@tigrisdata/cli 2.3.0 → 2.4.0

package/README.md

@@ -35,6 +35,8 @@ Run `tigris help` to see all available commands, or `tigris <command> help` for
 ### Resources
 
 - `tigris organizations` - Manage organizations
+- `tigris access-keys` - Manage access keys
+- `tigris credentials` - Manage and test credentials
 - `tigris buckets` - Manage buckets
 - `tigris forks` - Manage forks
 - `tigris snapshots` - Manage snapshots
@@ -236,6 +238,73 @@ tigris organizations create <name>
 tigris organizations select <name>
 ```
 
+### `access-keys` | `keys`
+
+Manage access keys
+
+| Command | Description |
+|---------|-------------|
+| `access-keys list` (l) | List all access keys |
+| `access-keys create` (c) | Create a new access key |
+| `access-keys delete` (d) | Delete an access key |
+| `access-keys get` (g) | Get details of an access key |
+| `access-keys assign` (a) | Assign bucket roles to an access key |
+
+#### `access-keys list`
+
+```
+tigris access-keys list
+```
+
+#### `access-keys create`
+
+```
+tigris access-keys create <name>
+```
+
+#### `access-keys delete`
+
+```
+tigris access-keys delete <id>
+```
+
+#### `access-keys get`
+
+```
+tigris access-keys get <id>
+```
+
+#### `access-keys assign`
+
+```
+tigris access-keys assign <id> [flags]
+```
+
+| Flag | Description |
+|------|-------------|
+| `-b, --bucket` | Bucket name (can specify multiple) |
+| `-r, --role` | Role to assign (can specify multiple to pair with buckets) |
+| `--admin` | Grant admin access to all buckets in the organization |
+| `--revoke-roles` | Revoke all bucket roles from the access key |
+
+### `credentials` | `creds`
+
+Manage and test credentials
+
+| Command | Description |
+|---------|-------------|
+| `credentials test` (t) | Test if credentials have access to Tigris (optionally to a specific bucket) |
+
+#### `credentials test`
+
+```
+tigris credentials test [flags]
+```
+
+| Flag | Description |
+|------|-------------|
+| `-b, --bucket` | Bucket name to test access against (optional) |
+
 ### Buckets
 
 Buckets are containers for objects. You can also create forks and snapshots of buckets.
@@ -250,6 +319,7 @@ Manage buckets
 | `buckets create` (c) | Create bucket |
 | `buckets get` (g) | Get bucket details |
 | `buckets delete` (d) | Delete bucket |
+| `buckets set` (s) | Update bucket settings |
 
 ##### `buckets list`
 
@@ -287,6 +357,22 @@ tigris buckets get <name>
 tigris buckets delete <name>
 ```
 
+##### `buckets set`
+
+```
+tigris buckets set <name> [flags]
+```
+
+| Flag | Description |
+|------|-------------|
+| `--access` | Bucket access level |
+| `--region` | Allowed regions (can specify multiple) |
+| `--allow-object-acl` | Enable object-level ACL |
+| `--disable-directory-listing` | Disable directory listing |
+| `--cache-control` | Default cache-control header value |
+| `--custom-domain` | Custom domain for the bucket |
+| `--enable-delete-protection` | Enable delete protection |
+
 #### `forks` | `f`
 
 Manage forks

package/dist/cli.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import{Command as E}from"commander";import{readFileSync as k,existsSync as q}from"fs";import{join as u,dirname as R}from"path";import{fileURLToPath as P}from"url";import*as C from"yaml";var b="2.3.0";process.on("unhandledRejection",e=>{(e===""||e===void 0)&&(console.error(`
+import{Command as E}from"commander";import{readFileSync as k,existsSync as q}from"fs";import{join as u,dirname as R}from"path";import{fileURLToPath as P}from"url";import*as C from"yaml";var b="2.4.0";process.on("unhandledRejection",e=>{(e===""||e===void 0)&&(console.error(`
 Operation cancelled`),process.exit(1)),console.error(`
 Error:`,e instanceof Error?e.message:e),process.exit(1)});process.on("uncaughtException",e=>{console.error(`
 Error:`,e.message),process.exit(1)});var D=P(import.meta.url),p=R(D),V=u(p,"specs.yaml"),M=k(V,"utf8"),l=C.parse(M);function y(e,t){return(t?[u(p,"lib",e,`${t}.js`),u(p,"lib",e,t,"index.js")]:[u(p,"lib",`${e}.js`),u(p,"lib",e,"index.js")]).some(i=>q(i))}function A(e){let t;e.type==="positional"?t=`  ${e.name}`:(t=`  --${e.name}`,e.alias&&e.alias.length===1&&(t+=`, -${e.alias}`));let n=26,i=t.length>=n?t+"  ":t.padEnd(n),s=e.description;return e.options&&(Array.isArray(e.options)&&typeof e.options[0]=="string"?s+=` (options: ${e.options.join(", ")})`:s+=` (options: ${e.options.map(o=>o.value).join(", ")})`),e.default&&(s+=` [default: ${e.default}]`),e.required&&(s+=" [required]"),e["required-when"]&&(s+=` [required when: ${e["required-when"]}]`),e.multiple&&(s+=" [multiple values: comma-separated]"),e.type==="positional"&&(s+=" [positional argument]"),e.examples&&e.examples.length>0&&(s+=` (examples: ${e.examples.join(", ")})`),`${i}${s}`}function w(e){if(console.log(`

package/dist/index.js

@@ -1,4 +1,4 @@
-import{Command as E}from"commander";import{readFileSync as k,existsSync as q}from"fs";import{join as u,dirname as R}from"path";import{fileURLToPath as P}from"url";import*as C from"yaml";var b="2.3.0";process.on("unhandledRejection",e=>{(e===""||e===void 0)&&(console.error(`
+import{Command as E}from"commander";import{readFileSync as k,existsSync as q}from"fs";import{join as u,dirname as R}from"path";import{fileURLToPath as P}from"url";import*as C from"yaml";var b="2.4.0";process.on("unhandledRejection",e=>{(e===""||e===void 0)&&(console.error(`
 Operation cancelled`),process.exit(1)),console.error(`
 Error:`,e instanceof Error?e.message:e),process.exit(1)});process.on("uncaughtException",e=>{console.error(`
 Error:`,e.message),process.exit(1)});var D=P(import.meta.url),p=R(D),V=u(p,"specs.yaml"),M=k(V,"utf8"),l=C.parse(M);function y(e,t){return(t?[u(p,"lib",e,`${t}.js`),u(p,"lib",e,t,"index.js")]:[u(p,"lib",`${e}.js`),u(p,"lib",e,"index.js")]).some(i=>q(i))}function A(e){let t;e.type==="positional"?t=`  ${e.name}`:(t=`  --${e.name}`,e.alias&&e.alias.length===1&&(t+=`, -${e.alias}`));let n=26,i=t.length>=n?t+"  ":t.padEnd(n),s=e.description;return e.options&&(Array.isArray(e.options)&&typeof e.options[0]=="string"?s+=` (options: ${e.options.join(", ")})`:s+=` (options: ${e.options.map(o=>o.value).join(", ")})`),e.default&&(s+=` [default: ${e.default}]`),e.required&&(s+=" [required]"),e["required-when"]&&(s+=` [required when: ${e["required-when"]}]`),e.multiple&&(s+=" [multiple values: comma-separated]"),e.type==="positional"&&(s+=" [positional argument]"),e.examples&&e.examples.length>0&&(s+=` (examples: ${e.examples.join(", ")})`),`${i}${s}`}function w(e){if(console.log(`

package/dist/lib/access-keys/assign.js

@@ -0,0 +1,3 @@
+function u(t,e,n){for(let o of e)if(t[o]!==void 0)return t[o];return n}import{S3Client as Ne}from"@aws-sdk/client-s3";import{homedir as ee}from"os";import{join as N}from"path";import{readFileSync as te,writeFileSync as ne,existsSync as R,mkdirSync as oe}from"fs";import{chmod as ie}from"fs/promises";var k=N(ee(),".tigris"),m=N(k,"config.json");function re(){R(k)||oe(k,{recursive:!0,mode:448})}function g(){if(R(m))try{let t=te(m,"utf8");return JSON.parse(t)}catch{return{}}return{}}async function h(t){re(),ne(m,JSON.stringify(t,null,2),{mode:384});try{await ie(m,384)}catch{}}async function w(t){let e=g();e.tokens=t,await h(e)}async function f(){return g().tokens||null}async function x(){let t=g();delete t.tokens,await h(t)}async function z(t){let e=g();e.organizations=t,await h(e)}function D(){return g().organizations||[]}function A(){return g().selectedOrganization||null}async function $(t){let e=g();e.loginMethod=t,await h(e)}function L(){return g().loginMethod||null}import T from"axios";import se from"open";function y(){return{domain:process.env.AUTH0_DOMAIN||"auth.tigris.dev",clientId:process.env.AUTH0_CLIENT_ID||"DMejqeM3CQ4IqTjEcd3oA9eEiT40hn8D",audience:process.env.AUTH0_AUDIENCE||"https://tigris-os-api"}}var K=process.env.TIGRIS_CLAIMS_NAMESPACE||"https://tigris";function C(){return{endpoint:process.env.TIGRIS_STORAGE_ENDPOINT||"https://t3.storage.dev",iamEndpoint:process.env.TIGRIS_IAM_ENDPOINT||"https://iam.storageapi.dev"}}var v=class{config;baseUrl;constructor(){this.config=y(),this.baseUrl=`https://${this.config.domain}`}async login(e){let o=(await T.post(`${this.baseUrl}/oauth/device/code`,{client_id:this.config.clientId,audience:this.config.audience,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data;e?.onDeviceCode?.(o.user_code,o.verification_uri),await this.sleep(2e3);try{await se(o.verification_uri_complete)}catch{}e?.onWaiting?.();let i=await this.pollForToken(o.device_code,o.interval||5);await w(i),$("oauth"),await this.extractAndStoreOrganizations(i.idToken)}async pollForToken(e,n){let i=0;for(;i<60;){i++;try{let c=(await T.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,device_code:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,s=Date.now()+(c.expires_in||3600)*1e3;return{accessToken:c.access_token,refreshToken:c.refresh_token,idToken:c.id_token,expiresAt:s}}catch(r){if(T.isAxiosError(r)&&r.response){let c=r.response.data?.error;if(c==="authorization_pending"){await this.sleep(n*1e3);continue}if(c==="slow_down"){n+=5,await this.sleep(n*1e3);continue}throw new Error(r.response.data?.error_description||"Authentication failed")}throw r}}throw new Error("Authentication timed out. Please try again.")}async getAccessToken(){let e=await f();if(!e)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');let n=300*1e3;return Date.now()+n>=e.expiresAt&&(e=await this.refreshAccessToken(e)),e.accessToken}async refreshAccessToken(e){let n=null;if(e?.refreshToken?n=e:n=await f(),!n)throw new Error('No refresh token available. Please run "tigris login" to re-authenticate.');try{let i=(await T.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,grant_type:"refresh_token",refresh_token:n.refreshToken,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,r={accessToken:i.access_token,refreshToken:i.refresh_token||n.refreshToken,idToken:i.id_token||n.idToken,expiresAt:Date.now()+(i.expires_in||3600)*1e3};return await w(r),r}catch{throw await x(),new Error('Token refresh failed. Please run "tigris login" to re-authenticate.')}}async getIdTokenClaims(){let e=await f();if(!e||!e.idToken)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');try{let n=e.idToken.split(".")[1],o=Buffer.from(n,"base64").toString("utf8");return JSON.parse(o)}catch{throw new Error("Failed to decode ID token")}}async extractAndStoreOrganizations(e){if(e)try{let n=e.split(".")[1],o=Buffer.from(n,"base64").toString("utf8"),r=JSON.parse(o)[K];if(!r)return;let c=r?.ns?.map(s=>typeof s=="object"&&s!==null?{id:s.id,name:s.name,displayName:s.name}:{id:s,name:s,displayName:s})||[];if(c.length===0)return;z(c)}catch{}}async getOrganizations(){return await this.getAccessToken(),D()}async logout(){await x()}async isAuthenticated(){return await f()!==null}sleep(e){return new Promise(n=>setTimeout(n,e))}},S=null;function _(){return S||(S=new v),S}var $e=C(),Le=y();async function F(){return L()}import{assignBucketRoles as me,revokeAllBucketRoles as he}from"@tigrisdata/iam";import{readFileSync as ae,existsSync as ce}from"fs";import{join as j,dirname as de}from"path";import{fileURLToPath as le}from"url";import*as U from"yaml";var ge=le(import.meta.url),ue=de(ge),I=null;function fe(){let t=ue;for(let e=0;e<5;e++){let n=j(t,"specs.yaml");if(ce(n))return n;t=j(t,"..")}throw new Error("Could not find specs.yaml")}function pe(){if(!I){let t=fe(),e=ae(t,"utf8");I=U.parse(e)}return I}function q(t,e){let o=pe().commands.find(i=>i.name===t);return o?e&&o.operations?o.operations.find(i=>i.name===e)||null:o:null}var V={success:"\u2714",failure:"\u2716",hint:"\u2192"};function G(){return process.stdout.isTTY===!0}function M(t){let e=q(t.command,t.operation);if(e)return e.messages}function O(t,e){let n=t;return n=n.replace(/\\n/g,`
+`),e&&(n=n.replace(/\{\{(\w+)\}\}/g,(o,i)=>{let r=e[i];return r!==void 0?String(r):`{{${i}}}`})),n}function B(t,e){if(!G())return;let n=M(t);n?.onStart&&console.log(O(n.onStart,e))}function b(t,e){if(!G())return;let n=M(t);n?.onSuccess&&console.log(`${V.success} ${O(n.onSuccess,e)}`)}function d(t,e,n){let o=M(t);o?.onFailure&&console.error(`${V.failure} ${O(o.onFailure,n)}`),e&&console.error(`  ${e}`)}function H(t,e){return{command:t,operation:e}}var a=H("access-keys","assign"),J=["Editor","ReadOnly","NamespaceAdmin"];function Y(t){return t?Array.isArray(t)?t:[t]:[]}async function ye(t){B(a);let e=u(t,["id"]),n=u(t,["admin"]),o=u(t,["revokeRoles","revoke-roles"]),i=Y(u(t,["bucket","b"])),r=Y(u(t,["role","r"]));e||(d(a,"Access key ID is required"),process.exit(1)),n&&o&&(d(a,"Cannot use --admin and --revoke-roles together"),process.exit(1)),await F()!=="oauth"&&(d(a,`Bucket roles can only be managed when logged in via OAuth.
+Run "tigris login oauth" first.`),process.exit(1));let s=_();await s.isAuthenticated()||(d(a,'Not authenticated. Run "tigris login oauth" first.'),process.exit(1));let W=await s.getAccessToken(),Q=A(),X=C(),P={sessionToken:W,organizationId:Q??void 0,iamEndpoint:X.iamEndpoint};if(o){let{error:l}=await he(e,{config:P});l&&(d(a,l.message),process.exit(1)),b(a);return}let p;if(n)p=[{bucket:"*",role:"NamespaceAdmin"}];else{i.length===0&&(d(a,"At least one bucket name is required (or use --admin or --revoke-roles)"),process.exit(1)),r.length===0&&(d(a,"At least one role is required (or use --admin or --revoke-roles)"),process.exit(1));for(let l of r)J.includes(l)||(d(a,`Invalid role "${l}". Valid roles are: ${J.join(", ")}`),process.exit(1));r.length===1?p=i.map(l=>({bucket:l,role:r[0]})):r.length===i.length?p=i.map((l,Z)=>({bucket:l,role:r[Z]})):(d(a,`Number of roles (${r.length}) must be 1 or match number of buckets (${i.length})`),process.exit(1))}let{error:E}=await me(e,p,{config:P});E&&(d(a,E.message),process.exit(1)),b(a)}export{ye as default};

package/dist/lib/access-keys/create.js

@@ -0,0 +1,3 @@
+function O(t,e,n){for(let o of e)if(t[o]!==void 0)return t[o];return n}import{S3Client as Se}from"@aws-sdk/client-s3";import{homedir as H}from"os";import{join as P}from"path";import{readFileSync as B,writeFileSync as J,existsSync as E,mkdirSync as Y}from"fs";import{chmod as W}from"fs/promises";var C=P(H(),".tigris"),u=P(C,"config.json");function Q(){E(C)||Y(C,{recursive:!0,mode:448})}function c(){if(E(u))try{let t=B(u,"utf8");return JSON.parse(t)}catch{return{}}return{}}async function f(t){Q(),J(u,JSON.stringify(t,null,2),{mode:384});try{await W(u,384)}catch{}}async function T(t){let e=c();e.tokens=t,await f(e)}async function d(){return c().tokens||null}async function w(){let t=c();delete t.tokens,await f(t)}async function b(t){let e=c();e.organizations=t,await f(e)}function N(){return c().organizations||[]}function k(){return c().selectedOrganization||null}async function z(t){let e=c();e.loginMethod=t,await f(e)}function D(){return c().loginMethod||null}import h from"axios";import X from"open";function p(){return{domain:process.env.AUTH0_DOMAIN||"auth.tigris.dev",clientId:process.env.AUTH0_CLIENT_ID||"DMejqeM3CQ4IqTjEcd3oA9eEiT40hn8D",audience:process.env.AUTH0_AUDIENCE||"https://tigris-os-api"}}var R=process.env.TIGRIS_CLAIMS_NAMESPACE||"https://tigris";function m(){return{endpoint:process.env.TIGRIS_STORAGE_ENDPOINT||"https://t3.storage.dev",iamEndpoint:process.env.TIGRIS_IAM_ENDPOINT||"https://iam.storageapi.dev"}}var S=class{config;baseUrl;constructor(){this.config=p(),this.baseUrl=`https://${this.config.domain}`}async login(e){let o=(await h.post(`${this.baseUrl}/oauth/device/code`,{client_id:this.config.clientId,audience:this.config.audience,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data;e?.onDeviceCode?.(o.user_code,o.verification_uri),await this.sleep(2e3);try{await X(o.verification_uri_complete)}catch{}e?.onWaiting?.();let i=await this.pollForToken(o.device_code,o.interval||5);await T(i),z("oauth"),await this.extractAndStoreOrganizations(i.idToken)}async pollForToken(e,n){let i=0;for(;i<60;){i++;try{let s=(await h.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,device_code:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,a=Date.now()+(s.expires_in||3600)*1e3;return{accessToken:s.access_token,refreshToken:s.refresh_token,idToken:s.id_token,expiresAt:a}}catch(r){if(h.isAxiosError(r)&&r.response){let s=r.response.data?.error;if(s==="authorization_pending"){await this.sleep(n*1e3);continue}if(s==="slow_down"){n+=5,await this.sleep(n*1e3);continue}throw new Error(r.response.data?.error_description||"Authentication failed")}throw r}}throw new Error("Authentication timed out. Please try again.")}async getAccessToken(){let e=await d();if(!e)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');let n=300*1e3;return Date.now()+n>=e.expiresAt&&(e=await this.refreshAccessToken(e)),e.accessToken}async refreshAccessToken(e){let n=null;if(e?.refreshToken?n=e:n=await d(),!n)throw new Error('No refresh token available. Please run "tigris login" to re-authenticate.');try{let i=(await h.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,grant_type:"refresh_token",refresh_token:n.refreshToken,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,r={accessToken:i.access_token,refreshToken:i.refresh_token||n.refreshToken,idToken:i.id_token||n.idToken,expiresAt:Date.now()+(i.expires_in||3600)*1e3};return await T(r),r}catch{throw await w(),new Error('Token refresh failed. Please run "tigris login" to re-authenticate.')}}async getIdTokenClaims(){let e=await d();if(!e||!e.idToken)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');try{let n=e.idToken.split(".")[1],o=Buffer.from(n,"base64").toString("utf8");return JSON.parse(o)}catch{throw new Error("Failed to decode ID token")}}async extractAndStoreOrganizations(e){if(e)try{let n=e.split(".")[1],o=Buffer.from(n,"base64").toString("utf8"),r=JSON.parse(o)[R];if(!r)return;let s=r?.ns?.map(a=>typeof a=="object"&&a!==null?{id:a.id,name:a.name,displayName:a.name}:{id:a,name:a,displayName:a})||[];if(s.length===0)return;b(s)}catch{}}async getOrganizations(){return await this.getAccessToken(),N()}async logout(){await w()}async isAuthenticated(){return await d()!==null}sleep(e){return new Promise(n=>setTimeout(n,e))}},A=null;function x(){return A||(A=new S),A}var Ie=m(),Me=p();async function K(){return D()}import{createAccessKey as ae}from"@tigrisdata/iam";import{readFileSync as Z,existsSync as ee}from"fs";import{join as L,dirname as te}from"path";import{fileURLToPath as ne}from"url";import*as $ from"yaml";var oe=ne(import.meta.url),ie=te(oe),v=null;function re(){let t=ie;for(let e=0;e<5;e++){let n=L(t,"specs.yaml");if(ee(n))return n;t=L(t,"..")}throw new Error("Could not find specs.yaml")}function se(){if(!v){let t=re(),e=Z(t,"utf8");v=$.parse(e)}return v}function F(t,e){let o=se().commands.find(i=>i.name===t);return o?e&&o.operations?o.operations.find(i=>i.name===e)||null:o:null}var j={success:"\u2714",failure:"\u2716",hint:"\u2192"};function U(){return process.stdout.isTTY===!0}function _(t){let e=F(t.command,t.operation);if(e)return e.messages}function I(t,e){let n=t;return n=n.replace(/\\n/g,`
+`),e&&(n=n.replace(/\{\{(\w+)\}\}/g,(o,i)=>{let r=e[i];return r!==void 0?String(r):`{{${i}}}`})),n}function G(t,e){if(!U())return;let n=_(t);n?.onStart&&console.log(I(n.onStart,e))}function V(t,e){if(!U())return;let n=_(t);n?.onSuccess&&console.log(`${j.success} ${I(n.onSuccess,e)}`)}function l(t,e,n){let o=_(t);o?.onFailure&&console.error(`${j.failure} ${I(o.onFailure,n)}`),e&&console.error(`  ${e}`)}function q(t,e){return{command:t,operation:e}}var g=q("access-keys","create");async function ce(t){G(g);let e=O(t,["name"]);e||(l(g,"Access key name is required"),process.exit(1)),await K()!=="oauth"&&(l(g,`Access keys can only be created when logged in via OAuth.
+Run "tigris login oauth" first.`),process.exit(1));let o=x();await o.isAuthenticated()||(l(g,'Not authenticated. Run "tigris login oauth" first.'),process.exit(1));let r=await o.getAccessToken(),s=k(),a=m(),{data:y,error:M}=await ae(e,{config:{sessionToken:r,organizationId:s??void 0,iamEndpoint:a.iamEndpoint}});M&&(l(g,M.message),process.exit(1)),console.log(`  Name: ${y.name}`),console.log(`  Access Key ID: ${y.id}`),console.log(`  Secret Access Key: ${y.secret}`),console.log(""),console.log("  Save these credentials securely. The secret will not be shown again."),V(g)}export{ce as default};

package/dist/lib/access-keys/delete.js

@@ -0,0 +1,3 @@
+function M(t,e,n){for(let o of e)if(t[o]!==void 0)return t[o];return n}import{S3Client as xe}from"@aws-sdk/client-s3";import{homedir as q}from"os";import{join as O}from"path";import{readFileSync as H,writeFileSync as B,existsSync as P,mkdirSync as J}from"fs";import{chmod as Y}from"fs/promises";var y=O(q(),".tigris"),u=O(y,"config.json");function W(){P(y)||J(y,{recursive:!0,mode:448})}function c(){if(P(u))try{let t=H(u,"utf8");return JSON.parse(t)}catch{return{}}return{}}async function f(t){W(),B(u,JSON.stringify(t,null,2),{mode:384});try{await Y(u,384)}catch{}}async function C(t){let e=c();e.tokens=t,await f(e)}async function g(){return c().tokens||null}async function T(){let t=c();delete t.tokens,await f(t)}async function E(t){let e=c();e.organizations=t,await f(e)}function b(){return c().organizations||[]}function w(){return c().selectedOrganization||null}async function N(t){let e=c();e.loginMethod=t,await f(e)}function z(){return c().loginMethod||null}import h from"axios";import Q from"open";function p(){return{domain:process.env.AUTH0_DOMAIN||"auth.tigris.dev",clientId:process.env.AUTH0_CLIENT_ID||"DMejqeM3CQ4IqTjEcd3oA9eEiT40hn8D",audience:process.env.AUTH0_AUDIENCE||"https://tigris-os-api"}}var D=process.env.TIGRIS_CLAIMS_NAMESPACE||"https://tigris";function m(){return{endpoint:process.env.TIGRIS_STORAGE_ENDPOINT||"https://t3.storage.dev",iamEndpoint:process.env.TIGRIS_IAM_ENDPOINT||"https://iam.storageapi.dev"}}var x=class{config;baseUrl;constructor(){this.config=p(),this.baseUrl=`https://${this.config.domain}`}async login(e){let o=(await h.post(`${this.baseUrl}/oauth/device/code`,{client_id:this.config.clientId,audience:this.config.audience,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data;e?.onDeviceCode?.(o.user_code,o.verification_uri),await this.sleep(2e3);try{await Q(o.verification_uri_complete)}catch{}e?.onWaiting?.();let i=await this.pollForToken(o.device_code,o.interval||5);await C(i),N("oauth"),await this.extractAndStoreOrganizations(i.idToken)}async pollForToken(e,n){let i=0;for(;i<60;){i++;try{let s=(await h.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,device_code:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,a=Date.now()+(s.expires_in||3600)*1e3;return{accessToken:s.access_token,refreshToken:s.refresh_token,idToken:s.id_token,expiresAt:a}}catch(r){if(h.isAxiosError(r)&&r.response){let s=r.response.data?.error;if(s==="authorization_pending"){await this.sleep(n*1e3);continue}if(s==="slow_down"){n+=5,await this.sleep(n*1e3);continue}throw new Error(r.response.data?.error_description||"Authentication failed")}throw r}}throw new Error("Authentication timed out. Please try again.")}async getAccessToken(){let e=await g();if(!e)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');let n=300*1e3;return Date.now()+n>=e.expiresAt&&(e=await this.refreshAccessToken(e)),e.accessToken}async refreshAccessToken(e){let n=null;if(e?.refreshToken?n=e:n=await g(),!n)throw new Error('No refresh token available. Please run "tigris login" to re-authenticate.');try{let i=(await h.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,grant_type:"refresh_token",refresh_token:n.refreshToken,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,r={accessToken:i.access_token,refreshToken:i.refresh_token||n.refreshToken,idToken:i.id_token||n.idToken,expiresAt:Date.now()+(i.expires_in||3600)*1e3};return await C(r),r}catch{throw await T(),new Error('Token refresh failed. Please run "tigris login" to re-authenticate.')}}async getIdTokenClaims(){let e=await g();if(!e||!e.idToken)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');try{let n=e.idToken.split(".")[1],o=Buffer.from(n,"base64").toString("utf8");return JSON.parse(o)}catch{throw new Error("Failed to decode ID token")}}async extractAndStoreOrganizations(e){if(e)try{let n=e.split(".")[1],o=Buffer.from(n,"base64").toString("utf8"),r=JSON.parse(o)[D];if(!r)return;let s=r?.ns?.map(a=>typeof a=="object"&&a!==null?{id:a.id,name:a.name,displayName:a.name}:{id:a,name:a,displayName:a})||[];if(s.length===0)return;E(s)}catch{}}async getOrganizations(){return await this.getAccessToken(),b()}async logout(){await T()}async isAuthenticated(){return await g()!==null}sleep(e){return new Promise(n=>setTimeout(n,e))}},k=null;function A(){return k||(k=new x),k}var _e=m(),Ie=p();async function R(){return z()}import{removeAccessKey as se}from"@tigrisdata/iam";import{readFileSync as X,existsSync as Z}from"fs";import{join as K,dirname as ee}from"path";import{fileURLToPath as te}from"url";import*as L from"yaml";var ne=te(import.meta.url),oe=ee(ne),S=null;function ie(){let t=oe;for(let e=0;e<5;e++){let n=K(t,"specs.yaml");if(Z(n))return n;t=K(t,"..")}throw new Error("Could not find specs.yaml")}function re(){if(!S){let t=ie(),e=X(t,"utf8");S=L.parse(e)}return S}function $(t,e){let o=re().commands.find(i=>i.name===t);return o?e&&o.operations?o.operations.find(i=>i.name===e)||null:o:null}var F={success:"\u2714",failure:"\u2716",hint:"\u2192"};function j(){return process.stdout.isTTY===!0}function v(t){let e=$(t.command,t.operation);if(e)return e.messages}function _(t,e){let n=t;return n=n.replace(/\\n/g,`
+`),e&&(n=n.replace(/\{\{(\w+)\}\}/g,(o,i)=>{let r=e[i];return r!==void 0?String(r):`{{${i}}}`})),n}function U(t,e){if(!j())return;let n=v(t);n?.onStart&&console.log(_(n.onStart,e))}function G(t,e){if(!j())return;let n=v(t);n?.onSuccess&&console.log(`${F.success} ${_(n.onSuccess,e)}`)}function l(t,e,n){let o=v(t);o?.onFailure&&console.error(`${F.failure} ${_(o.onFailure,n)}`),e&&console.error(`  ${e}`)}function V(t,e){return{command:t,operation:e}}var d=V("access-keys","delete");async function ae(t){U(d);let e=M(t,["id"]);e||(l(d,"Access key ID is required"),process.exit(1)),await R()!=="oauth"&&(l(d,`Access keys can only be deleted when logged in via OAuth.
+Run "tigris login oauth" first.`),process.exit(1));let o=A();await o.isAuthenticated()||(l(d,'Not authenticated. Run "tigris login oauth" first.'),process.exit(1));let r=await o.getAccessToken(),s=w(),a=m(),{error:I}=await se(e,{config:{sessionToken:r,organizationId:s??void 0,iamEndpoint:a.iamEndpoint}});I&&(l(d,I.message),process.exit(1)),G(d)}export{ae as default};

package/dist/lib/access-keys/get.js

@@ -0,0 +1,3 @@
+function P(t,e,n){for(let o of e)if(t[o]!==void 0)return t[o];return n}import{S3Client as Se}from"@aws-sdk/client-s3";import{homedir as B}from"os";import{join as E}from"path";import{readFileSync as J,writeFileSync as Y,existsSync as b,mkdirSync as W}from"fs";import{chmod as Q}from"fs/promises";var C=E(B(),".tigris"),f=E(C,"config.json");function X(){b(C)||W(C,{recursive:!0,mode:448})}function g(){if(b(f))try{let t=J(f,"utf8");return JSON.parse(t)}catch{return{}}return{}}async function p(t){X(),Y(f,JSON.stringify(t,null,2),{mode:384});try{await Q(f,384)}catch{}}async function T(t){let e=g();e.tokens=t,await p(e)}async function l(){return g().tokens||null}async function w(){let t=g();delete t.tokens,await p(t)}async function N(t){let e=g();e.organizations=t,await p(e)}function z(){return g().organizations||[]}function k(){return g().selectedOrganization||null}async function D(t){let e=g();e.loginMethod=t,await p(e)}function R(){return g().loginMethod||null}import y from"axios";import Z from"open";function m(){return{domain:process.env.AUTH0_DOMAIN||"auth.tigris.dev",clientId:process.env.AUTH0_CLIENT_ID||"DMejqeM3CQ4IqTjEcd3oA9eEiT40hn8D",audience:process.env.AUTH0_AUDIENCE||"https://tigris-os-api"}}var $=process.env.TIGRIS_CLAIMS_NAMESPACE||"https://tigris";function h(){return{endpoint:process.env.TIGRIS_STORAGE_ENDPOINT||"https://t3.storage.dev",iamEndpoint:process.env.TIGRIS_IAM_ENDPOINT||"https://iam.storageapi.dev"}}var A=class{config;baseUrl;constructor(){this.config=m(),this.baseUrl=`https://${this.config.domain}`}async login(e){let o=(await y.post(`${this.baseUrl}/oauth/device/code`,{client_id:this.config.clientId,audience:this.config.audience,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data;e?.onDeviceCode?.(o.user_code,o.verification_uri),await this.sleep(2e3);try{await Z(o.verification_uri_complete)}catch{}e?.onWaiting?.();let i=await this.pollForToken(o.device_code,o.interval||5);await T(i),D("oauth"),await this.extractAndStoreOrganizations(i.idToken)}async pollForToken(e,n){let i=0;for(;i<60;){i++;try{let s=(await y.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,device_code:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,a=Date.now()+(s.expires_in||3600)*1e3;return{accessToken:s.access_token,refreshToken:s.refresh_token,idToken:s.id_token,expiresAt:a}}catch(r){if(y.isAxiosError(r)&&r.response){let s=r.response.data?.error;if(s==="authorization_pending"){await this.sleep(n*1e3);continue}if(s==="slow_down"){n+=5,await this.sleep(n*1e3);continue}throw new Error(r.response.data?.error_description||"Authentication failed")}throw r}}throw new Error("Authentication timed out. Please try again.")}async getAccessToken(){let e=await l();if(!e)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');let n=300*1e3;return Date.now()+n>=e.expiresAt&&(e=await this.refreshAccessToken(e)),e.accessToken}async refreshAccessToken(e){let n=null;if(e?.refreshToken?n=e:n=await l(),!n)throw new Error('No refresh token available. Please run "tigris login" to re-authenticate.');try{let i=(await y.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,grant_type:"refresh_token",refresh_token:n.refreshToken,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,r={accessToken:i.access_token,refreshToken:i.refresh_token||n.refreshToken,idToken:i.id_token||n.idToken,expiresAt:Date.now()+(i.expires_in||3600)*1e3};return await T(r),r}catch{throw await w(),new Error('Token refresh failed. Please run "tigris login" to re-authenticate.')}}async getIdTokenClaims(){let e=await l();if(!e||!e.idToken)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');try{let n=e.idToken.split(".")[1],o=Buffer.from(n,"base64").toString("utf8");return JSON.parse(o)}catch{throw new Error("Failed to decode ID token")}}async extractAndStoreOrganizations(e){if(e)try{let n=e.split(".")[1],o=Buffer.from(n,"base64").toString("utf8"),r=JSON.parse(o)[$];if(!r)return;let s=r?.ns?.map(a=>typeof a=="object"&&a!==null?{id:a.id,name:a.name,displayName:a.name}:{id:a,name:a,displayName:a})||[];if(s.length===0)return;N(s)}catch{}}async getOrganizations(){return await this.getAccessToken(),z()}async logout(){await w()}async isAuthenticated(){return await l()!==null}sleep(e){return new Promise(n=>setTimeout(n,e))}},x=null;function S(){return x||(x=new A),x}var Me=h(),Oe=m();async function K(){return R()}import{getAccessKey as ce}from"@tigrisdata/iam";import{readFileSync as ee,existsSync as te}from"fs";import{join as L,dirname as ne}from"path";import{fileURLToPath as oe}from"url";import*as F from"yaml";var ie=oe(import.meta.url),re=ne(ie),v=null;function se(){let t=re;for(let e=0;e<5;e++){let n=L(t,"specs.yaml");if(te(n))return n;t=L(t,"..")}throw new Error("Could not find specs.yaml")}function ae(){if(!v){let t=se(),e=ee(t,"utf8");v=F.parse(e)}return v}function j(t,e){let o=ae().commands.find(i=>i.name===t);return o?e&&o.operations?o.operations.find(i=>i.name===e)||null:o:null}var U={success:"\u2714",failure:"\u2716",hint:"\u2192"};function G(){return process.stdout.isTTY===!0}function _(t){let e=j(t.command,t.operation);if(e)return e.messages}function I(t,e){let n=t;return n=n.replace(/\\n/g,`
+`),e&&(n=n.replace(/\{\{(\w+)\}\}/g,(o,i)=>{let r=e[i];return r!==void 0?String(r):`{{${i}}}`})),n}function V(t,e){if(!G())return;let n=_(t);n?.onStart&&console.log(I(n.onStart,e))}function q(t,e){if(!G())return;let n=_(t);n?.onSuccess&&console.log(`${U.success} ${I(n.onSuccess,e)}`)}function u(t,e,n){let o=_(t);o?.onFailure&&console.error(`${U.failure} ${I(o.onFailure,n)}`),e&&console.error(`  ${e}`)}function H(t,e){return{command:t,operation:e}}var d=H("access-keys","get");async function ge(t){V(d);let e=P(t,["id"]);e||(u(d,"Access key ID is required"),process.exit(1)),await K()!=="oauth"&&(u(d,`Access keys can only be retrieved when logged in via OAuth.
+Run "tigris login oauth" first.`),process.exit(1));let o=S();await o.isAuthenticated()||(u(d,'Not authenticated. Run "tigris login oauth" first.'),process.exit(1));let r=await o.getAccessToken(),s=k(),a=h(),{data:c,error:M}=await ce(e,{config:{sessionToken:r,organizationId:s??void 0,iamEndpoint:a.iamEndpoint}});if(M&&(u(d,M.message),process.exit(1)),console.log(`  Name: ${c.name}`),console.log(`  ID: ${c.id}`),console.log(`  Status: ${c.status}`),console.log(`  Created: ${c.createdAt}`),console.log(`  Organization: ${c.organizationId}`),c.roles&&c.roles.length>0){console.log("  Roles:");for(let O of c.roles)console.log(`    - ${O.bucket}: ${O.role}`)}else console.log("  Roles: None");q(d)}export{ge as default};

package/dist/lib/access-keys/list.js

@@ -0,0 +1,8 @@
+function Q(t){return JSON.stringify(t,null,2)}function Z(t,e="    "){return Object.entries(t).map(([n,i])=>`${e}<${n}>${i}</${n}>`).join(`
+`)}function ee(t,e,n){let i=[`<${e}>`];return t.forEach(o=>{i.push(`  <${n}>`),i.push(Z(o,"    ")),i.push(`  </${n}>`)}),i.push(`</${e}>`),i.join(`
+`)}function z(t){if(t==null)return"";if(t instanceof Date)return N(t);if(typeof t=="string"){let e=new Date(t);if(!isNaN(e.getTime())&&t.includes("T"))return N(e)}return String(t)}function N(t){return new Intl.DateTimeFormat(void 0,{year:"numeric",month:"short",day:"numeric",hour:"2-digit",minute:"2-digit"}).format(t)}function te(t,e){return e.map(n=>{if(n.width)return n.width;let i=n.header.length,o=t.reduce((r,s)=>{let a=z(s[n.key]);return Math.max(r,a.length)},0);return Math.max(i,o)})}function ne(t,e){let n=[],i=te(t,e),o="\u250C"+i.map(c=>"\u2500".repeat(c+2)).join("\u252C")+"\u2510",r="\u251C"+i.map(c=>"\u2500".repeat(c+2)).join("\u253C")+"\u2524",s="\u2514"+i.map(c=>"\u2500".repeat(c+2)).join("\u2534")+"\u2518";n.push(`
+`+o);let a="\u2502 "+e.map((c,l)=>c.header.padEnd(i[l])).join(" \u2502 ")+" \u2502";return n.push(a),n.push(r),t.forEach(c=>{let l=e.map((g,b)=>{let E=z(c[g.key]);return g.align==="right"?E.padStart(i[b]):E.padEnd(i[b])});n.push("\u2502 "+l.join(" \u2502 ")+" \u2502")}),n.push(s+`
+`),n.join(`
+`)}function D(t,e,n,i,o){switch(e){case"json":return Q(t);case"xml":return ee(t,n,i);default:return ne(t,o)}}import{S3Client as ze}from"@aws-sdk/client-s3";import{homedir as ie}from"os";import{join as R}from"path";import{readFileSync as oe,writeFileSync as re,existsSync as j,mkdirSync as se}from"fs";import{chmod as ae}from"fs/promises";var x=R(ie(),".tigris"),f=R(x,"config.json");function ce(){j(x)||se(x,{recursive:!0,mode:448})}function d(){if(j(f))try{let t=oe(f,"utf8");return JSON.parse(t)}catch{return{}}return{}}async function m(t){ce(),re(f,JSON.stringify(t,null,2),{mode:384});try{await ae(f,384)}catch{}}async function S(t){let e=d();e.tokens=t,await m(e)}async function p(){return d().tokens||null}async function A(){let t=d();delete t.tokens,await m(t)}async function $(t){let e=d();e.organizations=t,await m(e)}function K(){return d().organizations||[]}function _(){return d().selectedOrganization||null}async function L(t){let e=d();e.loginMethod=t,await m(e)}function F(){return d().loginMethod||null}import C from"axios";import de from"open";function h(){return{domain:process.env.AUTH0_DOMAIN||"auth.tigris.dev",clientId:process.env.AUTH0_CLIENT_ID||"DMejqeM3CQ4IqTjEcd3oA9eEiT40hn8D",audience:process.env.AUTH0_AUDIENCE||"https://tigris-os-api"}}var U=process.env.TIGRIS_CLAIMS_NAMESPACE||"https://tigris";function y(){return{endpoint:process.env.TIGRIS_STORAGE_ENDPOINT||"https://t3.storage.dev",iamEndpoint:process.env.TIGRIS_IAM_ENDPOINT||"https://iam.storageapi.dev"}}var I=class{config;baseUrl;constructor(){this.config=h(),this.baseUrl=`https://${this.config.domain}`}async login(e){let i=(await C.post(`${this.baseUrl}/oauth/device/code`,{client_id:this.config.clientId,audience:this.config.audience,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data;e?.onDeviceCode?.(i.user_code,i.verification_uri),await this.sleep(2e3);try{await de(i.verification_uri_complete)}catch{}e?.onWaiting?.();let o=await this.pollForToken(i.device_code,i.interval||5);await S(o),L("oauth"),await this.extractAndStoreOrganizations(o.idToken)}async pollForToken(e,n){let o=0;for(;o<60;){o++;try{let s=(await C.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,device_code:e,grant_type:"urn:ietf:params:oauth:grant-type:device_code"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,a=Date.now()+(s.expires_in||3600)*1e3;return{accessToken:s.access_token,refreshToken:s.refresh_token,idToken:s.id_token,expiresAt:a}}catch(r){if(C.isAxiosError(r)&&r.response){let s=r.response.data?.error;if(s==="authorization_pending"){await this.sleep(n*1e3);continue}if(s==="slow_down"){n+=5,await this.sleep(n*1e3);continue}throw new Error(r.response.data?.error_description||"Authentication failed")}throw r}}throw new Error("Authentication timed out. Please try again.")}async getAccessToken(){let e=await p();if(!e)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');let n=300*1e3;return Date.now()+n>=e.expiresAt&&(e=await this.refreshAccessToken(e)),e.accessToken}async refreshAccessToken(e){let n=null;if(e?.refreshToken?n=e:n=await p(),!n)throw new Error('No refresh token available. Please run "tigris login" to re-authenticate.');try{let o=(await C.post(`${this.baseUrl}/oauth/token`,{client_id:this.config.clientId,grant_type:"refresh_token",refresh_token:n.refreshToken,scope:"openid profile email offline_access"},{headers:{"Content-Type":"application/x-www-form-urlencoded"}})).data,r={accessToken:o.access_token,refreshToken:o.refresh_token||n.refreshToken,idToken:o.id_token||n.idToken,expiresAt:Date.now()+(o.expires_in||3600)*1e3};return await S(r),r}catch{throw await A(),new Error('Token refresh failed. Please run "tigris login" to re-authenticate.')}}async getIdTokenClaims(){let e=await p();if(!e||!e.idToken)throw new Error('Not authenticated. Please run "tigris login" to authenticate.');try{let n=e.idToken.split(".")[1],i=Buffer.from(n,"base64").toString("utf8");return JSON.parse(i)}catch{throw new Error("Failed to decode ID token")}}async extractAndStoreOrganizations(e){if(e)try{let n=e.split(".")[1],i=Buffer.from(n,"base64").toString("utf8"),r=JSON.parse(i)[U];if(!r)return;let s=r?.ns?.map(a=>typeof a=="object"&&a!==null?{id:a.id,name:a.name,displayName:a.name}:{id:a,name:a,displayName:a})||[];if(s.length===0)return;$(s)}catch{}}async getOrganizations(){return await this.getAccessToken(),K()}async logout(){await A()}async isAuthenticated(){return await p()!==null}sleep(e){return new Promise(n=>setTimeout(n,e))}},v=null;function M(){return v||(v=new I),v}var $e=y(),Ke=h();async function V(){return F()}import{listAccessKeys as Ce}from"@tigrisdata/iam";import{readFileSync as ge,existsSync as ue}from"fs";import{join as G,dirname as le}from"path";import{fileURLToPath as pe}from"url";import*as q from"yaml";var fe=pe(import.meta.url),me=le(fe),O=null;function he(){let t=me;for(let e=0;e<5;e++){let n=G(t,"specs.yaml");if(ue(n))return n;t=G(t,"..")}throw new Error("Could not find specs.yaml")}function ye(){if(!O){let t=he(),e=ge(t,"utf8");O=q.parse(e)}return O}function B(t,e){let i=ye().commands.find(o=>o.name===t);return i?e&&i.operations?i.operations.find(o=>o.name===e)||null:i:null}var H={success:"\u2714",failure:"\u2716",hint:"\u2192"};function P(){return process.stdout.isTTY===!0}function T(t){let e=B(t.command,t.operation);if(e)return e.messages}function w(t,e){let n=t;return n=n.replace(/\\n/g,`
+`),e&&(n=n.replace(/\{\{(\w+)\}\}/g,(i,o)=>{let r=e[o];return r!==void 0?String(r):`{{${o}}}`})),n}function J(t,e){if(!P())return;let n=T(t);n?.onStart&&console.log(w(n.onStart,e))}function W(t,e){if(!P())return;let n=T(t);n?.onSuccess&&console.log(`${H.success} ${w(n.onSuccess,e)}`)}function k(t,e,n){let i=T(t);i?.onFailure&&console.error(`${H.failure} ${w(i.onFailure,n)}`),e&&console.error(`  ${e}`)}function Y(t,e){if(!P())return;let n=T(t);n?.onEmpty&&console.log(w(n.onEmpty,e))}function X(t,e){return{command:t,operation:e}}var u=X("access-keys","list");async function Te(){J(u),await V()!=="oauth"&&(k(u,`Access keys can only be listed when logged in via OAuth.
+Run "tigris login oauth" first.`),process.exit(1));let e=M();await e.isAuthenticated()||(k(u,'Not authenticated. Run "tigris login oauth" first.'),process.exit(1));let i=await e.getAccessToken(),o=_(),r=y(),{data:s,error:a}=await Ce({config:{sessionToken:i,organizationId:o??void 0,iamEndpoint:r.iamEndpoint}});if(a&&(k(u,a.message),process.exit(1)),!s.accessKeys||s.accessKeys.length===0){Y(u);return}let c=s.accessKeys.map(g=>({name:g.name,id:g.id,status:g.status,created:g.createdAt})),l=D(c,"table","keys","key",[{key:"name",header:"Name"},{key:"id",header:"ID"},{key:"status",header:"Status"},{key:"created",header:"Created"}]);console.log(l),W(u,{count:c.length})}export{Te as default};

package/dist/specs.yaml

@@ -189,6 +189,85 @@ commands:
             alias: b
             required: false
 
+  # access-keys
+  - name: access-keys
+    description: Manage access keys
+    alias: keys
+    operations:
+      - name: list
+        description: List all access keys
+        alias: l
+        messages:
+          onStart: ''
+          onSuccess: ''
+          onFailure: 'Failed to list access keys'
+          onEmpty: 'No access keys found'
+      - name: create
+        description: Create a new access key
+        alias: c
+        messages:
+          onStart: 'Creating access key...'
+          onSuccess: 'Access key created'
+          onFailure: 'Failed to create access key'
+        arguments:
+          - name: name
+            description: Name for the access key
+            type: positional
+            required: true
+      - name: delete
+        description: Delete an access key
+        alias: d
+        messages:
+          onStart: 'Deleting access key...'
+          onSuccess: 'Access key deleted'
+          onFailure: 'Failed to delete access key'
+        arguments:
+          - name: id
+            description: Access key ID
+            type: positional
+            required: true
+      - name: get
+        description: Get details of an access key
+        alias: g
+        messages:
+          onStart: ''
+          onSuccess: ''
+          onFailure: 'Failed to get access key'
+        arguments:
+          - name: id
+            description: Access key ID
+            type: positional
+            required: true
+      - name: assign
+        description: Assign bucket roles to an access key
+        alias: a
+        messages:
+          onStart: 'Assigning bucket roles...'
+          onSuccess: 'Bucket roles assigned'
+          onFailure: 'Failed to assign bucket roles'
+        arguments:
+          - name: id
+            description: Access key ID
+            type: positional
+            required: true
+          - name: bucket
+            alias: b
+            description: Bucket name (can specify multiple)
+            multiple: true
+          - name: role
+            alias: r
+            description: Role to assign (can specify multiple to pair with buckets)
+            multiple: true
+            options:
+              - Editor
+              - ReadOnly
+          - name: admin
+            description: Grant admin access to all buckets in the organization
+            type: flag
+          - name: revoke-roles
+            description: Revoke all bucket roles from the access key
+            type: flag
+
   #########################
   # Unix style commands
   #########################

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tigrisdata/cli",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "description": "Command line interface for Tigris object storage",
   "type": "module",
   "exports": {
@@ -78,8 +78,8 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.908.0",
-    "@tigrisdata/iam": "^1.0.0",
-    "@tigrisdata/storage": "^2.11.0",
+    "@tigrisdata/iam": "^1.1.0",
+    "@tigrisdata/storage": "^2.12.0",
     "axios": "^1.12.2",
     "commander": "^11.0.0",
     "enquirer": "^2.4.1",