@p0security/cli 0.13.5 → 0.13.7

package/dist/commands/ssh-resolve.js

@@ -0,0 +1,118 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sshResolveCommand = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const keys_1 = require("../common/keys");
+const auth_1 = require("../drivers/auth");
+const env_1 = require("../drivers/env");
+const firestore_1 = require("../drivers/firestore");
+const stdio_1 = require("../drivers/stdio");
+const ssh_1 = require("../plugins/ssh");
+const util_1 = require("../util");
+const ssh_2 = require("./shared/ssh");
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const tmp_promise_1 = __importDefault(require("tmp-promise"));
+const sshResolveCommand = (yargs) => yargs.command("ssh-resolve <destination>", "SSH into a virtual machine", (yargs) => yargs
+    .positional("destination", {
+    type: "string",
+    demandOption: true,
+})
+    .option("parent", {
+    type: "string",
+    describe: "The containing parent resource which the instance belongs to (account, project, subscription, etc.)",
+})
+    .option("provider", {
+    type: "string",
+    describe: "The cloud provider where the instance is hosted",
+    choices: ["aws", "azure", "gcloud"],
+})
+    .option("debug", {
+    type: "boolean",
+    describe: "Print debug information.",
+})
+    .option("quiet", {
+    alias: "q",
+    type: "boolean",
+    describe: "Suppress output",
+}), (0, firestore_1.fsShutdownGuard)(sshResolveAction));
+exports.sshResolveCommand = sshResolveCommand;
+/** Determine if an SSH backend is accessible to the user and prepares local files for access
+ *
+ * Creates an access request with approvedOnly and creates any
+ * key or credential files necessary for the SSH connection.
+ * Finally writes any ssh settings to an ssh config for use by
+ * a parent ssh process
+ *
+ */
+const sshResolveAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b, _c;
+    const silentlyExit = (0, util_1.conditionalAbortBeforeThrow)((_a = args.quiet) !== null && _a !== void 0 ? _a : false);
+    const authn = yield (0, auth_1.authenticate)({ noRefresh: true }).catch(silentlyExit);
+    let destination = args.destination;
+    try {
+        destination = (0, ssh_1.verifyDestinationString)(args.destination);
+    }
+    catch (e) {
+        if (!args.quiet) {
+            throw e;
+        }
+    }
+    const { request, provisionedRequest } = yield (0, ssh_2.prepareRequest)(authn, args, destination, true, args.quiet).catch(silentlyExit);
+    const sshProvider = ssh_2.SSH_PROVIDERS[provisionedRequest.permission.provider];
+    if (args.debug) {
+        (0, stdio_1.print2)("Generating Keys");
+    }
+    const keys = yield ((_b = sshProvider === null || sshProvider === void 0 ? void 0 : sshProvider.generateKeys) === null || _b === void 0 ? void 0 : _b.call(sshProvider, provisionedRequest.permission.resource, {
+        debug: args.debug,
+    }));
+    const tmpFile = tmp_promise_1.default.fileSync();
+    if (args.debug) {
+        (0, stdio_1.print2)("Writing request output to disk for use by ssh-proxy");
+    }
+    fs_1.default.writeFileSync(tmpFile.name, JSON.stringify(request, null, 2));
+    const identityFile = (_c = keys === null || keys === void 0 ? void 0 : keys.privateKeyPath) !== null && _c !== void 0 ? _c : keys_1.PRIVATE_KEY_PATH;
+    const certificateInfo = (keys === null || keys === void 0 ? void 0 : keys.certificatePath)
+        ? `CertificateFile ${keys.certificatePath}`
+        : "";
+    const p0Executable = env_1.bootstrapConfig.appPath;
+    const data = `Host ${destination}
+  Hostname ${destination}
+  User ${request.linuxUserName}
+  IdentityFile ${identityFile}
+  ${certificateInfo}
+  PasswordAuthentication no
+  ProxyCommand ${p0Executable} ssh-proxy %h --port %p --provider ${provisionedRequest.permission.provider} --identity-file ${identityFile} --request-json ${tmpFile.name} ${args.debug ? "--debug" : ""}`;
+    yield fs_1.default.promises.mkdir(path_1.default.join(util_1.P0_PATH, "ssh", "configs"), {
+        recursive: true,
+    });
+    const configLocation = path_1.default.join(util_1.P0_PATH, "ssh", "configs", `${destination}.config` // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
+    );
+    if (args.debug) {
+        (0, stdio_1.print2)("Writing ssh config file");
+        (0, stdio_1.print2)(data);
+    }
+    fs_1.default.writeFileSync(configLocation, data);
+});
+//# sourceMappingURL=ssh-resolve.js.map

package/dist/commands/ssh-resolve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-resolve.js","sourceRoot":"","sources":["../../src/commands/ssh-resolve.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,yCAAkD;AAClD,0CAA+C;AAC/C,wCAAiD;AACjD,oDAAuD;AACvD,4CAA0C;AAC1C,wCAAyD;AACzD,kCAA+D;AAC/D,sCAIsB;AACtB,4CAAoB;AACpB,gDAAwB;AACxB,8DAA8B;AAGvB,MAAM,iBAAiB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACrD,KAAK,CAAC,OAAO,CACX,2BAA2B,EAC3B,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,iBAAiB;CAC5B,CAAC,EAEN,IAAA,2BAAe,EAAC,gBAAgB,CAAC,CAClC,CAAC;AA/BS,QAAA,iBAAiB,qBA+B1B;AAEJ;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,IAAqD,EACrD,EAAE;;IACF,MAAM,YAAY,GAAG,IAAA,kCAA2B,EAAC,MAAA,IAAI,CAAC,KAAK,mCAAI,KAAK,CAAC,CAAC;IAEtE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE1E,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACnC,IAAI;QACF,WAAW,GAAG,IAAA,6BAAuB,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KACzD;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;YACf,MAAM,CAAC,CAAC;SACT;KACF;IAED,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC1D,KAAK,EACL,IAAI,EACJ,WAAW,EACX,IAAI,EACJ,IAAI,CAAC,KAAK,CACX,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAEtB,MAAM,WAAW,GAAG,mBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC;KAC3B;IACD,MAAM,IAAI,GAAG,MAAM,CAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,4DAC1C,kBAAkB,CAAC,UAAU,CAAC,QAAQ,EACtC;QACE,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CACF,CAAA,CAAC;IAEF,MAAM,OAAO,GAAG,qBAAG,CAAC,QAAQ,EAAE,CAAC;IAE/B,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,qDAAqD,CAAC,CAAC;KAC/D;IACD,YAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjE,MAAM,YAAY,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,cAAc,mCAAI,uBAAgB,CAAC;IAC9D,MAAM,eAAe,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe;QAC3C,CAAC,CAAC,mBAAmB,IAAI,CAAC,eAAe,EAAE;QAC3C,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,YAAY,GAAG,qBAAe,CAAC,OAAO,CAAC;IAE7C,MAAM,IAAI,GAAG,QAAQ,WAAW;aACrB,WAAW;SACf,OAAO,CAAC,aAAa;iBACb,YAAY;IACzB,eAAe;;iBAEF,YAAY,sCAAsC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,oBAAoB,YAAY,mBAAmB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAExM,MAAM,YAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE;QAC5D,SAAS,EAAE,IAAI;KAChB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAC9B,cAAO,EACP,KAAK,EACL,SAAS,EACT,GAAG,WAAW,SAAS,CAAC,mHAAmH;KAC5I,CAAC;IAEF,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,yBAAyB,CAAC,CAAC;QAClC,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;KACd;IACD,YAAE,CAAC,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAA,CAAC"}

package/dist/drivers/api.d.ts

@@ -11,4 +11,8 @@ You should have received a copy of the GNU General Public License along with @p0
 import { Authn } from "../types/identity";
 import yargs from "yargs";
 export declare const fetchCommand: <T>(authn: Authn, args: yargs.ArgumentsCamelCase, argv: string[]) => Promise<T>;
+export declare const submitPublicKey: <T>(authn: Authn, args: {
+    publicKey: string;
+    requestId: string;
+}) => Promise<T>;
 export declare const baseFetch: <T>(authn: Authn, url: string, method: string, body: string) => Promise<T>;

package/dist/drivers/api.js

@@ -32,10 +32,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.baseFetch = exports.fetchCommand = void 0;
+exports.baseFetch = exports.submitPublicKey = exports.fetchCommand = void 0;
 const config_1 = require("./config");
 const path = __importStar(require("node:path"));
 const tenantUrl = (tenant) => `${(0, config_1.getTenantConfig)().appUrl}/o/${tenant}`;
+const publicKeysUrl = (tenant) => `${tenantUrl(tenant)}/integrations/ssh/public-keys`;
 const commandUrl = (tenant) => `${tenantUrl(tenant)}/command/`;
 const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, function* () {
     return (0, exports.baseFetch)(authn, commandUrl(authn.identity.org.slug), "POST", JSON.stringify({
@@ -44,6 +45,13 @@ const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, fu
     }));
 });
 exports.fetchCommand = fetchCommand;
+const submitPublicKey = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
+    return (0, exports.baseFetch)(authn, publicKeysUrl(authn.identity.org.slug), "POST", JSON.stringify({
+        requestId: args.requestId,
+        publicKey: args.publicKey,
+    }));
+});
+exports.submitPublicKey = submitPublicKey;
 const baseFetch = (authn, url, method, body) => __awaiter(void 0, void 0, void 0, function* () {
     const token = yield authn.userCredential.user.getIdToken();
     try {

package/dist/drivers/api.js.map

@@ -1 +1 @@
-{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,qCAA2C;AAC3C,gDAAkC;AAGlC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,wBAAe,GAAE,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC;AAChF,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC;AAEhE,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,IAA8B,EAC9B,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACnC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,IAAI;QACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;KACnC,CAAC,CACH,CAAA;EAAA,CAAC;AAbS,QAAA,YAAY,gBAarB;AAEG,MAAM,SAAS,GAAG,CACvB,KAAY,EACZ,GAAW,EACX,MAAc,EACd,IAAY,EACZ,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;IAE3D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,IAAI,IAAI,EAAE;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,IAAS,CAAC;KAClB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,cAAc,EAAE;YAClE,MAAM,gDAAgD,GAAG,GAAG,CAAC;SAC9D;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA9BW,QAAA,SAAS,aA8BpB"}
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,qCAA2C;AAC3C,gDAAkC;AAGlC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,wBAAe,GAAE,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC;AAChF,MAAM,aAAa,GAAG,CAAC,MAAc,EAAE,EAAE,CACvC,GAAG,SAAS,CAAC,MAAM,CAAC,+BAA+B,CAAC;AACtD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC;AAEhE,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,IAA8B,EAC9B,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACnC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,IAAI;QACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;KACnC,CAAC,CACH,CAAA;EAAA,CAAC;AAbS,QAAA,YAAY,gBAarB;AAEG,MAAM,eAAe,GAAG,CAC7B,KAAY,EACZ,IAA8C,EAC9C,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACtC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC,CACH,CAAA;EAAA,CAAC;AAZS,QAAA,eAAe,mBAYxB;AAEG,MAAM,SAAS,GAAG,CACvB,KAAY,EACZ,GAAW,EACX,MAAc,EACd,IAAY,EACZ,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;IAE3D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,IAAI,IAAI,EAAE;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,IAAS,CAAC;KAClB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,cAAc,EAAE;YAClE,MAAM,gDAAgD,GAAG,GAAG,CAAC;SAC9D;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA9BW,QAAA,SAAS,aA8BpB"}

package/dist/drivers/{__mocks__/auth.js → auth/__mocks__/index.js}

@@ -44,4 +44,4 @@ const authenticate = () => __awaiter(void 0, void 0, void 0, function* () {
 exports.authenticate = authenticate;
 const cached = (_label, callback) => __awaiter(void 0, void 0, void 0, function* () { return yield callback(); });
 exports.cached = cached;
-//# sourceMappingURL=auth.js.map
+//# sourceMappingURL=index.js.map

package/dist/drivers/auth/__mocks__/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/drivers/auth/__mocks__/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACI,MAAM,YAAY,GAAG,GAAS,EAAE;IAAC,OAAA,CAAC;QACvC,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,YAAY,EAAE,mBAAmB;aAClC;YACD,GAAG,EAAE;gBACH,WAAW,EAAE,WAAW;gBACxB,cAAc,EAAE,eAAe;gBAC/B,YAAY,EAAE,MAAM;gBACpB,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,aAAa;aACxB;SACF;QACD,cAAc,EAAE;YACd,IAAI,EAAE;gBACJ,QAAQ,EAAE,aAAa;aACxB;SACF;KACF,CAAC,CAAA;EAAA,CAAC;AAlBU,QAAA,YAAY,gBAkBtB;AAEI,MAAM,MAAM,GAAG,CAAO,MAAc,EAAE,QAA4B,EAAE,EAAE,kDAC3E,OAAA,MAAM,QAAQ,EAAE,CAAA,GAAA,CAAC;AADN,QAAA,MAAM,UACA"}

package/dist/drivers/auth/index.d.ts

@@ -0,0 +1,11 @@
+import { Authn } from "../../types/identity";
+import { TokenResponse } from "../../types/oidc";
+import { OrgData } from "../../types/org";
+export declare const cached: <T>(name: string, loader: () => Promise<T>, options: {
+    duration: number;
+}, hasExpired?: ((data: T) => boolean) | undefined) => Promise<T>;
+export declare const writeIdentity: (org: OrgData, credential: TokenResponse) => Promise<void>;
+export declare const deleteIdentity: () => Promise<void>;
+export declare const authenticate: (options?: {
+    noRefresh?: boolean;
+}) => Promise<Authn>;

package/dist/drivers/{auth.js → auth/index.js}

@@ -32,7 +32,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.authenticate = exports.cached = exports.IDENTITY_CACHE_PATH = exports.IDENTITY_FILE_PATH = void 0;
+exports.authenticate = exports.deleteIdentity = exports.writeIdentity = exports.cached = void 0;
 /** Copyright © 2024-present P0 Security
 
 This file is part of @p0security/cli
@@ -43,20 +43,19 @@ This file is part of @p0security/cli
 
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
-const login_1 = require("../commands/login");
-const util_1 = require("../util");
-const firestore_1 = require("./firestore");
-const stdio_1 = require("./stdio");
+const login_1 = require("../../commands/login");
+const firestore_1 = require("../firestore");
+const stdio_1 = require("../stdio");
+const path_1 = require("./path");
 const fs = __importStar(require("fs/promises"));
 const path = __importStar(require("path"));
-exports.IDENTITY_FILE_PATH = path.join(util_1.P0_PATH, "identity.json");
-exports.IDENTITY_CACHE_PATH = path.join(path.dirname(exports.IDENTITY_FILE_PATH), "cache");
 const cached = (name, loader, options, hasExpired) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
+    const identityCachePath = (0, path_1.getIdentityCachePath)();
     // Following lines sanitize input
     // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
-    const loc = path.resolve(path.join(exports.IDENTITY_CACHE_PATH, `${name}.json`));
-    if (!loc.startsWith(exports.IDENTITY_CACHE_PATH)) {
+    const loc = path.resolve(path.join(identityCachePath, `${name}.json`));
+    if (!loc.startsWith(identityCachePath)) {
         throw new Error("Illegal path traversal");
     }
     const loadCache = () => __awaiter(void 0, void 0, void 0, function* () {
@@ -87,9 +86,31 @@ const cached = (name, loader, options, hasExpired) => __awaiter(void 0, void 0,
     }
 });
 exports.cached = cached;
+const clearIdentityFile = () => __awaiter(void 0, void 0, void 0, function* () {
+    try {
+        const identityFilePath = (0, path_1.getIdentityFilePath)();
+        // check to see if the file exists before trying to remove it
+        yield fs.access(identityFilePath);
+        yield fs.rm(identityFilePath);
+    }
+    catch (_b) {
+        return;
+    }
+});
+const clearIdentityCache = () => __awaiter(void 0, void 0, void 0, function* () {
+    try {
+        const identityCachePath = (0, path_1.getIdentityCachePath)();
+        // check to see if the directory exists before trying to remove it
+        yield fs.access(identityCachePath);
+        yield fs.rm(identityCachePath, { recursive: true });
+    }
+    catch (_c) {
+        return;
+    }
+});
 const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void 0, function* () {
     try {
-        const buffer = yield fs.readFile(exports.IDENTITY_FILE_PATH);
+        const buffer = yield fs.readFile((0, path_1.getIdentityFilePath)());
         const identity = JSON.parse(buffer.toString());
         if (!(options === null || options === void 0 ? void 0 : options.noRefresh) &&
             identity.credential.expires_at < Date.now() * 1e-3) {
@@ -106,10 +127,30 @@ const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void
         throw error;
     }
 });
+const writeIdentity = (org, credential) => __awaiter(void 0, void 0, void 0, function* () {
+    yield clearIdentityCache();
+    const identityFilePath = (0, path_1.getIdentityFilePath)();
+    const expires_at = Date.now() * 1e-3 + credential.expires_in - 1; // Add 1 second safety margin
+    (0, stdio_1.print2)(`Saving authorization to ${identityFilePath}.`);
+    const dir = path.dirname(identityFilePath);
+    yield fs.mkdir(dir, { recursive: true });
+    yield fs.writeFile(identityFilePath, JSON.stringify({
+        credential: Object.assign(Object.assign({}, credential), { expires_at }),
+        org,
+    }, null, 2), {
+        mode: "600",
+    });
+});
+exports.writeIdentity = writeIdentity;
+const deleteIdentity = () => __awaiter(void 0, void 0, void 0, function* () {
+    yield clearIdentityCache();
+    yield clearIdentityFile();
+});
+exports.deleteIdentity = deleteIdentity;
 const authenticate = (options) => __awaiter(void 0, void 0, void 0, function* () {
     const identity = yield loadCredentialsWithAutoLogin(options);
     const userCredential = yield (0, firestore_1.authenticateToFirebase)(identity);
     return { userCredential, identity };
 });
 exports.authenticate = authenticate;
-//# sourceMappingURL=auth.js.map
+//# sourceMappingURL=index.js.map

package/dist/drivers/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,gDAA6C;AAI7C,4CAAsD;AACtD,oCAAkC;AAClC,iCAAmE;AACnE,gDAAkC;AAClC,2CAA6B;AAEtB,MAAM,MAAM,GAAG,CACpB,IAAY,EACZ,MAAwB,EACxB,OAA6B,EAC7B,UAAiC,EACrB,EAAE;;IACd,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;IAEjD,iCAAiC;IACjC,mHAAmH;IACnH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;KAC3C;IAED,MAAM,SAAS,GAAG,GAAS,EAAE;QAC3B,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,MAAM,mCAAmC,IAAI,GAAG,CAAC;QAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;YACxD,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAM,CAAC;QACzE,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAG,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ;YAC1B,IAAA,cAAM,EACJ,+BAA+B,IAAI,iBAAiB,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,EAAE,CAC7E,CAAC;QACJ,OAAO,MAAM,SAAS,EAAE,CAAC;KAC1B;AACH,CAAC,CAAA,CAAC;AA3CW,QAAA,MAAM,UA2CjB;AAEF,MAAM,iBAAiB,GAAG,GAAS,EAAE;IACnC,IAAI;QACF,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;QAC/C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAClC,MAAM,EAAE,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC;KAC/B;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,GAAS,EAAE;IACpC,IAAI;QACF,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;QACjD,kEAAkE;QAClE,MAAM,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACnC,MAAM,EAAE,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KACrD;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,4BAA4B,GAAG,CAAO,OAE3C,EAAqB,EAAE;IACtB,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAA,0BAAmB,GAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAa,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,IACE,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;YACnB,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAClD;YACA,MAAM,IAAA,aAAK,EAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,IAAA,cAAM,EAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB;YACrC,OAAO,4BAA4B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;SAC1D;QACD,OAAO,QAAQ,CAAC;KACjB;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ,EAAE;YAC5B,MAAM,yDAAyD,CAAC;SACjE;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,aAAa,GAAG,CAC3B,GAAY,EACZ,UAAyB,EACzB,EAAE;IACF,MAAM,kBAAkB,EAAE,CAAC;IAE3B,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;IAE/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,6BAA6B;IAC/F,IAAA,cAAM,EAAC,2BAA2B,gBAAgB,GAAG,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAChB,gBAAgB,EAChB,IAAI,CAAC,SAAS,CACZ;QACE,UAAU,kCAAO,UAAU,KAAE,UAAU,GAAE;QACzC,GAAG;KACJ,EACD,IAAI,EACJ,CAAC,CACF,EACD;QACE,IAAI,EAAE,KAAK;KACZ,CACF,CAAC;AACJ,CAAC,CAAA,CAAC;AA1BW,QAAA,aAAa,iBA0BxB;AAEK,MAAM,cAAc,GAAG,GAAS,EAAE;IACvC,MAAM,kBAAkB,EAAE,CAAC;IAC3B,MAAM,iBAAiB,EAAE,CAAC;AAC5B,CAAC,CAAA,CAAC;AAHW,QAAA,cAAc,kBAGzB;AAEK,MAAM,YAAY,GAAG,CAAO,OAElC,EAAkB,EAAE;IACnB,MAAM,QAAQ,GAAG,MAAM,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,MAAM,IAAA,kCAAsB,EAAC,QAAQ,CAAC,CAAC;IAE9D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC;AACtC,CAAC,CAAA,CAAC;AAPW,QAAA,YAAY,gBAOvB"}

package/dist/drivers/auth/path.d.ts

@@ -0,0 +1,2 @@
+export declare const getIdentityFilePath: () => string;
+export declare const getIdentityCachePath: () => string;

package/dist/drivers/auth/path.js

@@ -0,0 +1,47 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getIdentityCachePath = exports.getIdentityFilePath = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const util_1 = require("../../util");
+const path = __importStar(require("path"));
+const getIdentityFilePath = () => process.env.P0_ORG
+    ? path.join(util_1.P0_PATH, `identity-${process.env.P0_ORG}.json`)
+    : path.join(util_1.P0_PATH, "identity.json");
+exports.getIdentityFilePath = getIdentityFilePath;
+const getIdentityCachePath = () => process.env.P0_ORG
+    ? path.join(util_1.P0_PATH, `cache-${process.env.P0_ORG}`)
+    : path.join(util_1.P0_PATH, "cache");
+exports.getIdentityCachePath = getIdentityCachePath;
+//# sourceMappingURL=path.js.map

package/dist/drivers/auth/path.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path.js","sourceRoot":"","sources":["../../../src/drivers/auth/path.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,qCAAqC;AACrC,2CAA6B;AAEtB,MAAM,mBAAmB,GAAG,GAAG,EAAE,CACtC,OAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,YAAY,OAAO,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC;IAC3D,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,eAAe,CAAC,CAAC;AAH7B,QAAA,mBAAmB,uBAGU;AAEnC,MAAM,oBAAoB,GAAG,GAAG,EAAE,CACvC,OAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,SAAS,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IACnD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,OAAO,CAAC,CAAC;AAHrB,QAAA,oBAAoB,wBAGC"}

package/dist/drivers/config.d.ts

@@ -9,7 +9,6 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 import { Config } from "../types/org";
-export declare const CONFIG_FILE_PATH: string;
 export declare const getTenantConfig: () => Config;
 /** Use only if the organization is configured with Google login to P0 */
 export declare const getGoogleTenantConfig: () => import("../types/org").GoogleApplicationConfig;

package/dist/drivers/config.js

@@ -12,7 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getTenantConfig = exports.CONFIG_FILE_PATH = void 0;
+exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getTenantConfig = void 0;
 const util_1 = require("../util");
 const env_1 = require("./env");
 const firestore_1 = require("./firestore");
@@ -20,7 +20,10 @@ const stdio_1 = require("./stdio");
 const firestore_2 = require("firebase/firestore");
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
-exports.CONFIG_FILE_PATH = path_1.default.join(util_1.P0_PATH, "config.json");
+const process_1 = __importDefault(require("process"));
+const getConfigFilePath = () => process_1.default.env.P0_ORG
+    ? path_1.default.join(util_1.P0_PATH, `config.json-${process_1.default.env.P0_ORG}`)
+    : path_1.default.join(util_1.P0_PATH, "config.json");
 let tenantConfig;
 const getTenantConfig = () => tenantConfig;
 exports.getTenantConfig = getTenantConfig;
@@ -39,15 +42,16 @@ const saveConfig = (orgId) => __awaiter(void 0, void 0, void 0, function* () {
     if (!orgData)
         throw "Could not find organization";
     const config = (_a = orgData.config) !== null && _a !== void 0 ? _a : env_1.bootstrapConfig;
-    (0, stdio_1.print2)(`Saving config to ${exports.CONFIG_FILE_PATH}.`);
-    const dir = path_1.default.dirname(exports.CONFIG_FILE_PATH);
+    const configFilePath = getConfigFilePath();
+    (0, stdio_1.print2)(`Saving config to ${configFilePath}.`);
+    const dir = path_1.default.dirname(configFilePath);
     yield promises_1.default.mkdir(dir, { recursive: true });
-    yield promises_1.default.writeFile(exports.CONFIG_FILE_PATH, JSON.stringify(config), { mode: "600" });
+    yield promises_1.default.writeFile(configFilePath, JSON.stringify(config), { mode: "600" });
     tenantConfig = config;
 });
 exports.saveConfig = saveConfig;
 const loadConfig = () => __awaiter(void 0, void 0, void 0, function* () {
-    const buffer = yield promises_1.default.readFile(exports.CONFIG_FILE_PATH);
+    const buffer = yield promises_1.default.readFile(getConfigFilePath());
     tenantConfig = JSON.parse(buffer.toString());
     return tenantConfig;
 });

package/dist/drivers/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AAEX,QAAA,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAElE,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAElD,yEAAyE;AAClE,MAAM,qBAAqB,GAAG,GAAG,EAAE;IACxC,IAAI,QAAQ,IAAI,YAAY,EAAE;QAC5B,OAAO,YAAY,CAAC;KACrB;IACD,MAAM,wMAAwM,CAAC;AACjN,CAAC,CAAC;AALW,QAAA,qBAAqB,yBAKhC;AAEK,MAAM,UAAU,GAAG,CAAO,KAAa,EAAE,EAAE;;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EACzB,IAAA,wBAAY,EAAC,QAAQ,KAAK,EAAE,CAAC,CAC9B,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,qBAAe,CAAC;IAEjD,IAAA,cAAM,EAAC,oBAAoB,wBAAgB,GAAG,CAAC,CAAC;IAEhD,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,wBAAgB,CAAC,CAAC;IAC3C,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,wBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE9E,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC,CAAA,CAAC;AAjBW,QAAA,UAAU,cAiBrB;AAEK,MAAM,UAAU,GAAG,GAAS,EAAE;IACnC,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,wBAAgB,CAAC,CAAC;IACnD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAJW,QAAA,UAAU,cAIrB"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AACxB,sDAA8B;AAE9B,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAC7B,iBAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,eAAe,iBAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IACzD,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAExC,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAElD,yEAAyE;AAClE,MAAM,qBAAqB,GAAG,GAAG,EAAE;IACxC,IAAI,QAAQ,IAAI,YAAY,EAAE;QAC5B,OAAO,YAAY,CAAC;KACrB;IACD,MAAM,wMAAwM,CAAC;AACjN,CAAC,CAAC;AALW,QAAA,qBAAqB,yBAKhC;AAEK,MAAM,UAAU,GAAG,CAAO,KAAa,EAAE,EAAE;;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EACzB,IAAA,wBAAY,EAAC,QAAQ,KAAK,EAAE,CAAC,CAC9B,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,qBAAe,CAAC;IAEjD,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAE3C,IAAA,cAAM,EAAC,oBAAoB,cAAc,GAAG,CAAC,CAAC;IAE9C,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5E,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC,CAAA,CAAC;AAnBW,QAAA,UAAU,cAmBrB;AAEK,MAAM,UAAU,GAAG,GAAS,EAAE;IACnC,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACtD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAJW,QAAA,UAAU,cAIrB"}

package/dist/drivers/env.d.ts

@@ -12,5 +12,6 @@ export declare const bootstrapConfig: {
         publicClientSecretForPkce: string;
     };
     appUrl: string;
+    appPath: string;
     environment: string;
 };

package/dist/drivers/env.js

@@ -2,7 +2,7 @@
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
-var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.bootstrapConfig = void 0;
 /** Copyright © 2024-present P0 Security
@@ -41,6 +41,7 @@ exports.bootstrapConfig = {
         publicClientSecretForPkce: (_h = env.P0_GOOGLE_OIDC_CLIENT_SECRET) !== null && _h !== void 0 ? _h : "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",
     },
     appUrl: (_j = env.P0_APP_URL) !== null && _j !== void 0 ? _j : "https://api.p0.app",
-    environment: (_k = env.P0_ENV) !== null && _k !== void 0 ? _k : "production",
+    appPath: (_k = env.P0_APP_PATH) !== null && _k !== void 0 ? _k : "p0",
+    environment: (_l = env.P0_ENV) !== null && _l !== void 0 ? _l : "production",
 };
 //# sourceMappingURL=env.js.map

package/dist/drivers/env.js.map

@@ -1 +1 @@
-{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,OAAO,EAAE,MAAA,GAAG,CAAC,WAAW,mCAAI,IAAI;IAChC,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}

package/dist/plugins/aws/ssh.d.ts

@@ -1,13 +1,3 @@
-/** Copyright © 2024-present P0 Security
-
-This file is part of @p0security/cli
-
-@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
-
-@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
-**/
 import { SshProvider } from "../../types/ssh";
 import { AwsCredentials, AwsSshPermissionSpec, AwsSshRequest } from "./types";
 export declare const awsSshProvider: SshProvider<AwsSshPermissionSpec, undefined, AwsSshRequest, AwsCredentials>;

package/dist/plugins/aws/ssh.js

@@ -10,6 +10,18 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.awsSshProvider = void 0;
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+const keys_1 = require("../../common/keys");
+const api_1 = require("../../drivers/api");
 const util_1 = require("../../util");
 const aws_1 = require("../okta/aws");
 const config_1 = require("./config");
@@ -55,7 +67,6 @@ exports.awsSshProvider = {
                 ? yield (0, aws_1.assumeRoleWithOktaSaml)(authn, request)
                 : (0, util_1.throwAssertNever)(config.login);
     }),
-    validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
     ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
         if (!(yield (0, install_1.ensureSsmInstall)())) {
             throw "Please try again after installing the required AWS utilities";
@@ -64,7 +75,19 @@ exports.awsSshProvider = {
     friendlyName: "AWS",
     propagationTimeoutMs: PROPAGATION_TIMEOUT_LIMIT_MS,
     preTestAccessPropagationArgs: () => undefined,
-    proxyCommand: (request) => {
+    submitPublicKey(authn, request, requestId, publicKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (request.generated.publicKey) {
+                if (request.generated.publicKey !== publicKey) {
+                    throw "Public key mismatch. Please revoke the request and try again.";
+                }
+            }
+            else {
+                yield (0, api_1.submitPublicKey)(authn, { publicKey, requestId });
+            }
+        });
+    },
+    proxyCommand: (request, port) => {
         return [
             "aws",
             "ssm",
@@ -72,11 +95,11 @@ exports.awsSshProvider = {
             "--region",
             request.region,
             "--target",
-            "%h",
+            request.id,
             "--document-name",
             START_SSH_SESSION_DOCUMENT_NAME,
             "--parameters",
-            '"portNumber=%p"',
+            port ? `portNumber=${port}` : "portNumber=%p",
         ];
     },
     reproCommands: (request) => {
@@ -88,6 +111,11 @@ exports.awsSshProvider = {
         }
         return undefined;
     },
+    generateKeys: (_) => __awaiter(void 0, void 0, void 0, function* () {
+        return {
+            privateKeyPath: keys_1.PRIVATE_KEY_PATH,
+        };
+    }),
     requestToSsh: (request) => {
         const { permission, generated } = request;
         const { resource, region } = permission;

package/dist/plugins/aws/ssh.js.map

@@ -1 +1 @@
-{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,cAAc,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CACrC,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,SAAS;IAE5C,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAE7C,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,IAAI;YACJ,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAAqD;AACrD,2CAAoD;AAEpD,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAEvC,eAAe,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;;YACxD,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;gBAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE;oBAC7C,MAAM,+DAA+D,CAAC;iBACvE;aACF;iBAAM;gBACL,MAAM,IAAA,qBAAe,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;aACxD;QACH,CAAC;KAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAO,CAAC,EAAE,EAAE;QACxB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}

package/dist/plugins/aws/types.d.ts

@@ -73,6 +73,7 @@ export type AwsSshGenerated = {
         name: string;
     };
     linuxUserName: string;
+    publicKey: string;
 };
 export type AwsSshPermissionSpec = PermissionSpec<"ssh", AwsSshPermission, AwsSshGenerated>;
 export type AwsSsh = CliPermissionSpec<AwsSshPermissionSpec, undefined>;

package/dist/plugins/azure/auth.d.ts

@@ -1,8 +1,14 @@
-export declare const azLoginCommand: () => {
+import { AzureSshRequest } from "./types";
+export declare const AUTHORIZATION_FAILED_PATTERN: RegExp;
+export declare const USER_NOT_IN_CACHE_PATTERN: RegExp;
+export declare const CONTACT_SUPPORT_MESSAGE = "If the issue persists, please contact support@p0.dev.";
+export declare const NASCENT_ACCESS_GRANT_MESSAGE = "If access was recently granted, please try again in a few minutes.";
+export declare const ABORT_AUTHORIZATION_FAILED_MESSAGE: string;
+export declare const azLoginCommand: (tenantId: string) => {
     command: string;
     args: string[];
 };
-export declare const azLogoutCommand: () => {
+export declare const azAccountClearCommand: () => {
     command: string;
     args: string[];
 };
@@ -14,6 +20,11 @@ export declare const azAccountShowUserPrincipalName: () => {
     command: string;
     args: string[];
 };
-export declare const azLogin: (subscriptionId: string, options?: {
+/**
+ * Attempts to set the Azure subscription for the current ssh session request. If
+ * the user is not logged in, this function will attempt to log in.
+ */
+export declare const azSetSubscription: (request: AzureSshRequest, options?: {
     debug?: boolean;
+    forceLogout?: boolean;
 }) => Promise<string>;