@p0security/cli 0.13.5 → 0.13.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/commands/__tests__/login.test.js +3 -1
- package/dist/commands/__tests__/login.test.js.map +1 -1
- package/dist/commands/__tests__/ssh.test.js.map +1 -1
- package/dist/commands/index.js +4 -0
- package/dist/commands/index.js.map +1 -1
- package/dist/commands/login.d.ts +5 -3
- package/dist/commands/login.js +32 -57
- package/dist/commands/login.js.map +1 -1
- package/dist/commands/shared/request.d.ts +1 -1
- package/dist/commands/shared/request.js +4 -4
- package/dist/commands/shared/request.js.map +1 -1
- package/dist/commands/shared/ssh.d.ts +15 -2
- package/dist/commands/shared/ssh.js +13 -12
- package/dist/commands/shared/ssh.js.map +1 -1
- package/dist/commands/ssh-proxy.d.ts +3 -0
- package/dist/commands/ssh-proxy.js +124 -0
- package/dist/commands/ssh-proxy.js.map +1 -0
- package/dist/commands/ssh-resolve.d.ts +3 -0
- package/dist/commands/ssh-resolve.js +118 -0
- package/dist/commands/ssh-resolve.js.map +1 -0
- package/dist/drivers/api.d.ts +4 -0
- package/dist/drivers/api.js +9 -1
- package/dist/drivers/api.js.map +1 -1
- package/dist/drivers/{__mocks__/auth.js → auth/__mocks__/index.js} +1 -1
- package/dist/drivers/auth/__mocks__/index.js.map +1 -0
- package/dist/drivers/auth/index.d.ts +11 -0
- package/dist/drivers/{auth.js → auth/index.js} +52 -11
- package/dist/drivers/auth/index.js.map +1 -0
- package/dist/drivers/auth/path.d.ts +2 -0
- package/dist/drivers/auth/path.js +47 -0
- package/dist/drivers/auth/path.js.map +1 -0
- package/dist/drivers/config.d.ts +0 -1
- package/dist/drivers/config.js +10 -6
- package/dist/drivers/config.js.map +1 -1
- package/dist/drivers/env.d.ts +1 -0
- package/dist/drivers/env.js +3 -2
- package/dist/drivers/env.js.map +1 -1
- package/dist/plugins/aws/ssh.d.ts +0 -10
- package/dist/plugins/aws/ssh.js +32 -4
- package/dist/plugins/aws/ssh.js.map +1 -1
- package/dist/plugins/aws/types.d.ts +1 -0
- package/dist/plugins/azure/auth.d.ts +14 -3
- package/dist/plugins/azure/auth.js +72 -46
- package/dist/plugins/azure/auth.js.map +1 -1
- package/dist/plugins/azure/ssh.js +28 -12
- package/dist/plugins/azure/ssh.js.map +1 -1
- package/dist/plugins/azure/tunnel.d.ts +3 -4
- package/dist/plugins/azure/tunnel.js +16 -5
- package/dist/plugins/azure/tunnel.js.map +1 -1
- package/dist/plugins/azure/types.d.ts +2 -4
- package/dist/plugins/google/ssh.js +9 -3
- package/dist/plugins/google/ssh.js.map +1 -1
- package/dist/plugins/okta/aws.js +1 -1
- package/dist/plugins/okta/aws.js.map +1 -1
- package/dist/plugins/ssh/index.d.ts +17 -1
- package/dist/plugins/ssh/index.js +58 -10
- package/dist/plugins/ssh/index.js.map +1 -1
- package/dist/public/p0.jpg +0 -0
- package/dist/types/ssh.d.ts +17 -4
- package/dist/util.d.ts +1 -0
- package/dist/util.js +10 -1
- package/dist/util.js.map +1 -1
- package/package.json +1 -1
- package/dist/drivers/__mocks__/auth.js.map +0 -1
- package/dist/drivers/auth.d.ts +0 -9
- package/dist/drivers/auth.js.map +0 -1
- /package/dist/drivers/{__mocks__/auth.d.ts → auth/__mocks__/index.d.ts} +0 -0
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.sshResolveCommand = void 0;
|
|
16
|
+
/** Copyright © 2024-present P0 Security
|
|
17
|
+
|
|
18
|
+
This file is part of @p0security/cli
|
|
19
|
+
|
|
20
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
21
|
+
|
|
22
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
23
|
+
|
|
24
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
|
+
**/
|
|
26
|
+
const keys_1 = require("../common/keys");
|
|
27
|
+
const auth_1 = require("../drivers/auth");
|
|
28
|
+
const env_1 = require("../drivers/env");
|
|
29
|
+
const firestore_1 = require("../drivers/firestore");
|
|
30
|
+
const stdio_1 = require("../drivers/stdio");
|
|
31
|
+
const ssh_1 = require("../plugins/ssh");
|
|
32
|
+
const util_1 = require("../util");
|
|
33
|
+
const ssh_2 = require("./shared/ssh");
|
|
34
|
+
const fs_1 = __importDefault(require("fs"));
|
|
35
|
+
const path_1 = __importDefault(require("path"));
|
|
36
|
+
const tmp_promise_1 = __importDefault(require("tmp-promise"));
|
|
37
|
+
const sshResolveCommand = (yargs) => yargs.command("ssh-resolve <destination>", "SSH into a virtual machine", (yargs) => yargs
|
|
38
|
+
.positional("destination", {
|
|
39
|
+
type: "string",
|
|
40
|
+
demandOption: true,
|
|
41
|
+
})
|
|
42
|
+
.option("parent", {
|
|
43
|
+
type: "string",
|
|
44
|
+
describe: "The containing parent resource which the instance belongs to (account, project, subscription, etc.)",
|
|
45
|
+
})
|
|
46
|
+
.option("provider", {
|
|
47
|
+
type: "string",
|
|
48
|
+
describe: "The cloud provider where the instance is hosted",
|
|
49
|
+
choices: ["aws", "azure", "gcloud"],
|
|
50
|
+
})
|
|
51
|
+
.option("debug", {
|
|
52
|
+
type: "boolean",
|
|
53
|
+
describe: "Print debug information.",
|
|
54
|
+
})
|
|
55
|
+
.option("quiet", {
|
|
56
|
+
alias: "q",
|
|
57
|
+
type: "boolean",
|
|
58
|
+
describe: "Suppress output",
|
|
59
|
+
}), (0, firestore_1.fsShutdownGuard)(sshResolveAction));
|
|
60
|
+
exports.sshResolveCommand = sshResolveCommand;
|
|
61
|
+
/** Determine if an SSH backend is accessible to the user and prepares local files for access
|
|
62
|
+
*
|
|
63
|
+
* Creates an access request with approvedOnly and creates any
|
|
64
|
+
* key or credential files necessary for the SSH connection.
|
|
65
|
+
* Finally writes any ssh settings to an ssh config for use by
|
|
66
|
+
* a parent ssh process
|
|
67
|
+
*
|
|
68
|
+
*/
|
|
69
|
+
const sshResolveAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
70
|
+
var _a, _b, _c;
|
|
71
|
+
const silentlyExit = (0, util_1.conditionalAbortBeforeThrow)((_a = args.quiet) !== null && _a !== void 0 ? _a : false);
|
|
72
|
+
const authn = yield (0, auth_1.authenticate)({ noRefresh: true }).catch(silentlyExit);
|
|
73
|
+
let destination = args.destination;
|
|
74
|
+
try {
|
|
75
|
+
destination = (0, ssh_1.verifyDestinationString)(args.destination);
|
|
76
|
+
}
|
|
77
|
+
catch (e) {
|
|
78
|
+
if (!args.quiet) {
|
|
79
|
+
throw e;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
const { request, provisionedRequest } = yield (0, ssh_2.prepareRequest)(authn, args, destination, true, args.quiet).catch(silentlyExit);
|
|
83
|
+
const sshProvider = ssh_2.SSH_PROVIDERS[provisionedRequest.permission.provider];
|
|
84
|
+
if (args.debug) {
|
|
85
|
+
(0, stdio_1.print2)("Generating Keys");
|
|
86
|
+
}
|
|
87
|
+
const keys = yield ((_b = sshProvider === null || sshProvider === void 0 ? void 0 : sshProvider.generateKeys) === null || _b === void 0 ? void 0 : _b.call(sshProvider, provisionedRequest.permission.resource, {
|
|
88
|
+
debug: args.debug,
|
|
89
|
+
}));
|
|
90
|
+
const tmpFile = tmp_promise_1.default.fileSync();
|
|
91
|
+
if (args.debug) {
|
|
92
|
+
(0, stdio_1.print2)("Writing request output to disk for use by ssh-proxy");
|
|
93
|
+
}
|
|
94
|
+
fs_1.default.writeFileSync(tmpFile.name, JSON.stringify(request, null, 2));
|
|
95
|
+
const identityFile = (_c = keys === null || keys === void 0 ? void 0 : keys.privateKeyPath) !== null && _c !== void 0 ? _c : keys_1.PRIVATE_KEY_PATH;
|
|
96
|
+
const certificateInfo = (keys === null || keys === void 0 ? void 0 : keys.certificatePath)
|
|
97
|
+
? `CertificateFile ${keys.certificatePath}`
|
|
98
|
+
: "";
|
|
99
|
+
const p0Executable = env_1.bootstrapConfig.appPath;
|
|
100
|
+
const data = `Host ${destination}
|
|
101
|
+
Hostname ${destination}
|
|
102
|
+
User ${request.linuxUserName}
|
|
103
|
+
IdentityFile ${identityFile}
|
|
104
|
+
${certificateInfo}
|
|
105
|
+
PasswordAuthentication no
|
|
106
|
+
ProxyCommand ${p0Executable} ssh-proxy %h --port %p --provider ${provisionedRequest.permission.provider} --identity-file ${identityFile} --request-json ${tmpFile.name} ${args.debug ? "--debug" : ""}`;
|
|
107
|
+
yield fs_1.default.promises.mkdir(path_1.default.join(util_1.P0_PATH, "ssh", "configs"), {
|
|
108
|
+
recursive: true,
|
|
109
|
+
});
|
|
110
|
+
const configLocation = path_1.default.join(util_1.P0_PATH, "ssh", "configs", `${destination}.config` // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
|
111
|
+
);
|
|
112
|
+
if (args.debug) {
|
|
113
|
+
(0, stdio_1.print2)("Writing ssh config file");
|
|
114
|
+
(0, stdio_1.print2)(data);
|
|
115
|
+
}
|
|
116
|
+
fs_1.default.writeFileSync(configLocation, data);
|
|
117
|
+
});
|
|
118
|
+
//# sourceMappingURL=ssh-resolve.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-resolve.js","sourceRoot":"","sources":["../../src/commands/ssh-resolve.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,yCAAkD;AAClD,0CAA+C;AAC/C,wCAAiD;AACjD,oDAAuD;AACvD,4CAA0C;AAC1C,wCAAyD;AACzD,kCAA+D;AAC/D,sCAIsB;AACtB,4CAAoB;AACpB,gDAAwB;AACxB,8DAA8B;AAGvB,MAAM,iBAAiB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACrD,KAAK,CAAC,OAAO,CACX,2BAA2B,EAC3B,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,KAAK,EAAE,GAAG;IACV,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,iBAAiB;CAC5B,CAAC,EAEN,IAAA,2BAAe,EAAC,gBAAgB,CAAC,CAClC,CAAC;AA/BS,QAAA,iBAAiB,qBA+B1B;AAEJ;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,IAAqD,EACrD,EAAE;;IACF,MAAM,YAAY,GAAG,IAAA,kCAA2B,EAAC,MAAA,IAAI,CAAC,KAAK,mCAAI,KAAK,CAAC,CAAC;IAEtE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE1E,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACnC,IAAI;QACF,WAAW,GAAG,IAAA,6BAAuB,EAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KACzD;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;YACf,MAAM,CAAC,CAAC;SACT;KACF;IAED,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,IAAA,oBAAc,EAC1D,KAAK,EACL,IAAI,EACJ,WAAW,EACX,IAAI,EACJ,IAAI,CAAC,KAAK,CACX,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAEtB,MAAM,WAAW,GAAG,mBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,iBAAiB,CAAC,CAAC;KAC3B;IACD,MAAM,IAAI,GAAG,MAAM,CAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,4DAC1C,kBAAkB,CAAC,UAAU,CAAC,QAAQ,EACtC;QACE,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CACF,CAAA,CAAC;IAEF,MAAM,OAAO,GAAG,qBAAG,CAAC,QAAQ,EAAE,CAAC;IAE/B,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,qDAAqD,CAAC,CAAC;KAC/D;IACD,YAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjE,MAAM,YAAY,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,cAAc,mCAAI,uBAAgB,CAAC;IAC9D,MAAM,eAAe,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe;QAC3C,CAAC,CAAC,mBAAmB,IAAI,CAAC,eAAe,EAAE;QAC3C,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,YAAY,GAAG,qBAAe,CAAC,OAAO,CAAC;IAE7C,MAAM,IAAI,GAAG,QAAQ,WAAW;aACrB,WAAW;SACf,OAAO,CAAC,aAAa;iBACb,YAAY;IACzB,eAAe;;iBAEF,YAAY,sCAAsC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,oBAAoB,YAAY,mBAAmB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IAExM,MAAM,YAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE;QAC5D,SAAS,EAAE,IAAI;KAChB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAC9B,cAAO,EACP,KAAK,EACL,SAAS,EACT,GAAG,WAAW,SAAS,CAAC,mHAAmH;KAC5I,CAAC;IAEF,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,IAAA,cAAM,EAAC,yBAAyB,CAAC,CAAC;QAClC,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;KACd;IACD,YAAE,CAAC,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAA,CAAC"}
|
package/dist/drivers/api.d.ts
CHANGED
|
@@ -11,4 +11,8 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
11
11
|
import { Authn } from "../types/identity";
|
|
12
12
|
import yargs from "yargs";
|
|
13
13
|
export declare const fetchCommand: <T>(authn: Authn, args: yargs.ArgumentsCamelCase, argv: string[]) => Promise<T>;
|
|
14
|
+
export declare const submitPublicKey: <T>(authn: Authn, args: {
|
|
15
|
+
publicKey: string;
|
|
16
|
+
requestId: string;
|
|
17
|
+
}) => Promise<T>;
|
|
14
18
|
export declare const baseFetch: <T>(authn: Authn, url: string, method: string, body: string) => Promise<T>;
|
package/dist/drivers/api.js
CHANGED
|
@@ -32,10 +32,11 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
32
32
|
});
|
|
33
33
|
};
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.baseFetch = exports.fetchCommand = void 0;
|
|
35
|
+
exports.baseFetch = exports.submitPublicKey = exports.fetchCommand = void 0;
|
|
36
36
|
const config_1 = require("./config");
|
|
37
37
|
const path = __importStar(require("node:path"));
|
|
38
38
|
const tenantUrl = (tenant) => `${(0, config_1.getTenantConfig)().appUrl}/o/${tenant}`;
|
|
39
|
+
const publicKeysUrl = (tenant) => `${tenantUrl(tenant)}/integrations/ssh/public-keys`;
|
|
39
40
|
const commandUrl = (tenant) => `${tenantUrl(tenant)}/command/`;
|
|
40
41
|
const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, function* () {
|
|
41
42
|
return (0, exports.baseFetch)(authn, commandUrl(authn.identity.org.slug), "POST", JSON.stringify({
|
|
@@ -44,6 +45,13 @@ const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, fu
|
|
|
44
45
|
}));
|
|
45
46
|
});
|
|
46
47
|
exports.fetchCommand = fetchCommand;
|
|
48
|
+
const submitPublicKey = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
49
|
+
return (0, exports.baseFetch)(authn, publicKeysUrl(authn.identity.org.slug), "POST", JSON.stringify({
|
|
50
|
+
requestId: args.requestId,
|
|
51
|
+
publicKey: args.publicKey,
|
|
52
|
+
}));
|
|
53
|
+
});
|
|
54
|
+
exports.submitPublicKey = submitPublicKey;
|
|
47
55
|
const baseFetch = (authn, url, method, body) => __awaiter(void 0, void 0, void 0, function* () {
|
|
48
56
|
const token = yield authn.userCredential.user.getIdToken();
|
|
49
57
|
try {
|
package/dist/drivers/api.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,qCAA2C;AAC3C,gDAAkC;AAGlC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,wBAAe,GAAE,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC;AAChF,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC;AAEhE,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,IAA8B,EAC9B,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACnC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,IAAI;QACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;KACnC,CAAC,CACH,CAAA;EAAA,CAAC;AAbS,QAAA,YAAY,gBAarB;AAEG,MAAM,SAAS,GAAG,CACvB,KAAY,EACZ,GAAW,EACX,MAAc,EACd,IAAY,EACZ,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;IAE3D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,IAAI,IAAI,EAAE;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,IAAS,CAAC;KAClB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,cAAc,EAAE;YAClE,MAAM,gDAAgD,GAAG,GAAG,CAAC;SAC9D;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA9BW,QAAA,SAAS,aA8BpB"}
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,qCAA2C;AAC3C,gDAAkC;AAGlC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,wBAAe,GAAE,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC;AAChF,MAAM,aAAa,GAAG,CAAC,MAAc,EAAE,EAAE,CACvC,GAAG,SAAS,CAAC,MAAM,CAAC,+BAA+B,CAAC;AACtD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC;AAEhE,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,IAA8B,EAC9B,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACnC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,IAAI;QACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;KACnC,CAAC,CACH,CAAA;EAAA,CAAC;AAbS,QAAA,YAAY,gBAarB;AAEG,MAAM,eAAe,GAAG,CAC7B,KAAY,EACZ,IAA8C,EAC9C,EAAE;IACF,OAAA,IAAA,iBAAS,EACP,KAAK,EACL,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EACtC,MAAM,EACN,IAAI,CAAC,SAAS,CAAC;QACb,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC,CACH,CAAA;EAAA,CAAC;AAZS,QAAA,eAAe,mBAYxB;AAEG,MAAM,SAAS,GAAG,CACvB,KAAY,EACZ,GAAW,EACX,MAAc,EACd,IAAY,EACZ,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;IAE3D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,OAAO,IAAI,IAAI,EAAE;YACnB,MAAM,IAAI,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,IAAS,CAAC;KAClB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,cAAc,EAAE;YAClE,MAAM,gDAAgD,GAAG,GAAG,CAAC;SAC9D;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA9BW,QAAA,SAAS,aA8BpB"}
|
|
@@ -44,4 +44,4 @@ const authenticate = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
44
44
|
exports.authenticate = authenticate;
|
|
45
45
|
const cached = (_label, callback) => __awaiter(void 0, void 0, void 0, function* () { return yield callback(); });
|
|
46
46
|
exports.cached = cached;
|
|
47
|
-
//# sourceMappingURL=
|
|
47
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/drivers/auth/__mocks__/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACI,MAAM,YAAY,GAAG,GAAS,EAAE;IAAC,OAAA,CAAC;QACvC,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,YAAY,EAAE,mBAAmB;aAClC;YACD,GAAG,EAAE;gBACH,WAAW,EAAE,WAAW;gBACxB,cAAc,EAAE,eAAe;gBAC/B,YAAY,EAAE,MAAM;gBACpB,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,aAAa;aACxB;SACF;QACD,cAAc,EAAE;YACd,IAAI,EAAE;gBACJ,QAAQ,EAAE,aAAa;aACxB;SACF;KACF,CAAC,CAAA;EAAA,CAAC;AAlBU,QAAA,YAAY,gBAkBtB;AAEI,MAAM,MAAM,GAAG,CAAO,MAAc,EAAE,QAA4B,EAAE,EAAE,kDAC3E,OAAA,MAAM,QAAQ,EAAE,CAAA,GAAA,CAAC;AADN,QAAA,MAAM,UACA"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { Authn } from "../../types/identity";
|
|
2
|
+
import { TokenResponse } from "../../types/oidc";
|
|
3
|
+
import { OrgData } from "../../types/org";
|
|
4
|
+
export declare const cached: <T>(name: string, loader: () => Promise<T>, options: {
|
|
5
|
+
duration: number;
|
|
6
|
+
}, hasExpired?: ((data: T) => boolean) | undefined) => Promise<T>;
|
|
7
|
+
export declare const writeIdentity: (org: OrgData, credential: TokenResponse) => Promise<void>;
|
|
8
|
+
export declare const deleteIdentity: () => Promise<void>;
|
|
9
|
+
export declare const authenticate: (options?: {
|
|
10
|
+
noRefresh?: boolean;
|
|
11
|
+
}) => Promise<Authn>;
|
|
@@ -32,7 +32,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
32
32
|
});
|
|
33
33
|
};
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.authenticate = exports.
|
|
35
|
+
exports.authenticate = exports.deleteIdentity = exports.writeIdentity = exports.cached = void 0;
|
|
36
36
|
/** Copyright © 2024-present P0 Security
|
|
37
37
|
|
|
38
38
|
This file is part of @p0security/cli
|
|
@@ -43,20 +43,19 @@ This file is part of @p0security/cli
|
|
|
43
43
|
|
|
44
44
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
45
45
|
**/
|
|
46
|
-
const login_1 = require("
|
|
47
|
-
const
|
|
48
|
-
const
|
|
49
|
-
const
|
|
46
|
+
const login_1 = require("../../commands/login");
|
|
47
|
+
const firestore_1 = require("../firestore");
|
|
48
|
+
const stdio_1 = require("../stdio");
|
|
49
|
+
const path_1 = require("./path");
|
|
50
50
|
const fs = __importStar(require("fs/promises"));
|
|
51
51
|
const path = __importStar(require("path"));
|
|
52
|
-
exports.IDENTITY_FILE_PATH = path.join(util_1.P0_PATH, "identity.json");
|
|
53
|
-
exports.IDENTITY_CACHE_PATH = path.join(path.dirname(exports.IDENTITY_FILE_PATH), "cache");
|
|
54
52
|
const cached = (name, loader, options, hasExpired) => __awaiter(void 0, void 0, void 0, function* () {
|
|
55
53
|
var _a;
|
|
54
|
+
const identityCachePath = (0, path_1.getIdentityCachePath)();
|
|
56
55
|
// Following lines sanitize input
|
|
57
56
|
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
|
58
|
-
const loc = path.resolve(path.join(
|
|
59
|
-
if (!loc.startsWith(
|
|
57
|
+
const loc = path.resolve(path.join(identityCachePath, `${name}.json`));
|
|
58
|
+
if (!loc.startsWith(identityCachePath)) {
|
|
60
59
|
throw new Error("Illegal path traversal");
|
|
61
60
|
}
|
|
62
61
|
const loadCache = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -87,9 +86,31 @@ const cached = (name, loader, options, hasExpired) => __awaiter(void 0, void 0,
|
|
|
87
86
|
}
|
|
88
87
|
});
|
|
89
88
|
exports.cached = cached;
|
|
89
|
+
const clearIdentityFile = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
90
|
+
try {
|
|
91
|
+
const identityFilePath = (0, path_1.getIdentityFilePath)();
|
|
92
|
+
// check to see if the file exists before trying to remove it
|
|
93
|
+
yield fs.access(identityFilePath);
|
|
94
|
+
yield fs.rm(identityFilePath);
|
|
95
|
+
}
|
|
96
|
+
catch (_b) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
});
|
|
100
|
+
const clearIdentityCache = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
101
|
+
try {
|
|
102
|
+
const identityCachePath = (0, path_1.getIdentityCachePath)();
|
|
103
|
+
// check to see if the directory exists before trying to remove it
|
|
104
|
+
yield fs.access(identityCachePath);
|
|
105
|
+
yield fs.rm(identityCachePath, { recursive: true });
|
|
106
|
+
}
|
|
107
|
+
catch (_c) {
|
|
108
|
+
return;
|
|
109
|
+
}
|
|
110
|
+
});
|
|
90
111
|
const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
91
112
|
try {
|
|
92
|
-
const buffer = yield fs.readFile(
|
|
113
|
+
const buffer = yield fs.readFile((0, path_1.getIdentityFilePath)());
|
|
93
114
|
const identity = JSON.parse(buffer.toString());
|
|
94
115
|
if (!(options === null || options === void 0 ? void 0 : options.noRefresh) &&
|
|
95
116
|
identity.credential.expires_at < Date.now() * 1e-3) {
|
|
@@ -106,10 +127,30 @@ const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void
|
|
|
106
127
|
throw error;
|
|
107
128
|
}
|
|
108
129
|
});
|
|
130
|
+
const writeIdentity = (org, credential) => __awaiter(void 0, void 0, void 0, function* () {
|
|
131
|
+
yield clearIdentityCache();
|
|
132
|
+
const identityFilePath = (0, path_1.getIdentityFilePath)();
|
|
133
|
+
const expires_at = Date.now() * 1e-3 + credential.expires_in - 1; // Add 1 second safety margin
|
|
134
|
+
(0, stdio_1.print2)(`Saving authorization to ${identityFilePath}.`);
|
|
135
|
+
const dir = path.dirname(identityFilePath);
|
|
136
|
+
yield fs.mkdir(dir, { recursive: true });
|
|
137
|
+
yield fs.writeFile(identityFilePath, JSON.stringify({
|
|
138
|
+
credential: Object.assign(Object.assign({}, credential), { expires_at }),
|
|
139
|
+
org,
|
|
140
|
+
}, null, 2), {
|
|
141
|
+
mode: "600",
|
|
142
|
+
});
|
|
143
|
+
});
|
|
144
|
+
exports.writeIdentity = writeIdentity;
|
|
145
|
+
const deleteIdentity = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
146
|
+
yield clearIdentityCache();
|
|
147
|
+
yield clearIdentityFile();
|
|
148
|
+
});
|
|
149
|
+
exports.deleteIdentity = deleteIdentity;
|
|
109
150
|
const authenticate = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
110
151
|
const identity = yield loadCredentialsWithAutoLogin(options);
|
|
111
152
|
const userCredential = yield (0, firestore_1.authenticateToFirebase)(identity);
|
|
112
153
|
return { userCredential, identity };
|
|
113
154
|
});
|
|
114
155
|
exports.authenticate = authenticate;
|
|
115
|
-
//# sourceMappingURL=
|
|
156
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/drivers/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,gDAA6C;AAI7C,4CAAsD;AACtD,oCAAkC;AAClC,iCAAmE;AACnE,gDAAkC;AAClC,2CAA6B;AAEtB,MAAM,MAAM,GAAG,CACpB,IAAY,EACZ,MAAwB,EACxB,OAA6B,EAC7B,UAAiC,EACrB,EAAE;;IACd,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;IAEjD,iCAAiC;IACjC,mHAAmH;IACnH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;KAC3C;IAED,MAAM,SAAS,GAAG,GAAS,EAAE;QAC3B,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,MAAM,mCAAmC,IAAI,GAAG,CAAC;QAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;YACxD,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAM,CAAC;QACzE,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAG,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ;YAC1B,IAAA,cAAM,EACJ,+BAA+B,IAAI,iBAAiB,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,EAAE,CAC7E,CAAC;QACJ,OAAO,MAAM,SAAS,EAAE,CAAC;KAC1B;AACH,CAAC,CAAA,CAAC;AA3CW,QAAA,MAAM,UA2CjB;AAEF,MAAM,iBAAiB,GAAG,GAAS,EAAE;IACnC,IAAI;QACF,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;QAC/C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAClC,MAAM,EAAE,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC;KAC/B;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,GAAS,EAAE;IACpC,IAAI;QACF,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;QACjD,kEAAkE;QAClE,MAAM,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACnC,MAAM,EAAE,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KACrD;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,4BAA4B,GAAG,CAAO,OAE3C,EAAqB,EAAE;IACtB,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAA,0BAAmB,GAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAa,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,IACE,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;YACnB,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAClD;YACA,MAAM,IAAA,aAAK,EAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,IAAA,cAAM,EAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB;YACrC,OAAO,4BAA4B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;SAC1D;QACD,OAAO,QAAQ,CAAC;KACjB;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ,EAAE;YAC5B,MAAM,yDAAyD,CAAC;SACjE;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,aAAa,GAAG,CAC3B,GAAY,EACZ,UAAyB,EACzB,EAAE;IACF,MAAM,kBAAkB,EAAE,CAAC;IAE3B,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;IAE/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,6BAA6B;IAC/F,IAAA,cAAM,EAAC,2BAA2B,gBAAgB,GAAG,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAChB,gBAAgB,EAChB,IAAI,CAAC,SAAS,CACZ;QACE,UAAU,kCAAO,UAAU,KAAE,UAAU,GAAE;QACzC,GAAG;KACJ,EACD,IAAI,EACJ,CAAC,CACF,EACD;QACE,IAAI,EAAE,KAAK;KACZ,CACF,CAAC;AACJ,CAAC,CAAA,CAAC;AA1BW,QAAA,aAAa,iBA0BxB;AAEK,MAAM,cAAc,GAAG,GAAS,EAAE;IACvC,MAAM,kBAAkB,EAAE,CAAC;IAC3B,MAAM,iBAAiB,EAAE,CAAC;AAC5B,CAAC,CAAA,CAAC;AAHW,QAAA,cAAc,kBAGzB;AAEK,MAAM,YAAY,GAAG,CAAO,OAElC,EAAkB,EAAE;IACnB,MAAM,QAAQ,GAAG,MAAM,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,MAAM,IAAA,kCAAsB,EAAC,QAAQ,CAAC,CAAC;IAE9D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC;AACtC,CAAC,CAAA,CAAC;AAPW,QAAA,YAAY,gBAOvB"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.getIdentityCachePath = exports.getIdentityFilePath = void 0;
|
|
27
|
+
/** Copyright © 2024-present P0 Security
|
|
28
|
+
|
|
29
|
+
This file is part of @p0security/cli
|
|
30
|
+
|
|
31
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
32
|
+
|
|
33
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
34
|
+
|
|
35
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
36
|
+
**/
|
|
37
|
+
const util_1 = require("../../util");
|
|
38
|
+
const path = __importStar(require("path"));
|
|
39
|
+
const getIdentityFilePath = () => process.env.P0_ORG
|
|
40
|
+
? path.join(util_1.P0_PATH, `identity-${process.env.P0_ORG}.json`)
|
|
41
|
+
: path.join(util_1.P0_PATH, "identity.json");
|
|
42
|
+
exports.getIdentityFilePath = getIdentityFilePath;
|
|
43
|
+
const getIdentityCachePath = () => process.env.P0_ORG
|
|
44
|
+
? path.join(util_1.P0_PATH, `cache-${process.env.P0_ORG}`)
|
|
45
|
+
: path.join(util_1.P0_PATH, "cache");
|
|
46
|
+
exports.getIdentityCachePath = getIdentityCachePath;
|
|
47
|
+
//# sourceMappingURL=path.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"path.js","sourceRoot":"","sources":["../../../src/drivers/auth/path.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,qCAAqC;AACrC,2CAA6B;AAEtB,MAAM,mBAAmB,GAAG,GAAG,EAAE,CACtC,OAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,YAAY,OAAO,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC;IAC3D,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,eAAe,CAAC,CAAC;AAH7B,QAAA,mBAAmB,uBAGU;AAEnC,MAAM,oBAAoB,GAAG,GAAG,EAAE,CACvC,OAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,SAAS,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IACnD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,cAAO,EAAE,OAAO,CAAC,CAAC;AAHrB,QAAA,oBAAoB,wBAGC"}
|
package/dist/drivers/config.d.ts
CHANGED
|
@@ -9,7 +9,6 @@ This file is part of @p0security/cli
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
11
|
import { Config } from "../types/org";
|
|
12
|
-
export declare const CONFIG_FILE_PATH: string;
|
|
13
12
|
export declare const getTenantConfig: () => Config;
|
|
14
13
|
/** Use only if the organization is configured with Google login to P0 */
|
|
15
14
|
export declare const getGoogleTenantConfig: () => import("../types/org").GoogleApplicationConfig;
|
package/dist/drivers/config.js
CHANGED
|
@@ -12,7 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
12
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getTenantConfig =
|
|
15
|
+
exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getTenantConfig = void 0;
|
|
16
16
|
const util_1 = require("../util");
|
|
17
17
|
const env_1 = require("./env");
|
|
18
18
|
const firestore_1 = require("./firestore");
|
|
@@ -20,7 +20,10 @@ const stdio_1 = require("./stdio");
|
|
|
20
20
|
const firestore_2 = require("firebase/firestore");
|
|
21
21
|
const promises_1 = __importDefault(require("fs/promises"));
|
|
22
22
|
const path_1 = __importDefault(require("path"));
|
|
23
|
-
|
|
23
|
+
const process_1 = __importDefault(require("process"));
|
|
24
|
+
const getConfigFilePath = () => process_1.default.env.P0_ORG
|
|
25
|
+
? path_1.default.join(util_1.P0_PATH, `config.json-${process_1.default.env.P0_ORG}`)
|
|
26
|
+
: path_1.default.join(util_1.P0_PATH, "config.json");
|
|
24
27
|
let tenantConfig;
|
|
25
28
|
const getTenantConfig = () => tenantConfig;
|
|
26
29
|
exports.getTenantConfig = getTenantConfig;
|
|
@@ -39,15 +42,16 @@ const saveConfig = (orgId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
39
42
|
if (!orgData)
|
|
40
43
|
throw "Could not find organization";
|
|
41
44
|
const config = (_a = orgData.config) !== null && _a !== void 0 ? _a : env_1.bootstrapConfig;
|
|
42
|
-
|
|
43
|
-
|
|
45
|
+
const configFilePath = getConfigFilePath();
|
|
46
|
+
(0, stdio_1.print2)(`Saving config to ${configFilePath}.`);
|
|
47
|
+
const dir = path_1.default.dirname(configFilePath);
|
|
44
48
|
yield promises_1.default.mkdir(dir, { recursive: true });
|
|
45
|
-
yield promises_1.default.writeFile(
|
|
49
|
+
yield promises_1.default.writeFile(configFilePath, JSON.stringify(config), { mode: "600" });
|
|
46
50
|
tenantConfig = config;
|
|
47
51
|
});
|
|
48
52
|
exports.saveConfig = saveConfig;
|
|
49
53
|
const loadConfig = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
50
|
-
const buffer = yield promises_1.default.readFile(
|
|
54
|
+
const buffer = yield promises_1.default.readFile(getConfigFilePath());
|
|
51
55
|
tenantConfig = JSON.parse(buffer.toString());
|
|
52
56
|
return tenantConfig;
|
|
53
57
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAkC;AAClC,+BAAwC;AACxC,2CAA2C;AAC3C,mCAAiC;AACjC,kDAA4C;AAC5C,2DAA6B;AAC7B,gDAAwB;AACxB,sDAA8B;AAE9B,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAC7B,iBAAO,CAAC,GAAG,CAAC,MAAM;IAChB,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,eAAe,iBAAO,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IACzD,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,cAAO,EAAE,aAAa,CAAC,CAAC;AAExC,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAElD,yEAAyE;AAClE,MAAM,qBAAqB,GAAG,GAAG,EAAE;IACxC,IAAI,QAAQ,IAAI,YAAY,EAAE;QAC5B,OAAO,YAAY,CAAC;KACrB;IACD,MAAM,wMAAwM,CAAC;AACjN,CAAC,CAAC;AALW,QAAA,qBAAqB,yBAKhC;AAEK,MAAM,UAAU,GAAG,CAAO,KAAa,EAAE,EAAE;;IAChD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAM,EACzB,IAAA,wBAAY,EAAC,QAAQ,KAAK,EAAE,CAAC,CAC9B,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAE9B,IAAI,CAAC,OAAO;QAAE,MAAM,6BAA6B,CAAC;IAElD,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,qBAAe,CAAC;IAEjD,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAE3C,IAAA,cAAM,EAAC,oBAAoB,cAAc,GAAG,CAAC,CAAC;IAE9C,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5E,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC,CAAA,CAAC;AAnBW,QAAA,UAAU,cAmBrB;AAEK,MAAM,UAAU,GAAG,GAAS,EAAE;IACnC,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACtD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAJW,QAAA,UAAU,cAIrB"}
|
package/dist/drivers/env.d.ts
CHANGED
package/dist/drivers/env.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
|
|
5
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.bootstrapConfig = void 0;
|
|
8
8
|
/** Copyright © 2024-present P0 Security
|
|
@@ -41,6 +41,7 @@ exports.bootstrapConfig = {
|
|
|
41
41
|
publicClientSecretForPkce: (_h = env.P0_GOOGLE_OIDC_CLIENT_SECRET) !== null && _h !== void 0 ? _h : "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",
|
|
42
42
|
},
|
|
43
43
|
appUrl: (_j = env.P0_APP_URL) !== null && _j !== void 0 ? _j : "https://api.p0.app",
|
|
44
|
-
|
|
44
|
+
appPath: (_k = env.P0_APP_PATH) !== null && _k !== void 0 ? _k : "p0",
|
|
45
|
+
environment: (_l = env.P0_ENV) !== null && _l !== void 0 ? _l : "production",
|
|
45
46
|
};
|
|
46
47
|
//# sourceMappingURL=env.js.map
|
package/dist/drivers/env.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
|
|
1
|
+
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAAA;;;;;;;;;GASG;AACH,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAEX,QAAA,eAAe,GAAG;IAC7B,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,OAAO,EAAE,MAAA,GAAG,CAAC,WAAW,mCAAI,IAAI;IAChC,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;CACxC,CAAC"}
|
|
@@ -1,13 +1,3 @@
|
|
|
1
|
-
/** Copyright © 2024-present P0 Security
|
|
2
|
-
|
|
3
|
-
This file is part of @p0security/cli
|
|
4
|
-
|
|
5
|
-
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
-
|
|
7
|
-
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
-
|
|
9
|
-
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
-
**/
|
|
11
1
|
import { SshProvider } from "../../types/ssh";
|
|
12
2
|
import { AwsCredentials, AwsSshPermissionSpec, AwsSshRequest } from "./types";
|
|
13
3
|
export declare const awsSshProvider: SshProvider<AwsSshPermissionSpec, undefined, AwsSshRequest, AwsCredentials>;
|
package/dist/plugins/aws/ssh.js
CHANGED
|
@@ -10,6 +10,18 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.awsSshProvider = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const keys_1 = require("../../common/keys");
|
|
24
|
+
const api_1 = require("../../drivers/api");
|
|
13
25
|
const util_1 = require("../../util");
|
|
14
26
|
const aws_1 = require("../okta/aws");
|
|
15
27
|
const config_1 = require("./config");
|
|
@@ -55,7 +67,6 @@ exports.awsSshProvider = {
|
|
|
55
67
|
? yield (0, aws_1.assumeRoleWithOktaSaml)(authn, request)
|
|
56
68
|
: (0, util_1.throwAssertNever)(config.login);
|
|
57
69
|
}),
|
|
58
|
-
validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
|
|
59
70
|
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
60
71
|
if (!(yield (0, install_1.ensureSsmInstall)())) {
|
|
61
72
|
throw "Please try again after installing the required AWS utilities";
|
|
@@ -64,7 +75,19 @@ exports.awsSshProvider = {
|
|
|
64
75
|
friendlyName: "AWS",
|
|
65
76
|
propagationTimeoutMs: PROPAGATION_TIMEOUT_LIMIT_MS,
|
|
66
77
|
preTestAccessPropagationArgs: () => undefined,
|
|
67
|
-
|
|
78
|
+
submitPublicKey(authn, request, requestId, publicKey) {
|
|
79
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
80
|
+
if (request.generated.publicKey) {
|
|
81
|
+
if (request.generated.publicKey !== publicKey) {
|
|
82
|
+
throw "Public key mismatch. Please revoke the request and try again.";
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
else {
|
|
86
|
+
yield (0, api_1.submitPublicKey)(authn, { publicKey, requestId });
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
},
|
|
90
|
+
proxyCommand: (request, port) => {
|
|
68
91
|
return [
|
|
69
92
|
"aws",
|
|
70
93
|
"ssm",
|
|
@@ -72,11 +95,11 @@ exports.awsSshProvider = {
|
|
|
72
95
|
"--region",
|
|
73
96
|
request.region,
|
|
74
97
|
"--target",
|
|
75
|
-
|
|
98
|
+
request.id,
|
|
76
99
|
"--document-name",
|
|
77
100
|
START_SSH_SESSION_DOCUMENT_NAME,
|
|
78
101
|
"--parameters",
|
|
79
|
-
|
|
102
|
+
port ? `portNumber=${port}` : "portNumber=%p",
|
|
80
103
|
];
|
|
81
104
|
},
|
|
82
105
|
reproCommands: (request) => {
|
|
@@ -88,6 +111,11 @@ exports.awsSshProvider = {
|
|
|
88
111
|
}
|
|
89
112
|
return undefined;
|
|
90
113
|
},
|
|
114
|
+
generateKeys: (_) => __awaiter(void 0, void 0, void 0, function* () {
|
|
115
|
+
return {
|
|
116
|
+
privateKeyPath: keys_1.PRIVATE_KEY_PATH,
|
|
117
|
+
};
|
|
118
|
+
}),
|
|
91
119
|
requestToSsh: (request) => {
|
|
92
120
|
const { permission, generated } = request;
|
|
93
121
|
const { resource, region } = permission;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAAqD;AACrD,2CAAoD;AAEpD,qCAA8C;AAC9C,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AASjD,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,0RAA0R;KAC7R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,EAAE;;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,8DAA8D,CAAC;SACtE;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE,OAA4B,CAAC;gBACnE,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;YAC/B,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAEvC,eAAe,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;;YACxD,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;gBAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,KAAK,SAAS,EAAE;oBAC7C,MAAM,+DAA+D,CAAC;iBACvE;aACF;iBAAM;gBACL,MAAM,IAAA,qBAAe,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;aACxD;QACH,CAAC;KAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,6BAA6B,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,GAAG;aAC5E,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAO,CAAC,EAAE,EAAE;QACxB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QAC1C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;QAC7D,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,SAAS,CAAC;QACjE,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;QACnC,MAAM,MAAM,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;QACpE,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -73,6 +73,7 @@ export type AwsSshGenerated = {
|
|
|
73
73
|
name: string;
|
|
74
74
|
};
|
|
75
75
|
linuxUserName: string;
|
|
76
|
+
publicKey: string;
|
|
76
77
|
};
|
|
77
78
|
export type AwsSshPermissionSpec = PermissionSpec<"ssh", AwsSshPermission, AwsSshGenerated>;
|
|
78
79
|
export type AwsSsh = CliPermissionSpec<AwsSshPermissionSpec, undefined>;
|
|
@@ -1,8 +1,14 @@
|
|
|
1
|
-
|
|
1
|
+
import { AzureSshRequest } from "./types";
|
|
2
|
+
export declare const AUTHORIZATION_FAILED_PATTERN: RegExp;
|
|
3
|
+
export declare const USER_NOT_IN_CACHE_PATTERN: RegExp;
|
|
4
|
+
export declare const CONTACT_SUPPORT_MESSAGE = "If the issue persists, please contact support@p0.dev.";
|
|
5
|
+
export declare const NASCENT_ACCESS_GRANT_MESSAGE = "If access was recently granted, please try again in a few minutes.";
|
|
6
|
+
export declare const ABORT_AUTHORIZATION_FAILED_MESSAGE: string;
|
|
7
|
+
export declare const azLoginCommand: (tenantId: string) => {
|
|
2
8
|
command: string;
|
|
3
9
|
args: string[];
|
|
4
10
|
};
|
|
5
|
-
export declare const
|
|
11
|
+
export declare const azAccountClearCommand: () => {
|
|
6
12
|
command: string;
|
|
7
13
|
args: string[];
|
|
8
14
|
};
|
|
@@ -14,6 +20,11 @@ export declare const azAccountShowUserPrincipalName: () => {
|
|
|
14
20
|
command: string;
|
|
15
21
|
args: string[];
|
|
16
22
|
};
|
|
17
|
-
|
|
23
|
+
/**
|
|
24
|
+
* Attempts to set the Azure subscription for the current ssh session request. If
|
|
25
|
+
* the user is not logged in, this function will attempt to log in.
|
|
26
|
+
*/
|
|
27
|
+
export declare const azSetSubscription: (request: AzureSshRequest, options?: {
|
|
18
28
|
debug?: boolean;
|
|
29
|
+
forceLogout?: boolean;
|
|
19
30
|
}) => Promise<string>;
|