npm - @p0security/cli - Versions diffs - 0.4.1 → 0.4.2 - Mend

@p0security/cli 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/commands/__tests__/ssh.test.js +13 -0
package/dist/commands/request.d.ts +2 -2
package/dist/commands/ssh.js +14 -2
package/dist/plugins/aws/ssm/index.js +1 -1
package/dist/plugins/aws/types.d.ts +5 -1
package/dist/types/request.d.ts +2 -1
package/package.json +1 -1

package/dist/commands/__tests__/ssh.test.js CHANGED Viewed

@@ -64,6 +64,19 @@ describe("ssh", () => {
                 id: "abcefg",
                 isPreexisting: false,
                 isPersistent,
+                event: {
+                    permission: {
+                        type: "session",
+                        spec: {
+                            resource: {
+                                arn: "arn:aws:ec2:us-west-2:391052057035:instance/i-0b1b7b7b7b7b7b7b7",
+                            },
+                        },
+                    },
+                    generated: {
+                        documentName: "documentName",
+                    },
+                },
             });
         });
         it("should call p0 request with reason arg", () => __awaiter(void 0, void 0, void 0, function* () {

package/dist/commands/request.d.ts CHANGED Viewed

@@ -4,9 +4,9 @@ import yargs from "yargs";
 export declare const requestCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<{
     arguments: string[];
 }>;
-export declare const request: (args: yargs.ArgumentsCamelCase<{
+export declare const request: <T>(args: yargs.ArgumentsCamelCase<{
     arguments: string[];
     wait?: boolean;
 }>, authn?: Authn, options?: {
     message?: "all" | "approval-required" | "none";
-}) => Promise<RequestResponse | undefined>;
+}) => Promise<RequestResponse<T> | undefined>;

package/dist/commands/ssh.js CHANGED Viewed

@@ -146,10 +146,22 @@ const ssh = (args) => __awaiter(void 0, void 0, void 0, function* () {
         (0, stdio_1.print2)("Did not receive access ID from server");
         return;
     }
-    const { id, isPreexisting } = response;
+    const { id, isPreexisting, event } = response;
     if (!isPreexisting)
         (0, stdio_1.print2)("Waiting for access to be provisioned");
+    /**
+     * TODO TECH-DEBT ENG-1813:
+     * We use the id and waitForProvisioning to find the permission request document which has
+     * critical data, such as the document name and generated role, that we need to build up a
+     * viable SSM request.
+     *
+     * Replacing the permission with event.permission is necessary when trying to connect to an
+     * instance which has been granted approval through it's group. The event.permission object
+     * will contain details about the specific instance we are trying to connect to such as the
+     * instance id. Without an instance id, which an SSH group permission request document does
+     * not contain we cannot construct a valid SSM command.
+     */
     const requestData = yield waitForProvisioning(authn, id);
-    const requestWithId = Object.assign(Object.assign({}, requestData), { id });
+    const requestWithId = Object.assign(Object.assign({}, requestData), { id, permission: event.permission });
     yield (0, ssm_1.ssm)(authn, requestWithId, args);
 });

package/dist/plugins/aws/ssm/index.js CHANGED Viewed

@@ -236,7 +236,7 @@ const ssm = (authn, request, args) => __awaiter(void 0, void 0, void 0, function
     const isInstalled = yield (0, install_1.ensureSsmInstall)();
     if (!isInstalled)
         throw "Please try again after installing the required AWS utilities";
-    const match = request.permission.spec.arn.match(INSTANCE_ARN_PATTERN);
+    const match = request.permission.spec.awsResourcePermission.resource.arn.match(INSTANCE_ARN_PATTERN);
     if (!match)
         throw "Did not receive a properly formatted instance identifier";
     const [, region, account, instance] = match;

package/dist/plugins/aws/types.d.ts CHANGED Viewed

@@ -43,7 +43,11 @@ export declare type AwsConfig = {
 export declare type AwsSsh = {
     permission: {
         spec: {
-            arn: string;
+            awsResourcePermission: {
+                resource: {
+                    arn: string;
+                };
+            };
         };
         type: "session";
     };

package/dist/types/request.d.ts CHANGED Viewed

@@ -26,10 +26,11 @@ export declare type Request<P extends PluginRequest = {
     permission: P["permission"];
     principal: string;
 };
-export declare type RequestResponse = {
+export declare type RequestResponse<T> = {
     ok: true;
     message: string;
     id: string;
+    event: T;
     isPreexisting: boolean;
     isPersistent: boolean;
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@p0security/cli",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "description": "Execute infra CLI commands with P0 grants",
   "main": "index.ts",
   "repository": {