opal-security 2.0.18 → 2.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -15
- package/lib/commands/iam-roles/start.js +20 -7
- package/lib/commands/kube-roles/start.js +11 -2
- package/lib/commands/postgres-instances/start.js +15 -4
- package/lib/commands/ssh/start.js +14 -2
- package/lib/lib/common.d.ts +1 -0
- package/lib/lib/common.js +10 -3
- package/oclif.manifest.json +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -22,7 +22,7 @@ $ npm install -g opal-security
|
|
|
22
22
|
$ opal COMMAND
|
|
23
23
|
running command...
|
|
24
24
|
$ opal (-v|--version|version)
|
|
25
|
-
opal-security/2.0.
|
|
25
|
+
opal-security/2.0.19 darwin-x64 node-v14.16.1
|
|
26
26
|
$ opal --help [COMMAND]
|
|
27
27
|
USAGE
|
|
28
28
|
$ opal COMMAND
|
|
@@ -88,7 +88,7 @@ EXAMPLE
|
|
|
88
88
|
opal aws:identity
|
|
89
89
|
```
|
|
90
90
|
|
|
91
|
-
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
91
|
+
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/aws/identity.ts)_
|
|
92
92
|
|
|
93
93
|
## `opal curl-example`
|
|
94
94
|
|
|
@@ -102,7 +102,7 @@ OPTIONS
|
|
|
102
102
|
-h, --help show CLI help
|
|
103
103
|
```
|
|
104
104
|
|
|
105
|
-
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
105
|
+
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/curl-example.ts)_
|
|
106
106
|
|
|
107
107
|
## `opal help [COMMAND]`
|
|
108
108
|
|
|
@@ -141,7 +141,7 @@ EXAMPLES
|
|
|
141
141
|
opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
|
|
142
142
|
```
|
|
143
143
|
|
|
144
|
-
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
144
|
+
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/iam-roles/start.ts)_
|
|
145
145
|
|
|
146
146
|
## `opal kube-roles:start`
|
|
147
147
|
|
|
@@ -164,7 +164,7 @@ EXAMPLES
|
|
|
164
164
|
"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
|
|
165
165
|
```
|
|
166
166
|
|
|
167
|
-
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
167
|
+
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/kube-roles/start.ts)_
|
|
168
168
|
|
|
169
169
|
## `opal login`
|
|
170
170
|
|
|
@@ -181,7 +181,7 @@ EXAMPLE
|
|
|
181
181
|
$ opal login
|
|
182
182
|
```
|
|
183
183
|
|
|
184
|
-
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
184
|
+
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/login.ts)_
|
|
185
185
|
|
|
186
186
|
## `opal logout`
|
|
187
187
|
|
|
@@ -198,7 +198,7 @@ EXAMPLE
|
|
|
198
198
|
$ opal logout
|
|
199
199
|
```
|
|
200
200
|
|
|
201
|
-
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
201
|
+
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/logout.ts)_
|
|
202
202
|
|
|
203
203
|
## `opal postgres-instances:start`
|
|
204
204
|
|
|
@@ -220,7 +220,7 @@ EXAMPLES
|
|
|
220
220
|
opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
|
|
221
221
|
```
|
|
222
222
|
|
|
223
|
-
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
223
|
+
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/postgres-instances/start.ts)_
|
|
224
224
|
|
|
225
225
|
## `opal resources:get`
|
|
226
226
|
|
|
@@ -238,7 +238,7 @@ EXAMPLE
|
|
|
238
238
|
opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
|
|
239
239
|
```
|
|
240
240
|
|
|
241
|
-
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
241
|
+
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/resources/get.ts)_
|
|
242
242
|
|
|
243
243
|
## `opal set-custom-header`
|
|
244
244
|
|
|
@@ -256,7 +256,7 @@ EXAMPLE
|
|
|
256
256
|
$ opal set-custom-header --header 'cf-access-token: $TOKEN'
|
|
257
257
|
```
|
|
258
258
|
|
|
259
|
-
_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
259
|
+
_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/set-custom-header.ts)_
|
|
260
260
|
|
|
261
261
|
## `opal set-token`
|
|
262
262
|
|
|
@@ -273,7 +273,7 @@ EXAMPLE
|
|
|
273
273
|
$ opal set-token
|
|
274
274
|
```
|
|
275
275
|
|
|
276
|
-
_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
276
|
+
_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/set-token.ts)_
|
|
277
277
|
|
|
278
278
|
## `opal set-url`
|
|
279
279
|
|
|
@@ -297,7 +297,7 @@ EXAMPLE
|
|
|
297
297
|
$ opal set-url
|
|
298
298
|
```
|
|
299
299
|
|
|
300
|
-
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
300
|
+
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/set-url.ts)_
|
|
301
301
|
|
|
302
302
|
## `opal ssh:copyFrom`
|
|
303
303
|
|
|
@@ -324,7 +324,7 @@ EXAMPLES
|
|
|
324
324
|
opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
325
325
|
```
|
|
326
326
|
|
|
327
|
-
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
327
|
+
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/ssh/copyFrom.ts)_
|
|
328
328
|
|
|
329
329
|
## `opal ssh:copyTo`
|
|
330
330
|
|
|
@@ -351,7 +351,7 @@ EXAMPLES
|
|
|
351
351
|
opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
352
352
|
```
|
|
353
353
|
|
|
354
|
-
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
354
|
+
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/ssh/copyTo.ts)_
|
|
355
355
|
|
|
356
356
|
## `opal ssh:start`
|
|
357
357
|
|
|
@@ -371,5 +371,5 @@ EXAMPLES
|
|
|
371
371
|
opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
372
372
|
```
|
|
373
373
|
|
|
374
|
-
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.
|
|
374
|
+
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.19/src/commands/ssh/start.ts)_
|
|
375
375
|
<!-- commandsstop -->
|
|
@@ -34,6 +34,9 @@ mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevel
|
|
|
34
34
|
... on MfaInvalidError {
|
|
35
35
|
message
|
|
36
36
|
}
|
|
37
|
+
... on OidcIDTokenNotFoundError {
|
|
38
|
+
message
|
|
39
|
+
}
|
|
37
40
|
... on ResourceNotFoundError {
|
|
38
41
|
message
|
|
39
42
|
}
|
|
@@ -44,7 +47,7 @@ mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevel
|
|
|
44
47
|
}`;
|
|
45
48
|
const ListIamRolesDocument = `
|
|
46
49
|
query ListIAMRoles {
|
|
47
|
-
resources(input: {
|
|
50
|
+
resources(input: {resourceTypes: [AWS_IAM_ROLE], onlyMine: true, maxNumEntries: 1000}) {
|
|
48
51
|
__typename
|
|
49
52
|
... on ResourcesResult {
|
|
50
53
|
resources {
|
|
@@ -87,12 +90,14 @@ class StartIAMRoleSession extends command_1.Command {
|
|
|
87
90
|
resourceInfoByName[resourceInfo.name] = resourceInfo;
|
|
88
91
|
});
|
|
89
92
|
inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
|
|
90
|
-
const selectedIamRoleInfo = await inquirer.prompt([
|
|
93
|
+
const selectedIamRoleInfo = await inquirer.prompt([
|
|
94
|
+
{
|
|
91
95
|
name: 'role',
|
|
92
96
|
message: 'Select an IAM role to assume',
|
|
93
97
|
type: 'autocomplete',
|
|
94
98
|
source: (answers, input) => cmd_1.filterChoices(input, resourceInfos),
|
|
95
|
-
}
|
|
99
|
+
},
|
|
100
|
+
]);
|
|
96
101
|
const selectedIamRole = resourceInfoByName[selectedIamRoleInfo.role];
|
|
97
102
|
if (!selectedIamRole) {
|
|
98
103
|
return;
|
|
@@ -114,13 +119,17 @@ class StartIAMRoleSession extends command_1.Command {
|
|
|
114
119
|
}
|
|
115
120
|
roleName = (sshInstanceResp === null || sshInstanceResp === void 0 ? void 0 : sshInstanceResp.data.resource.resource.name) || 'iam-role';
|
|
116
121
|
}
|
|
117
|
-
if (flags.profileName && flags.profileName !==
|
|
122
|
+
if (flags.profileName && flags.profileName !== '') {
|
|
118
123
|
roleName = flags.profileName;
|
|
119
124
|
}
|
|
120
125
|
const { resp, error } = await handler_1.runMutation({
|
|
121
126
|
command: this,
|
|
122
127
|
query: StartIAMRoleSessionDocument,
|
|
123
|
-
variables: {
|
|
128
|
+
variables: {
|
|
129
|
+
id: roleId,
|
|
130
|
+
accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL,
|
|
131
|
+
sessionId: sessionId,
|
|
132
|
+
},
|
|
124
133
|
});
|
|
125
134
|
switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
|
|
126
135
|
case 'CreateSessionResult': {
|
|
@@ -143,6 +152,10 @@ class StartIAMRoleSession extends command_1.Command {
|
|
|
143
152
|
common_1.handleMfaRedirect(this, roleId);
|
|
144
153
|
break;
|
|
145
154
|
}
|
|
155
|
+
case 'OidcIDTokenNotFoundError': {
|
|
156
|
+
common_1.handleOidcRedirect(this, roleId);
|
|
157
|
+
break;
|
|
158
|
+
}
|
|
146
159
|
default:
|
|
147
160
|
apollo_1.printRequestOutput(this, resp, error);
|
|
148
161
|
}
|
|
@@ -167,6 +180,6 @@ StartIAMRoleSession.flags = {
|
|
|
167
180
|
}),
|
|
168
181
|
profileName: command_1.flags.string({
|
|
169
182
|
multiple: false,
|
|
170
|
-
description:
|
|
171
|
-
})
|
|
183
|
+
description: "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
|
|
184
|
+
}),
|
|
172
185
|
};
|
|
@@ -34,6 +34,9 @@ mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessL
|
|
|
34
34
|
... on MfaInvalidError {
|
|
35
35
|
message
|
|
36
36
|
}
|
|
37
|
+
... on OidcIDTokenNotFoundError {
|
|
38
|
+
message
|
|
39
|
+
}
|
|
37
40
|
... on ResourceNotFoundError {
|
|
38
41
|
message
|
|
39
42
|
}
|
|
@@ -90,12 +93,14 @@ class StartKubeIAMRoleSession extends command_1.Command {
|
|
|
90
93
|
resourceInfoByName[resourceInfo.name] = resourceInfo;
|
|
91
94
|
});
|
|
92
95
|
inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
|
|
93
|
-
const selectedKubeClusterInfo = await inquirer.prompt([
|
|
96
|
+
const selectedKubeClusterInfo = await inquirer.prompt([
|
|
97
|
+
{
|
|
94
98
|
name: 'role',
|
|
95
99
|
message: 'Select a Kubernetes cluster to connect to',
|
|
96
100
|
type: 'autocomplete',
|
|
97
101
|
source: (answers, input) => cmd_1.filterChoices(input, resourceInfos),
|
|
98
|
-
}
|
|
102
|
+
},
|
|
103
|
+
]);
|
|
99
104
|
const selectedKubeCluster = resourceInfoByName[selectedKubeClusterInfo.role];
|
|
100
105
|
if (!selectedKubeCluster) {
|
|
101
106
|
return;
|
|
@@ -135,6 +140,10 @@ class StartKubeIAMRoleSession extends command_1.Command {
|
|
|
135
140
|
common_1.handleMfaRedirect(this, clusterId);
|
|
136
141
|
break;
|
|
137
142
|
}
|
|
143
|
+
case 'OidcIDTokenNotFoundError': {
|
|
144
|
+
common_1.handleOidcRedirect(this, clusterId);
|
|
145
|
+
break;
|
|
146
|
+
}
|
|
138
147
|
default:
|
|
139
148
|
apollo_1.printRequestOutput(this, resp, error);
|
|
140
149
|
}
|
|
@@ -45,6 +45,9 @@ mutation StartPostgresInstanceSession($id: ResourceId!, $accessLevel: ResourceAc
|
|
|
45
45
|
... on MfaInvalidError {
|
|
46
46
|
message
|
|
47
47
|
}
|
|
48
|
+
... on OidcIDTokenNotFoundError {
|
|
49
|
+
message
|
|
50
|
+
}
|
|
48
51
|
... on ResourceNotFoundError {
|
|
49
52
|
message
|
|
50
53
|
}
|
|
@@ -86,12 +89,14 @@ class StartPostgresInstanceSession extends command_1.Command {
|
|
|
86
89
|
resourceInfoByName[resourceInfo.name] = resourceInfo;
|
|
87
90
|
});
|
|
88
91
|
inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
|
|
89
|
-
const selectedInstanceInfo = await inquirer.prompt([
|
|
92
|
+
const selectedInstanceInfo = await inquirer.prompt([
|
|
93
|
+
{
|
|
90
94
|
name: 'instance',
|
|
91
95
|
message: 'Select a Postgres RDS instance to login to',
|
|
92
96
|
type: 'autocomplete',
|
|
93
97
|
source: (answers, input) => cmd_1.filterChoices(input, resourceInfos),
|
|
94
|
-
}
|
|
98
|
+
},
|
|
99
|
+
]);
|
|
95
100
|
const selectedInstance = resourceInfoByName[selectedInstanceInfo.instance];
|
|
96
101
|
if (!selectedInstance) {
|
|
97
102
|
return;
|
|
@@ -122,7 +127,8 @@ class StartPostgresInstanceSession extends command_1.Command {
|
|
|
122
127
|
const dbUrl = `postgresql://${metadata.dbUser}:${encodeURIComponent(metadata.dbPassword)}@${metadata.dbHostname}:${metadata.dbPort}/${metadata.dbName}`;
|
|
123
128
|
const externalAppLaunchName = 'Launch external database app';
|
|
124
129
|
const psqlSessionLaunchName = 'Launch shell with psql session';
|
|
125
|
-
const selectedLaunchInfo = await inquirer.prompt([
|
|
130
|
+
const selectedLaunchInfo = await inquirer.prompt([
|
|
131
|
+
{
|
|
126
132
|
name: 'launch',
|
|
127
133
|
message: 'Select how to access the database',
|
|
128
134
|
type: 'list',
|
|
@@ -134,7 +140,8 @@ class StartPostgresInstanceSession extends command_1.Command {
|
|
|
134
140
|
name: psqlSessionLaunchName,
|
|
135
141
|
},
|
|
136
142
|
],
|
|
137
|
-
}
|
|
143
|
+
},
|
|
144
|
+
]);
|
|
138
145
|
if (selectedLaunchInfo.launch === externalAppLaunchName) {
|
|
139
146
|
const startSessionCmd = `open ${dbUrl}`;
|
|
140
147
|
cmd_1.runCommandExec(startSessionCmd, `Opened external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`, `Failed to open external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
|
|
@@ -154,6 +161,10 @@ class StartPostgresInstanceSession extends command_1.Command {
|
|
|
154
161
|
common_1.handleMfaRedirect(this, instanceId);
|
|
155
162
|
break;
|
|
156
163
|
}
|
|
164
|
+
case 'OidcIDTokenNotFoundError': {
|
|
165
|
+
common_1.handleOidcRedirect(this, instanceId);
|
|
166
|
+
break;
|
|
167
|
+
}
|
|
157
168
|
default:
|
|
158
169
|
apollo_1.printRequestOutput(this, resp, error);
|
|
159
170
|
}
|
|
@@ -35,6 +35,9 @@ mutation StartSSHSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInpu
|
|
|
35
35
|
... on MfaInvalidError {
|
|
36
36
|
message
|
|
37
37
|
}
|
|
38
|
+
... on OidcIDTokenNotFoundError {
|
|
39
|
+
message
|
|
40
|
+
}
|
|
38
41
|
... on ResourceNotFoundError {
|
|
39
42
|
message
|
|
40
43
|
}
|
|
@@ -75,12 +78,17 @@ class StartSSHSession extends command_1.Command {
|
|
|
75
78
|
apollo_1.printRequestOutput(this, sshInstanceResp, error);
|
|
76
79
|
return;
|
|
77
80
|
}
|
|
78
|
-
instanceName =
|
|
81
|
+
instanceName =
|
|
82
|
+
(sshInstanceResp === null || sshInstanceResp === void 0 ? void 0 : sshInstanceResp.data.resource.resource.name) || 'ssh-instance';
|
|
79
83
|
}
|
|
80
84
|
const { resp, error } = await handler_1.runMutation({
|
|
81
85
|
command: this,
|
|
82
86
|
query: StartSSHSessionDocument,
|
|
83
|
-
variables: {
|
|
87
|
+
variables: {
|
|
88
|
+
id: instanceId,
|
|
89
|
+
accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL,
|
|
90
|
+
sessionId,
|
|
91
|
+
},
|
|
84
92
|
});
|
|
85
93
|
switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
|
|
86
94
|
case 'CreateSessionResult': {
|
|
@@ -105,6 +113,10 @@ class StartSSHSession extends command_1.Command {
|
|
|
105
113
|
common_1.handleMfaRedirect(this, instanceId);
|
|
106
114
|
break;
|
|
107
115
|
}
|
|
116
|
+
case 'OidcIDTokenNotFoundError': {
|
|
117
|
+
common_1.handleOidcRedirect(this, instanceId);
|
|
118
|
+
break;
|
|
119
|
+
}
|
|
108
120
|
default:
|
|
109
121
|
apollo_1.printRequestOutput(this, resp, error);
|
|
110
122
|
}
|
package/lib/lib/common.d.ts
CHANGED
package/lib/lib/common.js
CHANGED
|
@@ -1,13 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.handleMfaRedirect = void 0;
|
|
3
|
+
exports.handleOidcRedirect = exports.handleMfaRedirect = void 0;
|
|
4
4
|
const config_1 = require("./config");
|
|
5
5
|
const open = require("open");
|
|
6
|
-
|
|
7
|
-
command.log('❗ MFA validation needed. Please connect via browser. Redirecting...');
|
|
6
|
+
const handleResourceRedirect = (command, resourceId) => {
|
|
8
7
|
const configData = config_1.getOrCreateConfigData(command.config.configDir);
|
|
9
8
|
const url = configData[config_1.urlKey];
|
|
10
9
|
setTimeout(() => {
|
|
11
10
|
open(url + `/resources/${resourceId}?showModal=true`);
|
|
12
11
|
}, 2000);
|
|
13
12
|
};
|
|
13
|
+
exports.handleMfaRedirect = (command, resourceId) => {
|
|
14
|
+
command.log('❗ MFA validation needed. Please connect via browser. Redirecting...');
|
|
15
|
+
handleResourceRedirect(command, resourceId);
|
|
16
|
+
};
|
|
17
|
+
exports.handleOidcRedirect = (command, resourceId) => {
|
|
18
|
+
command.log('❗ OIDC authentication needed. Please connect via browser. Redirecting...');
|
|
19
|
+
handleResourceRedirect(command, resourceId);
|
|
20
|
+
};
|
package/oclif.manifest.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":"2.0.
|
|
1
|
+
{"version":"2.0.19","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-custom-header":{"id":"set-custom-header","description":"Sets a custom HTTP header to connect to the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-custom-header --header 'cf-access-token: $TOKEN'"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"header":{"name":"header","type":"option"}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-url"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"custom":{"name":"custom","type":"option"},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"prod":{"name":"prod","type":"boolean","allowNo":false},"staging":{"name":"staging","type":"boolean","allowNo":false},"demo":{"name":"demo","type":"boolean","allowNo":false},"dev":{"name":"dev","type":"boolean","allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","allowNo":false}},"args":[]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."},"profileName":{"name":"profileName","type":"option","description":"Uses a custom AWS profile name for the IAM role. Default value is the role's name."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal role resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the cluster."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to query a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"fullaccess\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","description":"The remote ID of the access level with which to access the database."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","required":true}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"Pick which directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"Pick which user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Start an SSH session to access a particular compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","description":"The ID of the Opal instance resource."},"sessionId":{"name":"sessionId","type":"option","description":"SessionId of a session that has already been created via the web flow."}},"args":[]}}}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "opal-security",
|
|
3
3
|
"description": "Opal allows you to centrally manage access to all of your sensitive systems.",
|
|
4
|
-
"version": "2.0.
|
|
4
|
+
"version": "2.0.19",
|
|
5
5
|
"author": "Stephen Cobbe",
|
|
6
6
|
"bin": {
|
|
7
7
|
"opal": "./bin/run"
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"@types/mocha": "^5.2.7",
|
|
42
42
|
"@types/node": "^14.14.37",
|
|
43
43
|
"@types/semver": "^7.3.8",
|
|
44
|
-
"@typescript-eslint/eslint-plugin": "^5.
|
|
44
|
+
"@typescript-eslint/eslint-plugin": "^5.45.0",
|
|
45
45
|
"chai": "^4.3.4",
|
|
46
46
|
"eslint": "^8.17.0",
|
|
47
47
|
"eslint-config-oclif": "^3.1.0",
|