@p0security/cli 0.24.5 → 0.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/build/dist/commands/aws/index.js +4 -2
  2. package/build/dist/commands/aws/index.js.map +1 -1
  3. package/build/dist/commands/aws/rds.d.ts +7 -0
  4. package/build/dist/commands/aws/rds.js +169 -0
  5. package/build/dist/commands/aws/rds.js.map +1 -0
  6. package/build/dist/commands/kubeconfig.js +8 -3
  7. package/build/dist/commands/kubeconfig.js.map +1 -1
  8. package/build/dist/plugins/aws/auth.d.ts +13 -0
  9. package/build/dist/plugins/aws/auth.js +30 -0
  10. package/build/dist/plugins/aws/auth.js.map +1 -0
  11. package/build/dist/plugins/aws/types.d.ts +3 -3
  12. package/build/dist/plugins/db/types.d.ts +28 -0
  13. package/build/dist/plugins/db/types.js +3 -0
  14. package/build/dist/plugins/db/types.js.map +1 -0
  15. package/build/dist/plugins/kubeconfig/index.d.ts +0 -2
  16. package/build/dist/plugins/kubeconfig/index.js +1 -32
  17. package/build/dist/plugins/kubeconfig/index.js.map +1 -1
  18. package/build/dist/plugins/kubeconfig/types.d.ts +2 -9
  19. package/build/dist/types/request.d.ts +2 -1
  20. package/build/dist/types/request.js.map +1 -1
  21. package/build/tsconfig.build.tsbuildinfo +1 -1
  22. package/package.json +1 -1
package/build/dist/commands/aws/index.js CHANGED
@@ -24,6 +24,7 @@ const auth_1 = require("../../drivers/auth");
24
24
  const stdio_1 = require("../../drivers/stdio");
25
25
  const config_1 = require("../../plugins/aws/config");
26
26
  const permission_set_1 = require("./permission-set");
27
+ const rds_1 = require("./rds");
27
28
  const role_1 = require("./role");
28
29
  const typescript_1 = require("typescript");
29
30
  const awsArgs = (yargs) => __awaiter(void 0, void 0, void 0, function* () {
@@ -48,9 +49,10 @@ const awsArgs = (yargs) => __awaiter(void 0, void 0, void 0, function* () {
48
49
  describe: "Print debug information.",
49
50
  })
50
51
  .env("P0_AWS");
52
+ const withRds = (0, rds_1.rds)(base, authn);
51
53
  const withCommand = ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "idc"
52
- ? (0, permission_set_1.permissionSet)(base, authn)
53
- : (0, role_1.role)(base, authn);
54
+ ? (0, permission_set_1.permissionSet)(withRds, authn)
55
+ : (0, role_1.role)(withRds, authn);
54
56
  return withCommand;
55
57
  }
56
58
  catch (error) {
package/build/dist/commands/aws/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/commands/aws/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,6CAAkD;AAClD,+CAA6C;AAC7C,qDAA6D;AAC7D,qDAAiD;AACjD,iCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,OAAO,GAAG,CAAO,KAAiB,EAAE,EAAE;;IAC1C,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;QAEnC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,0BAAiB,EAAC,KAAK,CAAC,CAAC;QAElD,MAAM,IAAI,GAAG,KAAK;YAChB,gEAAgE;YAChE,6DAA6D;aAC5D,aAAa,CAAC,CAAC,CAAC;aAChB,MAAM,CAAC,SAAS,EAAE;YACjB,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,iDAAiD;SAC5D,CAAC;aACD,MAAM,CAAC,QAAQ,EAAE;YAChB,QAAQ,EAAE,yBAAyB;YACnC,IAAI,EAAE,QAAQ;SACf,CAAC;aACD,MAAM,CAAC,OAAO,EAAE;YACf,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,0BAA0B;SACrC,CAAC;aACD,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEjB,MAAM,WAAW,GACf,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YAC1B,CAAC,CAAC,IAAA,8BAAa,EAAC,IAAI,EAAE,KAAK,CAAC;YAC5B,CAAC,CAAC,IAAA,WAAI,EAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxB,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,KAAK,EAAE;QACd,2CAA2C;QAC3C,sCAAsC;QAEtC,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;QACd,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,KAAK,CAAC,CAAC,kEAAkE;KAChF;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,sBAAsB,EAAE,OAAO,CAAC,CAAC;AAD3C,QAAA,UAAU,cACiC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/commands/aws/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,6CAAkD;AAClD,+CAA6C;AAC7C,qDAA6D;AAC7D,qDAAiD;AACjD,+BAA4B;AAC5B,iCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,OAAO,GAAG,CAAO,KAAiB,EAAE,EAAE;;IAC1C,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;QAEnC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,0BAAiB,EAAC,KAAK,CAAC,CAAC;QAElD,MAAM,IAAI,GAAG,KAAK;YAChB,gEAAgE;YAChE,6DAA6D;aAC5D,aAAa,CAAC,CAAC,CAAC;aAChB,MAAM,CAAC,SAAS,EAAE;YACjB,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,iDAAiD;SAC5D,CAAC;aACD,MAAM,CAAC,QAAQ,EAAE;YAChB,QAAQ,EAAE,yBAAyB;YACnC,IAAI,EAAE,QAAQ;SACf,CAAC;aACD,MAAM,CAAC,OAAO,EAAE;YACf,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,0BAA0B;SACrC,CAAC;aACD,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEjB,MAAM,OAAO,GAAG,IAAA,SAAG,EAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACjC,MAAM,WAAW,GACf,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YAC1B,CAAC,CAAC,IAAA,8BAAa,EAAC,OAAO,EAAE,KAAK,CAAC;YAC/B,CAAC,CAAC,IAAA,WAAI,EAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE3B,OAAO,WAAW,CAAC;KACpB;IAAC,OAAO,KAAK,EAAE;QACd,2CAA2C;QAC3C,sCAAsC;QAEtC,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;QACd,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,KAAK,CAAC,CAAC,kEAAkE;KAChF;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC9C,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,sBAAsB,EAAE,OAAO,CAAC,CAAC;AAD3C,QAAA,UAAU,cACiC"}
package/build/dist/commands/aws/rds.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ import { Authn } from "../../types/identity";
2
+ import yargs from "yargs";
3
+ export declare const rds: (yargs: yargs.Argv<{
4
+ account: string | undefined;
5
+ }>, authn: Authn) => yargs.Argv<{
6
+ account: string | undefined;
7
+ }>;
package/build/dist/commands/aws/rds.js ADDED
@@ -0,0 +1,169 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.rds = void 0;
13
+ /** Copyright © 2024-present P0 Security
14
+
15
+ This file is part of @p0security/cli
16
+
17
+ @p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
18
+
19
+ @p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
20
+
21
+ You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
22
+ **/
23
+ const api_1 = require("../../drivers/api");
24
+ const stdio_1 = require("../../drivers/stdio");
25
+ const auth_1 = require("../../plugins/aws/auth");
26
+ const utils_1 = require("../../plugins/aws/utils");
27
+ const util_1 = require("../../util");
28
+ const shared_1 = require("../shared");
29
+ const request_1 = require("../shared/request");
30
+ const files_1 = require("./files");
31
+ const typescript_1 = require("typescript");
32
+ const rds = (yargs, authn) => yargs.command("rds", "Interact with AWS RDS", (yargs) => yargs
33
+ // this parent command hangs because it doesn't have a handler,
34
+ // while building we'll require an argument which ensures that we'll
35
+ // always correctly display a help message
36
+ .demandCommand(1)
37
+ .command("generate-db-auth-token", "Generate an RDS database authentication token", (y) => y
38
+ .option("arch", {
39
+ type: "string",
40
+ choices: ["mysql", "pg"],
41
+ demandOption: true,
42
+ describe: "Database architecture; use 'mysql' for MariaDB",
43
+ })
44
+ .option("role", {
45
+ type: "string",
46
+ demandOption: true,
47
+ describe: "Database role to access",
48
+ })
49
+ .option("instance", {
50
+ type: "string",
51
+ describe: "P0 instance identifier",
52
+ })
53
+ .option("database", {
54
+ type: "string",
55
+ describe: "Database to access",
56
+ })
57
+ .option("debug", {
58
+ type: "boolean",
59
+ describe: "Print debug information.",
60
+ }),
61
+ // TODO: select based on uidLocation
62
+ (argv) => rdsGenerateDbAuthToken(argv, authn)));
63
+ exports.rds = rds;
64
+ const argvToResource = (argv) => argv.arch === "mysql"
65
+ ? "mysql"
66
+ : argv.arch === "pg"
67
+ ? "pg2"
68
+ : (0, util_1.throwAssertNever)(argv.arch);
69
+ const requestRdsAccess = (argv, authn) => __awaiter(void 0, void 0, void 0, function* () {
70
+ const integration = argvToResource(argv);
71
+ const response = yield (0, request_1.request)("request")({
72
+ $0: argv.$0,
73
+ _: [],
74
+ arguments: [
75
+ integration,
76
+ "role",
77
+ argv.role,
78
+ ...(argv.instance ? ["--instance", argv.instance] : []),
79
+ ...(argv.database ? ["--database", argv.database] : []),
80
+ ],
81
+ wait: true,
82
+ }, authn, { message: "approval-required" });
83
+ if (!response) {
84
+ throw "Did not receive access ID from server";
85
+ }
86
+ const { request: access } = response;
87
+ const code = yield (0, shared_1.decodeProvisionStatus)(access);
88
+ if (!code) {
89
+ typescript_1.sys.exit(1);
90
+ }
91
+ return access;
92
+ });
93
+ const fetchConfig = (argv, access, authn) => __awaiter(void 0, void 0, void 0, function* () {
94
+ var _a;
95
+ const { instanceId } = access.permission;
96
+ const install = yield (0, api_1.fetchIntegrationConfig)(authn, argvToResource(argv), argv.debug);
97
+ const config = (_a = install.config["iam-write"]) === null || _a === void 0 ? void 0 : _a[instanceId];
98
+ if (!config || config.state !== "installed") {
99
+ throw `No instance with ID ${instanceId}`;
100
+ }
101
+ return config;
102
+ });
103
+ const rdsGenerateDbAuthToken = (argv, authn) => __awaiter(void 0, void 0, void 0, function* () {
104
+ var _b, _c, _d, _e;
105
+ const access = yield requestRdsAccess(argv, authn);
106
+ const awsDelegation = (_c = (_b = access.delegation) === null || _b === void 0 ? void 0 : _b["aws-rds"].delegation) === null || _c === void 0 ? void 0 : _c.aws;
107
+ if (!awsDelegation) {
108
+ throw `P0 granted access, but ${access.permission.instanceId} is not a RDS instance.`;
109
+ }
110
+ const awsAuth = yield (0, auth_1.awsCloudAuth)(authn, awsDelegation, argv.debug);
111
+ const dbConfig = yield fetchConfig(argv, access, authn);
112
+ const port = (_d = dbConfig.port) !== null && _d !== void 0 ? _d : (argv.arch === "mysql"
113
+ ? 3306
114
+ : argv.arch === "pg"
115
+ ? 5432
116
+ : (0, util_1.throwAssertNever)(argv.arch));
117
+ const database = (_e = argv.database) !== null && _e !== void 0 ? _e : dbConfig.defaultDb;
118
+ const dbResource = access.delegation["aws-rds"].delegation.aws.permission.arn;
119
+ const { region } = (0, utils_1.parseArn)(dbResource);
120
+ const profileName = `p0_${access.permission.instanceId}`;
121
+ const userEmailName = access.principal.split("@")[0];
122
+ if (!userEmailName) {
123
+ throw "Could not identify principal for this access.";
124
+ }
125
+ const userName = `p0_${userEmailName.replace(/\W/g, "_").toLowerCase()}`;
126
+ yield (0, files_1.writeAwsTempCredentials)(profileName, awsAuth);
127
+ yield (0, files_1.writeAwsConfigProfile)(profileName, { region });
128
+ const generateTokenArgs = [
129
+ "rds",
130
+ "generate-db-auth-token",
131
+ "--hostname",
132
+ dbConfig.hostname,
133
+ "--port",
134
+ port,
135
+ "--region",
136
+ region,
137
+ "--username",
138
+ userName,
139
+ "--profile",
140
+ profileName,
141
+ ];
142
+ const result = yield (0, util_1.exec)("aws", generateTokenArgs, { check: true });
143
+ const pgInstructions = `export PGPASSWORD="${result.stdout}"
144
+
145
+ psql "host=$\{RDS_HOST} port=${port} sslmode=verify-full sslrootcert=$\{RDS_SSL_CA} ${database ? `dbname=${database} ` : ""}user=${userName}"`;
146
+ const mysqlInstructions = `export MYSQL_PWD="${result.stdout.trim()}"
147
+
148
+ mysql -h $\{RDS_HOST} --ssl-ca=$\{RDS_SSL_CA} --ssl-verify-server-cert -P ${port} -u ${userName} ${database}`;
149
+ (0, stdio_1.print2)(result.stderr);
150
+ (0, stdio_1.print2)(`Access your database by exporting the result of this command and executing psql in an environment with network access to the instance.
151
+
152
+ Ensure that your execution environment has downloaded the RDS SSL certificate authority (see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html).
153
+
154
+ If you are executing from CloudShell this will be done for you already, and the CA will be available at \`/certs/global-bundle.pem\`.
155
+
156
+ On CloudShell, you can execute:
157
+
158
+ export RDS_SSL_CA='/certs/global-bundle.pem'
159
+ export RDS_HOST='${dbConfig.hostname}'
160
+ ${argv.arch === "mysql" ? mysqlInstructions : argv.arch === "pg" ? pgInstructions : (0, util_1.throwAssertNever)(argv.arch)}
161
+
162
+ `);
163
+ if (!process.stderr.isTTY || !process.stdout.isTTY) {
164
+ (0, stdio_1.print1)(result.stdout);
165
+ }
166
+ if (result.code !== null)
167
+ typescript_1.sys.exit(result.code);
168
+ });
169
+ //# sourceMappingURL=rds.js.map
package/build/dist/commands/aws/rds.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../src/commands/aws/rds.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAA2D;AAC3D,+CAAqD;AACrD,iDAAsD;AACtD,mDAAmD;AAInD,qCAAoD;AACpD,sCAAkD;AAClD,+CAA4C;AAC5C,mCAAyE;AACzE,2CAAiC;AA8B1B,MAAM,GAAG,GAAG,CACjB,KAAkD,EAClD,KAAY,EACZ,EAAE,CACF,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,uBAAuB,EAAE,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK;IACH,+DAA+D;IAC/D,oEAAoE;IACpE,0CAA0C;KACzC,aAAa,CAAC,CAAC,CAAC;KAChB,OAAO,CACN,wBAAwB,EACxB,+CAA+C,EAC/C,CAAC,CAA8C,EAAE,EAAE,CACjD,CAAC;KACE,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,CAAC,OAAO,EAAE,IAAI,CAAU;IACjC,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,gDAAgD;CAC3D,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,wBAAwB;CACnC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,oBAAoB;CAC/B,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AACN,oCAAoC;AACpC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,KAAK,CAAC,CAC9C,CACJ,CAAC;AAzCS,QAAA,GAAG,OAyCZ;AAEJ,MAAM,cAAc,GAAG,CAAC,IAAa,EAAiB,EAAE,CACtD,IAAI,CAAC,IAAI,KAAK,OAAO;IACnB,CAAC,CAAC,OAAO;IACT,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;QAClB,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEpC,MAAM,gBAAgB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;IAC7D,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEzC,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,CAGvC;QACE,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,CAAC,EAAE,EAAE;QACL,SAAS,EAAE;YACT,WAAW;YACX,MAAM;YACN,IAAI,CAAC,IAAI;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD;QACD,IAAI,EAAE,IAAI;KACX,EACD,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAErC,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,WAAW,GAAG,CAClB,IAAa,EACb,MAAwB,EACxB,KAAY,EACZ,EAAE;;IACF,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAsB,EAC1C,KAAK,EACL,cAAc,CAAC,IAAI,CAAC,EACpB,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,UAAU,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAC3C,MAAM,uBAAuB,UAAU,EAAE,CAAC;KAC3C;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;;IACnE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAEnD,MAAM,aAAa,GAAG,MAAA,MAAA,MAAM,CAAC,UAAU,0CAAG,SAAS,EAAE,UAAU,0CAAE,GAAG,CAAC;IACrE,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,0BAA0B,MAAM,CAAC,UAAU,CAAC,UAAU,yBAAyB,CAAC;KACvF;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACxD,MAAM,IAAI,GACR,MAAA,QAAQ,CAAC,IAAI,mCACb,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;QACpB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;YAClB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAA,IAAI,CAAC,QAAQ,mCAAI,QAAQ,CAAC,SAAS,CAAC;IAErD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;IAE9E,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,+CAA+C,CAAC;KACvD;IAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEzE,MAAM,IAAA,+BAAuB,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,IAAA,6BAAqB,EAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAErD,MAAM,iBAAiB,GAAG;QACxB,KAAK;QACL,wBAAwB;QACxB,YAAY;QACZ,QAAQ,CAAC,QAAQ;QACjB,QAAQ;QACR,IAAI;QACJ,UAAU;QACV,MAAM;QACN,YAAY;QACZ,QAAQ;QACR,WAAW;QACX,WAAW;KACZ,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,IAAA,WAAI,EAAC,KAAK,EAAE,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAErE,MAAM,cAAc,GAAG,sBAAsB,MAAM,CAAC,MAAM;;iCAE3B,IAAI,mDAAmD,QAAQ,CAAC,CAAC,CAAC,UAAU,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,QAAQ,GAAG,CAAC;IAE/I,MAAM,iBAAiB,GAAG,qBAAqB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;;8EAES,IAAI,OAAO,QAAQ,IAAI,QAAQ,EAAE,CAAC;IAE9G,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACtB,IAAA,cAAM,EAAC;;;;;;;;;qBASY,QAAQ,CAAC,QAAQ;IAClC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC;;CAEhH,CAAC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE;QAClD,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;KACvB;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI;QAAE,gBAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAClD,CAAC,CAAA,CAAC"}
package/build/dist/commands/kubeconfig.js CHANGED
@@ -24,6 +24,7 @@ const retry_1 = require("../common/retry");
24
24
  const ansi_1 = require("../drivers/ansi");
25
25
  const auth_1 = require("../drivers/auth");
26
26
  const stdio_1 = require("../drivers/stdio");
27
+ const auth_2 = require("../plugins/aws/auth");
27
28
  const utils_1 = require("../plugins/aws/utils");
28
29
  const kubeconfig_1 = require("../plugins/kubeconfig");
29
30
  const install_1 = require("../plugins/kubeconfig/install");
@@ -66,14 +67,18 @@ const kubeconfigAction = (args) => __awaiter(void 0, void 0, void 0, function* (
66
67
  validateResourceArg(args.resource);
67
68
  }
68
69
  const authn = yield (0, auth_1.authenticate)();
69
- const { clusterConfig, awsLoginType } = yield (0, kubeconfig_1.getAndValidateK8sIntegration)(authn, args.cluster, args.debug);
70
- const { clusterId, awsAccountId, awsClusterArn } = clusterConfig;
70
+ const { clusterConfig } = yield (0, kubeconfig_1.getAndValidateK8sIntegration)(authn, args.cluster, args.debug);
71
+ const { clusterId, awsClusterArn } = clusterConfig;
71
72
  if (!(yield (0, install_1.ensureEksInstall)())) {
72
73
  throw "Required dependencies are missing; please try again after installing them, or check that they are available on the PATH.";
73
74
  }
74
75
  // No spinUntil(); there is one inside requestAccessToCluster() if needed
75
76
  const request = yield (0, kubeconfig_1.requestAccessToCluster)(authn, args, clusterId, role);
76
- const awsAuth = yield (0, kubeconfig_1.awsCloudAuth)(authn, awsAccountId, request, awsLoginType, args.debug);
77
+ const awsDelegation = request.delegation.aws;
78
+ if (!awsDelegation) {
79
+ throw "Backend granted k8s access, but this is not an EKS cluster.";
80
+ }
81
+ const awsAuth = yield (0, auth_2.awsCloudAuth)(authn, awsDelegation, args.debug);
77
82
  const profile = (0, kubeconfig_1.profileName)(clusterId);
78
83
  const alias = (0, kubeconfig_1.aliasedArn)(awsClusterArn);
79
84
  // The `aws eks update-kubeconfig` command can't handle the ARN of the EKS cluster.
package/build/dist/commands/kubeconfig.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"kubeconfig.js","sourceRoot":"","sources":["../../../src/commands/kubeconfig.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA0C;AAC1C,0CAA+C;AAC/C,4CAAqD;AACrD,gDAAgD;AAChD,sDAM+B;AAC/B,2DAAiE;AACjE,kCAAyC;AACzC,uCAA6E;AAY7E,8DAA8D;AAC9D,uEAAuE;AAChE,MAAM,iBAAiB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACrD,KAAK,CAAC,OAAO,CACX,YAAY,EACZ,sIAAsI,EACtI,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,qDAAqD;CAChE,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,kEAAkE;CACrE,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EACN,8DAA8D;CACjE,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,6BAA6B;IAC7B,QAAQ,EACN,4FAA4F;CAC/F,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC,EACN,gBAAgB,CACjB,CAAC;AArCS,QAAA,iBAAiB,qBAqC1B;AAEJ,MAAM,gBAAgB,GAAG,CACvB,IAAqD,EACrD,EAAE;IACF,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzC,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,yCAA4B,EACxE,KAAK,EACL,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,aAAa,CAAC;IAEjE,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;QAC/B,MAAM,0HAA0H,CAAC;KAClI;IAED,yEAAyE;IACzE,MAAM,OAAO,GAAG,MAAM,IAAA,mCAAsB,EAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAG,MAAM,IAAA,yBAAY,EAChC,KAAK,EACL,YAAY,EACZ,OAAO,EACP,YAAY,EACZ,IAAI,CAAC,KAAK,CACX,CAAC;IAEF,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,SAAS,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAA,uBAAU,EAAC,aAAa,CAAC,CAAC;IAExC,mFAAmF;IACnF,qFAAqF;IACrF,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,GAClC,2BAA2B,CAAC,aAAa,CAAC,CAAC;IAE7C,MAAM,IAAA,+BAAuB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,IAAA,6BAAqB,EAAC,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IAEhE,MAAM,oBAAoB,GAAG;QAC3B,KAAK;QACL,mBAAmB;QACnB,QAAQ;QACR,WAAW;QACX,UAAU;QACV,aAAa;QACb,WAAW;QACX,OAAO;QACP,yHAAyH;QACzH,kKAAkK;QAClK,SAAS;QACT,KAAK;QACL,uDAAuD;QACvD,cAAc;QACd,KAAK;KACN,CAAC;IAEF,IAAI;QACF,yEAAyE;QACzE,4DAA4D;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAA,iBAAS,EAC/B,6EAA6E,EAC7E,IAAA,sBAAc,EACZ,GAAS,EAAE,kDAAC,OAAA,MAAM,IAAA,WAAI,EAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA,GAAA,EACpE;YACE,WAAW,EAAE,CAAC,KAAU,EAAE,EAAE;gBAC1B,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE;oBACjB,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;wBACxC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC;wBACA,IAAA,cAAM,EACJ,mHAAmH,CACpH,CAAC;wBACF,OAAO,KAAK,CAAC,CAAC,mDAAmD;qBAClE;iBACF;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,IAAA,cAAM,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;KAC1B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,8CAA8C,CAAC,CAAC;QACvD,MAAM,KAAK,CAAC;KACb;IAED,mGAAmG;IACnG,iGAAiG;IACjG,8BAA8B;IAC9B,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,IAAA,WAAI,EAC9B,SAAS,EACT,CAAC,QAAQ,EAAE,aAAa,EAAE,KAAK,CAAC,EAChC,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB,CAAC;QACF,IAAA,cAAM,EAAC,aAAa,CAAC,MAAM,CAAC,CAAC;KAC9B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,+CAA+C,CAAC,CAAC;QACxD,MAAM,KAAK,CAAC;KACb;IAED,IAAA,cAAM,EACJ,kHAAkH,CACnH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QACjC,IAAA,cAAM,EACJ,GAAG,cAAO,CAAC,MAAM,8FAA8F;YAC7G,2DAA2D,cAAO,CAAC,KAAK,EAAE,CAC7E,CAAC;KACH;AACH,CAAC,CAAA,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAU,EAAE;IAChD,MAAM,SAAS,GAAG,GAAG,CAAC;IACtB,MAAM,WAAW,GACf,8DAA8D;QAC9D,4BAA4B;QAC5B,4BAA4B;QAC5B,+BAA+B,CAAC;IAElC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE/D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACxC,MAAM,sCAAsC,WAAW,EAAE,CAAC;KAC3D;IAED,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QACb,MAAM,iCAAiC,WAAW,EAAE,CAAC;KACtD;IAED,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE;QACrC,OAAO,eAAe,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/C;SAAM,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE;QAC5C,OAAO,eAAe,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/C;SAAM,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;YACtB,MAAM,sCAAsC,WAAW,EAAE,CAAC;SAC3D;QACD,OAAO,QAAQ,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KACjE;IAED,MAAM,qBAAqB,KAAK,CAAC,CAAC,CAAC,MAAM,WAAW,EAAE,CAAC;AACzD,CAAC,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,mBAAmB,GAAG,CAAC,QAAgB,EAAQ,EAAE;IACrD,MAAM,SAAS,GAAG,KAAK,CAAC;IAExB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAExC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACxC,MAAM,CACJ,yCAAyC;YACzC,oFAAoF;YACpF,mCAAmC;YACnC,mBAAmB,CACpB,CAAC;KACH;AACH,CAAC,CAAC;AAEF,MAAM,2BAA2B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACzD,MAAM,eAAe,GAAG,4BAA4B,UAAU,EAAE,CAAC;IACjE,yFAAyF;IACzF,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;IACjC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;IAC7D,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE3D,IAAI,YAAY,KAAK,SAAS,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE;QAChE,MAAM,eAAe,CAAC;KACvB;IAED,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AACxC,CAAC,CAAC"}
1
+ {"version":3,"file":"kubeconfig.js","sourceRoot":"","sources":["../../../src/commands/kubeconfig.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA0C;AAC1C,0CAA+C;AAC/C,4CAAqD;AACrD,8CAAmD;AACnD,gDAAgD;AAChD,sDAK+B;AAC/B,2DAAiE;AACjE,kCAAyC;AACzC,uCAA6E;AAY7E,8DAA8D;AAC9D,uEAAuE;AAChE,MAAM,iBAAiB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACrD,KAAK,CAAC,OAAO,CACX,YAAY,EACZ,sIAAsI,EACtI,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,qDAAqD;CAChE,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EACN,kEAAkE;CACrE,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EACN,8DAA8D;CACjE,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,6BAA6B;IAC7B,QAAQ,EACN,4FAA4F;CAC/F,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC,EACN,gBAAgB,CACjB,CAAC;AArCS,QAAA,iBAAiB,qBAqC1B;AAEJ,MAAM,gBAAgB,GAAG,CACvB,IAAqD,EACrD,EAAE;IACF,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzC,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACpC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,GAAE,CAAC;IAEnC,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,IAAA,yCAA4B,EAC1D,KAAK,EACL,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,aAAa,CAAC;IAEnD,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,GAAE,CAAC,EAAE;QAC/B,MAAM,0HAA0H,CAAC;KAClI;IAED,yEAAyE;IACzE,MAAM,OAAO,GAAG,MAAM,IAAA,mCAAsB,EAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAE3E,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;IAC7C,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,6DAA6D,CAAC;KACrE;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IAErE,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,SAAS,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAA,uBAAU,EAAC,aAAa,CAAC,CAAC;IAExC,mFAAmF;IACnF,qFAAqF;IACrF,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,GAClC,2BAA2B,CAAC,aAAa,CAAC,CAAC;IAE7C,MAAM,IAAA,+BAAuB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,IAAA,6BAAqB,EAAC,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IAEhE,MAAM,oBAAoB,GAAG;QAC3B,KAAK;QACL,mBAAmB;QACnB,QAAQ;QACR,WAAW;QACX,UAAU;QACV,aAAa;QACb,WAAW;QACX,OAAO;QACP,yHAAyH;QACzH,kKAAkK;QAClK,SAAS;QACT,KAAK;QACL,uDAAuD;QACvD,cAAc;QACd,KAAK;KACN,CAAC;IAEF,IAAI;QACF,yEAAyE;QACzE,4DAA4D;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAA,iBAAS,EAC/B,6EAA6E,EAC7E,IAAA,sBAAc,EACZ,GAAS,EAAE,kDAAC,OAAA,MAAM,IAAA,WAAI,EAAC,KAAK,EAAE,oBAAoB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA,GAAA,EACpE;YACE,WAAW,EAAE,CAAC,KAAU,EAAE,EAAE;gBAC1B,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,EAAE;oBACjB,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;wBACxC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC;wBACA,IAAA,cAAM,EACJ,mHAAmH,CACpH,CAAC;wBACF,OAAO,KAAK,CAAC,CAAC,mDAAmD;qBAClE;iBACF;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,IAAI;SACd,CACF,CACF,CAAC;QACF,IAAA,cAAM,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;KAC1B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,8CAA8C,CAAC,CAAC;QACvD,MAAM,KAAK,CAAC;KACb;IAED,mGAAmG;IACnG,iGAAiG;IACjG,8BAA8B;IAC9B,IAAI;QACF,MAAM,aAAa,GAAG,MAAM,IAAA,WAAI,EAC9B,SAAS,EACT,CAAC,QAAQ,EAAE,aAAa,EAAE,KAAK,CAAC,EAChC,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB,CAAC;QACF,IAAA,cAAM,EAAC,aAAa,CAAC,MAAM,CAAC,CAAC;KAC9B;IAAC,OAAO,KAAU,EAAE;QACnB,IAAA,cAAM,EAAC,+CAA+C,CAAC,CAAC;QACxD,MAAM,KAAK,CAAC;KACb;IAED,IAAA,cAAM,EACJ,kHAAkH,CACnH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;QACjC,IAAA,cAAM,EACJ,GAAG,cAAO,CAAC,MAAM,8FAA8F;YAC7G,2DAA2D,cAAO,CAAC,KAAK,EAAE,CAC7E,CAAC;KACH;AACH,CAAC,CAAA,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAU,EAAE;IAChD,MAAM,SAAS,GAAG,GAAG,CAAC;IACtB,MAAM,WAAW,GACf,8DAA8D;QAC9D,4BAA4B;QAC5B,4BAA4B;QAC5B,+BAA+B,CAAC;IAElC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAE/D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACxC,MAAM,sCAAsC,WAAW,EAAE,CAAC;KAC3D;IAED,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QACb,MAAM,iCAAiC,WAAW,EAAE,CAAC;KACtD;IAED,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE;QACrC,OAAO,eAAe,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/C;SAAM,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE;QAC5C,OAAO,eAAe,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/C;SAAM,IAAI,IAAA,eAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;YACtB,MAAM,sCAAsC,WAAW,EAAE,CAAC;SAC3D;QACD,OAAO,QAAQ,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;KACjE;IAED,MAAM,qBAAqB,KAAK,CAAC,CAAC,CAAC,MAAM,WAAW,EAAE,CAAC;AACzD,CAAC,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,mBAAmB,GAAG,CAAC,QAAgB,EAAQ,EAAE;IACrD,MAAM,SAAS,GAAG,KAAK,CAAC;IAExB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAExC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACxC,MAAM,CACJ,yCAAyC;YACzC,oFAAoF;YACpF,mCAAmC;YACnC,mBAAmB,CACpB,CAAC;KACH;AACH,CAAC,CAAC;AAEF,MAAM,2BAA2B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACzD,MAAM,eAAe,GAAG,4BAA4B,UAAU,EAAE,CAAC;IACjE,yFAAyF;IACzF,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;IACjC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;IAC7D,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE3D,IAAI,YAAY,KAAK,SAAS,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE;QAChE,MAAM,eAAe,CAAC;KACvB;IAED,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AACxC,CAAC,CAAC"}
package/build/dist/plugins/aws/auth.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ /** Copyright © 2024-present P0 Security
2
+
3
+ This file is part of @p0security/cli
4
+
5
+ @p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
6
+
7
+ @p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8
+
9
+ You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
+ **/
11
+ import { Authn } from "../../types/identity";
12
+ import { AwsCredentials, AwsResourcePermissionSpec } from "./types";
13
+ export declare const awsCloudAuth: (authn: Authn, aws: AwsResourcePermissionSpec, debug?: boolean) => Promise<AwsCredentials>;
package/build/dist/plugins/aws/auth.js ADDED
@@ -0,0 +1,30 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.awsCloudAuth = void 0;
13
+ const aws_1 = require("../okta/aws");
14
+ const idc_1 = require("./idc");
15
+ const awsCloudAuth = (authn, aws, debug) => __awaiter(void 0, void 0, void 0, function* () {
16
+ var _a;
17
+ const { idcId, idcRegion } = (_a = aws.permission) !== null && _a !== void 0 ? _a : {};
18
+ if (idcId && idcRegion) {
19
+ return yield (0, idc_1.assumeRoleWithIdc)({
20
+ accountId: aws.permission.accountId,
21
+ permissionSet: aws.generated.name,
22
+ idc: { id: idcId, region: idcRegion },
23
+ });
24
+ }
25
+ else {
26
+ return yield (0, aws_1.assumeRoleWithOktaSaml)(authn, { accountId: aws.permission.accountId, role: aws.generated.name }, debug);
27
+ }
28
+ });
29
+ exports.awsCloudAuth = awsCloudAuth;
30
+ //# sourceMappingURL=auth.js.map
package/build/dist/plugins/aws/auth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/plugins/aws/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,qCAAqD;AACrD,+BAA0C;AAGnC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,GAA8B,EAC9B,KAAe,EACU,EAAE;;IAC3B,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAA,GAAG,CAAC,UAAU,mCAAI,EAAE,CAAC;IAElD,IAAI,KAAK,IAAI,SAAS,EAAE;QACtB,OAAO,MAAM,IAAA,uBAAiB,EAAC;YAC7B,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC,SAAS;YACnC,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,IAAI;YACjC,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE;SACtC,CAAC,CAAC;KACJ;SAAM;QACL,OAAO,MAAM,IAAA,4BAAsB,EACjC,KAAK,EACL,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,EACjE,KAAK,CACN,CAAC;KACH;AACH,CAAC,CAAA,CAAC;AApBW,QAAA,YAAY,gBAoBvB"}
package/build/dist/plugins/aws/types.d.ts CHANGED
@@ -69,14 +69,14 @@ type AwsResourcePermission = {
69
69
  account: string;
70
70
  accountId: string;
71
71
  arn: string;
72
- idcId: string;
73
- idcRegion: string;
72
+ idcId: string | undefined;
73
+ idcRegion: string | undefined;
74
74
  name: string;
75
75
  };
76
76
  type AwsResourceGenerated = {
77
77
  name: string;
78
78
  };
79
- type AwsResourcePermissionSpec = PermissionSpec<"aws", AwsResourcePermission, AwsResourceGenerated, Record<string, never>>;
79
+ export type AwsResourcePermissionSpec = PermissionSpec<"aws", AwsResourcePermission, AwsResourceGenerated, Record<string, never>>;
80
80
  export type AwsSshGenerated = {
81
81
  hostKeys: string[];
82
82
  linuxUserName: string;
package/build/dist/plugins/db/types.d.ts ADDED
@@ -0,0 +1,28 @@
1
+ /** Copyright © 2024-present P0 Security
2
+
3
+ This file is part of @p0security/cli
4
+
5
+ @p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
6
+
7
+ @p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8
+
9
+ You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
+ **/
11
+ import { AwsResourcePermissionSpec } from "../aws/types";
12
+ export type DbPermissionSpec = {
13
+ delegation: {
14
+ "aws-rds": {
15
+ delegation: {
16
+ aws: AwsResourcePermissionSpec;
17
+ };
18
+ permission: {
19
+ vpcId: string;
20
+ };
21
+ };
22
+ };
23
+ generated: object;
24
+ permission: {
25
+ instanceId: string;
26
+ };
27
+ type: "mysql" | "pg2";
28
+ };
package/build/dist/plugins/db/types.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=types.js.map
package/build/dist/plugins/db/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/plugins/db/types.ts"],"names":[],"mappings":""}
package/build/dist/plugins/kubeconfig/index.d.ts CHANGED
@@ -11,7 +11,6 @@ You should have received a copy of the GNU General Public License along with @p0
11
11
  import { KubeconfigCommandArgs } from "../../commands/kubeconfig";
12
12
  import { Authn } from "../../types/identity";
13
13
  import { PermissionRequest } from "../../types/request";
14
- import { AwsCredentials } from "../aws/types";
15
14
  import { K8sPermissionSpec } from "./types";
16
15
  import yargs from "yargs";
17
16
  export declare const getAndValidateK8sIntegration: (authn: Authn, clusterId: string, debug?: boolean) => Promise<{
@@ -25,4 +24,3 @@ export declare const getAndValidateK8sIntegration: (authn: Authn, clusterId: str
25
24
  export declare const requestAccessToCluster: (authn: Authn, args: yargs.ArgumentsCamelCase<KubeconfigCommandArgs>, clusterId: string, role: string) => Promise<PermissionRequest<K8sPermissionSpec>>;
26
25
  export declare const profileName: (eksCluterName: string) => string;
27
26
  export declare const aliasedArn: (eksCluterArn: string) => string;
28
- export declare const awsCloudAuth: (authn: Authn, awsAccountId: string, request: PermissionRequest<K8sPermissionSpec>, loginType: "federated" | "idc", debug?: boolean) => Promise<AwsCredentials>;
package/build/dist/plugins/kubeconfig/index.js CHANGED
@@ -9,15 +9,13 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.awsCloudAuth = exports.aliasedArn = exports.profileName = exports.requestAccessToCluster = exports.getAndValidateK8sIntegration = void 0;
12
+ exports.aliasedArn = exports.profileName = exports.requestAccessToCluster = exports.getAndValidateK8sIntegration = void 0;
13
13
  const shared_1 = require("../../commands/shared");
14
14
  const request_1 = require("../../commands/shared/request");
15
15
  const api_1 = require("../../drivers/api");
16
16
  const util_1 = require("../../util");
17
17
  const config_1 = require("../aws/config");
18
- const idc_1 = require("../aws/idc");
19
18
  const utils_1 = require("../aws/utils");
20
- const aws_1 = require("../okta/aws");
21
19
  const lodash_1 = require("lodash");
22
20
  const typescript_1 = require("typescript");
23
21
  const KUBECONFIG_PREFIX = "p0";
@@ -76,33 +74,4 @@ const profileName = (eksCluterName) => `${KUBECONFIG_PREFIX}-${eksCluterName}`;
76
74
  exports.profileName = profileName;
77
75
  const aliasedArn = (eksCluterArn) => `${KUBECONFIG_PREFIX}-${eksCluterArn}`;
78
76
  exports.aliasedArn = aliasedArn;
79
- const awsCloudAuth = (authn, awsAccountId, request, loginType, debug) => __awaiter(void 0, void 0, void 0, function* () {
80
- var _b, _c, _d, _e;
81
- const { delegation } = request;
82
- const name = (_c = (_b = delegation === null || delegation === void 0 ? void 0 : delegation.aws) === null || _b === void 0 ? void 0 : _b.generated) === null || _c === void 0 ? void 0 : _c.name;
83
- if (!name) {
84
- throw "Backend granted k8s access, but this is not an EKS cluster.";
85
- }
86
- switch (loginType) {
87
- case "idc": {
88
- const { idcId, idcRegion } = (_e = (_d = delegation === null || delegation === void 0 ? void 0 : delegation.aws) === null || _d === void 0 ? void 0 : _d.permission) !== null && _e !== void 0 ? _e : {};
89
- if (!idcId || !idcRegion) {
90
- throw "AWS is configured to use Identity Center, but IDC information wasn't received in the request.";
91
- }
92
- return yield (0, idc_1.assumeRoleWithIdc)({
93
- accountId: awsAccountId,
94
- permissionSet: name,
95
- idc: { id: idcId, region: idcRegion },
96
- });
97
- }
98
- case "federated":
99
- return yield (0, aws_1.assumeRoleWithOktaSaml)(authn, {
100
- accountId: awsAccountId,
101
- role: name,
102
- }, debug);
103
- default:
104
- throw (0, util_1.assertNever)(loginType);
105
- }
106
- });
107
- exports.awsCloudAuth = awsCloudAuth;
108
77
  //# sourceMappingURL=index.js.map
package/build/dist/plugins/kubeconfig/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA8D;AAC9D,2DAAwD;AACxD,2CAA2D;AAG3D,qCAAqD;AACrD,0CAA6C;AAC7C,oCAA+C;AAE/C,wCAAwC;AACxC,qCAAqD;AAErD,mCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAExB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EACjB,KAAe,EAQd,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,KAAK,CACN,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAChC,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;QAC1B,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,qDAAqD,IAAA,iBAAU,GAAE,yBAAyB,CAC3F,CAAC;KACH;IAED,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAA,gBAAQ,EAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,6GAA6G,IAAA,iBAAU,GAAE,yBAAyB,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE;QACzD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AAnDW,QAAA,4BAA4B,gCAmDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACmC,EAAE;IACjD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,IAAI;YACJ,WAAW;YACX,SAAS;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IACD,OAAO,QAAQ,CAAC,OAAO,CAAC;AAC1B,CAAC,CAAA,CAAC;AApCW,QAAA,sBAAsB,0BAoCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,GAAG,iBAAiB,IAAI,aAAa,EAAE,CAAC;AAD7B,QAAA,WAAW,eACkB;AAEnC,MAAM,UAAU,GAAG,CAAC,YAAoB,EAAU,EAAE,CACzD,GAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;AAD5B,QAAA,UAAU,cACkB;AAElC,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,YAAoB,EACpB,OAA6C,EAC7C,SAA8B,EAC9B,KAAe,EACU,EAAE;;IAC3B,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC/B,MAAM,IAAI,GAAG,MAAA,MAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,GAAG,0CAAE,SAAS,0CAAE,IAAI,CAAC;IAE9C,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,6DAA6D,CAAC;KACrE;IAED,QAAQ,SAAS,EAAE;QACjB,KAAK,KAAK,CAAC,CAAC;YACV,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAA,MAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,GAAG,0CAAE,UAAU,mCAAI,EAAE,CAAC;YAE/D,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE;gBACxB,MAAM,+FAA+F,CAAC;aACvG;YAED,OAAO,MAAM,IAAA,uBAAiB,EAAC;gBAC7B,SAAS,EAAE,YAAY;gBACvB,aAAa,EAAE,IAAI;gBACnB,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,KAAK,WAAW;YACd,OAAO,MAAM,IAAA,4BAAsB,EACjC,KAAK,EACL;gBACE,SAAS,EAAE,YAAY;gBACvB,IAAI,EAAE,IAAI;aACX,EACD,KAAK,CACN,CAAC;QACJ;YACE,MAAM,IAAA,kBAAW,EAAC,SAAS,CAAC,CAAC;KAChC;AACH,CAAC,CAAA,CAAC;AAxCW,QAAA,YAAY,gBAwCvB"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/kubeconfig/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,kDAA8D;AAC9D,2DAAwD;AACxD,2CAA2D;AAG3D,qCAAwC;AACxC,0CAA6C;AAC7C,wCAAwC;AAExC,mCAA8B;AAC9B,2CAAiC;AAGjC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAExB,MAAM,4BAA4B,GAAG,CAC1C,KAAY,EACZ,SAAiB,EACjB,KAAe,EAQd,EAAE;;IACH,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAsB,EAC5C,KAAK,EACL,KAAK,EACL,KAAK,CACN,CAAC;IAEF,kHAAkH;IAClH,MAAM,MAAM,GAAG,MAAA,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,mBAAmB,SAAS,YAAY,CAAC;KAChD;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAChC,MAAM,mBAAmB,SAAS,mBAAmB,CAAC;KACvD;IAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IAE3B,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE;QAC1B,MAAM,CACJ,8DAA8D,SAAS,8BAA8B;YACrG,qDAAqD,IAAA,iBAAU,GAAE,yBAAyB,CAC3F,CAAC;KACH;IAED,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAA,gBAAQ,EAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAEtC,yEAAyE;IACzE,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,KAAK,EAAE;QAC/C,MAAM,6GAA6G,IAAA,iBAAU,GAAE,yBAAyB,CAAC;KAC1J;IAED,OAAO;QACL,aAAa,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE;QACzD,YAAY,EAAE,QAAQ,CAAC,IAAI;KAC5B,CAAC;AACJ,CAAC,CAAA,CAAC;AAnDW,QAAA,4BAA4B,gCAmDvC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAAqD,EACrD,SAAiB,EACjB,IAAY,EACmC,EAAE;IACjD,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,KAAK;YACL,UAAU;YACV,IAAI;YACJ,WAAW;YACX,SAAS;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IACD,OAAO,QAAQ,CAAC,OAAO,CAAC;AAC1B,CAAC,CAAA,CAAC;AApCW,QAAA,sBAAsB,0BAoCjC;AAEK,MAAM,WAAW,GAAG,CAAC,aAAqB,EAAU,EAAE,CAC3D,GAAG,iBAAiB,IAAI,aAAa,EAAE,CAAC;AAD7B,QAAA,WAAW,eACkB;AAEnC,MAAM,UAAU,GAAG,CAAC,YAAoB,EAAU,EAAE,CACzD,GAAG,iBAAiB,IAAI,YAAY,EAAE,CAAC;AAD5B,QAAA,UAAU,cACkB"}
package/build/dist/plugins/kubeconfig/types.d.ts CHANGED
@@ -9,6 +9,7 @@ This file is part of @p0security/cli
9
9
  You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
10
  **/
11
11
  import { PermissionSpec } from "../../types/request";
12
+ import { AwsResourcePermissionSpec } from "../aws/types";
12
13
  export type K8sClusterConfig = {
13
14
  label?: string;
14
15
  clusterServer: string;
@@ -31,15 +32,7 @@ export type K8sConfig = {
31
32
  };
32
33
  export type K8sPermissionSpec = PermissionSpec<"k8s", K8sResourcePermission, K8sGenerated> & {
33
34
  delegation?: {
34
- aws?: {
35
- generated: {
36
- name: string;
37
- };
38
- permission: {
39
- idcRegion?: string;
40
- idcId?: string;
41
- };
42
- };
35
+ aws?: AwsResourcePermissionSpec;
43
36
  };
44
37
  };
45
38
  export type K8sResourcePermission = {
package/build/dist/types/request.d.ts CHANGED
@@ -8,6 +8,7 @@ This file is part of @p0security/cli
8
8
 
9
9
  You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
10
  **/
11
+ import { DbPermissionSpec } from "../plugins/db/types";
11
12
  import { K8sPermissionSpec } from "../plugins/kubeconfig/types";
12
13
  import { AzureRdpRequest } from "./rdp";
13
14
  import { PluginSshRequest } from "./ssh";
@@ -20,7 +21,7 @@ export type PermissionSpec<K extends string, P extends Record<string, any>, G ex
20
21
  generated: G;
21
22
  delegation: D;
22
23
  };
23
- export type PluginRequest = AzureRdpRequest | K8sPermissionSpec | PluginSshRequest;
24
+ export type PluginRequest = AzureRdpRequest | DbPermissionSpec | K8sPermissionSpec | PluginSshRequest;
24
25
  export type PermissionRequest<P extends PluginRequest> = P & {
25
26
  error?: {
26
27
  message: string;
package/build/dist/types/request.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/types/request.ts"],"names":[],"mappings":";;;AAca,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}
1
+ {"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/types/request.ts"],"names":[],"mappings":";;;AAea,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}