@p0security/cli 0.26.14 → 0.27.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/commands/aws/rds.js +7 -5
- package/build/dist/commands/aws/rds.js.map +1 -1
- package/build/dist/commands/claude/index.d.ts +2 -0
- package/build/dist/commands/claude/index.js +24 -0
- package/build/dist/commands/claude/index.js.map +1 -0
- package/build/dist/commands/claude/mcp.d.ts +7 -0
- package/build/dist/commands/claude/mcp.js +187 -0
- package/build/dist/commands/claude/mcp.js.map +1 -0
- package/build/dist/commands/file-transfer.d.ts +8 -0
- package/build/dist/commands/file-transfer.js +130 -0
- package/build/dist/commands/file-transfer.js.map +1 -0
- package/build/dist/commands/index.js +4 -0
- package/build/dist/commands/index.js.map +1 -1
- package/build/dist/commands/kubeconfig.js +2 -1
- package/build/dist/commands/kubeconfig.js.map +1 -1
- package/build/dist/drivers/api.d.ts +8 -0
- package/build/dist/drivers/api.js +20 -18
- package/build/dist/drivers/api.js.map +1 -1
- package/build/dist/drivers/auth/path.d.ts +1 -0
- package/build/dist/drivers/auth/path.js +12 -10
- package/build/dist/drivers/auth/path.js.map +1 -1
- package/build/dist/drivers/stdio.d.ts +8 -0
- package/build/dist/drivers/stdio.js +12 -1
- package/build/dist/drivers/stdio.js.map +1 -1
- package/build/dist/plugins/aws/api.d.ts +6 -1
- package/build/dist/plugins/aws/api.js +16 -2
- package/build/dist/plugins/aws/api.js.map +1 -1
- package/build/dist/plugins/aws/assumeRole.d.ts +2 -0
- package/build/dist/plugins/aws/assumeRole.js +8 -6
- package/build/dist/plugins/aws/assumeRole.js.map +1 -1
- package/build/dist/plugins/aws/ssh.js +8 -3
- package/build/dist/plugins/aws/ssh.js.map +1 -1
- package/build/dist/plugins/db/types.d.ts +13 -10
- package/build/dist/plugins/file-transfer/index.d.ts +35 -0
- package/build/dist/plugins/file-transfer/index.js +74 -0
- package/build/dist/plugins/file-transfer/index.js.map +1 -0
- package/build/dist/plugins/file-transfer/types.d.ts +31 -0
- package/build/dist/plugins/file-transfer/types.js +3 -0
- package/build/dist/plugins/file-transfer/types.js.map +1 -0
- package/build/dist/plugins/kubeconfig/types.d.ts +3 -5
- package/build/dist/plugins/okta/aws.js +13 -6
- package/build/dist/plugins/okta/aws.js.map +1 -1
- package/build/dist/types/delegation.d.ts +39 -0
- package/build/dist/types/delegation.js +36 -0
- package/build/dist/types/delegation.js.map +1 -0
- package/build/dist/types/request.d.ts +5 -3
- package/build/dist/types/request.js.map +1 -1
- package/build/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +4 -1
|
@@ -56,7 +56,7 @@ var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _ar
|
|
|
56
56
|
function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
|
|
57
57
|
};
|
|
58
58
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
59
|
-
exports.auditSshSessionActivity = exports.fetchWithStreaming = exports.certificateSigningRequest = exports.fetchSshHostKeys = exports.submitPublicKey = exports.fetchAdminLsCommand = exports.fetchCommand = exports.fetchStreamingStatus = exports.fetchIntegrationConfig = exports.fetchAccountInfo = exports.fetchOrgData = exports.tracesUrl = exports.requestStatusUrl = void 0;
|
|
59
|
+
exports.authFetch = exports.auditSshSessionActivity = exports.fetchWithStreaming = exports.certificateSigningRequest = exports.fetchSshHostKeys = exports.submitPublicKey = exports.fetchAdminLsCommand = exports.fetchCommand = exports.fetchStreamingStatus = exports.fetchIntegrationConfig = exports.fetchAccountInfo = exports.fetchOrgData = exports.tracesUrl = exports.requestStatusUrl = exports.tenantUrl = void 0;
|
|
60
60
|
/** Copyright © 2024-present P0 Security
|
|
61
61
|
|
|
62
62
|
This file is part of @p0security/cli
|
|
@@ -76,29 +76,30 @@ const util_1 = require("./util");
|
|
|
76
76
|
const path = __importStar(require("node:path"));
|
|
77
77
|
const tenantOrgUrl = (tenant) => `${(0, config_1.getAppUrl)()}/orgs/${tenant}`;
|
|
78
78
|
const tenantUrl = (tenant) => `${(0, config_1.getTenantConfig)().appUrl}/o/${tenant}`;
|
|
79
|
-
|
|
80
|
-
const
|
|
81
|
-
const
|
|
82
|
-
const
|
|
83
|
-
const
|
|
79
|
+
exports.tenantUrl = tenantUrl;
|
|
80
|
+
const publicKeysUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/integrations/ssh/public-keys`;
|
|
81
|
+
const sshHostKeysUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/integrations/ssh/host-keys`;
|
|
82
|
+
const certSignRequestUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/integrations/ssh/certificates`;
|
|
83
|
+
const sshAuditUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/integrations/ssh/audit`;
|
|
84
|
+
const commandUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/command/`;
|
|
84
85
|
const requestStatusUrl = (tenant, requestId) => `${commandUrl(tenant)}${requestId}/poll`;
|
|
85
86
|
exports.requestStatusUrl = requestStatusUrl;
|
|
86
|
-
const adminLsCommandUrl = (tenant) => `${tenantUrl(tenant)}/command/ls`;
|
|
87
|
-
const tracesUrl = (tenant) => `${tenantUrl(tenant)}/traces`;
|
|
87
|
+
const adminLsCommandUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/command/ls`;
|
|
88
|
+
const tracesUrl = (tenant) => `${(0, exports.tenantUrl)(tenant)}/traces`;
|
|
88
89
|
exports.tracesUrl = tracesUrl;
|
|
89
90
|
const fetchOrgData = (orgId) => __awaiter(void 0, void 0, void 0, function* () { return baseFetch({ url: tenantOrgUrl(orgId), method: "GET" }); });
|
|
90
91
|
exports.fetchOrgData = fetchOrgData;
|
|
91
92
|
const fetchAccountInfo = (authn, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
92
|
-
return authFetch(authn, {
|
|
93
|
-
url: `${tenantUrl(authn.identity.org.slug)}/account`,
|
|
93
|
+
return (0, exports.authFetch)(authn, {
|
|
94
|
+
url: `${(0, exports.tenantUrl)(authn.identity.org.slug)}/account`,
|
|
94
95
|
method: "GET",
|
|
95
96
|
debug,
|
|
96
97
|
});
|
|
97
98
|
});
|
|
98
99
|
exports.fetchAccountInfo = fetchAccountInfo;
|
|
99
100
|
const fetchIntegrationConfig = (authn, integration, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
100
|
-
return authFetch(authn, {
|
|
101
|
-
url: `${tenantUrl(authn.identity.org.slug)}/integrations/${integration}/config`,
|
|
101
|
+
return (0, exports.authFetch)(authn, {
|
|
102
|
+
url: `${(0, exports.tenantUrl)(authn.identity.org.slug)}/integrations/${integration}/config`,
|
|
102
103
|
method: "GET",
|
|
103
104
|
debug,
|
|
104
105
|
});
|
|
@@ -114,7 +115,7 @@ const fetchStreamingStatus = function (authn, requestId, debug) {
|
|
|
114
115
|
};
|
|
115
116
|
exports.fetchStreamingStatus = fetchStreamingStatus;
|
|
116
117
|
const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, function* () {
|
|
117
|
-
return authFetch(authn, {
|
|
118
|
+
return (0, exports.authFetch)(authn, {
|
|
118
119
|
url: commandUrl(authn.identity.org.slug),
|
|
119
120
|
method: "POST",
|
|
120
121
|
body: JSON.stringify({
|
|
@@ -127,7 +128,7 @@ const fetchCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, fu
|
|
|
127
128
|
exports.fetchCommand = fetchCommand;
|
|
128
129
|
/** Special admin 'ls' command that can retrieve results for all users. Requires 'owner' permission. */
|
|
129
130
|
const fetchAdminLsCommand = (authn, args, argv) => __awaiter(void 0, void 0, void 0, function* () {
|
|
130
|
-
return authFetch(authn, {
|
|
131
|
+
return (0, exports.authFetch)(authn, {
|
|
131
132
|
url: adminLsCommandUrl(authn.identity.org.slug),
|
|
132
133
|
method: "POST",
|
|
133
134
|
body: JSON.stringify({
|
|
@@ -139,7 +140,7 @@ const fetchAdminLsCommand = (authn, args, argv) => __awaiter(void 0, void 0, voi
|
|
|
139
140
|
});
|
|
140
141
|
exports.fetchAdminLsCommand = fetchAdminLsCommand;
|
|
141
142
|
const submitPublicKey = (authn, args, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
142
|
-
return authFetch(authn, {
|
|
143
|
+
return (0, exports.authFetch)(authn, {
|
|
143
144
|
url: publicKeysUrl(authn.identity.org.slug),
|
|
144
145
|
method: "POST",
|
|
145
146
|
body: JSON.stringify({
|
|
@@ -151,7 +152,7 @@ const submitPublicKey = (authn, args, debug) => __awaiter(void 0, void 0, void 0
|
|
|
151
152
|
});
|
|
152
153
|
exports.submitPublicKey = submitPublicKey;
|
|
153
154
|
const fetchSshHostKeys = (authn, requestId, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
154
|
-
return authFetch(authn, {
|
|
155
|
+
return (0, exports.authFetch)(authn, {
|
|
155
156
|
url: `${sshHostKeysUrl(authn.identity.org.slug)}?requestId=${encodeURIComponent(requestId)}${(options === null || options === void 0 ? void 0 : options.force) ? "&force=true" : ""}`,
|
|
156
157
|
method: "GET",
|
|
157
158
|
debug: options === null || options === void 0 ? void 0 : options.debug,
|
|
@@ -159,7 +160,7 @@ const fetchSshHostKeys = (authn, requestId, options) => __awaiter(void 0, void 0
|
|
|
159
160
|
});
|
|
160
161
|
exports.fetchSshHostKeys = fetchSshHostKeys;
|
|
161
162
|
const certificateSigningRequest = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
162
|
-
return authFetch(authn, {
|
|
163
|
+
return (0, exports.authFetch)(authn, {
|
|
163
164
|
url: certSignRequestUrl(authn.identity.org.slug),
|
|
164
165
|
method: "POST",
|
|
165
166
|
body: JSON.stringify({
|
|
@@ -297,7 +298,7 @@ const auditSshSessionActivity = (args) => __awaiter(void 0, void 0, void 0, func
|
|
|
297
298
|
(0, stdio_1.print2)(`Submitting audit log for request: ${requestId}, action: ${action}, sshSessionId: ${sshSessionId}`);
|
|
298
299
|
}
|
|
299
300
|
try {
|
|
300
|
-
yield authFetch(authn, {
|
|
301
|
+
yield (0, exports.authFetch)(authn, {
|
|
301
302
|
url: sshAuditUrl(authn.identity.org.slug),
|
|
302
303
|
method: "POST",
|
|
303
304
|
body: JSON.stringify({
|
|
@@ -345,6 +346,7 @@ const authFetch = (authn, args) => __awaiter(void 0, void 0, void 0, function* (
|
|
|
345
346
|
};
|
|
346
347
|
return baseFetch(Object.assign(Object.assign({}, args), { headers }));
|
|
347
348
|
});
|
|
349
|
+
exports.authFetch = authFetch;
|
|
348
350
|
const handleResponse = (response, responseText, debug) => {
|
|
349
351
|
let data;
|
|
350
352
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAsE;AAEtE,wCAA0C;AAC1C,qCAAsD;AACtD,2CAA4C;AAC5C,mCAAiC;AACjC,iCAAwC;AACxC,gDAAkC;AAGlC,MAAM,YAAY,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,kBAAS,GAAE,SAAS,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/drivers/api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAsE;AAEtE,wCAA0C;AAC1C,qCAAsD;AACtD,2CAA4C;AAC5C,mCAAiC;AACjC,iCAAwC;AACxC,gDAAkC;AAGlC,MAAM,YAAY,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,kBAAS,GAAE,SAAS,MAAM,EAAE,CAAC;AAClE,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAC1C,GAAG,IAAA,wBAAe,GAAE,CAAC,MAAM,MAAM,MAAM,EAAE,CAAC;AAD/B,QAAA,SAAS,aACsB;AAC5C,MAAM,aAAa,GAAG,CAAC,MAAc,EAAE,EAAE,CACvC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,+BAA+B,CAAC;AACtD,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,EAAE,CACxC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,6BAA6B,CAAC;AACpD,MAAM,kBAAkB,GAAG,CAAC,MAAc,EAAE,EAAE,CAC5C,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,gCAAgC,CAAC;AACvD,MAAM,WAAW,GAAG,CAAC,MAAc,EAAE,EAAE,CACrC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,yBAAyB,CAAC;AAEhD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,WAAW,CAAC;AAChE,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAE,SAAiB,EAAE,EAAE,CACpE,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,SAAS,OAAO,CAAC;AAD9B,QAAA,gBAAgB,oBACc;AAC3C,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,aAAa,CAAC;AACzE,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,GAAG,IAAA,iBAAS,EAAC,MAAM,CAAC,SAAS,CAAC;AAA9D,QAAA,SAAS,aAAqD;AAEpE,MAAM,YAAY,GAAG,CAAU,KAAa,EAAE,EAAE,kDACrD,OAAA,SAAS,CAAI,EAAE,GAAG,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA,GAAA,CAAC;AAD/C,QAAA,YAAY,gBACmC;AAErD,MAAM,gBAAgB,GAAG,CAAU,KAAY,EAAE,KAAe,EAAE,EAAE;IACzE,OAAA,IAAA,iBAAS,EAAI,KAAK,EAAE;QAClB,GAAG,EAAE,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU;QACpD,MAAM,EAAE,KAAK;QACb,KAAK;KACN,CAAC,CAAA;EAAA,CAAC;AALQ,QAAA,gBAAgB,oBAKxB;AAEE,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,WAAmB,EACnB,KAAe,EACf,EAAE;IACF,OAAA,IAAA,iBAAS,EAAI,KAAK,EAAE;QAClB,GAAG,EAAE,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,WAAW,SAAS;QAC/E,MAAM,EAAE,KAAK;QACb,KAAK;KACN,CAAC,CAAA;EAAA,CAAC;AATQ,QAAA,sBAAsB,0BAS9B;AAEE,MAAM,oBAAoB,GAAG,UAClC,KAAY,EACZ,SAAiB,EACjB,KAAe;;QAEf,cAAA,KAAK,CAAC,CAAC,iBAAA,cAAA,IAAA,0BAAkB,EACvB,KAAK,EACL;YACE,GAAG,EAAE,IAAA,wBAAgB,EAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC;YACzD,MAAM,EAAE,KAAK;SACd,EACD,KAAK,CACN,CAAA,CAAA,CAAA,CAAC;IACJ,CAAC;CAAA,CAAC;AAbW,QAAA,oBAAoB,wBAa/B;AAEK,MAAM,YAAY,GAAG,CAC1B,KAAY,EACZ,IAAmD,EACnD,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EAAI,KAAK,EAAE;QAClB,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QACxC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,IAAI;YACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;SACnC,CAAC;QACF,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;EAAA,CAAC;AAbQ,QAAA,YAAY,gBAapB;AAEL,uGAAuG;AAChG,MAAM,mBAAmB,GAAG,CACjC,KAAY,EACZ,IAAmD,EACnD,IAAc,EACd,EAAE;IACF,OAAA,IAAA,iBAAS,EAAI,KAAK,EAAE;QAClB,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QAC/C,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,IAAI;YACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;SACnC,CAAC;QACF,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC,CAAA;EAAA,CAAC;AAbQ,QAAA,mBAAmB,uBAa3B;AAEE,MAAM,eAAe,GAAG,CAC7B,KAAY,EACZ,IAA8C,EAC9C,KAAe,EACf,EAAE;IACF,OAAA,IAAA,iBAAS,EAAI,KAAK,EAAE;QAClB,GAAG,EAAE,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QAC3C,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;QACF,KAAK;KACN,CAAC,CAAA;EAAA,CAAC;AAbQ,QAAA,eAAe,mBAavB;AAEE,MAAM,gBAAgB,GAAG,CAC9B,KAAY,EACZ,SAAiB,EACjB,OAA8C,EAC9C,EAAE;IACF,OAAA,IAAA,iBAAS,EAAyB,KAAK,EAAE;QACvC,GAAG,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE;QAClI,MAAM,EAAE,KAAK;QACb,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK;KACtB,CAAC,CAAA;EAAA,CAAC;AATQ,QAAA,gBAAgB,oBASxB;AAEE,MAAM,yBAAyB,GAAG,CACvC,KAAY,EACZ,IAA8C,EAC9C,EAAE;IACF,OAAA,IAAA,iBAAS,EAAgC,KAAK,EAAE;QAC9C,GAAG,EAAE,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;QAChD,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;KACH,CAAC,CAAA;EAAA,CAAC;AAXQ,QAAA,yBAAyB,6BAWjC;AAEE,MAAM,kBAAkB,GAAG,UAChC,KAAY,EACZ,IAKC,EACD,KAAe;;QAEf,MAAM,KAAK,GAAG,cAAM,KAAK,CAAC,QAAQ,EAAE,CAAA,CAAC;QACrC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;QACjD,MAAM,YAAY,GAAG;YACnB,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;gBAClC,YAAY,EAAE,IAAA,sBAAY,GAAE;aAC7B;YACD,IAAI;YACJ,SAAS,EAAE,IAAI;SAChB,CAAC;QAEF,MAAM,YAAY,GAAG;;;gBACnB,MAAM,QAAQ,GAAG,cAAM,KAAK,CAC1B,GAAG,EACH,YAAY;oBACV,CAAC,iCAAM,YAAY,KAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,IAC9D,CAAC,CAAC,YAAY,CACjB,CAAA,CAAC;gBAEF,IAAI,CAAC,QAAQ,CAAC,IAAI;oBAAE,MAAM,qBAAqB,CAAC;gBAChD,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;oBAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBACjC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE;wBAC5B,MAAM,OAAO,CAAC,KAAK,CAAC;qBACrB;oBACD,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE;wBAChC,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC,EAAE;4BACnD,MAAM,kCAAkC,CAAC;yBAC1C;wBACD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;wBACzB,IAAI,OAAO,IAAI,IAAI,EAAE;4BACnB,MAAM,IAAI,CAAC,KAAK,CAAC;yBAClB;wBACD,OAAO,IAAS,CAAC;qBAClB;oBACD,OAAO,SAAS,CAAC,CAAC,4BAA4B;gBAChD,CAAC,CAAC;gBACF,mGAAmG;gBACnG,2CAA2C;gBAC3C,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACzC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,CAAC,mBAAmB;gBAEtD,oFAAoF;gBACpF,uFAAuF;gBACvF,+CAA+C;gBAC/C,iDAAiD;gBACjD,IAAI,MAAM,GAAG,EAAE,CAAC;gBAEhB,OAAO,IAAI,EAAE;oBACX,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,cAAM,MAAM,CAAC,IAAI,EAAE,CAAA,CAAC;oBAC5C,IAAI,IAAI;wBAAE,MAAM;oBAEhB,kEAAkE;oBAClE,4DAA4D;oBAC5D,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;oBAClD,IAAI,KAAK;wBAAE,IAAA,cAAM,EAAC,qCAAqC,MAAM,EAAE,CAAC,CAAC;oBACjE,6FAA6F;oBAC7F,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBACpC,MAAM,GAAG,MAAA,KAAK,CAAC,GAAG,EAAE,mCAAI,EAAE,CAAC;oBAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;wBACxB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;wBAC9B,IAAI,QAAQ,EAAE;4BACZ,oBAAM,QAAQ,CAAA,CAAC;yBAChB;qBACF;iBACF;gBACD,qIAAqI;gBACrI,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;oBACrB,yDAAyD;oBACzD,IAAI,KAAK,EAAE;wBACT,IAAA,cAAM,EACJ,sGAAsG;4BACpG,MAAM,CACT,CAAC;qBACH;oBACD,qFAAqF;oBACrF,gHAAgH;oBAChH,4FAA4F;oBAC5F,IAAI;wBACF,IAAI,KAAK,EAAE;4BACT,IAAA,cAAM,EACJ,8DAA8D;gCAC5D,MAAM,CACT,CAAC;yBACH;wBACD,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;qBACzC;oBAAC,OAAO,GAAG,EAAE;wBACZ,yEAAyE;wBACzE,qEAAqE;wBACrE,yBAAyB;wBACzB,IAAI,GAAG,YAAY,WAAW,EAAE;4BAC9B,8BAA8B;4BAC9B,IAAI,KAAK,EAAE;gCACT,IAAA,cAAM,EACJ,0DAA0D;oCACxD,MAAM,CAAC,GAAG,CAAC,CACd,CAAC;6BACH;4BACD,MAAM,kCAAkC,CAAC;yBAC1C;6BAAM;4BACL,MAAM,GAAG,CAAC;yBACX;qBACF;4BAAS;wBACR,cAAM,MAAM,CAAC,MAAM,EAAE,CAAA,CAAC;qBACvB;iBACF;;SACF,CAAC;QAEF,IAAI;YACF,cAAA,KAAK,CAAC,CAAC,iBAAA,cAAA,IAAA,2BAAmB,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,kCAC1C,yBAAa,KAChB,KAAK,IACL,CAAA,CAAA,CAAA,CAAC;SACJ;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,IAAA,qBAAc,EAAC,KAAK,CAAC,EAAE;gBACzB,IAAI,KAAK,EAAE;oBACT,IAAA,cAAM,EAAC,iBAAiB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;iBAC3C;gBACD,MAAM,4CAA4C,CAAC;aACpD;iBAAM;gBACL,MAAM,KAAK,CAAC;aACb;SACF;IACH,CAAC;CAAA,CAAC;AAxIW,QAAA,kBAAkB,sBAwI7B;AAEK,MAAM,uBAAuB,GAAG,CAAO,IAM7C,EAAE,EAAE;IACH,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IAE/D,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EACJ,qCAAqC,SAAS,aAAa,MAAM,mBAAmB,YAAY,EAAE,CACnG,CAAC;KACH;IAED,IAAI;QACF,MAAM,IAAA,iBAAS,EAAC,KAAK,EAAE;YACrB,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;YACzC,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS;gBACT,MAAM;gBACN,YAAY;aACb,CAAC;SACH,CAAC,CAAC;QACH,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;SACzD;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,2CAA2C,SAAS,EAAE,CAAC,CAAC;YAC/D,IAAA,cAAM,EAAC,UAAU,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;SAC3C;KACF;AACH,CAAC,CAAA,CAAC;AAlCW,QAAA,uBAAuB,2BAkClC;AAEF,MAAM,SAAS,GAAG,CAAU,IAO3B,EAAE,EAAE;IACH,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAC1D,MAAM,YAAY,mBAChB,MAAM,EACN,OAAO,kCACF,CAAC,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,EAAE,CAAC,KAClB,cAAc,EAAE,kBAAkB,EAClC,YAAY,EAAE,IAAA,sBAAY,GAAE,KAE9B,IAAI,EACJ,SAAS,EAAE,IAAI,IACZ,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACvE,CAAC;IAEF,MAAM,YAAY,GAAG,GAAS,EAAE;QAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,OAAO,cAAc,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAM,CAAC;IACzD,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,OAAO,MAAM,IAAA,sBAAc,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,kCAC3C,yBAAa,KAChB,KAAK,EAAE,IAAI,CAAC,KAAK,IACjB,CAAC;KACJ;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,IAAA,qBAAc,EAAC,KAAK,CAAC,EAAE;YACzB,MAAM,gDAAgD,GAAG,GAAG,CAAC;SAC9D;aAAM;YACL,MAAM,KAAK,CAAC;SACb;KACF;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,SAAS,GAAG,CACvB,KAAY,EACZ,IAMC,EACD,EAAE;IACF,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,UAAU,KAAK,EAAE;KACjC,CAAC;IACF,OAAO,SAAS,iCACX,IAAI,KACP,OAAO,IACP,CAAC;AACL,CAAC,CAAA,CAAC;AAlBW,QAAA,SAAS,aAkBpB;AAEF,MAAM,cAAc,GAAG,CACrB,QAAkB,EAClB,YAAoB,EACpB,KAAe,EACf,EAAE;IACF,IAAI,IAAI,CAAC;IACT,IAAI;QACF,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;KACjC;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,IAAI,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YACpC,MAAM,eAAe,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;SAC/D;aAAM;YACL,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,gBAAgB,MAAM,CAAC,GAAG,CAAC,kBAAkB,YAAY,EAAE,CAAC,CAAC;aACrE;YACD,MAAM,kCAAkC,CAAC;SAC1C;KACF;IAED,IAAI,OAAO,IAAI,IAAI,EAAE;QACnB,MAAM,IAAI,CAAC,KAAK,CAAC;KAClB;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC"}
|
|
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.getBootstrapOrgDataPath = exports.getConfigFilePath = exports.getIdentityCachePath = exports.getIdentityFilePath = void 0;
|
|
26
|
+
exports.getBootstrapOrgDataPath = exports.getConfigFilePath = exports.getIdentityCachePath = exports.getIdentityFilePath = exports.postfixPath = void 0;
|
|
27
27
|
/** Copyright © 2024-present P0 Security
|
|
28
28
|
|
|
29
29
|
This file is part of @p0security/cli
|
|
@@ -35,18 +35,20 @@ This file is part of @p0security/cli
|
|
|
35
35
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
36
36
|
**/
|
|
37
37
|
const util_1 = require("../../util");
|
|
38
|
+
const lodash_1 = require("lodash");
|
|
38
39
|
const path = __importStar(require("path"));
|
|
39
|
-
const
|
|
40
|
-
|
|
41
|
-
|
|
40
|
+
const postfixPath = (fname) => {
|
|
41
|
+
const parts = fname.split(".");
|
|
42
|
+
return path.join(util_1.P0_PATH, process.env.P0_ORG
|
|
43
|
+
? (0, lodash_1.compact)([`${parts[0]}-${process.env.P0_ORG}`, parts[1]]).join(".")
|
|
44
|
+
: fname);
|
|
45
|
+
};
|
|
46
|
+
exports.postfixPath = postfixPath;
|
|
47
|
+
const getIdentityFilePath = () => (0, exports.postfixPath)("identity.json");
|
|
42
48
|
exports.getIdentityFilePath = getIdentityFilePath;
|
|
43
|
-
const getIdentityCachePath = () =>
|
|
44
|
-
? path.join(util_1.P0_PATH, `cache-${process.env.P0_ORG}`)
|
|
45
|
-
: path.join(util_1.P0_PATH, "cache");
|
|
49
|
+
const getIdentityCachePath = () => (0, exports.postfixPath)("cache");
|
|
46
50
|
exports.getIdentityCachePath = getIdentityCachePath;
|
|
47
|
-
const getConfigFilePath = () =>
|
|
48
|
-
? path.join(util_1.P0_PATH, `config.json-${process.env.P0_ORG}`)
|
|
49
|
-
: path.join(util_1.P0_PATH, "config.json");
|
|
51
|
+
const getConfigFilePath = () => (0, exports.postfixPath)("config.json");
|
|
50
52
|
exports.getConfigFilePath = getConfigFilePath;
|
|
51
53
|
const getBootstrapOrgDataPath = (orgId) => {
|
|
52
54
|
const safeOrgId = path.basename(orgId);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path.js","sourceRoot":"","sources":["../../../../src/drivers/auth/path.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,qCAAqC;AACrC,2CAA6B;AAEtB,MAAM,
|
|
1
|
+
{"version":3,"file":"path.js","sourceRoot":"","sources":["../../../../src/drivers/auth/path.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,qCAAqC;AACrC,mCAAiC;AACjC,2CAA6B;AAEtB,MAAM,WAAW,GAAG,CAAC,KAAa,EAAE,EAAE;IAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,OAAO,IAAI,CAAC,IAAI,CACd,cAAO,EACP,OAAO,CAAC,GAAG,CAAC,MAAM;QAChB,CAAC,CAAC,IAAA,gBAAO,EAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QACpE,CAAC,CAAC,KAAK,CACV,CAAC;AACJ,CAAC,CAAC;AARW,QAAA,WAAW,eAQtB;AAEK,MAAM,mBAAmB,GAAG,GAAG,EAAE,CAAC,IAAA,mBAAW,EAAC,eAAe,CAAC,CAAC;AAAzD,QAAA,mBAAmB,uBAAsC;AAE/D,MAAM,oBAAoB,GAAG,GAAG,EAAE,CAAC,IAAA,mBAAW,EAAC,OAAO,CAAC,CAAC;AAAlD,QAAA,oBAAoB,wBAA8B;AAExD,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAAC,IAAA,mBAAW,EAAC,aAAa,CAAC,CAAC;AAArD,QAAA,iBAAiB,qBAAoC;AAE3D,MAAM,uBAAuB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,SAAS,KAAK,KAAK,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;KACzC;IAED,MAAM,QAAQ,GAAG,aAAa,SAAS,OAAO,CAAC;IAC/C,mHAAmH;IACnH,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,cAAO,EAAE,QAAQ,CAAC,CAAC;IAEzD,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,cAAO,CAAC,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;KACzC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAfW,QAAA,uBAAuB,2BAelC"}
|
|
@@ -8,6 +8,14 @@ This file is part of @p0security/cli
|
|
|
8
8
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
|
+
import yargs from "yargs";
|
|
12
|
+
/** Log with debugging
|
|
13
|
+
*
|
|
14
|
+
* Debug logs are written to stderr
|
|
15
|
+
*/
|
|
16
|
+
export declare function debug(argv: yargs.ArgumentsCamelCase<{
|
|
17
|
+
debug?: boolean;
|
|
18
|
+
}>, message: string, ...rest: any): void;
|
|
11
19
|
/** Used to output machine-readable text to stdout
|
|
12
20
|
*
|
|
13
21
|
* In general this should not be used for text meant to be consumed
|
|
@@ -19,7 +19,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
19
19
|
});
|
|
20
20
|
};
|
|
21
21
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
-
exports.spinUntil = exports.clear2 = exports.reset2 = exports.print2 = exports.print1 = void 0;
|
|
22
|
+
exports.spinUntil = exports.clear2 = exports.reset2 = exports.print2 = exports.print1 = exports.debug = void 0;
|
|
23
23
|
/** Functions to handle stdio
|
|
24
24
|
*
|
|
25
25
|
* These are essentially wrappers around console.foo, but allow for
|
|
@@ -29,6 +29,17 @@ exports.spinUntil = exports.clear2 = exports.reset2 = exports.print2 = exports.p
|
|
|
29
29
|
const util_1 = require("../util");
|
|
30
30
|
const ansi_1 = require("./ansi");
|
|
31
31
|
const process_1 = require("process");
|
|
32
|
+
/** Log with debugging
|
|
33
|
+
*
|
|
34
|
+
* Debug logs are written to stderr
|
|
35
|
+
*/
|
|
36
|
+
function debug(argv, message, ...rest) {
|
|
37
|
+
if (!argv.debug)
|
|
38
|
+
return;
|
|
39
|
+
// eslint-disable-next-line no-console
|
|
40
|
+
console.error(message, ...rest);
|
|
41
|
+
}
|
|
42
|
+
exports.debug = debug;
|
|
32
43
|
/** Used to output machine-readable text to stdout
|
|
33
44
|
*
|
|
34
45
|
* In general this should not be used for text meant to be consumed
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/drivers/stdio.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;AAEH;;;;;GAKG;AACH,kCAAgC;AAChC,iCAAuC;AACvC,qCAAiC;
|
|
1
|
+
{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../../src/drivers/stdio.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;;;;;;;;AAEH;;;;;GAKG;AACH,kCAAgC;AAChC,iCAAuC;AACvC,qCAAiC;AAGjC;;;GAGG;AACH,SAAgB,KAAK,CACnB,IAAmD,EACnD,OAAe,EACf,GAAG,IAAS;IAEZ,IAAI,CAAC,IAAI,CAAC,KAAK;QAAE,OAAO;IACxB,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;AAClC,CAAC;AARD,sBAQC;AAED;;;;GAIG;AACH,SAAgB,MAAM,CAAC,OAAY;IACjC,sCAAsC;IACtC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC;AAHD,wBAGC;AAED;;;GAGG;AACH,SAAgB,MAAM,CAAC,OAAY;IACjC,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACzB,CAAC;AAHD,wBAGC;AAED,8DAA8D;AAC9D,SAAgB,MAAM;IACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,WAAI,EAAC,IAAI,CAAC,CAAC,CAAC;AACnC,CAAC;AAFD,wBAEC;AAED,uCAAuC;AACvC,SAAgB,MAAM;IACpB,4BAA4B;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,WAAI,EAAC,IAAI,CAAC,CAAC,CAAC;IACjC,MAAM,EAAE,CAAC;AACX,CAAC;AAJD,wBAIC;AAED,MAAM,IAAI,GAAG;IACX,KAAK,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IACrC,OAAO,EAAE,GAAG;CACb,CAAC;AAEF,wDAAwD;AACjD,MAAM,SAAS,GAAG,CAAU,OAAe,EAAE,OAAmB,EAAE,EAAE;IACzE,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,EAAE,GAAG,CAAC,CAAC;IACX,MAAM,QAAQ,GAAG,gBAAM,CAAC,KAAK,CAAC;IAC9B,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,OAAO,CAAC,CAAC;KACjB;IACD,+EAA+E;IAC/E,qBAAqB;IACrB,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,MAAM,EAAE;QACd,MAAM,IAAA,YAAK,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1B,IAAI,MAAM;YAAE,MAAM;QAClB,IAAI,QAAQ,EAAE;YACZ,MAAM,EAAE,CAAC;YACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAO,CAAC,KAAK;gBACX,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBAClC,GAAG;gBACH,OAAO;gBACP,cAAO,CAAC,KAAK,CAChB,CAAC;SACH;QACD,EAAE,EAAE,CAAC;KACN;IACD,MAAM,EAAE,CAAC;IACT,OAAO,MAAM,OAAO,CAAC;AACvB,CAAC,CAAA,CAAC;AA3BW,QAAA,SAAS,aA2BpB"}
|
|
@@ -9,4 +9,9 @@ This file is part of @p0security/cli
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
11
|
export declare const AWS_API_VERSION = "2011-06-15";
|
|
12
|
-
export declare const arnPrefix: (account: string) => string;
|
|
12
|
+
export declare const arnPrefix: (account: string, partition?: string) => string;
|
|
13
|
+
/** Returns a regional STS endpoint for the given AWS partition.
|
|
14
|
+
*
|
|
15
|
+
* Regional endpoints issue v2 tokens valid in all regions of the partition.
|
|
16
|
+
* Falls back to commercial us-east-1 for unknown partitions. */
|
|
17
|
+
export declare const stsEndpoint: (partition: string) => string;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.arnPrefix = exports.AWS_API_VERSION = void 0;
|
|
3
|
+
exports.stsEndpoint = exports.arnPrefix = exports.AWS_API_VERSION = void 0;
|
|
4
4
|
/** Copyright © 2024-present P0 Security
|
|
5
5
|
|
|
6
6
|
This file is part of @p0security/cli
|
|
@@ -12,6 +12,20 @@ This file is part of @p0security/cli
|
|
|
12
12
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
13
13
|
**/
|
|
14
14
|
exports.AWS_API_VERSION = "2011-06-15";
|
|
15
|
-
const arnPrefix = (account) => `arn:
|
|
15
|
+
const arnPrefix = (account, partition = "aws") => `arn:${partition}:iam::${account}`;
|
|
16
16
|
exports.arnPrefix = arnPrefix;
|
|
17
|
+
/** Returns a regional STS endpoint for the given AWS partition.
|
|
18
|
+
*
|
|
19
|
+
* Regional endpoints issue v2 tokens valid in all regions of the partition.
|
|
20
|
+
* Falls back to commercial us-east-1 for unknown partitions. */
|
|
21
|
+
const stsEndpoint = (partition) => {
|
|
22
|
+
switch (partition) {
|
|
23
|
+
case "aws-us-gov":
|
|
24
|
+
return "https://sts.us-gov-east-1.amazonaws.com";
|
|
25
|
+
case "aws":
|
|
26
|
+
default:
|
|
27
|
+
return "https://sts.us-east-1.amazonaws.com";
|
|
28
|
+
}
|
|
29
|
+
};
|
|
30
|
+
exports.stsEndpoint = stsEndpoint;
|
|
17
31
|
//# sourceMappingURL=api.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../../src/plugins/aws/api.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,eAAe,GAAG,YAAY,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,EAAE,
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../../src/plugins/aws/api.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACU,QAAA,eAAe,GAAG,YAAY,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAE,YAAoB,KAAK,EAAE,EAAE,CACtE,OAAO,SAAS,SAAS,OAAO,EAAE,CAAC;AADxB,QAAA,SAAS,aACe;AAErC;;;gEAGgE;AACzD,MAAM,WAAW,GAAG,CAAC,SAAiB,EAAU,EAAE;IACvD,QAAQ,SAAS,EAAE;QACjB,KAAK,YAAY;YACf,OAAO,yCAAyC,CAAC;QACnD,KAAK,KAAK,CAAC;QACX;YACE,OAAO,qCAAqC,CAAC;KAChD;AACH,CAAC,CAAC;AARW,QAAA,WAAW,eAQtB"}
|
|
@@ -3,6 +3,8 @@ import { AwsCredentials } from "./types";
|
|
|
3
3
|
export declare const assumeRoleWithSaml: (args: {
|
|
4
4
|
/** An AWS account identifier */
|
|
5
5
|
account: string;
|
|
6
|
+
/** AWS partition for the role (e.g. "aws", "aws-us-gov", "aws-cn"). Defaults to "aws". */
|
|
7
|
+
partition?: string;
|
|
6
8
|
/** The account-specific role name requested */
|
|
7
9
|
role: string;
|
|
8
10
|
saml: {
|
|
@@ -24,14 +24,14 @@ const fetch_1 = require("../../common/fetch");
|
|
|
24
24
|
const xml_1 = require("../../common/xml");
|
|
25
25
|
const api_1 = require("./api");
|
|
26
26
|
const api_2 = require("./api");
|
|
27
|
-
const roleArn = (args) => `${(0, api_1.arnPrefix)(args.account)}:role/${args.role}`;
|
|
28
|
-
const stsAssume = (params) => __awaiter(void 0, void 0, void 0, function* () {
|
|
27
|
+
const roleArn = (args) => `${(0, api_1.arnPrefix)(args.account, args.partition)}:role/${args.role}`;
|
|
28
|
+
const stsAssume = (partition, params) => __awaiter(void 0, void 0, void 0, function* () {
|
|
29
29
|
// Regional endpoints issue version-2 tokens, which are valid in all AWS regions.
|
|
30
30
|
// The us-east-1 and eu-south-1 regional endpoints are the only ones that are always on.
|
|
31
31
|
// Use the us-east-1 as it should be closer to most users.
|
|
32
32
|
// Calling the global endpoints issues version-1 tokens, which are only valid in default regions.
|
|
33
33
|
// See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_region-endpoints.html
|
|
34
|
-
const url =
|
|
34
|
+
const url = (0, api_1.stsEndpoint)(partition);
|
|
35
35
|
const response = yield fetch(url, {
|
|
36
36
|
method: "POST",
|
|
37
37
|
body: new URLSearchParams(params),
|
|
@@ -49,15 +49,17 @@ const stsAssume = (params) => __awaiter(void 0, void 0, void 0, function* () {
|
|
|
49
49
|
});
|
|
50
50
|
/** Assumes an AWS role via SAML login */
|
|
51
51
|
const assumeRoleWithSaml = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
52
|
+
var _a;
|
|
53
|
+
const partition = (_a = args.partition) !== null && _a !== void 0 ? _a : "aws";
|
|
52
54
|
const params = {
|
|
53
55
|
Version: api_2.AWS_API_VERSION,
|
|
54
56
|
Action: "AssumeRoleWithSAML",
|
|
55
|
-
RoleArn: roleArn(args),
|
|
56
|
-
PrincipalArn: `${(0, api_1.arnPrefix)(args.account)}:saml-provider/${args.saml.providerName}`,
|
|
57
|
+
RoleArn: roleArn(Object.assign(Object.assign({}, args), { partition })),
|
|
58
|
+
PrincipalArn: `${(0, api_1.arnPrefix)(args.account, partition)}:saml-provider/${args.saml.providerName}`,
|
|
57
59
|
// Note that, despite the name, AWS actually expects a SAML Response
|
|
58
60
|
SAMLAssertion: args.saml.response,
|
|
59
61
|
};
|
|
60
|
-
return yield stsAssume(params);
|
|
62
|
+
return yield stsAssume(partition, params);
|
|
61
63
|
});
|
|
62
64
|
exports.assumeRoleWithSaml = assumeRoleWithSaml;
|
|
63
65
|
//# sourceMappingURL=assumeRole.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+
|
|
1
|
+
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;KAChD,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,yCAAyC;AAClC,MAAM,kBAAkB,GAAG,CAAO,IAaxC,EAA2B,EAAE;;IAC5B,MAAM,SAAS,GAAG,MAAA,IAAI,CAAC,SAAS,mCAAI,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,qBAAe;QACxB,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,OAAO,iCAAM,IAAI,KAAE,SAAS,IAAG;QACxC,YAAY,EAAE,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,kBACjD,IAAI,CAAC,IAAI,CAAC,YACZ,EAAE;QACF,oEAAoE;QACpE,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;KAClC,CAAC;IACF,OAAO,MAAM,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAA,CAAC;AA1BW,QAAA,kBAAkB,sBA0B7B"}
|
|
@@ -46,6 +46,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
46
46
|
const keys_1 = require("../../common/keys");
|
|
47
47
|
const api_1 = require("../../drivers/api");
|
|
48
48
|
const stdio_1 = require("../../drivers/stdio");
|
|
49
|
+
const delegation_1 = require("../../types/delegation");
|
|
49
50
|
const util_1 = require("../../util");
|
|
50
51
|
const aws_1 = require("../okta/aws");
|
|
51
52
|
const config_1 = require("./config");
|
|
@@ -170,14 +171,18 @@ exports.awsSshProvider = {
|
|
|
170
171
|
: undefined;
|
|
171
172
|
}),
|
|
172
173
|
requestToSsh: (request) => {
|
|
173
|
-
var _a, _b, _c, _d
|
|
174
|
+
var _a, _b, _c, _d;
|
|
174
175
|
const { permission, delegation, generated } = request;
|
|
175
176
|
const { resource, region } = permission;
|
|
176
177
|
const { instanceId } = resource;
|
|
177
178
|
const { linuxUserName, hostKeys } = generated;
|
|
179
|
+
const awsDelegate = (0, delegation_1.getDelegate)(delegation, "aws");
|
|
178
180
|
// TODO: Update after P0 backend data-model update
|
|
179
|
-
const { idcId, idcRegion, accountId } = (
|
|
180
|
-
|
|
181
|
+
const { idcId, idcRegion, accountId } = (_a = awsDelegate === null || awsDelegate === void 0 ? void 0 : awsDelegate.permission) !== null && _a !== void 0 ? _a : resource;
|
|
182
|
+
if (!accountId) {
|
|
183
|
+
throw "Backend did not provide an AWS account ID for SSH session.";
|
|
184
|
+
}
|
|
185
|
+
const name = (_d = (_b = awsDelegate === null || awsDelegate === void 0 ? void 0 : awsDelegate.generated.name) !== null && _b !== void 0 ? _b : (_c = generated === null || generated === void 0 ? void 0 : generated.resource) === null || _c === void 0 ? void 0 : _c.name) !== null && _d !== void 0 ? _d : "";
|
|
181
186
|
const common = {
|
|
182
187
|
linuxUserName,
|
|
183
188
|
accountId,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;AAC7C,uDAAqD;AAErD,qCAA0D;AAC1D,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AAQjD,gDAAkC;AAElC,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,wRAAwR;KAC3R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;;QAClD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,+CAA+C,CAAC;SACvD;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAC1B,KAAK,EACL,OAA4B,EAC5B,KAAK,CACN;gBACH,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,CAAO,OAAO,EAAE,EAAE;QAC/B,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,EAAE;YAC7C,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAEvC,eAAe,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK;;YAC/D,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;gBAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,SAAS,CAAC,IAAI,EAAE,EAAE;oBAC3D,MAAM,+DAA+D,CAAC;iBACvE;aACF;iBAAM;gBACL,MAAM,IAAA,qBAAe,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,KAAK,CAAC,CAAC;aAC/D;QACH,CAAC;KAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,OAAO;gBACL,UAAU,IAAA,iBAAU,GAAE,oBAAoB,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,gBAAgB;aACtG,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,GAAS,EAAE;QACvB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,eAAe,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1C,MAAM,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;QACvB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;QAE/C,+BAA+B;QAC/B,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC;aACrD;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SAChD;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,oCAAoC,EAAE,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aACpE;SACF;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,IAAA,sBAAgB,EAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE;YACtE,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAA,yBAAkB,EAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE;YAC7D,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,OAAO,QAAQ;YACb,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;YACtD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;;QACxB,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QACtD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;QAChC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;QAC9C,MAAM,WAAW,GAAG,IAAA,wBAAW,EAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACnD,kDAAkD;QAClD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,mCAAI,QAAQ,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,4DAA4D,CAAC;SACpE;QACD,MAAM,IAAI,GAAG,MAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,IAAI,mCAAI,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,0CAAE,IAAI,mCAAI,EAAE,CAAC;QAC5E,MAAM,MAAM,GAAG;YACb,aAAa;YACb,SAAS;YACT,MAAM;YACN,EAAE,EAAE,UAAU;YACd,QAAQ;SACT,CAAC;QACF,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -8,21 +8,24 @@ This file is part of @p0security/cli
|
|
|
8
8
|
|
|
9
9
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
10
|
**/
|
|
11
|
+
import { DelegationField } from "../../types/delegation";
|
|
11
12
|
import { AwsResourcePermissionSpec } from "../aws/types";
|
|
12
|
-
|
|
13
|
-
delegation: {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
permission: {
|
|
19
|
-
vpcId: string;
|
|
20
|
-
};
|
|
21
|
-
};
|
|
13
|
+
type AwsRdsDelegate = {
|
|
14
|
+
delegation: DelegationField<{
|
|
15
|
+
aws: AwsResourcePermissionSpec;
|
|
16
|
+
}>;
|
|
17
|
+
permission: {
|
|
18
|
+
vpcId: string;
|
|
22
19
|
};
|
|
20
|
+
};
|
|
21
|
+
export type DbPermissionSpec = {
|
|
22
|
+
delegation: DelegationField<{
|
|
23
|
+
"aws-rds": AwsRdsDelegate;
|
|
24
|
+
}>;
|
|
23
25
|
generated: object;
|
|
24
26
|
permission: {
|
|
25
27
|
instanceId: string;
|
|
26
28
|
};
|
|
27
29
|
type: "mysql" | "postgres";
|
|
28
30
|
};
|
|
31
|
+
export {};
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/** Copyright © 2024-present P0 Security
|
|
2
|
+
|
|
3
|
+
This file is part of @p0security/cli
|
|
4
|
+
|
|
5
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
+
|
|
7
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
+
|
|
9
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
+
**/
|
|
11
|
+
import { FileTransferCommandArgs } from "../../commands/file-transfer";
|
|
12
|
+
import { Authn } from "../../types/identity";
|
|
13
|
+
import { AwsResourcePermissionSpec } from "../aws/types";
|
|
14
|
+
import { S3Client } from "@aws-sdk/client-s3";
|
|
15
|
+
import yargs from "yargs";
|
|
16
|
+
export declare const provisionTransferRequest: (authn: Authn, args: yargs.ArgumentsCamelCase<FileTransferCommandArgs>) => Promise<{
|
|
17
|
+
bucket: string;
|
|
18
|
+
prefix: string;
|
|
19
|
+
region: string;
|
|
20
|
+
awsSpec: AwsResourcePermissionSpec;
|
|
21
|
+
}>;
|
|
22
|
+
export declare const generateTransferUrls: (authn: Authn, target: {
|
|
23
|
+
bucket: string;
|
|
24
|
+
key: string;
|
|
25
|
+
region: string;
|
|
26
|
+
awsSpec: AwsResourcePermissionSpec;
|
|
27
|
+
}, debug?: boolean) => Promise<{
|
|
28
|
+
s3: S3Client;
|
|
29
|
+
getUrl: string;
|
|
30
|
+
deleteUrl: string;
|
|
31
|
+
expirySeconds: {
|
|
32
|
+
get: number;
|
|
33
|
+
delete: number;
|
|
34
|
+
};
|
|
35
|
+
}>;
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.generateTransferUrls = exports.provisionTransferRequest = void 0;
|
|
13
|
+
const request_1 = require("../../commands/shared/request");
|
|
14
|
+
const auth_1 = require("../aws/auth");
|
|
15
|
+
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
16
|
+
const s3_request_presigner_1 = require("@aws-sdk/s3-request-presigner");
|
|
17
|
+
const lodash_1 = require("lodash");
|
|
18
|
+
const GET_EXPIRES_SECONDS = 5 * 60;
|
|
19
|
+
const DELETE_EXPIRES_SECONDS = 60 * 60;
|
|
20
|
+
const provisionTransferRequest = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
|
+
const response = yield (0, request_1.request)("request")(Object.assign(Object.assign({}, (0, lodash_1.pick)(args, "$0", "_")), { arguments: [
|
|
22
|
+
"file-transfer",
|
|
23
|
+
"session",
|
|
24
|
+
args.destination,
|
|
25
|
+
...(args.reason ? ["--reason", args.reason] : []),
|
|
26
|
+
], wait: true }), authn, { message: "approval-required" });
|
|
27
|
+
if (!response) {
|
|
28
|
+
throw "Did not receive a response from server";
|
|
29
|
+
}
|
|
30
|
+
const awsSpec = response.request.delegation.aws;
|
|
31
|
+
if (!awsSpec) {
|
|
32
|
+
throw "Backend granted file-transfer access, but there was an error getting AWS access details";
|
|
33
|
+
}
|
|
34
|
+
const { bucketName, bucketRegion, objectPrefix } = response.request.permission.resource;
|
|
35
|
+
return {
|
|
36
|
+
bucket: bucketName,
|
|
37
|
+
prefix: objectPrefix,
|
|
38
|
+
region: bucketRegion,
|
|
39
|
+
awsSpec,
|
|
40
|
+
};
|
|
41
|
+
});
|
|
42
|
+
exports.provisionTransferRequest = provisionTransferRequest;
|
|
43
|
+
const generateTransferUrls = (authn, target, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
44
|
+
const credentials = yield (0, auth_1.awsCloudAuth)(authn, target.awsSpec, debug);
|
|
45
|
+
const sdkCredentials = {
|
|
46
|
+
accessKeyId: credentials.AWS_ACCESS_KEY_ID,
|
|
47
|
+
secretAccessKey: credentials.AWS_SECRET_ACCESS_KEY,
|
|
48
|
+
sessionToken: credentials.AWS_SESSION_TOKEN,
|
|
49
|
+
};
|
|
50
|
+
const s3 = new client_s3_1.S3Client({
|
|
51
|
+
region: target.region,
|
|
52
|
+
credentials: sdkCredentials,
|
|
53
|
+
});
|
|
54
|
+
const objectArgs = { Bucket: target.bucket, Key: target.key };
|
|
55
|
+
const [getUrl, deleteUrl] = yield Promise.all([
|
|
56
|
+
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.GetObjectCommand(objectArgs), {
|
|
57
|
+
expiresIn: GET_EXPIRES_SECONDS,
|
|
58
|
+
}),
|
|
59
|
+
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.DeleteObjectCommand(objectArgs), {
|
|
60
|
+
expiresIn: DELETE_EXPIRES_SECONDS,
|
|
61
|
+
}),
|
|
62
|
+
]);
|
|
63
|
+
return {
|
|
64
|
+
s3,
|
|
65
|
+
getUrl,
|
|
66
|
+
deleteUrl,
|
|
67
|
+
expirySeconds: {
|
|
68
|
+
get: GET_EXPIRES_SECONDS,
|
|
69
|
+
delete: DELETE_EXPIRES_SECONDS,
|
|
70
|
+
},
|
|
71
|
+
};
|
|
72
|
+
});
|
|
73
|
+
exports.generateTransferUrls = generateTransferUrls;
|
|
74
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,2DAAwD;AAGxD,sCAA2C;AAG3C,kDAI4B;AAC5B,wEAA6D;AAC7D,mCAA8B;AAG9B,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,CAAC;AACnC,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,CAAC;AAEhC,MAAM,wBAAwB,GAAG,CACtC,KAAY,EACZ,IAAuD,EACvD,EAAE;IACF,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,eAAe;YACf,SAAS;YACT,IAAI,CAAC,WAAW;YAChB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,wCAAwC,CAAC;KAChD;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,yFAAyF,CAAC;KACjG;IAED,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,GAC9C,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAEvC,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,YAAY;QACpB,MAAM,EAAE,YAAY;QACpB,OAAO;KACR,CAAC;AACJ,CAAC,CAAA,CAAC;AAvCW,QAAA,wBAAwB,4BAuCnC;AAEK,MAAM,oBAAoB,GAAG,CAClC,KAAY,EACZ,MAKC,EACD,KAAe,EAMd,EAAE;IACH,MAAM,WAAW,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAErE,MAAM,cAAc,GAAG;QACrB,WAAW,EAAE,WAAW,CAAC,iBAAiB;QAC1C,eAAe,EAAE,WAAW,CAAC,qBAAqB;QAClD,YAAY,EAAE,WAAW,CAAC,iBAAiB;KAC5C,CAAC;IAEF,MAAM,EAAE,GAAG,IAAI,oBAAQ,CAAC;QACtB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,WAAW,EAAE,cAAc;KAC5B,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;IAC9D,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,4BAAgB,CAAC,UAAU,CAAC,EAAE;YACjD,SAAS,EAAE,mBAAmB;SAC/B,CAAC;QACF,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,+BAAmB,CAAC,UAAU,CAAC,EAAE;YACpD,SAAS,EAAE,sBAAsB;SAClC,CAAC;KACH,CAAC,CAAC;IAEH,OAAO;QACL,EAAE;QACF,MAAM;QACN,SAAS;QACT,aAAa,EAAE;YACb,GAAG,EAAE,mBAAmB;YACxB,MAAM,EAAE,sBAAsB;SAC/B;KACF,CAAC;AACJ,CAAC,CAAA,CAAC;AA/CW,QAAA,oBAAoB,wBA+C/B"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/** Copyright © 2024-present P0 Security
|
|
2
|
+
|
|
3
|
+
This file is part of @p0security/cli
|
|
4
|
+
|
|
5
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
6
|
+
|
|
7
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
8
|
+
|
|
9
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
10
|
+
**/
|
|
11
|
+
import { PermissionSpec } from "../../types/request";
|
|
12
|
+
import { AwsResourcePermissionSpec } from "../aws/types";
|
|
13
|
+
export type FileTransferPermission = {
|
|
14
|
+
resource: {
|
|
15
|
+
accountId: string;
|
|
16
|
+
instanceId: string;
|
|
17
|
+
instanceName: string;
|
|
18
|
+
arn: string;
|
|
19
|
+
region: string;
|
|
20
|
+
bucketName: string;
|
|
21
|
+
bucketRegion: string;
|
|
22
|
+
objectPrefix: string;
|
|
23
|
+
};
|
|
24
|
+
destination: string;
|
|
25
|
+
type: "resource";
|
|
26
|
+
};
|
|
27
|
+
export type FileTransferPermissionSpec = PermissionSpec<"file-transfer", FileTransferPermission, Record<string, never>> & {
|
|
28
|
+
delegation: {
|
|
29
|
+
aws?: AwsResourcePermissionSpec;
|
|
30
|
+
};
|
|
31
|
+
};
|