@p0security/cli 0.27.1 → 0.27.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/dist/commands/aws/rds.js +12 -8
- package/build/dist/commands/aws/rds.js.map +1 -1
- package/build/dist/commands/aws/util.js +6 -4
- package/build/dist/commands/aws/util.js.map +1 -1
- package/build/dist/commands/file-transfer.js +10 -7
- package/build/dist/commands/file-transfer.js.map +1 -1
- package/build/dist/commands/login.js +2 -3
- package/build/dist/commands/login.js.map +1 -1
- package/build/dist/commands/logout.js +4 -3
- package/build/dist/commands/logout.js.map +1 -1
- package/build/dist/drivers/auth/index.d.ts +1 -3
- package/build/dist/drivers/auth/index.js +2 -44
- package/build/dist/drivers/auth/index.js.map +1 -1
- package/build/dist/plugins/aws/assumeRole.js +7 -0
- package/build/dist/plugins/aws/assumeRole.js.map +1 -1
- package/build/dist/plugins/aws/ssh.js +2 -3
- package/build/dist/plugins/aws/ssh.js.map +1 -1
- package/build/dist/plugins/aws/types.d.ts +4 -1
- package/build/dist/plugins/file-transfer/index.d.ts +19 -3
- package/build/dist/plugins/file-transfer/index.js +44 -19
- package/build/dist/plugins/file-transfer/index.js.map +1 -1
- package/build/dist/plugins/login.d.ts +1 -3
- package/build/dist/plugins/login.js +2 -2
- package/build/dist/plugins/login.js.map +1 -1
- package/build/dist/plugins/okta/login.d.ts +2 -10
- package/build/dist/plugins/okta/login.js +12 -38
- package/build/dist/plugins/okta/login.js.map +1 -1
- package/build/dist/plugins/ssh/index.js +16 -3
- package/build/dist/plugins/ssh/index.js.map +1 -1
- package/build/dist/util.d.ts +28 -0
- package/build/dist/util.js +31 -1
- package/build/dist/util.js.map +1 -1
- package/build/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -3
- package/build/dist/drivers/auth/lock.d.ts +0 -11
- package/build/dist/drivers/auth/lock.js +0 -70
- package/build/dist/drivers/auth/lock.js.map +0 -1
- package/build/dist/drivers/auth/refresh.d.ts +0 -31
- package/build/dist/drivers/auth/refresh.js +0 -130
- package/build/dist/drivers/auth/refresh.js.map +0 -1
|
@@ -139,12 +139,16 @@ const rdsGenerateDbAuthToken = (argv, authn) => __awaiter(void 0, void 0, void 0
|
|
|
139
139
|
];
|
|
140
140
|
const { command, args } = (0, util_1.osSafeCommand)("aws", generateTokenArgs);
|
|
141
141
|
const result = yield (0, util_1.exec)(command, args, { check: true });
|
|
142
|
-
const
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
const
|
|
146
|
-
|
|
147
|
-
|
|
142
|
+
const formatter = (0, util_1.newShellFormatter)();
|
|
143
|
+
const password = result.stdout.trim();
|
|
144
|
+
const rdsHostRef = formatter.formatEnvReference("RDS_HOST");
|
|
145
|
+
const rdsCaRef = formatter.formatEnvReference("RDS_SSL_CA");
|
|
146
|
+
const pgInstructions = `${formatter.formatEnvAssignment("PGPASSWORD", password, { quote: true })}
|
|
147
|
+
|
|
148
|
+
psql "host=${rdsHostRef} port=${port} sslmode=verify-full sslrootcert=${rdsCaRef} ${database ? `dbname=${database} ` : ""}user=${userName}"`;
|
|
149
|
+
const mysqlInstructions = `${formatter.formatEnvAssignment("MYSQL_PWD", password, { quote: true })}
|
|
150
|
+
|
|
151
|
+
mysql -h ${rdsHostRef} --ssl-ca=${rdsCaRef} --ssl-verify-server-cert -P ${port} -u ${userName} ${database}`;
|
|
148
152
|
(0, stdio_1.print2)(result.stderr);
|
|
149
153
|
(0, stdio_1.print2)(`Access your database by exporting the result of this command and executing psql in an environment with network access to the instance.
|
|
150
154
|
|
|
@@ -154,8 +158,8 @@ If you are executing from CloudShell this will be done for you already, and the
|
|
|
154
158
|
|
|
155
159
|
On CloudShell, you can execute:
|
|
156
160
|
|
|
157
|
-
|
|
158
|
-
|
|
161
|
+
${formatter.formatEnvAssignment("RDS_SSL_CA", "/certs/global-bundle.pem", { quote: true })}
|
|
162
|
+
${formatter.formatEnvAssignment("RDS_HOST", dbConfig.hostname, { quote: true })}
|
|
159
163
|
${argv.arch === "mysql" ? mysqlInstructions : argv.arch === "postgres" ? pgInstructions : (0, util_1.throwAssertNever)(argv.arch)}
|
|
160
164
|
|
|
161
165
|
`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../src/commands/aws/rds.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAA2D;AAC3D,+CAAqD;AACrD,iDAAsD;AACtD,mDAAmD;AAEnD,uDAAqD;AAGrD,
|
|
1
|
+
{"version":3,"file":"rds.js","sourceRoot":"","sources":["../../../../src/commands/aws/rds.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAA2D;AAC3D,+CAAqD;AACrD,iDAAsD;AACtD,mDAAmD;AAEnD,uDAAqD;AAGrD,qCAKoB;AACpB,sCAAkD;AAClD,+CAA4C;AAC5C,mCAAyE;AACzE,2CAAiC;AAoBjC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,UAAU,CAAU,CAAC;AAY/C,MAAM,GAAG,GAAG,CACjB,KAAkD,EAClD,KAAY,EACZ,EAAE,CACF,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,uBAAuB,EAAE,CAAC,KAAK,EAAE,EAAE,CACtD,KAAK;IACH,+DAA+D;IAC/D,oEAAoE;IACpE,0CAA0C;KACzC,aAAa,CAAC,CAAC,CAAC;KAChB,OAAO,CACN,wBAAwB,EACxB,+CAA+C,EAC/C,CAAC,CAA8C,EAAE,EAAE,CACjD,CAAC;KACE,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,cAAc;IACvB,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,gDAAgD;CAC3D,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,wBAAwB;CACnC,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,oBAAoB;CAC/B,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC;AACN,oCAAoC;AACpC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,KAAK,CAAC,CAC9C,CACJ,CAAC;AAzCS,QAAA,GAAG,OAyCZ;AAEJ,MAAM,gBAAgB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;IAC7D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC;IAE9B,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,CAGvC;QACE,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,CAAC,EAAE,EAAE;QACL,SAAS,EAAE;YACT,WAAW;YACX,MAAM;YACN,IAAI,CAAC,IAAI;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD;QACD,IAAI,EAAE,IAAI;KACX,EACD,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,uCAAuC,CAAC;KAC/C;IAED,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAC;IAErC,MAAM,IAAI,GAAG,MAAM,IAAA,8BAAqB,EAAC,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI,EAAE;QACT,gBAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACb;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,WAAW,GAAG,CAClB,IAAa,EACb,MAAwB,EACxB,KAAY,EACZ,EAAE;;IACF,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAsB,EAC1C,KAAK,EACL,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,CACX,CAAC;IACF,MAAM,MAAM,GAAG,MAAA,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,0CAAG,UAAU,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,EAAE;QAC3C,MAAM,uBAAuB,UAAU,EAAE,CAAC;KAC3C;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAA,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAAO,IAAa,EAAE,KAAY,EAAE,EAAE;;IACnE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAEnD,MAAM,cAAc,GAAG,IAAA,wBAAW,EAAC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACjE,MAAM,aAAa,GAAG,IAAA,wBAAW,EAAC,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IACrE,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,0BAA0B,MAAM,CAAC,UAAU,CAAC,UAAU,yBAAyB,CAAC;KACvF;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACxD,MAAM,IAAI,GACR,MAAA,QAAQ,CAAC,IAAI,mCACb,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;QACpB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU;YACxB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAA,IAAI,CAAC,QAAQ,mCAAI,QAAQ,CAAC,SAAS,CAAC;IAErD,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC;IAEhD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,gBAAQ,EAAC,UAAU,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,+CAA+C,CAAC;KACvD;IAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEzE,MAAM,IAAA,+BAAuB,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,IAAA,6BAAqB,EAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAErD,MAAM,iBAAiB,GAAG;QACxB,KAAK;QACL,wBAAwB;QACxB,YAAY;QACZ,QAAQ,CAAC,QAAQ;QACjB,QAAQ;QACR,IAAI;QACJ,UAAU;QACV,MAAM;QACN,YAAY;QACZ,QAAQ;QACR,WAAW;QACX,WAAW;KACZ,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,IAAA,oBAAa,EAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;IAElE,MAAM,MAAM,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAE1D,MAAM,SAAS,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,SAAS,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,SAAS,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAE5D,MAAM,cAAc,GAAG,GAAG,SAAS,CAAC,mBAAmB,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;;eAEnF,UAAU,SAAS,IAAI,oCAAoC,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC,UAAU,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,QAAQ,GAAG,CAAC;IAE7I,MAAM,iBAAiB,GAAG,GAAG,SAAS,CAAC,mBAAmB,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;;aAEvF,UAAU,aAAa,QAAQ,gCAAgC,IAAI,OAAO,QAAQ,IAAI,QAAQ,EAAE,CAAC;IAE5G,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACtB,IAAA,cAAM,EAAC;;;;;;;;IAQL,SAAS,CAAC,mBAAmB,CAAC,YAAY,EAAE,0BAA0B,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACxF,SAAS,CAAC,mBAAmB,CAAC,UAAU,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC7E,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAA,uBAAgB,EAAC,IAAI,CAAC,IAAI,CAAC;;CAEtH,CAAC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE;QAClD,IAAA,cAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;KACvB;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI;QAAE,gBAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAClD,CAAC,CAAA,CAAC"}
|
|
@@ -12,6 +12,7 @@ This file is part of @p0security/cli
|
|
|
12
12
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
13
13
|
**/
|
|
14
14
|
const stdio_1 = require("../../drivers/stdio");
|
|
15
|
+
const util_1 = require("../../util");
|
|
15
16
|
const typescript_1 = require("typescript");
|
|
16
17
|
const CREDENTIAL_FIELDS = [
|
|
17
18
|
"AWS_ACCESS_KEY_ID",
|
|
@@ -23,19 +24,20 @@ const printAwsCredentials = (awsCredentials, command) => {
|
|
|
23
24
|
var _a;
|
|
24
25
|
const isTty = (_a = typescript_1.sys.writeOutputIsTTY) === null || _a === void 0 ? void 0 : _a.call(typescript_1.sys);
|
|
25
26
|
const indent = isTty ? " " : "";
|
|
27
|
+
const formatter = (0, util_1.newShellFormatter)();
|
|
26
28
|
if (isTty)
|
|
27
29
|
(0, stdio_1.print2)("Execute the following commands:\n");
|
|
28
30
|
for (const key of CREDENTIAL_FIELDS) {
|
|
29
31
|
const value = awsCredentials[key];
|
|
30
32
|
if (value) {
|
|
31
|
-
(0, stdio_1.print1)(`${indent}
|
|
33
|
+
(0, stdio_1.print1)(`${indent}${formatter.formatEnvAssignment(key, value)}`);
|
|
32
34
|
}
|
|
33
35
|
}
|
|
34
36
|
if (isTty) {
|
|
35
37
|
(0, stdio_1.print2)(`
|
|
36
|
-
Or, populate these environment variables
|
|
37
|
-
|
|
38
|
-
$(
|
|
38
|
+
Or, populate these environment variables by evaluating the output of this command:
|
|
39
|
+
|
|
40
|
+
${formatter.formatEvalCommand(command)} `);
|
|
39
41
|
}
|
|
40
42
|
};
|
|
41
43
|
exports.printAwsCredentials = printAwsCredentials;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/commands/aws/util.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,+CAAqD;AAErD,2CAAiC;AAEjC,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../../src/commands/aws/util.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;GASG;AACH,+CAAqD;AAErD,qCAA+C;AAC/C,2CAAiC;AAEjC,MAAM,iBAAiB,GAAkC;IACvD,mBAAmB;IACnB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEK,MAAM,mBAAmB,GAAG,CACjC,cAA8B,EAC9B,OAAe,EACf,EAAE;;IACF,MAAM,KAAK,GAAG,MAAA,gBAAG,CAAC,gBAAgB,gEAAI,CAAC;IACvC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAA,wBAAiB,GAAE,CAAC;IAEtC,IAAI,KAAK;QAAE,IAAA,cAAM,EAAC,mCAAmC,CAAC,CAAC;IAEvD,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE;QACnC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,GAAG,MAAM,GAAG,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;SACjE;KACF;IAED,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC;;;IAGP,SAAS,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;KAC1C;AACH,CAAC,CAAC;AAvBW,QAAA,mBAAmB,uBAuB9B"}
|
|
@@ -28,6 +28,7 @@ const file_transfer_1 = require("../plugins/file-transfer");
|
|
|
28
28
|
const lib_storage_1 = require("@aws-sdk/lib-storage");
|
|
29
29
|
const fs_1 = require("fs");
|
|
30
30
|
const node_path_1 = require("node:path");
|
|
31
|
+
const renderDurationSec = (s) => s >= 3600 ? `${Math.round(s / 3600)}h` : `${Math.round(s / 60)}m`;
|
|
31
32
|
const fileTransferCommand = (yargs) => yargs.command("file-transfer <source> <destination>", "Transfer a local file to a remote instance via a temporary S3 bucket.", (yargs) => yargs
|
|
32
33
|
.positional("source", {
|
|
33
34
|
type: "string",
|
|
@@ -73,13 +74,7 @@ const fileTransferAction = (args) => __awaiter(void 0, void 0, void 0, function*
|
|
|
73
74
|
// local file's basename so the S3 object preserves the original filename.
|
|
74
75
|
const uploadKey = `${target.prefix}${(0, node_path_1.basename)(args.source)}`;
|
|
75
76
|
(0, stdio_1.print2)("Preparing upload credentials...");
|
|
76
|
-
const
|
|
77
|
-
const renderDurationSec = (s) => s >= 3600 ? `${Math.round(s / 3600)}h` : `${Math.round(s / 60)}m`;
|
|
78
|
-
// TODO: remove logging when we remove the launchdarkly file-transfer flag
|
|
79
|
-
if (args.debug) {
|
|
80
|
-
(0, stdio_1.print2)(`GET (${renderDurationSec(expirySeconds.get)}): ${getUrl}`);
|
|
81
|
-
(0, stdio_1.print2)(`DELETE (${renderDurationSec(expirySeconds.delete)}): ${deleteUrl}`);
|
|
82
|
-
}
|
|
77
|
+
const s3 = (0, file_transfer_1.createTransferClient)(authn, target, args.debug);
|
|
83
78
|
(0, stdio_1.print2)(`Uploading ${args.source}...`);
|
|
84
79
|
// The backend grants the AWS role permission to write to our prefix, but
|
|
85
80
|
// IAM has eventual consistency — the policy can take several seconds to
|
|
@@ -123,6 +118,14 @@ const fileTransferAction = (args) => __awaiter(void 0, void 0, void 0, function*
|
|
|
123
118
|
throw `Upload failed: ${message}`;
|
|
124
119
|
}
|
|
125
120
|
(0, stdio_1.print2)("Uploaded.");
|
|
121
|
+
// Sign the download/cleanup URLs only now that the file is uploaded — the
|
|
122
|
+
// GET window is finite, so we don't want it ticking during the upload.
|
|
123
|
+
const { getUrl, deleteUrl, expirySeconds } = yield (0, file_transfer_1.generateTransferUrls)(authn, s3, { bucket: target.bucket, key: uploadKey, awsSpec: target.awsSpec }, args.debug);
|
|
124
|
+
// TODO: remove logging when we remove the launchdarkly file-transfer flag
|
|
125
|
+
if (args.debug) {
|
|
126
|
+
(0, stdio_1.print2)(`GET (${renderDurationSec(expirySeconds.get)}): ${getUrl}`);
|
|
127
|
+
(0, stdio_1.print2)(`DELETE (${renderDurationSec(expirySeconds.delete)}): ${deleteUrl}`);
|
|
128
|
+
}
|
|
126
129
|
}), {
|
|
127
130
|
command: "file-transfer",
|
|
128
131
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file-transfer.js","sourceRoot":"","sources":["../../../src/commands/file-transfer.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA+C;AAC/C,4CAA0C;AAC1C,gEAA0D;AAC1D,
|
|
1
|
+
{"version":3,"file":"file-transfer.js","sourceRoot":"","sources":["../../../src/commands/file-transfer.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,2CAAiD;AACjD,0CAA+C;AAC/C,4CAA0C;AAC1C,gEAA0D;AAC1D,4DAIkC;AAClC,sDAA8C;AAC9C,2BAAgD;AAChD,yCAAqC;AAUrC,MAAM,iBAAiB,GAAG,CAAC,CAAS,EAAE,EAAE,CACtC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC;AAE7D,MAAM,mBAAmB,GAAG,CAAC,KAAiB,EAAE,EAAE,CACvD,KAAK,CAAC,OAAO,CACX,sCAAsC,EACtC,uEAAuE,EACvE,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,QAAQ,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,iBAAiB;CAC/B,CAAC;KACD,UAAU,CAAC,aAAa,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,WAAW,EAAE,yCAAyC;CACvD,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,yBAAyB;CACpC,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,iDAAiD;CAC5D,CAAC,EACN,kBAAkB,CACnB,CAAC;AAzBS,QAAA,mBAAmB,uBAyB5B;AAEJ,MAAM,kBAAkB,GAAG,CACzB,IAAuD,EACvD,EAAE;IACF,MAAM,IAAA,wBAAS,EACb,uBAAuB,EACvB,CAAO,IAAI,EAAE,EAAE;QACb,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAEnD,4EAA4E;QAC5E,6EAA6E;QAC7E,oDAAoD;QACpD,IAAI,WAAW,CAAC;QAChB,IAAI;YACF,WAAW,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,MAAM,CAAC,CAAC;SACrC;QAAC,WAAM;YACN,MAAM,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC;SAC/C;QACD,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE;YACzB,MAAM,sCAAsC,IAAI,CAAC,MAAM,EAAE,CAAC;SAC3D;QAED,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,IAAI,CAAC,CAAC;QAEvC,IAAA,cAAM,EAAC,oCAAoC,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,wCAAwB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC3D,IAAA,cAAM,EAAC,4BAA4B,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAErE,wEAAwE;QACxE,0EAA0E;QAC1E,MAAM,SAAS,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,IAAA,oBAAQ,EAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAE7D,IAAA,cAAM,EAAC,iCAAiC,CAAC,CAAC;QAC1C,MAAM,EAAE,GAAG,IAAA,oCAAoB,EAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAE3D,IAAA,cAAM,EAAC,aAAa,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;QAEtC,yEAAyE;QACzE,wEAAwE;QACxE,iEAAiE;QACjE,qDAAqD;QACrD,IAAI;YACF,MAAM,IAAA,sBAAc,EAClB,GAAS,EAAE;gBACT,MAAM,MAAM,GAAG,IAAI,oBAAM,CAAC;oBACxB,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE;wBACN,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,GAAG,EAAE,SAAS;wBACd,IAAI,EAAE,IAAA,qBAAgB,EAAC,IAAI,CAAC,MAAM,CAAC;qBACpC;iBACF,CAAC,CAAC;gBACH,MAAM,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,QAAQ,EAAE,EAAE;;oBAC3C,MAAM,MAAM,GAAG,MAAA,QAAQ,CAAC,MAAM,mCAAI,CAAC,CAAC;oBACpC,MAAM,KAAK,GAAG,MAAA,QAAQ,CAAC,KAAK,mCAAI,CAAC,CAAC;oBAClC,MAAM,EAAE,GAAG,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC7C,MAAM,GAAG,GAAG,KAAK;wBACf,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,IAAI;wBAC7C,CAAC,CAAC,EAAE,CAAC;oBACP,IAAA,cAAM,EAAC,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC,CAAC;gBACtC,CAAC,CAAC,CAAC;gBACH,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACtB,CAAC,CAAA,EACD;gBACE,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,IAAK;gBACd,UAAU,EAAE,KAAM;gBAClB,UAAU,EAAE,GAAG;gBACf,YAAY,EAAE,GAAG;gBACjB,mEAAmE;gBACnE,kEAAkE;gBAClE,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE,CACnB,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,cAAc;gBACrD,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CACF,CAAC;SACH;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,MAAM,kBAAkB,OAAO,EAAE,CAAC;SACnC;QAED,IAAA,cAAM,EAAC,WAAW,CAAC,CAAC;QAEpB,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,IAAA,oCAAoB,EACrE,KAAK,EACL,EAAE,EACF,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,EAClE,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,0EAA0E;QAC1E,IAAI,IAAI,CAAC,KAAK,EAAE;YACd,IAAA,cAAM,EAAC,WAAW,iBAAiB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,MAAM,EAAE,CAAC,CAAC;YACtE,IAAA,cAAM,EACJ,WAAW,iBAAiB,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,SAAS,EAAE,CACpE,CAAC;SACH;IACH,CAAC,CAAA,EACD;QACE,OAAO,EAAE,eAAe;KACzB,CACF,CAAC;AACJ,CAAC,CAAA,CAAC"}
|
|
@@ -39,7 +39,7 @@ const doActualLogin = (orgWithSlug, debug) => __awaiter(void 0, void 0, void 0,
|
|
|
39
39
|
const loginFn = plugin && login_1.pluginLoginMap[plugin];
|
|
40
40
|
if (!loginFn)
|
|
41
41
|
throw "Unsupported login for your organization";
|
|
42
|
-
const tokenResponse = yield loginFn(orgWithSlug
|
|
42
|
+
const tokenResponse = yield loginFn(orgWithSlug);
|
|
43
43
|
yield (0, auth_1.writeIdentity)(orgWithSlug, tokenResponse);
|
|
44
44
|
});
|
|
45
45
|
const formatTimeLeft = (seconds) => {
|
|
@@ -105,8 +105,7 @@ const login = (args, options) => __awaiter(void 0, void 0, void 0, function* ()
|
|
|
105
105
|
else {
|
|
106
106
|
(0, stdio_1.print2)(`You are currently logged in to the ${orgSlug} organization.`);
|
|
107
107
|
}
|
|
108
|
-
|
|
109
|
-
if (tokenTimeRemaining > 0 && !(identity === null || identity === void 0 ? void 0 : identity.credential.refresh_token)) {
|
|
108
|
+
if (tokenTimeRemaining > 0) {
|
|
110
109
|
(0, stdio_1.print2)(`The current session expires in ${formatTimeLeft(tokenTimeRemaining)}.`);
|
|
111
110
|
}
|
|
112
111
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/commands/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wCAAkD;AAClD,0CAMyB;AACzB,8CAA+C;AAC/C,oDAA0D;AAC1D,wCAA4C;AAC5C,4CAA0C;AAC1C,4CAAkD;AAClD,kDAAqE;AAKrE,MAAM,gCAAgC,GAAG,CAAC,GAAG,EAAE,CAAC;AAEhD,MAAM,aAAa,GAAG,CAAO,WAAoB,EAAE,KAAe,EAAE,EAAE;IACpE,MAAM,WAAW,GAAG,IAAA,0BAAc,EAAC,WAAW,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,IAAA,2BAAe,EAAC,WAAW,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAExE,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,uBAAuB,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,SAAS,EAAE,CAAC,CAAC;KACtD;IAED,MAAM,OAAO,GAAG,MAAM,IAAI,sBAAc,CAAC,MAAM,CAAC,CAAC;IAEjD,IAAI,CAAC,OAAO;QAAE,MAAM,yCAAyC,CAAC;IAE9D,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,WAAW,
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/commands/login.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,wCAAkD;AAClD,0CAMyB;AACzB,8CAA+C;AAC/C,oDAA0D;AAC1D,wCAA4C;AAC5C,4CAA0C;AAC1C,4CAAkD;AAClD,kDAAqE;AAKrE,MAAM,gCAAgC,GAAG,CAAC,GAAG,EAAE,CAAC;AAEhD,MAAM,aAAa,GAAG,CAAO,WAAoB,EAAE,KAAe,EAAE,EAAE;IACpE,MAAM,WAAW,GAAG,IAAA,0BAAc,EAAC,WAAW,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,IAAA,2BAAe,EAAC,WAAW,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAExE,IAAI,KAAK,EAAE;QACT,IAAA,cAAM,EAAC,uBAAuB,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,SAAS,EAAE,CAAC,CAAC;KACtD;IAED,MAAM,OAAO,GAAG,MAAM,IAAI,sBAAc,CAAC,MAAM,CAAC,CAAC;IAEjD,IAAI,CAAC,OAAO;QAAE,MAAM,yCAAyC,CAAC;IAE9D,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,IAAA,oBAAa,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC,CAAA,CAAC;AAEF,MAAM,cAAc,GAAG,CAAC,OAAe,EAAE,EAAE;IACzC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,kCAAkC;IACzF,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACjD,MAAM,CAAC,GAAG,YAAY,GAAG,EAAE,CAAC;IAC5B,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;AAC3B,CAAC,CAAC;AAEF;;;;;;GAMG;AACI,MAAM,KAAK,GAAG,CACnB,IAAyC,EACzC,OAAyD,EACzD,EAAE;IACF,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAe,GAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAEhE,MAAM,kBAAkB,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAA,yBAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvE,IAAI,QAAQ,GAAG,kBAAkB,GAAG,gCAAgC,CAAC;IACrE,IAAI,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE;QACZ,IAAI,QAAQ,IAAI,QAAQ,EAAE;YACxB,kFAAkF;YAClF,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;SAC7B;aAAM;YACL,MAAM,2GAA2G,CAAC;SACnH;KACF;SAAM;QACL,IAAI,QAAQ,IAAI,QAAQ,EAAE;YACxB,IAAI,OAAO,KAAK,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE;gBACjD,sFAAsF;gBACtF,QAAQ,GAAG,KAAK,CAAC;aAClB;SACF;KACF;IAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;QAClB,IAAA,cAAM,EACJ,yBAAyB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,eAAe,UAAU,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,IAAA,mBAAU,EAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC;IAE1C,MAAM,IAAA,8BAAkB,GAAE,CAAC;IAE3B,MAAM,OAAO,GAAG,MAAM,IAAA,gBAAU,EAAC,OAAO,CAAC,CAAC;IAE1C,MAAM,WAAW,mCAAiB,OAAO,KAAE,IAAI,EAAE,OAAO,GAAE,CAAC;IAE3D,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;QAClB,IAAA,cAAM,EAAC,aAAa,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;KACpD;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;YAClB,IAAA,cAAM,EAAC,wCAAwC,OAAO,EAAE,CAAC,CAAC;SAC3D;QACD,MAAM,aAAa,CAAC,WAAW,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,CAAA,EAAE;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAA,mBAAY,EAAC,EAAE,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,MAAM,oBAAoB,CAAC,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC;KACnD;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,IAAA,cAAM,EACJ,gCAAgC,OAAO,wCAAwC,CAChF,CAAC;KACH;SAAM;QACL,IAAA,cAAM,EAAC,sCAAsC,OAAO,gBAAgB,CAAC,CAAC;KACvE;IAED,IAAI,kBAAkB,GAAG,CAAC,EAAE;QAC1B,IAAA,cAAM,EACJ,kCAAkC,cAAc,CAAC,kBAAkB,CAAC,GAAG,CACxE,CAAC;KACH;AACH,CAAC,CAAA,CAAC;AAvEW,QAAA,KAAK,SAuEhB;AAEK,MAAM,YAAY,GAAG,CAAC,KAAiB,EAAE,EAAE,CAChD,KAAK,CAAC,OAAO,CACX,aAAa,EACb,4BAA4B,EAC5B,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,UAAU,CAAC,KAAK,EAAE;IACjB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,sBAAsB;CACjC,CAAC;KACD,MAAM,CAAC,SAAS,EAAE;IACjB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,yBAAyB;IACnC,OAAO,EAAE,KAAK;CACf,CAAC;KACD,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,0BAA0B;CACrC,CAAC,EAEN,CACE,IAIE,EACF,EAAE,CAAC,IAAA,aAAK,EAAC,IAAI,EAAE,IAAI,CAAC,CACvB,CAAC;AA3BS,QAAA,YAAY,gBA2BrB;AAEJ,MAAM,oBAAoB,GAAG,CAAO,KAAY,EAAE,KAAe,EAAE,EAAE;IACnE,IAAI;QACF,MAAM,IAAA,sBAAgB,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAA,qBAAc,GAAE,CAAC;QACvB,MAAM,2CAA2C,CAAC;KACnD;AACH,CAAC,CAAA,CAAC"}
|
|
@@ -23,7 +23,6 @@ This file is part of @p0security/cli
|
|
|
23
23
|
|
|
24
24
|
You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
|
|
25
25
|
**/
|
|
26
|
-
const auth_1 = require("../drivers/auth");
|
|
27
26
|
const path_1 = require("../drivers/auth/path");
|
|
28
27
|
const stdio_1 = require("../drivers/stdio");
|
|
29
28
|
const promises_1 = __importDefault(require("fs/promises"));
|
|
@@ -42,10 +41,12 @@ const safeDelete = (filePath, description, debug) => __awaiter(void 0, void 0, v
|
|
|
42
41
|
});
|
|
43
42
|
const logout = (debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
44
43
|
(0, stdio_1.print2)("Logging out...");
|
|
45
|
-
|
|
46
|
-
yield (
|
|
44
|
+
const identityPath = (0, path_1.getIdentityFilePath)();
|
|
45
|
+
yield safeDelete(identityPath, "identity file", debug);
|
|
47
46
|
const configPath = (0, path_1.getConfigFilePath)();
|
|
48
47
|
yield safeDelete(configPath, "config file", debug);
|
|
48
|
+
const cachePath = (0, path_1.getIdentityCachePath)();
|
|
49
|
+
yield safeDelete(cachePath, "cache", debug);
|
|
49
50
|
(0, stdio_1.print2)("Successfully logged out. All authentication data has been cleared.");
|
|
50
51
|
});
|
|
51
52
|
const logoutCommand = (yargs) => yargs.command("logout", "Log out and clear all authentication data", (yargs) => yargs.option("debug", {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/commands/logout.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH
|
|
1
|
+
{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/commands/logout.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,+CAI8B;AAC9B,4CAA0C;AAC1C,2DAA6B;AAG7B,MAAM,UAAU,GAAG,CACjB,QAAgB,EAChB,WAAmB,EACnB,KAAc,EACd,EAAE;IACF,IAAI;QACF,MAAM,kBAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACxD,IAAI,KAAK,EAAE;YACT,IAAA,cAAM,EAAC,WAAW,WAAW,KAAK,QAAQ,EAAE,CAAC,CAAC;SAC/C;KACF;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE;YAC3B,IAAA,cAAM,EACJ,6BAA6B,WAAW,OAAO,QAAQ,KAAK,KAAK,CAAC,OAAO,EAAE,CAC5E,CAAC;SACH;KACF;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,MAAM,GAAG,CAAO,KAAc,EAAiB,EAAE;IACrD,IAAA,cAAM,EAAC,gBAAgB,CAAC,CAAC;IAEzB,MAAM,YAAY,GAAG,IAAA,0BAAmB,GAAE,CAAC;IAC3C,MAAM,UAAU,CAAC,YAAY,EAAE,eAAe,EAAE,KAAK,CAAC,CAAC;IAEvD,MAAM,UAAU,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACvC,MAAM,UAAU,CAAC,UAAU,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;IAEnD,MAAM,SAAS,GAAG,IAAA,2BAAoB,GAAE,CAAC;IACzC,MAAM,UAAU,CAAC,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAE5C,IAAA,cAAM,EAAC,oEAAoE,CAAC,CAAC;AAC/E,CAAC,CAAA,CAAC;AAEK,MAAM,aAAa,GAAG,CAAC,KAAiB,EAAE,EAAE,CACjD,KAAK,CAAC,OAAO,CACX,QAAQ,EACR,2CAA2C,EAC3C,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE;IACpB,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,KAAK;CACf,CAAC,EACJ,CAAO,IAAI,EAAE,EAAE;;IACb,MAAM,MAAM,CAAC,MAAA,IAAI,CAAC,KAAK,mCAAI,KAAK,CAAC,CAAC;AACpC,CAAC,CAAA,CACF,CAAC;AAbS,QAAA,aAAa,iBAatB"}
|
|
@@ -7,9 +7,7 @@ export declare const cached: <T>(name: string, loader: () => Promise<T>, options
|
|
|
7
7
|
export declare const loadCredentials: () => Promise<Identity>;
|
|
8
8
|
export declare const remainingTokenTime: (identity: Identity) => number;
|
|
9
9
|
export declare const writeIdentity: (org: OrgData, credential: TokenResponse) => Promise<void>;
|
|
10
|
-
export declare const deleteIdentity: (
|
|
11
|
-
debug?: boolean;
|
|
12
|
-
}) => Promise<void>;
|
|
10
|
+
export declare const deleteIdentity: () => Promise<void>;
|
|
13
11
|
export declare const authenticate: (options?: {
|
|
14
12
|
noRefresh?: boolean;
|
|
15
13
|
debug?: boolean;
|
|
@@ -45,15 +45,12 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
45
45
|
**/
|
|
46
46
|
const login_1 = require("../../commands/login");
|
|
47
47
|
const instrumentation_1 = require("../../opentelemetry/instrumentation");
|
|
48
|
-
const authUtils_1 = require("../../types/authUtils");
|
|
49
48
|
const util_1 = require("../../util");
|
|
50
49
|
const api_1 = require("../api");
|
|
51
50
|
const firestore_1 = require("../firestore");
|
|
52
51
|
const stdio_1 = require("../stdio");
|
|
53
52
|
const util_2 = require("../util");
|
|
54
|
-
const lock_1 = require("./lock");
|
|
55
53
|
const path_1 = require("./path");
|
|
56
|
-
const refresh_1 = require("./refresh");
|
|
57
54
|
const fs = __importStar(require("fs/promises"));
|
|
58
55
|
const path = __importStar(require("path"));
|
|
59
56
|
const MIN_REMAINING_TOKEN_TIME_SECONDS = 60;
|
|
@@ -137,7 +134,6 @@ exports.loadCredentials = loadCredentials;
|
|
|
137
134
|
const remainingTokenTime = (identity) => Math.floor(identity.credential.expires_at - Date.now() * 1e-3);
|
|
138
135
|
exports.remainingTokenTime = remainingTokenTime;
|
|
139
136
|
const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
140
|
-
var _e, _f, _g;
|
|
141
137
|
let identity;
|
|
142
138
|
try {
|
|
143
139
|
identity = yield (0, exports.loadCredentials)();
|
|
@@ -153,33 +149,6 @@ const loadCredentialsWithAutoLogin = (options) => __awaiter(void 0, void 0, void
|
|
|
153
149
|
if ((0, exports.remainingTokenTime)(identity) > MIN_REMAINING_TOKEN_TIME_SECONDS) {
|
|
154
150
|
return identity;
|
|
155
151
|
}
|
|
156
|
-
// If token is expired, and provider is okta, try the silent refresh-token
|
|
157
|
-
// grant first, and only fall through to the interactive device flow if that
|
|
158
|
-
// path is unavailable or fails.
|
|
159
|
-
if (identity.credential.refresh_token &&
|
|
160
|
-
(0, authUtils_1.getProviderType)(identity.org) === "okta") {
|
|
161
|
-
try {
|
|
162
|
-
return yield (0, lock_1.withIdentityLock)(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
163
|
-
// Double-checked under the lock: a peer process may have refreshed
|
|
164
|
-
// identity.json while we were waiting to acquire it.
|
|
165
|
-
const current = yield (0, exports.loadCredentials)();
|
|
166
|
-
if ((0, exports.remainingTokenTime)(current) > MIN_REMAINING_TOKEN_TIME_SECONDS) {
|
|
167
|
-
return current;
|
|
168
|
-
}
|
|
169
|
-
const refreshed = yield (0, refresh_1.refreshOktaTokens)(current, {
|
|
170
|
-
debug: options === null || options === void 0 ? void 0 : options.debug,
|
|
171
|
-
});
|
|
172
|
-
yield (0, exports.writeIdentity)(current.org, refreshed);
|
|
173
|
-
return yield (0, exports.loadCredentials)();
|
|
174
|
-
}));
|
|
175
|
-
}
|
|
176
|
-
catch (e) {
|
|
177
|
-
if (options === null || options === void 0 ? void 0 : options.debug) {
|
|
178
|
-
const detail = (_g = (_f = (_e = e === null || e === void 0 ? void 0 : e.reason) !== null && _e !== void 0 ? _e : e === null || e === void 0 ? void 0 : e.code) !== null && _f !== void 0 ? _f : e === null || e === void 0 ? void 0 : e.message) !== null && _g !== void 0 ? _g : String(e);
|
|
179
|
-
(0, stdio_1.print2)(`Okta refresh-token grant failed (${detail}); falling back to device flow.`);
|
|
180
|
-
}
|
|
181
|
-
}
|
|
182
|
-
}
|
|
183
152
|
if (options === null || options === void 0 ? void 0 : options.noRefresh) {
|
|
184
153
|
throw (0, util_2.getExpiredCredentialsMessage)();
|
|
185
154
|
}
|
|
@@ -194,21 +163,10 @@ const writeIdentity = (org, credential) => __awaiter(void 0, void 0, void 0, fun
|
|
|
194
163
|
(0, stdio_1.print2)(`Saving authorization to ${identityFilePath}.`);
|
|
195
164
|
const dir = path.dirname(identityFilePath);
|
|
196
165
|
yield fs.mkdir(dir, { recursive: true });
|
|
197
|
-
|
|
198
|
-
// identity.json truncated. Same-directory rename keeps the operation atomic.
|
|
199
|
-
const tmpPath = `${identityFilePath}.tmp`;
|
|
200
|
-
yield fs.writeFile(tmpPath, JSON.stringify({ credential: Object.assign(Object.assign({}, credential), { expires_at }), org }, null, 2), { mode: "600" });
|
|
201
|
-
yield fs.rename(tmpPath, identityFilePath);
|
|
166
|
+
yield fs.writeFile(identityFilePath, JSON.stringify({ credential: Object.assign(Object.assign({}, credential), { expires_at }), org }, null, 2), { mode: "600" });
|
|
202
167
|
});
|
|
203
168
|
exports.writeIdentity = writeIdentity;
|
|
204
|
-
const deleteIdentity = (
|
|
205
|
-
// Best-effort: revoke the refresh_token at the IDP before destroying our
|
|
206
|
-
// local copy.
|
|
207
|
-
const identity = yield (0, exports.loadCredentials)();
|
|
208
|
-
if (identity.credential.refresh_token &&
|
|
209
|
-
(0, authUtils_1.getProviderType)(identity.org) === "okta") {
|
|
210
|
-
yield (0, refresh_1.revokeOktaRefreshToken)(identity, { debug: options === null || options === void 0 ? void 0 : options.debug });
|
|
211
|
-
}
|
|
169
|
+
const deleteIdentity = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
212
170
|
yield clearIdentityCache();
|
|
213
171
|
yield clearIdentityFile();
|
|
214
172
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/drivers/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,gDAA6C;AAC7C,yEAA4E;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/drivers/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,gDAA6C;AAC7C,yEAA4E;AAI5E,qCAAwC;AACxC,gCAAmC;AACnC,4CAAsD;AACtD,oCAAkC;AAClC,kCAAuD;AACvD,iCAAmE;AACnE,gDAAkC;AAClC,2CAA6B;AAE7B,MAAM,gCAAgC,GAAG,EAAE,CAAC;AAErC,MAAM,MAAM,GAAG,CACpB,IAAY,EACZ,MAAwB,EACxB,OAA6B,EAC7B,UAAiC,EACrB,EAAE;;IACd,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;IAEjD,iCAAiC;IACjC,mHAAmH;IACnH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;KAC3C;IAED,MAAM,SAAS,GAAG,GAAS,EAAE;QAC3B,MAAM,IAAI,GAAG,MAAM,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI;YAAE,MAAM,mCAAmC,IAAI,GAAG,CAAC;QAC5D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC,CAAA,CAAC;IAEF,IAAI;QACF,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;YACxD,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAM,CAAC;QACzE,IAAI,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAG,IAAI,CAAC,EAAE;YACtB,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YACjB,OAAO,MAAM,SAAS,EAAE,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ;YAC1B,IAAA,cAAM,EACJ,+BAA+B,IAAI,iBAAiB,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,EAAE,CAC7E,CAAC;QACJ,OAAO,MAAM,SAAS,EAAE,CAAC;KAC1B;AACH,CAAC,CAAA,CAAC;AA3CW,QAAA,MAAM,UA2CjB;AAEF,MAAM,iBAAiB,GAAG,GAAS,EAAE;IACnC,IAAI;QACF,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;QAC/C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAClC,MAAM,EAAE,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC;KAC/B;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEF,MAAM,kBAAkB,GAAG,GAAS,EAAE;IACpC,IAAI;QACF,MAAM,iBAAiB,GAAG,IAAA,2BAAoB,GAAE,CAAC;QACjD,kEAAkE;QAClE,MAAM,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACnC,MAAM,EAAE,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KACrD;IAAC,WAAM;QACN,OAAO;KACR;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,eAAe,GAAG,GAA4B,EAAE;;IAC3D,IAAI;QACF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAA,0BAAmB,GAAE,CAAC,CAAC;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAa,CAAC;QACvD,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,GAAG,0CAAE,IAAI,CAAA,EAAE;YACnB,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;SACxD;QACD,OAAO,IAAI,CAAC;KACb;IAAC,OAAO,KAAU,EAAE;QACnB,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,MAAK,QAAQ,EAAE;YAC5B,MAAM,gBAAgB,IAAA,iBAAU,GAAE,0BAA0B,CAAC;SAC9D;QACD,MAAM,KAAK,CAAC;KACb;AACH,CAAC,CAAA,CAAC;AAdW,QAAA,eAAe,mBAc1B;AAEK,MAAM,kBAAkB,GAAG,CAAC,QAAkB,EAAE,EAAE,CACvD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AADpD,QAAA,kBAAkB,sBACkC;AAEjE,MAAM,4BAA4B,GAAG,CAAO,OAG3C,EAAqB,EAAE;IACtB,IAAI,QAAkB,CAAC;IACvB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAA,uBAAe,GAAE,CAAC;KACpC;IAAC,OAAO,CAAM,EAAE;QACf,IAAI,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,MAAK,iBAAiB,EAAE;YACjC,MAAM,IAAA,aAAK,EACT,EAAE,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,EACf,EAAE,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAClD,CAAC;YACF,IAAA,cAAM,EAAC,IAAI,CAAC,CAAC;YACb,OAAO,4BAA4B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;SAC1D;QACD,MAAM,CAAC,CAAC;KACT;IAED,IAAI,IAAA,0BAAkB,EAAC,QAAQ,CAAC,GAAG,gCAAgC,EAAE;QACnE,OAAO,QAAQ,CAAC;KACjB;IAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE;QACtB,MAAM,IAAA,mCAA4B,GAAE,CAAC;KACtC;IAED,MAAM,IAAA,aAAK,EACT,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAC1B,EAAE,KAAK,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAClD,CAAC;IACF,IAAA,cAAM,EAAC,QAAQ,CAAC,CAAC,CAAC,mBAAmB;IACrC,OAAO,4BAA4B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC,CAAA,CAAC;AAEK,MAAM,aAAa,GAAG,CAC3B,GAAY,EACZ,UAAyB,EACzB,EAAE;IACF,MAAM,kBAAkB,EAAE,CAAC;IAE3B,MAAM,gBAAgB,GAAG,IAAA,0BAAmB,GAAE,CAAC;IAE/C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,6BAA6B;IAC/F,IAAA,cAAM,EAAC,2BAA2B,gBAAgB,GAAG,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,CAChB,gBAAgB,EAChB,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,kCAAO,UAAU,KAAE,UAAU,GAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAC3E,EAAE,IAAI,EAAE,KAAK,EAAE,CAChB,CAAC;AACJ,CAAC,CAAA,CAAC;AAjBW,QAAA,aAAa,iBAiBxB;AAEK,MAAM,cAAc,GAAG,GAAS,EAAE;IACvC,MAAM,kBAAkB,EAAE,CAAC;IAC3B,MAAM,iBAAiB,EAAE,CAAC;AAC5B,CAAC,CAAA,CAAC;AAHW,QAAA,cAAc,kBAGzB;AAEF,gEAAgE;AAChE,MAAM,wBAAwB,GAAG,CAAO,KAAY,EAAiB,EAAE;IACrE,MAAM,GAAG,GAAG,IAAA,eAAS,EAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,IAAA,uCAAqB,EAAC,GAAG,EAAE,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC3D,CAAC,CAAA,CAAC;AAEK,MAAM,YAAY,GAAG,CAAO,OAGlC,EAAkB,EAAE;IACnB,MAAM,QAAQ,GAAG,MAAM,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;QAClB,IAAA,cAAM,EAAC,oCAAoC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAChE,IAAA,cAAM,EAAC,oBAAoB,IAAA,0BAAkB,EAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;KACpE;IACD,IAAI,KAAY,CAAC;IAEjB,IAAI,QAAQ,CAAC,GAAG,CAAC,gBAAgB,EAAE;QACjC,KAAK,GAAG;YACN,QAAQ;YACR,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC;SAClE,CAAC;KACH;SAAM;QACL,kEAAkE;QAClE,yEAAyE;QACzE,oEAAoE;QACpE,MAAM,cAAc,GAAG,MAAM,IAAA,kCAAsB,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvE,KAAK,GAAG;YACN,QAAQ;YACR,cAAc;YACd,QAAQ,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE;SACjD,CAAC;KACH;IAED,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,KAAK,CAAC;AACf,CAAC,CAAA,CAAC;AA9BW,QAAA,YAAY,gBA8BvB"}
|
|
@@ -40,11 +40,18 @@ const stsAssume = (partition, params) => __awaiter(void 0, void 0, void 0, funct
|
|
|
40
40
|
const stsXml = yield response.text();
|
|
41
41
|
const stsObject = (0, xml_1.parseXml)(stsXml);
|
|
42
42
|
const stsCredentials = stsObject.AssumeRoleWithSAMLResponse.AssumeRoleWithSAMLResult.Credentials;
|
|
43
|
+
// Date.parse returns NaN for a missing/malformed Expiration. Normalize that to
|
|
44
|
+
// undefined so downstream consumers treat it as "expiry unknown"
|
|
45
|
+
const parsedExpiration = Date.parse(stsCredentials.Expiration);
|
|
46
|
+
const expiresAt = Number.isNaN(parsedExpiration)
|
|
47
|
+
? undefined
|
|
48
|
+
: parsedExpiration;
|
|
43
49
|
return {
|
|
44
50
|
AWS_ACCESS_KEY_ID: stsCredentials.AccessKeyId,
|
|
45
51
|
AWS_SECRET_ACCESS_KEY: stsCredentials.SecretAccessKey,
|
|
46
52
|
AWS_SESSION_TOKEN: stsCredentials.SessionToken,
|
|
47
53
|
AWS_SECURITY_TOKEN: stsCredentials.SessionToken,
|
|
54
|
+
expiresAt, // epoch ms, or undefined if AWS gave us an unparseable Expiration
|
|
48
55
|
};
|
|
49
56
|
});
|
|
50
57
|
/** Assumes an AWS role via SAML login */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;
|
|
1
|
+
{"version":3,"file":"assumeRole.js","sourceRoot":"","sources":["../../../../src/plugins/aws/assumeRole.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,8CAAsD;AACtD,0CAA4C;AAC5C,+BAA+C;AAC/C,+BAAwC;AAGxC,MAAM,OAAO,GAAG,CAAC,IAA0D,EAAE,EAAE,CAC7E,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;AAEjE,MAAM,SAAS,GAAG,CAChB,SAAiB,EACjB,MAA8B,EACL,EAAE;IAC3B,iFAAiF;IACjF,wFAAwF;IACxF,0DAA0D;IAC1D,iGAAiG;IACjG,iGAAiG;IACjG,MAAM,GAAG,GAAG,IAAA,iBAAW,EAAC,SAAS,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,eAAe,CAAC,MAAM,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAA,wBAAgB,EAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAA,cAAQ,EAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAClB,SAAS,CAAC,0BAA0B,CAAC,wBAAwB,CAAC,WAAW,CAAC;IAC5E,+EAA+E;IAC/E,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC;QAC9C,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,gBAAgB,CAAC;IACrB,OAAO;QACL,iBAAiB,EAAE,cAAc,CAAC,WAAW;QAC7C,qBAAqB,EAAE,cAAc,CAAC,eAAe;QACrD,iBAAiB,EAAE,cAAc,CAAC,YAAY;QAC9C,kBAAkB,EAAE,cAAc,CAAC,YAAY;QAC/C,SAAS,EAAE,kEAAkE;KAC9E,CAAC;AACJ,CAAC,CAAA,CAAC;AAEF,yCAAyC;AAClC,MAAM,kBAAkB,GAAG,CAAO,IAaxC,EAA2B,EAAE;;IAC5B,MAAM,SAAS,GAAG,MAAA,IAAI,CAAC,SAAS,mCAAI,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,qBAAe;QACxB,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,OAAO,iCAAM,IAAI,KAAE,SAAS,IAAG;QACxC,YAAY,EAAE,GAAG,IAAA,eAAS,EAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,kBACjD,IAAI,CAAC,IAAI,CAAC,YACZ,EAAE;QACF,oEAAoE;QACpE,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;KAClC,CAAC;IACF,OAAO,MAAM,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAA,CAAC;AA1BW,QAAA,kBAAkB,sBA0B7B"}
|
|
@@ -131,9 +131,8 @@ exports.awsSshProvider = {
|
|
|
131
131
|
reproCommands: (request) => {
|
|
132
132
|
// TODO: Add manual commands for IDC login
|
|
133
133
|
if (request.access !== "idc") {
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
];
|
|
134
|
+
const assumeCommand = `${(0, util_1.getAppName)()} aws role assume ${request.role} --account ${request.accountId} --no-request`;
|
|
135
|
+
return [(0, util_1.newShellFormatter)().formatEvalCommand(assumeCommand)];
|
|
137
136
|
}
|
|
138
137
|
return undefined;
|
|
139
138
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;AAC7C,uDAAqD;AAErD,
|
|
1
|
+
{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../../../src/plugins/aws/ssh.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;GASG;AACH,4CAI2B;AAC3B,2CAAsE;AACtE,+CAA6C;AAC7C,uDAAqD;AAErD,qCAA6E;AAC7E,qCAAqD;AACrD,qCAAwC;AACxC,+BAA0C;AAC1C,2CAAiD;AAQjD,gDAAkC;AAElC,MAAM,4BAA4B,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,iGAAiG;AACjG,MAAM,+BAA+B,GAAG,qBAAqB,CAAC;AAE9D;;;;;;GAMG;AACH,MAAM,2BAA2B,GAAG;IAClC,kFAAkF;IAClF,sFAAsF;IACtF;QACE,OAAO,EACL,wRAAwR;KAC3R;IACD;;;;;;OAMG;IACH;QACE,OAAO,EAAE,kEAAkE;KAC5E;CACO,CAAC;AAEE,QAAA,cAAc,GAKvB;IACF,kBAAkB,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;;QAClD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,qBAAY,EAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,CAAA,IAAI,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK,EAAE;YACvD,MAAM,+CAA+C,CAAC;SACvD;QAED,OAAO,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,KAAK;YACjC,CAAC,CAAC,MAAM,IAAA,uBAAiB,EAAC,OAA2B,CAAC;YACtD,CAAC,CAAC,CAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,IAAI,MAAK,WAAW;gBAClC,CAAC,CAAC,MAAM,IAAA,4BAAsB,EAC1B,KAAK,EACL,OAA4B,EAC5B,KAAK,CACN;gBACH,CAAC,CAAC,IAAA,uBAAgB,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC,CAAA;IAED,aAAa,EAAE,CAAO,OAAO,EAAE,EAAE;QAC/B,IAAI,CAAC,CAAC,MAAM,IAAA,0BAAgB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,EAAE;YAC7C,MAAM,8DAA8D,CAAC;SACtE;IACH,CAAC,CAAA;IAED,YAAY,EAAE,KAAK;IAEnB,oBAAoB,EAAE,4BAA4B;IAElD,4BAA4B,EAAE,GAAG,EAAE,CAAC,SAAS;IAEvC,eAAe,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK;;YAC/D,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;gBAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,SAAS,CAAC,IAAI,EAAE,EAAE;oBAC3D,MAAM,+DAA+D,CAAC;iBACvE;aACF;iBAAM;gBACL,MAAM,IAAA,qBAAe,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,KAAK,CAAC,CAAC;aAC/D;QACH,CAAC;KAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QAC9B,OAAO;YACL,KAAK;YACL,KAAK;YACL,eAAe;YACf,UAAU;YACV,OAAO,CAAC,MAAM;YACd,UAAU;YACV,OAAO,CAAC,EAAE;YACV,iBAAiB;YACjB,+BAA+B;YAC/B,cAAc;YACd,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe;SAC9C,CAAC;IACJ,CAAC;IAED,aAAa,EAAE,CAAC,OAAO,EAAE,EAAE;QACzB,0CAA0C;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE;YAC5B,MAAM,aAAa,GAAG,GAAG,IAAA,iBAAU,GAAE,oBAAoB,OAAO,CAAC,IAAI,cAAc,OAAO,CAAC,SAAS,eAAe,CAAC;YACpH,OAAO,CAAC,IAAA,wBAAiB,GAAE,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC;SAC/D;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,YAAY,EAAE,GAAS,EAAE;QACvB,OAAO;YACL,cAAc,EAAE,uBAAgB;SACjC,CAAC;IACJ,CAAC,CAAA;IAED,eAAe,EAAE,CAAO,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1C,MAAM,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC;QACvB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;QAE/C,+BAA+B;QAC/B,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;YACxD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC;aACrD;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;SAChD;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAE;gBAClB,IAAA,cAAM,EAAC,oCAAoC,EAAE,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;aACpE;SACF;QAED,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,IAAA,sBAAgB,EAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,SAAS,EAAE;YACtE,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAA,yBAAkB,EAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,EAAE;YAC7D,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;QACH,OAAO,QAAQ;YACb,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;YACtD,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC,CAAA;IAED,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;;QACxB,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;QACtD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;QACxC,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;QAChC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;QAC9C,MAAM,WAAW,GAAG,IAAA,wBAAW,EAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACnD,kDAAkD;QAClD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,mCAAI,QAAQ,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,4DAA4D,CAAC;SACpE;QACD,MAAM,IAAI,GAAG,MAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,IAAI,mCAAI,MAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,QAAQ,0CAAE,IAAI,mCAAI,EAAE,CAAC;QAC5E,MAAM,MAAM,GAAG;YACb,aAAa;YACb,SAAS;YACT,MAAM;YACN,EAAE,EAAE,UAAU;YACd,QAAQ;SACT,CAAC;QACF,OAAO,CAAC,KAAK,IAAI,CAAC,SAAS;YACzB,CAAC,iCAAM,MAAM,KAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,IACtD,CAAC,iCACM,MAAM,KACT,GAAG,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EACrC,aAAa,EAAE,IAAI,EACnB,IAAI,EAAE,KAAK,EACX,MAAM,EAAE,KAAK,GACd,CAAC;IACR,CAAC;IAED,YAAY,EAAE,CAAO,OAAO,EAAE,EAAE,kDAAC,OAAA,iCAAM,OAAO,KAAE,YAAY,EAAE,SAAS,IAAG,CAAA,GAAA;IAE1E,2BAA2B;CAC5B,CAAC"}
|
|
@@ -11,12 +11,15 @@ You should have received a copy of the GNU General Public License along with @p0
|
|
|
11
11
|
import { PermissionSpec } from "../../types/request";
|
|
12
12
|
import { CliPermissionSpec } from "../../types/ssh";
|
|
13
13
|
import { CommonSshPermissionSpec } from "../ssh/types";
|
|
14
|
-
export type
|
|
14
|
+
export type AwsCredentialFields = {
|
|
15
15
|
AWS_ACCESS_KEY_ID: string;
|
|
16
16
|
AWS_SECRET_ACCESS_KEY: string;
|
|
17
17
|
AWS_SESSION_TOKEN: string;
|
|
18
18
|
AWS_SECURITY_TOKEN: string;
|
|
19
19
|
};
|
|
20
|
+
export type AwsCredentials = AwsCredentialFields & {
|
|
21
|
+
expiresAt?: number;
|
|
22
|
+
};
|
|
20
23
|
export type AwsIamLogin = {
|
|
21
24
|
type: "iam";
|
|
22
25
|
identity: {
|
|
@@ -19,13 +19,29 @@ export declare const provisionTransferRequest: (authn: Authn, args: yargs.Argume
|
|
|
19
19
|
region: string;
|
|
20
20
|
awsSpec: AwsResourcePermissionSpec;
|
|
21
21
|
}>;
|
|
22
|
-
|
|
22
|
+
/**
|
|
23
|
+
* Builds an S3 client whose credentials refresh automatically. A large upload
|
|
24
|
+
* can run longer than the temporary credentials live; passing a provider
|
|
25
|
+
* function (that returns `expiration`) lets the SDK re-fetch fresh credentials
|
|
26
|
+
* mid-upload instead of failing the in-flight parts with ExpiredToken.
|
|
27
|
+
*/
|
|
28
|
+
export declare const createTransferClient: (authn: Authn, target: {
|
|
29
|
+
region: string;
|
|
30
|
+
awsSpec: AwsResourcePermissionSpec;
|
|
31
|
+
}, debug?: boolean) => S3Client;
|
|
32
|
+
/**
|
|
33
|
+
* Signs the GET (download) and DELETE (cleanup) URLs. Call this AFTER the upload
|
|
34
|
+
* completes: the GET window is finite, and signing before a large upload would
|
|
35
|
+
* burn that window while the file is still uploading.
|
|
36
|
+
*
|
|
37
|
+
* Each expiry is capped to the credentials' remaining lifetime so a URL can
|
|
38
|
+
* never outlive the credentials that signed it.
|
|
39
|
+
*/
|
|
40
|
+
export declare const generateTransferUrls: (authn: Authn, s3: S3Client, target: {
|
|
23
41
|
bucket: string;
|
|
24
42
|
key: string;
|
|
25
|
-
region: string;
|
|
26
43
|
awsSpec: AwsResourcePermissionSpec;
|
|
27
44
|
}, debug?: boolean) => Promise<{
|
|
28
|
-
s3: S3Client;
|
|
29
45
|
getUrl: string;
|
|
30
46
|
deleteUrl: string;
|
|
31
47
|
expirySeconds: {
|
|
@@ -9,14 +9,15 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.generateTransferUrls = exports.provisionTransferRequest = void 0;
|
|
12
|
+
exports.generateTransferUrls = exports.createTransferClient = exports.provisionTransferRequest = void 0;
|
|
13
13
|
const request_1 = require("../../commands/shared/request");
|
|
14
14
|
const auth_1 = require("../aws/auth");
|
|
15
15
|
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
16
16
|
const s3_request_presigner_1 = require("@aws-sdk/s3-request-presigner");
|
|
17
17
|
const lodash_1 = require("lodash");
|
|
18
|
-
const
|
|
19
|
-
const
|
|
18
|
+
const SECONDS_TO_EXPIRE_GET_URL = 60 * 60;
|
|
19
|
+
const SECONDS_TO_EXPIRE_DELETE_URL = 60 * 60;
|
|
20
|
+
const MIN_URL_EXPIRY_THRESHOLD_SECONDS = 60;
|
|
20
21
|
const provisionTransferRequest = (authn, args) => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
22
|
const response = yield (0, request_1.request)("request")(Object.assign(Object.assign({}, (0, lodash_1.pick)(args, "$0", "_")), { arguments: [
|
|
22
23
|
"file-transfer",
|
|
@@ -40,33 +41,57 @@ const provisionTransferRequest = (authn, args) => __awaiter(void 0, void 0, void
|
|
|
40
41
|
};
|
|
41
42
|
});
|
|
42
43
|
exports.provisionTransferRequest = provisionTransferRequest;
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
credentials
|
|
53
|
-
|
|
44
|
+
/**
|
|
45
|
+
* Builds an S3 client whose credentials refresh automatically. A large upload
|
|
46
|
+
* can run longer than the temporary credentials live; passing a provider
|
|
47
|
+
* function (that returns `expiration`) lets the SDK re-fetch fresh credentials
|
|
48
|
+
* mid-upload instead of failing the in-flight parts with ExpiredToken.
|
|
49
|
+
*/
|
|
50
|
+
const createTransferClient = (authn, target, debug) => new client_s3_1.S3Client({
|
|
51
|
+
region: target.region,
|
|
52
|
+
credentials: () => __awaiter(void 0, void 0, void 0, function* () {
|
|
53
|
+
const credentials = yield (0, auth_1.awsCloudAuth)(authn, target.awsSpec, debug);
|
|
54
|
+
return Object.assign({ accessKeyId: credentials.AWS_ACCESS_KEY_ID, secretAccessKey: credentials.AWS_SECRET_ACCESS_KEY, sessionToken: credentials.AWS_SESSION_TOKEN }, (credentials.expiresAt !== undefined
|
|
55
|
+
? { expiration: new Date(credentials.expiresAt) }
|
|
56
|
+
: {}));
|
|
57
|
+
}),
|
|
58
|
+
});
|
|
59
|
+
exports.createTransferClient = createTransferClient;
|
|
60
|
+
/**
|
|
61
|
+
* Signs the GET (download) and DELETE (cleanup) URLs. Call this AFTER the upload
|
|
62
|
+
* completes: the GET window is finite, and signing before a large upload would
|
|
63
|
+
* burn that window while the file is still uploading.
|
|
64
|
+
*
|
|
65
|
+
* Each expiry is capped to the credentials' remaining lifetime so a URL can
|
|
66
|
+
* never outlive the credentials that signed it.
|
|
67
|
+
*/
|
|
68
|
+
const generateTransferUrls = (authn, s3, target, debug) => __awaiter(void 0, void 0, void 0, function* () {
|
|
69
|
+
const { expiresAt } = yield (0, auth_1.awsCloudAuth)(authn, target.awsSpec, debug);
|
|
70
|
+
const remaining = expiresAt !== undefined
|
|
71
|
+
? Math.floor((expiresAt - Date.now()) / 1000)
|
|
72
|
+
: Infinity;
|
|
73
|
+
if (remaining < MIN_URL_EXPIRY_THRESHOLD_SECONDS) {
|
|
74
|
+
throw new Error(`AWS credentials expire in ${remaining}s — too soon to sign usable URLs. ` +
|
|
75
|
+
`Check your system clock or re-run the request.`);
|
|
76
|
+
}
|
|
77
|
+
const secondsToExpireGetUrl = Math.min(SECONDS_TO_EXPIRE_GET_URL, remaining);
|
|
78
|
+
const secondsToExpireDeleteUrl = Math.min(SECONDS_TO_EXPIRE_DELETE_URL, remaining);
|
|
54
79
|
const objectArgs = { Bucket: target.bucket, Key: target.key };
|
|
55
80
|
const [getUrl, deleteUrl] = yield Promise.all([
|
|
56
81
|
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.GetObjectCommand(objectArgs), {
|
|
57
|
-
expiresIn:
|
|
82
|
+
expiresIn: secondsToExpireGetUrl,
|
|
58
83
|
}),
|
|
59
84
|
(0, s3_request_presigner_1.getSignedUrl)(s3, new client_s3_1.DeleteObjectCommand(objectArgs), {
|
|
60
|
-
expiresIn:
|
|
85
|
+
expiresIn: secondsToExpireDeleteUrl,
|
|
61
86
|
}),
|
|
62
87
|
]);
|
|
63
88
|
return {
|
|
64
|
-
s3,
|
|
65
89
|
getUrl,
|
|
66
90
|
deleteUrl,
|
|
91
|
+
// Report the ACTUAL (capped) seconds so debug output is honest.
|
|
67
92
|
expirySeconds: {
|
|
68
|
-
get:
|
|
69
|
-
delete:
|
|
93
|
+
get: secondsToExpireGetUrl,
|
|
94
|
+
delete: secondsToExpireDeleteUrl,
|
|
70
95
|
},
|
|
71
96
|
};
|
|
72
97
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,2DAAwD;AAGxD,sCAA2C;AAG3C,kDAI4B;AAC5B,wEAA6D;AAC7D,mCAA8B;AAG9B,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/plugins/file-transfer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAWA,2DAAwD;AAGxD,sCAA2C;AAG3C,kDAI4B;AAC5B,wEAA6D;AAC7D,mCAA8B;AAG9B,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,4BAA4B,GAAG,EAAE,GAAG,EAAE,CAAC;AAC7C,MAAM,gCAAgC,GAAG,EAAE,CAAC;AAErC,MAAM,wBAAwB,GAAG,CACtC,KAAY,EACZ,IAAuD,EACvD,EAAE;IACF,MAAM,QAAQ,GAAG,MAAM,IAAA,iBAAO,EAAC,SAAS,CAAC,iCAIlC,IAAA,aAAI,EAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,KACxB,SAAS,EAAE;YACT,eAAe;YACf,SAAS;YACT,IAAI,CAAC,WAAW;YAChB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,EACD,IAAI,EAAE,IAAI,KAEZ,KAAK,EACL,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACjC,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,wCAAwC,CAAC;KAChD;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,yFAAyF,CAAC;KACjG;IAED,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,GAC9C,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAEvC,OAAO;QACL,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,YAAY;QACpB,MAAM,EAAE,YAAY;QACpB,OAAO;KACR,CAAC;AACJ,CAAC,CAAA,CAAC;AAvCW,QAAA,wBAAwB,4BAuCnC;AAEF;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,KAAY,EACZ,MAA8D,EAC9D,KAAe,EACL,EAAE,CACZ,IAAI,oBAAQ,CAAC;IACX,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,WAAW,EAAE,GAAS,EAAE;QACtB,MAAM,WAAW,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACrE,uBACE,WAAW,EAAE,WAAW,CAAC,iBAAiB,EAC1C,eAAe,EAAE,WAAW,CAAC,qBAAqB,EAClD,YAAY,EAAE,WAAW,CAAC,iBAAiB,IAIxC,CAAC,WAAW,CAAC,SAAS,KAAK,SAAS;YACrC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;YACjD,CAAC,CAAC,EAAE,CAAC,EACP;IACJ,CAAC,CAAA;CACF,CAAC,CAAC;AArBQ,QAAA,oBAAoB,wBAqB5B;AAEL;;;;;;;GAOG;AACI,MAAM,oBAAoB,GAAG,CAClC,KAAY,EACZ,EAAY,EACZ,MAA2E,EAC3E,KAAe,EAKd,EAAE;IACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAA,mBAAY,EAAC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvE,MAAM,SAAS,GACb,SAAS,KAAK,SAAS;QACrB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC;QAC7C,CAAC,CAAC,QAAQ,CAAC;IACf,IAAI,SAAS,GAAG,gCAAgC,EAAE;QAChD,MAAM,IAAI,KAAK,CACb,6BAA6B,SAAS,oCAAoC;YACxE,gDAAgD,CACnD,CAAC;KACH;IACD,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC;IAC7E,MAAM,wBAAwB,GAAG,IAAI,CAAC,GAAG,CACvC,4BAA4B,EAC5B,SAAS,CACV,CAAC;IAEF,MAAM,UAAU,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;IAC9D,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5C,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,4BAAgB,CAAC,UAAU,CAAC,EAAE;YACjD,SAAS,EAAE,qBAAqB;SACjC,CAAC;QACF,IAAA,mCAAY,EAAC,EAAE,EAAE,IAAI,+BAAmB,CAAC,UAAU,CAAC,EAAE;YACpD,SAAS,EAAE,wBAAwB;SACpC,CAAC;KACH,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,SAAS;QACT,gEAAgE;QAChE,aAAa,EAAE;YACb,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,wBAAwB;SACjC;KACF,CAAC;AACJ,CAAC,CAAA,CAAC;AA9CW,QAAA,oBAAoB,wBA8C/B"}
|
|
@@ -2,7 +2,5 @@ import { TokenResponse } from "../types/oidc";
|
|
|
2
2
|
import { OrgData } from "../types/org";
|
|
3
3
|
declare const loginPlugins: readonly ["google", "okta", "ping", "oidc-pkce", "microsoft", "azure-oidc", "google-oidc", "aws-oidc"];
|
|
4
4
|
export type LoginPluginType = (typeof loginPlugins)[number];
|
|
5
|
-
export declare const pluginLoginMap: Record<string, (org: OrgData
|
|
6
|
-
debug?: boolean;
|
|
7
|
-
}) => Promise<TokenResponse>>;
|
|
5
|
+
export declare const pluginLoginMap: Record<string, (org: OrgData) => Promise<TokenResponse>>;
|
|
8
6
|
export {};
|