@p0security/cli 0.13.2 → 0.13.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/drivers/config.d.ts +5 -3
- package/dist/drivers/config.js +27 -25
- package/dist/drivers/config.js.map +1 -1
- package/dist/drivers/env.d.ts +1 -1
- package/dist/drivers/env.js +7 -1
- package/dist/drivers/env.js.map +1 -1
- package/dist/plugins/azure/auth.d.ts +5 -1
- package/dist/plugins/azure/auth.js +28 -4
- package/dist/plugins/azure/auth.js.map +1 -1
- package/dist/plugins/azure/ssh.js +6 -2
- package/dist/plugins/azure/ssh.js.map +1 -1
- package/dist/plugins/azure/types.d.ts +4 -1
- package/dist/plugins/google/login.js +3 -3
- package/dist/plugins/google/login.js.map +1 -1
- package/dist/types/org.d.ts +19 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -16,7 +16,7 @@ Supports creating access requests for cloud resources, assuming AWS roles, and c
|
|
|
16
16
|
- [Quickstart](#quickstart)
|
|
17
17
|
- [Installation](#installation)
|
|
18
18
|
- [Configuration](#configuration)
|
|
19
|
-
- [Command Reference](#
|
|
19
|
+
- [Command Reference](#cli-reference)
|
|
20
20
|
- [Example Usage](#example-usage)
|
|
21
21
|
- [Support](#support)
|
|
22
22
|
- [Contributing](#contributing)
|
package/dist/drivers/config.d.ts
CHANGED
|
@@ -10,6 +10,8 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
10
10
|
**/
|
|
11
11
|
import { Config } from "../types/org";
|
|
12
12
|
export declare const CONFIG_FILE_PATH: string;
|
|
13
|
-
export declare
|
|
14
|
-
|
|
15
|
-
export declare
|
|
13
|
+
export declare const getTenantConfig: () => Config;
|
|
14
|
+
/** Use only if the organization is configured with Google login to P0 */
|
|
15
|
+
export declare const getGoogleTenantConfig: () => import("../types/org").GoogleApplicationConfig;
|
|
16
|
+
export declare const saveConfig: (orgId: string) => Promise<void>;
|
|
17
|
+
export declare const loadConfig: () => Promise<Config>;
|
package/dist/drivers/config.js
CHANGED
|
@@ -12,7 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
12
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.loadConfig = exports.saveConfig = exports.getTenantConfig = exports.CONFIG_FILE_PATH = void 0;
|
|
15
|
+
exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getTenantConfig = exports.CONFIG_FILE_PATH = void 0;
|
|
16
16
|
const util_1 = require("../util");
|
|
17
17
|
const env_1 = require("./env");
|
|
18
18
|
const firestore_1 = require("./firestore");
|
|
@@ -22,32 +22,34 @@ const promises_1 = __importDefault(require("fs/promises"));
|
|
|
22
22
|
const path_1 = __importDefault(require("path"));
|
|
23
23
|
exports.CONFIG_FILE_PATH = path_1.default.join(util_1.P0_PATH, "config.json");
|
|
24
24
|
let tenantConfig;
|
|
25
|
-
|
|
26
|
-
return tenantConfig;
|
|
27
|
-
}
|
|
25
|
+
const getTenantConfig = () => tenantConfig;
|
|
28
26
|
exports.getTenantConfig = getTenantConfig;
|
|
29
|
-
|
|
27
|
+
/** Use only if the organization is configured with Google login to P0 */
|
|
28
|
+
const getGoogleTenantConfig = () => {
|
|
29
|
+
if ("google" in tenantConfig) {
|
|
30
|
+
return tenantConfig;
|
|
31
|
+
}
|
|
32
|
+
throw "Login failed!\nThis organization is configured to use Google login but the required OAuth client parameters are missing.\nPlease contact support@p0.dev to properly configure your organization login.";
|
|
33
|
+
};
|
|
34
|
+
exports.getGoogleTenantConfig = getGoogleTenantConfig;
|
|
35
|
+
const saveConfig = (orgId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
30
36
|
var _a;
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
});
|
|
43
|
-
}
|
|
37
|
+
const orgDoc = yield (0, firestore_2.getDoc)((0, firestore_1.bootstrapDoc)(`orgs/${orgId}`));
|
|
38
|
+
const orgData = orgDoc.data();
|
|
39
|
+
if (!orgData)
|
|
40
|
+
throw "Could not find organization";
|
|
41
|
+
const config = (_a = orgData.config) !== null && _a !== void 0 ? _a : env_1.bootstrapConfig;
|
|
42
|
+
(0, stdio_1.print2)(`Saving config to ${exports.CONFIG_FILE_PATH}.`);
|
|
43
|
+
const dir = path_1.default.dirname(exports.CONFIG_FILE_PATH);
|
|
44
|
+
yield promises_1.default.mkdir(dir, { recursive: true });
|
|
45
|
+
yield promises_1.default.writeFile(exports.CONFIG_FILE_PATH, JSON.stringify(config), { mode: "600" });
|
|
46
|
+
tenantConfig = config;
|
|
47
|
+
});
|
|
44
48
|
exports.saveConfig = saveConfig;
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
});
|
|
51
|
-
}
|
|
49
|
+
const loadConfig = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
50
|
+
const buffer = yield promises_1.default.readFile(exports.CONFIG_FILE_PATH);
|
|
51
|
+
tenantConfig = JSON.parse(buffer.toString());
|
|
52
|
+
return tenantConfig;
|
|
53
|
+
});
|
|
52
54
|
exports.loadConfig = loadConfig;
|
|
53
55
|
//# sourceMappingURL=config.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AAEX,QAAA,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAElE,IAAI,YAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AAEX,QAAA,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAElE,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAElD,yEAAyE;AAClE,MAAM,qBAAqB,GAAG,GAAG,EAAE;IACxC,IAAI,QAAQ,IAAI,YAAY,EAAE;QAC5B,OAAO,YAAY,CAAC;KACrB;IACD,MAAM,wMAAwM,CAAC;AACjN,CAAC,CAAC;AALW,QAAA,qBAAqB,yBAKhC;AAEK,MAAM,UAAU,GAAG,CAAO,KAAa,EAAE,EAAE;;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EACzB,IAAA,wBAAY,EAAC,QAAQ,KAAK,EAAE,CAAC,CAC9B,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,qBAAe,CAAC;IAEjD,IAAA,cAAM,EAAC,oBAAoB,wBAAgB,GAAG,CAAC,CAAC;IAEhD,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,wBAAgB,CAAC,CAAC;IAC3C,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,wBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE9E,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC,CAAA,CAAC;AAjBW,QAAA,UAAU,cAiBrB;AAEK,MAAM,UAAU,GAAG,GAAS,EAAE;IACnC,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,wBAAgB,CAAC,CAAC;IACnD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAJW,QAAA,UAAU,cAIrB"}
|
package/dist/drivers/env.d.ts
CHANGED
package/dist/drivers/env.js
CHANGED
|
@@ -32,7 +32,13 @@ exports.bootstrapConfig = {
|
|
|
32
32
|
clientId: (_g = env.P0_GOOGLE_OIDC_CLIENT_ID) !== null && _g !== void 0 ? _g : "228132571547-kilcq1er15hlbl6mitghttnacp7u58l8.apps.googleusercontent.com",
|
|
33
33
|
// Despite the name, this is not actually "secret" in any sense of the word.
|
|
34
34
|
// Instead, the client is protected by requiring PKCE and defining the redirect URIs.
|
|
35
|
-
|
|
35
|
+
// PKCE achieves similar security guarantees for public clients with an on-the-fly
|
|
36
|
+
// generated secret (the code verifier) as the static secret does for confidential clients.
|
|
37
|
+
// See also: https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce
|
|
38
|
+
// In the PKCE flow the client secret is an optional parameter, however, Google's
|
|
39
|
+
// implementation requires it. That's why the "secret" is present here.
|
|
40
|
+
// This "secret" is only used if the organization uses Google Workspace to log in to P0.
|
|
41
|
+
publicClientSecretForPkce: (_h = env.P0_GOOGLE_OIDC_CLIENT_SECRET) !== null && _h !== void 0 ? _h : "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",
|
|
36
42
|
},
|
|
37
43
|
appUrl: (_j = env.P0_APP_URL) !== null && _j !== void 0 ? _j : "https://api.p0.app",
|
|
38
44
|
environment: (_k = env.P0_ENV) !== null && _k !== void 0 ? _k : "production",
|
package/dist/drivers/env.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,
|
|
1
|
+
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
|
|
@@ -10,6 +10,10 @@ export declare const azAccountSetCommand: (subscriptionId: string) => {
|
|
|
10
10
|
command: string;
|
|
11
11
|
args: string[];
|
|
12
12
|
};
|
|
13
|
+
export declare const azAccountShowUserPrincipalName: () => {
|
|
14
|
+
command: string;
|
|
15
|
+
args: string[];
|
|
16
|
+
};
|
|
13
17
|
export declare const azLogin: (subscriptionId: string, options?: {
|
|
14
18
|
debug?: boolean;
|
|
15
|
-
}) => Promise<
|
|
19
|
+
}) => Promise<string>;
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.azLogin = exports.azAccountSetCommand = exports.azLogoutCommand = exports.azLoginCommand = void 0;
|
|
12
|
+
exports.azLogin = exports.azAccountShowUserPrincipalName = exports.azAccountSetCommand = exports.azLogoutCommand = exports.azLoginCommand = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -34,7 +34,10 @@ const knownAccountSetErrors = [
|
|
|
34
34
|
message: "Failed to set the active Azure subscription. Please try again.",
|
|
35
35
|
},
|
|
36
36
|
];
|
|
37
|
-
const normalizeAzureCliError = (error, normalizedErrors) => {
|
|
37
|
+
const normalizeAzureCliError = (error, normalizedErrors, options) => {
|
|
38
|
+
if (options.debug) {
|
|
39
|
+
(0, stdio_1.print2)(error);
|
|
40
|
+
}
|
|
38
41
|
for (const { pattern, message } of normalizedErrors) {
|
|
39
42
|
if (pattern.test(error.stderr)) {
|
|
40
43
|
throw message;
|
|
@@ -57,6 +60,11 @@ const azAccountSetCommand = (subscriptionId) => ({
|
|
|
57
60
|
args: ["account", "set", "--subscription", subscriptionId],
|
|
58
61
|
});
|
|
59
62
|
exports.azAccountSetCommand = azAccountSetCommand;
|
|
63
|
+
const azAccountShowUserPrincipalName = () => ({
|
|
64
|
+
command: "az",
|
|
65
|
+
args: ["account", "show", "--query", "user.name", "-o", "tsv"],
|
|
66
|
+
});
|
|
67
|
+
exports.azAccountShowUserPrincipalName = azAccountShowUserPrincipalName;
|
|
60
68
|
const performLogout = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
61
69
|
try {
|
|
62
70
|
const { command: azLogoutExe, args: azLogoutArgs } = (0, exports.azLogoutCommand)();
|
|
@@ -84,7 +92,7 @@ const performLogin = (subscriptionId, { debug }) => __awaiter(void 0, void 0, vo
|
|
|
84
92
|
}
|
|
85
93
|
}
|
|
86
94
|
catch (error) {
|
|
87
|
-
throw normalizeAzureCliError(error, knownLoginErrors);
|
|
95
|
+
throw normalizeAzureCliError(error, knownLoginErrors, { debug });
|
|
88
96
|
}
|
|
89
97
|
});
|
|
90
98
|
const performSetAccount = (subscriptionId, { debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -99,7 +107,22 @@ const performSetAccount = (subscriptionId, { debug }) => __awaiter(void 0, void
|
|
|
99
107
|
}
|
|
100
108
|
}
|
|
101
109
|
catch (error) {
|
|
102
|
-
throw normalizeAzureCliError(error, knownAccountSetErrors);
|
|
110
|
+
throw normalizeAzureCliError(error, knownAccountSetErrors, { debug });
|
|
111
|
+
}
|
|
112
|
+
});
|
|
113
|
+
const getUserPrincipalName = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
114
|
+
try {
|
|
115
|
+
const { command, args } = (0, exports.azAccountShowUserPrincipalName)();
|
|
116
|
+
const accountShowResult = yield (0, util_1.exec)(command, args, { check: true });
|
|
117
|
+
if (debug) {
|
|
118
|
+
(0, stdio_1.print2)(`Found account information...`);
|
|
119
|
+
(0, stdio_1.print2)(accountShowResult.stdout);
|
|
120
|
+
(0, stdio_1.print2)(accountShowResult.stderr);
|
|
121
|
+
}
|
|
122
|
+
return accountShowResult.stdout.trim();
|
|
123
|
+
}
|
|
124
|
+
catch (error) {
|
|
125
|
+
throw `Failed to get the current user name: ${error}.`;
|
|
103
126
|
}
|
|
104
127
|
});
|
|
105
128
|
const azLogin = (subscriptionId, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -111,6 +134,7 @@ const azLogin = (subscriptionId, options = {}) => __awaiter(void 0, void 0, void
|
|
|
111
134
|
yield performLogout(options);
|
|
112
135
|
yield performLogin(subscriptionId, options);
|
|
113
136
|
yield performSetAccount(subscriptionId, options);
|
|
137
|
+
return yield getUserPrincipalName(options);
|
|
114
138
|
});
|
|
115
139
|
exports.azLogin = azLogin;
|
|
116
140
|
//# sourceMappingURL=auth.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAGlC,MAAM,gBAAgB,GAAiB;IACrC;QACE,OAAO,EACL,6FAA6F;QAC/F,OAAO,EAAE,gDAAgD;KAC1D;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAiB;IAC1C;QACE,OAAO,EAAE,+DAA+D;QACxE,OAAO,EAAE,gEAAgE;KAC1E;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAGlC,MAAM,gBAAgB,GAAiB;IACrC;QACE,OAAO,EACL,6FAA6F;QAC/F,OAAO,EAAE,gDAAgD;KAC1D;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAiB;IAC1C;QACE,OAAO,EAAE,+DAA+D;QACxE,OAAO,EAAE,gEAAgE;KAC1E;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAC7B,KAAU,EACV,gBAA8B,EAC9B,OAA4B,EAC5B,EAAE;IACF,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;KACf;IACD,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE;QACnD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YAC9B,MAAM,OAAO,CAAC;SACf;KACF;IACD,MAAM,KAAK,CAAC;AACd,CAAC,CAAC;AAEK,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,CAAC;IACnC,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,OAAO,CAAC;CAChB,CAAC,CAAC;AAHU,QAAA,cAAc,kBAGxB;AAEI,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,QAAQ,CAAC;CACjB,CAAC,CAAC;AAHU,QAAA,eAAe,mBAGzB;AAEI,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAAC,CAAC;IAC9D,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC;CAC3D,CAAC,CAAC;AAHU,QAAA,mBAAmB,uBAG7B;AAEI,MAAM,8BAA8B,GAAG,GAAG,EAAE,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC;CAC/D,CAAC,CAAC;AAHU,QAAA,8BAA8B,kCAGxC;AAEH,MAAM,aAAa,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IAC7D,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,uBAAe,GAAE,CAAC;QACvE,MAAM,YAAY,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC5B,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;SAC7B;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,iDAAiD;YACjD,IAAA,cAAM,EAAC,oBAAoB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;SAC5C;KACF;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,YAAY,GAAG,CACnB,cAAsB,EACtB,EAAE,KAAK,EAAuB,EAC9B,EAAE;IACF,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,sBAAc,GAAE,CAAC;QACpE,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3B,IAAA,cAAM,EAAC,wCAAwC,cAAc,KAAK,CAAC,CAAC;SACrE;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,MAAM,sBAAsB,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;KAClE;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,cAAsB,EACtB,EAAE,KAAK,EAAuB,EAC9B,EAAE;IACF,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,cAAc,CAAC,CAAC;QACtC,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;YACrE,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;SACjC;KACF;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,sBAAsB,CAAC,KAAK,EAAE,qBAAqB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;KACvE;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACpE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,sCAA8B,GAAE,CAAC;QAC3D,MAAM,iBAAiB,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;SAClC;QACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACxC;IAAC,OAAO,KAAU,EAAE;QACnB,MAAM,wCAAwC,KAAK,GAAG,CAAC;KACxD;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,OAAO,GAAG,CACrB,cAAsB,EACtB,UAA+B,EAAE,EACjC,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAC1B,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;IAE5C,qEAAqE;IACrE,kDAAkD;IAClD,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAE5C,MAAM,iBAAiB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAEjD,OAAO,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC,CAAA,CAAC;AAhBW,QAAA,OAAO,WAgBlB"}
|
|
@@ -111,7 +111,10 @@ exports.azureSshProvider = {
|
|
|
111
111
|
// The subscription ID here is used to ensure that the user is logged in to the correct tenant/directory.
|
|
112
112
|
// As long as a subscription ID in the correct tenant is provided, this will work; it need not be the same
|
|
113
113
|
// subscription as which contains the Bastion host or the target VM.
|
|
114
|
-
yield (0, auth_1.azLogin)(request.subscriptionId, { debug }); // Always re-login to Azure CLI
|
|
114
|
+
const linuxUserName = yield (0, auth_1.azLogin)(request.subscriptionId, { debug }); // Always re-login to Azure CLI
|
|
115
|
+
if (linuxUserName !== request.linuxUserName) {
|
|
116
|
+
throw `Azure CLI login returned a different user name than expected. Expected: ${request.linuxUserName}, Actual: ${linuxUserName}`;
|
|
117
|
+
}
|
|
115
118
|
const { path: keyPath, cleanup: sshKeyPathCleanup } = yield (0, keygen_1.createTempDirectoryForKeys)();
|
|
116
119
|
const wrappedCreateCertAndTunnel = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
117
120
|
try {
|
|
@@ -151,8 +154,9 @@ exports.azureSshProvider = {
|
|
|
151
154
|
unprovisionedAccessPatterns,
|
|
152
155
|
provisionedAccessPatterns,
|
|
153
156
|
toCliRequest: (request) => __awaiter(void 0, void 0, void 0, function* () {
|
|
157
|
+
var _a;
|
|
154
158
|
return Object.assign(Object.assign({}, request), { cliLocalData: {
|
|
155
|
-
linuxUserName: request.principal,
|
|
159
|
+
linuxUserName: (_a = request.generated.linuxUserName) !== null && _a !== void 0 ? _a : request.principal,
|
|
156
160
|
} });
|
|
157
161
|
}),
|
|
158
162
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,iCAKgB;AAChB,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,MAAM,2BAA2B,GAAG;IAClC;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;CACO,CAAC;AAEX,MAAM,yBAAyB,GAAG;IAChC;QACE,OAAO,EAAE,8BAA8B;KACxC;CACO,CAAC;AAEX,qFAAqF;AACrF,kFAAkF;AAClF,iFAAiF;AACjF,kFAAkF;AAClF,yDAAyD;AACzD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,mEAAmE;gBACnE,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,KAAK,CAAC,IAClB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qEAAqE;IACrE,YAAY,EAAE,GAAG,EAAE,CAAC,EAAE;IAEtB,aAAa,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE;;QACzC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,sBAAe,GAAE,CAAC;QACvE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,qBAAc,GAAE,CAAC;QACpE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,0BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,wGAAwG;YACxG,gHAAgH;YAChH,+GAA+G;YAC/G,aAAa;YACb,IAAI,cAAc,EAAE;gBAClB,OAAO,mBAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;aAClD;iBAAM;gBACL,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;gBACnE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;aACpD;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,GAClD,IAAA,yBAAgB,EAAC,OAAO,CAAC,CAAC;QAE5B,iHAAiH;QACjH,6CAA6C;QAC7C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,+BAAsB,EACzE,OAAO,EACP,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,mCAAI,OAAO,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,8EAA8E;SAC/F,CAAC;QAEF,OAAO;YACL,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC1C,GAAG,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACxC,GAAG,eAAe,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAClD,SAAS,OAAO,EAAE;YAClB,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC5C,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,EAAE,CAAO,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,EAAE;QACrC,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAE1B,yGAAyG;QACzG,0GAA0G;QAC1G,oEAAoE;QACpE,MAAM,IAAA,cAAO,EAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,+BAA+B;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,iCAKgB;AAChB,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,MAAM,2BAA2B,GAAG;IAClC;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;CACO,CAAC;AAEX,MAAM,yBAAyB,GAAG;IAChC;QACE,OAAO,EAAE,8BAA8B;KACxC;CACO,CAAC;AAEX,qFAAqF;AACrF,kFAAkF;AAClF,iFAAiF;AACjF,kFAAkF;AAClF,yDAAyD;AACzD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,mEAAmE;gBACnE,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,KAAK,CAAC,IAClB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qEAAqE;IACrE,YAAY,EAAE,GAAG,EAAE,CAAC,EAAE;IAEtB,aAAa,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE;;QACzC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,sBAAe,GAAE,CAAC;QACvE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,qBAAc,GAAE,CAAC;QACpE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,0BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,wGAAwG;YACxG,gHAAgH;YAChH,+GAA+G;YAC/G,aAAa;YACb,IAAI,cAAc,EAAE;gBAClB,OAAO,mBAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;aAClD;iBAAM;gBACL,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;gBACnE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;aACpD;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,GAClD,IAAA,yBAAgB,EAAC,OAAO,CAAC,CAAC;QAE5B,iHAAiH;QACjH,6CAA6C;QAC7C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,+BAAsB,EACzE,OAAO,EACP,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,mCAAI,OAAO,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,8EAA8E;SAC/F,CAAC;QAEF,OAAO;YACL,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC1C,GAAG,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACxC,GAAG,eAAe,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAClD,SAAS,OAAO,EAAE;YAClB,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC5C,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,KAAK,EAAE,CAAO,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,EAAE;QACrC,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAE1B,yGAAyG;QACzG,0GAA0G;QAC1G,oEAAoE;QACpE,MAAM,aAAa,GAAG,MAAM,IAAA,cAAO,EAAC,OAAO,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,+BAA+B;QAEvG,IAAI,aAAa,KAAK,OAAO,CAAC,aAAa,EAAE;YAC3C,MAAM,2EAA2E,OAAO,CAAC,aAAa,aAAa,aAAa,EAAE,CAAC;SACpI;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,GACjD,MAAM,IAAA,mCAA0B,GAAE,CAAC;QAErC,MAAM,0BAA0B,GAAG,GAAS,EAAE;YAC5C,IAAI;gBACF,MAAM,IAAA,qCAA4B,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBACvD,OAAO,MAAM,IAAA,8BAAqB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;aACxD;YAAC,OAAO,KAAU,EAAE;gBACnB,MAAM,iBAAiB,EAAE,CAAC;gBAC1B,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAA,CAAC;QAEF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,0BAA0B,EAAE,CAAC;QAE3E,MAAM,iBAAiB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAAkB,CAAC,CAAC;QACjE,MAAM,qBAAqB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAgB,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,GAAS,EAAE;YAC1B,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAA,CAAC;QAEF,OAAO;YACL,UAAU,EAAE;gBACV,mBAAmB,qBAAqB,EAAE;gBAE1C,2GAA2G;gBAC3G,4GAA4G;gBAC5G,gHAAgH;gBAChH,6GAA6G;gBAC7G,+GAA+G;gBAC/G,2BAA2B;gBAC3B,0BAA0B;gBAC1B,8BAA8B;aAC/B;YACD,YAAY,EAAE,iBAAiB;YAC/B,IAAI,EAAE,eAAe;YACrB,QAAQ;SACT,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,+BACzB,IAAI,EAAE,OAAO,EACb,EAAE,EAAE,WAAW,IACZ,OAAO,CAAC,YAAY,KACvB,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAClD,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,EAC1D,qBAAqB,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAClE,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,aAAa,IAC3C;IAEF,2BAA2B;IAC3B,yBAAyB;IAEzB,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE;;QAC9B,uCACK,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAA,OAAO,CAAC,SAAS,CAAC,aAAa,mCAAI,OAAO,CAAC,SAAS;aACpE,IACD;IACJ,CAAC,CAAA;CACF,CAAC"}
|
|
@@ -15,7 +15,10 @@ export type KnownError = {
|
|
|
15
15
|
pattern: RegExp;
|
|
16
16
|
message: string;
|
|
17
17
|
};
|
|
18
|
-
export type
|
|
18
|
+
export type AzureSshGenerated = {
|
|
19
|
+
linuxUserName: string;
|
|
20
|
+
};
|
|
21
|
+
export type AzureSshPermissionSpec = PermissionSpec<"ssh", AzureSshPermission, AzureSshGenerated>;
|
|
19
22
|
export type AzureSsh = CliPermissionSpec<AzureSshPermissionSpec, AzureLocalData>;
|
|
20
23
|
export type AzureSshPermission = CommonSshPermissionSpec & {
|
|
21
24
|
provider: "azure";
|
|
@@ -35,7 +35,7 @@ const GOOGLE_OIDC_REDIRECT_PORT = 52700;
|
|
|
35
35
|
const GOOGLE_OIDC_REDIRECT_URL = `http://127.0.0.1:${GOOGLE_OIDC_REDIRECT_PORT}`;
|
|
36
36
|
const PKCE_LENGTH = 128;
|
|
37
37
|
const requestAuth = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
38
|
-
const tenantConfig = (0, config_1.
|
|
38
|
+
const tenantConfig = (0, config_1.getGoogleTenantConfig)();
|
|
39
39
|
const pkceChallenge = (yield import("pkce-challenge")).default;
|
|
40
40
|
const pkce = yield pkceChallenge(PKCE_LENGTH);
|
|
41
41
|
const authBody = {
|
|
@@ -55,10 +55,10 @@ ${url}`);
|
|
|
55
55
|
return pkce;
|
|
56
56
|
});
|
|
57
57
|
const requestToken = (code, pkce) => __awaiter(void 0, void 0, void 0, function* () {
|
|
58
|
-
const tenantConfig = (0, config_1.
|
|
58
|
+
const tenantConfig = (0, config_1.getGoogleTenantConfig)();
|
|
59
59
|
const body = {
|
|
60
60
|
client_id: tenantConfig.google.clientId,
|
|
61
|
-
client_secret: tenantConfig.google.
|
|
61
|
+
client_secret: tenantConfig.google.publicClientSecretForPkce,
|
|
62
62
|
code,
|
|
63
63
|
code_verifier: pkce.code_verifier,
|
|
64
64
|
grant_type: "authorization_code",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/google/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,qDAA8D;AAC9D,8CAAiE;AACjE,
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/plugins/google/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,qDAA8D;AAC9D,8CAAiE;AACjE,iDAA6D;AAC7D,+CAA6C;AAE7C,gDAAwB;AAOxB,MAAM,eAAe,GAAG,8CAA8C,CAAC;AACvE,MAAM,wBAAwB,GAAG,qCAAqC,CAAC;AACvE,MAAM,yBAAyB,GAAG,KAAK,CAAC;AACxC,MAAM,wBAAwB,GAAG,oBAAoB,yBAAyB,EAAE,CAAC;AACjF,MAAM,WAAW,GAAG,GAAG,CAAC;AAExB,MAAM,WAAW,GAAG,GAAS,EAAE;IAC7B,MAAM,YAAY,GAAG,IAAA,8BAAqB,GAAE,CAAC;IAC7C,MAAM,aAAa,GAAG,CAAC,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAc,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAqB;QACjC,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,QAAQ;QACvC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,qBAAqB,EAAE,MAAM;QAC7B,YAAY,EAAE,wBAAwB;QACtC,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,QAAQ;KAChB,CAAC;IACF,MAAM,GAAG,GAAG,GAAG,eAAe,IAAI,IAAA,iBAAS,EAAC,QAAQ,CAAC,EAAE,CAAC;IACxD,IAAA,cAAI,EAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACnB,IAAA,cAAM,EAAC;;EAET,GAAG,EAAE,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEF,MAAM,YAAY,GAAG,CACnB,IAAY,EACZ,IAAuD,EACvD,EAAE;IACF,MAAM,YAAY,GAAG,IAAA,8BAAqB,GAAE,CAAC;IAC7C,MAAM,IAAI,GAAG;QACX,SAAS,EAAE,YAAY,CAAC,MAAM,CAAC,QAAQ;QACvC,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,yBAAyB;QAC5D,IAAI;QACJ,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,UAAU,EAAE,oBAAoB;QAChC,YAAY,EAAE,wBAAwB;KACvC,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wBAAwB,EAAE;QACrD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC,IAAI,CAAC;KACtB,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC/C,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAkB,CAAC;AAC/C,CAAC,CAAA,CAAC;AAEK,MAAM,WAAW,GAAG,GAAS,EAAE;IACpC,OAAO,MAAM,IAAA,2BAAkB,EAC7B,GAAS,EAAE,kDAAC,OAAA,MAAM,WAAW,EAAE,CAAA,GAAA,EAC/B,CAAO,IAAI,EAAE,KAAK,EAAE,EAAE,kDAAC,OAAA,MAAM,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA,GAAA,EAC3D,EAAE,IAAI,EAAE,yBAAyB,EAAE,CACpC,CAAC;AACJ,CAAC,CAAA,CAAC;AANW,QAAA,WAAW,eAMtB"}
|
package/dist/types/org.d.ts
CHANGED
|
@@ -8,8 +8,25 @@ This file is part of @p0security/cli
|
|
|
8
8
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
type ApplicationConfig = {
|
|
12
|
+
fs: {
|
|
13
|
+
apiKey: string;
|
|
14
|
+
authDomain: string;
|
|
15
|
+
projectId: string;
|
|
16
|
+
storageBucket: string;
|
|
17
|
+
messagingSenderId: string;
|
|
18
|
+
appId: string;
|
|
19
|
+
};
|
|
20
|
+
appUrl: string;
|
|
21
|
+
environment: string;
|
|
22
|
+
};
|
|
23
|
+
export type GoogleApplicationConfig = ApplicationConfig & {
|
|
24
|
+
google: {
|
|
25
|
+
clientId: string;
|
|
26
|
+
publicClientSecretForPkce: string;
|
|
27
|
+
};
|
|
28
|
+
};
|
|
29
|
+
export type Config = ApplicationConfig | GoogleApplicationConfig;
|
|
13
30
|
type BaseOrgData = {
|
|
14
31
|
clientId: string;
|
|
15
32
|
providerId: string;
|