@p0security/cli 0.13.4 → 0.13.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/commands/index.js +4 -0
- package/dist/commands/index.js.map +1 -1
- package/dist/commands/login.js +11 -0
- package/dist/commands/login.js.map +1 -1
- package/dist/commands/shared/request.d.ts +1 -1
- package/dist/commands/shared/request.js +4 -4
- package/dist/commands/shared/request.js.map +1 -1
- package/dist/commands/shared/ssh.d.ts +13 -2
- package/dist/commands/shared/ssh.js +9 -6
- package/dist/commands/shared/ssh.js.map +1 -1
- package/dist/commands/ssh-proxy.d.ts +3 -0
- package/dist/commands/ssh-proxy.js +124 -0
- package/dist/commands/ssh-proxy.js.map +1 -0
- package/dist/commands/ssh-resolve.d.ts +3 -0
- package/dist/commands/ssh-resolve.js +118 -0
- package/dist/commands/ssh-resolve.js.map +1 -0
- package/dist/drivers/env.d.ts +1 -0
- package/dist/drivers/env.js +3 -2
- package/dist/drivers/env.js.map +1 -1
- package/dist/plugins/aws/ssh.d.ts +0 -10
- package/dist/plugins/aws/ssh.js +19 -3
- package/dist/plugins/aws/ssh.js.map +1 -1
- package/dist/plugins/azure/auth.d.ts +14 -3
- package/dist/plugins/azure/auth.js +72 -46
- package/dist/plugins/azure/auth.js.map +1 -1
- package/dist/plugins/azure/ssh.js +28 -12
- package/dist/plugins/azure/ssh.js.map +1 -1
- package/dist/plugins/azure/tunnel.d.ts +3 -4
- package/dist/plugins/azure/tunnel.js +16 -5
- package/dist/plugins/azure/tunnel.js.map +1 -1
- package/dist/plugins/azure/types.d.ts +2 -4
- package/dist/plugins/google/ssh.js +9 -2
- package/dist/plugins/google/ssh.js.map +1 -1
- package/dist/plugins/okta/aws.js +1 -1
- package/dist/plugins/okta/aws.js.map +1 -1
- package/dist/plugins/ssh/index.d.ts +17 -1
- package/dist/plugins/ssh/index.js +59 -11
- package/dist/plugins/ssh/index.js.map +1 -1
- package/dist/public/p0.jpg +0 -0
- package/dist/types/ssh.d.ts +16 -2
- package/dist/util.d.ts +1 -0
- package/dist/util.js +10 -1
- package/dist/util.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
package/dist/commands/index.js
CHANGED
|
@@ -26,6 +26,8 @@ const request_1 = require("./request");
|
|
|
26
26
|
const scp_1 = require("./scp");
|
|
27
27
|
const ssh_1 = require("./ssh");
|
|
28
28
|
const ssh_keygen_1 = require("./ssh-keygen");
|
|
29
|
+
const ssh_proxy_1 = require("./ssh-proxy");
|
|
30
|
+
const ssh_resolve_1 = require("./ssh-resolve");
|
|
29
31
|
const typescript_1 = require("typescript");
|
|
30
32
|
const yargs_1 = __importDefault(require("yargs"));
|
|
31
33
|
const helpers_1 = require("yargs/helpers");
|
|
@@ -37,6 +39,8 @@ const commands = [
|
|
|
37
39
|
request_1.requestCommand,
|
|
38
40
|
allow_1.allowCommand,
|
|
39
41
|
ssh_1.sshCommand,
|
|
42
|
+
ssh_proxy_1.sshProxyCommand,
|
|
43
|
+
ssh_resolve_1.sshResolveCommand,
|
|
40
44
|
scp_1.scpCommand,
|
|
41
45
|
ssh_keygen_1.sshKeyGenCommand,
|
|
42
46
|
kubeconfig_1.kubeconfigCommand,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;GASG;AACH,4CAA0C;AAC1C,oDAAsD;AACtD,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,6BAAiC;AACjC,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,6CAAgD;AAChD,2CAAiC;AACjC,kDAA0B;AAC1B,2CAAwC;AAExC,MAAM,QAAQ,GAAG;IACf,gBAAU;IACV,oBAAY;IACZ,oBAAY;IACZ,cAAS;IACT,wBAAc;IACd,oBAAY;IACZ,gBAAU;IACV,gBAAU;IACV,6BAAgB;IAChB,8BAAiB;CAClB,CAAC;AAEW,QAAA,GAAG,GAAG,QAAQ;KACxB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAA,eAAK,EAAC,IAAA,iBAAO,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;KACpD,UAAU,CAAC,sBAAY,CAAC;KACxB,MAAM,EAAE;KACR,aAAa,CAAC,CAAC,CAAC;KAChB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;IAC9B,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;KACf;SAAM;QACL,IAAA,cAAM,EAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrB,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;KACxB;IACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACd,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;GASG;AACH,4CAA0C;AAC1C,oDAAsD;AACtD,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,6BAAiC;AACjC,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,6CAAgD;AAChD,2CAA8C;AAC9C,+CAAkD;AAClD,2CAAiC;AACjC,kDAA0B;AAC1B,2CAAwC;AAExC,MAAM,QAAQ,GAAG;IACf,gBAAU;IACV,oBAAY;IACZ,oBAAY;IACZ,cAAS;IACT,wBAAc;IACd,oBAAY;IACZ,gBAAU;IACV,2BAAe;IACf,+BAAiB;IACjB,gBAAU;IACV,6BAAgB;IAChB,8BAAiB;CAClB,CAAC;AAEW,QAAA,GAAG,GAAG,QAAQ;KACxB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAA,eAAK,EAAC,IAAA,iBAAO,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;KACpD,UAAU,CAAC,sBAAY,CAAC;KACxB,MAAM,EAAE;KACR,aAAa,CAAC,CAAC,CAAC;KAChB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;IAC9B,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;KACf;SAAM;QACL,IAAA,cAAM,EAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrB,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;KACxB;IACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACd,CAAC,CAAC,CAAC"}
|
package/dist/commands/login.js
CHANGED
|
@@ -75,6 +75,7 @@ const login = (args, options) => __awaiter(void 0, void 0, void 0, function* ()
|
|
|
75
75
|
// validate auth
|
|
76
76
|
if (!(options === null || options === void 0 ? void 0 : options.skipAuthenticate)) {
|
|
77
77
|
yield (0, auth_1.authenticate)();
|
|
78
|
+
yield validateTenantAccess(orgData);
|
|
78
79
|
}
|
|
79
80
|
(0, stdio_1.print2)(`You are now logged in, and can use the p0 CLI.`);
|
|
80
81
|
});
|
|
@@ -107,4 +108,14 @@ const loginCommand = (yargs) => yargs.command("login <org>", "Log in to p0 using
|
|
|
107
108
|
describe: "Your P0 organization ID",
|
|
108
109
|
}), (0, firestore_1.fsShutdownGuard)(exports.login));
|
|
109
110
|
exports.loginCommand = loginCommand;
|
|
111
|
+
const validateTenantAccess = (org) => __awaiter(void 0, void 0, void 0, function* () {
|
|
112
|
+
try {
|
|
113
|
+
yield (0, firestore_3.getDoc)((0, firestore_2.doc)(`o/${org.tenantId}/auth/valid`));
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
catch (e) {
|
|
117
|
+
yield clearIdentityCache();
|
|
118
|
+
throw "Could not find organization, logging out.";
|
|
119
|
+
}
|
|
120
|
+
});
|
|
110
121
|
//# sourceMappingURL=login.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAIyB;AACzB,8CAA+C;AAC/C,oDAA2E;AAC3E,oDAA2C;AAC3C,4CAA0C;AAC1C,4CAAkD;AAGlD,kDAA4C;AAC5C,gDAAkC;AAClC,2CAA6B;AAG7B;;;;GAIG;AACI,MAAM,KAAK,GAAG,CACnB,IAAqB,EACrB,OAAwC,EACxC,EAAE;IACF,MAAM,IAAA,mBAAU,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,MAAM,IAAA,8BAAkB,GAAE,CAAC;IAE3B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EAAqB,IAAA,eAAG,EAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACzE,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,WAAW,mCAAiB,OAAO,KAAE,IAAI,EAAE,IAAI,CAAC,GAAG,GAAE,CAAC;IAE5D,MAAM,MAAM,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAC;IACxC,MAAM,OAAO,GAAG,sBAAc,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO;QAAE,MAAM,yCAAyC,CAAC;IAE9D,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,kBAAkB,EAAE,CAAC;IAC3B,MAAM,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAEhD,gBAAgB;IAChB,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,CAAA,EAAE;QAC9B,MAAM,IAAA,mBAAY,GAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAIyB;AACzB,8CAA+C;AAC/C,oDAA2E;AAC3E,oDAA2C;AAC3C,4CAA0C;AAC1C,4CAAkD;AAGlD,kDAA4C;AAC5C,gDAAkC;AAClC,2CAA6B;AAG7B;;;;GAIG;AACI,MAAM,KAAK,GAAG,CACnB,IAAqB,EACrB,OAAwC,EACxC,EAAE;IACF,MAAM,IAAA,mBAAU,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,MAAM,IAAA,8BAAkB,GAAE,CAAC;IAE3B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EAAqB,IAAA,eAAG,EAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACzE,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,WAAW,mCAAiB,OAAO,KAAE,IAAI,EAAE,IAAI,CAAC,GAAG,GAAE,CAAC;IAE5D,MAAM,MAAM,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAC;IACxC,MAAM,OAAO,GAAG,sBAAc,CAAC,MAAM,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO;QAAE,MAAM,yCAAyC,CAAC;IAE9D,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,kBAAkB,EAAE,CAAC;IAC3B,MAAM,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAEhD,gBAAgB;IAChB,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,CAAA,EAAE;QAC9B,MAAM,IAAA,mBAAY,GAAE,CAAC;QACrB,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;KACrC;IAED,IAAA,cAAM,EAAC,gDAAgD,CAAC,CAAC;AAC3D,CAAC,CAAA,CAAC;AA/BW,QAAA,KAAK,SA+BhB;AAEF,MAAM,aAAa,GAAG,CAAO,GAAY,EAAE,UAAyB,EAAE,EAAE;IACtE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,6BAA6B;IAC/F,IAAA,cAAM,EAAC,2BAA2B,yBAAkB,GAAG,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,yBAAkB,CAAC,CAAC;IAC7C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAChB,yBAAkB,EAClB,IAAI,CAAC,SAAS,CACZ;QACE,UAAU,kCAAO,UAAU,KAAE,UAAU,GAAE;QACzC,GAAG;KACJ,EACD,IAAI,EACJ,CAAC,CACF,EACD;QACE,IAAI,EAAE,KAAK;KACZ,CACF,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,GAAS,EAAE;IACpC,IAAI;QACF,kEAAkE;QAClE,MAAM,EAAE,CAAC,MAAM,CAAC,0BAAmB,CAAC,CAAC;QACrC,MAAM,EAAE,CAAC,EAAE,CAAC,0BAAmB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KACvD;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,YAAY,GAAG,CAAC,KAAiB,EAAE,EAAE,CAChD,KAAK,CAAC,OAAO,CACX,aAAa,EACb,kCAAkC,EAClC,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE;IACtB,YAAY,EAAE,IAAI;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,yBAAyB;CACpC,CAAC,EACJ,IAAA,2BAAe,EAAC,aAAK,CAAC,CACvB,CAAC;AAXS,QAAA,YAAY,gBAWrB;AAEJ,MAAM,oBAAoB,GAAG,CAAO,GAAe,EAAE,EAAE;IACrD,IAAI;QACF,MAAM,IAAA,kBAAM,EAAC,IAAA,eAAG,EAAC,KAAK,GAAG,CAAC,QAAQ,aAAa,CAAC,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,kBAAkB,EAAE,CAAC;QAC3B,MAAM,2CAA2C,CAAC;KACnD;AACH,CAAC,CAAA,CAAC"}
|
|
@@ -11,5 +11,5 @@ export declare const request: (command: "grant" | "request") => <T>(args: yargs.
|
|
|
11
11
|
wait?: boolean;
|
|
12
12
|
}>, authn?: Authn, options?: {
|
|
13
13
|
accessMessage?: string;
|
|
14
|
-
message?: "all" | "approval-required" | "none";
|
|
14
|
+
message?: "all" | "approval-required" | "none" | "quiet";
|
|
15
15
|
}) => Promise<RequestResponse<T> | undefined>;
|
|
@@ -92,10 +92,10 @@ const request = (command) => (args, authn, options) => __awaiter(void 0, void 0,
|
|
|
92
92
|
return "Requesting access";
|
|
93
93
|
}
|
|
94
94
|
};
|
|
95
|
-
const
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
95
|
+
const fetchCommandPromise = (0, api_1.fetchCommand)(resolvedAuthn, args, [command, ...args.arguments]);
|
|
96
|
+
const data = (options === null || options === void 0 ? void 0 : options.message) != "quiet"
|
|
97
|
+
? yield (0, stdio_1.spinUntil)(accessMessage(options === null || options === void 0 ? void 0 : options.message), fetchCommandPromise)
|
|
98
|
+
: yield fetchCommandPromise;
|
|
99
99
|
if (data && "ok" in data && "message" in data && data.ok) {
|
|
100
100
|
const logMessage = !(options === null || options === void 0 ? void 0 : options.message) ||
|
|
101
101
|
(options === null || options === void 0 ? void 0 : options.message) === "all" ||
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,6CAAkD;AAClD,uDAA8C;AAC9C,+CAAwD;AAGxD,kDAAgD;AAChD,2CAAiC;AAGjC,MAAM,YAAY,GAAG,KAAK,CAAC;AAE3B,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACnE,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC/D,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAE1E,MAAM,0BAA0B,GAAG;IACjC,QAAQ;IACR,iBAAiB,EAAE,QAAQ;IAC3B,IAAI,EAAE,QAAQ;IACd,aAAa,EAAE,QAAQ;IACvB,MAAM;IACN,OAAO;CACR,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,MAAW,EACwC,EAAE,CACrD,MAAM,IAAI,0BAA0B,CAAC;AAEhC,MAAM,WAAW,GAAG,CAAI,KAAoB,EAAE,EAAE,CACrD,KAAK;KACF,mBAAmB,CAAC,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC;KACxD,IAAI,CAAC,KAAK,CAAC,CAAC,4HAA4H;KACxI,MAAM,CAAC,MAAM,EAAE;IACd,KAAK,EAAE,GAAG;IACV,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,sCAAsC;CACjD,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC,CAAC;AAdM,QAAA,WAAW,eAcjB;AAEP,MAAM,cAAc,GAAG,CACrB,QAAgB,EAChB,SAAiB,EACjB,UAAmB,EACnB,EAAE;IACF,OAAA,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACpC,IAAI,UAAU;YACZ,IAAA,cAAM,EAAC,2DAA2D,CAAC,CAAC;QACtE,IAAI,MAAM,GAA+B,SAAS,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,sBAAU,EAC5B,IAAA,eAAG,EAAC,KAAK,QAAQ,wBAAwB,SAAS,EAAE,CAAC,EACrD,CAAC,IAAI,EAAE,EAAE;YACP,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;YACxB,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE;gBAC7B,IAAI,MAAM;oBAAE,YAAY,CAAC,MAAM,CAAC,CAAC;gBACjC,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;gBAChB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;gBAC7D,IAAI,IAAI,KAAK,CAAC,IAAI,UAAU;oBAAE,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC,CAAC;aACf;QACH,CAAC,CACF,CAAC;QACF,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE;YACvB,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;YAChB,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;YAC1D,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,YAAY,CAAC,CAAC;IACnB,CAAC,CAAC,CAAA;EAAA,CAAC;AAEE,MAAM,OAAO,GAClB,CAAC,OAA4B,EAAE,EAAE,CACjC,CACE,IAGE,EACF,KAAa,EACb,OAGC,EACwC,EAAE;IAC3C,MAAM,aAAa,GAAG,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,CAAC,MAAM,IAAA,mBAAY,GAAE,CAAC,CAAC;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC;IACzC,MAAM,aAAa,GAAG,CAAC,OAAgB,EAAE,EAAE;QACzC,QAAQ,OAAO,EAAE;YACf,KAAK,mBAAmB;gBACtB,OAAO,2BAA2B,CAAC;YACrC;gBACE,OAAO,mBAAmB,CAAC;SAC9B;IACH,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,6CAAkD;AAClD,uDAA8C;AAC9C,+CAAwD;AAGxD,kDAAgD;AAChD,2CAAiC;AAGjC,MAAM,YAAY,GAAG,KAAK,CAAC;AAE3B,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACnE,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC/D,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAE1E,MAAM,0BAA0B,GAAG;IACjC,QAAQ;IACR,iBAAiB,EAAE,QAAQ;IAC3B,IAAI,EAAE,QAAQ;IACd,aAAa,EAAE,QAAQ;IACvB,MAAM;IACN,OAAO;CACR,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,MAAW,EACwC,EAAE,CACrD,MAAM,IAAI,0BAA0B,CAAC;AAEhC,MAAM,WAAW,GAAG,CAAI,KAAoB,EAAE,EAAE,CACrD,KAAK;KACF,mBAAmB,CAAC,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC;KACxD,IAAI,CAAC,KAAK,CAAC,CAAC,4HAA4H;KACxI,MAAM,CAAC,MAAM,EAAE;IACd,KAAK,EAAE,GAAG;IACV,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,sCAAsC;CACjD,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC,CAAC;AAdM,QAAA,WAAW,eAcjB;AAEP,MAAM,cAAc,GAAG,CACrB,QAAgB,EAChB,SAAiB,EACjB,UAAmB,EACnB,EAAE;IACF,OAAA,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACpC,IAAI,UAAU;YACZ,IAAA,cAAM,EAAC,2DAA2D,CAAC,CAAC;QACtE,IAAI,MAAM,GAA+B,SAAS,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,sBAAU,EAC5B,IAAA,eAAG,EAAC,KAAK,QAAQ,wBAAwB,SAAS,EAAE,CAAC,EACrD,CAAC,IAAI,EAAE,EAAE;YACP,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;YACxB,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE;gBAC7B,IAAI,MAAM;oBAAE,YAAY,CAAC,MAAM,CAAC,CAAC;gBACjC,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;gBAChB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;gBAC7D,IAAI,IAAI,KAAK,CAAC,IAAI,UAAU;oBAAE,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC,CAAC;aACf;QACH,CAAC,CACF,CAAC;QACF,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE;YACvB,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;YAChB,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;YAC1D,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,YAAY,CAAC,CAAC;IACnB,CAAC,CAAC,CAAA;EAAA,CAAC;AAEE,MAAM,OAAO,GAClB,CAAC,OAA4B,EAAE,EAAE,CACjC,CACE,IAGE,EACF,KAAa,EACb,OAGC,EACwC,EAAE;IAC3C,MAAM,aAAa,GAAG,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,CAAC,MAAM,IAAA,mBAAY,GAAE,CAAC,CAAC;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC;IACzC,MAAM,aAAa,GAAG,CAAC,OAAgB,EAAE,EAAE;QACzC,QAAQ,OAAO,EAAE;YACf,KAAK,mBAAmB;gBACtB,OAAO,2BAA2B,CAAC;YACrC;gBACE,OAAO,mBAAmB,CAAC;SAC9B;IACH,CAAC,CAAC;IAEF,MAAM,mBAAmB,GAAG,IAAA,kBAAY,EACtC,aAAa,EACb,IAAI,EACJ,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAC7B,CAAC;IAEF,MAAM,IAAI,GACR,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,KAAI,OAAO;QACzB,CAAC,CAAC,MAAM,IAAA,iBAAS,EAAC,aAAa,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,EAAE,mBAAmB,CAAC;QACvE,CAAC,CAAC,MAAM,mBAAmB,CAAC;IAEhC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,SAAS,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE;QACxD,MAAM,UAAU,GACd,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;YACjB,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,KAAK;YAC1B,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,mBAAmB;gBACvC,CAAC,IAAI,CAAC,aAAa;gBACnB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxB,IAAI,UAAU;YAAE,IAAA,cAAM,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,IAAI,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE;YACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,CAAC,IAAI,CAAC,QAAQ,EAC5B,EAAE,EACF,UAAU,CACX,CAAC;YACF,IAAI,IAAI,EAAE;gBACR,gBAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACf,OAAO,SAAS,CAAC;aAClB;YACD,OAAO,IAAI,CAAC;SACb;;YAAM,OAAO,SAAS,CAAC;KACzB;SAAM;QACL,MAAM,IAAI,CAAC;KACZ;AACH,CAAC,CAAA,CAAC;AA3DS,QAAA,OAAO,WA2DhB"}
|
|
@@ -21,6 +21,17 @@ export type SshCommandArgs = BaseSshCommandArgs & {
|
|
|
21
21
|
arguments: string[];
|
|
22
22
|
command?: string;
|
|
23
23
|
};
|
|
24
|
+
export type SshResolveCommandArgs = SshCommandArgs & {
|
|
25
|
+
quiet?: boolean;
|
|
26
|
+
};
|
|
27
|
+
export type SshProxyCommandArgs = {
|
|
28
|
+
destination: string;
|
|
29
|
+
port: string;
|
|
30
|
+
provider: "aws" | "azure" | "gcloud";
|
|
31
|
+
requestJson: string;
|
|
32
|
+
debug?: boolean;
|
|
33
|
+
identityFile: string;
|
|
34
|
+
};
|
|
24
35
|
export type CommandArgs = ScpCommandArgs | SshCommandArgs;
|
|
25
36
|
export type SshAdditionalSetup = {
|
|
26
37
|
/** A list of SSH configuration options, as would be used after '-o' in an SSH command */
|
|
@@ -37,12 +48,12 @@ export declare const isSudoCommand: (args: {
|
|
|
37
48
|
sudo?: boolean;
|
|
38
49
|
command?: string;
|
|
39
50
|
}) => boolean;
|
|
40
|
-
export declare const provisionRequest: (authn: Authn, args: yargs.ArgumentsCamelCase<BaseSshCommandArgs>, destination: string) => Promise<{
|
|
51
|
+
export declare const provisionRequest: (authn: Authn, args: yargs.ArgumentsCamelCase<BaseSshCommandArgs>, destination: string, approvedOnly?: boolean, quiet?: boolean) => Promise<{
|
|
41
52
|
provisionedRequest: Request<PluginSshRequest>;
|
|
42
53
|
publicKey: string;
|
|
43
54
|
privateKey: string;
|
|
44
55
|
} | undefined>;
|
|
45
|
-
export declare const prepareRequest: (authn: Authn, args: yargs.ArgumentsCamelCase<BaseSshCommandArgs>, destination: string) => Promise<{
|
|
56
|
+
export declare const prepareRequest: (authn: Authn, args: yargs.ArgumentsCamelCase<BaseSshCommandArgs>, destination: string, approvedOnly?: boolean, quiet?: boolean) => Promise<{
|
|
46
57
|
request: any;
|
|
47
58
|
sshProvider: SshProvider<any, any, any, any>;
|
|
48
59
|
provisionedRequest: Request<PluginSshRequest>;
|
|
@@ -54,7 +54,7 @@ const pluginToCliRequest = (request, options) => __awaiter(void 0, void 0, void
|
|
|
54
54
|
});
|
|
55
55
|
const isSudoCommand = (args) => args.sudo || args.command === "sudo";
|
|
56
56
|
exports.isSudoCommand = isSudoCommand;
|
|
57
|
-
const provisionRequest = (authn, args, destination) => __awaiter(void 0, void 0, void 0, function* () {
|
|
57
|
+
const provisionRequest = (authn, args, destination, approvedOnly, quiet) => __awaiter(void 0, void 0, void 0, function* () {
|
|
58
58
|
yield validateSshInstall(authn, args);
|
|
59
59
|
const { publicKey, privateKey } = yield (0, keys_1.createKeyPair)();
|
|
60
60
|
const response = yield (0, request_1.request)("request")(Object.assign(Object.assign({}, (0, lodash_1.pick)(args, "$0", "_")), { arguments: [
|
|
@@ -63,13 +63,16 @@ const provisionRequest = (authn, args, destination) => __awaiter(void 0, void 0,
|
|
|
63
63
|
destination,
|
|
64
64
|
"--public-key",
|
|
65
65
|
publicKey,
|
|
66
|
+
...(approvedOnly ? ["--approved-only"] : []),
|
|
66
67
|
...(args.provider ? ["--provider", args.provider] : []),
|
|
67
68
|
...((0, exports.isSudoCommand)(args) ? ["--sudo"] : []),
|
|
68
69
|
...(args.reason ? ["--reason", args.reason] : []),
|
|
69
70
|
...(args.parent ? ["--parent", args.parent] : []),
|
|
70
|
-
], wait: true }), authn, { message: "approval-required" });
|
|
71
|
+
], wait: true }), authn, { message: quiet ? "quiet" : "approval-required" });
|
|
71
72
|
if (!response) {
|
|
72
|
-
(
|
|
73
|
+
if (!quiet) {
|
|
74
|
+
(0, stdio_1.print2)("Did not receive access ID from server");
|
|
75
|
+
}
|
|
73
76
|
return;
|
|
74
77
|
}
|
|
75
78
|
const { id, isPreexisting } = response;
|
|
@@ -81,8 +84,8 @@ const provisionRequest = (authn, args, destination) => __awaiter(void 0, void 0,
|
|
|
81
84
|
return { provisionedRequest, publicKey, privateKey };
|
|
82
85
|
});
|
|
83
86
|
exports.provisionRequest = provisionRequest;
|
|
84
|
-
const prepareRequest = (authn, args, destination) => __awaiter(void 0, void 0, void 0, function* () {
|
|
85
|
-
const result = yield (0, exports.provisionRequest)(authn, args, destination);
|
|
87
|
+
const prepareRequest = (authn, args, destination, approvedOnly, quiet) => __awaiter(void 0, void 0, void 0, function* () {
|
|
88
|
+
const result = yield (0, exports.provisionRequest)(authn, args, destination, approvedOnly, quiet);
|
|
86
89
|
if (!result) {
|
|
87
90
|
throw "Server did not return a request id. Please contact support@p0.dev for assistance.";
|
|
88
91
|
}
|
|
@@ -97,7 +100,7 @@ const prepareRequest = (authn, args, destination) => __awaiter(void 0, void 0, v
|
|
|
97
100
|
debug: args.debug,
|
|
98
101
|
});
|
|
99
102
|
const request = sshProvider.requestToSsh(cliRequest);
|
|
100
|
-
return Object.assign(Object.assign({}, result), { request, sshProvider });
|
|
103
|
+
return Object.assign(Object.assign({}, result), { request, sshProvider, provisionedRequest });
|
|
101
104
|
});
|
|
102
105
|
exports.prepareRequest = prepareRequest;
|
|
103
106
|
//# sourceMappingURL=ssh.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAAwC;AACxC,4CAAkD;AAClD,uDAA8C;AAC9C,+CAA6C;AAC7C,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAI1D,yCAMyB;AACzB,uCAAoC;AACpC,kDAA4C;AAC5C,mCAA8B;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAAwC;AACxC,4CAAkD;AAClD,uDAA8C;AAC9C,+CAA6C;AAC7C,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAI1D,yCAMyB;AACzB,uCAAoC;AACpC,kDAA4C;AAC5C,mCAA8B;AAsDjB,QAAA,aAAa,GAGtB;IACF,GAAG,EAAE,oBAAc;IACnB,KAAK,EAAE,sBAAgB;IACvB,MAAM,EAAE,oBAAc;CACvB,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,KAAY,EACZ,IAAkD,EAClD,EAAE;;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,kBAAM,EAC5B,IAAA,eAAG,EAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACzD,CAAC;IACF,MAAM,WAAW,GAAG,MAAA,SAAS,CAAC,IAAI,EAAE,0CAAG,WAAW,CAAC,CAAC;IAEpD,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ;QACpC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjB,CAAC,CAAC,2BAAqB,CAAC;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,EAAE,CAAC,CAAC,MAAM,CACpD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACf,KAAK,CAAC,KAAK,IAAI,WAAW;QAC1B,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAC5D,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,mEAAmE,CAAC;KAC3E;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,OAAkC,EAClC,OAA6B,EACI,EAAE;IACnC,OAAA,MAAM,qBAAa,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAC3D,OAAc,EACd,OAAO,CACR,CAAA;EAAA,CAAC;AAEG,MAAM,aAAa,GAAG,CAAC,IAA0C,EAAE,EAAE,CAC1E,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,CAAC;AAD1B,QAAA,aAAa,iBACa;AAEhC,MAAM,gBAAgB,GAAG,CAC9B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,YAAsB,EACtB,KAAe,EACf,EAAE;IACF,MAAM,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,oBAAa,GAAE,CAAC;IAExD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAElC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,SAAS;YACT,WAAW;YACX,cAAc;YACd,SAAS;YACT,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAA,qBAAa,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,CACnD,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,KAAK,EAAE;YACV,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;SACjD;QACD,OAAO;KACR;IACD,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IACvC,IAAI,CAAC,aAAa;QAAE,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;;QAC9D,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;IAE/D,MAAM,kBAAkB,GAAG,MAAM,IAAA,sBAAmB,EAClD,KAAK,EACL,EAAE,CACH,CAAC;IAEF,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACvD,CAAC,CAAA,CAAC;AAhDW,QAAA,gBAAgB,oBAgD3B;AAEK,MAAM,cAAc,GAAG,CAC5B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,YAAsB,EACtB,KAAe,EACf,EAAE;IACF,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAgB,EACnC,KAAK,EACL,IAAI,EACJ,WAAW,EACX,YAAY,EACZ,KAAK,CACN,CAAC;IACF,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mFAAmF,CAAC;KAC3F;IAED,MAAM,EAAE,kBAAkB,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAEjD,MAAM,WAAW,GAAG,qBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1E,IACE,WAAW,CAAC,cAAc;QAC1B,CAAC,WAAW,CAAC,cAAc,CAAC,kBAAkB,EAAE,SAAS,CAAC,EAC1D;QACA,MAAM,+DAA+D,CAAC;KACvE;IAED,MAAM,WAAW,CAAC,aAAa,EAAE,CAAC;IAElC,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,EAAE;QAC9D,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAErD,uCAAY,MAAM,KAAE,OAAO,EAAE,WAAW,EAAE,kBAAkB,IAAG;AACjE,CAAC,CAAA,CAAC;AArCW,QAAA,cAAc,kBAqCzB"}
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
+
});
|
|
33
|
+
};
|
|
34
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
35
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
|
+
};
|
|
37
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
+
exports.sshProxyCommand = void 0;
|
|
39
|
+
/** Copyright © 2024-present P0 Security
|
|
40
|
+
|
|
41
|
+
This file is part of @p0security/cli
|
|
42
|
+
|
|
43
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
44
|
+
|
|
45
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
46
|
+
|
|
47
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
48
|
+
**/
|
|
49
|
+
const auth_1 = require("../drivers/auth");
|
|
50
|
+
const firestore_1 = require("../drivers/firestore");
|
|
51
|
+
const ssh_1 = require("../plugins/ssh");
|
|
52
|
+
const util_1 = require("../util");
|
|
53
|
+
const ssh_2 = require("./shared/ssh");
|
|
54
|
+
const fs = __importStar(require("fs/promises"));
|
|
55
|
+
const path_1 = __importDefault(require("path"));
|
|
56
|
+
const sshProxyCommand = (yargs) => yargs.command("ssh-proxy <destination>", "SSH into a virtual machine", (yargs) => yargs
|
|
57
|
+
.positional("destination", {
|
|
58
|
+
type: "string",
|
|
59
|
+
demandOption: true,
|
|
60
|
+
})
|
|
61
|
+
.option("port", {
|
|
62
|
+
type: "string",
|
|
63
|
+
demandOption: true,
|
|
64
|
+
})
|
|
65
|
+
.option("provider", {
|
|
66
|
+
requiresArg: true,
|
|
67
|
+
type: "string",
|
|
68
|
+
describe: "The cloud provider where the instance is hosted",
|
|
69
|
+
choices: ["aws", "azure", "gcloud"],
|
|
70
|
+
demandOption: true,
|
|
71
|
+
})
|
|
72
|
+
.option("identityFile", {
|
|
73
|
+
alias: "i",
|
|
74
|
+
requiresArg: true,
|
|
75
|
+
type: "string",
|
|
76
|
+
describe: "Path to the private key file to use for the SSH connection",
|
|
77
|
+
demandOption: true,
|
|
78
|
+
})
|
|
79
|
+
.option("requestJson", {
|
|
80
|
+
requiresArg: true,
|
|
81
|
+
type: "string",
|
|
82
|
+
describe: "JSON string of the SSH request",
|
|
83
|
+
demandOption: true,
|
|
84
|
+
})
|
|
85
|
+
.option("debug", {
|
|
86
|
+
type: "boolean",
|
|
87
|
+
describe: "Print debug information.",
|
|
88
|
+
})
|
|
89
|
+
.usage("$0 ssh-proxy <destination>"), (0, firestore_1.fsShutdownGuard)(sshProxyAction));
|
|
90
|
+
exports.sshProxyCommand = sshProxyCommand;
|
|
91
|
+
const sshProxyAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
92
|
+
var _a;
|
|
93
|
+
// Prefix is required because the backend uses it to determine that this is an AWS request
|
|
94
|
+
const authn = yield (0, auth_1.authenticate)();
|
|
95
|
+
// TODO(ENG-3142): Azure SSH currently doesn't support specifying a port; throw an error if one is set.
|
|
96
|
+
if (args.provider === "azure" && args.port != "22") {
|
|
97
|
+
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
98
|
+
}
|
|
99
|
+
const sshProvider = ssh_2.SSH_PROVIDERS[args.provider];
|
|
100
|
+
const requestJson = yield fs.readFile(args.requestJson, "utf8");
|
|
101
|
+
const request = JSON.parse(requestJson);
|
|
102
|
+
const privateKey = yield fs.readFile(args.identityFile, "utf8");
|
|
103
|
+
const destination = (0, ssh_1.verifyDestinationString)(args.destination);
|
|
104
|
+
const configLocation = path_1.default.join(util_1.P0_PATH, "ssh", "configs", `${destination}.config` // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
|
105
|
+
);
|
|
106
|
+
if (args.debug) {
|
|
107
|
+
("Deleting request JSON file");
|
|
108
|
+
}
|
|
109
|
+
yield fs.rm(args.requestJson);
|
|
110
|
+
if (args.debug) {
|
|
111
|
+
("Deleting ssh Config file");
|
|
112
|
+
}
|
|
113
|
+
yield fs.rm(configLocation);
|
|
114
|
+
yield (0, ssh_1.sshProxy)({
|
|
115
|
+
authn,
|
|
116
|
+
cmdArgs: args,
|
|
117
|
+
request,
|
|
118
|
+
privateKey,
|
|
119
|
+
debug: (_a = args.debug) !== null && _a !== void 0 ? _a : false,
|
|
120
|
+
sshProvider,
|
|
121
|
+
port: args.port,
|
|
122
|
+
});
|
|
123
|
+
});
|
|
124
|
+
//# sourceMappingURL=ssh-proxy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-proxy.js","sourceRoot":"","sources":["../../src/commands/ssh-proxy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,oDAAuD;AACvD,wCAAmE;AACnE,kCAAkC;AAClC,sCAAkE;AAClE,gDAAkC;AAClC,gDAAwB;AAGjB,MAAM,eAAe,GAAG,CAAC,KAAiB,EAAE,EAAE,CACnD,KAAK,CAAC,OAAO,CACX,yBAAyB,EACzB,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;IACnC,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,cAAc,EAAE;IACtB,KAAK,EAAE,GAAG;IACV,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,4DAA4D;IAC9D,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,aAAa,EAAE;IACrB,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,gCAAgC;IAC1C,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,4BAA4B,CAAC,EAExC,IAAA,2BAAe,EAAC,cAAc,CAAC,CAChC,CAAC;AA1CS,QAAA,eAAe,mBA0CxB;AAEJ,MAAM,cAAc,GAAG,CACrB,IAAmD,EACnD,EAAE;;IACF,0FAA0F;IAC1F,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,uGAAuG;IACvG,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE;QAClD,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,WAAW,GAAG,mBAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEjD,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAEhE,MAAM,WAAW,GAAG,IAAA,6BAAuB,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9D,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAC9B,cAAO,EACP,KAAK,EACL,SAAS,EACT,GAAG,WAAW,SAAS,CAAC,mHAAmH;KAC5I,CAAC;IAEF,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,CAAC,4BAA4B,CAAC,CAAC;KAChC;IACD,MAAM,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9B,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,CAAC,0BAA0B,CAAC,CAAC;KAC9B;IACD,MAAM,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;IAE5B,MAAM,IAAA,cAAQ,EAAC;QACb,KAAK;QACL,OAAO,EAAE,IAAI;QACb,OAAO;QACP,UAAU;QACV,KAAK,EAAE,MAAA,IAAI,CAAC,KAAK,mCAAI,KAAK;QAC1B,WAAW;QACX,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC,CAAC;AACL,CAAC,CAAA,CAAC"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.sshResolveCommand = void 0;
|
|
16
|
+
/** Copyright © 2024-present P0 Security
|
|
17
|
+
|
|
18
|
+
This file is part of @p0security/cli
|
|
19
|
+
|
|
20
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
21
|
+
|
|
22
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
23
|
+
|
|
24
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
|
+
**/
|
|
26
|
+
const keys_1 = require("../common/keys");
|
|
27
|
+
const auth_1 = require("../drivers/auth");
|
|
28
|
+
const env_1 = require("../drivers/env");
|
|
29
|
+
const firestore_1 = require("../drivers/firestore");
|
|
30
|
+
const stdio_1 = require("../drivers/stdio");
|
|
31
|
+
const ssh_1 = require("../plugins/ssh");
|
|
32
|
+
const util_1 = require("../util");
|
|
33
|
+
const ssh_2 = require("./shared/ssh");
|
|
34
|
+
const fs_1 = __importDefault(require("fs"));
|
|
35
|
+
const path_1 = __importDefault(require("path"));
|
|
36
|
+
const tmp_promise_1 = __importDefault(require("tmp-promise"));
|
|
37
|
+
const sshResolveCommand = (yargs) => yargs.command("ssh-resolve <destination>", "SSH into a virtual machine", (yargs) => yargs
|
|
38
|
+
.positional("destination", {
|
|
39
|
+
type: "string",
|
|
40
|
+
demandOption: true,
|
|
41
|
+
})
|
|
42
|
+
.option("parent", {
|
|
43
|
+
type: "string",
|
|
44
|
+
describe: "The containing parent resource which the instance belongs to (account, project, subscription, etc.)",
|
|
45
|
+
})
|
|
46
|
+
.option("provider", {
|
|
47
|
+
type: "string",
|
|
48
|
+
describe: "The cloud provider where the instance is hosted",
|
|
49
|
+
choices: ["aws", "azure", "gcloud"],
|
|
50
|
+
})
|
|
51
|
+
.option("debug", {
|
|
52
|
+
type: "boolean",
|
|
53
|
+
describe: "Print debug information.",
|
|
54
|
+
})
|
|
55
|
+
.option("quiet", {
|
|
56
|
+
alias: "q",
|
|
57
|
+
type: "boolean",
|
|
58
|
+
describe: "Suppress output",
|
|
59
|
+
}), (0, firestore_1.fsShutdownGuard)(sshResolveAction));
|
|
60
|
+
exports.sshResolveCommand = sshResolveCommand;
|
|
61
|
+
/** Determine if an SSH backend is accessible to the user and prepares local files for access
|
|
62
|
+
*
|
|
63
|
+
* Creates an access request with approvedOnly and creates any
|
|
64
|
+
* key or credential files necessary for the SSH connection.
|
|
65
|
+
* Finally writes any ssh settings to an ssh config for use by
|
|
66
|
+
* a parent ssh process
|
|
67
|
+
*
|
|
68
|
+
*/
|
|
69
|
+
const sshResolveAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
70
|
+
var _a, _b, _c;
|
|
71
|
+
const silentlyExit = (0, util_1.conditionalAbortBeforeThrow)((_a = args.quiet) !== null && _a !== void 0 ? _a : false);
|
|
72
|
+
const authn = yield (0, auth_1.authenticate)({ noRefresh: true }).catch(silentlyExit);
|
|
73
|
+
let destination = args.destination;
|
|
74
|
+
try {
|
|
75
|
+
destination = (0, ssh_1.verifyDestinationString)(args.destination);
|
|
76
|
+
}
|
|
77
|
+
catch (e) {
|
|
78
|
+
if (!args.quiet) {
|
|
79
|
+
throw e;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
const { request, provisionedRequest } = yield (0, ssh_2.prepareRequest)(authn, args, destination, true, args.quiet).catch(silentlyExit);
|
|
83
|
+
const sshProvider = ssh_2.SSH_PROVIDERS[provisionedRequest.permission.provider];
|
|
84
|
+
if (args.debug) {
|
|
85
|
+
(0, stdio_1.print2)("Generating Keys");
|
|
86
|
+
}
|
|
87
|
+
const keys = yield ((_b = sshProvider === null || sshProvider === void 0 ? void 0 : sshProvider.generateKeys) === null || _b === void 0 ? void 0 : _b.call(sshProvider, provisionedRequest.permission.resource, {
|
|
88
|
+
debug: args.debug,
|
|
89
|
+
}));
|
|
90
|
+
const tmpFile = tmp_promise_1.default.fileSync();
|
|
91
|
+
if (args.debug) {
|
|
92
|
+
(0, stdio_1.print2)("Writing request output to disk for use by ssh-proxy");
|
|
93
|
+
}
|
|
94
|
+
fs_1.default.writeFileSync(tmpFile.name, JSON.stringify(request, null, 2));
|
|
95
|
+
const identityFile = (_c = keys === null || keys === void 0 ? void 0 : keys.privateKeyPath) !== null && _c !== void 0 ? _c : keys_1.PRIVATE_KEY_PATH;
|
|
96
|
+
const certificateInfo = (keys === null || keys === void 0 ? void 0 : keys.certificatePath)
|
|
97
|
+
? `CertificateFile ${keys.certificatePath}`
|
|
98
|
+
: "";
|
|
99
|
+
const p0Executable = env_1.bootstrapConfig.appPath;
|
|
100
|
+
const data = `Host ${destination}
|
|
101
|
+
Hostname ${destination}
|
|
102
|
+
User ${request.linuxUserName}
|
|
103
|
+
IdentityFile ${identityFile}
|
|
104
|
+
${certificateInfo}
|
|
105
|
+
PasswordAuthentication no
|
|
106
|
+
ProxyCommand ${p0Executable} ssh-proxy %h --port %p --provider ${provisionedRequest.permission.provider} --identity-file ${identityFile} --request-json ${tmpFile.name} ${args.debug ? "--debug" : ""}`;
|
|
107
|
+
yield fs_1.default.promises.mkdir(path_1.default.join(util_1.P0_PATH, "ssh", "configs"), {
|
|
108
|
+
recursive: true,
|
|
109
|
+
});
|
|
110
|
+
const configLocation = path_1.default.join(util_1.P0_PATH, "ssh", "configs", `${destination}.config` // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
|
111
|
+
);
|
|
112
|
+
if (args.debug) {
|
|
113
|
+
(0, stdio_1.print2)("Writing ssh config file");
|
|
114
|
+
(0, stdio_1.print2)(data);
|
|
115
|
+
}
|
|
116
|
+
fs_1.default.writeFileSync(configLocation, data);
|
|
117
|
+
});
|
|
118
|
+
//# sourceMappingURL=ssh-resolve.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-resolve.js","sourceRoot":"","sources":["../../src/commands/ssh-resolve.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,yCAAkD;AAClD,0CAA+C;AAC/C,wCAAiD;AACjD,oDAAuD;AACvD,4CAA0C;AAC1C,wCAAyD;AACzD,kCAA+D;AAC/D,sCAIsB;AACtB,4CAAoB;AACpB,gDAAwB;AACxB,8DAA8B;AAGvB,MAAM,iBAAiB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACrD,KAAK,CAAC,OAAO,CACX,2BAA2B,EAC3B,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,iBAAiB;CAC5B,CAAC,EAEN,IAAA,2BAAe,EAAC,gBAAgB,CAAC,CAClC,CAAC;AA/BS,QAAA,iBAAiB,qBA+B1B;AAEJ;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,IAAqD,EACrD,EAAE;;IACF,MAAM,YAAY,GAAG,IAAA,kCAA2B,EAAC,MAAA,IAAI,CAAC,KAAK,mCAAI,KAAK,CAAC,CAAC;IAEtE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE1E,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACnC,IAAI;QACF,WAAW,GAAG,IAAA,6BAAuB,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KACzD;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;YACf,MAAM,CAAC,CAAC;SACT;KACF;IAED,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC1D,KAAK,EACL,IAAI,EACJ,WAAW,EACX,IAAI,EACJ,IAAI,CAAC,KAAK,CACX,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAEtB,MAAM,WAAW,GAAG,mBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC;KAC3B;IACD,MAAM,IAAI,GAAG,MAAM,CAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,4DAC1C,kBAAkB,CAAC,UAAU,CAAC,QAAQ,EACtC;QACE,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CACF,CAAA,CAAC;IAEF,MAAM,OAAO,GAAG,qBAAG,CAAC,QAAQ,EAAE,CAAC;IAE/B,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,qDAAqD,CAAC,CAAC;KAC/D;IACD,YAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjE,MAAM,YAAY,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,cAAc,mCAAI,uBAAgB,CAAC;IAC9D,MAAM,eAAe,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe;QAC3C,CAAC,CAAC,mBAAmB,IAAI,CAAC,eAAe,EAAE;QAC3C,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,YAAY,GAAG,qBAAe,CAAC,OAAO,CAAC;IAE7C,MAAM,IAAI,GAAG,QAAQ,WAAW;aACrB,WAAW;SACf,OAAO,CAAC,aAAa;iBACb,YAAY;IACzB,eAAe;;iBAEF,YAAY,sCAAsC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,oBAAoB,YAAY,mBAAmB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAExM,MAAM,YAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE;QAC5D,SAAS,EAAE,IAAI;KAChB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAC9B,cAAO,EACP,KAAK,EACL,SAAS,EACT,GAAG,WAAW,SAAS,CAAC,mHAAmH;KAC5I,CAAC;IAEF,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,yBAAyB,CAAC,CAAC;QAClC,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;KACd;IACD,YAAE,CAAC,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAA,CAAC"}
|
package/dist/drivers/env.d.ts
CHANGED
package/dist/drivers/env.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
|
|
5
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.bootstrapConfig = void 0;
|
|
8
8
|
/** Copyright © 2024-present P0 Security
|
|
@@ -41,6 +41,7 @@ exports.bootstrapConfig = {
|
|
|
41
41
|
publicClientSecretForPkce: (_h = env.P0_GOOGLE_OIDC_CLIENT_SECRET) !== null && _h !== void 0 ? _h : "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",
|
|
42
42
|
},
|
|
43
43
|
appUrl: (_j = env.P0_APP_URL) !== null && _j !== void 0 ? _j : "https://api.p0.app",
|
|
44
|
-
|
|
44
|
+
appPath: (_k = env.P0_APP_PATH) !== null && _k !== void 0 ? _k : "p0",
|
|
45
|
+
environment: (_l = env.P0_ENV) !== null && _l !== void 0 ? _l : "production",
|
|
45
46
|
};
|
|
46
47
|
//# sourceMappingURL=env.js.map
|
package/dist/drivers/env.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
|
|
1
|
+
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,OAAO,EAAE,MAAA,GAAG,CAAC,WAAW,mCAAI,IAAI;IAChC,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
|
|
@@ -1,13 +1,3 @@
|
|
|
1
|
-
/** Copyright © 2024-present P0 Security
|
|
2
|
-
|
|
3
|
-
This file is part of @p0security/cli
|
|
4
|
-
|
|
5
|
-
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
-
|
|
7
|
-
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
-
|
|
9
|
-
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
-
**/
|
|
11
1
|
import { SshProvider } from "../../types/ssh";
|
|
12
2
|
import { AwsCredentials, AwsSshPermissionSpec, AwsSshRequest } from "./types";
|
|
13
3
|
export declare const awsSshProvider: SshProvider<AwsSshPermissionSpec, undefined, AwsSshRequest, AwsCredentials>;
|
package/dist/plugins/aws/ssh.js
CHANGED
|
@@ -10,6 +10,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.awsSshProvider = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const keys_1 = require("../../common/keys");
|
|
13
24
|
const util_1 = require("../../util");
|
|
14
25
|
const aws_1 = require("../okta/aws");
|
|
15
26
|
const config_1 = require("./config");
|
|
@@ -64,7 +75,7 @@ exports.awsSshProvider = {
|
|
|
64
75
|
friendlyName: "AWS",
|
|
65
76
|
propagationTimeoutMs: PROPAGATION_TIMEOUT_LIMIT_MS,
|
|
66
77
|
preTestAccessPropagationArgs: () => undefined,
|
|
67
|
-
proxyCommand: (request) => {
|
|
78
|
+
proxyCommand: (request, port) => {
|
|
68
79
|
return [
|
|
69
80
|
"aws",
|
|
70
81
|
"ssm",
|
|
@@ -72,11 +83,11 @@ exports.awsSshProvider = {
|
|
|
72
83
|
"--region",
|
|
73
84
|
request.region,
|
|
74
85
|
"--target",
|
|
75
|
-
|
|
86
|
+
request.id,
|
|
76
87
|
"--document-name",
|
|
77
88
|
START_SSH_SESSION_DOCUMENT_NAME,
|
|
78
89
|
"--parameters",
|
|
79
|
-
|
|
90
|
+
port ? `portNumber=${port}` : "portNumber=%p",
|
|
80
91
|
];
|
|
81
92
|
},
|
|
82
93
|
reproCommands: (request) => {
|
|
@@ -88,6 +99,11 @@ exports.awsSshProvider = {
|
|
|
88
99
|
}
|
|
89
100
|
return undefined;
|
|
90
101
|
},
|
|
102
|
+
generateKeys: (_) => __awaiter(void 0, void 0, void 0, function* () {
|
|
103
|
+
return {
|
|
104
|
+
privateKeyPath: keys_1.PRIVATE_KEY_PATH,
|
|
105
|
+
};
|
|
106
|
+
}),
|
|
91
107
|
requestToSsh: (request) => {
|
|
92
108
|
const { permission, generated } = request;
|
|
93
109
|
const { resource, region } = permission;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAAqD;AAErD,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAO,CAAC,EAAE,EAAE;QACxB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|