opal-security 2.0.13 → 2.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +31 -13
- package/lib/commands/login.d.ts +1 -0
- package/lib/commands/login.js +3 -2
- package/lib/commands/set-token.d.ts +10 -0
- package/lib/commands/set-token.js +58 -0
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -22,7 +22,7 @@ $ npm install -g opal-security
|
|
|
22
22
|
$ opal COMMAND
|
|
23
23
|
running command...
|
|
24
24
|
$ opal (-v|--version|version)
|
|
25
|
-
opal-security/2.0.
|
|
25
|
+
opal-security/2.0.14 darwin-x64 node-v14.16.1
|
|
26
26
|
$ opal --help [COMMAND]
|
|
27
27
|
USAGE
|
|
28
28
|
$ opal COMMAND
|
|
@@ -43,6 +43,7 @@ USAGE
|
|
|
43
43
|
* [`opal logout`](#opal-logout)
|
|
44
44
|
* [`opal postgres-instances:start`](#opal-postgres-instancesstart)
|
|
45
45
|
* [`opal resources:get`](#opal-resourcesget)
|
|
46
|
+
* [`opal set-token`](#opal-set-token)
|
|
46
47
|
* [`opal set-url`](#opal-set-url)
|
|
47
48
|
* [`opal ssh:copyFrom`](#opal-sshcopyfrom)
|
|
48
49
|
* [`opal ssh:copyTo`](#opal-sshcopyto)
|
|
@@ -86,7 +87,7 @@ EXAMPLE
|
|
|
86
87
|
opal aws:identity
|
|
87
88
|
```
|
|
88
89
|
|
|
89
|
-
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
90
|
+
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/aws/identity.ts)_
|
|
90
91
|
|
|
91
92
|
## `opal curl-example`
|
|
92
93
|
|
|
@@ -100,7 +101,7 @@ OPTIONS
|
|
|
100
101
|
-h, --help show CLI help
|
|
101
102
|
```
|
|
102
103
|
|
|
103
|
-
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
104
|
+
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/curl-example.ts)_
|
|
104
105
|
|
|
105
106
|
## `opal help [COMMAND]`
|
|
106
107
|
|
|
@@ -137,7 +138,7 @@ EXAMPLES
|
|
|
137
138
|
opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
138
139
|
```
|
|
139
140
|
|
|
140
|
-
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
141
|
+
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/iam-roles/start.ts)_
|
|
141
142
|
|
|
142
143
|
## `opal kube-roles:start`
|
|
143
144
|
|
|
@@ -160,7 +161,7 @@ EXAMPLES
|
|
|
160
161
|
"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
|
|
161
162
|
```
|
|
162
163
|
|
|
163
|
-
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
164
|
+
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/kube-roles/start.ts)_
|
|
164
165
|
|
|
165
166
|
## `opal login`
|
|
166
167
|
|
|
@@ -177,7 +178,7 @@ EXAMPLE
|
|
|
177
178
|
$ opal login
|
|
178
179
|
```
|
|
179
180
|
|
|
180
|
-
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
181
|
+
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/login.ts)_
|
|
181
182
|
|
|
182
183
|
## `opal logout`
|
|
183
184
|
|
|
@@ -194,7 +195,7 @@ EXAMPLE
|
|
|
194
195
|
$ opal logout
|
|
195
196
|
```
|
|
196
197
|
|
|
197
|
-
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
198
|
+
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/logout.ts)_
|
|
198
199
|
|
|
199
200
|
## `opal postgres-instances:start`
|
|
200
201
|
|
|
@@ -216,7 +217,7 @@ EXAMPLES
|
|
|
216
217
|
opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
|
|
217
218
|
```
|
|
218
219
|
|
|
219
|
-
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
220
|
+
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/postgres-instances/start.ts)_
|
|
220
221
|
|
|
221
222
|
## `opal resources:get`
|
|
222
223
|
|
|
@@ -234,7 +235,24 @@ EXAMPLE
|
|
|
234
235
|
opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
|
|
235
236
|
```
|
|
236
237
|
|
|
237
|
-
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
238
|
+
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/resources/get.ts)_
|
|
239
|
+
|
|
240
|
+
## `opal set-token`
|
|
241
|
+
|
|
242
|
+
Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.
|
|
243
|
+
|
|
244
|
+
```
|
|
245
|
+
USAGE
|
|
246
|
+
$ opal set-token
|
|
247
|
+
|
|
248
|
+
OPTIONS
|
|
249
|
+
-h, --help show CLI help
|
|
250
|
+
|
|
251
|
+
EXAMPLE
|
|
252
|
+
$ opal set-token
|
|
253
|
+
```
|
|
254
|
+
|
|
255
|
+
_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/set-token.ts)_
|
|
238
256
|
|
|
239
257
|
## `opal set-url`
|
|
240
258
|
|
|
@@ -258,7 +276,7 @@ EXAMPLE
|
|
|
258
276
|
$ opal set-host
|
|
259
277
|
```
|
|
260
278
|
|
|
261
|
-
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
279
|
+
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/set-url.ts)_
|
|
262
280
|
|
|
263
281
|
## `opal ssh:copyFrom`
|
|
264
282
|
|
|
@@ -285,7 +303,7 @@ EXAMPLES
|
|
|
285
303
|
opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
286
304
|
```
|
|
287
305
|
|
|
288
|
-
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
306
|
+
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/copyFrom.ts)_
|
|
289
307
|
|
|
290
308
|
## `opal ssh:copyTo`
|
|
291
309
|
|
|
@@ -312,7 +330,7 @@ EXAMPLES
|
|
|
312
330
|
opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
313
331
|
```
|
|
314
332
|
|
|
315
|
-
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
333
|
+
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/copyTo.ts)_
|
|
316
334
|
|
|
317
335
|
## `opal ssh:start`
|
|
318
336
|
|
|
@@ -332,5 +350,5 @@ EXAMPLES
|
|
|
332
350
|
opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
333
351
|
```
|
|
334
352
|
|
|
335
|
-
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
353
|
+
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.14/src/commands/ssh/start.ts)_
|
|
336
354
|
<!-- commandsstop -->
|
package/lib/commands/login.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Command } from '@oclif/command';
|
|
2
|
+
export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n organizationSettings {\n ... on OrganizationSettingsResult {\n settings {\n id\n }\n }\n }\n}\n";
|
|
2
3
|
export default class Login extends Command {
|
|
3
4
|
static description: string;
|
|
4
5
|
static examples: string[];
|
package/lib/commands/login.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CLIAuthSessionCheckDocument = void 0;
|
|
3
4
|
const command_1 = require("@oclif/command");
|
|
4
5
|
const keytar = require("keytar");
|
|
5
6
|
const open = require("open");
|
|
@@ -27,7 +28,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
|
|
|
27
28
|
}
|
|
28
29
|
}
|
|
29
30
|
}`;
|
|
30
|
-
|
|
31
|
+
exports.CLIAuthSessionCheckDocument = `
|
|
31
32
|
query CLIAuthSessionCheck {
|
|
32
33
|
organizationSettings {
|
|
33
34
|
... on OrganizationSettingsResult {
|
|
@@ -131,7 +132,7 @@ class Login extends command_1.Command {
|
|
|
131
132
|
// "Representative" authenticated call to check the log-in worked as expected.
|
|
132
133
|
const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
|
|
133
134
|
command: this,
|
|
134
|
-
query: CLIAuthSessionCheckDocument,
|
|
135
|
+
query: exports.CLIAuthSessionCheckDocument,
|
|
135
136
|
variables: {},
|
|
136
137
|
});
|
|
137
138
|
if (authCheckErr || !((_e = (_d = (_c = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _c === void 0 ? void 0 : _c.organizationSettings) === null || _d === void 0 ? void 0 : _d.settings) === null || _e === void 0 ? void 0 : _e.id)) {
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { Command } from '@oclif/command';
|
|
2
|
+
export default class SetToken extends Command {
|
|
3
|
+
static description: string;
|
|
4
|
+
static examples: string[];
|
|
5
|
+
static flags: {
|
|
6
|
+
help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
|
|
7
|
+
};
|
|
8
|
+
static args: never[];
|
|
9
|
+
run(): Promise<void>;
|
|
10
|
+
}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const command_1 = require("@oclif/command");
|
|
4
|
+
const keytar = require("keytar");
|
|
5
|
+
const inquirer = require("inquirer");
|
|
6
|
+
const apollo_1 = require("../lib/apollo");
|
|
7
|
+
const credentials_1 = require("../lib/credentials");
|
|
8
|
+
const handler_1 = require("../handler");
|
|
9
|
+
const credentials_2 = require("../lib/credentials");
|
|
10
|
+
const login_1 = require("./login");
|
|
11
|
+
class SetToken extends command_1.Command {
|
|
12
|
+
async run() {
|
|
13
|
+
var _a, _b, _c;
|
|
14
|
+
try {
|
|
15
|
+
await apollo_1.initClient(this);
|
|
16
|
+
const { apiToken } = await inquirer.prompt([
|
|
17
|
+
{
|
|
18
|
+
name: 'apiToken',
|
|
19
|
+
message: 'Enter your API Key:',
|
|
20
|
+
type: 'password',
|
|
21
|
+
validate: key => Boolean(key),
|
|
22
|
+
},
|
|
23
|
+
]);
|
|
24
|
+
// Clear previously-stored credentials from keychain if they exist
|
|
25
|
+
let email;
|
|
26
|
+
let organizationID;
|
|
27
|
+
if (await credentials_1.cred.accessToken) {
|
|
28
|
+
email = await credentials_1.cred.email;
|
|
29
|
+
organizationID = await credentials_1.cred.organizationID;
|
|
30
|
+
await credentials_1.cred.removeCredentials(-1);
|
|
31
|
+
}
|
|
32
|
+
// Store API token in keychain - mimics login command
|
|
33
|
+
await keytar.setPassword(credentials_2.OPAL_CREDS_KEY, (email || 'unset-email') + '|' + organizationID, apiToken || '');
|
|
34
|
+
// "Representative" authenticated call to check the log-in worked as expected.
|
|
35
|
+
const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
|
|
36
|
+
command: this,
|
|
37
|
+
query: login_1.CLIAuthSessionCheckDocument,
|
|
38
|
+
variables: {},
|
|
39
|
+
});
|
|
40
|
+
if (authCheckErr ||
|
|
41
|
+
!((_c = (_b = (_a = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _a === void 0 ? void 0 : _a.organizationSettings) === null || _b === void 0 ? void 0 : _b.settings) === null || _c === void 0 ? void 0 : _c.id)) {
|
|
42
|
+
this.log('Error verifying log in. Authenticated commands may fail. Please double check your API token and use `opal logout; opal set-token` to try again.\n');
|
|
43
|
+
return;
|
|
44
|
+
}
|
|
45
|
+
this.log('🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n');
|
|
46
|
+
}
|
|
47
|
+
catch (error) {
|
|
48
|
+
this.error(error);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
exports.default = SetToken;
|
|
53
|
+
SetToken.description = 'Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.';
|
|
54
|
+
SetToken.examples = ['$ opal set-token'];
|
|
55
|
+
SetToken.flags = {
|
|
56
|
+
help: command_1.flags.help({ char: 'h' }),
|
|
57
|
+
};
|
|
58
|
+
SetToken.args = [];
|
package/oclif.manifest.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":"2.0.
|
|
1
|
+
{"version":"2.0.14","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-host"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]}}}
|