@p0security/cli 0.15.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/aws/__tests__/role.test.js +4 -11
- package/dist/commands/aws/__tests__/role.test.js.map +1 -1
- package/dist/commands/aws/index.d.ts +2 -2
- package/dist/commands/aws/index.js +25 -4
- package/dist/commands/aws/index.js.map +1 -1
- package/dist/commands/aws/permission-set.d.ts +6 -0
- package/dist/commands/aws/permission-set.js +85 -0
- package/dist/commands/aws/permission-set.js.map +1 -0
- package/dist/commands/aws/role.d.ts +1 -21
- package/dist/commands/aws/role.js +31 -69
- package/dist/commands/aws/role.js.map +1 -1
- package/dist/commands/aws/types.d.ts +20 -0
- package/dist/commands/aws/types.js +3 -0
- package/dist/commands/aws/types.js.map +1 -0
- package/dist/commands/shared/request.d.ts +7 -0
- package/dist/commands/shared/request.js +28 -1
- package/dist/commands/shared/request.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +14 -3
- package/dist/index.js.map +1 -1
- package/dist/plugins/aws/config.d.ts +9 -0
- package/dist/plugins/aws/config.js +14 -3
- package/dist/plugins/aws/config.js.map +1 -1
- package/dist/plugins/aws/idc/index.js.map +1 -1
- package/dist/plugins/aws/types.d.ts +3 -0
- package/dist/plugins/okta/aws.js +39 -3
- package/dist/plugins/okta/aws.js.map +1 -1
- package/package.json +1 -1
|
@@ -35,6 +35,9 @@ jest.mock("../../../drivers/stdio");
|
|
|
35
35
|
jest.mock("typescript", () => (Object.assign(Object.assign({}, jest.requireActual("typescript")), { sys: {
|
|
36
36
|
writeOutputIsTTY: () => true,
|
|
37
37
|
} })));
|
|
38
|
+
jest.mock("../../shared/request", () => ({
|
|
39
|
+
provisionRequest: jest.fn(),
|
|
40
|
+
}));
|
|
38
41
|
const mockFetch = jest.spyOn(global, "fetch");
|
|
39
42
|
const mockPrint1 = stdio_1.print1;
|
|
40
43
|
const mockPrint2 = stdio_1.print2;
|
|
@@ -58,10 +61,7 @@ describe("aws role", () => {
|
|
|
58
61
|
};
|
|
59
62
|
describe("without Okta SAML", () => {
|
|
60
63
|
(0, firestore_1.mockGetDoc)({ "iam-write": { "1": item } });
|
|
61
|
-
describe.each([
|
|
62
|
-
["ls", "aws role ls"],
|
|
63
|
-
["assume", "aws role assume Role1"],
|
|
64
|
-
])("%s", (_, command) => {
|
|
64
|
+
describe.each([["assume", "aws role assume Role1"]])("%s", (_, command) => {
|
|
65
65
|
it("should print a friendly error message", () => __awaiter(void 0, void 0, void 0, function* () {
|
|
66
66
|
const error = yield (0, yargs_1.failure)((0, __1.awsCommand)((0, yargs_2.default)()), command);
|
|
67
67
|
expect(error).toMatchInlineSnapshot(`"Account test is not configured for Okta SAML login."`);
|
|
@@ -90,13 +90,6 @@ describe("aws role", () => {
|
|
|
90
90
|
expect(mockPrint1.mock.calls).toMatchSnapshot("stdout");
|
|
91
91
|
}));
|
|
92
92
|
});
|
|
93
|
-
describe("ls", () => {
|
|
94
|
-
it("lists roles", () => __awaiter(void 0, void 0, void 0, function* () {
|
|
95
|
-
yield (0, __1.awsCommand)((0, yargs_2.default)()).parse("aws role ls");
|
|
96
|
-
expect(mockPrint2.mock.calls).toMatchSnapshot("stderr");
|
|
97
|
-
expect(mockPrint1.mock.calls).toMatchSnapshot("stdout");
|
|
98
|
-
}));
|
|
99
|
-
});
|
|
100
93
|
});
|
|
101
94
|
});
|
|
102
95
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role.test.js","sourceRoot":"","sources":["../../../../src/commands/aws/__tests__/role.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0BAAgC;AAChC,kDAAwD;AACxD,0DAAwD;AACxD,kDAAiD;AACjD,6DAAyD;AACzD,2DAAuD;AACvD,kDAA0B;AAE1B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACzB,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;AACnC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;AACpC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,iCACzB,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,KACnC,GAAG,EAAE;QACH,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI;KAC7B,IACD,CAAC,CAAC;AAEJ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,cAAmB,CAAC;AACvC,MAAM,UAAU,GAAG,cAAmB,CAAC;AAEvC,UAAU,CAAC,GAAG,EAAE;IACd,IAAI,CAAC,aAAa,EAAE,CAAC;IACrB,SAAS,CAAC,kBAAkB,CAC1B,CAAO,GAAsB,EAAE,EAAE;QAC/B,OAAA,CAAC;YACC,EAAE,EAAE,IAAI;YACR,mDAAmD;YACnD,IAAI,EAAE,GAAS,EAAE,kDAAC,OAAA,CAAC,EAAE,CAAC,CAAA,GAAA;YACtB,mEAAmE;YACnE,IAAI,EAAE,GAAS,EAAE,kDACf,OAAC,GAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,4BAAY,CAAC,CAAC,CAAC,0BAAW,CAAA,GAAA;SACjE,CAAa,CAAA;MAAA,CACjB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;IACxB,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,WAAW;SACnB,CAAC;QACF,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACjC,IAAA,sBAAU,EAAC,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC
|
|
1
|
+
{"version":3,"file":"role.test.js","sourceRoot":"","sources":["../../../../src/commands/aws/__tests__/role.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0BAAgC;AAChC,kDAAwD;AACxD,0DAAwD;AACxD,kDAAiD;AACjD,6DAAyD;AACzD,2DAAuD;AACvD,kDAA0B;AAE1B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACzB,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;AACnC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;AACpC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,iCACzB,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,KACnC,GAAG,EAAE;QACH,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI;KAC7B,IACD,CAAC,CAAC;AACJ,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,GAAG,EAAE,CAAC,CAAC;IACvC,gBAAgB,EAAE,IAAI,CAAC,EAAE,EAAE;CAC5B,CAAC,CAAC,CAAC;AAEJ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG,cAAmB,CAAC;AACvC,MAAM,UAAU,GAAG,cAAmB,CAAC;AAEvC,UAAU,CAAC,GAAG,EAAE;IACd,IAAI,CAAC,aAAa,EAAE,CAAC;IACrB,SAAS,CAAC,kBAAkB,CAC1B,CAAO,GAAsB,EAAE,EAAE;QAC/B,OAAA,CAAC;YACC,EAAE,EAAE,IAAI;YACR,mDAAmD;YACnD,IAAI,EAAE,GAAS,EAAE,kDAAC,OAAA,CAAC,EAAE,CAAC,CAAA,GAAA;YACtB,mEAAmE;YACnE,IAAI,EAAE,GAAS,EAAE,kDACf,OAAC,GAAc,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,4BAAY,CAAC,CAAC,CAAC,0BAAW,CAAA,GAAA;SACjE,CAAa,CAAA;MAAA,CACjB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;IACxB,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,MAAM;YACb,KAAK,EAAE,WAAW;SACnB,CAAC;QACF,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACjC,IAAA,sBAAU,EAAC,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC,CAAC,CAClD,IAAI,EACJ,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE;gBACb,EAAE,CAAC,uCAAuC,EAAE,GAAS,EAAE;oBACrD,MAAM,KAAK,GAAG,MAAM,IAAA,eAAO,EAAC,IAAA,cAAU,EAAC,IAAA,eAAK,GAAE,CAAC,EAAE,OAAO,CAAC,CAAC;oBAC1D,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACjC,uDAAuD,CACxD,CAAC;gBACJ,CAAC,CAAA,CAAC,CAAC;YACL,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;YAC9B,UAAU,CAAC,GAAG,EAAE;gBACd,IAAA,sBAAU,EAAC;oBACT,WAAW,EAAE;wBACX,GAAG,kCACE,IAAI,KACP,KAAK,EAAE;gCACL,IAAI,EAAE,WAAW;gCACjB,QAAQ,EAAE;oCACR,IAAI,EAAE,MAAM;oCACZ,KAAK,EAAE,YAAY;oCACnB,gBAAgB,EAAE,MAAM;iCACzB;6BACF,GACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,EAAE,CAAC,sBAAsB,EAAE,GAAS,EAAE;oBACpC,MAAM,IAAA,cAAU,EAAC,IAAA,eAAK,GAAE,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;oBACzD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;oBACxD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;gBAC1D,CAAC,CAAA,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import yargs from "yargs";
|
|
2
|
-
export declare const awsCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<{
|
|
3
|
-
|
|
2
|
+
export declare const awsCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<import("./types").AssumeCommandArgs & {
|
|
3
|
+
"permission-set": string;
|
|
4
4
|
}>;
|
|
@@ -1,4 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
2
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
12
|
exports.awsCommand = void 0;
|
|
4
13
|
/** Copyright © 2024-present P0 Security
|
|
@@ -11,17 +20,29 @@ This file is part of @p0security/cli
|
|
|
11
20
|
|
|
12
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
13
22
|
**/
|
|
23
|
+
const auth_1 = require("../../drivers/auth");
|
|
24
|
+
const config_1 = require("../../plugins/aws/config");
|
|
25
|
+
const permission_set_1 = require("./permission-set");
|
|
14
26
|
const role_1 = require("./role");
|
|
15
|
-
const
|
|
16
|
-
|
|
27
|
+
const awsArgs = (yargs) => __awaiter(void 0, void 0, void 0, function* () {
|
|
28
|
+
var _a;
|
|
17
29
|
const base = yargs
|
|
18
30
|
.option("account", {
|
|
19
31
|
type: "string",
|
|
20
32
|
describe: "AWS account ID or alias (or set P0_AWS_ACCOUNT)",
|
|
33
|
+
})
|
|
34
|
+
.option("reason", {
|
|
35
|
+
describe: "Reason access is needed",
|
|
36
|
+
type: "string",
|
|
21
37
|
})
|
|
22
38
|
.env("P0_AWS");
|
|
23
|
-
|
|
24
|
-
};
|
|
39
|
+
const authn = yield (0, auth_1.authenticate)();
|
|
40
|
+
const { config } = yield (0, config_1.getFirstAwsConfig)(authn);
|
|
41
|
+
const withCommand = ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "idc"
|
|
42
|
+
? (0, permission_set_1.permissionSet)(base, authn)
|
|
43
|
+
: (0, role_1.role)(base, authn);
|
|
44
|
+
return withCommand.demandCommand(1);
|
|
45
|
+
});
|
|
25
46
|
const awsCommand = (yargs) => yargs.command("aws", "Execute AWS commands", awsArgs);
|
|
26
47
|
exports.awsCommand = awsCommand;
|
|
27
48
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/aws/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/aws/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,6CAAkD;AAClD,qDAA6D;AAC7D,qDAAiD;AACjD,iCAA8B;AAG9B,MAAM,OAAO,GAAG,CAAO,KAAiB,EAAE,EAAE;;IAC1C,MAAM,IAAI,GAAG,KAAK;SACf,MAAM,CAAC,SAAS,EAAE;QACjB,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,iDAAiD;KAC5D,CAAC;SACD,MAAM,CAAC,QAAQ,EAAE;QAChB,QAAQ,EAAE,yBAAyB;QACnC,IAAI,EAAE,QAAQ;KACf,CAAC;SACD,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEjB,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,0BAAiB,EAAC,KAAK,CAAC,CAAC;IAElD,MAAM,WAAW,GACf,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;QAC1B,CAAC,CAAC,IAAA,8BAAa,EAAC,IAAI,EAAE,KAAK,CAAC;QAC5B,CAAC,CAAC,IAAA,WAAI,EAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAExB,OAAO,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC,CAAA,CAAC;AAEK,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,sBAAsB,EAAE,OAAO,CAAC,CAAC;AAD3C,QAAA,UAAU,cACiC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { Authn } from "../../types/identity";
|
|
2
|
+
import { AssumeCommandArgs } from "./types";
|
|
3
|
+
import yargs from "yargs";
|
|
4
|
+
export declare const permissionSet: (yargs: yargs.Argv<AssumeCommandArgs>, authn: Authn) => yargs.Argv<AssumeCommandArgs & {
|
|
5
|
+
"permission-set": string;
|
|
6
|
+
}>;
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.permissionSet = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const firestore_1 = require("../../drivers/firestore");
|
|
24
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
25
|
+
const config_1 = require("../../plugins/aws/config");
|
|
26
|
+
const idc_1 = require("../../plugins/aws/idc");
|
|
27
|
+
const request_1 = require("../shared/request");
|
|
28
|
+
const lodash_1 = require("lodash");
|
|
29
|
+
const typescript_1 = require("typescript");
|
|
30
|
+
const permissionSet = (yargs, authn) => yargs.command("permission-set", "Interact with AWS permission sets", (yargs) => yargs
|
|
31
|
+
.command("assume <permission-set>", "Assume an AWS permission set", (y) => y.positional("permission-set", {
|
|
32
|
+
type: "string",
|
|
33
|
+
demandOption: true,
|
|
34
|
+
describe: "An AWS permission set name",
|
|
35
|
+
}), (0, firestore_1.fsShutdownGuard)((argv) => oktaAwsAssumePermissionSet(argv, authn)))
|
|
36
|
+
.demandCommand(1));
|
|
37
|
+
exports.permissionSet = permissionSet;
|
|
38
|
+
const oktaAwsAssumePermissionSet = (argv, authn) => __awaiter(void 0, void 0, void 0, function* () {
|
|
39
|
+
var _a;
|
|
40
|
+
const { account, permissionSet } = argv;
|
|
41
|
+
const { config } = yield (0, config_1.getAwsConfig)(authn, account);
|
|
42
|
+
if (((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) !== "idc") {
|
|
43
|
+
throw new Error(`Unexpected login type. Expected IDC to be enabled for account ${account}`);
|
|
44
|
+
}
|
|
45
|
+
const { login } = config;
|
|
46
|
+
const requestCommand = buildPermissionSetRequestCommand(argv);
|
|
47
|
+
yield (0, request_1.provisionRequest)(requestCommand, authn);
|
|
48
|
+
const awsCredential = yield (0, idc_1.assumeRoleWithIdc)({
|
|
49
|
+
accountId: config.id,
|
|
50
|
+
permissionSet,
|
|
51
|
+
idc: { id: login.identityStoreId, region: login.idcRegion },
|
|
52
|
+
});
|
|
53
|
+
printAwsCredentials(argv, awsCredential);
|
|
54
|
+
});
|
|
55
|
+
const buildPermissionSetRequestCommand = (argv) => {
|
|
56
|
+
return Object.assign(Object.assign({}, (0, lodash_1.pick)(argv, "$0", "_")), { arguments: [
|
|
57
|
+
"aws",
|
|
58
|
+
"permission-set",
|
|
59
|
+
argv.permissionSet,
|
|
60
|
+
...(argv.reason ? ["--reason", argv.reason] : []),
|
|
61
|
+
...(argv.account ? ["--account", argv.account] : []),
|
|
62
|
+
], wait: true });
|
|
63
|
+
};
|
|
64
|
+
/**
|
|
65
|
+
* Prints the AWS credentials to the console.
|
|
66
|
+
*
|
|
67
|
+
* @param awsCredential The AWS credentials to print.
|
|
68
|
+
* @param argv The command line arguments.
|
|
69
|
+
*/
|
|
70
|
+
const printAwsCredentials = (argv, awsCredential) => {
|
|
71
|
+
var _a;
|
|
72
|
+
const isTty = (_a = typescript_1.sys.writeOutputIsTTY) === null || _a === void 0 ? void 0 : _a.call(typescript_1.sys);
|
|
73
|
+
if (isTty)
|
|
74
|
+
(0, stdio_1.print2)("Execute the following commands:\n");
|
|
75
|
+
const indent = isTty ? " " : "";
|
|
76
|
+
(0, stdio_1.print1)(Object.entries(awsCredential)
|
|
77
|
+
.map(([key, value]) => `${indent}export ${key}=${value}`)
|
|
78
|
+
.join("\n"));
|
|
79
|
+
if (isTty)
|
|
80
|
+
(0, stdio_1.print2)(`
|
|
81
|
+
Or, populate these environment variables using BASH command substitution:
|
|
82
|
+
|
|
83
|
+
$(p0 aws${argv.account ? ` --account ${argv.account}` : ""} permission-set assume ${argv.permissionSet}) `);
|
|
84
|
+
};
|
|
85
|
+
//# sourceMappingURL=permission-set.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-set.js","sourceRoot":"","sources":["../../../src/commands/aws/permission-set.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,uDAA0D;AAC1D,+CAAqD;AACrD,qDAAwD;AACxD,+CAA0D;AAG1D,+CAAqD;AAErD,mCAA8B;AAC9B,2CAAiC;AAG1B,MAAM,aAAa,GAAG,CAC3B,KAAoC,EACpC,KAAY,EACZ,EAAE,CACF,KAAK,CAAC,OAAO,CACX,gBAAgB,EAChB,mCAAmC,EACnC,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,OAAO,CACN,yBAAyB,EACzB,8BAA8B,EAC9B,CAAC,CAAgC,EAAE,EAAE,CACnC,CAAC,CAAC,UAAU,CAAC,gBAAgB,EAAE;IAC7B,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,4BAA4B;CACvC,CAAC,EACJ,IAAA,2BAAe,EAAC,CAAC,IAAI,EAAE,EAAE,CAAC,0BAA0B,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CACnE;KACA,aAAa,CAAC,CAAC,CAAC,CACtB,CAAC;AArBS,QAAA,aAAa,iBAqBtB;AAEJ,MAAM,0BAA0B,GAAG,CACjC,IAA8D,EAC9D,KAAY,EACZ,EAAE;;IACF,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;QAChC,MAAM,IAAI,KAAK,CACb,iEAAiE,OAAO,EAAE,CAC3E,CAAC;KACH;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IAEzB,MAAM,cAAc,GAAG,gCAAgC,CAAC,IAAI,CAAC,CAAC;IAE9D,MAAM,IAAA,0BAAgB,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAE9C,MAAM,aAAa,GAAG,MAAM,IAAA,uBAAiB,EAAC;QAC5C,SAAS,EAAE,MAAM,CAAC,EAAE;QACpB,aAAa;QACb,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC,SAAS,EAAE;KAC5D,CAAC,CAAC;IAEH,mBAAmB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AAC3C,CAAC,CAAA,CAAC;AAEF,MAAM,gCAAgC,GAAG,CACvC,IAA8D,EAI7D,EAAE;IACH,uCACK,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,gBAAgB;YAChB,IAAI,CAAC,aAAa;YAClB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACrD,EACD,IAAI,EAAE,IAAI,IACV;AACJ,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CAC1B,IAA8D,EAC9D,aAA6B,EAC7B,EAAE;;IACF,MAAM,KAAK,GAAG,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAC;IACvC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,mCAAmC,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACjC,IAAA,cAAM,EACJ,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,UAAU,GAAG,IAAI,KAAK,EAAE,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IACF,IAAI,KAAK;QACP,IAAA,cAAM,EAAC;;;YAGC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,0BAA0B,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC;AAC9G,CAAC,CAAC"}
|
|
@@ -1,29 +1,9 @@
|
|
|
1
|
-
import { AwsFederatedLogin } from "../../plugins/aws/types";
|
|
2
1
|
import { Authn } from "../../types/identity";
|
|
3
2
|
import yargs from "yargs";
|
|
4
3
|
export declare const role: (yargs: yargs.Argv<{
|
|
5
4
|
account: string | undefined;
|
|
6
|
-
}
|
|
5
|
+
}>, authn: Authn) => yargs.Argv<{
|
|
7
6
|
account: string | undefined;
|
|
8
7
|
} & {
|
|
9
8
|
role: string;
|
|
10
9
|
}>;
|
|
11
|
-
/** Retrieves the configured Okta SAML response for the specified account
|
|
12
|
-
*
|
|
13
|
-
* If no account is passed, and the organization only has one account configured,
|
|
14
|
-
* assumes that account.
|
|
15
|
-
*/
|
|
16
|
-
export declare const initOktaSaml: (authn: Authn, account: string | undefined) => Promise<{
|
|
17
|
-
samlResponse: string;
|
|
18
|
-
config: {
|
|
19
|
-
id: string;
|
|
20
|
-
} & import("../../plugins/aws/types").AwsItemConfig & {
|
|
21
|
-
login: AwsFederatedLogin;
|
|
22
|
-
};
|
|
23
|
-
account: string;
|
|
24
|
-
}>;
|
|
25
|
-
/** Extracts all roles from a SAML assertion */
|
|
26
|
-
export declare const rolesFromSaml: (account: string, saml: string) => {
|
|
27
|
-
arns: string[];
|
|
28
|
-
roles: string[];
|
|
29
|
-
};
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
12
|
+
exports.role = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -20,63 +20,22 @@ This file is part of @p0security/cli
|
|
|
20
20
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
|
-
const xml_1 = require("../../common/xml");
|
|
24
|
-
const auth_1 = require("../../drivers/auth");
|
|
25
23
|
const firestore_1 = require("../../drivers/firestore");
|
|
26
24
|
const stdio_1 = require("../../drivers/stdio");
|
|
27
|
-
const config_1 = require("../../plugins/aws/config");
|
|
28
25
|
const aws_1 = require("../../plugins/okta/aws");
|
|
29
|
-
const
|
|
26
|
+
const request_1 = require("../shared/request");
|
|
30
27
|
const lodash_1 = require("lodash");
|
|
31
28
|
const typescript_1 = require("typescript");
|
|
32
|
-
const role = (yargs) => yargs.command("role", "Interact with AWS roles", (yargs) => yargs
|
|
33
|
-
.command("ls", "List available AWS roles", lodash_1.identity,
|
|
34
|
-
// TODO: select based on uidLocation
|
|
35
|
-
(0, firestore_1.fsShutdownGuard)(oktaAwsListRoles))
|
|
29
|
+
const role = (yargs, authn) => yargs.command("role", "Interact with AWS roles", (yargs) => yargs
|
|
36
30
|
.command("assume <role>", "Assume an AWS role", (y) => y.positional("role", {
|
|
37
31
|
type: "string",
|
|
38
32
|
demandOption: true,
|
|
39
33
|
describe: "An AWS role name",
|
|
40
34
|
}),
|
|
41
35
|
// TODO: select based on uidLocation
|
|
42
|
-
(0, firestore_1.fsShutdownGuard)(oktaAwsAssumeRole))
|
|
36
|
+
(0, firestore_1.fsShutdownGuard)((argv) => oktaAwsAssumeRole(argv, authn)))
|
|
43
37
|
.demandCommand(1));
|
|
44
38
|
exports.role = role;
|
|
45
|
-
const isFederatedLogin = (config) => { var _a; return ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "federated"; };
|
|
46
|
-
/** Retrieves the configured Okta SAML response for the specified account
|
|
47
|
-
*
|
|
48
|
-
* If no account is passed, and the organization only has one account configured,
|
|
49
|
-
* assumes that account.
|
|
50
|
-
*/
|
|
51
|
-
const initOktaSaml = (authn, account) => __awaiter(void 0, void 0, void 0, function* () {
|
|
52
|
-
var _a;
|
|
53
|
-
const { identity, config } = yield (0, config_1.getAwsConfig)(authn, account);
|
|
54
|
-
if (!isFederatedLogin(config))
|
|
55
|
-
throw `Account ${(_a = config.label) !== null && _a !== void 0 ? _a : config.id} is not configured for Okta SAML login.`;
|
|
56
|
-
const samlResponse = yield (0, login_1.getSamlResponse)(identity, config.login);
|
|
57
|
-
return {
|
|
58
|
-
samlResponse,
|
|
59
|
-
config,
|
|
60
|
-
account: config.id,
|
|
61
|
-
};
|
|
62
|
-
});
|
|
63
|
-
exports.initOktaSaml = initOktaSaml;
|
|
64
|
-
/** Extracts all roles from a SAML assertion */
|
|
65
|
-
const rolesFromSaml = (account, saml) => {
|
|
66
|
-
var _a;
|
|
67
|
-
const samlText = Buffer.from(saml, "base64").toString("ascii");
|
|
68
|
-
const samlObject = (0, xml_1.parseXml)(samlText);
|
|
69
|
-
const samlAttributes = samlObject["saml2p:Response"]["saml2:Assertion"]["saml2:AttributeStatement"]["saml2:Attribute"];
|
|
70
|
-
const roleAttribute = samlAttributes.find((a) => a._attributes.Name === "https://aws.amazon.com/SAML/Attributes/Role");
|
|
71
|
-
// Format:
|
|
72
|
-
// 'arn:aws:iam::391052057035:saml-provider/p0dev-ext_okta_sso,arn:aws:iam::391052057035:role/path/to/role/SSOAmazonS3FullAccess'
|
|
73
|
-
const arns = (_a = (0, lodash_1.flatten)([roleAttribute === null || roleAttribute === void 0 ? void 0 : roleAttribute["saml2:AttributeValue"]])) === null || _a === void 0 ? void 0 : _a.map((r) => r.split(",")[1]);
|
|
74
|
-
const roles = arns
|
|
75
|
-
.filter((r) => r.startsWith(`arn:aws:iam::${account}:role/`))
|
|
76
|
-
.map((r) => r.split("/").slice(1).join("/"));
|
|
77
|
-
return { arns, roles };
|
|
78
|
-
};
|
|
79
|
-
exports.rolesFromSaml = rolesFromSaml;
|
|
80
39
|
/** Assumes a role in AWS via Okta SAML federation.
|
|
81
40
|
*
|
|
82
41
|
* Prerequisites:
|
|
@@ -88,14 +47,33 @@ exports.rolesFromSaml = rolesFromSaml;
|
|
|
88
47
|
* the user's identity blob
|
|
89
48
|
* - The requested role is assigned to the user in Okta
|
|
90
49
|
*/
|
|
91
|
-
const oktaAwsAssumeRole = (
|
|
92
|
-
|
|
93
|
-
|
|
50
|
+
const oktaAwsAssumeRole = (argv, authn) => __awaiter(void 0, void 0, void 0, function* () {
|
|
51
|
+
const requestCommand = buildRoleRequestCommand(argv);
|
|
52
|
+
yield (0, request_1.provisionRequest)(requestCommand, authn);
|
|
94
53
|
const awsCredential = yield (0, aws_1.assumeRoleWithOktaSaml)(authn, {
|
|
95
|
-
accountId:
|
|
96
|
-
role:
|
|
54
|
+
accountId: argv.account,
|
|
55
|
+
role: argv.role,
|
|
97
56
|
});
|
|
98
|
-
|
|
57
|
+
printAwsCredentials(argv, awsCredential);
|
|
58
|
+
});
|
|
59
|
+
const buildRoleRequestCommand = (argv) => {
|
|
60
|
+
return Object.assign(Object.assign({}, (0, lodash_1.pick)(argv, "$0", "_")), { arguments: [
|
|
61
|
+
"aws",
|
|
62
|
+
"role",
|
|
63
|
+
argv.role,
|
|
64
|
+
...(argv.reason ? ["--reason", argv.reason] : []),
|
|
65
|
+
...(argv.account ? ["--account", argv.account] : []),
|
|
66
|
+
], wait: true });
|
|
67
|
+
};
|
|
68
|
+
/**
|
|
69
|
+
* Prints the AWS credentials to the console.
|
|
70
|
+
*
|
|
71
|
+
* @param argv The command line arguments.
|
|
72
|
+
* @param awsCredential The AWS credentials to print.
|
|
73
|
+
*/
|
|
74
|
+
const printAwsCredentials = (argv, awsCredential) => {
|
|
75
|
+
var _a;
|
|
76
|
+
const isTty = (_a = typescript_1.sys.writeOutputIsTTY) === null || _a === void 0 ? void 0 : _a.call(typescript_1.sys);
|
|
99
77
|
if (isTty)
|
|
100
78
|
(0, stdio_1.print2)("Execute the following commands:\n");
|
|
101
79
|
const indent = isTty ? " " : "";
|
|
@@ -106,23 +84,7 @@ const oktaAwsAssumeRole = (args) => __awaiter(void 0, void 0, void 0, function*
|
|
|
106
84
|
(0, stdio_1.print2)(`
|
|
107
85
|
Or, populate these environment variables using BASH command substitution:
|
|
108
86
|
|
|
109
|
-
$(p0 aws${
|
|
87
|
+
$(p0 aws${argv.account ? ` --account ${argv.account}` : ""} role assume ${argv.role})
|
|
110
88
|
`);
|
|
111
|
-
}
|
|
112
|
-
/** Lists assigned AWS roles for this user on this account */
|
|
113
|
-
const oktaAwsListRoles = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
114
|
-
var _c;
|
|
115
|
-
const authn = yield (0, auth_1.authenticate)();
|
|
116
|
-
const { account, samlResponse } = yield (0, exports.initOktaSaml)(authn, args.account);
|
|
117
|
-
const { arns, roles } = (0, exports.rolesFromSaml)(account, samlResponse);
|
|
118
|
-
const isTty = (_c = typescript_1.sys.writeOutputIsTTY) === null || _c === void 0 ? void 0 : _c.call(typescript_1.sys);
|
|
119
|
-
if (isTty)
|
|
120
|
-
(0, stdio_1.print2)(`Your available roles for account ${account}:`);
|
|
121
|
-
if (!(roles === null || roles === void 0 ? void 0 : roles.length)) {
|
|
122
|
-
const accounts = (0, lodash_1.uniq)(arns.map((a) => a.split(":")[4])).sort();
|
|
123
|
-
throw `No roles found. You have roles on these accounts:\n${accounts.join("\n")}`;
|
|
124
|
-
}
|
|
125
|
-
const indent = isTty ? " " : "";
|
|
126
|
-
(0, stdio_1.print1)(roles.map((r) => `${indent}${r}`).join("\n"));
|
|
127
|
-
});
|
|
89
|
+
};
|
|
128
90
|
//# sourceMappingURL=role.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role.js","sourceRoot":"","sources":["../../../src/commands/aws/role.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,
|
|
1
|
+
{"version":3,"file":"role.js","sourceRoot":"","sources":["../../../src/commands/aws/role.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,uDAA0D;AAC1D,+CAAqD;AAErD,gDAAgE;AAEhE,+CAAqD;AAErD,mCAA8B;AAC9B,2CAAiC;AAG1B,MAAM,IAAI,GAAG,CAClB,KAAkD,EAClD,KAAY,EACZ,EAAE,CACF,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,yBAAyB,EAAE,CAAC,KAAK,EAAE,EAAE,CACzD,KAAK;KACF,OAAO,CACN,eAAe,EACf,oBAAoB,EACpB,CAAC,CAA8C,EAAE,EAAE,CACjD,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,kBAAkB;CAC7B,CAAC;AACJ,oCAAoC;AACpC,IAAA,2BAAe,EAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAC1D;KACA,aAAa,CAAC,CAAC,CAAC,CACpB,CAAC;AAnBS,QAAA,IAAI,QAmBb;AAEJ;;;;;;;;;;GAUG;AACH,MAAM,iBAAiB,GAAG,CACxB,IAAqD,EACrD,KAAY,EACZ,EAAE;IACF,MAAM,cAAc,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAErD,MAAM,IAAA,0BAAgB,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAE9C,MAAM,aAAa,GAAG,MAAM,IAAA,4BAAsB,EAAC,KAAK,EAAE;QACxD,SAAS,EAAE,IAAI,CAAC,OAAO;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC,CAAC;IAEH,mBAAmB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AAC3C,CAAC,CAAA,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAC9B,IAAqD,EAIpD,EAAE;IACH,uCACK,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,MAAM;YACN,IAAI,CAAC,IAAI;YACT,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACrD,EACD,IAAI,EAAE,IAAI,IACV;AACJ,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CAC1B,IAAqD,EACrD,aAA6B,EAC7B,EAAE;;IACF,MAAM,KAAK,GAAG,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAC;IACvC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,mCAAmC,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACjC,IAAA,cAAM,EACJ,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;SAC1B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,UAAU,GAAG,IAAI,KAAK,EAAE,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IACF,IAAI,KAAK;QACP,IAAA,cAAM,EAAC;;;YAGC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,gBAAgB,IAAI,CAAC,IAAI;CACpF,CAAC,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/** Copyright © 2024-present P0 Security
|
|
2
|
+
|
|
3
|
+
This file is part of @p0security/cli
|
|
4
|
+
|
|
5
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
+
|
|
7
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
+
|
|
9
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
+
**/
|
|
11
|
+
export type AssumeCommandArgs = {
|
|
12
|
+
account?: string;
|
|
13
|
+
reason?: string;
|
|
14
|
+
};
|
|
15
|
+
export type AssumePermissionSetCommandArgs = AssumeCommandArgs & {
|
|
16
|
+
permissionSet: string;
|
|
17
|
+
};
|
|
18
|
+
export type AssumeRoleCommandArgs = AssumeCommandArgs & {
|
|
19
|
+
role: string;
|
|
20
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/aws/types.ts"],"names":[],"mappings":""}
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import { Authn } from "../../types/identity";
|
|
2
2
|
import { RequestResponse } from "../../types/request";
|
|
3
3
|
import yargs from "yargs";
|
|
4
|
+
export declare const PROVISIONING_ACCESS_MESSAGE = "Waiting for access to be provisioned";
|
|
5
|
+
export declare const EXISTING_ACCESS_MESSAGE = "Existing access found.";
|
|
6
|
+
export declare const ACCESS_EXISTS_ERROR_MESSAGE = "This principal already has this access";
|
|
4
7
|
export declare const requestArgs: <T>(yargs: yargs.Argv<T>) => yargs.Argv<T & {
|
|
5
8
|
wait: boolean;
|
|
6
9
|
} & {
|
|
@@ -13,3 +16,7 @@ export declare const request: (command: "grant" | "request") => <T>(args: yargs.
|
|
|
13
16
|
accessMessage?: string;
|
|
14
17
|
message?: "all" | "approval-required" | "none" | "quiet";
|
|
15
18
|
}) => Promise<RequestResponse<T> | undefined>;
|
|
19
|
+
export declare const provisionRequest: (argv: yargs.ArgumentsCamelCase<{
|
|
20
|
+
arguments: string[];
|
|
21
|
+
wait?: boolean;
|
|
22
|
+
}>, authn: Authn) => Promise<void>;
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.request = exports.requestArgs = void 0;
|
|
12
|
+
exports.provisionRequest = exports.request = exports.requestArgs = exports.ACCESS_EXISTS_ERROR_MESSAGE = exports.EXISTING_ACCESS_MESSAGE = exports.PROVISIONING_ACCESS_MESSAGE = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -20,6 +20,7 @@ This file is part of @p0security/cli
|
|
|
20
20
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
|
+
const _1 = require(".");
|
|
23
24
|
const api_1 = require("../../drivers/api");
|
|
24
25
|
const auth_1 = require("../../drivers/auth");
|
|
25
26
|
const firestore_1 = require("../../drivers/firestore");
|
|
@@ -27,6 +28,9 @@ const stdio_1 = require("../../drivers/stdio");
|
|
|
27
28
|
const firestore_2 = require("firebase/firestore");
|
|
28
29
|
const typescript_1 = require("typescript");
|
|
29
30
|
const WAIT_TIMEOUT = 300e3;
|
|
31
|
+
exports.PROVISIONING_ACCESS_MESSAGE = "Waiting for access to be provisioned";
|
|
32
|
+
exports.EXISTING_ACCESS_MESSAGE = "Existing access found.";
|
|
33
|
+
exports.ACCESS_EXISTS_ERROR_MESSAGE = "This principal already has this access";
|
|
30
34
|
const APPROVED = { message: "Your request was approved", code: 0 };
|
|
31
35
|
const DENIED = { message: "Your request was denied", code: 2 };
|
|
32
36
|
const ERRORED = { message: "Your request encountered an error", code: 1 };
|
|
@@ -124,4 +128,27 @@ const request = (command) => (args, authn, options) => __awaiter(void 0, void 0,
|
|
|
124
128
|
}
|
|
125
129
|
});
|
|
126
130
|
exports.request = request;
|
|
131
|
+
const provisionRequest = (argv, authn) => __awaiter(void 0, void 0, void 0, function* () {
|
|
132
|
+
try {
|
|
133
|
+
const response = yield (0, exports.request)("request")(argv, authn, {
|
|
134
|
+
message: "approval-required",
|
|
135
|
+
});
|
|
136
|
+
if (!response) {
|
|
137
|
+
(0, stdio_1.print2)("Did not receive access ID from server");
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
const { id, isPreexisting } = response;
|
|
141
|
+
(0, stdio_1.print2)(!isPreexisting ? exports.PROVISIONING_ACCESS_MESSAGE : exports.EXISTING_ACCESS_MESSAGE);
|
|
142
|
+
yield (0, _1.waitForProvisioning)(authn, id);
|
|
143
|
+
}
|
|
144
|
+
catch (error) {
|
|
145
|
+
if (error === exports.ACCESS_EXISTS_ERROR_MESSAGE) {
|
|
146
|
+
(0, stdio_1.print2)(exports.EXISTING_ACCESS_MESSAGE);
|
|
147
|
+
}
|
|
148
|
+
else {
|
|
149
|
+
throw error;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
});
|
|
153
|
+
exports.provisionRequest = provisionRequest;
|
|
127
154
|
//# sourceMappingURL=request.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,6CAAkD;AAClD,uDAA8C;AAC9C,+CAAwD;AAOxD,kDAAgD;AAChD,2CAAiC;AAGjC,MAAM,YAAY,GAAG,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAAwC;AACxC,2CAAiD;AACjD,6CAAkD;AAClD,uDAA8C;AAC9C,+CAAwD;AAOxD,kDAAgD;AAChD,2CAAiC;AAGjC,MAAM,YAAY,GAAG,KAAK,CAAC;AAEd,QAAA,2BAA2B,GACtC,sCAAsC,CAAC;AAC5B,QAAA,uBAAuB,GAAG,wBAAwB,CAAC;AACnD,QAAA,2BAA2B,GACtC,wCAAwC,CAAC;AAE3C,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACnE,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC/D,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAE1E,MAAM,0BAA0B,GAAG;IACjC,QAAQ;IACR,iBAAiB,EAAE,QAAQ;IAC3B,IAAI,EAAE,QAAQ;IACd,aAAa,EAAE,QAAQ;IACvB,MAAM;IACN,OAAO;CACR,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,MAAW,EACwC,EAAE,CACrD,MAAM,IAAI,0BAA0B,CAAC;AAEhC,MAAM,WAAW,GAAG,CAAI,KAAoB,EAAE,EAAE,CACrD,KAAK;KACF,mBAAmB,CAAC,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC;KACxD,IAAI,CAAC,KAAK,CAAC,CAAC,4HAA4H;KACxI,MAAM,CAAC,MAAM,EAAE;IACd,KAAK,EAAE,GAAG;IACV,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,sCAAsC;CACjD,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC,CAAC;AAdM,QAAA,WAAW,eAcjB;AAEP,MAAM,cAAc,GAAG,CACrB,QAAgB,EAChB,SAAiB,EACjB,UAAmB,EACnB,EAAE;IACF,OAAA,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACpC,IAAI,UAAU;YACZ,IAAA,cAAM,EAAC,2DAA2D,CAAC,CAAC;QACtE,IAAI,MAAM,GAA+B,SAAS,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,sBAAU,EAC5B,IAAA,eAAG,EAAC,KAAK,QAAQ,wBAAwB,SAAS,EAAE,CAAC,EACrD,CAAC,IAAI,EAAE,EAAE;YACP,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;YACxB,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE;gBAC7B,IAAI,MAAM;oBAAE,YAAY,CAAC,MAAM,CAAC,CAAC;gBACjC,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;gBAChB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;gBAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK;oBAC7B,CAAC,CAAC,GAAG,OAAO,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE;oBACrC,CAAC,CAAC,OAAO,CAAC;gBACZ,IAAI,IAAI,KAAK,CAAC,IAAI,UAAU;oBAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC;gBACnD,OAAO,CAAC,IAAI,CAAC,CAAC;aACf;QACH,CAAC,CACF,CAAC;QACF,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE;YACvB,WAAW,aAAX,WAAW,uBAAX,WAAW,EAAI,CAAC;YAChB,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;YAC1D,OAAO,CAAC,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,YAAY,CAAC,CAAC;IACnB,CAAC,CAAC,CAAA;EAAA,CAAC;AAEE,MAAM,OAAO,GAClB,CAAC,OAA4B,EAAE,EAAE,CACjC,CACE,IAGE,EACF,KAAa,EACb,OAGC,EACwC,EAAE;IAC3C,MAAM,aAAa,GAAG,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,CAAC,MAAM,IAAA,mBAAY,GAAE,CAAC,CAAC;IACtD,MAAM,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC;IACzC,MAAM,aAAa,GAAG,CAAC,OAAgB,EAAE,EAAE;QACzC,QAAQ,OAAO,EAAE;YACf,KAAK,mBAAmB;gBACtB,OAAO,2BAA2B,CAAC;YACrC;gBACE,OAAO,mBAAmB,CAAC;SAC9B;IACH,CAAC,CAAC;IAEF,MAAM,mBAAmB,GAAG,IAAA,kBAAY,EACtC,aAAa,EACb,IAAI,EACJ,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAC7B,CAAC;IAEF,MAAM,IAAI,GACR,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,KAAI,OAAO;QACzB,CAAC,CAAC,MAAM,IAAA,iBAAS,EAAC,aAAa,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,EAAE,mBAAmB,CAAC;QACvE,CAAC,CAAC,MAAM,mBAAmB,CAAC;IAEhC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,SAAS,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE;QACxD,MAAM,UAAU,GACd,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;YACjB,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,KAAK;YAC1B,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,mBAAmB;gBACvC,CAAC,IAAI,CAAC,aAAa;gBACnB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxB,IAAI,UAAU;YAAE,IAAA,cAAM,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,IAAI,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE;YACnD,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,CAAC,IAAI,CAAC,QAAQ,EAC5B,EAAE,EACF,UAAU,CACX,CAAC;YACF,IAAI,IAAI,EAAE;gBACR,gBAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACf,OAAO,SAAS,CAAC;aAClB;YACD,OAAO,IAAI,CAAC;SACb;;YAAM,OAAO,SAAS,CAAC;KACzB;SAAM;QACL,MAAM,IAAI,CAAC;KACZ;AACH,CAAC,CAAA,CAAC;AA3DS,QAAA,OAAO,WA2DhB;AAEG,MAAM,gBAAgB,GAAG,CAC9B,IAGE,EACF,KAAY,EACZ,EAAE;IACF,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;YACrD,OAAO,EAAE,mBAAmB;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE;YACb,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;YAChD,OAAO;SACR;QAED,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;QAEvC,IAAA,cAAM,EACJ,CAAC,aAAa,CAAC,CAAC,CAAC,mCAA2B,CAAC,CAAC,CAAC,+BAAuB,CACvE,CAAC;QACF,MAAM,IAAA,sBAAmB,EAAgB,KAAK,EAAE,EAAE,CAAC,CAAC;KACrD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,KAAK,mCAA2B,EAAE;YACzC,IAAA,cAAM,EAAC,+BAAuB,CAAC,CAAC;SACjC;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA9BW,QAAA,gBAAgB,oBA8B3B"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const main: () => void
|
|
1
|
+
export declare const main: () => Promise<void>;
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
2
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
12
|
exports.main = void 0;
|
|
4
13
|
/** Copyright © 2024-present P0 Security
|
|
@@ -12,13 +21,15 @@ This file is part of @p0security/cli
|
|
|
12
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
13
22
|
**/
|
|
14
23
|
const commands_1 = require("./commands");
|
|
24
|
+
const firestore_1 = require("./drivers/firestore");
|
|
15
25
|
const lodash_1 = require("lodash");
|
|
16
|
-
const main = () => {
|
|
26
|
+
const main = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
27
|
+
yield (0, firestore_1.initializeFirebase)();
|
|
17
28
|
// We can suppress output here, as .fail() already print2 errors
|
|
18
29
|
void commands_1.cli.parse().catch(lodash_1.noop);
|
|
19
|
-
};
|
|
30
|
+
});
|
|
20
31
|
exports.main = main;
|
|
21
32
|
if (require.main === module) {
|
|
22
|
-
(0, exports.main)();
|
|
33
|
+
void (0, exports.main)();
|
|
23
34
|
}
|
|
24
35
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,yCAAiC;AACjC,mDAAyD;AACzD,mCAA8B;AAEvB,MAAM,IAAI,GAAG,GAAS,EAAE;IAC7B,MAAM,IAAA,8BAAkB,GAAE,CAAC;IAE3B,gEAAgE;IAChE,KAAM,cAAG,CAAC,KAAK,EAAU,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;AACxC,CAAC,CAAA,CAAC;AALW,QAAA,IAAI,QAKf;AAEF,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,KAAK,IAAA,YAAI,GAAE,CAAC;CACb"}
|
|
@@ -1,4 +1,13 @@
|
|
|
1
1
|
import { Authn } from "../../types/identity";
|
|
2
|
+
export declare const getFirstAwsConfig: (authn: Authn) => Promise<{
|
|
3
|
+
identity: import("../../types/identity").Identity;
|
|
4
|
+
config: {
|
|
5
|
+
label?: string | undefined;
|
|
6
|
+
state: string;
|
|
7
|
+
login?: import("./types").AwsLogin | undefined;
|
|
8
|
+
id: string;
|
|
9
|
+
};
|
|
10
|
+
}>;
|
|
2
11
|
export declare const getAwsConfig: (authn: Authn, account: string | undefined) => Promise<{
|
|
3
12
|
identity: import("../../types/identity").Identity;
|
|
4
13
|
config: {
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.getAwsConfig = void 0;
|
|
12
|
+
exports.getAwsConfig = exports.getFirstAwsConfig = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -23,13 +23,24 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
23
23
|
const firestore_1 = require("../../drivers/firestore");
|
|
24
24
|
const firestore_2 = require("firebase/firestore");
|
|
25
25
|
const lodash_1 = require("lodash");
|
|
26
|
-
const
|
|
26
|
+
const getFirstAwsConfig = (authn) => __awaiter(void 0, void 0, void 0, function* () {
|
|
27
27
|
var _a;
|
|
28
28
|
const { identity } = authn;
|
|
29
29
|
const snapshot = yield (0, firestore_2.getDoc)((0, firestore_1.doc)(`o/${identity.org.tenantId}/integrations/aws`));
|
|
30
30
|
const config = snapshot.data();
|
|
31
|
+
const item = Object.entries((_a = config === null || config === void 0 ? void 0 : config["iam-write"]) !== null && _a !== void 0 ? _a : {}).find(([_id, { state }]) => state === "installed");
|
|
32
|
+
if (!item)
|
|
33
|
+
throw `P0 is not installed on any AWS account`;
|
|
34
|
+
return { identity, config: Object.assign({ id: item[0] }, item[1]) };
|
|
35
|
+
});
|
|
36
|
+
exports.getFirstAwsConfig = getFirstAwsConfig;
|
|
37
|
+
const getAwsConfig = (authn, account) => __awaiter(void 0, void 0, void 0, function* () {
|
|
38
|
+
var _b;
|
|
39
|
+
const { identity } = authn;
|
|
40
|
+
const snapshot = yield (0, firestore_2.getDoc)((0, firestore_1.doc)(`o/${identity.org.tenantId}/integrations/aws`));
|
|
41
|
+
const config = snapshot.data();
|
|
31
42
|
// TODO: Support alias lookup
|
|
32
|
-
const allItems = (0, lodash_1.sortBy)(Object.entries((
|
|
43
|
+
const allItems = (0, lodash_1.sortBy)(Object.entries((_b = config === null || config === void 0 ? void 0 : config["iam-write"]) !== null && _b !== void 0 ? _b : {}).filter(([, { state }]) => state === "installed"), ([id]) => id);
|
|
33
44
|
const item = account
|
|
34
45
|
? allItems.find(([id, { label }]) => id === account || label === account)
|
|
35
46
|
: allItems.length !== 1
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/plugins/aws/config.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,uDAA8C;AAG9C,kDAA4C;AAC5C,mCAAgC;AAEzB,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,OAA2B,EAC3B,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAM,EAC3B,IAAA,eAAG,EAAC,KAAK,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACnD,CAAC;IACF,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAA,eAAM,EACrB,MAAM,CAAC,OAAO,CAAC,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,WAAW,CACzC,EACD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CACb,CAAC;IACF,MAAM,IAAI,GAAG,OAAO;QAClB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,OAAO,IAAI,KAAK,KAAK,OAAO,CAAC;QACzE,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YACrB,CAAC,CAAC,CAAC,GAAG,EAAE;gBACJ,MAAM,2EAA2E,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/I,CAAC,CAAC,EAAE;YACN,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClB,IAAI,CAAC,IAAI;QAAE,MAAM,sCAAsC,OAAO,EAAE,CAAC;IACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAI,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,IAAK,IAAI,CAAC,CAAC,CAAC,CAAE,EAAE,CAAC;AAC3D,CAAC,CAAA,CAAC;AAzBW,QAAA,YAAY,gBAyBvB"}
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/plugins/aws/config.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,uDAA8C;AAG9C,kDAA4C;AAC5C,mCAAgC;AAEzB,MAAM,iBAAiB,GAAG,CAAO,KAAY,EAAE,EAAE;;IACtD,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAM,EAC3B,IAAA,eAAG,EAAC,KAAK,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACnD,CAAC;IACF,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,WAAW,CAC5C,CAAC;IAEF,IAAI,CAAC,IAAI;QAAE,MAAM,wCAAwC,CAAC;IAE1D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAI,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,IAAK,IAAI,CAAC,CAAC,CAAC,CAAE,EAAE,CAAC;AAC3D,CAAC,CAAA,CAAC;AAdW,QAAA,iBAAiB,qBAc5B;AAEK,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,OAA2B,EAC3B,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAM,EAC3B,IAAA,eAAG,EAAC,KAAK,QAAQ,CAAC,GAAG,CAAC,QAAQ,mBAAmB,CAAC,CACnD,CAAC;IACF,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAA,eAAM,EACrB,MAAM,CAAC,OAAO,CAAC,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAG,WAAW,CAAC,mCAAI,EAAE,CAAC,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,WAAW,CACzC,EACD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CACb,CAAC;IACF,MAAM,IAAI,GAAG,OAAO;QAClB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,OAAO,IAAI,KAAK,KAAK,OAAO,CAAC;QACzE,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YACrB,CAAC,CAAC,CAAC,GAAG,EAAE;gBACJ,MAAM,2EAA2E,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/I,CAAC,CAAC,EAAE;YACN,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClB,IAAI,CAAC,IAAI;QAAE,MAAM,sCAAsC,OAAO,EAAE,CAAC;IACjE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAI,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,IAAK,IAAI,CAAC,CAAC,CAAC,CAAE,EAAE,CAAC;AAC3D,CAAC,CAAA,CAAC;AAzBW,QAAA,YAAY,gBAyBvB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/aws/idc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAyD;AACzD,iDAAuD;AACvD,gDAA+C;AAO/C,4CAAgE;AAGhE,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC7B,MAAM,IAAI,GAAG,EAAE,GAAG,KAAK,CAAC;AAExB,MAAM,gBAAgB,GAAG,CAAC,GAAG,KAAK,CAAC;AACnC,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,oCAAoC;AAC/E,MAAM,cAAc,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEvC,MAAM,cAAc,GAAG,CAC5B,MAAc,EACiB,EAAE;IACjC,OAAA,MAAM,IAAA,aAAM,EACV,gBAAgB,EAChB,GAAwC,EAAE;QACxC,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO;gBACnB,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,CAAC,yBAAiB,CAAC;gBAC/B,MAAM,EAAE,cAAc;aACvB,CAAC;SACH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,gBAAgB,MAAM,gCAAgC,EACtD,IAAI,CACL,CAAC;QACF,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,uBAAuB,EAAE,EACrC,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,qBAAqB;QACxB,CAAC,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,GAAG,EAAE;QACzC,CAAC,CAAC,IAAI,CACX,CAAA;EAAA,CAAC;AA1BS,QAAA,cAAc,kBA0BvB;AAEJ,MAAM,aAAa,GAAG,CACpB,iBAA6D,EAC7D,GAAmC,EACnC,EAAE;IACF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,iBAAiB,CAAC;IACrD,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAE3B,MAAM,yBAAyB,GAAG,GAAG,EAAE,CAAC,CAAC;QACvC,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ;gBACR,YAAY;gBACZ,QAAQ,EAAE,WAAW,EAAE,oBAAoB;aAC5C,CAAC;SACH;QACD,GAAG,EAAE,gBAAgB,MAAM,qCAAqC;KACjE,CAAC,CAAC;IACH,MAAM,oBAAoB,GAAG,CAAC,iBAAuC,EAAE,EAAE,CAAC,CAAC;QACzE,GAAG,EAAE,gBAAgB,MAAM,sBAAsB;QACjD,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ;gBACR,YAAY;gBACZ,UAAU,EAAE,iBAAiB,CAAC,UAAU;gBACxC,SAAS,EAAE,yBAAiB;aAC7B,CAAC;SACH;KACF,CAAC,CAAC;IACH;;;;;OAKG;IACH,MAAM,yBAAyB,GAAG,CAChC,YAA8B,EAC9B,OAAsD,EACtD,EAAE;QACF,gHAAgH;QAChH,gGAAgG;QAEhG,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,IAAI,GAAG;gBACX,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,wBAAwB,EAAE,YAAY,CAAC,WAAW;iBACnD;aACF,CAAC;YACF,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;YAC7C,IAAI,SAAS,KAAK,SAAS;gBACzB,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;YAEJ,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,sBAAsB,MAAM,yCAAyC,MAAM,CAAC,QAAQ,EAAE,EAAE,EACxF,IAAI,CACL,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACd,MAAM,IAAI,KAAK,CACb,oCAAoC,QAAQ,CAAC,UAAU,KAAK,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CACpF,CAAC;YACJ,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC,CAAA,EACD,GAAG,EAAE,CAAC,IAAI,EACV,CAAC,CACF,CAAC;IACJ,CAAC,CAAA,CAAC;IAEF,OAAO;QACL,UAAU,EAAE;YACV,YAAY,EAAE,UAAU;YACxB,gBAAgB,EAAhB,wBAAgB;YAChB,qBAAqB,EAAE,yBAAyB;YAChD,iBAAiB,EAAE,oBAAoB;YACvC,kBAAkB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBAClC,UAAU,EAAE,SAAS,CAAC,SAAS;gBAC/B,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAC;YACF,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,SAAS,CAAC,QAAQ;gBAC7B,yBAAyB,EAAE,SAAS,CAAC,uBAAuB;aAC7D,CAAC;SACqC;QACzC,yBAAyB;KAC1B,CAAC;AACJ,CAAC,CAAC;AAEF;;;;GAIG;AACI,MAAM,iBAAiB,GAAG,CAAO,IAIvC,EAA2B,EAAE;IAC5B,OAAA,MAAM,IAAA,aAAM,EACV,WAAW,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,EACjD,GAAS,EAAE;QACT,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;QACvB,MAAM,aAAa,GAAG,MAAM,IAAA,sBAAc,EAAC,MAAM,CAAC,CAAC;QAEnD,MAAM,EAAE,UAAU,EAAE,yBAAyB,EAAE,GAAG,aAAa,CAC7D,aAAa,EACb,GAAG,CACJ,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,IAAA,aAAM,EAC/B,8BAA8B,EAC9B,GAAS,EAAE;YACT,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAS,EAC1B,UAAU,CACX,CAAC;YACF,uCAAY,IAAI,KAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,GAAG,GAAG,IAAG;QACnE,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,gBAAgB,EAAE,EAC9B,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAChE,CAAC;QAEF,MAAM,WAAW,GAAG,MAAM,yBAAyB,CAAC,YAAY,EAAE;YAChE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/aws/idc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAyD;AACzD,iDAAuD;AACvD,gDAA+C;AAO/C,4CAAgE;AAGhE,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC7B,MAAM,IAAI,GAAG,EAAE,GAAG,KAAK,CAAC;AAExB,MAAM,gBAAgB,GAAG,CAAC,GAAG,KAAK,CAAC;AACnC,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,oCAAoC;AAC/E,MAAM,cAAc,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEvC,MAAM,cAAc,GAAG,CAC5B,MAAc,EACiB,EAAE;IACjC,OAAA,MAAM,IAAA,aAAM,EACV,gBAAgB,EAChB,GAAwC,EAAE;QACxC,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,OAAO;gBACnB,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,CAAC,yBAAiB,CAAC;gBAC/B,MAAM,EAAE,cAAc;aACvB,CAAC;SACH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,gBAAgB,MAAM,gCAAgC,EACtD,IAAI,CACL,CAAC;QACF,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,uBAAuB,EAAE,EACrC,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,qBAAqB;QACxB,CAAC,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,GAAG,EAAE;QACzC,CAAC,CAAC,IAAI,CACX,CAAA;EAAA,CAAC;AA1BS,QAAA,cAAc,kBA0BvB;AAEJ,MAAM,aAAa,GAAG,CACpB,iBAA6D,EAC7D,GAAmC,EACnC,EAAE;IACF,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,iBAAiB,CAAC;IACrD,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAE3B,MAAM,yBAAyB,GAAG,GAAG,EAAE,CAAC,CAAC;QACvC,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ;gBACR,YAAY;gBACZ,QAAQ,EAAE,WAAW,EAAE,oBAAoB;aAC5C,CAAC;SACH;QACD,GAAG,EAAE,gBAAgB,MAAM,qCAAqC;KACjE,CAAC,CAAC;IACH,MAAM,oBAAoB,GAAG,CAAC,iBAAuC,EAAE,EAAE,CAAC,CAAC;QACzE,GAAG,EAAE,gBAAgB,MAAM,sBAAsB;QACjD,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,QAAQ;gBACR,YAAY;gBACZ,UAAU,EAAE,iBAAiB,CAAC,UAAU;gBACxC,SAAS,EAAE,yBAAiB;aAC7B,CAAC;SACH;KACF,CAAC,CAAC;IACH;;;;;OAKG;IACH,MAAM,yBAAyB,GAAG,CAChC,YAA8B,EAC9B,OAAsD,EACtD,EAAE;QACF,gHAAgH;QAChH,gGAAgG;QAEhG,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,IAAI,GAAG;gBACX,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,wBAAwB,EAAE,YAAY,CAAC,WAAW;iBACnD;aACF,CAAC;YACF,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;YAC7C,IAAI,SAAS,KAAK,SAAS;gBACzB,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;YAEJ,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,sBAAsB,MAAM,yCAAyC,MAAM,CAAC,QAAQ,EAAE,EAAE,EACxF,IAAI,CACL,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACd,MAAM,IAAI,KAAK,CACb,oCAAoC,QAAQ,CAAC,UAAU,KAAK,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CACpF,CAAC;YACJ,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC,CAAA,EACD,GAAG,EAAE,CAAC,IAAI,EACV,CAAC,CACF,CAAC;IACJ,CAAC,CAAA,CAAC;IAEF,OAAO;QACL,UAAU,EAAE;YACV,YAAY,EAAE,UAAU;YACxB,gBAAgB,EAAhB,wBAAgB;YAChB,qBAAqB,EAAE,yBAAyB;YAChD,iBAAiB,EAAE,oBAAoB;YACvC,kBAAkB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBAClC,UAAU,EAAE,SAAS,CAAC,SAAS;gBAC/B,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAC;YACF,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,SAAS,CAAC,QAAQ;gBAC7B,yBAAyB,EAAE,SAAS,CAAC,uBAAuB;aAC7D,CAAC;SACqC;QACzC,yBAAyB;KAC1B,CAAC;AACJ,CAAC,CAAC;AAEF;;;;GAIG;AACI,MAAM,iBAAiB,GAAG,CAAO,IAIvC,EAA2B,EAAE;IAC5B,OAAA,MAAM,IAAA,aAAM,EACV,WAAW,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,EAAE,EACjD,GAAS,EAAE;QACT,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;QACvB,MAAM,aAAa,GAAG,MAAM,IAAA,sBAAc,EAAC,MAAM,CAAC,CAAC;QAEnD,MAAM,EAAE,UAAU,EAAE,yBAAyB,EAAE,GAAG,aAAa,CAC7D,aAAa,EACb,GAAG,CACJ,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,IAAA,aAAM,EAC/B,8BAA8B,EAC9B,GAAS,EAAE;YACT,MAAM,IAAI,GAAG,MAAM,IAAA,iBAAS,EAC1B,UAAU,CACX,CAAC;YACF,uCAAY,IAAI,KAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,GAAG,GAAG,IAAG;QACnE,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,gBAAgB,EAAE,EAC9B,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAChE,CAAC;QAEF,MAAM,WAAW,GAAG,MAAM,yBAAyB,CAAC,YAAY,EAAE;YAChE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;QAEH,OAAO;YACL,iBAAiB,EAAE,WAAW,CAAC,eAAe,CAAC,WAAW;YAC1D,qBAAqB,EAAE,WAAW,CAAC,eAAe,CAAC,eAAe;YAClE,iBAAiB,EAAE,WAAW,CAAC,eAAe,CAAC,YAAY;YAC3D,kBAAkB,EAAE,WAAW,CAAC,eAAe,CAAC,YAAY;YAC5D,SAAS,EAAE,WAAW,CAAC,eAAe,CAAC,UAAU;SAClD,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,gBAAgB,EAAE,EAC9B,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAChE,CAAA;EAAA,CAAC;AA5CS,QAAA,iBAAiB,qBA4C1B"}
|
package/dist/plugins/okta/aws.js
CHANGED
|
@@ -20,13 +20,49 @@ This file is part of @p0security/cli
|
|
|
20
20
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
|
-
const
|
|
23
|
+
const xml_1 = require("../../common/xml");
|
|
24
24
|
const auth_1 = require("../../drivers/auth");
|
|
25
25
|
const assumeRole_1 = require("../aws/assumeRole");
|
|
26
|
+
const config_1 = require("../aws/config");
|
|
27
|
+
const login_1 = require("./login");
|
|
28
|
+
const lodash_1 = require("lodash");
|
|
29
|
+
/** Extracts all roles from a SAML assertion */
|
|
30
|
+
const rolesFromSaml = (account, saml) => {
|
|
31
|
+
var _a;
|
|
32
|
+
const samlText = Buffer.from(saml, "base64").toString("ascii");
|
|
33
|
+
const samlObject = (0, xml_1.parseXml)(samlText);
|
|
34
|
+
const samlAttributes = samlObject["saml2p:Response"]["saml2:Assertion"]["saml2:AttributeStatement"]["saml2:Attribute"];
|
|
35
|
+
const roleAttribute = samlAttributes.find((a) => a._attributes.Name === "https://aws.amazon.com/SAML/Attributes/Role");
|
|
36
|
+
// Format:
|
|
37
|
+
// 'arn:aws:iam::391052057035:saml-provider/p0dev-ext_okta_sso,arn:aws:iam::391052057035:role/path/to/role/SSOAmazonS3FullAccess'
|
|
38
|
+
const arns = (_a = (0, lodash_1.flatten)([roleAttribute === null || roleAttribute === void 0 ? void 0 : roleAttribute["saml2:AttributeValue"]])) === null || _a === void 0 ? void 0 : _a.map((r) => r.split(",")[1]);
|
|
39
|
+
const roles = arns
|
|
40
|
+
.filter((r) => r.startsWith(`arn:aws:iam::${account}:role/`))
|
|
41
|
+
.map((r) => r.split("/").slice(1).join("/"));
|
|
42
|
+
return { arns, roles };
|
|
43
|
+
};
|
|
44
|
+
const isFederatedLogin = (config) => { var _a; return ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "federated"; };
|
|
45
|
+
/** Retrieves the configured Okta SAML response for the specified account
|
|
46
|
+
*
|
|
47
|
+
* If no account is passed, and the organization only has one account configured,
|
|
48
|
+
* assumes that account.
|
|
49
|
+
*/
|
|
50
|
+
const initOktaSaml = (authn, account) => __awaiter(void 0, void 0, void 0, function* () {
|
|
51
|
+
var _a;
|
|
52
|
+
const { identity, config } = yield (0, config_1.getAwsConfig)(authn, account);
|
|
53
|
+
if (!isFederatedLogin(config))
|
|
54
|
+
throw `Account ${(_a = config.label) !== null && _a !== void 0 ? _a : config.id} is not configured for Okta SAML login.`;
|
|
55
|
+
const samlResponse = yield (0, login_1.getSamlResponse)(identity, config.login);
|
|
56
|
+
return {
|
|
57
|
+
samlResponse,
|
|
58
|
+
config,
|
|
59
|
+
account: config.id,
|
|
60
|
+
};
|
|
61
|
+
});
|
|
26
62
|
const assumeRoleWithOktaSaml = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
27
63
|
return yield (0, auth_1.cached)(`aws-okta-${args.accountId}-${args.role}`, () => __awaiter(void 0, void 0, void 0, function* () {
|
|
28
|
-
const { account, config, samlResponse } = yield
|
|
29
|
-
const { roles } =
|
|
64
|
+
const { account, config, samlResponse } = yield initOktaSaml(authn, args.accountId);
|
|
65
|
+
const { roles } = rolesFromSaml(account, samlResponse);
|
|
30
66
|
if (!roles.includes(args.role))
|
|
31
67
|
throw `Role ${args.role} not available. Available roles:\n${roles.map((r) => ` ${r}`).join("\n")}`;
|
|
32
68
|
return yield (0, assumeRole_1.assumeRoleWithSaml)({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAA0C;AAC1C,mCAAiC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CAAO,KAAY,EAAE,OAA2B,EAAE,EAAE;;IACvE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAChE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,uBAAe,EAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,CACf,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtG,OAAO,MAAM,IAAA,+BAAkB,EAAC;YAC9B,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE;gBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;gBACpD,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAC;IACL,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAxBS,QAAA,sBAAsB,0BAwB/B"}
|