@p0security/cli 0.19.8 → 0.19.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/commands/scp.js +7 -1
- package/build/dist/commands/scp.js.map +1 -1
- package/build/dist/commands/ssh.js +7 -1
- package/build/dist/commands/ssh.js.map +1 -1
- package/build/dist/common/auth/server.d.ts +1 -1
- package/build/dist/common/auth/server.js +29 -9
- package/build/dist/common/auth/server.js.map +1 -1
- package/build/dist/common/fetch.d.ts +1 -3
- package/build/dist/common/fetch.js +1 -3
- package/build/dist/common/fetch.js.map +1 -1
- package/build/dist/drivers/config.d.ts +1 -0
- package/build/dist/drivers/config.js +8 -1
- package/build/dist/drivers/config.js.map +1 -1
- package/build/dist/drivers/env.js +2 -0
- package/build/dist/drivers/env.js.map +1 -1
- package/build/dist/middlewares/version.js +7 -0
- package/build/dist/middlewares/version.js.map +1 -1
- package/build/dist/plugins/okta/aws.js +36 -11
- package/build/dist/plugins/okta/aws.js.map +1 -1
- package/build/dist/plugins/okta/login.d.ts +20 -2
- package/build/dist/plugins/okta/login.js +42 -6
- package/build/dist/plugins/okta/login.js.map +1 -1
- package/build/dist/plugins/ssh/index.js +8 -39
- package/build/dist/plugins/ssh/index.js.map +1 -1
- package/build/dist/types/org.d.ts +1 -0
- package/build/dist/version.js +1 -1
- package/build/dist/version.js.map +1 -1
- package/build/tsconfig.build.tsbuildinfo +1 -0
- package/package.json +14 -10
- package/build/dist/commands/__tests__/grant.test.d.ts +0 -1
- package/build/dist/commands/__tests__/grant.test.js +0 -56
- package/build/dist/commands/__tests__/grant.test.js.map +0 -1
- package/build/dist/commands/__tests__/login.test.d.ts +0 -1
- package/build/dist/commands/__tests__/login.test.js +0 -204
- package/build/dist/commands/__tests__/login.test.js.map +0 -1
- package/build/dist/commands/__tests__/ls.test.d.ts +0 -1
- package/build/dist/commands/__tests__/ls.test.js +0 -86
- package/build/dist/commands/__tests__/ls.test.js.map +0 -1
- package/build/dist/commands/__tests__/request.test.d.ts +0 -1
- package/build/dist/commands/__tests__/request.test.js +0 -150
- package/build/dist/commands/__tests__/request.test.js.map +0 -1
- package/build/dist/commands/__tests__/ssh.test.d.ts +0 -1
- package/build/dist/commands/__tests__/ssh.test.js +0 -181
- package/build/dist/commands/__tests__/ssh.test.js.map +0 -1
- package/build/dist/commands/aws/__tests__/__input__/saml-response.d.ts +0 -11
- package/build/dist/commands/aws/__tests__/__input__/saml-response.js +0 -19
- package/build/dist/commands/aws/__tests__/__input__/saml-response.js.map +0 -1
- package/build/dist/commands/aws/__tests__/__input__/sts-response.d.ts +0 -11
- package/build/dist/commands/aws/__tests__/__input__/sts-response.js +0 -38
- package/build/dist/commands/aws/__tests__/__input__/sts-response.js.map +0 -1
- package/build/dist/commands/aws/__tests__/role.test.d.ts +0 -1
- package/build/dist/commands/aws/__tests__/role.test.js +0 -103
- package/build/dist/commands/aws/__tests__/role.test.js.map +0 -1
- package/build/dist/common/__mocks__/keys.d.ts +0 -15
- package/build/dist/common/__mocks__/keys.js +0 -23
- package/build/dist/common/__mocks__/keys.js.map +0 -1
- package/build/dist/drivers/__mocks__/stdio.d.ts +0 -14
- package/build/dist/drivers/__mocks__/stdio.js +0 -26
- package/build/dist/drivers/__mocks__/stdio.js.map +0 -1
- package/build/dist/drivers/__tests__/api.test.d.ts +0 -1
- package/build/dist/drivers/__tests__/api.test.js +0 -688
- package/build/dist/drivers/__tests__/api.test.js.map +0 -1
- package/build/dist/drivers/auth/__mocks__/index.d.ts +0 -30
- package/build/dist/drivers/auth/__mocks__/index.js +0 -47
- package/build/dist/drivers/auth/__mocks__/index.js.map +0 -1
- package/build/dist/plugins/__mocks__/login.d.ts +0 -14
- package/build/dist/plugins/__mocks__/login.js +0 -25
- package/build/dist/plugins/__mocks__/login.js.map +0 -1
- package/build/dist/plugins/aws/__mocks__/assumeRole.d.ts +0 -12
- package/build/dist/plugins/aws/__mocks__/assumeRole.js +0 -22
- package/build/dist/plugins/aws/__mocks__/assumeRole.js.map +0 -1
- package/build/dist/plugins/aws/__tests__/utils.test.d.ts +0 -1
- package/build/dist/plugins/aws/__tests__/utils.test.js +0 -82
- package/build/dist/plugins/aws/__tests__/utils.test.js.map +0 -1
- package/build/tsconfig.tsbuildinfo +0 -1
|
@@ -89,7 +89,7 @@ const scpAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
89
89
|
const { request, requestId, privateKey, sshProvider, sshHostKeys } = yield (0, ssh_3.prepareRequest)(authn, args, host);
|
|
90
90
|
// replace the host with the linuxUserName@instanceId
|
|
91
91
|
const { source, destination } = replaceHostWithInstance(request, args);
|
|
92
|
-
yield (0, ssh_1.sshOrScp)({
|
|
92
|
+
const exitCode = yield (0, ssh_1.sshOrScp)({
|
|
93
93
|
authn,
|
|
94
94
|
request,
|
|
95
95
|
requestId,
|
|
@@ -99,6 +99,12 @@ const scpAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
99
99
|
sshProvider,
|
|
100
100
|
sshHostKeys,
|
|
101
101
|
});
|
|
102
|
+
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
103
|
+
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
104
|
+
// Skip in tests to avoid killing the test runner
|
|
105
|
+
if (process.env.NODE_ENV !== "unit") {
|
|
106
|
+
process.exit(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
107
|
+
}
|
|
102
108
|
});
|
|
103
109
|
/** If a path is not explicitly local, use this pattern to determine if it's remote */
|
|
104
110
|
const REMOTE_PATTERN_COLON = /^([^:]+:)(.*)$/; // Matches host:[path]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,sCAAiE;AACjE,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,4BAA4B;AAC5B,6DAA6D;AAC7D,mDAAmD,EACnD,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,8CAA8C;CACzD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,2BAAqB;CAC/B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,8CAA8C,CAAC;IACtD,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;sGAE4F,CAC7F,EAEL,SAAS,CACV,CAAC;AAlDS,QAAA,UAAU,cAkDnB;AAEJ;;;GAGG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9D,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,gEAAgE,CAAC;KACxE;IAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE1C,qDAAqD;IACrD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvE,MAAM,IAAA,cAAQ,EAAC;
|
|
1
|
+
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,sCAAiE;AACjE,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,4BAA4B;AAC5B,6DAA6D;AAC7D,mDAAmD,EACnD,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,8CAA8C;CACzD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,2BAAqB;CAC/B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,8CAA8C,CAAC;IACtD,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;sGAE4F,CAC7F,EAEL,SAAS,CACV,CAAC;AAlDS,QAAA,UAAU,cAkDnB;AAEJ;;;GAGG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAE9D,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,gEAAgE,CAAC;KACxE;IAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE1C,qDAAqD;IACrD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,MAAM,IAAA,cAAQ,EAAC;QAC9B,KAAK;QACL,OAAO;QACP,SAAS;QACT,OAAO,kCACF,IAAI,KACP,MAAM;YACN,WAAW,GACZ;QACD,UAAU;QACV,WAAW;QACX,WAAW;KACZ,CAAC,CAAC;IAEH,+FAA+F;IAC/F,yFAAyF;IACzF,iDAAiD;IACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;QACnC,OAAO,CAAC,IAAI,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,CAAC,CAAC,CAAC;KAC7B;AACH,CAAC,CAAA,CAAC;AAEF,sFAAsF;AACtF,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,CAAC,sBAAsB;AAErE,gFAAgF;AAChF,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAW,EAAE;IACnD,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,WAAmB,EAAE,EAAE;IAChE,6FAA6F;IAC7F,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC;IAErD,IAAI,cAAc,IAAI,mBAAmB,EAAE;QACzC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7B;IAED,6DAA6D;IAC7D,MAAM,0DAA0D,CAAC;AACnE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,MAAkB,EAAE,IAAoB,EAAE,EAAE;IAC3E,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAEnC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACzE;IAED,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACnF;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC,CAAC"}
|
|
@@ -92,7 +92,7 @@ const sshAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
92
92
|
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
93
93
|
}
|
|
94
94
|
const { request, requestId, privateKey, sshProvider, sshHostKeys } = yield (0, ssh_2.prepareRequest)(authn, args, args.destination);
|
|
95
|
-
yield (0, ssh_1.sshOrScp)({
|
|
95
|
+
const exitCode = yield (0, ssh_1.sshOrScp)({
|
|
96
96
|
authn,
|
|
97
97
|
request,
|
|
98
98
|
requestId,
|
|
@@ -101,5 +101,11 @@ const sshAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
101
101
|
sshProvider,
|
|
102
102
|
sshHostKeys,
|
|
103
103
|
});
|
|
104
|
+
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
105
|
+
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
106
|
+
// Skip in tests to avoid killing the test runner
|
|
107
|
+
if (process.env.NODE_ENV !== "unit") {
|
|
108
|
+
process.exit(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
109
|
+
}
|
|
104
110
|
});
|
|
105
111
|
//# sourceMappingURL=ssh.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,kCAAqC;AACrC,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,2CAA2C,EAC3C,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,UAAU,CAAC,SAAS,EAAE;IACrB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,2BAA2B;CACtC,CAAC;KACD,UAAU,CAAC,WAAW,EAAE;IACvB,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;IACF,8BAA8B;KAC7B,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;CACnD,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,gEAAgE,CAAC;IACxE,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;;;MAIJ,IAAA,iBAAU,GAAE,8FAA8F,CACvG,EAEL,SAAS,CACV,CAAC;AAzDS,QAAA,UAAU,cAyDnB;AAEJ;;;;;;GAMG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,0FAA0F;IAC1F,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAEtD,MAAM,IAAA,cAAQ,EAAC;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,kCAAqC;AACrC,sCAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,2CAA2C,EAC3C,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,UAAU,CAAC,SAAS,EAAE;IACrB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,2BAA2B;CACtC,CAAC;KACD,UAAU,CAAC,WAAW,EAAE;IACvB,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;IACF,8BAA8B;KAC7B,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;CACnD,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,gEAAgE,CAAC;IACxE,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;;;MAIJ,IAAA,iBAAU,GAAE,8FAA8F,CACvG,EAEL,SAAS,CACV,CAAC;AAzDS,QAAA,UAAU,cAyDnB;AAEJ;;;;;;GAMG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,0FAA0F;IAC1F,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QACxB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAE7B,uGAAuG;IACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;QACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;QACA,MAAM,wHAAwH,CAAC;KAChI;IAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,MAAM,IAAA,cAAQ,EAAC;QAC9B,KAAK;QACL,OAAO;QACP,SAAS;QACT,OAAO,EAAE,IAAI;QACb,UAAU;QACV,WAAW;QACX,WAAW;KACZ,CAAC,CAAC;IAEH,+FAA+F;IAC/F,yFAAyF;IACzF,iDAAiD;IACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;QACnC,OAAO,CAAC,IAAI,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,CAAC,CAAC,CAAC;KAC7B;AACH,CAAC,CAAA,CAAC"}
|
|
@@ -10,6 +10,6 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
10
10
|
**/
|
|
11
11
|
import http from "node:http";
|
|
12
12
|
/** Waits for an OIDC authorization redirect using a locally mounted server */
|
|
13
|
-
export declare const withRedirectServer: <S, T, U>(
|
|
13
|
+
export declare const withRedirectServer: <S, T, U>(beginAuth: (server: http.Server) => Promise<S>, completeAuth: (value: S, token: T) => Promise<U>, options?: {
|
|
14
14
|
port?: number;
|
|
15
15
|
}) => Promise<U>;
|
|
@@ -26,6 +26,7 @@ exports.withRedirectServer = void 0;
|
|
|
26
26
|
/** Implements a local auth server, which can receive auth tokens from an OIDC app */
|
|
27
27
|
const util_1 = require("../../util");
|
|
28
28
|
const express_1 = __importDefault(require("express"));
|
|
29
|
+
const lodash_1 = require("lodash");
|
|
29
30
|
const promises_1 = require("node:fs/promises");
|
|
30
31
|
const node_path_1 = require("node:path");
|
|
31
32
|
const node_sea_1 = require("node:sea");
|
|
@@ -54,7 +55,7 @@ const loadStaticAsset = (path) => __awaiter(void 0, void 0, void 0, function* ()
|
|
|
54
55
|
return bytes;
|
|
55
56
|
});
|
|
56
57
|
/** Waits for an OIDC authorization redirect using a locally mounted server */
|
|
57
|
-
const withRedirectServer = (
|
|
58
|
+
const withRedirectServer = (beginAuth, completeAuth, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
58
59
|
var _a;
|
|
59
60
|
const app = (0, express_1.default)();
|
|
60
61
|
let redirectResolve;
|
|
@@ -64,18 +65,15 @@ const withRedirectServer = (start, complete, options) => __awaiter(void 0, void
|
|
|
64
65
|
redirectResolve = resolve;
|
|
65
66
|
redirectReject = reject;
|
|
66
67
|
});
|
|
67
|
-
// load static assets
|
|
68
68
|
const pageBytes = yield loadStaticAsset(LANDING_HTML_PATH);
|
|
69
69
|
const faviconBytes = yield loadStaticAsset(FAVICON_PATH);
|
|
70
|
-
// handle favicon
|
|
71
70
|
app.get("/favicon.ico", (_, res) => {
|
|
72
71
|
pipeToResponse(faviconBytes, res, "image/x-icon");
|
|
73
72
|
});
|
|
74
|
-
// handle redirect
|
|
75
73
|
const redirectRouter = express_1.default.Router();
|
|
76
74
|
redirectRouter.get("/", (req, res) => {
|
|
77
75
|
const token = req.query;
|
|
78
|
-
|
|
76
|
+
completeAuth(value, token)
|
|
79
77
|
.then((result) => {
|
|
80
78
|
pipeToResponse(pageBytes, res, "text/html; charset=utf-8");
|
|
81
79
|
redirectResolve(result);
|
|
@@ -88,14 +86,36 @@ const withRedirectServer = (start, complete, options) => __awaiter(void 0, void
|
|
|
88
86
|
});
|
|
89
87
|
app.use(redirectRouter);
|
|
90
88
|
const server = app.listen((_a = options === null || options === void 0 ? void 0 : options.port) !== null && _a !== void 0 ? _a : 0);
|
|
89
|
+
// Set up cleanup handler for process interruption
|
|
90
|
+
const cleanup = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
91
|
+
yield (0, util_1.sleep)(SERVER_SHUTDOWN_WAIT_MILLIS);
|
|
92
|
+
server.closeAllConnections();
|
|
93
|
+
yield new Promise((resolve, reject) => {
|
|
94
|
+
server.close((err) => (err ? reject(err) : resolve()));
|
|
95
|
+
}).catch(lodash_1.noop);
|
|
96
|
+
});
|
|
97
|
+
// Register signal handlers to ensure cleanup on interruption
|
|
98
|
+
const signalHandler = () => {
|
|
99
|
+
void cleanup().finally(() => process.exit(0));
|
|
100
|
+
};
|
|
101
|
+
process.once("SIGINT", signalHandler);
|
|
102
|
+
process.once("SIGTERM", signalHandler);
|
|
103
|
+
// Wait for server to start listening or fail
|
|
104
|
+
yield new Promise((resolve, reject) => {
|
|
105
|
+
server.once("listening", () => resolve());
|
|
106
|
+
server.once("error", (error) => {
|
|
107
|
+
redirectReject(error);
|
|
108
|
+
reject(error);
|
|
109
|
+
});
|
|
110
|
+
});
|
|
91
111
|
try {
|
|
92
|
-
value = yield
|
|
112
|
+
value = yield beginAuth(server);
|
|
93
113
|
return yield redirectPromise;
|
|
94
114
|
}
|
|
95
115
|
finally {
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
116
|
+
process.removeListener("SIGINT", signalHandler);
|
|
117
|
+
process.removeListener("SIGTERM", signalHandler);
|
|
118
|
+
yield cleanup();
|
|
99
119
|
}
|
|
100
120
|
});
|
|
101
121
|
exports.withRedirectServer = withRedirectServer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/common/auth/server.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;AAEH,qFAAqF;AACrF,qCAAmC;AACnC,sDAA8B;AAC9B,+CAA4C;AAE5C,yCAA0C;AAC1C,uCAAiD;AACjD,6CAAuC;AAEvC,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACrE,MAAM,iBAAiB,GAAG,uBAAuB,CAAC;AAClD,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC;;GAEG;AACH,MAAM,2BAA2B,GAAG,GAAG,CAAC;AAExC,MAAM,cAAc,GAAG,CACrB,KAAa,EACb,GAAqB,EACrB,WAAmB,EACnB,EAAE;IACF,MAAM,MAAM,GAAG,sBAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAO,IAAY,EAAmB,EAAE;IAC9D,IAAI,IAAA,gBAAK,GAAE,EAAE;QACX,MAAM,IAAI,GAAG,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAEF,8EAA8E;AACvE,MAAM,kBAAkB,GAAG,CAChC,
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/common/auth/server.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;AAEH,qFAAqF;AACrF,qCAAmC;AACnC,sDAA8B;AAC9B,mCAA8B;AAC9B,+CAA4C;AAE5C,yCAA0C;AAC1C,uCAAiD;AACjD,6CAAuC;AAEvC,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACrE,MAAM,iBAAiB,GAAG,uBAAuB,CAAC;AAClD,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC;;GAEG;AACH,MAAM,2BAA2B,GAAG,GAAG,CAAC;AAExC,MAAM,cAAc,GAAG,CACrB,KAAa,EACb,GAAqB,EACrB,WAAmB,EACnB,EAAE;IACF,MAAM,MAAM,GAAG,sBAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAO,IAAY,EAAmB,EAAE;IAC9D,IAAI,IAAA,gBAAK,GAAE,EAAE;QACX,MAAM,IAAI,GAAG,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAEF,8EAA8E;AACvE,MAAM,kBAAkB,GAAG,CAChC,SAA8C,EAC9C,YAAgD,EAChD,OAA2B,EAC3B,EAAE;;IACF,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,IAAI,eAAoC,CAAC;IACzC,IAAI,cAAoC,CAAC;IACzC,IAAI,KAAQ,CAAC;IACb,MAAM,eAAe,GAAG,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzD,eAAe,GAAG,OAAO,CAAC;QAC1B,cAAc,GAAG,MAAM,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;IAEzD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;QACjC,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IACxC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAU,CAAC;QAC7B,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC;aACvB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAC;YAC3D,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAU,EAAE,EAAE;;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,mCAAI,KAAK,CAAC,CAAC;YAC9C,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAExB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,mCAAI,CAAC,CAAC,CAAC;IAE9C,kDAAkD;IAClD,MAAM,OAAO,GAAG,GAAS,EAAE;QACzB,MAAM,IAAA,YAAK,EAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;IACjB,CAAC,CAAA,CAAC;IAEF,6DAA6D;IAC7D,MAAM,aAAa,GAAG,GAAG,EAAE;QACzB,KAAK,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC7B,cAAc,CAAC,KAAK,CAAC,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI;QACF,KAAK,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,eAAe,CAAC;KAC9B;YAAS;QACR,OAAO,CAAC,cAAc,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAChD,OAAO,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEjD,MAAM,OAAO,EAAE,CAAC;KACjB;AACH,CAAC,CAAA,CAAC;AA1EW,QAAA,kBAAkB,sBA0E7B"}
|
|
@@ -10,7 +10,5 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
10
10
|
**/
|
|
11
11
|
/** Converts object data to a URL encoded form */
|
|
12
12
|
export declare const urlEncode: (data: Record<string, string>) => string;
|
|
13
|
-
/** Validates an HTTP response, throwing a friendly
|
|
14
|
-
* error message if invalid
|
|
15
|
-
*/
|
|
13
|
+
/** Validates an HTTP response, throwing a friendly error message if invalid */
|
|
16
14
|
export declare const validateResponse: (response: Response) => Promise<Response>;
|
|
@@ -25,9 +25,7 @@ const urlEncode = (data) => Object.entries(data)
|
|
|
25
25
|
.map((kv) => kv.map(encodeURIComponent).join("="))
|
|
26
26
|
.join("&");
|
|
27
27
|
exports.urlEncode = urlEncode;
|
|
28
|
-
/** Validates an HTTP response, throwing a friendly
|
|
29
|
-
* error message if invalid
|
|
30
|
-
*/
|
|
28
|
+
/** Validates an HTTP response, throwing a friendly error message if invalid */
|
|
31
29
|
const validateResponse = (response) => __awaiter(void 0, void 0, void 0, function* () {
|
|
32
30
|
if (response.ok)
|
|
33
31
|
return response;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../../../src/common/fetch.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAiD;AAC1C,MAAM,SAAS,GAAG,CAAC,IAA4B,EAAE,EAAE,CACxD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;KACjB,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACjD,IAAI,CAAC,GAAG,CAAC,CAAC;AAHF,QAAA,SAAS,aAGP;AAEf
|
|
1
|
+
{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../../../src/common/fetch.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAiD;AAC1C,MAAM,SAAS,GAAG,CAAC,IAA4B,EAAE,EAAE,CACxD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;KACjB,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACjD,IAAI,CAAC,GAAG,CAAC,CAAC;AAHF,QAAA,SAAS,aAGP;AAEf,+EAA+E;AACxE,MAAM,gBAAgB,GAAG,CAAO,QAAkB,EAAE,EAAE;IAC3D,IAAI,QAAQ,CAAC,EAAE;QAAE,OAAO,QAAQ,CAAC;IACjC,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;EACvE,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU;;EAEtC,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC,CAAA,CAAC;AANW,QAAA,gBAAgB,oBAM3B"}
|
|
@@ -12,6 +12,7 @@ import { Config } from "../types/org";
|
|
|
12
12
|
export declare const getTenantConfig: () => Config;
|
|
13
13
|
export declare const getContactMessage: () => string;
|
|
14
14
|
export declare const getHelpMessage: () => string;
|
|
15
|
+
export declare const shouldSkipCheckVersion: () => boolean;
|
|
15
16
|
/** Use only if the organization is configured with Google login to P0 */
|
|
16
17
|
export declare const getGoogleTenantConfig: () => import("../types/org").GoogleApplicationConfig;
|
|
17
18
|
export declare const saveConfig: (orgId: string, debug?: boolean) => Promise<void>;
|
|
@@ -12,7 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
12
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.getHelpMessage = exports.getContactMessage = exports.getTenantConfig = void 0;
|
|
15
|
+
exports.loadConfig = exports.saveConfig = exports.getGoogleTenantConfig = exports.shouldSkipCheckVersion = exports.getHelpMessage = exports.getContactMessage = exports.getTenantConfig = void 0;
|
|
16
16
|
const util_1 = require("../util");
|
|
17
17
|
const path_1 = require("./auth/path");
|
|
18
18
|
const env_1 = require("./env");
|
|
@@ -27,6 +27,13 @@ const getContactMessage = () => { var _a; return (_a = tenantConfig === null ||
|
|
|
27
27
|
exports.getContactMessage = getContactMessage;
|
|
28
28
|
const getHelpMessage = () => { var _a; return (_a = tenantConfig === null || tenantConfig === void 0 ? void 0 : tenantConfig.helpMessage) !== null && _a !== void 0 ? _a : env_1.defaultConfig.helpMessage; };
|
|
29
29
|
exports.getHelpMessage = getHelpMessage;
|
|
30
|
+
const shouldSkipCheckVersion = () => {
|
|
31
|
+
var _a;
|
|
32
|
+
return ((_a = tenantConfig === null || tenantConfig === void 0 ? void 0 : tenantConfig.skipVersionCheck) !== null && _a !== void 0 ? _a : env_1.defaultConfig.skipVersionCheck) === "true"
|
|
33
|
+
? true
|
|
34
|
+
: false;
|
|
35
|
+
};
|
|
36
|
+
exports.shouldSkipCheckVersion = shouldSkipCheckVersion;
|
|
30
37
|
/** Use only if the organization is configured with Google login to P0 */
|
|
31
38
|
const getGoogleTenantConfig = () => {
|
|
32
39
|
if ("google" in tenantConfig) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAqC;AACrC,sCAAgD;AAChD,+BAAsC;AACtC,+BAAmC;AACnC,mCAAiC;AACjC,2DAA6B;AAC7B,gDAAwB;AAExB,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAE3C,MAAM,iBAAiB,GAAG,GAAG,EAAE,WACpC,OAAA,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,cAAc,mCAAI,mBAAa,CAAC,cAAc,CAAA,EAAA,CAAC;AADlD,QAAA,iBAAiB,qBACiC;AAExD,MAAM,cAAc,GAAG,GAAG,EAAE,WACjC,OAAA,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,WAAW,mCAAI,mBAAa,CAAC,WAAW,CAAA,EAAA,CAAC;AAD5C,QAAA,cAAc,kBAC8B;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/drivers/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAWA,kCAAqC;AACrC,sCAAgD;AAChD,+BAAsC;AACtC,+BAAmC;AACnC,mCAAiC;AACjC,2DAA6B;AAC7B,gDAAwB;AAExB,IAAI,YAAoB,CAAC;AAElB,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC;AAArC,QAAA,eAAe,mBAAsB;AAE3C,MAAM,iBAAiB,GAAG,GAAG,EAAE,WACpC,OAAA,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,cAAc,mCAAI,mBAAa,CAAC,cAAc,CAAA,EAAA,CAAC;AADlD,QAAA,iBAAiB,qBACiC;AAExD,MAAM,cAAc,GAAG,GAAG,EAAE,WACjC,OAAA,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,WAAW,mCAAI,mBAAa,CAAC,WAAW,CAAA,EAAA,CAAC;AAD5C,QAAA,cAAc,kBAC8B;AAElD,MAAM,sBAAsB,GAAG,GAAY,EAAE;;IAClD,OAAA,CAAC,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,gBAAgB,mCAAI,mBAAa,CAAC,gBAAgB,CAAC,KAAK,MAAM;QAC3E,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,KAAK,CAAA;CAAA,CAAC;AAHC,QAAA,sBAAsB,0BAGvB;AAEZ,yEAAyE;AAClE,MAAM,qBAAqB,GAAG,GAAG,EAAE;IACxC,IAAI,QAAQ,IAAI,YAAY,EAAE;QAC5B,OAAO,YAAY,CAAC;KACrB;IACD,MAAM,6HAA6H,IAAA,yBAAiB,GAAE,EAAE,CAAC;AAC3J,CAAC,CAAC;AALW,QAAA,qBAAqB,yBAKhC;AAEK,MAAM,UAAU,GAAG,CAAO,KAAa,EAAE,KAAe,EAAE,EAAE;;IACjE,+DAA+D;IAC/D,YAAY,GAAG,mBAAa,CAAC;IAE7B,MAAM,OAAO,GAAG,MAAM,IAAA,gBAAU,EAAC,KAAK,CAAC,CAAC;IAExC,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;KAC1D;IAED,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,mCAAI,mBAAa,CAAC;IAE/C,MAAM,cAAc,GAAG,IAAA,wBAAiB,GAAE,CAAC;IAE3C,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,kBAAE,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5E,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC,CAAA,CAAC;AAnBW,QAAA,UAAU,cAmBrB;AAEK,MAAM,UAAU,GAAG,GAAS,EAAE;IACnC,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,IAAA,wBAAiB,GAAE,CAAC,CAAC;QACtD,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7C,OAAO,YAAY,CAAC;KACrB;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,KAAI,QAAQ,EAAE;YAC3B,MAAM,kDAAkD,IAAA,iBAAU,GAAE,yBAAyB,CAAC;SAC/F;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AAZW,QAAA,UAAU,cAYrB"}
|
|
@@ -8,6 +8,7 @@ exports.defaultConfig = void 0;
|
|
|
8
8
|
const dotenv_1 = __importDefault(require("dotenv"));
|
|
9
9
|
dotenv_1.default.config();
|
|
10
10
|
const { env } = process;
|
|
11
|
+
const skipVersionCheck = env.SKIP_VERSION_CHECK;
|
|
11
12
|
exports.defaultConfig = {
|
|
12
13
|
fs: {
|
|
13
14
|
// Falls back to public production Firestore credentials
|
|
@@ -34,5 +35,6 @@ exports.defaultConfig = {
|
|
|
34
35
|
environment: (_k = env.P0_ENV) !== null && _k !== void 0 ? _k : "production",
|
|
35
36
|
contactMessage: "Please contact support@p0.dev for assistance.",
|
|
36
37
|
helpMessage: "For additional support, please contact support@p0.dev.",
|
|
38
|
+
skipVersionCheck,
|
|
37
39
|
};
|
|
38
40
|
//# sourceMappingURL=env.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAWA,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"env.js","sourceRoot":"","sources":["../../../src/drivers/env.ts"],"names":[],"mappings":";;;;;;;AAWA,oDAA4B;AAE5B,gBAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;AAExB,MAAM,gBAAgB,GAAG,GAAG,CAAC,kBAAkB,CAAC;AAEnC,QAAA,aAAa,GAA4B;IACpD,EAAE,EAAE;QACF,wDAAwD;QACxD,MAAM,EAAE,MAAA,GAAG,CAAC,aAAa,mCAAI,yCAAyC;QACtE,UAAU,EAAE,MAAA,GAAG,CAAC,iBAAiB,mCAAI,yBAAyB;QAC9D,SAAS,EAAE,MAAA,GAAG,CAAC,gBAAgB,mCAAI,SAAS;QAC5C,aAAa,EAAE,MAAA,GAAG,CAAC,oBAAoB,mCAAI,qBAAqB;QAChE,iBAAiB,EAAE,MAAA,GAAG,CAAC,yBAAyB,mCAAI,cAAc;QAClE,KAAK,EAAE,MAAA,GAAG,CAAC,YAAY,mCAAI,2CAA2C;KACvE;IACD,MAAM,EAAE;QACN,QAAQ,EACN,MAAA,GAAG,CAAC,wBAAwB,mCAC5B,0EAA0E;QAC5E,4EAA4E;QAC5E,qFAAqF;QACrF,kFAAkF;QAClF,2FAA2F;QAC3F,uHAAuH;QACvH,iFAAiF;QACjF,uEAAuE;QACvE,wFAAwF;QACxF,yBAAyB,EACvB,MAAA,GAAG,CAAC,4BAA4B,mCAAI,qCAAqC;KAC5E;IACD,MAAM,EAAE,MAAA,GAAG,CAAC,UAAU,mCAAI,oBAAoB;IAC9C,WAAW,EAAE,MAAA,GAAG,CAAC,MAAM,mCAAI,YAAY;IACvC,cAAc,EAAE,+CAA+C;IAC/D,WAAW,EAAE,wDAAwD;IACrE,gBAAgB;CACjB,CAAC"}
|
|
@@ -23,6 +23,7 @@ This file is part of @p0security/cli
|
|
|
23
23
|
|
|
24
24
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
25
|
**/
|
|
26
|
+
const config_1 = require("../drivers/config");
|
|
26
27
|
const stdio_1 = require("../drivers/stdio");
|
|
27
28
|
const util_1 = require("../util");
|
|
28
29
|
const version_1 = require("../version");
|
|
@@ -43,6 +44,12 @@ const VERSION_CHECK_INTERVAL_MILLIS = 86400e3; // 1 day
|
|
|
43
44
|
*/
|
|
44
45
|
const checkVersion = (yargs) => __awaiter(void 0, void 0, void 0, function* () {
|
|
45
46
|
const isDebug = Boolean(yargs["debug"]);
|
|
47
|
+
if ((0, config_1.shouldSkipCheckVersion)()) {
|
|
48
|
+
if (isDebug) {
|
|
49
|
+
(0, stdio_1.print2)("Skipping version check");
|
|
50
|
+
}
|
|
51
|
+
return;
|
|
52
|
+
}
|
|
46
53
|
try {
|
|
47
54
|
const latestFile = node_path_1.default.join(util_1.P0_PATH, LATEST_VERSION_FILE);
|
|
48
55
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/middlewares/version.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAA0C;AAC1C,kCAAqE;AACrE,wCAA2C;AAC3C,gEAAkC;AAClC,0DAA6B;AAC7B,uCAAiC;AACjC,oDAA4B;AAG5B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;AAEjD,uFAAuF;AACvF,wCAAwC;AACxC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,6BAA6B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAQvD;;;;;GAKG;AACI,MAAM,YAAY,GAAG,CAAO,KAA+B,EAAE,EAAE;IACpE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/middlewares/version.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAA2D;AAC3D,4CAA0C;AAC1C,kCAAqE;AACrE,wCAA2C;AAC3C,gEAAkC;AAClC,0DAA6B;AAC7B,uCAAiC;AACjC,oDAA4B;AAG5B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;AAEjD,uFAAuF;AACvF,wCAAwC;AACxC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAEzC,MAAM,6BAA6B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAQvD;;;;;GAKG;AACI,MAAM,YAAY,GAAG,CAAO,KAA+B,EAAE,EAAE;IACpE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACxC,IAAI,IAAA,+BAAsB,GAAE,EAAE;QAC5B,IAAI,OAAO,EAAE;YACX,IAAA,cAAM,EAAC,wBAAwB,CAAC,CAAC;SAClC;QACD,OAAO;KACR;IACD,IAAI;QACF,MAAM,UAAU,GAAG,mBAAI,CAAC,IAAI,CAAC,cAAO,EAAE,mBAAmB,CAAC,CAAC;QAC3D,IAAI;YACF,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC3D,IAAI,gBAAgB,IAAI,6BAA6B,EAAE;gBACrD,IAAI,OAAO,EAAE;oBACX,IAAA,cAAM,EACJ,uCAAuC;wBACrC,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;wBAC1C,eAAe,CAClB,CAAC;iBACH;gBACD,OAAO;aACR;SACF;QAAC,OAAO,KAAU,EAAE;YACnB,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ;gBAAE,MAAM,KAAK,CAAC;SAC1C;QAED,8DAA8D;QAC9D,8CAA8C;QAC9C,MAAM,OAAO,GAAG,mBAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,kBAAE,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAEnC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,uBAAa,CAAC;QAEjD,IAAI,OAAO,EAAE;YACX,IAAA,cAAM,EAAC,iEAAiE,CAAC,CAAC;SAC3E;QAED,yEAAyE;QACzE,iEAAiE;QACjE,MAAM,SAAS,GAAG,IAAA,yBAAkB,GAAE,KAAK,KAAK,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;QAC7C,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,SAAS;YACvB,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;YAC7C,CAAC,CAAC,aAAa,CAAC;QAElB,MAAM,aAAa,GAAG,MAAM,IAAA,cAAO,EACjC,IAAA,WAAI,EAAC,MAAM,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EACtC,4BAA4B,CAC7B,CAAC;QACF,MAAM,UAAU,GAAqB,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACtE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,OAAO,EAAE;YACX,IAAA,cAAM,EAAC,sCAAsC,CAAC,CAAC;YAC/C,IAAA,cAAM,EAAC,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YACjD,IAAA,cAAM,EAAC,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;SACnD;QAED,IAAI,gBAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE;YAC9B,IAAI,IAAA,gBAAK,GAAE,EAAE;gBACX,IAAA,cAAM,EACJ;;;;;;;CAOT,CACQ,CAAC;aACH;iBAAM;gBACL,IAAA,cAAM,EACJ;;;;oBAIU,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;;CAElC,CACQ,CAAC;aACH;SACF;aAAM,IAAI,OAAO,EAAE;YAClB,IAAA,cAAM,EAAC,wCAAwC,CAAC,CAAC;SAClD;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,OAAO,EAAE;YACX,IAAA,cAAM,EAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACjD,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;SACjD;QAED,uBAAuB;QACvB,qBAAqB;KACtB;AACH,CAAC,CAAA,CAAC;AAhGW,QAAA,YAAY,gBAgGvB"}
|
|
@@ -20,12 +20,20 @@ This file is part of @p0security/cli
|
|
|
20
20
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
|
+
const retry_1 = require("../../common/retry");
|
|
23
24
|
const xml_1 = require("../../common/xml");
|
|
24
25
|
const auth_1 = require("../../drivers/auth");
|
|
25
26
|
const assumeRole_1 = require("../aws/assumeRole");
|
|
26
27
|
const config_1 = require("../aws/config");
|
|
27
28
|
const login_1 = require("./login");
|
|
28
29
|
const lodash_1 = require("lodash");
|
|
30
|
+
// Retry configuration for handling Okta eventual consistency
|
|
31
|
+
// With exponential backoff: 1s, 2s, 4s, 8s, 16s, 30s, 30s, 30s... ≈ 5 minutes total
|
|
32
|
+
const ROLE_NOT_AVAILABLE_PATTERN = /^Role .+ not available\./;
|
|
33
|
+
const RETRY_ATTEMPTS = 14;
|
|
34
|
+
const INITIAL_RETRY_DELAY_MS = 1000;
|
|
35
|
+
const RETRY_MULTIPLIER = 2.0;
|
|
36
|
+
const MAX_RETRY_DELAY_MS = 30000;
|
|
29
37
|
/** Extracts all roles from a SAML assertion */
|
|
30
38
|
const rolesFromSaml = (account, saml) => {
|
|
31
39
|
var _a;
|
|
@@ -52,7 +60,7 @@ const initOktaSaml = (authn, account, debug) => __awaiter(void 0, void 0, void 0
|
|
|
52
60
|
const { identity, config } = yield (0, config_1.getAwsConfig)(authn, account, debug);
|
|
53
61
|
if (!isFederatedLogin(config))
|
|
54
62
|
throw `Account ${(_a = config.label) !== null && _a !== void 0 ? _a : config.id} is not configured for Okta SAML login.`;
|
|
55
|
-
const samlResponse = yield (0, login_1.
|
|
63
|
+
const samlResponse = yield (0, login_1.fetchSamlAssertionForAws)(identity, config.login);
|
|
56
64
|
return {
|
|
57
65
|
samlResponse,
|
|
58
66
|
config,
|
|
@@ -61,17 +69,34 @@ const initOktaSaml = (authn, account, debug) => __awaiter(void 0, void 0, void 0
|
|
|
61
69
|
});
|
|
62
70
|
const assumeRoleWithOktaSaml = (authn, args, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
63
71
|
return yield (0, auth_1.cached)(`aws-okta-${args.accountId}-${args.role}`, () => __awaiter(void 0, void 0, void 0, function* () {
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
account,
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
72
|
+
// (Speculative) There could be a delay between Okta API role assignment and the role appearing
|
|
73
|
+
// in the SAML assertions due to eventual consistency in Okta's distributed infrastructure.
|
|
74
|
+
// Add retry logic to handle this race condition.
|
|
75
|
+
return yield (0, retry_1.retryWithSleep)(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
76
|
+
const { account, config, samlResponse } = yield initOktaSaml(authn, args.accountId, debug);
|
|
77
|
+
const { roles } = rolesFromSaml(account, samlResponse);
|
|
78
|
+
if (!roles.includes(args.role)) {
|
|
79
|
+
throw `Role ${args.role} not available. Available roles:\n${roles.map((r) => ` ${r}`).join("\n")}`;
|
|
80
|
+
}
|
|
81
|
+
return yield (0, assumeRole_1.assumeRoleWithSaml)({
|
|
82
|
+
account,
|
|
83
|
+
role: args.role,
|
|
84
|
+
saml: {
|
|
85
|
+
providerName: config.login.provider.identityProvider,
|
|
86
|
+
response: samlResponse,
|
|
87
|
+
},
|
|
88
|
+
});
|
|
89
|
+
}), {
|
|
90
|
+
shouldRetry: (error) => {
|
|
91
|
+
// Only retry when the specific role is not available in the SAML response
|
|
92
|
+
return (typeof error === "string" &&
|
|
93
|
+
ROLE_NOT_AVAILABLE_PATTERN.test(error));
|
|
74
94
|
},
|
|
95
|
+
retries: RETRY_ATTEMPTS,
|
|
96
|
+
delayMs: INITIAL_RETRY_DELAY_MS,
|
|
97
|
+
multiplier: RETRY_MULTIPLIER,
|
|
98
|
+
maxDelayMs: MAX_RETRY_DELAY_MS,
|
|
99
|
+
debug,
|
|
75
100
|
});
|
|
76
101
|
}), { duration: 3600e3 });
|
|
77
102
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5E,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAhDS,QAAA,sBAAsB,0BAgD/B"}
|
|
@@ -4,5 +4,23 @@ import { OrgData } from "../../types/org";
|
|
|
4
4
|
import { AwsFederatedLogin } from "../aws/types";
|
|
5
5
|
/** Logs in to Okta via OIDC */
|
|
6
6
|
export declare const oktaLogin: (org: OrgData) => Promise<TokenResponse>;
|
|
7
|
-
/**
|
|
8
|
-
|
|
7
|
+
/**
|
|
8
|
+
* Converts OIDC tokens into a SAML assertion for AWS federated authentication.
|
|
9
|
+
*
|
|
10
|
+
* This function bridges the gap between modern OIDC authentication (used by P0 CLI)
|
|
11
|
+
* and legacy SAML federation (required by AWS IAM). It performs a two-step process:
|
|
12
|
+
*
|
|
13
|
+
* 1. **Token Exchange (OIDC → Web SSO Token)**:
|
|
14
|
+
* Exchanges the user's general-purpose OIDC tokens (access_token, id_token) for
|
|
15
|
+
* an app-specific Web SSO token scoped to the Okta AWS integration app.
|
|
16
|
+
*
|
|
17
|
+
* 2. **SAML Extraction (Web SSO Token → SAML Assertion)**:
|
|
18
|
+
* Uses the Web SSO token to initiate Okta's SSO flow and extracts the base64-encoded
|
|
19
|
+
* SAML assertion from the resulting HTML response.
|
|
20
|
+
*
|
|
21
|
+
* @param identity - The user's P0 identity containing OIDC tokens from login
|
|
22
|
+
* @param config - AWS federated login configuration with Okta app details
|
|
23
|
+
* @returns Base64-encoded SAML assertion for AWS authentication
|
|
24
|
+
* @throws Error if Okta session has expired or been terminated
|
|
25
|
+
*/
|
|
26
|
+
export declare const fetchSamlAssertionForAws: (identity: Identity, config: AwsFederatedLogin) => Promise<string>;
|
|
@@ -32,7 +32,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
32
32
|
});
|
|
33
33
|
};
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.
|
|
35
|
+
exports.fetchSamlAssertionForAws = exports.oktaLogin = void 0;
|
|
36
36
|
/** Copyright © 2024-present P0 Security
|
|
37
37
|
|
|
38
38
|
This file is part of @p0security/cli
|
|
@@ -45,6 +45,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
45
45
|
**/
|
|
46
46
|
const oidc_1 = require("../../common/auth/oidc");
|
|
47
47
|
const fetch_1 = require("../../common/fetch");
|
|
48
|
+
const auth_1 = require("../../drivers/auth");
|
|
48
49
|
const login_1 = require("../oidc/login");
|
|
49
50
|
const cheerio = __importStar(require("cheerio"));
|
|
50
51
|
const lodash_1 = require("lodash");
|
|
@@ -52,7 +53,14 @@ const ACCESS_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token";
|
|
|
52
53
|
const ID_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:id_token";
|
|
53
54
|
const TOKEN_EXCHANGE_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
54
55
|
const WEB_SSO_TOKEN_TYPE = "urn:okta:oauth:token-type:web_sso_token";
|
|
55
|
-
/**
|
|
56
|
+
/**
|
|
57
|
+
* Exchanges an Okta OIDC SSO token for an Okta app SSO token.
|
|
58
|
+
*
|
|
59
|
+
* Performs OAuth 2.0 Token Exchange (RFC 8693) to convert general-purpose
|
|
60
|
+
* OIDC tokens into an app-specific Web SSO token.
|
|
61
|
+
*
|
|
62
|
+
* @throws Error if Okta session has expired or been terminated
|
|
63
|
+
*/
|
|
56
64
|
const fetchSsoWebToken = (appId, { org, credential }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
57
65
|
const init = {
|
|
58
66
|
method: "POST",
|
|
@@ -70,7 +78,17 @@ const fetchSsoWebToken = (appId, { org, credential }) => __awaiter(void 0, void
|
|
|
70
78
|
};
|
|
71
79
|
(0, login_1.validateProviderDomain)(org);
|
|
72
80
|
const response = yield fetch(`https:${org.providerDomain}/oauth2/v1/token`, init);
|
|
73
|
-
|
|
81
|
+
if (!response.ok) {
|
|
82
|
+
if (response.status === 400) {
|
|
83
|
+
const data = yield response.json();
|
|
84
|
+
if (data.error === "invalid_grant") {
|
|
85
|
+
yield (0, auth_1.deleteIdentity)();
|
|
86
|
+
throw new Error("Your Okta session has expired. Please login again.");
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
// Throw a friendly error message if response is invalid
|
|
90
|
+
yield (0, fetch_1.validateResponse)(response);
|
|
91
|
+
}
|
|
74
92
|
return (yield response.json());
|
|
75
93
|
});
|
|
76
94
|
/** Retrieves an Okta app's SAML response */
|
|
@@ -101,9 +119,27 @@ const oktaLogin = (org) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
101
119
|
}));
|
|
102
120
|
});
|
|
103
121
|
exports.oktaLogin = oktaLogin;
|
|
104
|
-
/**
|
|
122
|
+
/**
|
|
123
|
+
* Converts OIDC tokens into a SAML assertion for AWS federated authentication.
|
|
124
|
+
*
|
|
125
|
+
* This function bridges the gap between modern OIDC authentication (used by P0 CLI)
|
|
126
|
+
* and legacy SAML federation (required by AWS IAM). It performs a two-step process:
|
|
127
|
+
*
|
|
128
|
+
* 1. **Token Exchange (OIDC → Web SSO Token)**:
|
|
129
|
+
* Exchanges the user's general-purpose OIDC tokens (access_token, id_token) for
|
|
130
|
+
* an app-specific Web SSO token scoped to the Okta AWS integration app.
|
|
131
|
+
*
|
|
132
|
+
* 2. **SAML Extraction (Web SSO Token → SAML Assertion)**:
|
|
133
|
+
* Uses the Web SSO token to initiate Okta's SSO flow and extracts the base64-encoded
|
|
134
|
+
* SAML assertion from the resulting HTML response.
|
|
135
|
+
*
|
|
136
|
+
* @param identity - The user's P0 identity containing OIDC tokens from login
|
|
137
|
+
* @param config - AWS federated login configuration with Okta app details
|
|
138
|
+
* @returns Base64-encoded SAML assertion for AWS authentication
|
|
139
|
+
* @throws Error if Okta session has expired or been terminated
|
|
140
|
+
*/
|
|
105
141
|
// TODO: Inject Okta app
|
|
106
|
-
const
|
|
142
|
+
const fetchSamlAssertionForAws = (identity, config) => __awaiter(void 0, void 0, void 0, function* () {
|
|
107
143
|
const webTokenResponse = yield fetchSsoWebToken(config.provider.appId, identity);
|
|
108
144
|
const samlResponse = yield fetchSamlResponse(identity.org, webTokenResponse);
|
|
109
145
|
if (!samlResponse) {
|
|
@@ -111,5 +147,5 @@ const getSamlResponse = (identity, config) => __awaiter(void 0, void 0, void 0,
|
|
|
111
147
|
}
|
|
112
148
|
return samlResponse;
|
|
113
149
|
});
|
|
114
|
-
exports.
|
|
150
|
+
exports.fetchSamlAssertionForAws = fetchSamlAssertionForAws;
|
|
115
151
|
//# sourceMappingURL=login.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../../src/plugins/okta/login.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,iDAAsD;AACtD,8CAAiE;AACjE,6CAAoD;AAKpD,yCAIuB;AACvB,iDAAmC;AACnC,mCAA8B;AAE9B,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,aAAa,GAAG,2CAA2C,CAAC;AAClE,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAC9E,MAAM,kBAAkB,GAAG,yCAAyC,CAAC;AAErE;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG,CACvB,KAAa,EACb,EAAE,GAAG,EAAE,UAAU,EAAY,EAC7B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,mBAAY;QACrB,IAAI,EAAE,IAAA,iBAAS,EAAC;YACd,QAAQ,EAAE,iBAAiB,KAAK,EAAE;YAClC,SAAS,EAAE,GAAG,CAAC,QAAQ;YACvB,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,gBAAgB,EAAE,iBAAiB;YACnC,aAAa,EAAE,UAAU,CAAC,QAAQ;YAClC,kBAAkB,EAAE,aAAa;YACjC,UAAU,EAAE,mBAAmB;YAC/B,oBAAoB,EAAE,kBAAkB;SACzC,CAAC;KACH,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,SAAS,GAAG,CAAC,cAAc,kBAAkB,EAC7C,IAAI,CACL,CAAC;IAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,KAAK,eAAe,EAAE;gBAClC,MAAM,IAAA,qBAAc,GAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;aACvE;SACF;QAED,wDAAwD;QACxD,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;KAClC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC,CAAA,CAAC;AAEF,4CAA4C;AAC5C,MAAM,iBAAiB,GAAG,CACxB,GAAY,EACZ,EAAE,YAAY,EAAiB,EAC/B,EAAE;IACF,MAAM,IAAI,GAAG;QACX,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAA,aAAI,EAAC,mBAAY,EAAE,cAAc,CAAC;KAC5C,CAAC;IACF,IAAA,8BAAsB,EAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,WACV,GAAG,CAAC,cACN,0BAA0B,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;IAC7D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAC,GAAG,EAAE,CAAC;IAC7D,OAAO,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC,CAAA,CAAC;AAEF,+BAA+B;AACxB,MAAM,SAAS,GAAG,CAAO,GAAY,EAAE,EAAE;IAC9C,OAAA,IAAA,iBAAS,EACP,IAAA,sBAAc,EAAC,GAAG,EAAE,oCAAoC,EAAE,GAAG,EAAE;QAC7D,IAAI,GAAG,CAAC,YAAY,KAAK,MAAM,EAAE;YAC/B,MAAM,yBAAyB,GAAG,CAAC,YAAY,oBAAoB,CAAC;SACrE;QACD,OAAO;YACL,sBAAsB,EAAE,WAAW,GAAG,CAAC,cAAc,6BAA6B;YAClF,QAAQ,EAAE,WAAW,GAAG,CAAC,cAAc,kBAAkB;SAC1D,CAAC;IACJ,CAAC,CAAC,CACH,CAAA;EAAA,CAAC;AAXS,QAAA,SAAS,aAWlB;AAEJ;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAwB;AACjB,MAAM,wBAAwB,GAAG,CACtC,QAAkB,EAClB,MAAyB,EACR,EAAE;IACnB,MAAM,gBAAgB,GAAG,MAAM,gBAAgB,CAC7C,MAAM,CAAC,QAAQ,CAAC,KAAK,EACrB,QAAQ,CACT,CAAC;IACF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC7E,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,uCAAuC,CAAC;KAC/C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC,CAAA,CAAC;AAbW,QAAA,wBAAwB,4BAanC"}
|
|
@@ -124,52 +124,23 @@ function spawnSshNode(options) {
|
|
|
124
124
|
env: Object.assign(Object.assign({}, process.env), options.credential),
|
|
125
125
|
stdio: options.stdio,
|
|
126
126
|
shell: false,
|
|
127
|
-
detached: process.platform !== "win32", // Create new process group on Unix
|
|
128
127
|
});
|
|
129
|
-
//
|
|
130
|
-
// Problem: SSH's ProxyCommand spawns `aws ssm start-session`, which spawns
|
|
131
|
-
// `session-manager-plugin`. When SSH exits (especially during retry attempts),
|
|
132
|
-
// these child processes may not terminate, leaving them holding the stderr pipe
|
|
133
|
-
// and preventing Node.js from exiting. This is particularly problematic during
|
|
134
|
-
// the access propagation retry loop where multiple failed attempts accumulate
|
|
135
|
-
// orphaned processes. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
136
|
-
//
|
|
137
|
-
// Solution: Spawn SSH in its own process group (detached mode on Unix) so we
|
|
138
|
-
// can kill the entire process tree with process.kill(-pid). This ensures that
|
|
139
|
-
// aws ssm start-session and session-manager-plugin are terminated along with SSH.
|
|
140
|
-
const killProcessTree = (signal = "SIGTERM") => {
|
|
141
|
-
try {
|
|
142
|
-
if (process.platform === "win32") {
|
|
143
|
-
// Kill direct child only (can use taskkill /T if needed)
|
|
144
|
-
child.kill(signal);
|
|
145
|
-
}
|
|
146
|
-
else {
|
|
147
|
-
// Kill entire process group
|
|
148
|
-
process.kill(-child.pid, signal);
|
|
149
|
-
}
|
|
150
|
-
}
|
|
151
|
-
catch (_a) {
|
|
152
|
-
// Process already dead, ignore
|
|
153
|
-
}
|
|
154
|
-
};
|
|
155
|
-
// Kill process tree on parent termination (Ctrl+C, etc.)
|
|
128
|
+
// Make sure if the parent process is killed, we kill the child process too
|
|
156
129
|
const signalHandlers = new Map();
|
|
157
|
-
["SIGINT", "SIGTERM", "SIGHUP", "SIGQUIT"].forEach((signal) => {
|
|
130
|
+
["exit", "SIGINT", "SIGTERM", "SIGHUP", "SIGQUIT"].forEach((signal) => {
|
|
158
131
|
const handler = () => {
|
|
159
|
-
|
|
132
|
+
try {
|
|
133
|
+
child.kill();
|
|
134
|
+
}
|
|
135
|
+
catch (_a) {
|
|
136
|
+
// Ignore errors
|
|
137
|
+
}
|
|
160
138
|
// Resolving the promise so that we don't hang the process forever.
|
|
161
139
|
resolve(0);
|
|
162
140
|
};
|
|
163
141
|
signalHandlers.set(signal, handler);
|
|
164
142
|
process.on(signal, handler);
|
|
165
143
|
});
|
|
166
|
-
// Handle process exit separately (not a signal)
|
|
167
|
-
const exitHandler = () => {
|
|
168
|
-
killProcessTree();
|
|
169
|
-
resolve(0);
|
|
170
|
-
};
|
|
171
|
-
signalHandlers.set("exit", exitHandler);
|
|
172
|
-
process.on("exit", exitHandler);
|
|
173
144
|
// TODO ENG-2284 support login with Google Cloud: currently return a boolean to indicate if the exception was a Google login error.
|
|
174
145
|
const { isAccessPropagated, isLoginException, cleanup: cleanupStderr, } = accessPropagationGuard(provider.unprovisionedAccessPatterns, options.isAccessPropagationPreTest
|
|
175
146
|
? provider.provisionedAccessPatterns
|
|
@@ -191,8 +162,6 @@ function spawnSshNode(options) {
|
|
|
191
162
|
var _a, _b;
|
|
192
163
|
exitListener.unref();
|
|
193
164
|
cleanupAllListeners();
|
|
194
|
-
// Kill orphaned processes from failed attempt before retrying
|
|
195
|
-
killProcessTree("SIGKILL");
|
|
196
165
|
// In the case of ephemeral AccessDenied exceptions due to unpropagated
|
|
197
166
|
// permissions, continually retry access until success
|
|
198
167
|
if (!isAccessPropagated()) {
|