@p0security/cli 0.22.6 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/commands/index.js +18 -2
- package/build/dist/commands/index.js.map +1 -1
- package/build/dist/commands/print-bearer-token.js +2 -1
- package/build/dist/commands/print-bearer-token.js.map +1 -1
- package/build/dist/commands/rdp.js +3 -2
- package/build/dist/commands/rdp.js.map +1 -1
- package/build/dist/commands/scp.js +49 -35
- package/build/dist/commands/scp.js.map +1 -1
- package/build/dist/commands/shared/request.js +21 -0
- package/build/dist/commands/shared/request.js.map +1 -1
- package/build/dist/commands/shared/ssh.d.ts +4 -0
- package/build/dist/commands/shared/ssh.js +29 -14
- package/build/dist/commands/shared/ssh.js.map +1 -1
- package/build/dist/commands/ssh.js +42 -29
- package/build/dist/commands/ssh.js.map +1 -1
- package/build/dist/common/auth/server.js +1 -0
- package/build/dist/common/auth/server.js.map +1 -1
- package/build/dist/index.js +4 -0
- package/build/dist/index.js.map +1 -1
- package/build/dist/opentelemetry/constants.d.ts +16 -0
- package/build/dist/opentelemetry/constants.js +20 -0
- package/build/dist/opentelemetry/constants.js.map +1 -0
- package/build/dist/opentelemetry/instrumentation.js +1 -0
- package/build/dist/opentelemetry/instrumentation.js.map +1 -1
- package/build/dist/opentelemetry/otel-helpers.d.ts +56 -0
- package/build/dist/opentelemetry/otel-helpers.js +139 -0
- package/build/dist/opentelemetry/otel-helpers.js.map +1 -0
- package/build/dist/plugins/kubeconfig/index.js +7 -5
- package/build/dist/plugins/kubeconfig/index.js.map +1 -1
- package/build/dist/plugins/kubeconfig/types.d.ts +13 -8
- package/build/dist/plugins/rdp/index.js +2 -1
- package/build/dist/plugins/rdp/index.js.map +1 -1
- package/build/dist/plugins/ssh/index.js +65 -50
- package/build/dist/plugins/ssh/index.js.map +1 -1
- package/build/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -26,6 +26,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
26
26
|
const config_1 = require("../drivers/config");
|
|
27
27
|
const stdio_1 = require("../drivers/stdio");
|
|
28
28
|
const version_1 = require("../middlewares/version");
|
|
29
|
+
const otel_helpers_1 = require("../opentelemetry/otel-helpers");
|
|
29
30
|
const version_2 = require("../version");
|
|
30
31
|
const allow_1 = require("./allow");
|
|
31
32
|
const aws_1 = require("./aws");
|
|
@@ -41,7 +42,7 @@ const scp_1 = require("./scp");
|
|
|
41
42
|
const ssh_1 = require("./ssh");
|
|
42
43
|
const ssh_proxy_1 = require("./ssh-proxy");
|
|
43
44
|
const ssh_resolve_1 = require("./ssh-resolve");
|
|
44
|
-
const
|
|
45
|
+
const api_1 = require("@opentelemetry/api");
|
|
45
46
|
const yargs_1 = __importDefault(require("yargs"));
|
|
46
47
|
const helpers_1 = require("yargs/helpers");
|
|
47
48
|
const commands = [
|
|
@@ -99,6 +100,20 @@ const getCli = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
99
100
|
.strict()
|
|
100
101
|
.demandCommand(1)
|
|
101
102
|
.fail((message, error, yargs) => {
|
|
103
|
+
// Mark active span as error if it exists
|
|
104
|
+
// Wrapped in try/catch - telemetry must never break the CLI
|
|
105
|
+
try {
|
|
106
|
+
const activeSpan = api_1.trace.getActiveSpan();
|
|
107
|
+
if (activeSpan) {
|
|
108
|
+
const errorMessage = error ? String(error) : message;
|
|
109
|
+
(0, otel_helpers_1.markSpanError)(activeSpan, errorMessage);
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
catch (e) {
|
|
113
|
+
// Silently ignore telemetry failures
|
|
114
|
+
// CLI functionality takes precedence over observability
|
|
115
|
+
}
|
|
116
|
+
// Print error messages (existing behavior)
|
|
102
117
|
if (error) {
|
|
103
118
|
(0, stdio_1.print2)(error);
|
|
104
119
|
}
|
|
@@ -107,7 +122,8 @@ const getCli = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
107
122
|
(0, stdio_1.print2)(`\n${message}`);
|
|
108
123
|
(0, stdio_1.print2)(`\n${(0, config_1.getHelpMessage)()}`);
|
|
109
124
|
}
|
|
110
|
-
|
|
125
|
+
// Use exitProcess instead of sys.exit for consistent span handling
|
|
126
|
+
(0, otel_helpers_1.exitProcess)(1);
|
|
111
127
|
});
|
|
112
128
|
});
|
|
113
129
|
exports.getCli = getCli;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAmD;AACnD,4CAAkD;AAClD,oDAAsD;AACtD,wCAAiE;AACjE,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,qCAAyC;AACzC,6BAAiC;AACjC,6DAA+D;AAC/D,+BAAmC;AACnC,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,2CAA8C;AAC9C,+CAAkD;AAClD,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAmD;AACnD,4CAAkD;AAClD,oDAAsD;AACtD,gEAA2E;AAC3E,wCAAiE;AACjE,mCAAuC;AACvC,+BAAmC;AACnC,mCAAuC;AACvC,6CAAiD;AACjD,mCAAuC;AACvC,qCAAyC;AACzC,6BAAiC;AACjC,6DAA+D;AAC/D,+BAAmC;AACnC,uCAA2C;AAC3C,+BAAmC;AACnC,+BAAmC;AACnC,2CAA8C;AAC9C,+CAAkD;AAClD,4CAA2C;AAC3C,kDAA0B;AAC1B,2CAAwC;AAExC,MAAM,QAAQ,GAAG;IACf,gBAAU;IACV,oBAAY;IACZ,oBAAY;IACZ,sBAAa;IACb,cAAS;IACT,wBAAc;IACd,oBAAY;IACZ,gBAAU;IACV,2BAAe;IACf,+BAAiB;IACjB,gBAAU;IACV,gBAAU;IACV,8BAAiB;IACjB,4CAAuB;CACxB,CAAC;AAEF,MAAM,SAAS,GAAG,GAAS,EAAE;IAC3B,MAAM,IAAI,GAAG,IAAA,eAAK,EAAC,IAAA,iBAAO,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAC/C,IAAA,8BAAoB,EAAC,uBAAa,CAAC,CACpC,CAAC;IAEF,6FAA6F;IAC7F,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,QAAQ,GAAG,CAAC,GAAoC,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,UAAU,EAAE;YAC7B,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,IAAA,uBAAc,GAAE,CAAC,CAAC,CAAC;SAC3D;aAAM;YACL,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACtB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC,CAAA,CAAC;AAEF,4DAA4D;AAC5D,MAAM,mBAAmB,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEzD,SAAe,uBAAuB,CAAC,IAA8B;;QACnE,MAAM,cAAc,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE;YACtC,OAAO;SACR;QAED,IAAI,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE;YAChD,OAAO;SACR;aAAM;YACL,OAAO,MAAM,IAAA,sBAAY,EAAC,IAAI,CAAC,CAAC;SACjC;IACH,CAAC;CAAA;AAEM,MAAM,MAAM,GAAG,GAAS,EAAE;IAC/B,OAAA,QAAQ;SACL,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,SAAS,EAAE,CAAC;SACzC,UAAU,CAAC,uBAAuB,CAAC;SACnC,MAAM,EAAE;SACR,aAAa,CAAC,CAAC,CAAC;SAChB,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;QAC9B,yCAAyC;QACzC,4DAA4D;QAC5D,IAAI;YACF,MAAM,UAAU,GAAG,WAAK,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,UAAU,EAAE;gBACd,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;gBACrD,IAAA,4BAAa,EAAC,UAAU,EAAE,YAAY,CAAC,CAAC;aACzC;SACF;QAAC,OAAO,CAAC,EAAE;YACV,qCAAqC;YACrC,wDAAwD;SACzD;QAED,2CAA2C;QAC3C,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;SACf;aAAM;YACL,IAAA,cAAM,EAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrB,IAAA,cAAM,EAAC,KAAK,OAAO,EAAE,CAAC,CAAC;YACvB,IAAA,cAAM,EAAC,KAAK,IAAA,uBAAc,GAAE,EAAE,CAAC,CAAC;SACjC;QAED,mEAAmE;QACnE,IAAA,0BAAW,EAAC,CAAC,CAAC,CAAC;IACjB,CAAC,CAAC,CAAA;EAAA,CAAC;AA/BM,QAAA,MAAM,UA+BZ"}
|
|
@@ -22,6 +22,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
22
22
|
**/
|
|
23
23
|
const auth_1 = require("../drivers/auth");
|
|
24
24
|
const stdio_1 = require("../drivers/stdio");
|
|
25
|
+
const otel_helpers_1 = require("../opentelemetry/otel-helpers");
|
|
25
26
|
const printBearerTokenArgs = (yargs) => yargs.help(false);
|
|
26
27
|
const printBearerTokenCommand = (yargs) => yargs.command("print-bearer-token", false, // hides command from --help output
|
|
27
28
|
printBearerTokenArgs, exports.printBearerToken);
|
|
@@ -31,7 +32,7 @@ const printBearerToken = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
31
32
|
const token = yield authn.getToken();
|
|
32
33
|
if (!token) {
|
|
33
34
|
(0, stdio_1.print2)("No access token found in identity.");
|
|
34
|
-
|
|
35
|
+
(0, otel_helpers_1.exitProcess)(1);
|
|
35
36
|
}
|
|
36
37
|
(0, stdio_1.print1)(token);
|
|
37
38
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"print-bearer-token.js","sourceRoot":"","sources":["../../../src/commands/print-bearer-token.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,4CAAkD;
|
|
1
|
+
{"version":3,"file":"print-bearer-token.js","sourceRoot":"","sources":["../../../src/commands/print-bearer-token.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,4CAAkD;AAClD,gEAA4D;AAG5D,MAAM,oBAAoB,GAAG,CAAI,KAAoB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAErE,MAAM,uBAAuB,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC3D,KAAK,CAAC,OAAO,CACX,oBAAoB,EACpB,KAAK,EAAE,mCAAmC;AAC1C,oBAAoB,EACpB,wBAAgB,CACjB,CAAC;AANS,QAAA,uBAAuB,2BAMhC;AAEG,MAAM,gBAAgB,GAAG,GAAS,EAAE;IACzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;IACrC,IAAI,CAAC,KAAK,EAAE;QACV,IAAA,cAAM,EAAC,oCAAoC,CAAC,CAAC;QAC7C,IAAA,0BAAW,EAAC,CAAC,CAAC,CAAC;KAChB;IACD,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;AAChB,CAAC,CAAA,CAAC;AATW,QAAA,gBAAgB,oBAS3B"}
|
|
@@ -22,6 +22,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
22
22
|
**/
|
|
23
23
|
const auth_1 = require("../drivers/auth");
|
|
24
24
|
const stdio_1 = require("../drivers/stdio");
|
|
25
|
+
const otel_helpers_1 = require("../opentelemetry/otel-helpers");
|
|
25
26
|
const rdp_1 = require("../plugins/rdp");
|
|
26
27
|
const util_1 = require("../util");
|
|
27
28
|
const rdpCommand = (yargs) => yargs.command("rdp <destination>", "Connect to a Windows virtual machine via RDP", (yargs) => yargs
|
|
@@ -64,14 +65,14 @@ const rdpAction = (cmdArgs) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
64
65
|
const os = (0, util_1.getOperatingSystem)();
|
|
65
66
|
if (os !== "win") {
|
|
66
67
|
(0, stdio_1.print2)("RDP session connections are only supported on Windows.");
|
|
67
|
-
|
|
68
|
+
(0, otel_helpers_1.exitProcess)(1);
|
|
68
69
|
}
|
|
69
70
|
const authn = yield (0, auth_1.authenticate)(cmdArgs);
|
|
70
71
|
yield (0, rdp_1.rdp)(authn, cmdArgs);
|
|
71
72
|
// Force exit to prevent hanging due to orphaned child processes
|
|
72
73
|
// Skip in tests to avoid killing the test runner
|
|
73
74
|
if (process.env.NODE_ENV !== "unit") {
|
|
74
|
-
|
|
75
|
+
(0, otel_helpers_1.exitProcess)(0);
|
|
75
76
|
}
|
|
76
77
|
});
|
|
77
78
|
//# sourceMappingURL=rdp.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rdp.js","sourceRoot":"","sources":["../../../src/commands/rdp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,4CAA0C;AAC1C,wCAAqC;AAErC,kCAAyD;AAGlD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,mBAAmB,EACnB,8CAA8C,EAC9C,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;IACpC,OAAO,EAAE,KAAK;CACf,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,KAAK;CACf,CAAC;KACD,KAAK,CAAC,sBAAsB,CAAC;KAC7B,QAAQ,CACP;;;MAGJ,IAAA,iBAAU,GAAE,iDAAiD,CAC1D,EAEL,SAAS,CACV,CAAC;AAjCS,QAAA,UAAU,cAiCnB;AAEJ;;;;;;;;GAQG;AACH,MAAM,SAAS,GAAG,CAAO,OAAiD,EAAE,EAAE;IAC5E,wEAAwE;IACxE,sJAAsJ;IACtJ,MAAM,EAAE,GAAG,IAAA,yBAAkB,GAAE,CAAC;IAChC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,IAAA,cAAM,EAAC,wDAAwD,CAAC,CAAC;QACjE,
|
|
1
|
+
{"version":3,"file":"rdp.js","sourceRoot":"","sources":["../../../src/commands/rdp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,4CAA0C;AAC1C,gEAA4D;AAC5D,wCAAqC;AAErC,kCAAyD;AAGlD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,mBAAmB,EACnB,8CAA8C,EAC9C,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;IACpC,OAAO,EAAE,KAAK;CACf,CAAC;KACD,MAAM,CAAC,WAAW,EAAE;IACnB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,KAAK;CACf,CAAC;KACD,KAAK,CAAC,sBAAsB,CAAC;KAC7B,QAAQ,CACP;;;MAGJ,IAAA,iBAAU,GAAE,iDAAiD,CAC1D,EAEL,SAAS,CACV,CAAC;AAjCS,QAAA,UAAU,cAiCnB;AAEJ;;;;;;;;GAQG;AACH,MAAM,SAAS,GAAG,CAAO,OAAiD,EAAE,EAAE;IAC5E,wEAAwE;IACxE,sJAAsJ;IACtJ,MAAM,EAAE,GAAG,IAAA,yBAAkB,GAAE,CAAC;IAChC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,IAAA,cAAM,EAAC,wDAAwD,CAAC,CAAC;QACjE,IAAA,0BAAW,EAAC,CAAC,CAAC,CAAC;KAChB;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,IAAA,SAAG,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAE1B,gEAAgE;IAChE,iDAAiD;IACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;QACnC,IAAA,0BAAW,EAAC,CAAC,CAAC,CAAC;KAChB;AACH,CAAC,CAAA,CAAC"}
|
|
@@ -21,6 +21,7 @@ This file is part of @p0security/cli
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
23
|
const auth_1 = require("../drivers/auth");
|
|
24
|
+
const otel_helpers_1 = require("../opentelemetry/otel-helpers");
|
|
24
25
|
const ssh_1 = require("../plugins/ssh");
|
|
25
26
|
const ssh_2 = require("../types/ssh");
|
|
26
27
|
const ssh_3 = require("./shared/ssh");
|
|
@@ -53,7 +54,8 @@ const scpCommand = (yargs) => yargs.command("scp <source> <destination>",
|
|
|
53
54
|
})
|
|
54
55
|
.option("sudo", {
|
|
55
56
|
type: "boolean",
|
|
56
|
-
describe: "Add user to sudoers file",
|
|
57
|
+
describe: "Add user to sudoers file. Set P0_SSH_SUDO=1 to enable by default.",
|
|
58
|
+
default: (0, ssh_3.getDefaultSudo)(),
|
|
57
59
|
})
|
|
58
60
|
.option("debug", {
|
|
59
61
|
type: "boolean",
|
|
@@ -73,41 +75,53 @@ exports.scpCommand = scpCommand;
|
|
|
73
75
|
* Implicitly gains access to the SSH resource if required.
|
|
74
76
|
*/
|
|
75
77
|
const scpAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
privateKey,
|
|
102
|
-
|
|
103
|
-
|
|
78
|
+
yield (0, otel_helpers_1.traceSpan)("scp.command", (span) => __awaiter(void 0, void 0, void 0, function* () {
|
|
79
|
+
span.setAttribute("source", args.source);
|
|
80
|
+
span.setAttribute("destination", args.destination);
|
|
81
|
+
if (args.provider) {
|
|
82
|
+
span.setAttribute("provider", args.provider);
|
|
83
|
+
}
|
|
84
|
+
if (args.sudo) {
|
|
85
|
+
span.setAttribute("sudo", args.sudo);
|
|
86
|
+
}
|
|
87
|
+
// Clean up any stale SSH config files before proceeding
|
|
88
|
+
yield (0, ssh_cleanup_1.cleanupStaleSshConfigs)(args.debug);
|
|
89
|
+
const authn = yield (0, auth_1.authenticate)(args);
|
|
90
|
+
const sshOptions = Array.isArray(args["--"])
|
|
91
|
+
? args["--"].map(String)
|
|
92
|
+
: [];
|
|
93
|
+
args.sshOptions = sshOptions;
|
|
94
|
+
// TODO(ENG-3142): Azure SSH currently doesn't support specifying a port; throw an error if one is set.
|
|
95
|
+
if (args.provider === "azure" &&
|
|
96
|
+
sshOptions.some((opt) => opt.startsWith("-P"))) {
|
|
97
|
+
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
98
|
+
}
|
|
99
|
+
const host = getHostIdentifier(args.source, args.destination);
|
|
100
|
+
if (!host) {
|
|
101
|
+
throw "Could not determine host identifier from source or destination";
|
|
102
|
+
}
|
|
103
|
+
const { request, requestId, privateKey, sshProvider, sshHostKeys } = yield (0, ssh_3.prepareRequest)(authn, args, host);
|
|
104
|
+
// replace the host with the linuxUserName@instanceId
|
|
105
|
+
const { source, destination } = replaceHostWithInstance(request, args);
|
|
106
|
+
const exitCode = yield (0, ssh_1.sshOrScp)({
|
|
107
|
+
authn,
|
|
108
|
+
request,
|
|
109
|
+
requestId,
|
|
110
|
+
cmdArgs: Object.assign(Object.assign({}, args), { source,
|
|
111
|
+
destination }),
|
|
112
|
+
privateKey,
|
|
113
|
+
sshProvider,
|
|
114
|
+
sshHostKeys,
|
|
115
|
+
});
|
|
116
|
+
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
117
|
+
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
118
|
+
// Skip in tests to avoid killing the test runner
|
|
119
|
+
if (process.env.NODE_ENV !== "unit") {
|
|
120
|
+
(0, otel_helpers_1.exitProcess)(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
121
|
+
}
|
|
122
|
+
}), {
|
|
123
|
+
command: "scp",
|
|
104
124
|
});
|
|
105
|
-
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
106
|
-
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
107
|
-
// Skip in tests to avoid killing the test runner
|
|
108
|
-
if (process.env.NODE_ENV !== "unit") {
|
|
109
|
-
process.exit(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
110
|
-
}
|
|
111
125
|
});
|
|
112
126
|
/** If a path is not explicitly local, use this pattern to determine if it's remote */
|
|
113
127
|
const REMOTE_PATTERN_COLON = /^([^:]+:)(.*)$/; // Matches host:[path]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,sCAAiE;AACjE,
|
|
1
|
+
{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../../src/commands/scp.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,gEAAuE;AACvE,wCAA0C;AAC1C,sCAAiE;AACjE,sCAA8E;AAC9E,sDAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,4BAA4B;AAC5B,6DAA6D;AAC7D,mDAAmD,EACnD,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,wBAAwB;CACtC,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,8CAA8C;CACzD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,2BAAqB;CAC/B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EACN,mEAAmE;IACrE,OAAO,EAAE,IAAA,oBAAc,GAAE;CAC1B,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,8CAA8C,CAAC;IACtD,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;sGAE4F,CAC7F,EAEL,SAAS,CACV,CAAC;AApDS,QAAA,UAAU,cAoDnB;AAEJ;;;GAGG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,IAAA,wBAAS,EACb,aAAa,EACb,CAAO,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,QAAQ,EAAE;YACjB,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;SAC9C;QACD,IAAI,IAAI,CAAC,IAAI,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;SACtC;QAED,wDAAwD;QACxD,MAAM,IAAA,oCAAsB,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;QAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;YACxB,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,uGAAuG;QACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;YACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;YACA,MAAM,wHAAwH,CAAC;SAChI;QAED,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE9D,IAAI,CAAC,IAAI,EAAE;YACT,MAAM,gEAAgE,CAAC;SACxE;QAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAE1C,qDAAqD;QACrD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,MAAM,IAAA,cAAQ,EAAC;YAC9B,KAAK;YACL,OAAO;YACP,SAAS;YACT,OAAO,kCACF,IAAI,KACP,MAAM;gBACN,WAAW,GACZ;YACD,UAAU;YACV,WAAW;YACX,WAAW;SACZ,CAAC,CAAC;QAEH,+FAA+F;QAC/F,yFAAyF;QACzF,iDAAiD;QACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;YACnC,IAAA,0BAAW,EAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,CAAC,CAAC,CAAC;SAC5B;IACH,CAAC,CAAA,EACD;QACE,OAAO,EAAE,KAAK;KACf,CACF,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,sFAAsF;AACtF,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,CAAC,sBAAsB;AAErE,gFAAgF;AAChF,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAW,EAAE;IACnD,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,WAAmB,EAAE,EAAE;IAChE,6FAA6F;IAC7F,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC;IAErD,IAAI,cAAc,IAAI,mBAAmB,EAAE;QACzC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7B;IAED,6DAA6D;IAC7D,MAAM,0DAA0D,CAAC;AACnE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,MAAkB,EAAE,IAAoB,EAAE,EAAE;IAC3E,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,IAAI,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAEnC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACzE;IAED,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE;QACnC,WAAW,GAAG,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KACnF;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC,CAAC"}
|
|
@@ -30,6 +30,8 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
30
30
|
const api_1 = require("../../drivers/api");
|
|
31
31
|
const auth_1 = require("../../drivers/auth");
|
|
32
32
|
const stdio_1 = require("../../drivers/stdio");
|
|
33
|
+
const otel_helpers_1 = require("../../opentelemetry/otel-helpers");
|
|
34
|
+
const api_2 = require("@opentelemetry/api");
|
|
33
35
|
const typescript_1 = require("typescript");
|
|
34
36
|
exports.PROVISIONING_ACCESS_MESSAGE = "Waiting for access to be provisioned";
|
|
35
37
|
exports.EXISTING_ACCESS_MESSAGE = "Existing access found.";
|
|
@@ -64,16 +66,35 @@ const requestArgs = (yargs) => yargs
|
|
|
64
66
|
exports.requestArgs = requestArgs;
|
|
65
67
|
const resolveCode = (permission, logMessage) => {
|
|
66
68
|
const { status } = permission;
|
|
69
|
+
// Get the active span from OpenTelemetry context
|
|
70
|
+
const activeSpan = api_2.trace.getActiveSpan();
|
|
67
71
|
if (isCompletedStatus(status)) {
|
|
68
72
|
const { message, code } = COMPLETED_REQUEST_STATUSES[status];
|
|
69
73
|
const errorMessage = permission.error
|
|
70
74
|
? `${message}: ${permission.error.message}`
|
|
71
75
|
: message;
|
|
76
|
+
// Mark span based on request outcome
|
|
77
|
+
if (activeSpan) {
|
|
78
|
+
if (code !== 0) {
|
|
79
|
+
(0, otel_helpers_1.markSpanError)(activeSpan, `Request ${status}: ${errorMessage}`);
|
|
80
|
+
}
|
|
81
|
+
activeSpan.setAttribute("request.status", status);
|
|
82
|
+
activeSpan.setAttribute("request.exitCode", code);
|
|
83
|
+
}
|
|
84
|
+
// TODO(ENG-6770): Consider adding debug logging when activeSpan is null to detect
|
|
85
|
+
// when resolveCode is called outside of traced contexts
|
|
72
86
|
if (code !== 0 || logMessage)
|
|
73
87
|
(0, stdio_1.print2)(errorMessage);
|
|
74
88
|
return code;
|
|
75
89
|
}
|
|
76
90
|
else {
|
|
91
|
+
// Request timed out
|
|
92
|
+
if (activeSpan) {
|
|
93
|
+
(0, otel_helpers_1.markSpanError)(activeSpan, "Request timed out after 5 minutes");
|
|
94
|
+
activeSpan.setAttribute("request.status", "TIMEOUT");
|
|
95
|
+
activeSpan.setAttribute("request.exitCode", 4);
|
|
96
|
+
}
|
|
97
|
+
// TODO(ENG-6770): Consider adding debug logging when activeSpan is null
|
|
77
98
|
(0, stdio_1.print2)("Your request did not complete within 5 minutes.");
|
|
78
99
|
return 4;
|
|
79
100
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAwE;AACxE,6CAAkD;AAClD,+CAAwD;
|
|
1
|
+
{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../../src/commands/shared/request.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAwE;AACxE,6CAAkD;AAClD,+CAAwD;AACxD,mEAAiE;AAOjE,4CAA2C;AAC3C,2CAAiC;AAGpB,QAAA,2BAA2B,GACtC,sCAAsC,CAAC;AAC5B,QAAA,uBAAuB,GAAG,wBAAwB,CAAC;AACnD,QAAA,2BAA2B,GACtC,wCAAwC,CAAC;AAE3C,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACnE,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAC/D,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAE1E,MAAM,0BAA0B,GAAG;IACjC,QAAQ;IACR,iBAAiB,EAAE,QAAQ;IAC3B,IAAI,EAAE,QAAQ;IACd,aAAa,EAAE,QAAQ;IACvB,MAAM;IACN,OAAO;CACR,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACxB,MAAW,EACwC,EAAE,CACrD,MAAM,IAAI,0BAA0B,CAAC;AAEhC,MAAM,WAAW,GAAG,CAAI,KAAoB,EAAE,EAAE,CACrD,KAAK;KACF,mBAAmB,CAAC,EAAE,yBAAyB,EAAE,IAAI,EAAE,CAAC;KACxD,IAAI,CAAC,KAAK,CAAC,CAAC,4HAA4H;KACxI,MAAM,CAAC,MAAM,EAAE;IACd,KAAK,EAAE,GAAG;IACV,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,sCAAsC;CACjD,CAAC;KACD,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,0BAA0B,EAAE,CAAC;KAC1E,MAAM,CAAC,WAAW,EAAE;IACnB,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC,CAAC;AAfM,QAAA,WAAW,eAejB;AAEP,MAAM,WAAW,GAAG,CAClB,UAA4C,EAC5C,UAAmB,EACnB,EAAE;IACF,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;IAE9B,iDAAiD;IACjD,MAAM,UAAU,GAAG,WAAK,CAAC,aAAa,EAAE,CAAC;IAEzC,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE;QAC7B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK;YACnC,CAAC,CAAC,GAAG,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE;YAC3C,CAAC,CAAC,OAAO,CAAC;QAEZ,qCAAqC;QACrC,IAAI,UAAU,EAAE;YACd,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,IAAA,4BAAa,EAAC,UAAU,EAAE,WAAW,MAAM,KAAK,YAAY,EAAE,CAAC,CAAC;aACjE;YACD,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;YAClD,UAAU,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;SACnD;QACD,kFAAkF;QAClF,wDAAwD;QAExD,IAAI,IAAI,KAAK,CAAC,IAAI,UAAU;YAAE,IAAA,cAAM,EAAC,YAAY,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC;KACb;SAAM;QACL,oBAAoB;QACpB,IAAI,UAAU,EAAE;YACd,IAAA,4BAAa,EAAC,UAAU,EAAE,mCAAmC,CAAC,CAAC;YAC/D,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;YACrD,UAAU,CAAC,YAAY,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC;SAChD;QACD,wEAAwE;QACxE,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;QAC1D,OAAO,CAAC,CAAC;KACV;AACH,CAAC,CAAC;AAEK,MAAM,OAAO,GAClB,CAAC,OAA4B,EAAE,EAAE,CACjC,CACE,IAIE,EACF,KAAa,EACb,OAGC,EACwC,EAAE;IAC3C,MAAM,aAAa,GAAG,KAAK,aAAL,KAAK,cAAL,KAAK,GAAI,CAAC,MAAM,IAAA,mBAAY,GAAE,CAAC,CAAC;IAEtD,MAAM,aAAa,GAAG,CAAC,OAAgB,EAAE,EAAE;QACzC,QAAQ,OAAO,EAAE;YACf,KAAK,mBAAmB;gBACtB,OAAO,2BAA2B,CAAC;YACrC;gBACE,OAAO,mBAAmB,CAAC;SAC9B;IACH,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,CACxB,OAAgD,EAChD,EAAE;QACF,OAAO,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,KAAI,OAAO;YAChC,CAAC,CAAC,MAAM,IAAA,iBAAS,EAAC,aAAa,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,EAAE,OAAO,CAAC;YAC3D,CAAC,CAAC,MAAM,OAAO,CAAC;IACpB,CAAC,CAAA,CAAC;IAEF,MAAM,eAAe,GAAG,CACtB,IAAoC,EACqB,EAAE;QAC3D,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,SAAS,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE;YACxD,MAAM,gBAAgB,GACpB,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;gBACjB,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,KAAK;gBAC1B,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,MAAK,mBAAmB;oBACvC,CAAC,IAAI,CAAC,aAAa;oBACnB,CAAC,IAAI,CAAC,YAAY;oBAClB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;SACnC;aAAM;YACL,MAAM,IAAI,CAAC;SACZ;IACH,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,GAAS,EAAE;QAC/B,MAAM,mBAAmB,GAAG,IAAA,kBAAY,EACtC,aAAa,EACb,IAAI,EACJ,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAC7B,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QAC9D,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,gBAAgB;YAAE,IAAA,cAAM,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC,CAAA,CAAC;IAEF,MAAM,uBAAuB,GAAG,GAAS,EAAE;;QACzC,MAAM,8BAA8B,GAAG,IAAA,2BAAqB,EAE1D,aAAa,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACjE,MAAM,6BAA6B,GAAG,GAAS,EAAE;YAC/C,MAAM,cAAc,GAAG,MAAM,8BAA8B,CAAC,IAAI,EAAE,CAAC;YACnE,IAAI,cAAc,CAAC,IAAI,EAAE;gBACvB,OAAO,SAAS,CAAC;aAClB;YACD,OAAO,cAAc,CAAC,KAAK,CAAC;QAC9B,CAAC,CAAA,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,iBAAiB,CACxC,6BAA6B,EAAE,CAChC,CAAC;QACF,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAC/D,IAAI,gBAAgB,EAAE;YACpB,IAAA,cAAM,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,IAAA,cAAM,EAAC,2DAA2D,CAAC,CAAC;SACrE;;YACD,KAA8B,eAAA,mCAAA,cAAA,8BAA8B,CAAA,oCAAA;gBAA9B,8CAA8B;gBAA9B,WAA8B;;oBAAjD,MAAM,SAAS,KAAA,CAAA;oBACxB,IAAI,CAAC,SAAS,EAAE;wBACd,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;qBAC5D;oBACD,MAAM,IAAI,GAAG,WAAW,CACtB,SAAS,CAAC,OAA2C,EACrD,gBAAgB,CACjB,CAAC;oBACF,IAAI,IAAI,EAAE;wBACR,gBAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACf,OAAO,SAAS,CAAC;qBAClB;oBACD,OAAO,SAAS,CAAC;;;;;aAClB;;;;;;;;;QACD,MAAM,IAAI,CAAC;IACb,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,OAAO,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAAC,CAAC;KACzE;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE;YAC3D,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;SAC3D;QACD,IACE,KAAK,YAAY,KAAK;YACtB,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,CAAC,EAC5D;YACA,IAAA,cAAM,EAAC,kDAAkD,CAAC,CAAC;SAC5D;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAhHS,QAAA,OAAO,WAgHhB;AAEG,MAAM,gBAAgB,GAAG,CAC9B,IAGE,EACF,KAAY,EACZ,EAAE;IACF,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,IAAA,eAAO,EAAC,SAAS,CAAC,iCAAM,IAAI,KAAE,IAAI,EAAE,IAAI,KAAI,KAAK,EAAE;YACxE,OAAO,EAAE,mBAAmB;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE;YACb,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;YAChD,OAAO;SACR;QAED,MAAM,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;QAEnC,IAAA,cAAM,EACJ,CAAC,aAAa,CAAC,CAAC,CAAC,mCAA2B,CAAC,CAAC,CAAC,+BAAuB,CACvE,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,KAAK,mCAA2B,EAAE;YACzC,IAAA,cAAM,EAAC,+BAAuB,CAAC,CAAC;SACjC;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AA7BW,QAAA,gBAAgB,oBA6B3B"}
|
|
@@ -47,6 +47,10 @@ export type SshAdditionalSetup = {
|
|
|
47
47
|
teardown: () => Promise<void>;
|
|
48
48
|
};
|
|
49
49
|
export declare const SSH_PROVIDERS: Record<SupportedSshProvider, SshProvider<any, any, any, any>>;
|
|
50
|
+
/** Returns true if sudo should be enabled by default.
|
|
51
|
+
* Set P0_SSH_SUDO=1 to enable sudo by default.
|
|
52
|
+
*/
|
|
53
|
+
export declare const getDefaultSudo: () => boolean;
|
|
50
54
|
export declare const isSudoCommand: (args: {
|
|
51
55
|
sudo?: boolean;
|
|
52
56
|
command?: string;
|
|
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.prepareRequest = exports.provisionRequest = exports.isSudoCommand = exports.SSH_PROVIDERS = void 0;
|
|
12
|
+
exports.prepareRequest = exports.provisionRequest = exports.isSudoCommand = exports.getDefaultSudo = exports.SSH_PROVIDERS = void 0;
|
|
13
13
|
/** Copyright © 2024-present P0 Security
|
|
14
14
|
|
|
15
15
|
This file is part of @p0security/cli
|
|
@@ -25,6 +25,7 @@ const keys_1 = require("../../common/keys");
|
|
|
25
25
|
const api_1 = require("../../drivers/api");
|
|
26
26
|
const config_1 = require("../../drivers/config");
|
|
27
27
|
const stdio_1 = require("../../drivers/stdio");
|
|
28
|
+
const otel_helpers_1 = require("../../opentelemetry/otel-helpers");
|
|
28
29
|
const ssh_1 = require("../../plugins/aws/ssh");
|
|
29
30
|
const ssh_2 = require("../../plugins/azure/ssh");
|
|
30
31
|
const ssh_3 = require("../../plugins/google/ssh");
|
|
@@ -51,6 +52,15 @@ const validateSshInstall = (authn, args) => __awaiter(void 0, void 0, void 0, fu
|
|
|
51
52
|
throw "This organization is not configured for SSH access";
|
|
52
53
|
}
|
|
53
54
|
});
|
|
55
|
+
/** Returns true if sudo should be enabled by default.
|
|
56
|
+
* Set P0_SSH_SUDO=1 to enable sudo by default.
|
|
57
|
+
*/
|
|
58
|
+
const getDefaultSudo = () => {
|
|
59
|
+
var _a;
|
|
60
|
+
const sudo = process.env.P0_SSH_SUDO;
|
|
61
|
+
return !!sudo && sudo !== "0" && ((_a = sudo.toLowerCase) === null || _a === void 0 ? void 0 : _a.call(sudo)) !== "false";
|
|
62
|
+
};
|
|
63
|
+
exports.getDefaultSudo = getDefaultSudo;
|
|
54
64
|
const isSudoCommand = (args) => args.sudo || args.command === "sudo";
|
|
55
65
|
exports.isSudoCommand = isSudoCommand;
|
|
56
66
|
const provisionRequest = (authn, args, destination, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -127,19 +137,24 @@ const pluginToCliRequest = (request, options) => __awaiter(void 0, void 0, void
|
|
|
127
137
|
return yield exports.SSH_PROVIDERS[request.permission.provider].toCliRequest(request, options);
|
|
128
138
|
});
|
|
129
139
|
const prepareRequest = (authn, args, destination, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
140
|
+
return yield (0, otel_helpers_1.traceSpan)("ssh.prepareRequest", (span) => __awaiter(void 0, void 0, void 0, function* () {
|
|
141
|
+
var _a, _b;
|
|
142
|
+
span.setAttribute("destination", destination);
|
|
143
|
+
const result = yield (0, exports.provisionRequest)(authn, args, destination, options);
|
|
144
|
+
if (!result) {
|
|
145
|
+
throw `Server did not return a request id. ${(0, config_1.getContactMessage)()}`;
|
|
146
|
+
}
|
|
147
|
+
const { requestId, publicKey, provisionedRequest } = result;
|
|
148
|
+
const sshProvider = exports.SSH_PROVIDERS[provisionedRequest.permission.provider];
|
|
149
|
+
span.setAttribute("provider", provisionedRequest.permission.provider);
|
|
150
|
+
span.setAttribute("requestId", requestId);
|
|
151
|
+
yield ((_a = sshProvider.submitPublicKey) === null || _a === void 0 ? void 0 : _a.call(sshProvider, authn, provisionedRequest, requestId, publicKey, args.debug));
|
|
152
|
+
yield sshProvider.ensureInstall();
|
|
153
|
+
const cliRequest = yield pluginToCliRequest(provisionedRequest, Object.assign(Object.assign({}, args), { publicKey }));
|
|
154
|
+
const request = sshProvider.requestToSsh(cliRequest);
|
|
155
|
+
const sshHostKeys = yield ((_b = sshProvider.saveHostKeys) === null || _b === void 0 ? void 0 : _b.call(sshProvider, request, args));
|
|
156
|
+
return Object.assign(Object.assign({}, result), { request, sshProvider, provisionedRequest, sshHostKeys });
|
|
157
|
+
}));
|
|
143
158
|
});
|
|
144
159
|
exports.prepareRequest = prepareRequest;
|
|
145
160
|
//# sourceMappingURL=ssh.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAA0C;AAC1C,4CAAkD;AAClD,2CAA2D;AAC3D,iDAAyD;AACzD,+CAA6C;AAC7C,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAC1D,uDAAsE;AAItE,yCAMyB;AACzB,uCAAoC;AACpC,mCAA8B;AAC9B,2CAAiC;AA0DpB,QAAA,aAAa,GAGtB;IACF,GAAG,EAAE,oBAAc;IACnB,KAAK,EAAE,sBAAgB;IACvB,MAAM,EAAE,oBAAc;IACtB,aAAa,EAAE,2BAAqB;CACrC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,KAAY,EACZ,IAAkD,EAClD,EAAE;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,WAAW,GAAG,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAEnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ;QACpC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjB,CAAC,CAAC,2BAAqB,CAAC;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,EAAE,CAAC,CAAC,MAAM,CACpD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACf,KAAK,CAAC,KAAK,IAAI,WAAW;QAC1B,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAC5D,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,oDAAoD,CAAC;KAC5D;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,aAAa,GAAG,CAAC,IAA0C,EAAE,EAAE,CAC1E,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,CAAC;AAD1B,QAAA,aAAa,iBACa;AAEhC,MAAM,gBAAgB,GAAG,CAC9B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,OAA2B,EAC3B,EAAE;IACF,MAAM,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,oBAAa,GAAE,CAAC;IAExD,MAAM,WAAW,GAAG,CAAO,cAAuC,EAAE,EAAE;QACpE,OAAO,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAExB,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;gBACT,KAAK;gBACL,SAAS;gBACT,WAAW;gBACX,cAAc;gBACd,SAAS;gBACT,GAAG,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,CAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,SAAS,KAAI,IAAA,qBAAa,EAAC,IAAI,CAAC;oBAClD,CAAC,CAAC,CAAC,QAAQ,CAAC;oBACZ,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aAClD,EACD,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,IAAI,CAAC,KAAK,KAEnB,KAAK,EACL,EAAE,OAAO,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAC5D,CAAC;IACJ,CAAC,CAAA,CAAC;IAEF,gHAAgH;IAChH,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE;QACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;YACZ,IACE,GAAG,CAAC,UAAU,CAAC,uCAAuC,CAAC;gBACvD,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EACzB;gBACA,IAAA,cAAM,EACJ,wFAAwF,CACzF,CAAC;aACH;SACF;QACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC,CAAC;IAEF,IAAI,QAAQ,CAAC;IACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;QACzB,sBAAsB;QACtB,IAAI;YACF,QAAQ,GAAG,MAAM,WAAW,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CACrD,mBAAmB,CACpB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,kCAAkC;YAClC,IAAI,IAAI,CAAC,KAAK,EAAE;gBACd,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;aAC3D;YACD,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;SAC3D;KACF;SAAM;QACL,wCAAwC;QACxC,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;KAC3D;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAA,EAAE;YACnB,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;SACjD;QACD,OAAO;KACR;IAED,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IAEvC,MAAM,OAAO,GAAG,aAAa;QAC3B,CAAC,CAAC,iDAAiD;QACnD,CAAC,CAAC,sCAAsC,CAAC;IAC3C,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC;IAEhB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAqB,EACxC,QAAQ,CAAC,OAAO,CACjB,CAAC;IAEF,IAAI,CAAC,MAAM;QAAE,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEzB,OAAO;QACL,SAAS,EAAE,EAAE;QACb,kBAAkB,EAAE,QAAQ,CAAC,OAAO;QACpC,SAAS;QACT,UAAU;KACX,CAAC;AACJ,CAAC,CAAA,CAAC;AAjGW,QAAA,gBAAgB,oBAiG3B;AAEF,MAAM,kBAAkB,GAAG,CACzB,OAA4C,EAC5C,OAA+C,EACJ,EAAE;IAC7C,OAAA,MAAM,qBAAa,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAC3D,OAAc,EACd,OAAO,CACR,CAAA;EAAA,CAAC;AAEG,MAAM,cAAc,GAAG,CAC5B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,OAA2B,EAC3B,EAAE
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/commands/shared/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wBAA0C;AAC1C,4CAAkD;AAClD,2CAA2D;AAC3D,iDAAyD;AACzD,+CAA6C;AAC7C,mEAA6D;AAC7D,+CAAuD;AACvD,iDAA2D;AAC3D,kDAA0D;AAC1D,uDAAsE;AAItE,yCAMyB;AACzB,uCAAoC;AACpC,mCAA8B;AAC9B,2CAAiC;AA0DpB,QAAA,aAAa,GAGtB;IACF,GAAG,EAAE,oBAAc;IACnB,KAAK,EAAE,sBAAgB;IACvB,MAAM,EAAE,oBAAc;IACtB,aAAa,EAAE,2BAAqB;CACrC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACzB,KAAY,EACZ,IAAkD,EAClD,EAAE;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,WAAW,GAAG,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAEnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ;QACpC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjB,CAAC,CAAC,2BAAqB,CAAC;IAE1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,EAAE,CAAC,CAAC,MAAM,CACpD,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACf,KAAK,CAAC,KAAK,IAAI,WAAW;QAC1B,gBAAgB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAC5D,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,oDAAoD,CAAC;KAC5D;AACH,CAAC,CAAA,CAAC;AAEF;;GAEG;AACI,MAAM,cAAc,GAAG,GAAY,EAAE;;IAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACrC,OAAO,CAAC,CAAC,IAAI,IAAI,IAAI,KAAK,GAAG,IAAI,CAAA,MAAA,IAAI,CAAC,WAAW,oDAAI,MAAK,OAAO,CAAC;AACpE,CAAC,CAAC;AAHW,QAAA,cAAc,kBAGzB;AAEK,MAAM,aAAa,GAAG,CAAC,IAA0C,EAAE,EAAE,CAC1E,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,CAAC;AAD1B,QAAA,aAAa,iBACa;AAEhC,MAAM,gBAAgB,GAAG,CAC9B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,OAA2B,EAC3B,EAAE;IACF,MAAM,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,oBAAa,GAAE,CAAC;IAExD,MAAM,WAAW,GAAG,CAAO,cAAuC,EAAE,EAAE;QACpE,OAAO,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAExB,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;gBACT,KAAK;gBACL,SAAS;gBACT,WAAW;gBACX,cAAc;gBACd,SAAS;gBACT,GAAG,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,CAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,SAAS,KAAI,IAAA,qBAAa,EAAC,IAAI,CAAC;oBAClD,CAAC,CAAC,CAAC,QAAQ,CAAC;oBACZ,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aAClD,EACD,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,IAAI,CAAC,KAAK,KAEnB,KAAK,EACL,EAAE,OAAO,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,EAAE,CAC5D,CAAC;IACJ,CAAC,CAAA,CAAC;IAEF,gHAAgH;IAChH,MAAM,mBAAmB,GAAG,CAAC,GAAQ,EAAE,EAAE;QACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,IAAA,cAAM,EAAC,GAAG,CAAC,CAAC;YACZ,IACE,GAAG,CAAC,UAAU,CAAC,uCAAuC,CAAC;gBACvD,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EACzB;gBACA,IAAA,cAAM,EACJ,wFAAwF,CACzF,CAAC;aACH;SACF;QACD,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC,CAAC;IAEF,IAAI,QAAQ,CAAC;IACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,EAAE;QACzB,sBAAsB;QACtB,IAAI;YACF,QAAQ,GAAG,MAAM,WAAW,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CACrD,mBAAmB,CACpB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,kCAAkC;YAClC,IAAI,IAAI,CAAC,KAAK,EAAE;gBACd,IAAA,cAAM,EAAC,iDAAiD,CAAC,CAAC;aAC3D;YACD,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;SAC3D;KACF;SAAM;QACL,wCAAwC;QACxC,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;KAC3D;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAA,EAAE;YACnB,IAAA,cAAM,EAAC,uCAAuC,CAAC,CAAC;SACjD;QACD,OAAO;KACR;IAED,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;IAEvC,MAAM,OAAO,GAAG,aAAa;QAC3B,CAAC,CAAC,iDAAiD;QACnD,CAAC,CAAC,sCAAsC,CAAC;IAC3C,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC;IAEhB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAqB,EACxC,QAAQ,CAAC,OAAO,CACjB,CAAC;IAEF,IAAI,CAAC,MAAM;QAAE,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEzB,OAAO;QACL,SAAS,EAAE,EAAE;QACb,kBAAkB,EAAE,QAAQ,CAAC,OAAO;QACpC,SAAS;QACT,UAAU;KACX,CAAC;AACJ,CAAC,CAAA,CAAC;AAjGW,QAAA,gBAAgB,oBAiG3B;AAEF,MAAM,kBAAkB,GAAG,CACzB,OAA4C,EAC5C,OAA+C,EACJ,EAAE;IAC7C,OAAA,MAAM,qBAAa,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,CAC3D,OAAc,EACd,OAAO,CACR,CAAA;EAAA,CAAC;AAEG,MAAM,cAAc,GAAG,CAC5B,KAAY,EACZ,IAAkD,EAClD,WAAmB,EACnB,OAA2B,EAC3B,EAAE;IACF,OAAO,MAAM,IAAA,wBAAS,EAAC,oBAAoB,EAAE,CAAO,IAAI,EAAE,EAAE;;QAC1D,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QAE9C,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,uCAAuC,IAAA,0BAAiB,GAAE,EAAE,CAAC;SACpE;QAED,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;QAE5D,MAAM,WAAW,GAAG,qBAAa,CAAC,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1E,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,kBAAkB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAE1C,MAAM,CAAA,MAAA,WAAW,CAAC,eAAe,4DAC/B,KAAK,EACL,kBAAkB,EAClB,SAAS,EACT,SAAS,EACT,IAAI,CAAC,KAAK,CACX,CAAA,CAAC;QAEF,MAAM,WAAW,CAAC,aAAa,EAAE,CAAC;QAElC,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,kCACzD,IAAI,KACP,SAAS,IACT,CAAC;QAEH,MAAM,OAAO,GAAG,WAAW,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAErD,MAAM,WAAW,GAAG,MAAM,CAAA,MAAA,WAAW,CAAC,YAAY,4DAAG,OAAO,EAAE,IAAI,CAAC,CAAA,CAAC;QAEpE,uCAAY,MAAM,KAAE,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,WAAW,IAAG;IAC9E,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAA,CAAC;AA1CW,QAAA,cAAc,kBA0CzB"}
|
|
@@ -21,6 +21,7 @@ This file is part of @p0security/cli
|
|
|
21
21
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
22
|
**/
|
|
23
23
|
const auth_1 = require("../drivers/auth");
|
|
24
|
+
const otel_helpers_1 = require("../opentelemetry/otel-helpers");
|
|
24
25
|
const ssh_1 = require("../plugins/ssh");
|
|
25
26
|
const util_1 = require("../util");
|
|
26
27
|
const ssh_2 = require("./shared/ssh");
|
|
@@ -42,7 +43,8 @@ const sshCommand = (yargs) => yargs.command("ssh <destination> [command [argumen
|
|
|
42
43
|
})
|
|
43
44
|
.option("sudo", {
|
|
44
45
|
type: "boolean",
|
|
45
|
-
describe: "Add user to sudoers file",
|
|
46
|
+
describe: "Add user to sudoers file. Set P0_SSH_SUDO=1 to enable by default.",
|
|
47
|
+
default: (0, ssh_2.getDefaultSudo)(),
|
|
46
48
|
})
|
|
47
49
|
// Match `p0 request --reason`
|
|
48
50
|
.option("reason", {
|
|
@@ -81,34 +83,45 @@ exports.sshCommand = sshCommand;
|
|
|
81
83
|
* - AWS EC2 via SSM with Okta SAML
|
|
82
84
|
*/
|
|
83
85
|
const sshAction = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
sshHostKeys,
|
|
86
|
+
yield (0, otel_helpers_1.traceSpan)("ssh.command", (span) => __awaiter(void 0, void 0, void 0, function* () {
|
|
87
|
+
span.setAttribute("destination", args.destination);
|
|
88
|
+
if (args.provider) {
|
|
89
|
+
span.setAttribute("provider", args.provider);
|
|
90
|
+
}
|
|
91
|
+
if (args.sudo) {
|
|
92
|
+
span.setAttribute("sudo", args.sudo);
|
|
93
|
+
}
|
|
94
|
+
// Clean up any stale SSH config files before proceeding
|
|
95
|
+
yield (0, ssh_cleanup_1.cleanupStaleSshConfigs)(args.debug);
|
|
96
|
+
// Prefix is required because the backend uses it to determine that this is an AWS request
|
|
97
|
+
const authn = yield (0, auth_1.authenticate)(args);
|
|
98
|
+
const sshOptions = Array.isArray(args["--"])
|
|
99
|
+
? args["--"].map(String)
|
|
100
|
+
: [];
|
|
101
|
+
args.sshOptions = sshOptions;
|
|
102
|
+
// TODO(ENG-3142): Azure SSH currently doesn't support specifying a port; throw an error if one is set.
|
|
103
|
+
if (args.provider === "azure" &&
|
|
104
|
+
sshOptions.some((opt) => opt.startsWith("-p"))) {
|
|
105
|
+
throw "Azure SSH does not currently support specifying a port. SSH on the target VM must be listening on the default port 22.";
|
|
106
|
+
}
|
|
107
|
+
const { request, requestId, privateKey, sshProvider, sshHostKeys } = yield (0, ssh_2.prepareRequest)(authn, args, args.destination);
|
|
108
|
+
const exitCode = yield (0, ssh_1.sshOrScp)({
|
|
109
|
+
authn,
|
|
110
|
+
request,
|
|
111
|
+
requestId,
|
|
112
|
+
cmdArgs: args,
|
|
113
|
+
privateKey,
|
|
114
|
+
sshProvider,
|
|
115
|
+
sshHostKeys,
|
|
116
|
+
});
|
|
117
|
+
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
118
|
+
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
119
|
+
// Skip in tests to avoid killing the test runner
|
|
120
|
+
if (process.env.NODE_ENV !== "unit") {
|
|
121
|
+
(0, otel_helpers_1.exitProcess)(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
122
|
+
}
|
|
123
|
+
}), {
|
|
124
|
+
command: "ssh",
|
|
106
125
|
});
|
|
107
|
-
// Force exit to prevent hanging due to orphaned child processes (e.g., session-manager-plugin)
|
|
108
|
-
// holding open file descriptors. See: https://github.com/aws/amazon-ssm-agent/issues/173
|
|
109
|
-
// Skip in tests to avoid killing the test runner
|
|
110
|
-
if (process.env.NODE_ENV !== "unit") {
|
|
111
|
-
process.exit(exitCode !== null && exitCode !== void 0 ? exitCode : 0);
|
|
112
|
-
}
|
|
113
126
|
});
|
|
114
127
|
//# sourceMappingURL=ssh.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,wCAA0C;AAC1C,kCAAqC;AACrC,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../src/commands/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,0CAA+C;AAC/C,gEAAuE;AACvE,wCAA0C;AAC1C,kCAAqC;AACrC,sCAA8E;AAC9E,sDAA8D;AAGvD,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CACX,2CAA2C,EAC3C,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,UAAU,CAAC,SAAS,EAAE;IACrB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,2BAA2B;CACtC,CAAC;KACD,UAAU,CAAC,WAAW,EAAE;IACvB,QAAQ,EAAE,mBAAmB;IAC7B,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;CACxB,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,SAAS;IACf,QAAQ,EACN,mEAAmE;IACrE,OAAO,EAAE,IAAA,oBAAc,GAAE;CAC1B,CAAC;IACF,8BAA8B;KAC7B,MAAM,CAAC,QAAQ,EAAE;IAChB,QAAQ,EAAE,yBAAyB;IACnC,IAAI,EAAE,QAAQ;CACf,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,qGAAqG;CACxG,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;CACnD,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;KACD,KAAK,CAAC,gEAAgE,CAAC;IACxE,+DAA+D;KAC9D,mBAAmB,CAAC;IACnB,YAAY,EAAE,IAAI;CACnB,CAAC;KACD,QAAQ,CACP;;;;MAIJ,IAAA,iBAAU,GAAE,8FAA8F,CACvG,EAEL,SAAS,CACV,CAAC;AA3DS,QAAA,UAAU,cA2DnB;AAEJ;;;;;;GAMG;AACH,MAAM,SAAS,GAAG,CAAO,IAA8C,EAAE,EAAE;IACzE,MAAM,IAAA,wBAAS,EACb,aAAa,EACb,CAAO,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,QAAQ,EAAE;YACjB,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;SAC9C;QACD,IAAI,IAAI,CAAC,IAAI,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;SACtC;QAED,wDAAwD;QACxD,MAAM,IAAA,oCAAsB,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzC,0FAA0F;QAC1F,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;QAEvC,MAAM,UAAU,GAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;YACxB,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,uGAAuG;QACvG,IACE,IAAI,CAAC,QAAQ,KAAK,OAAO;YACzB,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAC9C;YACA,MAAM,wHAAwH,CAAC;SAChI;QAED,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAChE,MAAM,IAAA,oBAAc,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAEtD,MAAM,QAAQ,GAAG,MAAM,IAAA,cAAQ,EAAC;YAC9B,KAAK;YACL,OAAO;YACP,SAAS;YACT,OAAO,EAAE,IAAI;YACb,UAAU;YACV,WAAW;YACX,WAAW;SACZ,CAAC,CAAC;QAEH,+FAA+F;QAC/F,yFAAyF;QACzF,iDAAiD;QACjD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE;YACnC,IAAA,0BAAW,EAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,CAAC,CAAC,CAAC;SAC5B;IACH,CAAC,CAAA,EACD;QACE,OAAO,EAAE,KAAK;KACf,CACF,CAAC;AACJ,CAAC,CAAA,CAAC"}
|
|
@@ -96,6 +96,7 @@ const withRedirectServer = (beginAuth, completeAuth, options) => __awaiter(void
|
|
|
96
96
|
});
|
|
97
97
|
// Register signal handlers to ensure cleanup on interruption
|
|
98
98
|
const signalHandler = () => {
|
|
99
|
+
// NOTE: Cannot use exitProcess() here - OAuth server runs outside of traced command context
|
|
99
100
|
void cleanup().finally(() => process.exit(0));
|
|
100
101
|
};
|
|
101
102
|
process.once("SIGINT", signalHandler);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/common/auth/server.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;AAEH,qFAAqF;AACrF,qCAAmC;AACnC,sDAA8B;AAC9B,mCAA8B;AAC9B,+CAA4C;AAE5C,yCAA0C;AAC1C,uCAAiD;AACjD,6CAAuC;AAEvC,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACrE,MAAM,iBAAiB,GAAG,uBAAuB,CAAC;AAClD,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC;;GAEG;AACH,MAAM,2BAA2B,GAAG,GAAG,CAAC;AAExC,MAAM,cAAc,GAAG,CACrB,KAAa,EACb,GAAqB,EACrB,WAAmB,EACnB,EAAE;IACF,MAAM,MAAM,GAAG,sBAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAO,IAAY,EAAmB,EAAE;IAC9D,IAAI,IAAA,gBAAK,GAAE,EAAE;QACX,MAAM,IAAI,GAAG,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAEF,8EAA8E;AACvE,MAAM,kBAAkB,GAAG,CAChC,SAA8C,EAC9C,YAAgD,EAChD,OAA2B,EAC3B,EAAE;;IACF,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,IAAI,eAAoC,CAAC;IACzC,IAAI,cAAoC,CAAC;IACzC,IAAI,KAAQ,CAAC;IACb,MAAM,eAAe,GAAG,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzD,eAAe,GAAG,OAAO,CAAC;QAC1B,cAAc,GAAG,MAAM,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;IAEzD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;QACjC,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IACxC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAU,CAAC;QAC7B,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC;aACvB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAC;YAC3D,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAU,EAAE,EAAE;;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,mCAAI,KAAK,CAAC,CAAC;YAC9C,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAExB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,mCAAI,CAAC,CAAC,CAAC;IAE9C,kDAAkD;IAClD,MAAM,OAAO,GAAG,GAAS,EAAE;QACzB,MAAM,IAAA,YAAK,EAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;IACjB,CAAC,CAAA,CAAC;IAEF,6DAA6D;IAC7D,MAAM,aAAa,GAAG,GAAG,EAAE;QACzB,KAAK,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC7B,cAAc,CAAC,KAAK,CAAC,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI;QACF,KAAK,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,eAAe,CAAC;KAC9B;YAAS;QACR,OAAO,CAAC,cAAc,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAChD,OAAO,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEjD,MAAM,OAAO,EAAE,CAAC;KACjB;AACH,CAAC,CAAA,CAAC;
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/common/auth/server.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;;;;AAEH,qFAAqF;AACrF,qCAAmC;AACnC,sDAA8B;AAC9B,mCAA8B;AAC9B,+CAA4C;AAE5C,yCAA0C;AAC1C,uCAAiD;AACjD,6CAAuC;AAEvC,MAAM,WAAW,GAAG,IAAA,mBAAO,EAAC,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACrE,MAAM,iBAAiB,GAAG,uBAAuB,CAAC;AAClD,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC;;GAEG;AACH,MAAM,2BAA2B,GAAG,GAAG,CAAC;AAExC,MAAM,cAAc,GAAG,CACrB,KAAa,EACb,GAAqB,EACrB,WAAmB,EACnB,EAAE;IACF,MAAM,MAAM,GAAG,sBAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC3C,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAO,IAAY,EAAmB,EAAE;IAC9D,IAAI,IAAA,gBAAK,GAAE,EAAE;QACX,MAAM,IAAI,GAAG,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAEF,8EAA8E;AACvE,MAAM,kBAAkB,GAAG,CAChC,SAA8C,EAC9C,YAAgD,EAChD,OAA2B,EAC3B,EAAE;;IACF,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;IAEtB,IAAI,eAAoC,CAAC;IACzC,IAAI,cAAoC,CAAC;IACzC,IAAI,KAAQ,CAAC;IACb,MAAM,eAAe,GAAG,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACzD,eAAe,GAAG,OAAO,CAAC;QAC1B,cAAc,GAAG,MAAM,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;IAEzD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;QACjC,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;IACxC,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAU,CAAC;QAC7B,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC;aACvB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAC;YAC3D,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAU,EAAE,EAAE;;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,mCAAI,KAAK,CAAC,CAAC;YAC9C,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAExB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,mCAAI,CAAC,CAAC,CAAC;IAE9C,kDAAkD;IAClD,MAAM,OAAO,GAAG,GAAS,EAAE;QACzB,MAAM,IAAA,YAAK,EAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC,KAAK,CAAC,aAAI,CAAC,CAAC;IACjB,CAAC,CAAA,CAAC;IAEF,6DAA6D;IAC7D,MAAM,aAAa,GAAG,GAAG,EAAE;QACzB,4FAA4F;QAC5F,KAAK,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAEvC,6CAA6C;IAC7C,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YAC7B,cAAc,CAAC,KAAK,CAAC,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI;QACF,KAAK,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,OAAO,MAAM,eAAe,CAAC;KAC9B;YAAS;QACR,OAAO,CAAC,cAAc,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAChD,OAAO,CAAC,cAAc,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAEjD,MAAM,OAAO,EAAE,CAAC;KACjB;AACH,CAAC,CAAA,CAAC;AA3EW,QAAA,kBAAkB,sBA2E7B"}
|
package/build/dist/index.js
CHANGED
|
@@ -45,6 +45,7 @@ const enableFipsMode = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
45
45
|
const fipsEnabled = node_crypto_1.default.getFips();
|
|
46
46
|
if (!fipsEnabled) {
|
|
47
47
|
(0, stdio_1.print2)(`Failed to enable FIPS mode`);
|
|
48
|
+
// NOTE: Cannot use exitProcess() here - FIPS initialization happens before tracing is initialized
|
|
48
49
|
process.exit(1);
|
|
49
50
|
}
|
|
50
51
|
// Run diagnostics if --debug flag is present
|
|
@@ -55,6 +56,7 @@ const enableFipsMode = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
55
56
|
catch (error) {
|
|
56
57
|
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
57
58
|
(0, stdio_1.print2)(`Failed to enable FIPS mode: ${errorMessage}`);
|
|
59
|
+
// NOTE: Cannot use exitProcess() here - FIPS initialization happens before tracing is initialized
|
|
58
60
|
process.exit(1);
|
|
59
61
|
}
|
|
60
62
|
});
|
|
@@ -104,10 +106,12 @@ const run = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
104
106
|
// We still exit with a non-zero code to indicate failure.
|
|
105
107
|
process.on("uncaughtException", (error) => {
|
|
106
108
|
(0, stdio_1.print2)("Uncaught Exception: " + error.message);
|
|
109
|
+
// NOTE: Consideration of exitProcess() is reserved for future in-depth analysis
|
|
107
110
|
process.exit(1);
|
|
108
111
|
});
|
|
109
112
|
process.on("unhandledRejection", (reason) => {
|
|
110
113
|
(0, stdio_1.print2)("Unhandled Rejection: " + (reason instanceof Error ? reason.message : String(reason)));
|
|
114
|
+
// NOTE: Consideration of exitProcess() is reserved for future in-depth analysis
|
|
111
115
|
process.exit(1);
|
|
112
116
|
});
|
|
113
117
|
if (require.main === module || (0, node_sea_1.isSea)()) {
|