@p0security/cli 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/commands/__tests__/ssh.test.js +4 -8
  2. package/dist/commands/index.js +0 -2
  3. package/dist/commands/ls.js +8 -6
  4. package/dist/commands/ssh.d.ts +1 -0
  5. package/dist/commands/ssh.js +9 -4
  6. package/dist/plugins/aws/__mocks__/assumeRole.js +1 -0
  7. package/dist/plugins/aws/assumeRole.js +1 -0
  8. package/dist/plugins/aws/types.d.ts +1 -0
  9. package/dist/plugins/ssh/types.d.ts +2 -6
  10. package/package.json +1 -1
package/dist/commands/__tests__/ssh.test.js CHANGED
@@ -40,14 +40,10 @@ const mockSsm = ssm_1.ssm;
40
40
  const mockPrint1 = stdio_1.print1;
41
41
  const mockPrint2 = stdio_1.print2;
42
42
  (0, firestore_1.mockGetDoc)({
43
- workflows: {
44
- items: [
45
- {
46
- state: "installed",
47
- type: "aws",
48
- identifier: "test-account",
49
- },
50
- ],
43
+ "iam-write": {
44
+ ["aws:test-account"]: {
45
+ state: "installed",
46
+ },
51
47
  },
52
48
  });
53
49
  mockSsm.mockResolvedValue({});
package/dist/commands/index.js CHANGED
@@ -21,7 +21,6 @@ const login_1 = require("./login");
21
21
  const ls_1 = require("./ls");
22
22
  const request_1 = require("./request");
23
23
  const ssh_1 = require("./ssh");
24
- const lodash_1 = require("lodash");
25
24
  const typescript_1 = require("typescript");
26
25
  const yargs_1 = __importDefault(require("yargs"));
27
26
  const helpers_1 = require("yargs/helpers");
@@ -36,7 +35,6 @@ exports.cli = commands
36
35
  .reduce((m, c) => c(m), (0, yargs_1.default)((0, helpers_1.hideBin)(process.argv)))
37
36
  .middleware(version_1.checkVersion)
38
37
  .strict()
39
- .version(lodash_1.VERSION)
40
38
  .demandCommand(1)
41
39
  .fail((message, error, yargs) => {
42
40
  if (error)
package/dist/commands/ls.js CHANGED
@@ -60,16 +60,18 @@ const ls = (args) => __awaiter(void 0, void 0, void 0, function* () {
60
60
  ? ` (use \`p0
61
61
  ${allArguments.join(" ")} <like>\` to narrow results)`
62
62
  : "";
63
- (0, stdio_1.print2)(`Showing${truncationPart} ${label}${postfixPart}:`);
64
- const isSameValue = data.items.every((i) => !i.group && i.key === i.value);
65
- const maxLength = (0, lodash_1.max)(data.items.map((i) => i.key.length)) || 0;
66
- for (const item of data.items) {
63
+ (0, stdio_1.print2)(`Showing${truncationPart} ${label}${postfixPart}. Resources labeled with * are already accessible to you:`);
64
+ const sortedItems = (0, lodash_1.orderBy)(data.items, "isPreexisting", "desc");
65
+ const isSameValue = sortedItems.every((i) => !i.group && i.key === i.value);
66
+ const maxLength = (0, lodash_1.max)(sortedItems.map((i) => i.key.length)) || 0;
67
+ for (const item of sortedItems) {
67
68
  const tagPart = `${item.group ? `${item.group} / ` : ""}${item.value}`;
68
- (0, stdio_1.print1)(isSameValue
69
+ const prefix = item.isPreexisting ? "* " : " ";
70
+ (0, stdio_1.print1)(`${prefix}${isSameValue
69
71
  ? item.key
70
72
  : maxLength > 30
71
73
  ? `${item.key}\n ${stdio_1.Ansi.Dim}${tagPart}${stdio_1.Ansi.Reset}`
72
- : `${item.key.padEnd(maxLength)}${stdio_1.Ansi.Dim} - ${tagPart}${stdio_1.Ansi.Reset}`);
74
+ : `${item.key.padEnd(maxLength)}${stdio_1.Ansi.Dim} - ${tagPart}${stdio_1.Ansi.Reset}`}`);
73
75
  }
74
76
  }
75
77
  else {
package/dist/commands/ssh.d.ts CHANGED
@@ -7,5 +7,6 @@ export declare type SshCommandArgs = {
7
7
  arguments: string[];
8
8
  sudo?: boolean;
9
9
  reason?: string;
10
+ account?: string;
10
11
  };
11
12
  export declare const sshCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<SshCommandArgs>;
package/dist/commands/ssh.js CHANGED
@@ -73,14 +73,18 @@ const sshCommand = (yargs) => yargs.command("ssh <destination> [command [argumen
73
73
  .option("reason", {
74
74
  describe: "Reason access is needed",
75
75
  type: "string",
76
+ })
77
+ .option("account", {
78
+ type: "string",
79
+ describe: "The account on which the instance is located",
76
80
  }), (0, firestore_1.guard)(ssh));
77
81
  exports.sshCommand = sshCommand;
78
82
  const validateSshInstall = (authn) => __awaiter(void 0, void 0, void 0, function* () {
79
- var _a, _b;
83
+ var _a;
80
84
  const configDoc = yield (0, firestore_2.getDoc)((0, firestore_1.doc)(`o/${authn.identity.org.tenantId}/integrations/ssh`));
81
- const items = (_b = (_a = configDoc
82
- .data()) === null || _a === void 0 ? void 0 : _a.workflows) === null || _b === void 0 ? void 0 : _b.items.filter((i) => i.state === "installed" && i.type === "aws");
83
- if (!(items === null || items === void 0 ? void 0 : items.length)) {
85
+ const configItems = (_a = configDoc.data()) === null || _a === void 0 ? void 0 : _a["iam-write"];
86
+ const items = Object.entries(configItems !== null && configItems !== void 0 ? configItems : {}).filter(([key, value]) => value.state == "installed" && key.startsWith("aws"));
87
+ if (items.length === 0) {
84
88
  throw "This organization is not configured for SSH access via the P0 CLI";
85
89
  }
86
90
  });
@@ -141,6 +145,7 @@ const ssh = (args) => __awaiter(void 0, void 0, void 0, function* () {
141
145
  "aws",
142
146
  ...(args.sudo || args.command === "sudo" ? ["--sudo"] : []),
143
147
  ...(args.reason ? ["--reason", args.reason] : []),
148
+ ...(args.account ? ["--account", args.account] : []),
144
149
  ], wait: true }), authn, { message: "approval-required" });
145
150
  if (!response) {
146
151
  (0, stdio_1.print2)("Did not receive access ID from server");
package/dist/plugins/aws/__mocks__/assumeRole.js CHANGED
@@ -15,6 +15,7 @@ const assumeRoleWithSaml = () => __awaiter(void 0, void 0, void 0, function* ()
15
15
  AWS_ACCESS_KEY_ID: "test-access-key-id",
16
16
  AWS_SECRET_ACCESS_KEY: "test-secret-access-key",
17
17
  AWS_SESSION_TOKEN: "test-session-token",
18
+ AWS_SECURITY_TOKEN: "test-session-token",
18
19
  });
19
20
  });
20
21
  exports.assumeRoleWithSaml = assumeRoleWithSaml;
package/dist/plugins/aws/assumeRole.js CHANGED
@@ -38,6 +38,7 @@ const stsAssume = (params) => __awaiter(void 0, void 0, void 0, function* () {
38
38
  AWS_ACCESS_KEY_ID: stsCredentials.AccessKeyId,
39
39
  AWS_SECRET_ACCESS_KEY: stsCredentials.SecretAccessKey,
40
40
  AWS_SESSION_TOKEN: stsCredentials.SessionToken,
41
+ AWS_SECURITY_TOKEN: stsCredentials.SessionToken,
41
42
  };
42
43
  });
43
44
  /** Assumes an AWS role via SAML login */
package/dist/plugins/aws/types.d.ts CHANGED
@@ -12,6 +12,7 @@ export declare type AwsCredentials = {
12
12
  AWS_ACCESS_KEY_ID: string;
13
13
  AWS_SECRET_ACCESS_KEY: string;
14
14
  AWS_SESSION_TOKEN: string;
15
+ AWS_SECURITY_TOKEN: string;
15
16
  };
16
17
  export declare type AwsIamLogin = {
17
18
  type: "iam";
package/dist/plugins/ssh/types.d.ts CHANGED
@@ -9,14 +9,10 @@ This file is part of @p0security/cli
9
9
  You should have received a copy of the GNU General Public License along with @p0security/cli. If not, see <https://www.gnu.org/licenses/>.
10
10
  **/
11
11
  declare type SshItemConfig = {
12
- alias?: string;
13
- identifier: string;
12
+ label?: string;
14
13
  state: string;
15
- type: "aws" | "gcloud";
16
14
  };
17
15
  export declare type SshConfig = {
18
- workflows?: {
19
- items: SshItemConfig[];
20
- };
16
+ "iam-write": Record<string, SshItemConfig>;
21
17
  };
22
18
  export {};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@p0security/cli",
3
- "version": "0.5.0",
3
+ "version": "0.5.2",
4
4
  "description": "Execute infra CLI commands with P0 grants",
5
5
  "main": "index.ts",
6
6
  "repository": {