opal-security 2.0.11 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -13
- package/lib/commands/login.js +15 -4
- package/lib/commands/set-url.d.ts +1 -0
- package/lib/commands/set-url.js +4 -0
- package/lib/lib/config.d.ts +1 -0
- package/lib/lib/config.js +9 -1
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -22,7 +22,7 @@ $ npm install -g opal-security
|
|
|
22
22
|
$ opal COMMAND
|
|
23
23
|
running command...
|
|
24
24
|
$ opal (-v|--version|version)
|
|
25
|
-
opal-security/2.0.
|
|
25
|
+
opal-security/2.0.12 darwin-x64 node-v14.16.1
|
|
26
26
|
$ opal --help [COMMAND]
|
|
27
27
|
USAGE
|
|
28
28
|
$ opal COMMAND
|
|
@@ -86,7 +86,7 @@ EXAMPLE
|
|
|
86
86
|
opal aws:identity
|
|
87
87
|
```
|
|
88
88
|
|
|
89
|
-
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
89
|
+
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/aws/identity.ts)_
|
|
90
90
|
|
|
91
91
|
## `opal curl-example`
|
|
92
92
|
|
|
@@ -100,7 +100,7 @@ OPTIONS
|
|
|
100
100
|
-h, --help show CLI help
|
|
101
101
|
```
|
|
102
102
|
|
|
103
|
-
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
103
|
+
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/curl-example.ts)_
|
|
104
104
|
|
|
105
105
|
## `opal help [COMMAND]`
|
|
106
106
|
|
|
@@ -136,7 +136,7 @@ EXAMPLES
|
|
|
136
136
|
opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
137
137
|
```
|
|
138
138
|
|
|
139
|
-
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
139
|
+
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/iam-roles/start.ts)_
|
|
140
140
|
|
|
141
141
|
## `opal kube-roles:start`
|
|
142
142
|
|
|
@@ -158,7 +158,7 @@ EXAMPLES
|
|
|
158
158
|
"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
|
|
159
159
|
```
|
|
160
160
|
|
|
161
|
-
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
161
|
+
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/kube-roles/start.ts)_
|
|
162
162
|
|
|
163
163
|
## `opal login`
|
|
164
164
|
|
|
@@ -175,7 +175,7 @@ EXAMPLE
|
|
|
175
175
|
$ opal login
|
|
176
176
|
```
|
|
177
177
|
|
|
178
|
-
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
178
|
+
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/login.ts)_
|
|
179
179
|
|
|
180
180
|
## `opal logout`
|
|
181
181
|
|
|
@@ -192,7 +192,7 @@ EXAMPLE
|
|
|
192
192
|
$ opal logout
|
|
193
193
|
```
|
|
194
194
|
|
|
195
|
-
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
195
|
+
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/logout.ts)_
|
|
196
196
|
|
|
197
197
|
## `opal postgres-instances:start`
|
|
198
198
|
|
|
@@ -213,7 +213,7 @@ EXAMPLES
|
|
|
213
213
|
opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
|
|
214
214
|
```
|
|
215
215
|
|
|
216
|
-
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
216
|
+
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/postgres-instances/start.ts)_
|
|
217
217
|
|
|
218
218
|
## `opal resources:get`
|
|
219
219
|
|
|
@@ -231,7 +231,7 @@ EXAMPLE
|
|
|
231
231
|
opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
|
|
232
232
|
```
|
|
233
233
|
|
|
234
|
-
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
234
|
+
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/resources/get.ts)_
|
|
235
235
|
|
|
236
236
|
## `opal set-url`
|
|
237
237
|
|
|
@@ -249,12 +249,13 @@ OPTIONS
|
|
|
249
249
|
--dev
|
|
250
250
|
--devLocal
|
|
251
251
|
--prod
|
|
252
|
+
--staging
|
|
252
253
|
|
|
253
254
|
EXAMPLE
|
|
254
255
|
$ opal set-host
|
|
255
256
|
```
|
|
256
257
|
|
|
257
|
-
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
258
|
+
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/set-url.ts)_
|
|
258
259
|
|
|
259
260
|
## `opal ssh:copyFrom`
|
|
260
261
|
|
|
@@ -280,7 +281,7 @@ EXAMPLES
|
|
|
280
281
|
opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
281
282
|
```
|
|
282
283
|
|
|
283
|
-
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
284
|
+
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/copyFrom.ts)_
|
|
284
285
|
|
|
285
286
|
## `opal ssh:copyTo`
|
|
286
287
|
|
|
@@ -306,7 +307,7 @@ EXAMPLES
|
|
|
306
307
|
opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
307
308
|
```
|
|
308
309
|
|
|
309
|
-
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
310
|
+
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/copyTo.ts)_
|
|
310
311
|
|
|
311
312
|
## `opal ssh:start`
|
|
312
313
|
|
|
@@ -325,5 +326,5 @@ EXAMPLES
|
|
|
325
326
|
opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
326
327
|
```
|
|
327
328
|
|
|
328
|
-
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
329
|
+
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/start.ts)_
|
|
329
330
|
<!-- commandsstop -->
|
package/lib/commands/login.js
CHANGED
|
@@ -10,9 +10,11 @@ const inquirer = require("inquirer");
|
|
|
10
10
|
const handler_1 = require("../handler");
|
|
11
11
|
const credentials_2 = require("../lib/credentials");
|
|
12
12
|
const config_1 = require("../lib/config");
|
|
13
|
-
const
|
|
13
|
+
const ISSUER_PROD = 'https://auth.opal.dev';
|
|
14
|
+
const ISSUER_DEV = 'https://authdev.opal.dev';
|
|
14
15
|
const GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
|
|
15
|
-
const
|
|
16
|
+
const CLIENT_ID_PROD = '42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF';
|
|
17
|
+
const CLIENT_ID_DEV = 'XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s';
|
|
16
18
|
const CLISignInMethodDocument = `
|
|
17
19
|
query CLISignInMethod($input: SignInMethodInput!) {
|
|
18
20
|
signInMethod(input: $input) {
|
|
@@ -91,10 +93,19 @@ class Login extends command_1.Command {
|
|
|
91
93
|
}
|
|
92
94
|
}
|
|
93
95
|
}
|
|
94
|
-
|
|
96
|
+
let issuer;
|
|
97
|
+
let clientId;
|
|
98
|
+
if (config_1.isProduction(this.config.configDir)) {
|
|
99
|
+
issuer = await openid_client_1.Issuer.discover(ISSUER_PROD);
|
|
100
|
+
clientId = CLIENT_ID_PROD;
|
|
101
|
+
}
|
|
102
|
+
else {
|
|
103
|
+
issuer = await openid_client_1.Issuer.discover(ISSUER_DEV);
|
|
104
|
+
clientId = CLIENT_ID_DEV;
|
|
105
|
+
}
|
|
95
106
|
const client = new issuer.Client({
|
|
96
107
|
grant_types: [GRANT_TYPE],
|
|
97
|
-
client_id:
|
|
108
|
+
client_id: clientId,
|
|
98
109
|
response_types: [],
|
|
99
110
|
redirect_uris: [],
|
|
100
111
|
token_endpoint_auth_method: 'none',
|
|
@@ -7,6 +7,7 @@ export default class SetUrl extends Command {
|
|
|
7
7
|
custom: flags.IOptionFlag<string | undefined>;
|
|
8
8
|
allowSelfSignedCerts: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
|
9
9
|
prod: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
|
10
|
+
staging: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
|
10
11
|
demo: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
|
11
12
|
dev: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
|
12
13
|
devLocal: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
|
package/lib/commands/set-url.js
CHANGED
|
@@ -14,6 +14,9 @@ class SetUrl extends command_1.Command {
|
|
|
14
14
|
else if (flags.prod) {
|
|
15
15
|
url = 'https://app.opal.dev';
|
|
16
16
|
}
|
|
17
|
+
else if (flags.staging) {
|
|
18
|
+
url = 'https://staging.opal.dev';
|
|
19
|
+
}
|
|
17
20
|
else if (flags.demo) {
|
|
18
21
|
url = 'https://demo.opal.dev';
|
|
19
22
|
}
|
|
@@ -46,6 +49,7 @@ SetUrl.flags = {
|
|
|
46
49
|
}),
|
|
47
50
|
allowSelfSignedCerts: command_1.flags.boolean(),
|
|
48
51
|
prod: command_1.flags.boolean(),
|
|
52
|
+
staging: command_1.flags.boolean(),
|
|
49
53
|
demo: command_1.flags.boolean(),
|
|
50
54
|
dev: command_1.flags.boolean(),
|
|
51
55
|
devLocal: command_1.flags.boolean(),
|
package/lib/lib/config.d.ts
CHANGED
|
@@ -4,3 +4,4 @@ export declare const allowSelfSignedCertsKey = "allowSelfSignedCerts";
|
|
|
4
4
|
export declare const defaultAllowSelfSignedCerts = false;
|
|
5
5
|
export declare const getOrCreateConfigData: (configDir: string) => Record<string, any>;
|
|
6
6
|
export declare const writeConfigData: (configDir: string, newConfigData: Record<string, any>) => void;
|
|
7
|
+
export declare const isProduction: (configDir: string) => boolean;
|
package/lib/lib/config.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.writeConfigData = exports.getOrCreateConfigData = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
|
|
3
|
+
exports.isProduction = exports.writeConfigData = exports.getOrCreateConfigData = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
|
|
4
4
|
const fs = require("fs");
|
|
5
5
|
const path = require("path");
|
|
6
6
|
exports.urlKey = 'url';
|
|
@@ -50,3 +50,11 @@ exports.writeConfigData = (configDir, newConfigData) => {
|
|
|
50
50
|
mode: 0o0600,
|
|
51
51
|
});
|
|
52
52
|
};
|
|
53
|
+
exports.isProduction = (configDir) => {
|
|
54
|
+
const configData = exports.getOrCreateConfigData(configDir);
|
|
55
|
+
// Custom URLs are considered production since it includes on-prem
|
|
56
|
+
return configData[exports.urlKey] !== 'https://dev.opal.dev' &&
|
|
57
|
+
configData[exports.urlKey] !== 'http://localhost:3000' &&
|
|
58
|
+
configData[exports.urlKey] !== 'https://demo.opal.dev' &&
|
|
59
|
+
configData[exports.urlKey] !== 'https://staging.opal.dev';
|
|
60
|
+
};
|
package/oclif.manifest.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":"2.0.
|
|
1
|
+
{"version":"2.0.12","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]}}}
|