@p0security/cli 0.27.0 → 0.27.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/commands/aws/rds.js +12 -8
- package/build/dist/commands/aws/rds.js.map +1 -1
- package/build/dist/commands/aws/util.js +6 -4
- package/build/dist/commands/aws/util.js.map +1 -1
- package/build/dist/commands/file-transfer.js +10 -7
- package/build/dist/commands/file-transfer.js.map +1 -1
- package/build/dist/plugins/aws/assumeRole.js +7 -0
- package/build/dist/plugins/aws/assumeRole.js.map +1 -1
- package/build/dist/plugins/aws/ssh.js +2 -3
- package/build/dist/plugins/aws/ssh.js.map +1 -1
- package/build/dist/plugins/aws/types.d.ts +4 -1
- package/build/dist/plugins/file-transfer/index.d.ts +19 -3
- package/build/dist/plugins/file-transfer/index.js +44 -19
- package/build/dist/plugins/file-transfer/index.js.map +1 -1
- package/build/dist/plugins/google/auth.d.ts +4 -0
- package/build/dist/plugins/google/auth.js +75 -0
- package/build/dist/plugins/google/auth.js.map +1 -0
- package/build/dist/plugins/google/ssh-key.js +7 -3
- package/build/dist/plugins/google/ssh-key.js.map +1 -1
- package/build/dist/plugins/google/ssh.js +5 -2
- package/build/dist/plugins/google/ssh.js.map +1 -1
- package/build/dist/plugins/ssh/index.js +17 -4
- package/build/dist/plugins/ssh/index.js.map +1 -1
- package/build/dist/util.d.ts +28 -0
- package/build/dist/util.js +31 -1
- package/build/dist/util.js.map +1 -1
- package/build/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
|
@@ -139,12 +139,16 @@ const rdsGenerateDbAuthToken = (argv, authn) => __awaiter(void 0, void 0, void 0
|
|
|
139
139
|
];
|
|
140
140
|
const { command, args } = (0, util_1.osSafeCommand)("aws", generateTokenArgs);
|
|
141
141
|
const result = yield (0, util_1.exec)(command, args, { check: true });
|
|
142
|
-
const
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
const
|
|
146
|
-
|
|
147
|
-
|
|
142
|
+
const formatter = (0, util_1.newShellFormatter)();
|
|
143
|
+
const password = result.stdout.trim();
|
|
144
|
+
const rdsHostRef = formatter.formatEnvReference("RDS_HOST");
|
|
145
|
+
const rdsCaRef = formatter.formatEnvReference("RDS_SSL_CA");
|
|
146
|
+
const pgInstructions = `${formatter.formatEnvAssignment("PGPASSWORD", password, { quote: true })}
|
|
147
|
+
|
|
148
|
+
psql "host=${rdsHostRef} port=${port} sslmode=verify-full sslrootcert=${rdsCaRef} ${database ? `dbname=${database} ` : ""}user=${userName}"`;
|
|
149
|
+
const mysqlInstructions = `${formatter.formatEnvAssignment("MYSQL_PWD", password, { quote: true })}
|
|
150
|
+
|
|
151
|
+
mysql -h ${rdsHostRef} --ssl-ca=${rdsCaRef} --ssl-verify-server-cert -P ${port} -u ${userName} ${database}`;
|
|
148
152
|
(0, stdio_1.print2)(result.stderr);
|
|
149
153
|
(0, stdio_1.print2)(`Access your database by exporting the result of this command and executing psql in an environment with network access to the instance.
|
|
150
154
|
|
|
@@ -154,8 +158,8 @@ If you are executing from CloudShell this will be done for you already, and the
|
|
|
154
158
|
|
|
155
159
|
On CloudShell, you can execute:
|
|
156
160
|
|
|
157
|
-
|
|
158
|
-
|
|
161
|
+
${formatter.formatEnvAssignment("RDS_SSL_CA", "/certs/global-bundle.pem", { quote: true })}
|
|
162
|
+
${formatter.formatEnvAssignment("RDS_HOST", dbConfig.hostname, { quote: true })}
|
|
159
163
|
${argv.arch === "mysql" ? mysqlInstructions : argv.arch === "postgres" ? pgInstructions : (0, util_1.throwAssertNever)(argv.arch)}
|
|
160
164
|
|
|
161
165
|
`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../src/commands/aws/rds.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAA2D;AAC3D,+CAAqD;AACrD,iDAAsD;AACtD,mDAAmD;AAEnD,uDAAqD;AAGrD,
|
|
1
|
+
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../src/commands/aws/rds.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAA2D;AAC3D,+CAAqD;AACrD,iDAAsD;AACtD,mDAAmD;AAEnD,uDAAqD;AAGrD,qCAKoB;AACpB,sCAAkD;AAClD,+CAA4C;AAC5C,mCAAyE;AACzE,2CAAiC;AAoBjC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,UAAU,CAAU,CAAC;AAY/C,MAAM,GAAG,GAAG,CACjB,KAAkD,EAClD,KAAY,EACZ,EAAE,CACF,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,uBAAuB,EAAE,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK;IACH,+DAA+D;IAC/D,oEAAoE;IACpE,0CAA0C;KACzC,aAAa,CAAC,CAAC,CAAC;KAChB,OAAO,CACN,wBAAwB,EACxB,+CAA+C,EAC/C,CAAC,CAA8C,EAAE,EAAE,CACjD,CAAC;KACE,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,cAAc;IACvB,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,gDAAgD;CAC3D,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,wBAAwB;CACnC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,oBAAoB;CAC/B,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AACN,oCAAoC;AACpC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,KAAK,CAAC,CAC9C,CACJ,CAAC;AAzCS,QAAA,GAAG,OAyCZ;AAEJ,MAAM,gBAAgB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;IAC7D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC;IAE9B,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,CAGvC;QACE,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,CAAC,EAAE,EAAE;QACL,SAAS,EAAE;YACT,WAAW;YACX,MAAM;YACN,IAAI,CAAC,IAAI;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD;QACD,IAAI,EAAE,IAAI;KACX,EACD,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAErC,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,WAAW,GAAG,CAClB,IAAa,EACb,MAAwB,EACxB,KAAY,EACZ,EAAE;;IACF,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAsB,EAC1C,KAAK,EACL,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,UAAU,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAC3C,MAAM,uBAAuB,UAAU,EAAE,CAAC;KAC3C;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;;IACnE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAEnD,MAAM,cAAc,GAAG,IAAA,wBAAW,EAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACjE,MAAM,aAAa,GAAG,IAAA,wBAAW,EAAC,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IACrE,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,0BAA0B,MAAM,CAAC,UAAU,CAAC,UAAU,yBAAyB,CAAC;KACvF;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACxD,MAAM,IAAI,GACR,MAAA,QAAQ,CAAC,IAAI,mCACb,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;QACpB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU;YACxB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAA,IAAI,CAAC,QAAQ,mCAAI,QAAQ,CAAC,SAAS,CAAC;IAErD,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC;IAEhD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,+CAA+C,CAAC;KACvD;IAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEzE,MAAM,IAAA,+BAAuB,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,IAAA,6BAAqB,EAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAErD,MAAM,iBAAiB,GAAG;QACxB,KAAK;QACL,wBAAwB;QACxB,YAAY;QACZ,QAAQ,CAAC,QAAQ;QACjB,QAAQ;QACR,IAAI;QACJ,UAAU;QACV,MAAM;QACN,YAAY;QACZ,QAAQ;QACR,WAAW;QACX,WAAW;KACZ,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,oBAAa,EAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;IAElE,MAAM,MAAM,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1D,MAAM,SAAS,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,SAAS,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,SAAS,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAE5D,MAAM,cAAc,GAAG,GAAG,SAAS,CAAC,mBAAmB,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;;eAEnF,UAAU,SAAS,IAAI,oCAAoC,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,UAAU,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,QAAQ,GAAG,CAAC;IAE7I,MAAM,iBAAiB,GAAG,GAAG,SAAS,CAAC,mBAAmB,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;;aAEvF,UAAU,aAAa,QAAQ,gCAAgC,IAAI,OAAO,QAAQ,IAAI,QAAQ,EAAE,CAAC;IAE5G,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACtB,IAAA,cAAM,EAAC;;;;;;;;IAQL,SAAS,CAAC,mBAAmB,CAAC,YAAY,EAAE,0BAA0B,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACxF,SAAS,CAAC,mBAAmB,CAAC,UAAU,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC7E,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC;;CAEtH,CAAC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE;QAClD,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;KACvB;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI;QAAE,gBAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAClD,CAAC,CAAA,CAAC"}
|
|
@@ -12,6 +12,7 @@ This file is part of @p0security/cli
|
|
|
12
12
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
13
13
|
**/
|
|
14
14
|
const stdio_1 = require("../../drivers/stdio");
|
|
15
|
+
const util_1 = require("../../util");
|
|
15
16
|
const typescript_1 = require("typescript");
|
|
16
17
|
const CREDENTIAL_FIELDS = [
|
|
17
18
|
"AWS_ACCESS_KEY_ID",
|
|
@@ -23,19 +24,20 @@ const printAwsCredentials = (awsCredentials, command) => {
|
|
|
23
24
|
var _a;
|
|
24
25
|
const isTty = (_a = typescript_1.sys.writeOutputIsTTY) === null || _a === void 0 ? void 0 : _a.call(typescript_1.sys);
|
|
25
26
|
const indent = isTty ? " " : "";
|
|
27
|
+
const formatter = (0, util_1.newShellFormatter)();
|
|
26
28
|
if (isTty)
|
|
27
29
|
(0, stdio_1.print2)("Execute the following commands:\n");
|
|
28
30
|
for (const key of CREDENTIAL_FIELDS) {
|
|
29
31
|
const value = awsCredentials[key];
|
|
30
32
|
if (value) {
|
|
31
|
-
(0, stdio_1.print1)(`${indent}
|
|
33
|
+
(0, stdio_1.print1)(`${indent}${formatter.formatEnvAssignment(key, value)}`);
|
|
32
34
|
}
|
|
33
35
|
}
|
|
34
36
|
if (isTty) {
|
|
35
37
|
(0, stdio_1.print2)(`
|
|
36
|
-
Or, populate these environment variables
|
|
37
|
-
|
|
38
|
-
$(
|
|
38
|
+
Or, populate these environment variables by evaluating the output of this command:
|
|
39
|
+
|
|
40
|
+
${formatter.formatEvalCommand(command)} `);
|
|
39
41
|
}
|
|
40
42
|
};
|
|
41
43
|
exports.printAwsCredentials = printAwsCredentials;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/commands/aws/util.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,+CAAqD;AAErD,2CAAiC;AAEjC,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/commands/aws/util.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,+CAAqD;AAErD,qCAA+C;AAC/C,2CAAiC;AAEjC,MAAM,iBAAiB,GAAkC;IACvD,mBAAmB;IACnB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEK,MAAM,mBAAmB,GAAG,CACjC,cAA8B,EAC9B,OAAe,EACf,EAAE;;IACF,MAAM,KAAK,GAAG,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAC;IACvC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAA,wBAAiB,GAAE,CAAC;IAEtC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,mCAAmC,CAAC,CAAC;IAEvD,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE;QACnC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,GAAG,MAAM,GAAG,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;SACjE;KACF;IAED,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC;;;IAGP,SAAS,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KAC1C;AACH,CAAC,CAAC;AAvBW,QAAA,mBAAmB,uBAuB9B"}
|
|
@@ -28,6 +28,7 @@ const file_transfer_1 = require("../plugins/file-transfer");
|
|
|
28
28
|
const lib_storage_1 = require("@aws-sdk/lib-storage");
|
|
29
29
|
const fs_1 = require("fs");
|
|
30
30
|
const node_path_1 = require("node:path");
|
|
31
|
+
const renderDurationSec = (s) => s >= 3600 ? `${Math.round(s / 3600)}h` : `${Math.round(s / 60)}m`;
|
|
31
32
|
const fileTransferCommand = (yargs) => yargs.command("file-transfer <source> <destination>", "Transfer a local file to a remote instance via a temporary S3 bucket.", (yargs) => yargs
|
|
32
33
|
.positional("source", {
|
|
33
34
|
type: "string",
|
|
@@ -73,13 +74,7 @@ const fileTransferAction = (args) => __awaiter(void 0, void 0, void 0, function*
|
|
|
73
74
|
// local file's basename so the S3 object preserves the original filename.
|
|
74
75
|
const uploadKey = `${target.prefix}${(0, node_path_1.basename)(args.source)}`;
|
|
75
76
|
(0, stdio_1.print2)("Preparing upload credentials...");
|
|
76
|
-
const
|
|
77
|
-
const renderDurationSec = (s) => s >= 3600 ? `${Math.round(s / 3600)}h` : `${Math.round(s / 60)}m`;
|
|
78
|
-
// TODO: remove logging when we remove the launchdarkly file-transfer flag
|
|
79
|
-
if (args.debug) {
|
|
80
|
-
(0, stdio_1.print2)(`GET (${renderDurationSec(expirySeconds.get)}): ${getUrl}`);
|
|
81
|
-
(0, stdio_1.print2)(`DELETE (${renderDurationSec(expirySeconds.delete)}): ${deleteUrl}`);
|
|
82
|
-
}
|
|
77
|
+
const s3 = (0, file_transfer_1.createTransferClient)(authn, target, args.debug);
|
|
83
78
|
(0, stdio_1.print2)(`Uploading ${args.source}...`);
|
|
84
79
|
// The backend grants the AWS role permission to write to our prefix, but
|
|
85
80
|
// IAM has eventual consistency — the policy can take several seconds to
|
|
@@ -123,6 +118,14 @@ const fileTransferAction = (args) => __awaiter(void 0, void 0, void 0, function*
|
|
|
123
118
|
throw `Upload failed: ${message}`;
|
|
124
119
|
}
|
|
125
120
|
(0, stdio_1.print2)("Uploaded.");
|
|
121
|
+
// Sign the download/cleanup URLs only now that the file is uploaded — the
|
|
122
|
+
// GET window is finite, so we don't want it ticking during the upload.
|
|
123
|
+
const { getUrl, deleteUrl, expirySeconds } = yield (0, file_transfer_1.generateTransferUrls)(authn, s3, { bucket: target.bucket, key: uploadKey, awsSpec: target.awsSpec }, args.debug);
|
|
124
|
+
// TODO: remove logging when we remove the launchdarkly file-transfer flag
|
|
125
|
+
if (args.debug) {
|
|
126
|
+
(0, stdio_1.print2)(`GET (${renderDurationSec(expirySeconds.get)}): ${getUrl}`);
|
|
127
|
+
(0, stdio_1.print2)(`DELETE (${renderDurationSec(expirySeconds.delete)}): ${deleteUrl}`);
|
|
128
|
+
}
|
|
126
129
|
}), {
|
|
127
130
|
command: "file-transfer",
|
|
128
131
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-transfer.js","sourceRoot":"","sources":["../../../src/commands/file-transfer.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA+C;AAC/C,4CAA0C;AAC1C,gEAA0D;AAC1D,
|
|
1
|
+
{"version":3,"file":"file-transfer.js","sourceRoot":"","sources":["../../../src/commands/file-transfer.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA+C;AAC/C,4CAA0C;AAC1C,gEAA0D;AAC1D,4DAIkC;AAClC,sDAA8C;AAC9C,2BAAgD;AAChD,yCAAqC;AAUrC,MAAM,iBAAiB,GAAG,CAAC,CAAS,EAAE,EAAE,CACtC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC;AAE7D,MAAM,mBAAmB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACvD,KAAK,CAAC,OAAO,CACX,sCAAsC,EACtC,uEAAuE,EACvE,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,iBAAiB;CAC/B,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,yCAAyC;CACvD,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,iDAAiD;CAC5D,CAAC,EACN,kBAAkB,CACnB,CAAC;AAzBS,QAAA,mBAAmB,uBAyB5B;AAEJ,MAAM,kBAAkB,GAAG,CACzB,IAAuD,EACvD,EAAE;IACF,MAAM,IAAA,wBAAS,EACb,uBAAuB,EACvB,CAAO,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAEnD,4EAA4E;QAC5E,6EAA6E;QAC7E,oDAAoD;QACpD,IAAI,WAAW,CAAC;QAChB,IAAI;YACF,WAAW,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;SACrC;QAAC,WAAM;YACN,MAAM,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC;SAC/C;QACD,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE;YACzB,MAAM,sCAAsC,IAAI,CAAC,MAAM,EAAE,CAAC;SAC3D;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;QAEvC,IAAA,cAAM,EAAC,oCAAoC,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,wCAAwB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC3D,IAAA,cAAM,EAAC,4BAA4B,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAErE,wEAAwE;QACxE,0EAA0E;QAC1E,MAAM,SAAS,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,IAAA,oBAAQ,EAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAE7D,IAAA,cAAM,EAAC,iCAAiC,CAAC,CAAC;QAC1C,MAAM,EAAE,GAAG,IAAA,oCAAoB,EAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAE3D,IAAA,cAAM,EAAC,aAAa,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;QAEtC,yEAAyE;QACzE,wEAAwE;QACxE,iEAAiE;QACjE,qDAAqD;QACrD,IAAI;YACF,MAAM,IAAA,sBAAc,EAClB,GAAS,EAAE;gBACT,MAAM,MAAM,GAAG,IAAI,oBAAM,CAAC;oBACxB,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE;wBACN,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,GAAG,EAAE,SAAS;wBACd,IAAI,EAAE,IAAA,qBAAgB,EAAC,IAAI,CAAC,MAAM,CAAC;qBACpC;iBACF,CAAC,CAAC;gBACH,MAAM,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,QAAQ,EAAE,EAAE;;oBAC3C,MAAM,MAAM,GAAG,MAAA,QAAQ,CAAC,MAAM,mCAAI,CAAC,CAAC;oBACpC,MAAM,KAAK,GAAG,MAAA,QAAQ,CAAC,KAAK,mCAAI,CAAC,CAAC;oBAClC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC7C,MAAM,GAAG,GAAG,KAAK;wBACf,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,IAAI;wBAC7C,CAAC,CAAC,EAAE,CAAC;oBACP,IAAA,cAAM,EAAC,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC,CAAC;gBACtC,CAAC,CAAC,CAAC;gBACH,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACtB,CAAC,CAAA,EACD;gBACE,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,IAAK;gBACd,UAAU,EAAE,KAAM;gBAClB,UAAU,EAAE,GAAG;gBACf,YAAY,EAAE,GAAG;gBACjB,mEAAmE;gBACnE,kEAAkE;gBAClE,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE,CACnB,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc;gBACrD,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CACF,CAAC;SACH;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,kBAAkB,OAAO,EAAE,CAAC;SACnC;QAED,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC;QAEpB,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,IAAA,oCAAoB,EACrE,KAAK,EACL,EAAE,EACF,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAClE,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,0EAA0E;QAC1E,IAAI,IAAI,CAAC,KAAK,EAAE;YACd,IAAA,cAAM,EAAC,WAAW,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,MAAM,EAAE,CAAC,CAAC;YACtE,IAAA,cAAM,EACJ,WAAW,iBAAiB,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,SAAS,EAAE,CACpE,CAAC;SACH;IACH,CAAC,CAAA,EACD;QACE,OAAO,EAAE,eAAe;KACzB,CACF,CAAC;AACJ,CAAC,CAAA,CAAC"}
|
|
@@ -40,11 +40,18 @@ const stsAssume = (partition, params) => __awaiter(void 0, void 0, void 0, funct
|
|
|
40
40
|
const stsXml = yield response.text();
|
|
41
41
|
const stsObject = (0, xml_1.parseXml)(stsXml);
|
|
42
42
|
const stsCredentials = stsObject.AssumeRoleWithSAMLResponse.AssumeRoleWithSAMLResult.Credentials;
|
|
43
|
+
// Date.parse returns NaN for a missing/malformed Expiration. Normalize that to
|
|
44
|
+
// undefined so downstream consumers treat it as "expiry unknown"
|
|
45
|
+
const parsedExpiration = Date.parse(stsCredentials.Expiration);
|
|
46
|
+
const expiresAt = Number.isNaN(parsedExpiration)
|
|
47
|
+
? undefined
|
|
48
|
+
: parsedExpiration;
|
|
43
49
|
return {
|
|
44
50
|
AWS_ACCESS_KEY_ID: stsCredentials.AccessKeyId,
|
|
45
51
|
AWS_SECRET_ACCESS_KEY: stsCredentials.SecretAccessKey,
|
|
46
52
|
AWS_SESSION_TOKEN: stsCredentials.SessionToken,
|
|
47
53
|
AWS_SECURITY_TOKEN: stsCredentials.SessionToken,
|
|
54
|
+
expiresAt, // epoch ms, or undefined if AWS gave us an unparseable Expiration
|
|
48
55
|
};
|
|
49
56
|
});
|
|
50
57
|
/** Assumes an AWS role via SAML login */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;
|
|
1
|
+
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,+EAA+E;IAC/E,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,gBAAgB,CAAC;IACrB,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;QAC/C,SAAS,EAAE,kEAAkE;KAC9E,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,yCAAyC;AAClC,MAAM,kBAAkB,GAAG,CAAO,IAaxC,EAA2B,EAAE;;IAC5B,MAAM,SAAS,GAAG,MAAA,IAAI,CAAC,SAAS,mCAAI,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,qBAAe;QACxB,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,OAAO,iCAAM,IAAI,KAAE,SAAS,IAAG;QACxC,YAAY,EAAE,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,kBACjD,IAAI,CAAC,IAAI,CAAC,YACZ,EAAE;QACF,oEAAoE;QACpE,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;KAClC,CAAC;IACF,OAAO,MAAM,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAA,CAAC;AA1BW,QAAA,kBAAkB,sBA0B7B"}
|
|
@@ -131,9 +131,8 @@ exports.awsSshProvider = {
|
|
|
131
131
|
reproCommands: (request) => {
|
|
132
132
|
// TODO: Add manual commands for IDC login
|
|
133
133
|
if (request.access !== "idc") {
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
];
|
|
134
|
+
const assumeCommand = `${(0, util_1.getAppName)()} aws role assume ${request.role} --account ${request.accountId} --no-request`;
|
|
135
|
+
return [(0, util_1.newShellFormatter)().formatEvalCommand(assumeCommand)];
|
|
137
136
|
}
|
|
138
137
|
return undefined;
|
|
139
138
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;AAC7C,uDAAqD;AAErD,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;AAC7C,uDAAqD;AAErD,qCAA6E;AAC7E,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AAQjD,gDAAkC;AAElC,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,wRAAwR;KAC3R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;;QAClD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,+CAA+C,CAAC;SACvD;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAC1B,KAAK,EACL,OAA4B,EAC5B,KAAK,CACN;gBACH,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,CAAO,OAAO,EAAE,EAAE;QAC/B,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,EAAE;YAC7C,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAEvC,eAAe,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK;;YAC/D,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;gBAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,SAAS,CAAC,IAAI,EAAE,EAAE;oBAC3D,MAAM,+DAA+D,CAAC;iBACvE;aACF;iBAAM;gBACL,MAAM,IAAA,qBAAe,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,KAAK,CAAC,CAAC;aAC/D;QACH,CAAC;KAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,MAAM,aAAa,GAAG,GAAG,IAAA,iBAAU,GAAE,oBAAoB,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,eAAe,CAAC;YACpH,OAAO,CAAC,IAAA,wBAAiB,GAAE,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC;SAC/D;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,GAAS,EAAE;QACvB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,eAAe,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1C,MAAM,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;QACvB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;QAE/C,+BAA+B;QAC/B,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC;aACrD;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SAChD;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,oCAAoC,EAAE,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aACpE;SACF;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,IAAA,sBAAgB,EAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE;YACtE,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAA,yBAAkB,EAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE;YAC7D,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,OAAO,QAAQ;YACb,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;YACtD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;;QACxB,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QACtD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;QAChC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;QAC9C,MAAM,WAAW,GAAG,IAAA,wBAAW,EAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACnD,kDAAkD;QAClD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,mCAAI,QAAQ,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,4DAA4D,CAAC;SACpE;QACD,MAAM,IAAI,GAAG,MAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,IAAI,mCAAI,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,0CAAE,IAAI,mCAAI,EAAE,CAAC;QAC5E,MAAM,MAAM,GAAG;YACb,aAAa;YACb,SAAS;YACT,MAAM;YACN,EAAE,EAAE,UAAU;YACd,QAAQ;SACT,CAAC;QACF,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -11,12 +11,15 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
11
11
|
import { PermissionSpec } from "../../types/request";
|
|
12
12
|
import { CliPermissionSpec } from "../../types/ssh";
|
|
13
13
|
import { CommonSshPermissionSpec } from "../ssh/types";
|
|
14
|
-
export type
|
|
14
|
+
export type AwsCredentialFields = {
|
|
15
15
|
AWS_ACCESS_KEY_ID: string;
|
|
16
16
|
AWS_SECRET_ACCESS_KEY: string;
|
|
17
17
|
AWS_SESSION_TOKEN: string;
|
|
18
18
|
AWS_SECURITY_TOKEN: string;
|
|
19
19
|
};
|
|
20
|
+
export type AwsCredentials = AwsCredentialFields & {
|
|
21
|
+
expiresAt?: number;
|
|
22
|
+
};
|
|
20
23
|
export type AwsIamLogin = {
|
|
21
24
|
type: "iam";
|
|
22
25
|
identity: {
|
|
@@ -19,13 +19,29 @@ export declare const provisionTransferRequest: (authn: Authn, args: yargs.Argume
|
|
|
19
19
|
region: string;
|
|
20
20
|
awsSpec: AwsResourcePermissionSpec;
|
|
21
21
|
}>;
|
|
22
|
-
|
|
22
|
+
/**
|
|
23
|
+
* Builds an S3 client whose credentials refresh automatically. A large upload
|
|
24
|
+
* can run longer than the temporary credentials live; passing a provider
|
|
25
|
+
* function (that returns `expiration`) lets the SDK re-fetch fresh credentials
|
|
26
|
+
* mid-upload instead of failing the in-flight parts with ExpiredToken.
|
|
27
|
+
*/
|
|
28
|
+
export declare const createTransferClient: (authn: Authn, target: {
|
|
29
|
+
region: string;
|
|
30
|
+
awsSpec: AwsResourcePermissionSpec;
|
|
31
|
+
}, debug?: boolean) => S3Client;
|
|
32
|
+
/**
|
|
33
|
+
* Signs the GET (download) and DELETE (cleanup) URLs. Call this AFTER the upload
|
|
34
|
+
* completes: the GET window is finite, and signing before a large upload would
|
|
35
|
+
* burn that window while the file is still uploading.
|
|
36
|
+
*
|
|
37
|
+
* Each expiry is capped to the credentials' remaining lifetime so a URL can
|
|
38
|
+
* never outlive the credentials that signed it.
|
|
39
|
+
*/
|
|
40
|
+
export declare const generateTransferUrls: (authn: Authn, s3: S3Client, target: {
|
|
23
41
|
bucket: string;
|
|
24
42
|
key: string;
|
|
25
|
-
region: string;
|
|
26
43
|
awsSpec: AwsResourcePermissionSpec;
|
|
27
44
|
}, debug?: boolean) => Promise<{
|
|
28
|
-
s3: S3Client;
|
|
29
45
|
getUrl: string;
|
|
30
46
|
deleteUrl: string;
|
|
31
47
|
expirySeconds: {
|
|
@@ -9,14 +9,15 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.generateTransferUrls = exports.provisionTransferRequest = void 0;
|
|
12
|
+
exports.generateTransferUrls = exports.createTransferClient = exports.provisionTransferRequest = void 0;
|
|
13
13
|
const request_1 = require("../../commands/shared/request");
|
|
14
14
|
const auth_1 = require("../aws/auth");
|
|
15
15
|
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
16
16
|
const s3_request_presigner_1 = require("@aws-sdk/s3-request-presigner");
|
|
17
17
|
const lodash_1 = require("lodash");
|
|
18
|
-
const
|
|
19
|
-
const
|
|
18
|
+
const SECONDS_TO_EXPIRE_GET_URL = 60 * 60;
|
|
19
|
+
const SECONDS_TO_EXPIRE_DELETE_URL = 60 * 60;
|
|
20
|
+
const MIN_URL_EXPIRY_THRESHOLD_SECONDS = 60;
|
|
20
21
|
const provisionTransferRequest = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
22
|
const response = yield (0, request_1.request)("request")(Object.assign(Object.assign({}, (0, lodash_1.pick)(args, "$0", "_")), { arguments: [
|
|
22
23
|
"file-transfer",
|
|
@@ -40,33 +41,57 @@ const provisionTransferRequest = (authn, args) => __awaiter(void 0, void 0, void
|
|
|
40
41
|
};
|
|
41
42
|
});
|
|
42
43
|
exports.provisionTransferRequest = provisionTransferRequest;
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
credentials
|
|
53
|
-
|
|
44
|
+
/**
|
|
45
|
+
* Builds an S3 client whose credentials refresh automatically. A large upload
|
|
46
|
+
* can run longer than the temporary credentials live; passing a provider
|
|
47
|
+
* function (that returns `expiration`) lets the SDK re-fetch fresh credentials
|
|
48
|
+
* mid-upload instead of failing the in-flight parts with ExpiredToken.
|
|
49
|
+
*/
|
|
50
|
+
const createTransferClient = (authn, target, debug) => new client_s3_1.S3Client({
|
|
51
|
+
region: target.region,
|
|
52
|
+
credentials: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
53
|
+
const credentials = yield (0, auth_1.awsCloudAuth)(authn, target.awsSpec, debug);
|
|
54
|
+
return Object.assign({ accessKeyId: credentials.AWS_ACCESS_KEY_ID, secretAccessKey: credentials.AWS_SECRET_ACCESS_KEY, sessionToken: credentials.AWS_SESSION_TOKEN }, (credentials.expiresAt !== undefined
|
|
55
|
+
? { expiration: new Date(credentials.expiresAt) }
|
|
56
|
+
: {}));
|
|
57
|
+
}),
|
|
58
|
+
});
|
|
59
|
+
exports.createTransferClient = createTransferClient;
|
|
60
|
+
/**
|
|
61
|
+
* Signs the GET (download) and DELETE (cleanup) URLs. Call this AFTER the upload
|
|
62
|
+
* completes: the GET window is finite, and signing before a large upload would
|
|
63
|
+
* burn that window while the file is still uploading.
|
|
64
|
+
*
|
|
65
|
+
* Each expiry is capped to the credentials' remaining lifetime so a URL can
|
|
66
|
+
* never outlive the credentials that signed it.
|
|
67
|
+
*/
|
|
68
|
+
const generateTransferUrls = (authn, s3, target, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
69
|
+
const { expiresAt } = yield (0, auth_1.awsCloudAuth)(authn, target.awsSpec, debug);
|
|
70
|
+
const remaining = expiresAt !== undefined
|
|
71
|
+
? Math.floor((expiresAt - Date.now()) / 1000)
|
|
72
|
+
: Infinity;
|
|
73
|
+
if (remaining < MIN_URL_EXPIRY_THRESHOLD_SECONDS) {
|
|
74
|
+
throw new Error(`AWS credentials expire in ${remaining}s — too soon to sign usable URLs. ` +
|
|
75
|
+
`Check your system clock or re-run the request.`);
|
|
76
|
+
}
|
|
77
|
+
const secondsToExpireGetUrl = Math.min(SECONDS_TO_EXPIRE_GET_URL, remaining);
|
|
78
|
+
const secondsToExpireDeleteUrl = Math.min(SECONDS_TO_EXPIRE_DELETE_URL, remaining);
|
|
54
79
|
const objectArgs = { Bucket: target.bucket, Key: target.key };
|
|
55
80
|
const [getUrl, deleteUrl] = yield Promise.all([
|
|
56
81
|
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.GetObjectCommand(objectArgs), {
|
|
57
|
-
expiresIn:
|
|
82
|
+
expiresIn: secondsToExpireGetUrl,
|
|
58
83
|
}),
|
|
59
84
|
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.DeleteObjectCommand(objectArgs), {
|
|
60
|
-
expiresIn:
|
|
85
|
+
expiresIn: secondsToExpireDeleteUrl,
|
|
61
86
|
}),
|
|
62
87
|
]);
|
|
63
88
|
return {
|
|
64
|
-
s3,
|
|
65
89
|
getUrl,
|
|
66
90
|
deleteUrl,
|
|
91
|
+
// Report the ACTUAL (capped) seconds so debug output is honest.
|
|
67
92
|
expirySeconds: {
|
|
68
|
-
get:
|
|
69
|
-
delete:
|
|
93
|
+
get: secondsToExpireGetUrl,
|
|
94
|
+
delete: secondsToExpireDeleteUrl,
|
|
70
95
|
},
|
|
71
96
|
};
|
|
72
97
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,2DAAwD;AAGxD,sCAA2C;AAG3C,kDAI4B;AAC5B,wEAA6D;AAC7D,mCAA8B;AAG9B,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,2DAAwD;AAGxD,sCAA2C;AAG3C,kDAI4B;AAC5B,wEAA6D;AAC7D,mCAA8B;AAG9B,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,4BAA4B,GAAG,EAAE,GAAG,EAAE,CAAC;AAC7C,MAAM,gCAAgC,GAAG,EAAE,CAAC;AAErC,MAAM,wBAAwB,GAAG,CACtC,KAAY,EACZ,IAAuD,EACvD,EAAE;IACF,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,eAAe;YACf,SAAS;YACT,IAAI,CAAC,WAAW;YAChB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,wCAAwC,CAAC;KAChD;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,yFAAyF,CAAC;KACjG;IAED,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,GAC9C,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAEvC,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,YAAY;QACpB,MAAM,EAAE,YAAY;QACpB,OAAO;KACR,CAAC;AACJ,CAAC,CAAA,CAAC;AAvCW,QAAA,wBAAwB,4BAuCnC;AAEF;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,KAAY,EACZ,MAA8D,EAC9D,KAAe,EACL,EAAE,CACZ,IAAI,oBAAQ,CAAC;IACX,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,WAAW,EAAE,GAAS,EAAE;QACtB,MAAM,WAAW,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrE,uBACE,WAAW,EAAE,WAAW,CAAC,iBAAiB,EAC1C,eAAe,EAAE,WAAW,CAAC,qBAAqB,EAClD,YAAY,EAAE,WAAW,CAAC,iBAAiB,IAIxC,CAAC,WAAW,CAAC,SAAS,KAAK,SAAS;YACrC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;YACjD,CAAC,CAAC,EAAE,CAAC,EACP;IACJ,CAAC,CAAA;CACF,CAAC,CAAC;AArBQ,QAAA,oBAAoB,wBAqB5B;AAEL;;;;;;;GAOG;AACI,MAAM,oBAAoB,GAAG,CAClC,KAAY,EACZ,EAAY,EACZ,MAA2E,EAC3E,KAAe,EAKd,EAAE;IACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,MAAM,SAAS,GACb,SAAS,KAAK,SAAS;QACrB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;QAC7C,CAAC,CAAC,QAAQ,CAAC;IACf,IAAI,SAAS,GAAG,gCAAgC,EAAE;QAChD,MAAM,IAAI,KAAK,CACb,6BAA6B,SAAS,oCAAoC;YACxE,gDAAgD,CACnD,CAAC;KACH;IACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC;IAC7E,MAAM,wBAAwB,GAAG,IAAI,CAAC,GAAG,CACvC,4BAA4B,EAC5B,SAAS,CACV,CAAC;IAEF,MAAM,UAAU,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;IAC9D,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,4BAAgB,CAAC,UAAU,CAAC,EAAE;YACjD,SAAS,EAAE,qBAAqB;SACjC,CAAC;QACF,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,+BAAmB,CAAC,UAAU,CAAC,EAAE;YACpD,SAAS,EAAE,wBAAwB;SACpC,CAAC;KACH,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,SAAS;QACT,gEAAgE;QAChE,aAAa,EAAE;YACb,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,wBAAwB;SACjC;KACF,CAAC;AACJ,CAAC,CAAA,CAAC;AA9CW,QAAA,oBAAoB,wBA8C/B"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.ensureGcloudLogin = exports.getGcloudAccessToken = void 0;
|
|
13
|
+
/** Copyright © 2024-present P0 Security
|
|
14
|
+
|
|
15
|
+
This file is part of @p0security/cli
|
|
16
|
+
|
|
17
|
+
@p0security/cli is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
|
|
18
|
+
|
|
19
|
+
@p0security/cli is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
20
|
+
|
|
21
|
+
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
22
|
+
**/
|
|
23
|
+
const subprocess_1 = require("../../common/subprocess");
|
|
24
|
+
const stdio_1 = require("../../drivers/stdio");
|
|
25
|
+
const util_1 = require("../../util");
|
|
26
|
+
const util_2 = require("./util");
|
|
27
|
+
const getGcloudAccessToken = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
28
|
+
const { command, args } = (0, util_2.gcloudCommandArgs)(["auth", "print-access-token"]);
|
|
29
|
+
// Force debug=false otherwise it prints the access token
|
|
30
|
+
return yield (0, subprocess_1.asyncSpawn)({ debug: false }, command, args);
|
|
31
|
+
});
|
|
32
|
+
exports.getGcloudAccessToken = getGcloudAccessToken;
|
|
33
|
+
const runGcloudLogin = ({ debug }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
34
|
+
return new Promise((resolve, reject) => {
|
|
35
|
+
(0, stdio_1.print2)("Logging in to Google Cloud CLI...");
|
|
36
|
+
const { command, args } = (0, util_2.gcloudCommandArgs)(["auth", "login"]);
|
|
37
|
+
const child = (0, util_1.spawnWithCleanEnv)(command, args, {
|
|
38
|
+
// stdio is [stdin, stdout, stderr]. We send the child's stdout to OUR
|
|
39
|
+
// stderr instead of inheriting fd 1: `gcloud auth login` writes its
|
|
40
|
+
// human-readable progress to stdout, but this CLI reserves fd 1 for
|
|
41
|
+
// machine-readable output (e.g. access tokens, JSON) that callers parse.
|
|
42
|
+
// Inheriting the child's stdout would interleave gcloud's chatter into
|
|
43
|
+
// that stream and corrupt it, so we redirect it to stderr — where
|
|
44
|
+
// human-facing text belongs.
|
|
45
|
+
stdio: ["inherit", process.stderr, "inherit"],
|
|
46
|
+
});
|
|
47
|
+
child.on("error", (error) => reject(`Failed to run 'gcloud auth login': ${error.message}`));
|
|
48
|
+
child.on("exit", (code) => {
|
|
49
|
+
if (debug) {
|
|
50
|
+
(0, stdio_1.print2)(`'gcloud auth login' exited with code ${code}`);
|
|
51
|
+
}
|
|
52
|
+
if (code === 0) {
|
|
53
|
+
resolve();
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
reject("Google Cloud CLI login failed. Please run 'gcloud auth login' and try again.");
|
|
57
|
+
}
|
|
58
|
+
});
|
|
59
|
+
});
|
|
60
|
+
});
|
|
61
|
+
const ensureGcloudLogin = ({ debug, } = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
62
|
+
try {
|
|
63
|
+
const accessToken = yield (0, exports.getGcloudAccessToken)();
|
|
64
|
+
if (debug) {
|
|
65
|
+
(0, stdio_1.print2)("Google Cloud CLI credentials are valid; skipping login.");
|
|
66
|
+
}
|
|
67
|
+
return accessToken;
|
|
68
|
+
}
|
|
69
|
+
catch (_a) {
|
|
70
|
+
yield runGcloudLogin({ debug });
|
|
71
|
+
return yield (0, exports.getGcloudAccessToken)();
|
|
72
|
+
}
|
|
73
|
+
});
|
|
74
|
+
exports.ensureGcloudLogin = ensureGcloudLogin;
|
|
75
|
+
//# sourceMappingURL=auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../../src/plugins/google/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wDAAqD;AACrD,+CAA6C;AAC7C,qCAA+C;AAC/C,iCAA2C;AAEpC,MAAM,oBAAoB,GAAG,GAA0B,EAAE;IAC9D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAiB,EAAC,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAC;IAC5E,yDAAyD;IACzD,OAAO,MAAM,IAAA,uBAAU,EAAC,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC3D,CAAC,CAAA,CAAC;AAJW,QAAA,oBAAoB,wBAI/B;AAEF,MAAM,cAAc,GAAG,CAAO,EAAE,KAAK,EAAuB,EAAE,EAAE;IAC9D,OAAA,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACpC,IAAA,cAAM,EAAC,mCAAmC,CAAC,CAAC;QAC5C,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAiB,EAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,IAAA,wBAAiB,EAAC,OAAO,EAAE,IAAI,EAAE;YAC7C,sEAAsE;YACtE,oEAAoE;YACpE,oEAAoE;YACpE,yEAAyE;YACzE,uEAAuE;YACvE,kEAAkE;YAClE,6BAA6B;YAC7B,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;SAC9C,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAC1B,MAAM,CAAC,sCAAsC,KAAK,CAAC,OAAO,EAAE,CAAC,CAC9D,CAAC;QACF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,KAAK,EAAE;gBACT,IAAA,cAAM,EAAC,wCAAwC,IAAI,EAAE,CAAC,CAAC;aACxD;YACD,IAAI,IAAI,KAAK,CAAC,EAAE;gBACd,OAAO,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,CACJ,8EAA8E,CAC/E,CAAC;aACH;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAA;EAAA,CAAC;AAEE,MAAM,iBAAiB,GAAG,CAAO,EACtC,KAAK,MACkB,EAAE,EAAmB,EAAE;IAC9C,IAAI;QACF,MAAM,WAAW,GAAG,MAAM,IAAA,4BAAoB,GAAE,CAAC;QACjD,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,yDAAyD,CAAC,CAAC;SACnE;QACD,OAAO,WAAW,CAAC;KACpB;IAAC,WAAM;QACN,MAAM,cAAc,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAChC,OAAO,MAAM,IAAA,4BAAoB,GAAE,CAAC;KACrC;AACH,CAAC,CAAA,CAAC;AAbW,QAAA,iBAAiB,qBAa5B"}
|
|
@@ -22,6 +22,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
22
22
|
**/
|
|
23
23
|
const subprocess_1 = require("../../common/subprocess");
|
|
24
24
|
const stdio_1 = require("../../drivers/stdio");
|
|
25
|
+
const auth_1 = require("./auth");
|
|
25
26
|
const util_1 = require("./util");
|
|
26
27
|
/**
|
|
27
28
|
* Adds an ssh public key to the user object's sshPublicKeys array in Google Workspace.
|
|
@@ -37,9 +38,12 @@ const util_1 = require("./util");
|
|
|
37
38
|
const importSshKey = (publicKey, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
38
39
|
var _a;
|
|
39
40
|
const debug = (_a = options === null || options === void 0 ? void 0 : options.debug) !== null && _a !== void 0 ? _a : false;
|
|
40
|
-
//
|
|
41
|
-
|
|
42
|
-
|
|
41
|
+
// Ensure the user is logged in to the Google Cloud CLI and return a valid
|
|
42
|
+
// access token. This is the earliest point a gcloud token is required in the
|
|
43
|
+
// direct `p0 ssh` and `ssh-resolve` flows (before the cloudProviderLogin hook
|
|
44
|
+
// runs), so the login must happen here. `gcloud auth login` runs only when
|
|
45
|
+
// the existing token is invalid.
|
|
46
|
+
const accessToken = yield (0, auth_1.ensureGcloudLogin)({ debug });
|
|
43
47
|
const { command: accountCommand, args: accountArgs } = (0, util_1.gcloudCommandArgs)([
|
|
44
48
|
"config",
|
|
45
49
|
"get-value",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh-key.js","sourceRoot":"","sources":["../../../../src/plugins/google/ssh-key.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wDAAqD;AACrD,+CAA6C;
|
|
1
|
+
{"version":3,"file":"ssh-key.js","sourceRoot":"","sources":["../../../../src/plugins/google/ssh-key.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wDAAqD;AACrD,+CAA6C;AAC7C,iCAA2C;AAE3C,iCAA2C;AAE3C;;;;;;;;;;GAUG;AACI,MAAM,YAAY,GAAG,CAC1B,SAAiB,EACjB,OAA6B,EAC7B,EAAE;;IACF,MAAM,KAAK,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,mCAAI,KAAK,CAAC;IAEtC,0EAA0E;IAC1E,6EAA6E;IAC7E,8EAA8E;IAC9E,2EAA2E;IAC3E,iCAAiC;IACjC,MAAM,WAAW,GAAG,MAAM,IAAA,wBAAiB,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEvD,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,wBAAiB,EAAC;QACvE,QAAQ;QACR,WAAW;QACX,SAAS;KACV,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAU,EAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;IAEzE,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EACJ,0BAA0B,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,OAAO,EAAE,CAC/E,CAAC;QACF,IAAA,cAAM,EACJ,yBAAyB,SAAS,IAAI,WAAW,gBAAgB,OAAO,EAAE,CAC3E,CAAC;KACH;IAED,IAAI,CAAC,SAAS,EAAE;QACd,MAAM,wCAAwC,CAAC;KAChD;IAED,MAAM,GAAG,GAAG,2CAA2C,OAAO,qBAAqB,CAAC;IACpF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,GAAG,EAAE,SAAS;SACf,CAAC;QACF,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,cAAc,QAAQ,CAAC,MAAM,KAAK,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;SACnE;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3B,MAAM,kFAAkF,CAAC;SAC1F;aAAM;YACL,MAAM,kCAAkC,CAAC;SAC1C;KACF;IAED,MAAM,IAAI,GAA+B,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/D,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EACJ,sDAAsD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAC7E,CAAC;KACH;IAED,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;IAE9B,yEAAyE;IACzE,MAAM,aAAa,GAAG,YAAY,CAAC,aAAa,CAAC,MAAM,CACrD,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,mBAAmB,KAAK,OAAO,CACrD,CAAC;IAEF,MAAM,YAAY,GAChB,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;QAChD,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAEhC,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,2BAA2B,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,QAAQ,EAAE,CAAC,CAAC;KAC7D;IAED,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,2HAA2H,CAAC;KACnI;IAED,OAAO,YAAY,CAAC,QAAQ,CAAC;AAC/B,CAAC,CAAA,CAAC;AApFW,QAAA,YAAY,gBAoFvB"}
|
|
@@ -22,6 +22,7 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
22
22
|
**/
|
|
23
23
|
const ssh_1 = require("../../commands/shared/ssh");
|
|
24
24
|
const keys_1 = require("../../common/keys");
|
|
25
|
+
const auth_1 = require("./auth");
|
|
25
26
|
const install_1 = require("./install");
|
|
26
27
|
const ssh_key_1 = require("./ssh-key");
|
|
27
28
|
const util_1 = require("./util");
|
|
@@ -60,8 +61,10 @@ const unprovisionedAccessPatterns = [
|
|
|
60
61
|
{ pattern: /Error while connecting \[4010: 'destination read failed'\]/ },
|
|
61
62
|
];
|
|
62
63
|
exports.gcpSshProvider = {
|
|
63
|
-
|
|
64
|
-
|
|
64
|
+
cloudProviderLogin: (_authn, _request, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
65
|
+
yield (0, auth_1.ensureGcloudLogin)({ debug });
|
|
66
|
+
return undefined;
|
|
67
|
+
}),
|
|
65
68
|
ensureInstall: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
66
69
|
if (!(yield (0, install_1.ensureGcpSshInstall)())) {
|
|
67
70
|
throw "Please try again after installing the required GCP utilities";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAC1D,4CAAqD;AAErD,uCAAgD;AAChD,uCAAyC;AAEzC,iCAA2C;AAE3C,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/google/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,mDAA0D;AAC1D,4CAAqD;AAErD,iCAA2C;AAC3C,uCAAgD;AAChD,uCAAyC;AAEzC,iCAA2C;AAE3C,oGAAoG;AACpG,MAAM,4BAA4B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,iCAAiC,EAAE;IAC9C;QACE,mEAAmE;QACnE,OAAO,EAAE,uCAAuC;KACjD;IACD,EAAE,OAAO,EAAE,mDAAmD,EAAE;IAChE;QACE,OAAO,EAAE,+CAA+C;QACxD,kBAAkB,EAAE,IAAI;KACzB;IACD,EAAE,OAAO,EAAE,4DAA4D,EAAE;CACjE,CAAC;AAEE,QAAA,cAAc,GAIvB;IACF,kBAAkB,EAAE,CAAO,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;QACpD,MAAM,IAAA,wBAAiB,EAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC,CAAA;IAED,aAAa,EAAE,GAAS,EAAE;QACxB,IAAI,CAAC,CAAC,MAAM,IAAA,6BAAmB,GAAE,CAAC,EAAE;YAClC,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,cAAc;IAE5B,oBAAoB,EAClB,2DAA2D;IAE7D,oBAAoB,EAAE,sDAAsD;IAE5E,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,CAAC,OAAO,EAAE,EAAE;QACxC,IAAI,IAAA,mBAAa,EAAC,OAAO,CAAC,EAAE;YAC1B,uCACK,OAAO;gBACV,6GAA6G;gBAC7G,6HAA6H;gBAC7H,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,CAAC,IAAI,CAAC,IACjB;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,CAAO,MAAM,EAAE,OAAO,EAAE,EAAE;QACtC,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,aAAa;YAC/B,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAiB,EAAC;YAC1C,SAAS;YACT,kBAAkB;YAClB,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YAClB,kEAAkE;YAClE,oGAAoG;YACpG,oEAAoE;YACpE,kDAAkD;YAClD,mBAAmB;YACnB,UAAU,OAAO,CAAC,IAAI,EAAE;YACxB,aAAa,OAAO,CAAC,SAAS,EAAE;SACjC,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,aAAa,EAAE,GAAG,EAAE,CAAC,SAAS;IAE9B,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;QACxB,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY;YAC5C,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS;YAChD,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC7B,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,aAAa;YACjD,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;IAED,2BAA2B;IAE3B,YAAY,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAAC,OAAA,iCACrC,OAAO,KACV,YAAY,EAAE;gBACZ,aAAa,EAAE,MAAM,IAAA,sBAAY,EAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;aAC9D,IACD,CAAA;MAAA;CACH,CAAC"}
|
|
@@ -8,6 +8,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __rest = (this && this.__rest) || function (s, e) {
|
|
12
|
+
var t = {};
|
|
13
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
|
|
14
|
+
t[p] = s[p];
|
|
15
|
+
if (s != null && typeof Object.getOwnPropertySymbols === "function")
|
|
16
|
+
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
|
|
17
|
+
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
|
|
18
|
+
t[p[i]] = s[p[i]];
|
|
19
|
+
}
|
|
20
|
+
return t;
|
|
21
|
+
};
|
|
11
22
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
23
|
exports.sshProxy = exports.sshOrScp = void 0;
|
|
13
24
|
/** Copyright © 2024-present P0 Security
|
|
@@ -131,7 +142,7 @@ const parseAndPrintSshOutputToStderr = (chunkString, options) => {
|
|
|
131
142
|
function spawnSshNode(options) {
|
|
132
143
|
return __awaiter(this, void 0, void 0, function* () {
|
|
133
144
|
return new Promise((resolve, reject) => {
|
|
134
|
-
var _a;
|
|
145
|
+
var _a, _b;
|
|
135
146
|
const provider = ssh_1.SSH_PROVIDERS[options.provider];
|
|
136
147
|
if (options.debug) {
|
|
137
148
|
const gerund = options.isAccessPropagationPreTest
|
|
@@ -140,8 +151,10 @@ function spawnSshNode(options) {
|
|
|
140
151
|
const remaining = ((options.endTime - Date.now()) / 1e3).toFixed(1);
|
|
141
152
|
(0, stdio_1.print2)(`Waiting for access to propagate. ${gerund} SSH session... (will wait up to ${remaining} seconds)`);
|
|
142
153
|
}
|
|
154
|
+
// `expiresAt` is metadata, not an env var, so exclude it from the child env.
|
|
155
|
+
const _c = (_a = options.credential) !== null && _a !== void 0 ? _a : {}, { expiresAt: _expiresAt } = _c, credentialEnv = __rest(_c, ["expiresAt"]);
|
|
143
156
|
const child = (0, node_child_process_1.spawn)(options.command, options.args, {
|
|
144
|
-
env: Object.assign(Object.assign({}, (0, util_1.createCleanChildEnv)()),
|
|
157
|
+
env: Object.assign(Object.assign({}, (0, util_1.createCleanChildEnv)()), credentialEnv),
|
|
145
158
|
stdio: options.stdio,
|
|
146
159
|
shell: false,
|
|
147
160
|
});
|
|
@@ -166,7 +179,7 @@ function spawnSshNode(options) {
|
|
|
166
179
|
? provider.provisionedAccessPatterns
|
|
167
180
|
: undefined, provider.loginRequiredPattern, child, options);
|
|
168
181
|
const onAbort = () => { var _a, _b; return reject((_b = (_a = options.abortController) === null || _a === void 0 ? void 0 : _a.signal.reason) !== null && _b !== void 0 ? _b : "SSH session aborted"); };
|
|
169
|
-
(
|
|
182
|
+
(_b = options.abortController) === null || _b === void 0 ? void 0 : _b.signal.addEventListener("abort", onAbort);
|
|
170
183
|
const cleanupAllListeners = () => {
|
|
171
184
|
var _a;
|
|
172
185
|
// Remove process signal handlers
|
|
@@ -464,7 +477,7 @@ exports.sshOrScp = sshOrScp;
|
|
|
464
477
|
const sshProxy = (args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
465
478
|
var _c, _d;
|
|
466
479
|
const { authn, sshProvider, request, requestId, debug } = args;
|
|
467
|
-
const credential = yield sshProvider.cloudProviderLogin(authn, request);
|
|
480
|
+
const credential = yield sshProvider.cloudProviderLogin(authn, request, debug);
|
|
468
481
|
const abortController = new AbortController();
|
|
469
482
|
const setupData = yield ((_c = sshProvider.setupProxy) === null || _c === void 0 ? void 0 : _c.call(sshProvider, request, {
|
|
470
483
|
debug,
|