@p0security/cli 0.13.5 → 0.13.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/commands/__tests__/login.test.js +3 -1
- package/dist/commands/__tests__/login.test.js.map +1 -1
- package/dist/commands/__tests__/ssh.test.js.map +1 -1
- package/dist/commands/index.js +4 -0
- package/dist/commands/index.js.map +1 -1
- package/dist/commands/login.d.ts +5 -3
- package/dist/commands/login.js +32 -57
- package/dist/commands/login.js.map +1 -1
- package/dist/commands/shared/request.d.ts +1 -1
- package/dist/commands/shared/request.js +4 -4
- package/dist/commands/shared/request.js.map +1 -1
- package/dist/commands/shared/ssh.d.ts +15 -2
- package/dist/commands/shared/ssh.js +13 -12
- package/dist/commands/shared/ssh.js.map +1 -1
- package/dist/commands/ssh-proxy.d.ts +3 -0
- package/dist/commands/ssh-proxy.js +124 -0
- package/dist/commands/ssh-proxy.js.map +1 -0
- package/dist/commands/ssh-resolve.d.ts +3 -0
- package/dist/commands/ssh-resolve.js +118 -0
- package/dist/commands/ssh-resolve.js.map +1 -0
- package/dist/drivers/api.d.ts +4 -0
- package/dist/drivers/api.js +9 -1
- package/dist/drivers/api.js.map +1 -1
- package/dist/drivers/{__mocks__/auth.js → auth/__mocks__/index.js} +1 -1
- package/dist/drivers/auth/__mocks__/index.js.map +1 -0
- package/dist/drivers/auth/index.d.ts +11 -0
- package/dist/drivers/{auth.js → auth/index.js} +52 -11
- package/dist/drivers/auth/index.js.map +1 -0
- package/dist/drivers/auth/path.d.ts +2 -0
- package/dist/drivers/auth/path.js +47 -0
- package/dist/drivers/auth/path.js.map +1 -0
- package/dist/drivers/config.d.ts +0 -1
- package/dist/drivers/config.js +10 -6
- package/dist/drivers/config.js.map +1 -1
- package/dist/drivers/env.d.ts +1 -0
- package/dist/drivers/env.js +3 -2
- package/dist/drivers/env.js.map +1 -1
- package/dist/plugins/aws/ssh.d.ts +0 -10
- package/dist/plugins/aws/ssh.js +32 -4
- package/dist/plugins/aws/ssh.js.map +1 -1
- package/dist/plugins/aws/types.d.ts +1 -0
- package/dist/plugins/azure/auth.d.ts +14 -3
- package/dist/plugins/azure/auth.js +72 -46
- package/dist/plugins/azure/auth.js.map +1 -1
- package/dist/plugins/azure/ssh.js +28 -12
- package/dist/plugins/azure/ssh.js.map +1 -1
- package/dist/plugins/azure/tunnel.d.ts +3 -4
- package/dist/plugins/azure/tunnel.js +16 -5
- package/dist/plugins/azure/tunnel.js.map +1 -1
- package/dist/plugins/azure/types.d.ts +2 -4
- package/dist/plugins/google/ssh.js +9 -3
- package/dist/plugins/google/ssh.js.map +1 -1
- package/dist/plugins/okta/aws.js +1 -1
- package/dist/plugins/okta/aws.js.map +1 -1
- package/dist/plugins/ssh/index.d.ts +17 -1
- package/dist/plugins/ssh/index.js +58 -10
- package/dist/plugins/ssh/index.js.map +1 -1
- package/dist/public/p0.jpg +0 -0
- package/dist/types/ssh.d.ts +17 -4
- package/dist/util.d.ts +1 -0
- package/dist/util.js +10 -1
- package/dist/util.js.map +1 -1
- package/package.json +1 -1
- package/dist/drivers/__mocks__/auth.js.map +0 -1
- package/dist/drivers/auth.d.ts +0 -9
- package/dist/drivers/auth.js.map +0 -1
- /package/dist/drivers/{__mocks__/auth.d.ts → auth/__mocks__/index.d.ts} +0 -0
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
12
|
+
exports.azSetSubscription = exports.azAccountShowUserPrincipalName = exports.azAccountSetCommand = exports.azAccountClearCommand = exports.azLoginCommand = exports.ABORT_AUTHORIZATION_FAILED_MESSAGE = exports.NASCENT_ACCESS_GRANT_MESSAGE = exports.CONTACT_SUPPORT_MESSAGE = exports.USER_NOT_IN_CACHE_PATTERN = exports.AUTHORIZATION_FAILED_PATTERN = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -22,39 +22,30 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
22
22
|
**/
|
|
23
23
|
const stdio_1 = require("../../drivers/stdio");
|
|
24
24
|
const util_1 = require("../../util");
|
|
25
|
-
const
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
message: "Failed to set the active Azure subscription. Please try again.",
|
|
35
|
-
},
|
|
36
|
-
];
|
|
37
|
-
const normalizeAzureCliError = (error, normalizedErrors, options) => {
|
|
38
|
-
if (options.debug) {
|
|
39
|
-
(0, stdio_1.print2)(error);
|
|
40
|
-
}
|
|
41
|
-
for (const { pattern, message } of normalizedErrors) {
|
|
42
|
-
if (pattern.test(error.stderr)) {
|
|
43
|
-
throw message;
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
throw error;
|
|
47
|
-
};
|
|
48
|
-
const azLoginCommand = () => ({
|
|
25
|
+
const SUBSCRIPTION_NOT_FOUND_PATTERN = /ERROR: The subscription of '.+' doesn't exist in cloud '.+'.+/;
|
|
26
|
+
const FAILED_TO_RESOLVE_TENANT_PATTERN = /Failed to resolve tenant '.+'/;
|
|
27
|
+
const LOGIN_ATTEMPT_CANCELLED_PATTERN = /WARNING: A web browser has been opened at .+ Please continue the login in the web browser.+/;
|
|
28
|
+
exports.AUTHORIZATION_FAILED_PATTERN = /The client '.+' with object id '.+' does not have authorization to perform action '.+' over scope '.+' or the scope is invalid. If access was recently granted, please refresh your credentials/;
|
|
29
|
+
exports.USER_NOT_IN_CACHE_PATTERN = /Exception in handling client: User '.+' does not exist in MSAL token cache./;
|
|
30
|
+
exports.CONTACT_SUPPORT_MESSAGE = "If the issue persists, please contact support@p0.dev.";
|
|
31
|
+
exports.NASCENT_ACCESS_GRANT_MESSAGE = "If access was recently granted, please try again in a few minutes.";
|
|
32
|
+
exports.ABORT_AUTHORIZATION_FAILED_MESSAGE = `Your Microsoft Token Cache is out of date. Run 'az account clear' and 'az login' to refresh your credentials. ${exports.CONTACT_SUPPORT_MESSAGE}`;
|
|
33
|
+
const azLoginCommand = (tenantId) => ({
|
|
49
34
|
command: "az",
|
|
50
|
-
args: [
|
|
35
|
+
args: [
|
|
36
|
+
"login",
|
|
37
|
+
"--scope",
|
|
38
|
+
"https://management.core.windows.net//.default",
|
|
39
|
+
"--tenant",
|
|
40
|
+
tenantId,
|
|
41
|
+
],
|
|
51
42
|
});
|
|
52
43
|
exports.azLoginCommand = azLoginCommand;
|
|
53
|
-
const
|
|
44
|
+
const azAccountClearCommand = () => ({
|
|
54
45
|
command: "az",
|
|
55
|
-
args: ["
|
|
46
|
+
args: ["account", "clear"],
|
|
56
47
|
});
|
|
57
|
-
exports.
|
|
48
|
+
exports.azAccountClearCommand = azAccountClearCommand;
|
|
58
49
|
const azAccountSetCommand = (subscriptionId) => ({
|
|
59
50
|
command: "az",
|
|
60
51
|
args: ["account", "set", "--subscription", subscriptionId],
|
|
@@ -65,9 +56,9 @@ const azAccountShowUserPrincipalName = () => ({
|
|
|
65
56
|
args: ["account", "show", "--query", "user.name", "-o", "tsv"],
|
|
66
57
|
});
|
|
67
58
|
exports.azAccountShowUserPrincipalName = azAccountShowUserPrincipalName;
|
|
68
|
-
const
|
|
59
|
+
const performAccountClear = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
69
60
|
try {
|
|
70
|
-
const { command: azLogoutExe, args: azLogoutArgs } = (0, exports.
|
|
61
|
+
const { command: azLogoutExe, args: azLogoutArgs } = (0, exports.azAccountClearCommand)();
|
|
71
62
|
const logoutResult = yield (0, util_1.exec)(azLogoutExe, azLogoutArgs, { check: true });
|
|
72
63
|
if (debug) {
|
|
73
64
|
(0, stdio_1.print2)(logoutResult.stdout);
|
|
@@ -77,37 +68,68 @@ const performLogout = ({ debug }) => __awaiter(void 0, void 0, void 0, function*
|
|
|
77
68
|
catch (error) {
|
|
78
69
|
if (debug) {
|
|
79
70
|
// ignore the error if the user is not logged in.
|
|
80
|
-
(0, stdio_1.print2)(`Skipping
|
|
71
|
+
(0, stdio_1.print2)(`Skipping account clear: ${error.stderr}`);
|
|
81
72
|
}
|
|
82
73
|
}
|
|
83
74
|
});
|
|
84
|
-
const performLogin = (
|
|
75
|
+
const performLogin = (directoryId, { debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
85
76
|
try {
|
|
86
|
-
const { command: azLoginExe, args: azLoginArgs } = (0, exports.azLoginCommand)();
|
|
77
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, exports.azLoginCommand)(directoryId);
|
|
87
78
|
const loginResult = yield (0, util_1.exec)(azLoginExe, azLoginArgs, { check: true });
|
|
88
79
|
if (debug) {
|
|
80
|
+
(0, stdio_1.print2)("Logging in to Azure...");
|
|
89
81
|
(0, stdio_1.print2)(loginResult.stdout);
|
|
90
82
|
(0, stdio_1.print2)(loginResult.stderr);
|
|
91
|
-
(0, stdio_1.print2)(`Setting active Azure subscription to ${subscriptionId}...`);
|
|
92
83
|
}
|
|
84
|
+
return loginResult.stdout;
|
|
93
85
|
}
|
|
94
86
|
catch (error) {
|
|
95
|
-
|
|
87
|
+
if (debug) {
|
|
88
|
+
(0, stdio_1.print2)("Failed to log in to Azure...");
|
|
89
|
+
(0, stdio_1.print2)(error.stderr);
|
|
90
|
+
}
|
|
91
|
+
if (FAILED_TO_RESOLVE_TENANT_PATTERN.test(error.stderr)) {
|
|
92
|
+
throw `Failed to resolve tenant "${directoryId}". ${exports.NASCENT_ACCESS_GRANT_MESSAGE} ${exports.CONTACT_SUPPORT_MESSAGE}`;
|
|
93
|
+
}
|
|
94
|
+
if (LOGIN_ATTEMPT_CANCELLED_PATTERN.test(error.stderr)) {
|
|
95
|
+
throw "Login attempt cancelled. Please try again.";
|
|
96
|
+
}
|
|
97
|
+
throw error;
|
|
96
98
|
}
|
|
97
99
|
});
|
|
98
|
-
const performSetAccount = (
|
|
100
|
+
const performSetAccount = (request, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
101
|
+
var _a;
|
|
102
|
+
const debug = options.debug;
|
|
103
|
+
const attempts = (_a = options.attempts) !== null && _a !== void 0 ? _a : 1;
|
|
99
104
|
try {
|
|
100
|
-
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, exports.azAccountSetCommand)(subscriptionId);
|
|
105
|
+
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, exports.azAccountSetCommand)(request.subscriptionId);
|
|
101
106
|
const accountSetResult = yield (0, util_1.exec)(azAccountSetExe, azAccountSetArgs, {
|
|
102
107
|
check: true,
|
|
103
108
|
});
|
|
104
109
|
if (debug) {
|
|
110
|
+
(0, stdio_1.print2)("Setting active Azure subscription...");
|
|
105
111
|
(0, stdio_1.print2)(accountSetResult.stdout);
|
|
106
112
|
(0, stdio_1.print2)(accountSetResult.stderr);
|
|
107
113
|
}
|
|
108
114
|
}
|
|
109
115
|
catch (error) {
|
|
110
|
-
|
|
116
|
+
if (debug) {
|
|
117
|
+
(0, stdio_1.print2)("Failed to set active Azure subscription...");
|
|
118
|
+
(0, stdio_1.print2)(error.stderr);
|
|
119
|
+
}
|
|
120
|
+
if (attempts <= 0) {
|
|
121
|
+
(0, stdio_1.print2)(`Failed to set active Azure subscription after ${options.attempts} attempts.`);
|
|
122
|
+
throw error;
|
|
123
|
+
}
|
|
124
|
+
if (SUBSCRIPTION_NOT_FOUND_PATTERN.test(error.stderr)) {
|
|
125
|
+
yield performAccountClear({ debug });
|
|
126
|
+
const output = yield performLogin(request.directoryId, { debug });
|
|
127
|
+
if (!output.includes(request.subscriptionId))
|
|
128
|
+
throw `Subscription ${request.subscriptionId} not found. ${exports.NASCENT_ACCESS_GRANT_MESSAGE}`;
|
|
129
|
+
yield performSetAccount(request, { debug, attempts: attempts - 1 });
|
|
130
|
+
return;
|
|
131
|
+
}
|
|
132
|
+
throw error;
|
|
111
133
|
}
|
|
112
134
|
});
|
|
113
135
|
const getUserPrincipalName = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -125,16 +147,20 @@ const getUserPrincipalName = ({ debug }) => __awaiter(void 0, void 0, void 0, fu
|
|
|
125
147
|
throw `Failed to get the current user name: ${error}.`;
|
|
126
148
|
}
|
|
127
149
|
});
|
|
128
|
-
|
|
129
|
-
|
|
150
|
+
/**
|
|
151
|
+
* Attempts to set the Azure subscription for the current ssh session request. If
|
|
152
|
+
* the user is not logged in, this function will attempt to log in.
|
|
153
|
+
*/
|
|
154
|
+
const azSetSubscription = (request, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
155
|
+
const { debug, forceLogout } = options;
|
|
130
156
|
if (debug)
|
|
131
|
-
(0, stdio_1.print2)("
|
|
157
|
+
(0, stdio_1.print2)("Forming Azure connection...");
|
|
132
158
|
// Logging out first ensures that any cached credentials are cleared.
|
|
133
159
|
// https://github.com/Azure/azure-cli/issues/29161
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
yield performSetAccount(
|
|
160
|
+
if (forceLogout)
|
|
161
|
+
yield performAccountClear({ debug });
|
|
162
|
+
yield performSetAccount(request, Object.assign(Object.assign({}, options), { attempts: 2 }));
|
|
137
163
|
return yield getUserPrincipalName(options);
|
|
138
164
|
});
|
|
139
|
-
exports.
|
|
165
|
+
exports.azSetSubscription = azSetSubscription;
|
|
140
166
|
//# sourceMappingURL=auth.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAGlC,MAAM,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/plugins/azure/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAA6C;AAC7C,qCAAkC;AAGlC,MAAM,8BAA8B,GAClC,+DAA+D,CAAC;AAClE,MAAM,gCAAgC,GAAG,+BAA+B,CAAC;AACzE,MAAM,+BAA+B,GACnC,6FAA6F,CAAC;AACnF,QAAA,4BAA4B,GACvC,iMAAiM,CAAC;AACvL,QAAA,yBAAyB,GACpC,6EAA6E,CAAC;AACnE,QAAA,uBAAuB,GAClC,uDAAuD,CAAC;AAC7C,QAAA,4BAA4B,GACvC,oEAAoE,CAAC;AAC1D,QAAA,kCAAkC,GAAG,iHAAiH,+BAAuB,EAAE,CAAC;AAEtL,MAAM,cAAc,GAAG,CAAC,QAAgB,EAAE,EAAE,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE;QACJ,OAAO;QACP,SAAS;QACT,+CAA+C;QAC/C,UAAU;QACV,QAAQ;KACT;CACF,CAAC,CAAC;AATU,QAAA,cAAc,kBASxB;AAEI,MAAM,qBAAqB,GAAG,GAAG,EAAE,CAAC,CAAC;IAC1C,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;CAC3B,CAAC,CAAC;AAHU,QAAA,qBAAqB,yBAG/B;AAEI,MAAM,mBAAmB,GAAG,CAAC,cAAsB,EAAE,EAAE,CAAC,CAAC;IAC9D,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,cAAc,CAAC;CAC3D,CAAC,CAAC;AAHU,QAAA,mBAAmB,uBAG7B;AAEI,MAAM,8BAA8B,GAAG,GAAG,EAAE,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC;CAC/D,CAAC,CAAC;AAHU,QAAA,8BAA8B,kCAGxC;AAEH,MAAM,mBAAmB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACnE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAChD,IAAA,6BAAqB,GAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5E,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC5B,IAAA,cAAM,EAAC,YAAY,CAAC,MAAM,CAAC,CAAC;SAC7B;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,iDAAiD;YACjD,IAAA,cAAM,EAAC,2BAA2B,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;SACnD;KACF;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,YAAY,GAAG,CACnB,WAAmB,EACnB,EAAE,KAAK,EAAuB,EAC9B,EAAE;IACF,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAC9C,IAAA,sBAAc,EAAC,WAAW,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAA,WAAI,EAAC,UAAU,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC3B,IAAA,cAAM,EAAC,WAAW,CAAC,MAAM,CAAC,CAAC;SAC5B;QAED,OAAO,WAAW,CAAC,MAAM,CAAC;KAC3B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACvD,MAAM,6BAA6B,WAAW,MAAM,oCAA4B,IAAI,+BAAuB,EAAE,CAAC;SAC/G;QAED,IAAI,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACtD,MAAM,4CAA4C,CAAC;SACpD;QAED,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,OAAwD,EACxD,OAA8C,EAC9C,EAAE;;IACF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAA,OAAO,CAAC,QAAQ,mCAAI,CAAC,CAAC;IACvC,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,2BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAG,MAAM,IAAA,WAAI,EAAC,eAAe,EAAE,gBAAgB,EAAE;YACrE,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;YAC/C,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,IAAA,cAAM,EAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;SACjC;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,4CAA4C,CAAC,CAAC;YACrD,IAAA,cAAM,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACtB;QAED,IAAI,QAAQ,IAAI,CAAC,EAAE;YACjB,IAAA,cAAM,EACJ,iDAAiD,OAAO,CAAC,QAAQ,YAAY,CAC9E,CAAC;YACF,MAAM,KAAK,CAAC;SACb;QAED,IAAI,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;YACrD,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;gBAC1C,MAAM,gBAAgB,OAAO,CAAC,cAAc,eAAe,oCAA4B,EAAE,CAAC;YAC5F,MAAM,iBAAiB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,GAAG,CAAC,EAAE,CAAC,CAAC;YACpE,OAAO;SACR;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IACpE,IAAI;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,sCAA8B,GAAE,CAAC;QAC3D,MAAM,iBAAiB,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,8BAA8B,CAAC,CAAC;YACvC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjC,IAAA,cAAM,EAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;SAClC;QACD,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;KACxC;IAAC,OAAO,KAAU,EAAE;QACnB,MAAM,wCAAwC,KAAK,GAAG,CAAC;KACxD;AACH,CAAC,CAAA,CAAC;AAEF;;;GAGG;AACI,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACxB,UAAsD,EAAE,EACxD,EAAE;IACF,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACvC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,6BAA6B,CAAC,CAAC;IAEjD,qEAAqE;IACrE,kDAAkD;IAClD,IAAI,WAAW;QAAE,MAAM,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,MAAM,iBAAiB,CAAC,OAAO,kCAAO,OAAO,KAAE,QAAQ,EAAE,CAAC,IAAG,CAAC;IAE9D,OAAO,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC,CAAA,CAAC;AAdW,QAAA,iBAAiB,qBAc5B"}
|
|
@@ -71,12 +71,11 @@ exports.azureSshProvider = {
|
|
|
71
71
|
}
|
|
72
72
|
return undefined;
|
|
73
73
|
},
|
|
74
|
-
|
|
75
|
-
proxyCommand: () => [],
|
|
74
|
+
proxyCommand: (_, port) => ["nc", "localhost", port !== null && port !== void 0 ? port : "22"],
|
|
76
75
|
reproCommands: (request, additionalData) => {
|
|
77
76
|
var _a;
|
|
78
|
-
const { command:
|
|
79
|
-
const { command: azLoginExe, args: azLoginArgs } = (0, auth_1.azLoginCommand)();
|
|
77
|
+
const { command: azAccountClearExe, args: azAccountClearArgs } = (0, auth_1.azAccountClearCommand)();
|
|
78
|
+
const { command: azLoginExe, args: azLoginArgs } = (0, auth_1.azLoginCommand)(request.directoryId);
|
|
80
79
|
const { command: azAccountSetExe, args: azAccountSetArgs } = (0, auth_1.azAccountSetCommand)(request.subscriptionId);
|
|
81
80
|
const getKeyPath = () => {
|
|
82
81
|
// Use the same key path as the one generated in setup() so it matches the ssh command that is generated
|
|
@@ -95,10 +94,9 @@ exports.azureSshProvider = {
|
|
|
95
94
|
const { command: azCertGenExe, args: azCertGenArgs } = (0, keygen_1.azSshCertCommand)(keyPath);
|
|
96
95
|
// If additionalData is undefined (which, again, should be never), use the default port for Azure Network Bastion
|
|
97
96
|
// tunnels instead of generating a random one
|
|
98
|
-
const { command: azTunnelExe, args: azTunnelArgs } = (0, tunnel_1.azBastionTunnelCommand)(request, (_a = additionalData === null || additionalData === void 0 ? void 0 : additionalData.port) !== null && _a !== void 0 ? _a : "50022"
|
|
99
|
-
);
|
|
97
|
+
const { command: azTunnelExe, args: azTunnelArgs } = (0, tunnel_1.azBastionTunnelCommand)(request, (_a = additionalData === null || additionalData === void 0 ? void 0 : additionalData.port) !== null && _a !== void 0 ? _a : "50022");
|
|
100
98
|
return [
|
|
101
|
-
`${
|
|
99
|
+
`${azAccountClearExe} ${azAccountClearArgs.join(" ")}`,
|
|
102
100
|
`${azLoginExe} ${azLoginArgs.join(" ")}`,
|
|
103
101
|
`${azAccountSetExe} ${azAccountSetArgs.join(" ")}`,
|
|
104
102
|
`mkdir ${keyPath}`,
|
|
@@ -106,20 +104,38 @@ exports.azureSshProvider = {
|
|
|
106
104
|
`${azTunnelExe} ${azTunnelArgs.join(" ")}`,
|
|
107
105
|
];
|
|
108
106
|
},
|
|
109
|
-
|
|
107
|
+
generateKeys: (request, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
110
108
|
const { debug } = options;
|
|
109
|
+
const { path: keyPath } = yield (0, keygen_1.createTempDirectoryForKeys)();
|
|
110
|
+
yield (0, auth_1.azSetSubscription)(request, options);
|
|
111
|
+
yield (0, keygen_1.generateSshKeyAndAzureAdCert)(keyPath, { debug });
|
|
112
|
+
const sshPrivateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_SSH_KEY_PRIVATE);
|
|
113
|
+
const sshCertificateKeyPath = node_path_1.default.join(keyPath, keygen_1.AD_CERT_FILENAME);
|
|
114
|
+
return {
|
|
115
|
+
privateKeyPath: sshPrivateKeyPath,
|
|
116
|
+
certificatePath: sshCertificateKeyPath,
|
|
117
|
+
};
|
|
118
|
+
}),
|
|
119
|
+
setupProxy: (request, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
120
|
+
const { killTunnel, tunnelLocalPort } = yield (0, tunnel_1.trySpawnBastionTunnel)(request, options);
|
|
121
|
+
return {
|
|
122
|
+
teardown: killTunnel,
|
|
123
|
+
port: tunnelLocalPort,
|
|
124
|
+
};
|
|
125
|
+
}),
|
|
126
|
+
setup: (request, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
111
127
|
// The subscription ID here is used to ensure that the user is logged in to the correct tenant/directory.
|
|
112
128
|
// As long as a subscription ID in the correct tenant is provided, this will work; it need not be the same
|
|
113
129
|
// subscription as which contains the Bastion host or the target VM.
|
|
114
|
-
const linuxUserName = yield (0, auth_1.
|
|
130
|
+
const linuxUserName = yield (0, auth_1.azSetSubscription)(request, options);
|
|
115
131
|
if (linuxUserName !== request.linuxUserName) {
|
|
116
132
|
throw `Azure CLI login returned a different user name than expected. Expected: ${request.linuxUserName}, Actual: ${linuxUserName}`;
|
|
117
133
|
}
|
|
118
134
|
const { path: keyPath, cleanup: sshKeyPathCleanup } = yield (0, keygen_1.createTempDirectoryForKeys)();
|
|
119
135
|
const wrappedCreateCertAndTunnel = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
120
136
|
try {
|
|
121
|
-
yield (0, keygen_1.generateSshKeyAndAzureAdCert)(keyPath,
|
|
122
|
-
return yield (0, tunnel_1.trySpawnBastionTunnel)(request,
|
|
137
|
+
yield (0, keygen_1.generateSshKeyAndAzureAdCert)(keyPath, options);
|
|
138
|
+
return yield (0, tunnel_1.trySpawnBastionTunnel)(request, options);
|
|
123
139
|
}
|
|
124
140
|
catch (error) {
|
|
125
141
|
yield sshKeyPathCleanup();
|
|
@@ -150,7 +166,7 @@ exports.azureSshProvider = {
|
|
|
150
166
|
teardown,
|
|
151
167
|
};
|
|
152
168
|
}),
|
|
153
|
-
requestToSsh: (request) => (Object.assign(Object.assign({ type: "azure", id: "localhost" }, request.cliLocalData), { instanceId: request.permission.resource.instanceId, subscriptionId: request.permission.resource.subscriptionId, instanceResourceGroup: request.permission.resource.resourceGroupId, bastionId: request.permission.bastionHostId })),
|
|
169
|
+
requestToSsh: (request) => (Object.assign(Object.assign({ type: "azure", id: "localhost" }, request.cliLocalData), { instanceId: request.permission.resource.instanceId, subscriptionId: request.permission.resource.subscriptionId, instanceResourceGroup: request.permission.resource.resourceGroupId, bastionId: request.permission.bastionHostId, directoryId: request.generated.directoryId })),
|
|
154
170
|
unprovisionedAccessPatterns,
|
|
155
171
|
provisionedAccessPatterns,
|
|
156
172
|
toCliRequest: (request) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,iCAKgB;AAChB,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,MAAM,2BAA2B,GAAG;IAClC;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;CACO,CAAC;AAEX,MAAM,yBAAyB,GAAG;IAChC;QACE,OAAO,EAAE,8BAA8B;KACxC;CACO,CAAC;AAEX,qFAAqF;AACrF,kFAAkF;AAClF,iFAAiF;AACjF,kFAAkF;AAClF,yDAAyD;AACzD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,mEAAmE;gBACnE,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,KAAK,CAAC,IAClB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/azure/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAE1D,iCAKgB;AAChB,uCAA4C;AAC5C,qCAMkB;AAClB,qCAAyE;AAMzE,0DAA6B;AAE7B,MAAM,2BAA2B,GAAG;IAClC;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;CACO,CAAC;AAEX,MAAM,yBAAyB,GAAG;IAChC;QACE,OAAO,EAAE,8BAA8B;KACxC;CACO,CAAC;AAEX,qFAAqF;AACrF,kFAAkF;AAClF,iFAAiF;AACjF,kFAAkF;AAClF,yDAAyD;AACzD,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,QAAA,gBAAgB,GAIzB;IACF,+CAA+C;IAC/C,kBAAkB,EAAE,GAAS,EAAE;QAC7B,4CAA4C;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAe,GAAE,CAAC,EAAE;YAC9B,MAAM,uDAAuD,CAAC;SAC/D;IACH,CAAC,CAAA;IAED,YAAY,EAAE,iBAAiB;IAE/B,oBAAoB,EAAE,qDAAqD;IAE3E,wBAAwB;IACxB,oBAAoB,EAAE,SAAS;IAE/B,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,mEAAmE;gBACnE,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,KAAK,CAAC,IAClB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,IAAI,CAAC;IAE5D,aAAa,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE;;QACzC,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAC5D,IAAA,4BAAqB,GAAE,CAAC;QAC1B,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,qBAAc,EAC/D,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,gBAAgB,EAAE,GACxD,IAAA,0BAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAE9C,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,wGAAwG;YACxG,gHAAgH;YAChH,+GAA+G;YAC/G,aAAa;YACb,IAAI,cAAc,EAAE;gBAClB,OAAO,mBAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;aAClD;iBAAM;gBACL,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;gBACnE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;aACpD;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,GAClD,IAAA,yBAAgB,EAAC,OAAO,CAAC,CAAC;QAE5B,iHAAiH;QACjH,6CAA6C;QAC7C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,+BAAsB,EACzE,OAAO,EACP,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,IAAI,mCAAI,OAAO,CAChC,CAAC;QAEF,OAAO;YACL,GAAG,iBAAiB,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACtD,GAAG,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YACxC,GAAG,eAAe,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAClD,SAAS,OAAO,EAAE;YAClB,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;YAC5C,GAAG,WAAW,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,UAA+B,EAAE,EAAE,EAAE;QACjE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,mCAA0B,GAAE,CAAC;QAC7D,MAAM,IAAA,wBAAiB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,MAAM,IAAA,qCAA4B,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAAkB,CAAC,CAAC;QACjE,MAAM,qBAAqB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAgB,CAAC,CAAC;QAEnE,OAAO;YACL,cAAc,EAAE,iBAAiB;YACjC,eAAe,EAAE,qBAAqB;SACvC,CAAC;IACJ,CAAC,CAAA;IAED,UAAU,EAAE,CACV,OAAwB,EACxB,OAA8D,EAC9D,EAAE;QACF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,IAAA,8BAAqB,EACjE,OAAO,EACP,OAAO,CACR,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,eAAe;SACtB,CAAC;IACJ,CAAC,CAAA;IAED,KAAK,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAChC,yGAAyG;QACzG,0GAA0G;QAC1G,oEAAoE;QACpE,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAiB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEhE,IAAI,aAAa,KAAK,OAAO,CAAC,aAAa,EAAE;YAC3C,MAAM,2EAA2E,OAAO,CAAC,aAAa,aAAa,aAAa,EAAE,CAAC;SACpI;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,GACjD,MAAM,IAAA,mCAA0B,GAAE,CAAC;QAErC,MAAM,0BAA0B,GAAG,GAAS,EAAE;YAC5C,IAAI;gBACF,MAAM,IAAA,qCAA4B,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACrD,OAAO,MAAM,IAAA,8BAAqB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;aACtD;YAAC,OAAO,KAAU,EAAE;gBACnB,MAAM,iBAAiB,EAAE,CAAC;gBAC1B,MAAM,KAAK,CAAC;aACb;QACH,CAAC,CAAA,CAAC;QAEF,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,0BAA0B,EAAE,CAAC;QAE3E,MAAM,iBAAiB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAAkB,CAAC,CAAC;QACjE,MAAM,qBAAqB,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAgB,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,GAAS,EAAE;YAC1B,MAAM,UAAU,EAAE,CAAC;YACnB,MAAM,iBAAiB,EAAE,CAAC;QAC5B,CAAC,CAAA,CAAC;QAEF,OAAO;YACL,UAAU,EAAE;gBACV,mBAAmB,qBAAqB,EAAE;gBAE1C,2GAA2G;gBAC3G,4GAA4G;gBAC5G,gHAAgH;gBAChH,6GAA6G;gBAC7G,+GAA+G;gBAC/G,2BAA2B;gBAC3B,0BAA0B;gBAC1B,8BAA8B;aAC/B;YACD,YAAY,EAAE,iBAAiB;YAC/B,IAAI,EAAE,eAAe;YACrB,QAAQ;SACT,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,+BACzB,IAAI,EAAE,OAAO,EACb,EAAE,EAAE,WAAW,IACZ,OAAO,CAAC,YAAY,KACvB,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,EAClD,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,EAC1D,qBAAqB,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAClE,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,aAAa,EAC3C,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,IAC1C;IAEF,2BAA2B;IAC3B,yBAAyB;IAEzB,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE;;QAC9B,uCACK,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAA,OAAO,CAAC,SAAS,CAAC,aAAa,mCAAI,OAAO,CAAC,SAAS;aACpE,IACD;IACJ,CAAC,CAAA;CACF,CAAC"}
|
|
@@ -3,12 +3,11 @@ export type BastionTunnelMeta = {
|
|
|
3
3
|
killTunnel: () => Promise<void>;
|
|
4
4
|
tunnelLocalPort: string;
|
|
5
5
|
};
|
|
6
|
-
export declare const azBastionTunnelCommand: (request: AzureSshRequest, port: string
|
|
7
|
-
debug?: boolean;
|
|
8
|
-
}) => {
|
|
6
|
+
export declare const azBastionTunnelCommand: (request: AzureSshRequest, port: string) => {
|
|
9
7
|
command: string;
|
|
10
8
|
args: string[];
|
|
11
9
|
};
|
|
12
|
-
export declare const trySpawnBastionTunnel: (request: AzureSshRequest, options
|
|
10
|
+
export declare const trySpawnBastionTunnel: (request: AzureSshRequest, options: {
|
|
11
|
+
abortController: AbortController;
|
|
13
12
|
debug?: boolean;
|
|
14
13
|
}) => Promise<BastionTunnelMeta>;
|
|
@@ -23,6 +23,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
23
23
|
const retry_1 = require("../../common/retry");
|
|
24
24
|
const stdio_1 = require("../../drivers/stdio");
|
|
25
25
|
const util_1 = require("../../util");
|
|
26
|
+
const auth_1 = require("./auth");
|
|
26
27
|
const node_child_process_1 = require("node:child_process");
|
|
27
28
|
const TUNNEL_READY_STRING = "Tunnel is ready";
|
|
28
29
|
const SPAWN_TUNNEL_TRIES = 3;
|
|
@@ -33,7 +34,7 @@ const tunnelDebugOutputIgnorePatterns = [
|
|
|
33
34
|
/Received (debugger|websocket)/i,
|
|
34
35
|
/Sending to (debugger|websocket)/i,
|
|
35
36
|
];
|
|
36
|
-
const azBastionTunnelCommand = (request, port
|
|
37
|
+
const azBastionTunnelCommand = (request, port) => ({
|
|
37
38
|
command: "az",
|
|
38
39
|
args: [
|
|
39
40
|
"network",
|
|
@@ -47,7 +48,10 @@ const azBastionTunnelCommand = (request, port, options = {}) => ({
|
|
|
47
48
|
"22",
|
|
48
49
|
"--port",
|
|
49
50
|
port,
|
|
50
|
-
|
|
51
|
+
// Always include the debug flag because we use the output to determine if we need
|
|
52
|
+
// to reauthenticate the user when access fails. The output is silenced if the user
|
|
53
|
+
// doesn't pass the --debug flag to the p0 ssh process.
|
|
54
|
+
"--debug",
|
|
51
55
|
],
|
|
52
56
|
});
|
|
53
57
|
exports.azBastionTunnelCommand = azBastionTunnelCommand;
|
|
@@ -58,14 +62,14 @@ const selectRandomPort = () => {
|
|
|
58
62
|
const port = Math.floor(Math.random() * 16384) + 49152;
|
|
59
63
|
return port.toString();
|
|
60
64
|
};
|
|
61
|
-
const spawnBastionTunnelInBackground = (request, port, options
|
|
62
|
-
const { debug } = options;
|
|
65
|
+
const spawnBastionTunnelInBackground = (request, port, options) => {
|
|
66
|
+
const { debug, abortController } = options;
|
|
63
67
|
return new Promise((resolve, reject) => {
|
|
64
68
|
let processSignalledToExit = false;
|
|
65
69
|
let processExited = false;
|
|
66
70
|
let stdout = "";
|
|
67
71
|
let stderr = "";
|
|
68
|
-
const { command, args } = (0, exports.azBastionTunnelCommand)(request, port
|
|
72
|
+
const { command, args } = (0, exports.azBastionTunnelCommand)(request, port);
|
|
69
73
|
if (debug)
|
|
70
74
|
(0, stdio_1.print2)("Spawning Azure Bastion tunnel process...");
|
|
71
75
|
// Spawn the process in detached mode so that it is in its own process group; this lets us kill it and all
|
|
@@ -100,6 +104,13 @@ const spawnBastionTunnelInBackground = (request, port, options = {}) => {
|
|
|
100
104
|
!tunnelDebugOutputIgnorePatterns.some((regex) => str.match(regex))) {
|
|
101
105
|
(0, stdio_1.print2)(str);
|
|
102
106
|
}
|
|
107
|
+
// If we get a message indicating that the user's authorization is invalid, we need to terminate all of our connection attempts.
|
|
108
|
+
if (auth_1.AUTHORIZATION_FAILED_PATTERN.test(str)) {
|
|
109
|
+
abortController.abort(auth_1.ABORT_AUTHORIZATION_FAILED_MESSAGE);
|
|
110
|
+
}
|
|
111
|
+
if (auth_1.USER_NOT_IN_CACHE_PATTERN.test(str)) {
|
|
112
|
+
abortController.abort(auth_1.ABORT_AUTHORIZATION_FAILED_MESSAGE);
|
|
113
|
+
}
|
|
103
114
|
if (str.includes(TUNNEL_READY_STRING)) {
|
|
104
115
|
(0, stdio_1.print2)("Azure Bastion tunnel is ready.");
|
|
105
116
|
resolve({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tunnel.js","sourceRoot":"","sources":["../../../src/plugins/azure/tunnel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,+CAA6C;AAC7C,qCAAmC;
|
|
1
|
+
{"version":3,"file":"tunnel.js","sourceRoot":"","sources":["../../../src/plugins/azure/tunnel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,+CAA6C;AAC7C,qCAAmC;AACnC,iCAIgB;AAEhB,2DAA2C;AAE3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,sHAAsH;AACtH,oDAAoD;AACpD,MAAM,+BAA+B,GAAa;IAChD,wCAAwC;IACxC,gCAAgC;IAChC,kCAAkC;CACnC,CAAC;AAOK,MAAM,sBAAsB,GAAG,CACpC,OAAwB,EACxB,IAAY,EACZ,EAAE,CAAC,CAAC;IACJ,OAAO,EAAE,IAAI;IACb,IAAI,EAAE;QACJ,SAAS;QACT,SAAS;QACT,QAAQ;QACR,OAAO;QACP,OAAO,CAAC,SAAS;QACjB,sBAAsB;QACtB,OAAO,CAAC,UAAU;QAClB,iBAAiB;QACjB,IAAI;QACJ,QAAQ;QACR,IAAI;QACJ,kFAAkF;QAClF,mFAAmF;QACnF,uDAAuD;QACvD,SAAS;KACV;CACF,CAAC,CAAC;AAtBU,QAAA,sBAAsB,0BAsBhC;AAEH,MAAM,gBAAgB,GAAG,GAAW,EAAE;IACpC,iGAAiG;IACjG,iGAAiG;IACjG,yEAAyE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC;IACvD,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,CACrC,OAAwB,EACxB,IAAY,EACZ,OAA8D,EAClC,EAAE;IAC9B,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;IAE3C,OAAO,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxD,IAAI,sBAAsB,GAAG,KAAK,CAAC;QACnC,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,8BAAsB,EAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEhE,IAAI,KAAK;YAAE,IAAA,cAAM,EAAC,0CAA0C,CAAC,CAAC;QAE9D,0GAA0G;QAC1G,iCAAiC;QACjC,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvD,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,aAAa,GAAG,IAAI,CAAC;YACrB,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,IAAI,KAAK;oBAAE,IAAA,cAAM,EAAC,+CAA+C,CAAC,CAAC;gBACnE,OAAO;aACR;YAED,IAAI,CAAC,KAAK,EAAE;gBACV,4GAA4G;gBAC5G,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;gBACf,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC;aAChB;YAED,MAAM,CACJ,gFAAgF,IAAI,EAAE,CACvF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;QACH,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC;YACd,IACE,KAAK;gBACL,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAClE;gBACA,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;aACb;YAED,gIAAgI;YAChI,IAAI,mCAA4B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBAC1C,eAAe,CAAC,KAAK,CAAC,yCAAkC,CAAC,CAAC;aAC3D;YAED,IAAI,gCAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBACvC,eAAe,CAAC,KAAK,CAAC,yCAAkC,CAAC,CAAC;aAC3D;YAED,IAAI,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;gBACrC,IAAA,cAAM,EAAC,gCAAgC,CAAC,CAAC;gBAEzC,OAAO,CAAC;oBACN,UAAU,EAAE,GAAS,EAAE;wBACrB,IAAI,sBAAsB,IAAI,aAAa;4BAAE,OAAO;wBAEpD,sBAAsB,GAAG,IAAI,CAAC;wBAE9B,IAAI,KAAK,CAAC,GAAG,EAAE;4BACb,gGAAgG;4BAChG,iGAAiG;4BACjG,uGAAuG;4BACvG,wGAAwG;4BACxG,uGAAuG;4BACvG,2BAA2B;4BAC3B,IAAI;gCACF,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,mDAAmD,KAAK,CAAC,GAAG,MAAM,CACnE,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gCAEnC,oGAAoG;gCACpG,uGAAuG;gCACvG,mBAAmB;gCACnB,MAAM,YAAY,GAAG,GAAG,CAAC;gCACzB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE;oCACvC,MAAM,IAAA,YAAK,EAAC,YAAY,CAAC,CAAC;oCAE1B,IAAI,aAAa,EAAE;wCACjB,IAAI,KAAK,EAAE;4CACT,IAAA,cAAM,EACJ,0DAA0D,KAAK,GAAG,YAAY,MAAM,CACrF,CAAC;yCACH;wCACD,OAAO;qCACR;iCACF;gCAED,IAAI,KAAK,EAAE;oCACT,IAAA,cAAM,EACJ,iCAAiC,KAAK,CAAC,GAAG,sCAAsC,CACjF,CAAC;iCACH;gCACD,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;6BACrC;4BAAC,OAAO,KAAU,EAAE;gCACnB,kGAAkG;gCAClG,yCAAyC;gCACzC,IAAA,cAAM,EAAC,gDAAgD,KAAK,EAAE,CAAC,CAAC;gCAChE,KAAK,CAAC,KAAK,EAAE,CAAC;6BACf;yBACF;oBACH,CAAC,CAAA;oBACD,eAAe,EAAE,IAAI;iBACtB,CAAC,CAAC;aACJ;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CACnC,OAAwB,EACxB,OAA8D,EAClC,EAAE;IAC9B,iGAAiG;IACjG,+EAA+E;IAE/E,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAG,EAAE,CAAC,8BAA8B,CAAC,OAAO,EAAE,gBAAgB,EAAE,EAAE,OAAO,CAAC,EAC1E,GAAG,EAAE,CAAC,IAAI,EACV,kBAAkB,EAClB,IAAI,CACL,CAAC;AACJ,CAAC,CAAA,CAAC;AAbW,QAAA,qBAAqB,yBAahC"}
|
|
@@ -11,12 +11,9 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
11
11
|
import { PermissionSpec } from "../../types/request";
|
|
12
12
|
import { CliPermissionSpec } from "../../types/ssh";
|
|
13
13
|
import { CommonSshPermissionSpec } from "../ssh/types";
|
|
14
|
-
export type KnownError = {
|
|
15
|
-
pattern: RegExp;
|
|
16
|
-
message: string;
|
|
17
|
-
};
|
|
18
14
|
export type AzureSshGenerated = {
|
|
19
15
|
linuxUserName: string;
|
|
16
|
+
directoryId: string;
|
|
20
17
|
};
|
|
21
18
|
export type AzureSshPermissionSpec = PermissionSpec<"ssh", AzureSshPermission, AzureSshGenerated>;
|
|
22
19
|
export type AzureSsh = CliPermissionSpec<AzureSshPermissionSpec, AzureLocalData>;
|
|
@@ -48,6 +45,7 @@ export type AzureSshRequest = AzureNodeSpec & AzureBastionSpec & AzureLocalData
|
|
|
48
45
|
type: "azure";
|
|
49
46
|
id: "localhost";
|
|
50
47
|
subscriptionId: string;
|
|
48
|
+
directoryId: string;
|
|
51
49
|
};
|
|
52
50
|
export type AzureLocalData = {
|
|
53
51
|
linuxUserName: string;
|
|
@@ -21,6 +21,7 @@ This file is part of @p0security/cli
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
23
|
const ssh_1 = require("../../commands/shared/ssh");
|
|
24
|
+
const keys_1 = require("../../common/keys");
|
|
24
25
|
const install_1 = require("./install");
|
|
25
26
|
const ssh_key_1 = require("./ssh-key");
|
|
26
27
|
// It typically takes < 1 minute for access to propagate on GCP, so set the time limit to 2 minutes.
|
|
@@ -65,7 +66,6 @@ exports.gcpSshProvider = {
|
|
|
65
66
|
throw "Please try again after installing the required GCP utilities";
|
|
66
67
|
}
|
|
67
68
|
}),
|
|
68
|
-
validateSshKey: (request, publicKey) => request.permission.publicKey === publicKey,
|
|
69
69
|
friendlyName: "Google Cloud",
|
|
70
70
|
loginRequiredMessage: "Please login to Google Cloud CLI with 'gcloud auth login'",
|
|
71
71
|
loginRequiredPattern: /You do not currently have an active account selected/,
|
|
@@ -79,13 +79,19 @@ exports.gcpSshProvider = {
|
|
|
79
79
|
}
|
|
80
80
|
return undefined;
|
|
81
81
|
},
|
|
82
|
-
|
|
82
|
+
generateKeys: (request, _) => __awaiter(void 0, void 0, void 0, function* () {
|
|
83
|
+
return {
|
|
84
|
+
username: request.linuxUserName,
|
|
85
|
+
privateKeyPath: keys_1.PRIVATE_KEY_PATH,
|
|
86
|
+
};
|
|
87
|
+
}),
|
|
88
|
+
proxyCommand: (request, port) => {
|
|
83
89
|
return [
|
|
84
90
|
"gcloud",
|
|
85
91
|
"compute",
|
|
86
92
|
"start-iap-tunnel",
|
|
87
93
|
request.id,
|
|
88
|
-
"%p",
|
|
94
|
+
port ? port : "%p",
|
|
89
95
|
// --listen-on-stdin flag is required for interactive SSH session.
|
|
90
96
|
// It is undocumented on page https://cloud.google.com/sdk/gcloud/reference/compute/start-iap-tunnel
|
|
91
97
|
// but mention on page https://cloud.google.com/iap/docs/tcp-by-host
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAC1D,4CAAqD;AAErD,uCAAgD;AAChD,uCAAyC;AAGzC,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,uCAAuC;IACvC,kBAAkB,EAAE,GAAS,EAAE,kDAAC,OAAA,SAAS,CAAA,GAAA;IAEzC,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,CAAC,EAAE,EAAE;QACjC,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,aAAa;YAC/B,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,QAAQ;YACR,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YAClB,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY;YAC5C,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS;YAChD,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAAC,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,OAAO,CAAC;aACzE,IACD,CAAA;MAAA;CACH,CAAC"}
|
package/dist/plugins/okta/aws.js
CHANGED
|
@@ -28,7 +28,7 @@ const assumeRoleWithOktaSaml = (authn, args) => __awaiter(void 0, void 0, void 0
|
|
|
28
28
|
const { account, config, samlResponse } = yield (0, role_1.initOktaSaml)(authn, args.accountId);
|
|
29
29
|
const { roles } = (0, role_1.rolesFromSaml)(account, samlResponse);
|
|
30
30
|
if (!roles.includes(args.role))
|
|
31
|
-
throw `Role not available. Available roles:\n${roles.map((r) => ` ${r}`).join("\n")}`;
|
|
31
|
+
throw `Role ${args.role} not available. Available roles:\n${roles.map((r) => ` ${r}`).join("\n")}`;
|
|
32
32
|
return yield (0, assumeRole_1.assumeRoleWithSaml)({
|
|
33
33
|
account,
|
|
34
34
|
role: args.role,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,kDAAsE;AACtE,6CAA4C;AAE5C,kDAAuD;AAEhD,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,mBAAY,EAC1D,KAAK,EACL,IAAI,CAAC,SAAS,CACf,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,kDAAsE;AACtE,6CAA4C;AAE5C,kDAAuD;AAEhD,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,mBAAY,EAC1D,KAAK,EACL,IAAI,CAAC,SAAS,CACf,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtG,OAAO,MAAM,IAAA,+BAAkB,EAAC;YAC9B,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE;gBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;gBACpD,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAC;IACL,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAxBS,QAAA,sBAAsB,0BAwB/B"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
/// <reference types="node" />
|
|
1
3
|
/** Copyright © 2024-present P0 Security
|
|
2
4
|
|
|
3
5
|
This file is part of @p0security/cli
|
|
@@ -8,9 +10,13 @@ This file is part of @p0security/cli
|
|
|
8
10
|
|
|
9
11
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
12
|
**/
|
|
11
|
-
import { CommandArgs } from "../../commands/shared/ssh";
|
|
13
|
+
import { CommandArgs, SshProxyCommandArgs } from "../../commands/shared/ssh";
|
|
12
14
|
import { Authn } from "../../types/identity";
|
|
13
15
|
import { SshProvider, SshRequest } from "../../types/ssh";
|
|
16
|
+
import { AwsCredentials } from "../aws/types";
|
|
17
|
+
import { ChildProcessByStdio, StdioNull, StdioPipe } from "node:child_process";
|
|
18
|
+
import { Readable } from "node:stream";
|
|
19
|
+
export declare const spawnChildProcess: (credential: AwsCredentials | undefined, command: string, args: string[], stdio: [StdioNull, StdioNull, StdioPipe]) => ChildProcessByStdio<null, null, Readable>;
|
|
14
20
|
export declare const sshOrScp: (args: {
|
|
15
21
|
authn: Authn;
|
|
16
22
|
request: SshRequest;
|
|
@@ -18,3 +24,13 @@ export declare const sshOrScp: (args: {
|
|
|
18
24
|
privateKey: string;
|
|
19
25
|
sshProvider: SshProvider<any, any, any, any>;
|
|
20
26
|
}) => Promise<number | null>;
|
|
27
|
+
export declare const verifyDestinationString: (destination: string) => string;
|
|
28
|
+
export declare const sshProxy: (args: {
|
|
29
|
+
authn: Authn;
|
|
30
|
+
request: SshRequest;
|
|
31
|
+
cmdArgs: SshProxyCommandArgs;
|
|
32
|
+
privateKey: string;
|
|
33
|
+
sshProvider: SshProvider<any, any, any, any>;
|
|
34
|
+
debug: boolean;
|
|
35
|
+
port: string;
|
|
36
|
+
}) => Promise<number | null>;
|