opal-security 2.0.11 → 2.0.14

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (-v|--version|version)
-opal-security/2.0.11 darwin-x64 node-v14.16.1
+opal-security/2.0.14 darwin-x64 node-v14.16.1
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -43,6 +43,7 @@ USAGE
 * [`opal logout`](#opal-logout)
 * [`opal postgres-instances:start`](#opal-postgres-instancesstart)
 * [`opal resources:get`](#opal-resourcesget)
+* [`opal set-token`](#opal-set-token)
 * [`opal set-url`](#opal-set-url)
 * [`opal ssh:copyFrom`](#opal-sshcopyfrom)
 * [`opal ssh:copyTo`](#opal-sshcopyto)
@@ -86,7 +87,7 @@ EXAMPLE
   opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/aws/identity.ts)_
 
 ## `opal curl-example`
 
@@ -100,7 +101,7 @@ OPTIONS
   -h, --help  show CLI help
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/curl-example.ts)_
 
 ## `opal help [COMMAND]`
 
@@ -128,15 +129,16 @@ USAGE
   $ opal iam-roles:start
 
 OPTIONS
-  -h, --help  show CLI help
-  --id=id     The ID of the Opal role resource.
+  -h, --help             show CLI help
+  --id=id                The ID of the Opal role resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal iam-roles:start
   opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles:start`
 
@@ -150,6 +152,7 @@ OPTIONS
   -h, --help                                 show CLI help
   --accessLevelRemoteId=accessLevelRemoteId  The remote ID of the access level with which to access the cluster.
   --id=id                                    The ID of the Opal role resource.
+  --sessionId=sessionId                      SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal kube-roles:start
@@ -158,7 +161,7 @@ EXAMPLES
   "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -175,7 +178,7 @@ EXAMPLE
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -192,7 +195,7 @@ EXAMPLE
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/logout.ts)_
 
 ## `opal postgres-instances:start`
 
@@ -206,6 +209,7 @@ OPTIONS
   -h, --help                                 show CLI help
   --accessLevelRemoteId=accessLevelRemoteId  The remote ID of the access level with which to access the database.
   --id=id                                    The ID of the Opal instance resource.
+  --sessionId=sessionId                      SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal postgres-instances:start
@@ -213,7 +217,7 @@ EXAMPLES
   opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources:get`
 
@@ -231,7 +235,24 @@ EXAMPLE
   opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/resources/get.ts)_
+
+## `opal set-token`
+
+Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.
+
+```
+USAGE
+  $ opal set-token
+
+OPTIONS
+  -h, --help  show CLI help
+
+EXAMPLE
+  $ opal set-token
+```
+
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/set-token.ts)_
 
 ## `opal set-url`
 
@@ -249,12 +270,13 @@ OPTIONS
   --dev
   --devLocal
   --prod
+  --staging
 
 EXAMPLE
   $ opal set-host
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/set-url.ts)_
 
 ## `opal ssh:copyFrom`
 
@@ -265,22 +287,23 @@ USAGE
   $ opal ssh:copyFrom
 
 OPTIONS
-  -h, --help   show CLI help
-  --dest=dest  [default: .] Pick which directory you want your files to be copied to.
-  --id=id      The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --dest=dest            [default: .] Pick which directory you want your files to be copied to.
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
-  --src=src    (required) The path of the directory or file you would like to copy over SCP. Note we only support one
-               file or directory at a time.
+  --src=src              (required) The path of the directory or file you would like to copy over SCP. Note we only
+                         support one file or directory at a time.
 
-  --user=user  [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will have access
-               to each other's home directory.
+  --user=user            [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will
+                         have access to each other's home directory.
 
 EXAMPLES
   opal ssh:copyFrom --src instance/dir --dest my/dir
   opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh:copyTo`
 
@@ -291,22 +314,23 @@ USAGE
   $ opal ssh:copyTo
 
 OPTIONS
-  -h, --help   show CLI help
-  --dest=dest  [default: .] Pick which directory you want your files to be copied to.
-  --id=id      The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --dest=dest            [default: .] Pick which directory you want your files to be copied to.
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
-  --src=src    (required) The path of the directory or file you would like to copy over SCP. Note we only support one
-               file or directory at a time.
+  --src=src              (required) The path of the directory or file you would like to copy over SCP. Note we only
+                         support one file or directory at a time.
 
-  --user=user  [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will have access
-               to each other's home directory.
+  --user=user            [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will
+                         have access to each other's home directory.
 
 EXAMPLES
   opal ssh:copyTo --src my/dir --dest instance/dir
   opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh:start`
 
@@ -317,13 +341,14 @@ USAGE
   $ opal ssh:start
 
 OPTIONS
-  -h, --help  show CLI help
-  --id=id     The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal ssh:start
   opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.11/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/start.ts)_
 <!-- commandsstop -->

package/lib/commands/iam-roles/start.d.ts

@@ -5,6 +5,7 @@ export default class StartIAMRoleSession extends Command {
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/iam-roles/start.js

@@ -8,9 +8,10 @@ const inquirer = require("inquirer");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
 const get_1 = require("../../commands/resources/get");
+const common_1 = require("../../lib/common");
 const StartIAMRoleSessionDocument = `
-mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -27,9 +28,18 @@ mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevel
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 const ListIamRolesDocument = `
@@ -51,6 +61,7 @@ class StartIAMRoleSession extends command_1.Command {
         const { flags } = this.parse(StartIAMRoleSession);
         let roleId = flags.id;
         let roleName = null;
+        const sessionId = flags.sessionId;
         if (!roleId) {
             const { resp: iamRolesResp, error } = await handler_1.runQuery({
                 command: this,
@@ -106,7 +117,7 @@ class StartIAMRoleSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartIAMRoleSessionDocument,
-            variables: { id: roleId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: roleId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId: sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -125,6 +136,10 @@ class StartIAMRoleSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, roleId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -142,4 +157,8 @@ StartIAMRoleSession.flags = {
         multiple: false,
         description: 'The ID of the Opal role resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/kube-roles/start.d.ts

@@ -6,6 +6,7 @@ export default class StartKubeIAMRoleSession extends Command {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
         accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/kube-roles/start.js

@@ -8,9 +8,10 @@ const inquirer = require("inquirer");
 const types_1 = require("../../types");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
+const common_1 = require("../../lib/common");
 const StartKubeIAMRoleSessionDocument = `
-mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -27,9 +28,18 @@ mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessL
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 const ListKubeIamRolesDocument = `
@@ -54,6 +64,7 @@ class StartKubeIAMRoleSession extends command_1.Command {
         const { flags } = this.parse(StartKubeIAMRoleSession);
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         let clusterId = flags.id;
+        const sessionId = flags.sessionId;
         if (!clusterId) {
             const { resp: kubeIamRolesResp, error } = await handler_1.runQuery({
                 command: this,
@@ -101,7 +112,7 @@ class StartKubeIAMRoleSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartKubeIAMRoleSessionDocument,
-            variables: { id: clusterId, accessLevel },
+            variables: { id: clusterId, accessLevel, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -120,6 +131,10 @@ class StartKubeIAMRoleSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, clusterId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -142,4 +157,8 @@ StartKubeIAMRoleSession.flags = {
         multiple: false,
         description: 'The remote ID of the access level with which to access the cluster.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/login.d.ts

@@ -1,4 +1,5 @@
 import { Command } from '@oclif/command';
+export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n  organizationSettings {\n      ... on OrganizationSettingsResult {\n        settings {\n          id\n        }\n      }\n  }\n}\n";
 export default class Login extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/login.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLIAuthSessionCheckDocument = void 0;
 const command_1 = require("@oclif/command");
 const keytar = require("keytar");
 const open = require("open");
@@ -10,9 +11,11 @@ const inquirer = require("inquirer");
 const handler_1 = require("../handler");
 const credentials_2 = require("../lib/credentials");
 const config_1 = require("../lib/config");
-const ISSUER = 'https://auth.opal.dev';
+const ISSUER_PROD = 'https://auth.opal.dev';
+const ISSUER_DEV = 'https://authdev.opal.dev';
 const GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
-const CLIENT_ID = '42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF';
+const CLIENT_ID_PROD = '42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF';
+const CLIENT_ID_DEV = 'XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s';
 const CLISignInMethodDocument = `
 query CLISignInMethod($input: SignInMethodInput!) {
   signInMethod(input: $input) {
@@ -25,7 +28,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
     }
   }
 }`;
-const CLIAuthSessionCheckDocument = `
+exports.CLIAuthSessionCheckDocument = `
 query CLIAuthSessionCheck {
   organizationSettings {
       ... on OrganizationSettingsResult {
@@ -91,10 +94,19 @@ class Login extends command_1.Command {
                     }
                 }
             }
-            const issuer = await openid_client_1.Issuer.discover(ISSUER);
+            let issuer;
+            let clientId;
+            if (config_1.isProduction(this.config.configDir)) {
+                issuer = await openid_client_1.Issuer.discover(ISSUER_PROD);
+                clientId = CLIENT_ID_PROD;
+            }
+            else {
+                issuer = await openid_client_1.Issuer.discover(ISSUER_DEV);
+                clientId = CLIENT_ID_DEV;
+            }
             const client = new issuer.Client({
                 grant_types: [GRANT_TYPE],
-                client_id: CLIENT_ID,
+                client_id: clientId,
                 response_types: [],
                 redirect_uris: [],
                 token_endpoint_auth_method: 'none',
@@ -120,7 +132,7 @@ class Login extends command_1.Command {
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
                 command: this,
-                query: CLIAuthSessionCheckDocument,
+                query: exports.CLIAuthSessionCheckDocument,
                 variables: {},
             });
             if (authCheckErr || !((_e = (_d = (_c = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _c === void 0 ? void 0 : _c.organizationSettings) === null || _d === void 0 ? void 0 : _d.settings) === null || _e === void 0 ? void 0 : _e.id)) {

package/lib/commands/postgres-instances/start.d.ts

@@ -6,6 +6,7 @@ export default class StartPostgresInstanceSession extends Command {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
         accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/postgres-instances/start.js

@@ -6,6 +6,7 @@ const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
 const inquirer = require("inquirer");
 const resources_1 = require("../../lib/resources");
+const common_1 = require("../../lib/common");
 const ListPostgresInstancesDocument = `
 query ListPostgresInstances {
   resources(input: {serviceType: POSTGRES, onlyMine: true, maxNumEntries: 1000}) {
@@ -20,8 +21,8 @@ query ListPostgresInstances {
   }
 }`;
 const StartPostgresInstanceSessionDocument = `
-mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -38,9 +39,18 @@ mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAc
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartPostgresInstanceSession extends command_1.Command {
@@ -49,6 +59,7 @@ class StartPostgresInstanceSession extends command_1.Command {
         const { flags } = this.parse(StartPostgresInstanceSession);
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         if (!instanceId) {
             const { resp: postgresInstancesResp, error } = await handler_1.runQuery({
@@ -100,6 +111,7 @@ class StartPostgresInstanceSession extends command_1.Command {
             variables: {
                 id: instanceId,
                 accessLevel,
+                sessionId,
             },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
@@ -138,6 +150,10 @@ class StartPostgresInstanceSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -160,4 +176,8 @@ StartPostgresInstanceSession.flags = {
         multiple: false,
         description: 'The remote ID of the access level with which to access the database.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/set-token.d.ts

@@ -0,0 +1,10 @@
+import { Command } from '@oclif/command';
+export default class SetToken extends Command {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
+    };
+    static args: never[];
+    run(): Promise<void>;
+}

package/lib/commands/set-token.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("@oclif/command");
+const keytar = require("keytar");
+const inquirer = require("inquirer");
+const apollo_1 = require("../lib/apollo");
+const credentials_1 = require("../lib/credentials");
+const handler_1 = require("../handler");
+const credentials_2 = require("../lib/credentials");
+const login_1 = require("./login");
+class SetToken extends command_1.Command {
+    async run() {
+        var _a, _b, _c;
+        try {
+            await apollo_1.initClient(this);
+            const { apiToken } = await inquirer.prompt([
+                {
+                    name: 'apiToken',
+                    message: 'Enter your API Key:',
+                    type: 'password',
+                    validate: key => Boolean(key),
+                },
+            ]);
+            // Clear previously-stored credentials from keychain if they exist
+            let email;
+            let organizationID;
+            if (await credentials_1.cred.accessToken) {
+                email = await credentials_1.cred.email;
+                organizationID = await credentials_1.cred.organizationID;
+                await credentials_1.cred.removeCredentials(-1);
+            }
+            // Store API token in keychain - mimics login command
+            await keytar.setPassword(credentials_2.OPAL_CREDS_KEY, (email || 'unset-email') + '|' + organizationID, apiToken || '');
+            // "Representative" authenticated call to check the log-in worked as expected.
+            const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
+                command: this,
+                query: login_1.CLIAuthSessionCheckDocument,
+                variables: {},
+            });
+            if (authCheckErr ||
+                !((_c = (_b = (_a = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _a === void 0 ? void 0 : _a.organizationSettings) === null || _b === void 0 ? void 0 : _b.settings) === null || _c === void 0 ? void 0 : _c.id)) {
+                this.log('Error verifying log in. Authenticated commands may fail. Please double check your API token and use `opal logout; opal set-token` to try again.\n');
+                return;
+            }
+            this.log('🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n');
+        }
+        catch (error) {
+            this.error(error);
+        }
+    }
+}
+exports.default = SetToken;
+SetToken.description = 'Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.';
+SetToken.examples = ['$ opal set-token'];
+SetToken.flags = {
+    help: command_1.flags.help({ char: 'h' }),
+};
+SetToken.args = [];

package/lib/commands/set-url.d.ts

@@ -7,6 +7,7 @@ export default class SetUrl extends Command {
         custom: flags.IOptionFlag<string | undefined>;
         allowSelfSignedCerts: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
         prod: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
+        staging: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
         demo: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
         dev: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
         devLocal: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;

package/lib/commands/set-url.js

@@ -14,6 +14,9 @@ class SetUrl extends command_1.Command {
             else if (flags.prod) {
                 url = 'https://app.opal.dev';
             }
+            else if (flags.staging) {
+                url = 'https://staging.opal.dev';
+            }
             else if (flags.demo) {
                 url = 'https://demo.opal.dev';
             }
@@ -46,6 +49,7 @@ SetUrl.flags = {
     }),
     allowSelfSignedCerts: command_1.flags.boolean(),
     prod: command_1.flags.boolean(),
+    staging: command_1.flags.boolean(),
     demo: command_1.flags.boolean(),
     dev: command_1.flags.boolean(),
     devLocal: command_1.flags.boolean(),

package/lib/commands/ssh/copyFrom.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: flags.IOptionFlag<string>;
         user: flags.IOptionFlag<string>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/copyFrom.js

@@ -5,9 +5,10 @@ const handler_1 = require("../../handler");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
 const ssh_1 = require("../../lib/ssh");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -26,9 +27,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSCPSession extends command_1.Command {
@@ -41,6 +51,7 @@ class StartSCPSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SCP into');
             if (!selectedInstance) {
@@ -52,7 +63,7 @@ class StartSCPSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -75,6 +86,10 @@ class StartSCPSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -109,4 +124,8 @@ StartSCPSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/ssh/copyTo.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: flags.IOptionFlag<string>;
         user: flags.IOptionFlag<string>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/copyTo.js

@@ -5,9 +5,10 @@ const handler_1 = require("../../handler");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
 const ssh_1 = require("../../lib/ssh");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -26,9 +27,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSCPSession extends command_1.Command {
@@ -41,6 +51,7 @@ class StartSCPSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SCP into');
             if (!selectedInstance) {
@@ -52,7 +63,7 @@ class StartSCPSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -75,6 +86,10 @@ class StartSCPSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -109,4 +124,8 @@ StartSCPSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/ssh/start.d.ts

@@ -5,6 +5,7 @@ export default class StartSSHSession extends Command {
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/start.js

@@ -7,9 +7,10 @@ const apollo_1 = require("../../lib/apollo");
 const ssh_1 = require("../../lib/ssh");
 const get_1 = require("../../commands/resources/get");
 const aws_1 = require("../../lib/aws");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -28,9 +29,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSSHSession extends command_1.Command {
@@ -43,6 +53,7 @@ class StartSSHSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SSH into');
@@ -69,7 +80,7 @@ class StartSSHSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -90,6 +101,10 @@ class StartSSHSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -107,4 +122,14 @@ StartSSHSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    // TODO: Unfortunately allowing SSM over SSH disables logging
+    // user: flags.string({
+    //   multiple: false,
+    //   required: false,
+    //   default: "ssm-user",
+    // }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/lib/common.d.ts

@@ -0,0 +1,2 @@
+import { Command } from '@oclif/command';
+export declare const handleMfaRedirect: (command: Command, resourceId: string) => void;

package/lib/lib/common.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleMfaRedirect = void 0;
+const config_1 = require("./config");
+const open = require("open");
+exports.handleMfaRedirect = (command, resourceId) => {
+    command.log('❗ MFA validation needed. Please connect via browser. Redirecting...');
+    const configData = config_1.getOrCreateConfigData(command.config.configDir);
+    const url = configData[config_1.urlKey];
+    setTimeout(() => {
+        open(url + `/resources/${resourceId}?showModal=true`);
+    }, 2000);
+};

package/lib/lib/config.d.ts

@@ -4,3 +4,4 @@ export declare const allowSelfSignedCertsKey = "allowSelfSignedCerts";
 export declare const defaultAllowSelfSignedCerts = false;
 export declare const getOrCreateConfigData: (configDir: string) => Record<string, any>;
 export declare const writeConfigData: (configDir: string, newConfigData: Record<string, any>) => void;
+export declare const isProduction: (configDir: string) => boolean;

package/lib/lib/config.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.writeConfigData = exports.getOrCreateConfigData = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
+exports.isProduction = exports.writeConfigData = exports.getOrCreateConfigData = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
 const fs = require("fs");
 const path = require("path");
 exports.urlKey = 'url';
@@ -50,3 +50,12 @@ exports.writeConfigData = (configDir, newConfigData) => {
         mode: 0o0600,
     });
 };
+exports.isProduction = (configDir) => {
+    const configData = exports.getOrCreateConfigData(configDir);
+    // Custom URLs are considered production since it includes on-prem
+    return configData[exports.urlKey] !== 'https://dev.opal.dev' &&
+        configData[exports.urlKey] !== 'http://localhost:3000' &&
+        configData[exports.urlKey] !== 'http://localhost:4000' &&
+        configData[exports.urlKey] !== 'https://demo.opal.dev' &&
+        configData[exports.urlKey] !== 'https://staging.opal.dev';
+};

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"2.0.11","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]}}}
+{"version":"2.0.14","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]}}}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "2.0.11",
+  "version": "2.0.14",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"