@p0security/cli 0.26.14 → 0.27.0

package/build/dist/plugins/file-transfer/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/build/dist/plugins/file-transfer/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/types.ts"],"names":[],"mappings":""}

package/build/dist/plugins/kubeconfig/types.d.ts

@@ -30,11 +30,9 @@ export type K8sClusterConfig = {
 export type K8sConfig = {
     "iam-write": Record<string, K8sClusterConfig>;
 };
-export type K8sPermissionSpec = PermissionSpec<"k8s", K8sResourcePermission, K8sGenerated> & {
-    delegation?: {
-        aws?: AwsResourcePermissionSpec;
-    };
-};
+export type K8sPermissionSpec = PermissionSpec<"k8s", K8sResourcePermission, K8sGenerated, {
+    aws?: AwsResourcePermissionSpec;
+}>;
 export type K8sResourcePermission = {
     resource: {
         name: string;

package/build/dist/plugins/okta/aws.js

@@ -34,9 +34,12 @@ const RETRY_ATTEMPTS = 14;
 const INITIAL_RETRY_DELAY_MS = 1000;
 const RETRY_MULTIPLIER = 2.0;
 const MAX_RETRY_DELAY_MS = 30000;
+// Matches IAM role ARNs in known AWS partitions (commercial or GovCloud).
+// Capture group 1: partition; capture group 2: account ID.
+const ROLE_ARN_PATTERN = /^arn:(aws|aws-us-gov):iam::([^:]+):role\//;
 /** Extracts all roles from a SAML assertion */
 const rolesFromSaml = (account, saml) => {
-    var _a;
+    var _a, _b, _c;
     const samlText = Buffer.from(saml, "base64").toString("ascii");
     const samlObject = (0, xml_1.parseXml)(samlText);
     const samlAttributes = samlObject["saml2p:Response"]["saml2:Assertion"]["saml2:AttributeStatement"]["saml2:Attribute"];
@@ -44,10 +47,13 @@ const rolesFromSaml = (account, saml) => {
     // Format:
     //   'arn:aws:iam::391052057035:saml-provider/p0dev-ext_okta_sso,arn:aws:iam::391052057035:role/path/to/role/SSOAmazonS3FullAccess'
     const arns = (_a = (0, lodash_1.flatten)([roleAttribute === null || roleAttribute === void 0 ? void 0 : roleAttribute["saml2:AttributeValue"]])) === null || _a === void 0 ? void 0 : _a.map((r) => r.split(",")[1]);
-    const roles = arns
-        .filter((r) => r.startsWith(`arn:aws:iam::${account}:role/`))
-        .map((r) => r.split("/").slice(1).join("/"));
-    return { arns, roles };
+    const matched = arns
+        .map((arn) => ({ arn, match: ROLE_ARN_PATTERN.exec(arn) }))
+        .filter((x) => x.match !== null && x.match[2] === account);
+    // Partition must flow to STS so we hit the right endpoint and emit ARNs in the matching partition.
+    const partition = (_c = (_b = matched[0]) === null || _b === void 0 ? void 0 : _b.match[1]) !== null && _c !== void 0 ? _c : "aws";
+    const roles = matched.map(({ arn }) => arn.split("/").slice(1).join("/"));
+    return { arns, roles, partition };
 };
 const isFederatedLogin = (config) => { var _a; return ((_a = config.login) === null || _a === void 0 ? void 0 : _a.type) === "federated"; };
 /** Retrieves the configured Okta SAML response for the specified account
@@ -74,12 +80,13 @@ const assumeRoleWithOktaSaml = (authn, args, debug) => __awaiter(void 0, void 0,
         // Add retry logic to handle this race condition.
         return yield (0, retry_1.retryWithSleep)(() => __awaiter(void 0, void 0, void 0, function* () {
             const { account, config, samlResponse } = yield initOktaSaml(authn, args.accountId, debug);
-            const { roles } = rolesFromSaml(account, samlResponse);
+            const { roles, partition } = rolesFromSaml(account, samlResponse);
             if (!roles.includes(args.role)) {
                 throw `Role ${args.role} not available. Available roles:\n${roles.map((r) => `  ${r}`).join("\n")}`;
             }
             return yield (0, assumeRole_1.assumeRoleWithSaml)({
                 account,
+                partition,
                 role: args.role,
                 saml: {
                     providerName: config.login.provider.identityProvider,

package/build/dist/plugins/okta/aws.js.map

@@ -1 +1 @@
-{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI;SACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,gBAAgB,OAAO,QAAQ,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EACjD,QAAQ,EACR,MAAM,CAAC,KAAK,EACZ,KAAK,CACN,CAAC;IACF,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAhDS,QAAA,sBAAsB,0BAgD/B"}
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../../src/plugins/okta/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAoD;AACpD,0CAA4C;AAC5C,6CAA4C;AAE5C,kDAAuD;AACvD,0CAA6C;AAE7C,mCAAmD;AACnD,mCAAiC;AAEjC,6DAA6D;AAC7D,oFAAoF;AACpF,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AAC9D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAEjC,0EAA0E;AAC1E,2DAA2D;AAC3D,MAAM,gBAAgB,GAAG,2CAA2C,CAAC;AAErE,+CAA+C;AAC/C,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,EAAE;;IACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,cAAc,GAClB,UAAU,CAAC,iBAAiB,CAAC,CAAC,iBAAiB,CAAC,CAC9C,0BAA0B,CAC3B,CAAC,iBAAiB,CAAC,CAAC;IACvB,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,WAAW,CAAC,IAAI,KAAK,6CAA6C,CACvE,CAAC;IACF,UAAU;IACV,mIAAmI;IACnI,MAAM,IAAI,GAAG,MACX,IAAA,gBAAO,EAAC,CAAC,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAG,sBAAsB,CAAC,CAAC,CAClD,0CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI;SACjB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;SAC1D,MAAM,CACL,CAAC,CAAC,EAAgD,EAAE,CAClD,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAC7C,CAAC;IACJ,mGAAmG;IACnG,MAAM,SAAS,GAAG,MAAA,MAAA,OAAO,CAAC,CAAC,CAAC,0CAAE,KAAK,CAAC,CAAC,CAAC,mCAAI,KAAK,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CACvB,MAAe,EACmC,EAAE,WACpD,OAAA,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW,CAAA,EAAA,CAAC;AAErC;;;;GAIG;AACH,MAAM,YAAY,GAAG,CACnB,KAAY,EACZ,OAA2B,EAC3B,KAAe,EACf,EAAE;;IACF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,MAAA,MAAM,CAAC,KAAK,mCAAI,MAAM,CAAC,EAAE,yCAAyC,CAAC;IACtF,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAwB,EACjD,QAAQ,EACR,MAAM,CAAC,KAAK,EACZ,KAAK,CACN,CAAC;IACF,OAAO;QACL,YAAY;QACZ,MAAM;QACN,OAAO,EAAE,MAAM,CAAC,EAAE;KACnB,CAAC;AACJ,CAAC,CAAA,CAAC;AAEK,MAAM,sBAAsB,GAAG,CACpC,KAAY,EACZ,IAA0C,EAC1C,KAAe,EACf,EAAE;IACF,OAAA,MAAM,IAAA,aAAM,EACV,YAAY,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,EACzC,GAAS,EAAE;QACT,+FAA+F;QAC/F,2FAA2F;QAC3F,iDAAiD;QACjD,OAAO,MAAM,IAAA,sBAAc,EACzB,GAAS,EAAE;YACT,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,YAAY,CAC1D,KAAK,EACL,IAAI,CAAC,SAAS,EACd,KAAK,CACN,CAAC;YACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAClE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9B,MAAM,QAAQ,IAAI,CAAC,IAAI,qCAAqC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;aACrG;YACD,OAAO,MAAM,IAAA,+BAAkB,EAAC;gBAC9B,OAAO;gBACP,SAAS;gBACT,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,IAAI,EAAE;oBACJ,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB;oBACpD,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAC;QACL,CAAC,CAAA,EACD;YACE,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;gBAC9B,0EAA0E;gBAC1E,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;oBACzB,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,CACvC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,sBAAsB;YAC/B,UAAU,EAAE,gBAAgB;YAC5B,UAAU,EAAE,kBAAkB;YAC9B,KAAK;SACN,CACF,CAAC;IACJ,CAAC,CAAA,EACD,EAAE,QAAQ,EAAE,MAAM,EAAE,CACrB,CAAA;EAAA,CAAC;AAjDS,QAAA,sBAAsB,0BAiD/B"}

package/build/dist/types/delegation.d.ts

@@ -0,0 +1,39 @@
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+/** An entry in the new array-form delegation shape.
+ *
+ * The backend used to send delegation as a record (`{ aws: { ... } }`); it now
+ * sends it as an array of `{ key, request }` entries. The `request` field holds
+ * what used to be the record's value (permission, generated, nested delegation).
+ */
+export type DelegationEntry<K extends string, R> = {
+    key: K;
+    request: R;
+};
+/** Delegation field that tolerates both the legacy record form and the new
+ * array form. Callers should not read this directly — use {@link getDelegate}.
+ */
+export type DelegationField<Spec extends Record<string, any>> = {
+    [K in keyof Spec & string]: DelegationEntry<K, Spec[K]>;
+}[keyof Spec & string][] | Spec;
+/** Resolve a delegate by key, accepting either the legacy record-form
+ * delegation or the new array-form delegation.
+ *
+ * Returns the underlying delegate value (with `permission`, `generated`,
+ * and nested `delegation` fields), or `undefined` if no entry matches.
+ *
+ * The generic shape (`K`, `V` rather than the full `Spec` record) is
+ * deliberate: matching the union `DelegationField<Spec>` bidirectionally
+ * confuses TS's inference and can lock `Spec` onto the array branch.
+ * Pinning `K` to the key argument and inferring `V` from the value avoids
+ * that.
+ */
+export declare const getDelegate: <K extends string, V>(delegation: { [P in K]?: V | undefined; } | DelegationEntry<K, V>[] | null | undefined, key: K) => V | undefined;

package/build/dist/types/delegation.js

@@ -0,0 +1,36 @@
+"use strict";
+/** Copyright © 2024-present P0 Security
+
+This file is part of @p0security/cli
+
+@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
+
+@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
+**/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDelegate = void 0;
+/** Resolve a delegate by key, accepting either the legacy record-form
+ * delegation or the new array-form delegation.
+ *
+ * Returns the underlying delegate value (with `permission`, `generated`,
+ * and nested `delegation` fields), or `undefined` if no entry matches.
+ *
+ * The generic shape (`K`, `V` rather than the full `Spec` record) is
+ * deliberate: matching the union `DelegationField<Spec>` bidirectionally
+ * confuses TS's inference and can lock `Spec` onto the array branch.
+ * Pinning `K` to the key argument and inferring `V` from the value avoids
+ * that.
+ */
+const getDelegate = (delegation, key) => {
+    if (delegation == null)
+        return undefined;
+    if (Array.isArray(delegation)) {
+        const entry = delegation.find((e) => (e === null || e === void 0 ? void 0 : e.key) === key);
+        return entry === null || entry === void 0 ? void 0 : entry.request;
+    }
+    return delegation[key];
+};
+exports.getDelegate = getDelegate;
+//# sourceMappingURL=delegation.js.map

package/build/dist/types/delegation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation.js","sourceRoot":"","sources":["../../../src/types/delegation.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAsBH;;;;;;;;;;;GAWG;AACI,MAAM,WAAW,GAAG,CACzB,UAAyE,EACzE,GAAM,EACS,EAAE;IACjB,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,SAAS,CAAC;IACzC,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,MAAK,GAAG,CAAC,CAAC;QACrD,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC;KACvB;IACD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC,CAAC;AAVW,QAAA,WAAW,eAUtB"}

package/build/dist/types/request.d.ts

@@ -9,19 +9,21 @@ This file is part of @p0security/cli
 You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
 **/
 import { DbPermissionSpec } from "../plugins/db/types";
+import { FileTransferPermissionSpec } from "../plugins/file-transfer/types";
 import { K8sPermissionSpec } from "../plugins/kubeconfig/types";
+import { DelegationField } from "./delegation";
 import { AzureRdpRequest } from "./rdp";
 import { PluginSshRequest } from "./ssh";
 export declare const DONE_STATUSES: readonly ["DONE", "DONE_NOTIFIED"];
 export declare const DENIED_STATUSES: readonly ["DENIED", "DENIED_NOTIFIED"];
 export declare const ERROR_STATUSES: readonly ["ERRORED", "ERRORED", "ERRORED_NOTIFIED"];
-export type PermissionSpec<K extends string, P extends Record<string, any>, G extends object | undefined = undefined, D extends Record<string, PermissionSpec<any, any, any, any>> = Record<string, never>> = {
+export type PermissionSpec<K extends string, P extends Record<string, any>, G extends object | undefined = undefined, D extends Record<string, PermissionSpec<any, any, any, any> | undefined> = Record<string, never>> = {
     type: K;
     permission: P;
     generated: G;
-    delegation: D;
+    delegation?: DelegationField<D>;
 };
-export type PluginRequest = AzureRdpRequest | DbPermissionSpec | K8sPermissionSpec | PluginSshRequest;
+export type PluginRequest = AzureRdpRequest | DbPermissionSpec | FileTransferPermissionSpec | K8sPermissionSpec | PluginSshRequest;
 export type PermissionRequest<P extends PluginRequest> = P & {
     error?: {
         message: string;

package/build/dist/types/request.js.map

@@ -1 +1 @@
-{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/types/request.ts"],"names":[],"mappings":";;;AAea,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../../../src/types/request.ts"],"names":[],"mappings":";;;AAiBa,QAAA,aAAa,GAAG,CAAC,MAAM,EAAE,eAAe,CAAU,CAAC;AACnD,QAAA,eAAe,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAU,CAAC;AACzD,QAAA,cAAc,GAAG;IAC5B,SAAS;IACT,SAAS;IACT,kBAAkB;CACV,CAAC"}