opal-security 2.0.12 → 2.0.15

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (-v|--version|version)
-opal-security/2.0.12 darwin-x64 node-v14.16.1
+opal-security/2.0.15 darwin-x64 node-v14.16.1
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -43,6 +43,7 @@ USAGE
 * [`opal logout`](#opal-logout)
 * [`opal postgres-instances:start`](#opal-postgres-instancesstart)
 * [`opal resources:get`](#opal-resourcesget)
+* [`opal set-token`](#opal-set-token)
 * [`opal set-url`](#opal-set-url)
 * [`opal ssh:copyFrom`](#opal-sshcopyfrom)
 * [`opal ssh:copyTo`](#opal-sshcopyto)
@@ -86,7 +87,7 @@ EXAMPLE
   opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/aws/identity.ts)_
 
 ## `opal curl-example`
 
@@ -100,24 +101,24 @@ OPTIONS
   -h, --help  show CLI help
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/curl-example.ts)_
 
 ## `opal help [COMMAND]`
 
-display help for opal
+Display help for opal.
 
 ```
 USAGE
   $ opal help [COMMAND]
 
 ARGUMENTS
-  COMMAND  command to show help for
+  COMMAND  Command to show help for.
 
 OPTIONS
-  --all  see all commands in CLI
+  -n, --nested-commands  Include all nested commands in the output.
 ```
 
-_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v3.2.2/src/commands/help.ts)_
+_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v5.1.12/src/commands/help.ts)_
 
 ## `opal iam-roles:start`
 
@@ -128,15 +129,16 @@ USAGE
   $ opal iam-roles:start
 
 OPTIONS
-  -h, --help  show CLI help
-  --id=id     The ID of the Opal role resource.
+  -h, --help             show CLI help
+  --id=id                The ID of the Opal role resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal iam-roles:start
   opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles:start`
 
@@ -150,6 +152,7 @@ OPTIONS
   -h, --help                                 show CLI help
   --accessLevelRemoteId=accessLevelRemoteId  The remote ID of the access level with which to access the cluster.
   --id=id                                    The ID of the Opal role resource.
+  --sessionId=sessionId                      SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal kube-roles:start
@@ -158,7 +161,7 @@ EXAMPLES
   "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -175,7 +178,7 @@ EXAMPLE
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -192,7 +195,7 @@ EXAMPLE
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/logout.ts)_
 
 ## `opal postgres-instances:start`
 
@@ -206,6 +209,7 @@ OPTIONS
   -h, --help                                 show CLI help
   --accessLevelRemoteId=accessLevelRemoteId  The remote ID of the access level with which to access the database.
   --id=id                                    The ID of the Opal instance resource.
+  --sessionId=sessionId                      SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal postgres-instances:start
@@ -213,7 +217,7 @@ EXAMPLES
   opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources:get`
 
@@ -231,7 +235,24 @@ EXAMPLE
   opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/resources/get.ts)_
+
+## `opal set-token`
+
+Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.
+
+```
+USAGE
+  $ opal set-token
+
+OPTIONS
+  -h, --help  show CLI help
+
+EXAMPLE
+  $ opal set-token
+```
+
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/set-token.ts)_
 
 ## `opal set-url`
 
@@ -255,7 +276,7 @@ EXAMPLE
   $ opal set-host
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/set-url.ts)_
 
 ## `opal ssh:copyFrom`
 
@@ -266,22 +287,23 @@ USAGE
   $ opal ssh:copyFrom
 
 OPTIONS
-  -h, --help   show CLI help
-  --dest=dest  [default: .] Pick which directory you want your files to be copied to.
-  --id=id      The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --dest=dest            [default: .] Pick which directory you want your files to be copied to.
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
-  --src=src    (required) The path of the directory or file you would like to copy over SCP. Note we only support one
-               file or directory at a time.
+  --src=src              (required) The path of the directory or file you would like to copy over SCP. Note we only
+                         support one file or directory at a time.
 
-  --user=user  [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will have access
-               to each other's home directory.
+  --user=user            [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will
+                         have access to each other's home directory.
 
 EXAMPLES
   opal ssh:copyFrom --src instance/dir --dest my/dir
   opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh:copyTo`
 
@@ -292,22 +314,23 @@ USAGE
   $ opal ssh:copyTo
 
 OPTIONS
-  -h, --help   show CLI help
-  --dest=dest  [default: .] Pick which directory you want your files to be copied to.
-  --id=id      The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --dest=dest            [default: .] Pick which directory you want your files to be copied to.
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
-  --src=src    (required) The path of the directory or file you would like to copy over SCP. Note we only support one
-               file or directory at a time.
+  --src=src              (required) The path of the directory or file you would like to copy over SCP. Note we only
+                         support one file or directory at a time.
 
-  --user=user  [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will have access
-               to each other's home directory.
+  --user=user            [default: ssm-user] Pick which user you want to run SCP over. Keep in mind not all users will
+                         have access to each other's home directory.
 
 EXAMPLES
   opal ssh:copyTo --src my/dir --dest instance/dir
   opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh:start`
 
@@ -318,13 +341,14 @@ USAGE
   $ opal ssh:start
 
 OPTIONS
-  -h, --help  show CLI help
-  --id=id     The ID of the Opal instance resource.
+  -h, --help             show CLI help
+  --id=id                The ID of the Opal instance resource.
+  --sessionId=sessionId  SessionId of a session that has already been created via the web flow.
 
 EXAMPLES
   opal ssh:start
   opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.12/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.15/src/commands/ssh/start.ts)_
 <!-- commandsstop -->

package/lib/commands/iam-roles/start.d.ts

@@ -5,6 +5,7 @@ export default class StartIAMRoleSession extends Command {
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/iam-roles/start.js

@@ -8,9 +8,10 @@ const inquirer = require("inquirer");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
 const get_1 = require("../../commands/resources/get");
+const common_1 = require("../../lib/common");
 const StartIAMRoleSessionDocument = `
-mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -27,9 +28,18 @@ mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevel
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 const ListIamRolesDocument = `
@@ -51,6 +61,7 @@ class StartIAMRoleSession extends command_1.Command {
         const { flags } = this.parse(StartIAMRoleSession);
         let roleId = flags.id;
         let roleName = null;
+        const sessionId = flags.sessionId;
         if (!roleId) {
             const { resp: iamRolesResp, error } = await handler_1.runQuery({
                 command: this,
@@ -106,7 +117,7 @@ class StartIAMRoleSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartIAMRoleSessionDocument,
-            variables: { id: roleId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: roleId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId: sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -125,6 +136,10 @@ class StartIAMRoleSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, roleId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -142,4 +157,8 @@ StartIAMRoleSession.flags = {
         multiple: false,
         description: 'The ID of the Opal role resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/kube-roles/start.d.ts

@@ -6,6 +6,7 @@ export default class StartKubeIAMRoleSession extends Command {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
         accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/kube-roles/start.js

@@ -8,9 +8,10 @@ const inquirer = require("inquirer");
 const types_1 = require("../../types");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
+const common_1 = require("../../lib/common");
 const StartKubeIAMRoleSessionDocument = `
-mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -27,9 +28,18 @@ mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessL
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 const ListKubeIamRolesDocument = `
@@ -54,6 +64,7 @@ class StartKubeIAMRoleSession extends command_1.Command {
         const { flags } = this.parse(StartKubeIAMRoleSession);
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         let clusterId = flags.id;
+        const sessionId = flags.sessionId;
         if (!clusterId) {
             const { resp: kubeIamRolesResp, error } = await handler_1.runQuery({
                 command: this,
@@ -101,7 +112,7 @@ class StartKubeIAMRoleSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartKubeIAMRoleSessionDocument,
-            variables: { id: clusterId, accessLevel },
+            variables: { id: clusterId, accessLevel, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -120,6 +131,10 @@ class StartKubeIAMRoleSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, clusterId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -142,4 +157,8 @@ StartKubeIAMRoleSession.flags = {
         multiple: false,
         description: 'The remote ID of the access level with which to access the cluster.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/login.d.ts

@@ -1,4 +1,5 @@
 import { Command } from '@oclif/command';
+export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n  organizationSettings {\n      ... on OrganizationSettingsResult {\n        settings {\n          id\n        }\n      }\n  }\n}\n";
 export default class Login extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/login.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLIAuthSessionCheckDocument = void 0;
 const command_1 = require("@oclif/command");
 const keytar = require("keytar");
 const open = require("open");
@@ -27,7 +28,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
     }
   }
 }`;
-const CLIAuthSessionCheckDocument = `
+exports.CLIAuthSessionCheckDocument = `
 query CLIAuthSessionCheck {
   organizationSettings {
       ... on OrganizationSettingsResult {
@@ -131,7 +132,7 @@ class Login extends command_1.Command {
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
                 command: this,
-                query: CLIAuthSessionCheckDocument,
+                query: exports.CLIAuthSessionCheckDocument,
                 variables: {},
             });
             if (authCheckErr || !((_e = (_d = (_c = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _c === void 0 ? void 0 : _c.organizationSettings) === null || _d === void 0 ? void 0 : _d.settings) === null || _e === void 0 ? void 0 : _e.id)) {

package/lib/commands/postgres-instances/start.d.ts

@@ -6,6 +6,7 @@ export default class StartPostgresInstanceSession extends Command {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
         accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/postgres-instances/start.js

@@ -6,6 +6,7 @@ const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
 const inquirer = require("inquirer");
 const resources_1 = require("../../lib/resources");
+const common_1 = require("../../lib/common");
 const ListPostgresInstancesDocument = `
 query ListPostgresInstances {
   resources(input: {serviceType: POSTGRES, onlyMine: true, maxNumEntries: 1000}) {
@@ -20,8 +21,8 @@ query ListPostgresInstances {
   }
 }`;
 const StartPostgresInstanceSessionDocument = `
-mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -38,9 +39,18 @@ mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAc
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartPostgresInstanceSession extends command_1.Command {
@@ -49,6 +59,7 @@ class StartPostgresInstanceSession extends command_1.Command {
         const { flags } = this.parse(StartPostgresInstanceSession);
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         if (!instanceId) {
             const { resp: postgresInstancesResp, error } = await handler_1.runQuery({
@@ -100,6 +111,7 @@ class StartPostgresInstanceSession extends command_1.Command {
             variables: {
                 id: instanceId,
                 accessLevel,
+                sessionId,
             },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
@@ -138,6 +150,10 @@ class StartPostgresInstanceSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -160,4 +176,8 @@ StartPostgresInstanceSession.flags = {
         multiple: false,
         description: 'The remote ID of the access level with which to access the database.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/set-token.d.ts

@@ -0,0 +1,10 @@
+import { Command } from '@oclif/command';
+export default class SetToken extends Command {
+    static description: string;
+    static examples: string[];
+    static flags: {
+        help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
+    };
+    static args: never[];
+    run(): Promise<void>;
+}

package/lib/commands/set-token.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("@oclif/command");
+const keytar = require("keytar");
+const inquirer = require("inquirer");
+const apollo_1 = require("../lib/apollo");
+const credentials_1 = require("../lib/credentials");
+const handler_1 = require("../handler");
+const credentials_2 = require("../lib/credentials");
+const login_1 = require("./login");
+class SetToken extends command_1.Command {
+    async run() {
+        var _a, _b, _c;
+        try {
+            await apollo_1.initClient(this);
+            const { apiToken } = await inquirer.prompt([
+                {
+                    name: 'apiToken',
+                    message: 'Enter your API Key:',
+                    type: 'password',
+                    validate: key => Boolean(key),
+                },
+            ]);
+            // Clear previously-stored credentials from keychain if they exist
+            let email;
+            let organizationID;
+            if (await credentials_1.cred.accessToken) {
+                email = await credentials_1.cred.email;
+                organizationID = await credentials_1.cred.organizationID;
+                await credentials_1.cred.removeCredentials(-1);
+            }
+            // Store API token in keychain - mimics login command
+            await keytar.setPassword(credentials_2.OPAL_CREDS_KEY, (email || 'unset-email') + '|' + organizationID, apiToken || '');
+            // "Representative" authenticated call to check the log-in worked as expected.
+            const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
+                command: this,
+                query: login_1.CLIAuthSessionCheckDocument,
+                variables: {},
+            });
+            if (authCheckErr ||
+                !((_c = (_b = (_a = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _a === void 0 ? void 0 : _a.organizationSettings) === null || _b === void 0 ? void 0 : _b.settings) === null || _c === void 0 ? void 0 : _c.id)) {
+                this.log('Error verifying log in. Authenticated commands may fail. Please double check your API token and use `opal logout; opal set-token` to try again.\n');
+                return;
+            }
+            this.log('🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n');
+        }
+        catch (error) {
+            this.error(error);
+        }
+    }
+}
+exports.default = SetToken;
+SetToken.description = 'Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.';
+SetToken.examples = ['$ opal set-token'];
+SetToken.flags = {
+    help: command_1.flags.help({ char: 'h' }),
+};
+SetToken.args = [];

package/lib/commands/set-url.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const command_1 = require("@oclif/command");
 const apollo_1 = require("../lib/apollo");
 const config_1 = require("../lib/config");
+const credentials_1 = require("../lib/credentials");
 class SetUrl extends command_1.Command {
     async run() {
         try {
@@ -31,6 +32,7 @@ class SetUrl extends command_1.Command {
             configData[config_1.allowSelfSignedCertsKey] = flags.allowSelfSignedCerts !== undefined;
             config_1.writeConfigData(this.config.configDir, configData);
             const updatedConfigData = config_1.getOrCreateConfigData(this.config.configDir);
+            await credentials_1.cred.removeCredentials(-1);
             await apollo_1.initClient(this);
             this.log(`Opal CLI will now make requests to the server at ${updatedConfigData[config_1.urlKey]}`);
         }

package/lib/commands/ssh/copyFrom.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: flags.IOptionFlag<string>;
         user: flags.IOptionFlag<string>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/copyFrom.js

@@ -5,9 +5,10 @@ const handler_1 = require("../../handler");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
 const ssh_1 = require("../../lib/ssh");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -26,9 +27,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSCPSession extends command_1.Command {
@@ -41,6 +51,7 @@ class StartSCPSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SCP into');
             if (!selectedInstance) {
@@ -52,7 +63,7 @@ class StartSCPSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -75,6 +86,10 @@ class StartSCPSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -109,4 +124,8 @@ StartSCPSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/ssh/copyTo.d.ts

@@ -8,6 +8,7 @@ export default class StartSCPSession extends Command {
         dest: flags.IOptionFlag<string>;
         user: flags.IOptionFlag<string>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/copyTo.js

@@ -5,9 +5,10 @@ const handler_1 = require("../../handler");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
 const ssh_1 = require("../../lib/ssh");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -26,9 +27,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSCPSession extends command_1.Command {
@@ -41,6 +51,7 @@ class StartSCPSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SCP into');
             if (!selectedInstance) {
@@ -52,7 +63,7 @@ class StartSCPSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -75,6 +86,10 @@ class StartSCPSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -109,4 +124,8 @@ StartSCPSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/commands/ssh/start.d.ts

@@ -5,6 +5,7 @@ export default class StartSSHSession extends Command {
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
         id: flags.IOptionFlag<string | undefined>;
+        sessionId: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/start.js

@@ -7,9 +7,10 @@ const apollo_1 = require("../../lib/apollo");
 const ssh_1 = require("../../lib/ssh");
 const get_1 = require("../../commands/resources/get");
 const aws_1 = require("../../lib/aws");
+const common_1 = require("../../lib/common");
 const StartSSHSessionDocument = `
-mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel}) {
+mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
+  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
     __typename
     ... on CreateSessionResult {
       session {
@@ -28,9 +29,18 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
         }
       }
     }
+    ... on SessionNotFoundError {
+      message
+    }
+    ... on MfaInvalidError {
+      message
+    }
     ... on ResourceNotFoundError {
       message
     }
+    ... on EndSystemAuthorizationError {
+      message
+    }
   }
 }`;
 class StartSSHSession extends command_1.Command {
@@ -43,6 +53,7 @@ class StartSSHSession extends command_1.Command {
         }
         let instanceId = flags.id;
         let instanceName = null;
+        const sessionId = flags.sessionId;
         // TODO: RESOURCES-1: How do we grant access to a perm using ID
         if (!instanceId) {
             const selectedInstance = await ssh_1.selectComputeInstance(this, 'SSH into');
@@ -69,7 +80,7 @@ class StartSSHSession extends command_1.Command {
         const { resp, error } = await handler_1.runMutation({
             command: this,
             query: StartSSHSessionDocument,
-            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL },
+            variables: { id: instanceId, accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL, sessionId },
         });
         switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
             case 'CreateSessionResult': {
@@ -90,6 +101,10 @@ class StartSSHSession extends command_1.Command {
                 }
                 break;
             }
+            case 'MfaInvalidError': {
+                common_1.handleMfaRedirect(this, instanceId);
+                break;
+            }
             default:
                 apollo_1.printRequestOutput(this, resp, error);
         }
@@ -107,4 +122,14 @@ StartSSHSession.flags = {
         multiple: false,
         description: 'The ID of the Opal instance resource.',
     }),
+    // TODO: Unfortunately allowing SSM over SSH disables logging
+    // user: flags.string({
+    //   multiple: false,
+    //   required: false,
+    //   default: "ssm-user",
+    // }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        description: 'SessionId of a session that has already been created via the web flow.',
+    }),
 };

package/lib/lib/common.d.ts

@@ -0,0 +1,2 @@
+import { Command } from '@oclif/command';
+export declare const handleMfaRedirect: (command: Command, resourceId: string) => void;

package/lib/lib/common.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleMfaRedirect = void 0;
+const config_1 = require("./config");
+const open = require("open");
+exports.handleMfaRedirect = (command, resourceId) => {
+    command.log('❗ MFA validation needed. Please connect via browser. Redirecting...');
+    const configData = config_1.getOrCreateConfigData(command.config.configDir);
+    const url = configData[config_1.urlKey];
+    setTimeout(() => {
+        open(url + `/resources/${resourceId}?showModal=true`);
+    }, 2000);
+};

package/lib/lib/config.js

@@ -55,6 +55,7 @@ exports.isProduction = (configDir) => {
     // Custom URLs are considered production since it includes on-prem
     return configData[exports.urlKey] !== 'https://dev.opal.dev' &&
         configData[exports.urlKey] !== 'http://localhost:3000' &&
+        configData[exports.urlKey] !== 'http://localhost:4000' &&
         configData[exports.urlKey] !== 'https://demo.opal.dev' &&
         configData[exports.urlKey] !== 'https://staging.opal.dev';
 };

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"2.0.12","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."}},"args":[]}}}
+{"version":"2.0.15","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]}}}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "2.0.12",
+  "version": "2.0.15",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"
@@ -9,22 +9,24 @@
   "bugs": "https://github.com/opalsecurity/opal-cli/issues",
   "dependencies": {
     "@apollo/client": "^3.3.13",
-    "@graphql-codegen/cli": "^1.21.3",
+    "@graphql-codegen/cli": "^2.6.2",
     "@graphql-codegen/near-operation-file-preset": "^1.17.13",
     "@graphql-codegen/typescript": "^1.21.1",
     "@graphql-codegen/typescript-oclif": "^1.17.9",
-    "@oclif/command": "^1.8.0",
+    "@oclif/command": "^1.8.16",
     "@oclif/config": "^1.17.0",
+    "@oclif/errors": "^1.3.5",
     "@oclif/plugin-autocomplete": "^0.3.0",
-    "@oclif/plugin-help": "^3.2.2",
+    "@oclif/plugin-help": "^5.1.12",
     "@types/inquirer": "^7.3.1",
     "@types/prettyjson": "0.0.29",
     "chalk": "^2.4.2",
     "graphql": "^15.5.0",
+    "inquirer": "^8.2.4",
     "inquirer-autocomplete-prompt": "^1.4.0",
     "keytar": "^7.7.0",
     "lodash": "^4.17.21",
-    "node-fetch": "^2.6.1",
+    "node-fetch": "^2.6.7",
     "open": "^8.0.4",
     "openid-client": "^4.6.0",
     "prettyjson": "^1.2.1",
@@ -35,17 +37,16 @@
     "@oclif/dev-cli": "^1.26.0",
     "@oclif/test": "^1.2.8",
     "@types/chai": "^4.2.16",
-    "@types/chalk": "^2.2.0",
     "@types/lodash": "^4.14.169",
     "@types/mocha": "^5.2.7",
     "@types/node": "^14.14.37",
     "@types/semver": "^7.3.8",
     "chai": "^4.3.4",
-    "eslint": "^5.16.0",
+    "eslint": "^8.17.0",
     "eslint-config-oclif": "^3.1.0",
     "eslint-config-oclif-typescript": "^0.1.0",
     "globby": "^10.0.2",
-    "mocha": "^5.2.0",
+    "mocha": "^10.0.0",
     "nyc": "^14.1.1",
     "ts-node": "^8.10.2",
     "typescript": "^3.9.9"
@@ -78,6 +79,9 @@
     "type": "git",
     "url": "https://github.com/opalsecurity/opal-cli.git"
   },
+  "resolutions": {
+    "ansi-regex": "5.0.1"
+  },
   "scripts": {
     "postpack": "rm -f oclif.manifest.json",
     "posttest": "eslint . --ext .ts --config .eslintrc",