_1 = require("../../common/retry");
|
|
24
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
25
|
+
const util_1 = require("../../util");
|
|
26
|
+
const node_child_process_1 = require("node:child_process");
|
|
27
|
+
const TUNNEL_READY_STRING = "Tunnel is ready";
|
|
28
|
+
const SPAWN_TUNNEL_TRIES = 3;
|
|
29
|
+
// Ignore these debug messages from the tunnel process; they are far too noisy and spam the terminal with useless info
|
|
30
|
+
// anytime the SSH/SCP session has network activity.
|
|
31
|
+
const tunnelDebugOutputIgnorePatterns = [
|
|
32
|
+
/Waiting for (debugger|websocket) data/i,
|
|
33
|
+
/Received (debugger|websocket)/i,
|
|
34
|
+
/Sending to (debugger|websocket)/i,
|
|
35
|
+
];
|
|
36
|
+
const azBastionTunnelCommand = (request, port, options = {}) => ({
|
|
37
|
+
command: "az",
|
|
38
|
+
args: [
|
|
39
|
+
"network",
|
|
40
|
+
"bastion",
|
|
41
|
+
"tunnel",
|
|
42
|
+
"--ids",
|
|
43
|
+
request.bastionId,
|
|
44
|
+
"--target-resource-id",
|
|
45
|
+
request.instanceId,
|
|
46
|
+
"--resource-port",
|
|
47
|
+
"22",
|
|
48
|
+
"--port",
|
|
49
|
+
port,
|
|
50
|
+
...(options.debug ? ["--debug"] : []),
|
|
51
|
+
],
|
|
52
|
+
});
|
|
53
|
+
exports.azBastionTunnelCommand = azBastionTunnelCommand;
|
|
54
|
+
const selectRandomPort = () => {
|
|
55
|
+
// The IANA ephemeral port range is 49152 to 65535, inclusive. Pick a random value in that range.
|
|
56
|
+
// If the port is in use (unlikely but possible), we can just generate a new value and try again.
|
|
57
|
+
// 16384 is 65535 - 49152 + 1, the number of possible ports in the range.
|
|
58
|
+
const port = Math.floor(Math.random() * 16384) + 49152;
|
|
59
|
+
return port.toString();
|
|
60
|
+
};
|
|
61
|
+
const spawnBastionTunnelInBackground = (request, port, options = {}) => {
|
|
62
|
+
const { debug } = options;
|
|
63
|
+
return new Promise((resolve, reject) => {
|
|
64
|
+
let processSignalledToExit = false;
|
|
65
|
+
let processExited = false;
|
|
66
|
+
let stdout = "";
|
|
67
|
+
let stderr = "";
|
|
68
|
+
const { command, args } = (0, exports.azBastionTunnelCommand)(request, port, { debug });
|
|
69
|
+
if (debug)
|
|
70
|
+
(0, stdio_1.print2)("Spawning Azure Bastion tunnel process...");
|
|
71
|
+
// Spawn the process in detached mode so that it is in its own process group; this lets us kill it and all
|
|
72
|
+
// descendent processes together.
|
|
73
|
+
const child = (0, node_child_process_1.spawn)(command, args, { detached: true });
|
|
74
|
+
child.on("exit", (code) => {
|
|
75
|
+
processExited = true;
|
|
76
|
+
if (code === 0) {
|
|
77
|
+
if (debug)
|
|
78
|
+
(0, stdio_1.print2)("Azure Bastion tunnel process exited normally.");
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
if (!debug) {
|
|
82
|
+
// stdout and stderr are printed in real-time when debugging is enabled, so we don't need to print them here
|
|
83
|
+
(0, stdio_1.print2)(stdout);
|
|
84
|
+
(0, stdio_1.print2)(stderr);
|
|
85
|
+
}
|
|
86
|
+
reject(`Error running Azure Network Bastion tunnel; tunnel process ended with status ${code}`);
|
|
87
|
+
});
|
|
88
|
+
child.stdout.on("data", (data) => {
|
|
89
|
+
const str = data.toString("utf-8");
|
|
90
|
+
stdout += str;
|
|
91
|
+
if (debug &&
|
|
92
|
+
!tunnelDebugOutputIgnorePatterns.some((regex) => str.match(regex))) {
|
|
93
|
+
(0, stdio_1.print2)(str);
|
|
94
|
+
}
|
|
95
|
+
});
|
|
96
|
+
child.stderr.on("data", (data) => {
|
|
97
|
+
const str = data.toString("utf-8");
|
|
98
|
+
stderr += str;
|
|
99
|
+
if (debug &&
|
|
100
|
+
!tunnelDebugOutputIgnorePatterns.some((regex) => str.match(regex))) {
|
|
101
|
+
(0, stdio_1.print2)(str);
|
|
102
|
+
}
|
|
103
|
+
if (str.includes(TUNNEL_READY_STRING)) {
|
|
104
|
+
(0, stdio_1.print2)("Azure Bastion tunnel is ready.");
|
|
105
|
+
resolve({
|
|
106
|
+
killTunnel: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
107
|
+
if (processSignalledToExit || processExited)
|
|
108
|
+
return;
|
|
109
|
+
processSignalledToExit = true;
|
|
110
|
+
if (child.pid) {
|
|
111
|
+
// Kill the process and all its descendents via killing the process group; this is only possible
|
|
112
|
+
// because we launched the process with `detached: true` above. This is necessary because `az` is
|
|
113
|
+
// actually a bash script that spawns a Python process, and we need to kill the Python process as well.
|
|
114
|
+
// SIGINT is equivalent to pressing Ctrl-C in the terminal; allows for the tunnel process to perform any
|
|
115
|
+
// necessary cleanup of its own before exiting. The negative PID is what indicates that we want to kill
|
|
116
|
+
// the whole process group.
|
|
117
|
+
try {
|
|
118
|
+
if (debug) {
|
|
119
|
+
(0, stdio_1.print2)(`Sending SIGINT to Azure Bastion tunnel process (${child.pid})...`);
|
|
120
|
+
}
|
|
121
|
+
process.kill(-child.pid, "SIGINT");
|
|
122
|
+
// Give the tunnel a chance to quit gracefully after the SIGINT by waiting at least 250 ms and up to
|
|
123
|
+
// 5 seconds. If the process is still running after that, it's probably hung; SIGKILL it to force it to
|
|
124
|
+
// end immediately.
|
|
125
|
+
const SPIN_WAIT_MS = 250;
|
|
126
|
+
for (let spins = 0; spins < 20; spins++) {
|
|
127
|
+
yield (0, util_1.sleep)(SPIN_WAIT_MS);
|
|
128
|
+
if (processExited) {
|
|
129
|
+
if (debug) {
|
|
130
|
+
(0, stdio_1.print2)(`Azure Bastion tunnel process exited after SIGINT after ${spins * SPIN_WAIT_MS} ms.`);
|
|
131
|
+
}
|
|
132
|
+
return;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
if (debug) {
|
|
136
|
+
(0, stdio_1.print2)(`Azure Bastion tunnel process (${child.pid}) not responding, sending SIGKILL...`);
|
|
137
|
+
}
|
|
138
|
+
process.kill(-child.pid, "SIGKILL");
|
|
139
|
+
}
|
|
140
|
+
catch (error) {
|
|
141
|
+
// Ignore the error and move on; we might as well just exit without waiting since we can't control
|
|
142
|
+
// the child process, for whatever reason
|
|
143
|
+
(0, stdio_1.print2)(`Failed to kill Azure Bastion tunnel process: ${error}`);
|
|
144
|
+
child.unref();
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
}),
|
|
148
|
+
tunnelLocalPort: port,
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
});
|
|
152
|
+
});
|
|
153
|
+
};
|
|
154
|
+
const trySpawnBastionTunnel = (request, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
155
|
+
// Attempt to spawn the tunnel SPAWN_TUNNEL_TRIES times, picking a new port each time. If we fail
|
|
156
|
+
// too many times, then the problem is likely not the port, but something else.
|
|
157
|
+
return yield (0, retry_1.retryWithSleep)(() => spawnBastionTunnelInBackground(request, selectRandomPort(), options), () => true, SPAWN_TUNNEL_TRIES, 1000);
|
|
158
|
+
});
|
|
159
|
+
exports.trySpawnBastionTunnel = trySpawnBastionTunnel;
|
|
160
|
+
//# sourceMappingURL=tunnel.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tunnel.js","sourceRoot":"","sources":["../../../src/plugins/azure/tunnel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,+CAA6C;AAC7C,qCAAmC;AAEnC,2DAA2C;AAE3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,sHAAsH;AACtH,oDAAoD;AACpD,MAAM,+BAA+B,GAAa;IAChD,wCAAwC;IACxC,gCAAgC;IAChC,kCAAkC;CACnC,CAAC;AAOK,MAAM,sBAAsB,GAAG,CACpC,OAAwB,EACxB,IAAY,EACZ,UAA+B,EAAE,EACjC,EAAE,CAAC,CAAC;IACJ,OAAO,EAAE,IAAI;IACb,IAAI,EAAE;QACJ,SAAS;QACT,SAAS;QACT,QAAQ;QACR,OAAO;QACP,OAAO,CAAC,SAAS;QACjB,sBAAsB;QACtB,OAAO,CAAC,UAAU;QAClB,iBAAiB;QACjB,IAAI;QACJ,QAAQ;QACR,IAAI;QACJ,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACtC;CACF,CAAC,CAAC;AApBU,QAAA,sBAAsB,0BAoBhC;AAEH,MAAM,gBAAgB,GAAG,GAAW,EAAE;IACpC,iGAAiG;IACjG,iGAAiG;IACjG,yEAAyE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC;IACvD,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,CACrC,OAAwB,EACxB,IAAY,EACZ,UAA+B,EAAE,EACL,EAAE;IAC9B,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,OAAO,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxD,IAAI,sBAAsB,GAAG,KAAK,CAAC;QACnC,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,8BAAsB,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,0CAA0C,CAAC,CAAC;QAE9D,0GAA0G;QAC1G,iCAAiC;QACjC,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvD,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,aAAa,GAAG,IAAI,CAAC;YACrB,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,IAAI,KAAK;oBAAE,IAAA,cAAM,EAAC,+CAA+C,CAAC,CAAC;gBACnE,OAAO;aACR;YAED,IAAI,CAAC,KAAK,EAAE;gBACV,4GAA4G;gBAC5G,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;gBACf,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;aAChB;YAED,MAAM,CACJ,gFAAgF,IAAI,EAAE,CACvF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;YAED,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;gBACrC,IAAA,cAAM,EAAC,gCAAgC,CAAC,CAAC;gBAEzC,OAAO,CAAC;oBACN,UAAU,EAAE,GAAS,EAAE;wBACrB,IAAI,sBAAsB,IAAI,aAAa;4BAAE,OAAO;wBAEpD,sBAAsB,GAAG,IAAI,CAAC;wBAE9B,IAAI,KAAK,CAAC,GAAG,EAAE;4BACb,gGAAgG;4BAChG,iGAAiG;4BACjG,uGAAuG;4BACvG,wGAAwG;4BACxG,uGAAuG;4BACvG,2BAA2B;4BAC3B,IAAI;gCACF,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,mDAAmD,KAAK,CAAC,GAAG,MAAM,CACnE,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gCAEnC,oGAAoG;gCACpG,uGAAuG;gCACvG,mBAAmB;gCACnB,MAAM,YAAY,GAAG,GAAG,CAAC;gCACzB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE;oCACvC,MAAM,IAAA,YAAK,EAAC,YAAY,CAAC,CAAC;oCAE1B,IAAI,aAAa,EAAE;wCACjB,IAAI,KAAK,EAAE;4CACT,IAAA,cAAM,EACJ,0DAA0D,KAAK,GAAG,YAAY,MAAM,CACrF,CAAC;yCACH;wCACD,OAAO;qCACR;iCACF;gCAED,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,iCAAiC,KAAK,CAAC,GAAG,sCAAsC,CACjF,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;6BACrC;4BAAC,OAAO,KAAU,EAAE;gCACnB,kGAAkG;gCAClG,yCAAyC;gCACzC,IAAA,cAAM,EAAC,gDAAgD,KAAK,EAAE,CAAC,CAAC;gCAChE,KAAK,CAAC,KAAK,EAAE,CAAC;6BACf;yBACF;oBACH,CAAC,CAAA;oBACD,eAAe,EAAE,IAAI;iBACtB,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CACnC,OAAwB,EACxB,OAA6B,EACD,EAAE;IAC9B,iGAAiG;IACjG,+EAA+E;IAE/E,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAG,EAAE,CAAC,8BAA8B,CAAC,OAAO,EAAE,gBAAgB,EAAE,EAAE,OAAO,CAAC,EAC1E,GAAG,EAAE,CAAC,IAAI,EACV,kBAAkB,EAClB,IAAI,CACL,CAAC;AACJ,CAAC,CAAA,CAAC;AAbW,QAAA,qBAAqB,yBAahC"}
|
|
@@ -12,30 +12,36 @@ import { PermissionSpec } from "../../types/request";
|
|
|
12
12
|
import { CliPermissionSpec } from "../../types/ssh";
|
|
13
13
|
import { CommonSshPermissionSpec } from "../ssh/types";
|
|
14
14
|
export type AzureSshPermissionSpec = PermissionSpec<"ssh", AzureSshPermission>;
|
|
15
|
-
export type AzureSsh = CliPermissionSpec<AzureSshPermissionSpec,
|
|
16
|
-
linuxUserName: string;
|
|
17
|
-
}>;
|
|
15
|
+
export type AzureSsh = CliPermissionSpec<AzureSshPermissionSpec, AzureLocalData>;
|
|
18
16
|
export type AzureSshPermission = CommonSshPermissionSpec & {
|
|
19
17
|
provider: "azure";
|
|
20
18
|
destination: string;
|
|
21
19
|
parent: string | undefined;
|
|
22
20
|
group: string | undefined;
|
|
21
|
+
bastionHostId: string;
|
|
22
|
+
principal: string;
|
|
23
23
|
resource: {
|
|
24
|
-
instanceName: string;
|
|
25
24
|
instanceId: string;
|
|
26
|
-
|
|
25
|
+
instanceName: string;
|
|
27
26
|
subscriptionName: string;
|
|
28
27
|
resourceGroupId: string;
|
|
28
|
+
subscriptionId: string;
|
|
29
29
|
region: string;
|
|
30
30
|
networkInterfaceIds: string[];
|
|
31
31
|
};
|
|
32
32
|
};
|
|
33
33
|
export type AzureNodeSpec = {
|
|
34
|
-
type: "azure";
|
|
35
34
|
instanceId: string;
|
|
36
35
|
sudo?: boolean;
|
|
37
36
|
};
|
|
38
|
-
export type
|
|
39
|
-
|
|
37
|
+
export type AzureBastionSpec = {
|
|
38
|
+
bastionId: string;
|
|
39
|
+
};
|
|
40
|
+
export type AzureSshRequest = AzureNodeSpec & AzureBastionSpec & AzureLocalData & {
|
|
41
|
+
type: "azure";
|
|
42
|
+
id: "localhost";
|
|
43
|
+
subscriptionId: string;
|
|
44
|
+
};
|
|
45
|
+
export type AzureLocalData = {
|
|
40
46
|
linuxUserName: string;
|
|
41
47
|
};
|
|
@@ -65,6 +65,7 @@ exports.gcpSshProvider = {
|
|
|
65
65
|
throw "Please try again after installing the required GCP utilities";
|
|
66
66
|
}
|
|
67
67
|
}),
|
|
68
|
+
validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
|
|
68
69
|
friendlyName: "Google Cloud",
|
|
69
70
|
loginRequiredMessage: "Please login to Google Cloud CLI with 'gcloud auth login'",
|
|
70
71
|
loginRequiredPattern: /You do not currently have an active account selected/,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,uCAAgD;AAChD,uCAAyC;AAGzC,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,uCAAuC;IACvC,kBAAkB,EAAE,GAAS,EAAE,kDAAC,OAAA,SAAS,CAAA,GAAA;IAEzC,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,QAAQ;YACR,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI;YACJ,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY;YAC5C,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS;YAChD,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;aACzE,IACD,CAAA;MAAA;CACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,uCAAgD;AAChD,uCAAyC;AAGzC,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,uCAAuC;IACvC,kBAAkB,EAAE,GAAS,EAAE,kDAAC,OAAA,SAAS,CAAA,GAAA;IAEzC,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,QAAQ;YACR,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI;YACJ,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY;YAC5C,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS;YAChD,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;aACzE,IACD,CAAA;MAAA;CACH,CAAC"}
|
|
@@ -46,18 +46,23 @@ const RETRY_DELAY_MS = 5000;
|
|
|
46
46
|
* This works because AWS SSM wraps the session in a single-stream pty, so we
|
|
47
47
|
* do not capture stderr emitted from the wrapped shell session.
|
|
48
48
|
*/
|
|
49
|
-
const accessPropagationGuard = (
|
|
49
|
+
const accessPropagationGuard = (invalidAccessPatterns, validAccessPatterns, loginRequiredPattern, child, options) => {
|
|
50
50
|
let isEphemeralAccessDeniedException = false;
|
|
51
51
|
let isLoginException = false;
|
|
52
|
+
let isValidError = false;
|
|
52
53
|
child.stderr.on("data", (chunk) => {
|
|
53
54
|
const chunkString = chunk.toString("utf-8");
|
|
54
55
|
parseAndPrintSshOutputToStderr(chunkString, options);
|
|
55
|
-
const
|
|
56
|
-
|
|
56
|
+
const matchUnprovisionedPattern = invalidAccessPatterns.find((message) => chunkString.match(message.pattern));
|
|
57
|
+
const matchPreTestPattern = validAccessPatterns === null || validAccessPatterns === void 0 ? void 0 : validAccessPatterns.find((message) => chunkString.match(message.pattern));
|
|
58
|
+
if (matchUnprovisionedPattern) {
|
|
57
59
|
isEphemeralAccessDeniedException = true;
|
|
58
60
|
}
|
|
59
|
-
if (
|
|
60
|
-
|
|
61
|
+
if (matchPreTestPattern && !matchUnprovisionedPattern) {
|
|
62
|
+
isValidError = true;
|
|
63
|
+
}
|
|
64
|
+
if (loginRequiredPattern) {
|
|
65
|
+
const loginMatch = chunkString.match(loginRequiredPattern);
|
|
61
66
|
isLoginException = isLoginException || !!loginMatch; // once true, always true
|
|
62
67
|
}
|
|
63
68
|
if (isLoginException) {
|
|
@@ -65,7 +70,8 @@ const accessPropagationGuard = (provider, child, options) => {
|
|
|
65
70
|
}
|
|
66
71
|
});
|
|
67
72
|
return {
|
|
68
|
-
isAccessPropagated: () => !isEphemeralAccessDeniedException
|
|
73
|
+
isAccessPropagated: () => !isEphemeralAccessDeniedException &&
|
|
74
|
+
(!validAccessPatterns || isValidError),
|
|
69
75
|
isLoginException: () => isLoginException,
|
|
70
76
|
};
|
|
71
77
|
};
|
|
@@ -114,7 +120,7 @@ function spawnSshNode(options) {
|
|
|
114
120
|
}
|
|
115
121
|
const child = spawnChildProcess(options.credential, options.command, options.args, options.stdio);
|
|
116
122
|
// TODO ENG-2284 support login with Google Cloud: currently return a boolean to indicate if the exception was a Google login error.
|
|
117
|
-
const { isAccessPropagated, isLoginException } = accessPropagationGuard(provider, child, options);
|
|
123
|
+
const { isAccessPropagated, isLoginException } = accessPropagationGuard(provider.unprovisionedAccessPatterns, provider.provisionedAccessPatterns, provider.loginRequiredPattern, child, options);
|
|
118
124
|
const exitListener = child.on("exit", (code) => {
|
|
119
125
|
var _a, _b;
|
|
120
126
|
exitListener.unref();
|
|
@@ -138,19 +144,30 @@ function spawnSshNode(options) {
|
|
|
138
144
|
(_b = options.abortController) === null || _b === void 0 ? void 0 : _b.abort(code);
|
|
139
145
|
if (!options.isAccessPropagationPreTest)
|
|
140
146
|
(0, stdio_1.print2)(`SSH session terminated`);
|
|
147
|
+
if (options.isAccessPropagationPreTest && isAccessPropagated()) {
|
|
148
|
+
// override the exit code to 0 if the expected error was found, this means access is ready.
|
|
149
|
+
resolve(0);
|
|
150
|
+
return;
|
|
151
|
+
}
|
|
141
152
|
resolve(code);
|
|
142
153
|
});
|
|
143
154
|
});
|
|
144
155
|
});
|
|
145
156
|
}
|
|
146
|
-
const createCommand = (data, args, proxyCommand) => {
|
|
147
|
-
|
|
157
|
+
const createCommand = (data, args, setupData, proxyCommand) => {
|
|
158
|
+
var _a;
|
|
159
|
+
addCommonArgs(args, proxyCommand, setupData);
|
|
160
|
+
const sshOptionsOverrides = (_a = setupData === null || setupData === void 0 ? void 0 : setupData.sshOptions) !== null && _a !== void 0 ? _a : [];
|
|
161
|
+
const port = setupData === null || setupData === void 0 ? void 0 : setupData.port;
|
|
162
|
+
const argsOverride = sshOptionsOverrides.flatMap((opt) => ["-o", opt]);
|
|
148
163
|
if ("source" in args) {
|
|
149
164
|
addScpArgs(args);
|
|
150
165
|
return {
|
|
151
166
|
command: "scp",
|
|
152
167
|
args: [
|
|
153
168
|
...(args.sshOptions ? args.sshOptions : []),
|
|
169
|
+
...argsOverride,
|
|
170
|
+
...(port ? ["-P", port] : []),
|
|
154
171
|
args.source,
|
|
155
172
|
args.destination,
|
|
156
173
|
],
|
|
@@ -160,6 +177,8 @@ const createCommand = (data, args, proxyCommand) => {
|
|
|
160
177
|
command: "ssh",
|
|
161
178
|
args: [
|
|
162
179
|
...(args.sshOptions ? args.sshOptions : []),
|
|
180
|
+
...argsOverride,
|
|
181
|
+
...(port ? ["-p", port] : []),
|
|
163
182
|
`${data.linuxUserName}@${data.id}`,
|
|
164
183
|
...(args.command ? [args.command] : []),
|
|
165
184
|
...args.arguments.map((argument) =>
|
|
@@ -173,7 +192,8 @@ const createCommand = (data, args, proxyCommand) => {
|
|
|
173
192
|
*
|
|
174
193
|
* These common args are only added if they have not been explicitly specified by the end user.
|
|
175
194
|
*/
|
|
176
|
-
const addCommonArgs = (args,
|
|
195
|
+
const addCommonArgs = (args, sshProviderProxyCommand, setupData) => {
|
|
196
|
+
var _a;
|
|
177
197
|
const sshOptions = args.sshOptions ? args.sshOptions : [];
|
|
178
198
|
const identityFileOptionExists = sshOptions.some((opt, idx) => {
|
|
179
199
|
var _a;
|
|
@@ -184,15 +204,15 @@ const addCommonArgs = (args, proxyCommand) => {
|
|
|
184
204
|
// Explicitly specify which private key to use to avoid "Too many authentication failures"
|
|
185
205
|
// error caused by SSH trying every available key
|
|
186
206
|
if (!identityFileOptionExists) {
|
|
187
|
-
sshOptions.push("-i", keys_1.PRIVATE_KEY_PATH);
|
|
207
|
+
sshOptions.push("-i", (_a = setupData === null || setupData === void 0 ? void 0 : setupData.identityFile) !== null && _a !== void 0 ? _a : keys_1.PRIVATE_KEY_PATH);
|
|
188
208
|
// Only use the authentication identity specified by -i above
|
|
189
209
|
if (!identitiesOnlyOptionExists) {
|
|
190
210
|
sshOptions.push("-o", "IdentitiesOnly=yes");
|
|
191
211
|
}
|
|
192
212
|
}
|
|
193
|
-
const
|
|
194
|
-
if (!
|
|
195
|
-
sshOptions.push("-o", `ProxyCommand=${
|
|
213
|
+
const userSpecifiedProxyCommand = sshOptions.some((opt, idx) => { var _a; return opt === "-o" && ((_a = sshOptions[idx + 1]) === null || _a === void 0 ? void 0 : _a.startsWith("ProxyCommand")); });
|
|
214
|
+
if (!userSpecifiedProxyCommand && sshProviderProxyCommand.length > 0) {
|
|
215
|
+
sshOptions.push("-o", `ProxyCommand=${sshProviderProxyCommand.join(" ")}`);
|
|
196
216
|
}
|
|
197
217
|
// Force verbose output from SSH so we can parse the output
|
|
198
218
|
const verboseOptionExists = sshOptions.some((opt) => opt === "-v");
|
|
@@ -229,12 +249,12 @@ const transformForShell = (args) => {
|
|
|
229
249
|
});
|
|
230
250
|
};
|
|
231
251
|
/** Construct another command to use for testing access propagation prior to actually logging in the user to the ssh session */
|
|
232
|
-
const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCommand, credential, endTime) => __awaiter(void 0, void 0, void 0, function* () {
|
|
252
|
+
const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCommand, credential, setupData, endTime) => __awaiter(void 0, void 0, void 0, function* () {
|
|
233
253
|
const testCmdArgs = sshProvider.preTestAccessPropagationArgs(cmdArgs);
|
|
234
254
|
// Pre-testing comes at a performance cost because we have to execute another ssh subprocess after
|
|
235
255
|
// a successful test. Only do when absolutely necessary.
|
|
236
256
|
if (testCmdArgs) {
|
|
237
|
-
const { command, args } = createCommand(request, testCmdArgs, proxyCommand);
|
|
257
|
+
const { command, args } = createCommand(request, testCmdArgs, setupData, proxyCommand);
|
|
238
258
|
// Assumes that this is a non-interactive ssh command that exits automatically
|
|
239
259
|
return spawnSshNode({
|
|
240
260
|
credential,
|
|
@@ -251,15 +271,18 @@ const preTestAccessPropagationIfNeeded = (sshProvider, request, cmdArgs, proxyCo
|
|
|
251
271
|
return null;
|
|
252
272
|
});
|
|
253
273
|
const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
274
|
+
var _a;
|
|
254
275
|
const { authn, request, cmdArgs, privateKey, sshProvider } = args;
|
|
276
|
+
const { debug } = cmdArgs;
|
|
255
277
|
if (!privateKey) {
|
|
256
278
|
throw "Failed to load a private key for this request. Please contact support@p0.dev for assistance.";
|
|
257
279
|
}
|
|
258
280
|
const credential = yield sshProvider.cloudProviderLogin(authn, request);
|
|
259
281
|
const proxyCommand = sshProvider.proxyCommand(request);
|
|
260
|
-
const
|
|
261
|
-
|
|
262
|
-
|
|
282
|
+
const setupData = yield ((_a = sshProvider.setup) === null || _a === void 0 ? void 0 : _a.call(sshProvider, request, { debug }));
|
|
283
|
+
const { command, args: commandArgs } = createCommand(request, cmdArgs, setupData, proxyCommand);
|
|
284
|
+
if (debug) {
|
|
285
|
+
const reproCommands = sshProvider.reproCommands(request, setupData);
|
|
263
286
|
if (reproCommands) {
|
|
264
287
|
const repro = [
|
|
265
288
|
...reproCommands,
|
|
@@ -269,20 +292,25 @@ const sshOrScp = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
269
292
|
}
|
|
270
293
|
}
|
|
271
294
|
const endTime = Date.now() + sshProvider.propagationTimeoutMs;
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
295
|
+
try {
|
|
296
|
+
const exitCode = yield preTestAccessPropagationIfNeeded(sshProvider, request, cmdArgs, proxyCommand, credential, setupData, endTime);
|
|
297
|
+
if (exitCode && exitCode !== 0) {
|
|
298
|
+
return exitCode; // Only exit if there was an error when pre-testing
|
|
299
|
+
}
|
|
300
|
+
return yield spawnSshNode({
|
|
301
|
+
credential,
|
|
302
|
+
abortController: new AbortController(),
|
|
303
|
+
command,
|
|
304
|
+
args: commandArgs,
|
|
305
|
+
stdio: ["inherit", "inherit", "pipe"],
|
|
306
|
+
debug,
|
|
307
|
+
provider: request.type,
|
|
308
|
+
endTime: endTime,
|
|
309
|
+
});
|
|
310
|
+
}
|
|
311
|
+
finally {
|
|
312
|
+
yield (setupData === null || setupData === void 0 ? void 0 : setupData.teardown());
|
|
275
313
|
}
|
|
276
|
-
return spawnSshNode({
|
|
277
|
-
credential,
|
|
278
|
-
abortController: new AbortController(),
|
|
279
|
-
command,
|
|
280
|
-
args: commandArgs,
|
|
281
|
-
stdio: ["inherit", "inherit", "pipe"],
|
|
282
|
-
debug: cmdArgs.debug,
|
|
283
|
-
provider: request.type,
|
|
284
|
-
endTime: endTime,
|
|
285
|
-
});
|
|
286
314
|
});
|
|
287
315
|
exports.sshOrScp = sshOrScp;
|
|
288
316
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAAuE;AACvE,4CAAqD;AACrD,+CAA6C;AAG7C,qCAAmC;AAEnC,2DAK4B;AAG5B;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,QAAqB,EACrB,KAAgD,EAChD,OAA4B,EAC5B,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,8BAA8B,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAClE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IAAI,KAAK,EAAE;YACT,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,IAAI,QAAQ,CAAC,oBAAoB,EAAE;YACjC,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;YACpE,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,yBAAyB;SAC/E;QAED,IAAI,gBAAgB,EAAE;YACpB,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC,gCAAgC;QAC3D,gBAAgB,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,8BAA8B,GAAG,CACrC,WAAmB,EACnB,OAA4B,EAC5B,EAAE;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,IAAI,OAAO,CAAC,KAAK,EAAE;YACjB,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;SACd;aAAM;YACL,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;gBACnD,oEAAoE;gBACpE,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;iBAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBAChE,8DAA8D;gBAC9D,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;SACF;KACF;AACH,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CACrE,CAAC,CACF,CAAC;gBACF,IAAA,cAAM,EACJ,oCAAoC,MAAM,oCAAoC,gBAAgB,WAAW,CAC1G,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,sBAAsB,CACrE,QAAQ,EACR,KAAK,EACL,OAAO,CACR,CAAC;YAEF,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;wBAChC,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yDAAyD,CACnH,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;yBACjC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBACjB,OAAO;iBACR;qBAAM,IAAI,gBAAgB,EAAE,EAAE;oBAC7B,MAAM,CACJ,MAAA,QAAQ,CAAC,oBAAoB,mCAC3B,wBAAwB,QAAQ,CAAC,YAAY,aAAa,CAC7D,CAAC;oBACF,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,YAAsB,EACtB,EAAE;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAElC,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CAAC,IAAiB,EAAE,YAAsB,EAAE,EAAE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAgB,CAAC,CAAC;QACxC,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CACxC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KACjE;IAED,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,OAAe,EACf,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAEtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;QAC5E,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;YAChB,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAElE,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,YAAY,CACb,CAAC;IAEF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC;IAE9D,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,EACV,OAAO,CACR,CAAC;IACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;QAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;KACrE;IAED,OAAO,YAAY,CAAC;QAClB,UAAU;QACV,eAAe,EAAE,IAAI,eAAe,EAAE;QACtC,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;QACrC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;QACtB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA7DW,QAAA,QAAQ,YA6DnB"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ssh/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAImC;AACnC,4CAAqD;AACrD,+CAA6C;AAQ7C,qCAAmC;AAEnC,2DAK4B;AAG5B;;GAEG;AACH,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,sBAAsB,GAAG,CAC7B,qBAA+C,EAC/C,mBAAyD,EACzD,oBAAwC,EACxC,KAAgD,EAChD,OAA4B,EAC5B,EAAE;IACF,IAAI,gCAAgC,GAAG,KAAK,CAAC;IAC7C,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAChC,MAAM,WAAW,GAAW,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpD,8BAA8B,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAErD,MAAM,yBAAyB,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACvE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,MAAM,mBAAmB,GAAG,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAChE,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CACnC,CAAC;QAEF,IAAI,yBAAyB,EAAE;YAC7B,gCAAgC,GAAG,IAAI,CAAC;SACzC;QAED,IAAI,mBAAmB,IAAI,CAAC,yBAAyB,EAAE;YACrD,YAAY,GAAG,IAAI,CAAC;SACrB;QAED,IAAI,oBAAoB,EAAE;YACxB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC3D,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,yBAAyB;SAC/E;QAED,IAAI,gBAAgB,EAAE;YACpB,gCAAgC,GAAG,KAAK,CAAC,CAAC,yDAAyD;SACpG;IACH,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,kBAAkB,EAAE,GAAG,EAAE,CACvB,CAAC,gCAAgC;YACjC,CAAC,CAAC,mBAAmB,IAAI,YAAY,CAAC;QACxC,gBAAgB,EAAE,GAAG,EAAE,CAAC,gBAAgB;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,8BAA8B,GAAG,CACrC,WAAmB,EACnB,OAA4B,EAC5B,EAAE;IACF,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;QACxB,IAAI,OAAO,CAAC,KAAK,EAAE;YACjB,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;SACd;aAAM;YACL,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;gBACnD,oEAAoE;gBACpE,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;iBAAM,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBAChE,8DAA8D;gBAC9D,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;aACd;SACF;KACF;AACH,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,UAAsC,EACtC,OAAe,EACf,IAAc,EACd,KAAwC,EACxC,EAAE,CACF,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE;IACnB,GAAG,kCACE,OAAO,CAAC,GAAG,GACX,UAAU,CACd;IACD,KAAK;IACL,KAAK,EAAE,KAAK;CACb,CAAC,CAAC;AAeL,SAAe,YAAY,CACzB,OAA4B;;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,QAAQ,GAAG,mBAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEjD,IAAI,OAAO,CAAC,KAAK,EAAE;gBACjB,MAAM,MAAM,GAAG,OAAO,CAAC,0BAA0B;oBAC/C,CAAC,CAAC,aAAa;oBACf,CAAC,CAAC,QAAQ,CAAC;gBACb,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CACrE,CAAC,CACF,CAAC;gBACF,IAAA,cAAM,EACJ,oCAAoC,MAAM,oCAAoC,gBAAgB,WAAW,CAC1G,CAAC;aACH;YAED,MAAM,KAAK,GAAG,iBAAiB,CAC7B,OAAO,CAAC,UAAU,EAClB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,KAAK,CACd,CAAC;YAEF,mIAAmI;YACnI,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,sBAAsB,CACrE,QAAQ,CAAC,2BAA2B,EACpC,QAAQ,CAAC,yBAAyB,EAClC,QAAQ,CAAC,oBAAoB,EAC7B,KAAK,EACL,OAAO,CACR,CAAC;YAEF,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;;gBAC7C,YAAY,CAAC,KAAK,EAAE,CAAC;gBACrB,uEAAuE;gBACvE,sDAAsD;gBACtD,IAAI,CAAC,kBAAkB,EAAE,EAAE;oBACzB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;wBAChC,MAAM,CACJ,oCAAoC,QAAQ,CAAC,YAAY,yDAAyD,CACnH,CAAC;wBACF,OAAO;qBACR;oBAED,IAAA,YAAK,EAAC,cAAc,CAAC;yBAClB,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;yBACjC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;yBAC7B,KAAK,CAAC,MAAM,CAAC,CAAC;oBACjB,OAAO;iBACR;qBAAM,IAAI,gBAAgB,EAAE,EAAE;oBAC7B,MAAM,CACJ,MAAA,QAAQ,CAAC,oBAAoB,mCAC3B,wBAAwB,QAAQ,CAAC,YAAY,aAAa,CAC7D,CAAC;oBACF,OAAO;iBACR;gBAED,MAAA,OAAO,CAAC,eAAe,0CAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO,CAAC,0BAA0B;oBAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;gBAC1E,IAAI,OAAO,CAAC,0BAA0B,IAAI,kBAAkB,EAAE,EAAE;oBAC9D,2FAA2F;oBAC3F,OAAO,CAAC,CAAC,CAAC,CAAC;oBACX,OAAO;iBACR;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,aAAa,GAAG,CACpB,IAAgB,EAChB,IAAiB,EACjB,SAAyC,EACzC,YAAsB,EACtB,EAAE;;IACF,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAE7C,MAAM,mBAAmB,GAAG,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,UAAU,mCAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,IAAI,CAAC;IAE7B,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;IAEvE,IAAI,QAAQ,IAAI,IAAI,EAAE;QACpB,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,IAAI,EAAE;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,GAAG,YAAY;gBACf,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,WAAW;aACjB;SACF,CAAC;KACH;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,IAAI,EAAE;YACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,YAAY;YACf,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,EAAE,EAAE;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CACnB,CAAC,QAAQ,EAAE,EAAE;YACX,yGAAyG;YACzG,mGAAmG;YACnG,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAC/C;SACF;KACF,CAAC;AACJ,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,aAAa,GAAG,CACpB,IAAiB,EACjB,uBAAiC,EACjC,SAAyC,EACzC,EAAE;;IACF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAC9C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;;QACX,OAAA,CAAC,GAAG,KAAK,IAAI,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAC,CAAA;KAAA,CACpE,CAAC;IAEF,MAAM,0BAA0B,GAAG,UAAU,CAAC,IAAI,CAChD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,gBAAgB,CAAC,CAAA,CAAA,EAAA,CACpE,CAAC;IAEF,0FAA0F;IAC1F,iDAAiD;IACjD,IAAI,CAAC,wBAAwB,EAAE;QAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,YAAY,mCAAI,uBAAgB,CAAC,CAAC;QAEnE,6DAA6D;QAC7D,IAAI,CAAC,0BAA0B,EAAE;YAC/B,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;SAC7C;KACF;IAED,MAAM,yBAAyB,GAAG,UAAU,CAAC,IAAI,CAC/C,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,cAAc,CAAC,CAAA,CAAA,EAAA,CAClE,CAAC;IAEF,IAAI,CAAC,yBAAyB,IAAI,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE;QACpE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;KAC5E;IAED,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,mBAAmB,EAAE;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,IAAiB,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAE1D,+DAA+D;IAC/D,iCAAiC;IACjC,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;KAChD;IAED,MAAM,+BAA+B,GAAG,UAAU,CAAC,IAAI,CACrD,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,WACX,OAAA,GAAG,KAAK,IAAI,KAAI,MAAA,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,0CAAE,UAAU,CAAC,qBAAqB,CAAC,CAAA,CAAA,EAAA,CACzE,CAAC;IAEF,IAAI,CAAC,+BAA+B,EAAE;QACpC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAC;KAClD;IAED,MAAM,qBAAqB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;IACrE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACvB;AACH,CAAC,CAAC;AAEF,uJAAuJ;AACvJ,MAAM,iBAAiB,GAAG,CAAC,IAAc,EAAE,EAAE;IAC3C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,8DAA8D;QAC9D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;YACnC,MAAM,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,2HAA2H;YACpK,OAAO,GAAG,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;SACvC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,+HAA+H;AAC/H,MAAM,gCAAgC,GAAG,CAGvC,WAAc,EACd,OAAmB,EACnB,OAAoB,EACpB,YAAsB,EACtB,UAEa,EACb,SAAyC,EACzC,OAAe,EACf,EAAE;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAEtE,kGAAkG;IAClG,wDAAwD;IACxD,IAAI,WAAW,EAAE;QACf,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,aAAa,CACrC,OAAO,EACP,WAAW,EACX,SAAS,EACT,YAAY,CACb,CAAC;QACF,8EAA8E;QAC9E,OAAO,YAAY,CAAC;YAClB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI;YACJ,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;YAChB,0BAA0B,EAAE,IAAI;SACjC,CAAC,CAAC;KACJ;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAO,IAM9B,EAAE,EAAE;;IACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,8FAA8F,CAAC;KACtG;IAED,MAAM,UAAU,GACd,MAAM,WAAW,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEvD,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,MAAM,CAAA,MAAA,WAAW,CAAC,KAAK,4DAAG,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA,CAAC;IAEhE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,aAAa,CAClD,OAAO,EACP,OAAO,EACP,SAAS,EACT,YAAY,CACb,CAAC;IAEF,IAAI,KAAK,EAAE;QACT,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACpE,IAAI,aAAa,EAAE;YACjB,MAAM,KAAK,GAAG;gBACZ,GAAG,aAAa;gBAChB,GAAG,OAAO,IAAI,iBAAiB,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,IAAA,cAAM,EACJ,gGAAgG,KAAK,2BAA2B,CACjI,CAAC;SACH;KACF;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC;IAE9D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,gCAAgC,CACrD,WAAW,EACX,OAAO,EACP,OAAO,EACP,YAAY,EACZ,UAAU,EACV,SAAS,EACT,OAAO,CACR,CAAC;QACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,CAAC,EAAE;YAC9B,OAAO,QAAQ,CAAC,CAAC,mDAAmD;SACrE;QAED,OAAO,MAAM,YAAY,CAAC;YACxB,UAAU;YACV,eAAe,EAAE,IAAI,eAAe,EAAE;YACtC,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;YACrC,KAAK;YACL,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAC;KACJ;YAAS;QACR,MAAM,CAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,EAAE,CAAA,CAAC;KAC7B;AACH,CAAC,CAAA,CAAC;AAtEW,QAAA,QAAQ,YAsEnB"}
|
package/dist/types/ssh.d.ts
CHANGED
|
@@ -8,7 +8,7 @@ This file is part of @p0security/cli
|
|
|
8
8
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
|
-
import { CommandArgs } from "../commands/shared/ssh";
|
|
11
|
+
import { CommandArgs, SshAdditionalSetup } from "../commands/shared/ssh";
|
|
12
12
|
import { AwsSsh, AwsSshPermissionSpec, AwsSshRequest } from "../plugins/aws/types";
|
|
13
13
|
import { AzureSsh, AzureSshPermissionSpec, AzureSshRequest } from "../plugins/azure/types";
|
|
14
14
|
import { GcpSsh, GcpSshPermissionSpec, GcpSshRequest } from "../plugins/google/types";
|
|
@@ -21,11 +21,19 @@ export type CliPermissionSpec<P extends PluginSshRequest, C extends object | und
|
|
|
21
21
|
};
|
|
22
22
|
export declare const SupportedSshProviders: readonly ["aws", "azure", "gcloud"];
|
|
23
23
|
export type SupportedSshProvider = (typeof SupportedSshProviders)[number];
|
|
24
|
+
export type AccessPattern = {
|
|
25
|
+
/** If the error matches this string, indicates that access is not provisioned */
|
|
26
|
+
readonly pattern: RegExp;
|
|
27
|
+
/** Maximum amount of time to wait for provisioning after encountering this error */
|
|
28
|
+
readonly validationWindowMs?: number;
|
|
29
|
+
};
|
|
24
30
|
export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extends object | undefined = undefined, SR extends SshRequest = SshRequest, C extends object | undefined = undefined> = {
|
|
25
31
|
/** Logs in the user to the cloud provider */
|
|
26
32
|
cloudProviderLogin: (authn: Authn, request: SR) => Promise<C>;
|
|
27
33
|
/** Callback to ensure that this provider's CLI utils are installed */
|
|
28
34
|
ensureInstall: () => Promise<void>;
|
|
35
|
+
/** Validate the SSH key if necessary; throw an exception if the key is invalid */
|
|
36
|
+
validateSshKey?: (request: Request<PR>, publicKey: string) => boolean;
|
|
29
37
|
/** A human-readable name for this CSP */
|
|
30
38
|
friendlyName: string;
|
|
31
39
|
/** Friendly message to ask the user to log in to the CSP */
|
|
@@ -42,20 +50,25 @@ export type SshProvider<PR extends PluginSshRequest = PluginSshRequest, O extend
|
|
|
42
50
|
* the actual ssh/scp command.
|
|
43
51
|
*/
|
|
44
52
|
preTestAccessPropagationArgs: (cmdArgs: CommandArgs) => CommandArgs | undefined;
|
|
53
|
+
/** Perform any setup required before running the SSH command. Returns a list of additional arguments to pass to the
|
|
54
|
+
* SSH command. */
|
|
55
|
+
setup?: (request: SR, options?: {
|
|
56
|
+
debug?: boolean;
|
|
57
|
+
}) => Promise<SshAdditionalSetup>;
|
|
45
58
|
/** Returns the command and its arguments that are going to be injected as the ssh ProxyCommand option */
|
|
46
59
|
proxyCommand: (request: SR) => string[];
|
|
47
60
|
/** Each element in the returned array is a command that can be run to reproduce the
|
|
48
61
|
* steps of logging in the user to the ssh session. */
|
|
49
|
-
reproCommands: (request: SR) => string[] | undefined;
|
|
62
|
+
reproCommands: (request: SR, additionalData?: SshAdditionalSetup) => string[] | undefined;
|
|
50
63
|
/** Unwraps this provider's types */
|
|
51
64
|
requestToSsh: (request: CliPermissionSpec<PR, O>) => SR;
|
|
52
|
-
/** Regex matches for error strings indicating that the provider has not yet fully provisioned node
|
|
53
|
-
unprovisionedAccessPatterns: readonly
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
65
|
+
/** Regex matches for error strings indicating that the provider has not yet fully provisioned node access */
|
|
66
|
+
unprovisionedAccessPatterns: readonly AccessPattern[];
|
|
67
|
+
/** Regex matches for error strings indicating that the provider is ready for node access.
|
|
68
|
+
* Used to override error codes during access propagation testing.
|
|
69
|
+
*/
|
|
70
|
+
provisionedAccessPatterns?: readonly AccessPattern[];
|
|
71
|
+
/** Regex matches for error strings indicating that the provider has fully provisioned */
|
|
59
72
|
/** Converts a backend request to a CLI request */
|
|
60
73
|
toCliRequest: (request: Request<PR>, options?: {
|
|
61
74
|
debug?: boolean;
|