opal-security 2.0.20 → 2.1.0

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (-v|--version|version)
-opal-security/2.0.20 darwin-x64 node-v14.16.1
+opal-security/2.1.0 darwin-x64 node-v14.16.1
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -45,7 +45,7 @@ USAGE
 * [`opal resources:get`](#opal-resourcesget)
 * [`opal set-custom-header`](#opal-set-custom-header)
 * [`opal set-token`](#opal-set-token)
-* [`opal set-url`](#opal-set-url)
+* [`opal set-url [URL]`](#opal-set-url-url)
 * [`opal ssh:copyFrom`](#opal-sshcopyfrom)
 * [`opal ssh:copyTo`](#opal-sshcopyto)
 * [`opal ssh:start`](#opal-sshstart)
@@ -88,7 +88,7 @@ EXAMPLE
   opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/aws/identity.ts)_
 
 ## `opal curl-example`
 
@@ -102,7 +102,7 @@ OPTIONS
   -h, --help  show CLI help
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/curl-example.ts)_
 
 ## `opal help [COMMAND]`
 
@@ -141,7 +141,7 @@ EXAMPLES
   opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles:start`
 
@@ -164,7 +164,7 @@ EXAMPLES
   "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -175,13 +175,14 @@ USAGE
   $ opal login
 
 OPTIONS
-  -h, --help  show CLI help
+  -h, --help     show CLI help
+  --email=email  Email address to login with.
 
 EXAMPLE
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -198,7 +199,7 @@ EXAMPLE
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/logout.ts)_
 
 ## `opal postgres-instances:start`
 
@@ -220,7 +221,7 @@ EXAMPLES
   opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources:get`
 
@@ -238,7 +239,7 @@ EXAMPLE
   opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/resources/get.ts)_
 
 ## `opal set-custom-header`
 
@@ -256,7 +257,7 @@ EXAMPLE
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -273,31 +274,28 @@ EXAMPLE
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/set-token.ts)_
 
-## `opal set-url`
+## `opal set-url [URL]`
 
 Sets the url of the Opal server. Defaults to https://app.opal.dev.
 
 ```
 USAGE
-  $ opal set-url
+  $ opal set-url [URL]
+
+ARGUMENTS
+  URL  URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev
 
 OPTIONS
   -h, --help              show CLI help
   --allowSelfSignedCerts
-  --custom=custom
-  --demo
-  --dev
-  --devLocal
-  --prod
-  --staging
 
 EXAMPLE
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/set-url.ts)_
 
 ## `opal ssh:copyFrom`
 
@@ -324,7 +322,7 @@ EXAMPLES
   opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh:copyTo`
 
@@ -351,11 +349,11 @@ EXAMPLES
   opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh:start`
 
-Start an SSH session to access a particular compute instance.
+Starts an SSH session to access a compute instance.
 
 ```
 USAGE
@@ -371,5 +369,5 @@ EXAMPLES
   opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.0.20/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.0/src/commands/ssh/start.ts)_
 <!-- commandsstop -->

package/lib/commands/iam-roles/start.js

@@ -4,59 +4,17 @@ const command_1 = require("@oclif/command");
 const handler_1 = require("../../handler");
 const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
-const inquirer = require("inquirer");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
 const get_1 = require("../../commands/resources/get");
-const common_1 = require("../../lib/common");
-const StartIAMRoleSessionDocument = `
-mutation StartIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
-    __typename
-    ... on CreateSessionResult {
-      session {
-        id
-        endTime
-        metadata {
-          ... on AwsIamFederatedRoleSession {
-            awsAccessKeyId
-            awsSecretAccessKey
-            awsSessionToken
-            awsLoginUrl
-            federatedArn
-          }
-        }
-      }
-    }
-    ... on SessionNotFoundError {
-      message
-    }
-    ... on MfaInvalidError {
-      message
-    }
-    ... on OidcIDTokenNotFoundError {
-      message
-    }
-    ... on ResourceNotFoundError {
-      message
-    }
-    ... on EndSystemAuthorizationError {
-      message
-    }
-  }
-}`;
-const ListIamRolesDocument = `
-query ListIAMRoles {
-  resources(input: {resourceTypes: [AWS_IAM_ROLE], onlyMine: true, maxNumEntries: 1000}) {
-    __typename
-    ... on ResourcesResult {
-      resources {
-        name
-        id
-      }
-      cursor
-    }
-  }
+const sessions_1 = require("../../lib/sessions");
+const IamSessionMetadataFragment = `
+... on AwsIamFederatedRoleSession {
+  awsAccessKeyId
+  awsSecretAccessKey
+  awsSessionToken
+  awsLoginUrl
+  federatedArn
 }`;
 class StartIAMRoleSession extends command_1.Command {
     async run() {
@@ -66,98 +24,45 @@ class StartIAMRoleSession extends command_1.Command {
         let roleName = null;
         const sessionId = flags.sessionId;
         if (!roleId) {
-            const { resp: iamRolesResp, error } = await handler_1.runQuery({
-                command: this,
-                query: ListIamRolesDocument,
-                variables: {},
-            });
-            if (error) {
-                apollo_1.printRequestOutput(this, iamRolesResp, error);
-                return;
-            }
-            const resourceInfos = iamRolesResp === null || iamRolesResp === void 0 ? void 0 : iamRolesResp.data.resources.resources.map((resource) => {
-                return {
-                    id: resource.id,
-                    name: resource.name,
-                };
-            });
-            const noResourcesFound = resources_1.resourcesAreEmpty(this, resourceInfos);
-            if (noResourcesFound) {
+            const selectedRole = await resources_1.promptUserForResource(this, 'AWS_IAM_ROLE', 'Select an IAM role to assume');
+            if (!selectedRole) {
                 return;
             }
-            const resourceInfoByName = {};
-            resourceInfos.forEach(resourceInfo => {
-                resourceInfoByName[resourceInfo.name] = resourceInfo;
-            });
-            inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-            const selectedIamRoleInfo = await inquirer.prompt([
-                {
-                    name: 'role',
-                    message: 'Select an IAM role to assume',
-                    type: 'autocomplete',
-                    source: (answers, input) => cmd_1.filterChoices(input, resourceInfos),
-                },
-            ]);
-            const selectedIamRole = resourceInfoByName[selectedIamRoleInfo.role];
-            if (!selectedIamRole) {
-                return;
-            }
-            roleId = selectedIamRole.id;
-            roleName = selectedIamRole.name;
+            roleId = selectedRole.id;
+            roleName = selectedRole.name;
         }
         else {
-            const { resp: sshInstanceResp, error } = await handler_1.runQuery({
+            const { resp, error } = await handler_1.runQuery({
                 command: this,
                 query: get_1.GetResourceDocument,
                 variables: {
                     id: roleId,
                 },
             });
-            if (error || !(sshInstanceResp === null || sshInstanceResp === void 0 ? void 0 : sshInstanceResp.data.resource.resource)) {
-                apollo_1.printRequestOutput(this, sshInstanceResp, error);
-                return;
+            if (error) {
+                return apollo_1.handleError(this, error, resp);
+            }
+            if (!(resp === null || resp === void 0 ? void 0 : resp.data.resource.resource)) {
+                return apollo_1.handleError(this, `Resource not found for ID: ${roleId}`);
             }
-            roleName = (sshInstanceResp === null || sshInstanceResp === void 0 ? void 0 : sshInstanceResp.data.resource.resource.name) || 'iam-role';
+            roleName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || 'iam-role';
         }
         if (flags.profileName && flags.profileName !== '') {
             roleName = flags.profileName;
         }
-        const { resp, error } = await handler_1.runMutation({
-            command: this,
-            query: StartIAMRoleSessionDocument,
-            variables: {
-                id: roleId,
-                accessLevel: cmd_1.DEFAULT_ACCESS_LEVEL,
-                sessionId: sessionId,
-            },
-        });
-        switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
-            case 'CreateSessionResult': {
-                const metadata = resp.data.createSession.session.metadata;
-                switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-                    case 'AwsIamFederatedRoleSession': {
-                        const updateAwsConfigCommand = aws_1.getAwsConfigUpdateCmd(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
-                        const startSessionCmd = `${updateAwsConfigCommand}`;
-                        const awsEnvVarMessage = aws_1.getAwsEnvVarMessage();
-                        cmd_1.runCommandExec(startSessionCmd, `Now set to use ${roleName ? `"${roleName}" role` : 'role'}.${awsEnvVarMessage}`, `Failed to use ${roleName ? `"${roleName}" role` : 'role'}.`);
-                        this.log();
-                        break;
-                    }
-                    default:
-                        apollo_1.printRequestOutput(this, resp, error);
-                }
-                break;
-            }
-            case 'MfaInvalidError': {
-                common_1.handleMfaRedirect(this, roleId);
-                break;
-            }
-            case 'OidcIDTokenNotFoundError': {
-                common_1.handleOidcRedirect(this, roleId);
+        const session = await sessions_1.getOrCreateSession(this, roleId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, IamSessionMetadataFragment);
+        const metadata = session.metadata;
+        switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
+            case 'AwsIamFederatedRoleSession': {
+                const updateAwsConfigCommand = aws_1.getAwsConfigUpdateCmd(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
+                const startSessionCmd = `${updateAwsConfigCommand}`;
+                const roleText = roleName ? `"${roleName}" role` : 'role';
+                const expirationMessage = sessions_1.getSessionExpirationMessage(session);
+                cmd_1.runCommandExec(startSessionCmd, `Now set to use ${roleText}. (session expires in ${expirationMessage})${aws_1.getAwsEnvVarMessage()}`, `Failed to use ${roleText}.`);
                 break;
             }
             default:
-                apollo_1.printRequestOutput(this, resp, error);
+                return apollo_1.handleError(this, undefined, session);
         }
     }
 }
@@ -180,6 +85,6 @@ StartIAMRoleSession.flags = {
     }),
     profileName: command_1.flags.string({
         multiple: false,
-        description: "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
+        description: 'Uses a custom AWS profile name for the IAM role. Default value is the role\'s name.',
     }),
 };

package/lib/commands/kube-roles/start.js

@@ -1,151 +1,52 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const command_1 = require("@oclif/command");
-const handler_1 = require("../../handler");
 const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
-const inquirer = require("inquirer");
-const types_1 = require("../../types");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
-const common_1 = require("../../lib/common");
-const StartKubeIAMRoleSessionDocument = `
-mutation StartKubeIAMRoleSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
-  createSession(input: {resourceId: $id, accessLevel: $accessLevel, sessionId: $sessionId}) {
-    __typename
-    ... on CreateSessionResult {
-      session {
-        id
-        endTime
-        metadata {
-          ... on AwsIamFederatedEksSession {
-            awsAccessKeyId
-            awsSecretAccessKey
-            awsSessionToken
-            clusterName
-            clusterRegion
-          }
-        }
-      }
-    }
-    ... on SessionNotFoundError {
-      message
-    }
-    ... on MfaInvalidError {
-      message
-    }
-    ... on OidcIDTokenNotFoundError {
-      message
-    }
-    ... on ResourceNotFoundError {
-      message
-    }
-    ... on EndSystemAuthorizationError {
-      message
-    }
-  }
-}`;
-const ListKubeIamRolesDocument = `
-query ListKubeIAMRoles {
-  resources(input: {serviceType: KUBERNETES, onlyMine: true, maxNumEntries: 1000}) {
-    __typename
-    ... on ResourcesResult {
-      resources {
-        name
-        id
-        connection {
-          connectionType
-        }
-      }
-      cursor
-    }
-  }
+const sessions_1 = require("../../lib/sessions");
+const EksSessionMetadataFragment = `
+... on AwsIamFederatedEksSession {
+  awsAccessKeyId
+  awsSecretAccessKey
+  awsSessionToken
+  clusterName
+  clusterRegion
 }`;
 class StartKubeIAMRoleSession extends command_1.Command {
     async run() {
         cmd_1.setMostRecentCommand(this);
         const { flags } = this.parse(StartKubeIAMRoleSession);
-        // TODO: RESOURCES-1: How do we grant access to a perm using ID
         let clusterId = flags.id;
         const sessionId = flags.sessionId;
         if (!clusterId) {
-            const { resp: kubeIamRolesResp, error } = await handler_1.runQuery({
-                command: this,
-                query: ListKubeIamRolesDocument,
-                variables: {},
-            });
-            if (error) {
-                apollo_1.printRequestOutput(this, kubeIamRolesResp, error);
-                return;
-            }
-            const resourceInfos = kubeIamRolesResp === null || kubeIamRolesResp === void 0 ? void 0 : kubeIamRolesResp.data.resources.resources.filter((resource) => { var _a; return ((_a = resource.connection) === null || _a === void 0 ? void 0 : _a.connectionType) === types_1.ConnectionType.Aws; }).map((resource) => {
-                return {
-                    id: resource.id,
-                    name: resource.name,
-                };
-            });
-            const noResourcesFound = resources_1.resourcesAreEmpty(this, resourceInfos);
-            if (noResourcesFound) {
-                return;
-            }
-            const resourceInfoByName = {};
-            resourceInfos.forEach(resourceInfo => {
-                resourceInfoByName[resourceInfo.name] = resourceInfo;
-            });
-            inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-            const selectedKubeClusterInfo = await inquirer.prompt([
-                {
-                    name: 'role',
-                    message: 'Select a Kubernetes cluster to connect to',
-                    type: 'autocomplete',
-                    source: (answers, input) => cmd_1.filterChoices(input, resourceInfos),
-                },
-            ]);
-            const selectedKubeCluster = resourceInfoByName[selectedKubeClusterInfo.role];
-            if (!selectedKubeCluster) {
+            const selectedCluster = await resources_1.promptUserForResource(this, 'AWS_EKS_CLUSTER', 'Select an EKS Kubernetes cluster to connect to');
+            if (!selectedCluster) {
                 return;
             }
-            clusterId = selectedKubeCluster.id;
-            // TODO: RESOURCES-2: Select the access level for the K8s cluster
+            clusterId = selectedCluster.id;
         }
         // Fetch all access levels for resource
         const accessLevel = await resources_1.promptUserForAccessLevels(this, clusterId, 'Kubernetes cluster', flags.accessLevelRemoteId);
         if (!accessLevel) {
             return;
         }
-        const roleName = accessLevel.accessLevelName;
-        const { resp, error } = await handler_1.runMutation({
-            command: this,
-            query: StartKubeIAMRoleSessionDocument,
-            variables: { id: clusterId, accessLevel, sessionId },
-        });
-        switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
-            case 'CreateSessionResult': {
-                const metadata = resp.data.createSession.session.metadata;
-                switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-                    case 'AwsIamFederatedEksSession': {
-                        const updateAwsConfigCommand = aws_1.getAwsConfigUpdateCmd(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
-                        const updateKubeConfigCmd = `aws eks update-kubeconfig --name ${metadata.clusterName} --region ${metadata.clusterRegion} --alias ${metadata.clusterName} --profile opal`;
-                        const startSessionCmd = `${updateAwsConfigCommand} && ${updateKubeConfigCmd}`;
-                        const awsEnvVarMessage = aws_1.getAwsEnvVarMessage();
-                        cmd_1.runCommandExec(startSessionCmd, `Now set to use ${roleName ? `"${roleName}" role` : 'role'} with updated Kube config pointing to "${metadata.clusterName}" cluster.${awsEnvVarMessage}`, `Failed to assume ${roleName ? `"${roleName}" role` : 'role'} and update Kube config.`);
-                        break;
-                    }
-                    default:
-                        apollo_1.printRequestOutput(this, resp, error);
-                }
-                break;
-            }
-            case 'MfaInvalidError': {
-                common_1.handleMfaRedirect(this, clusterId);
-                break;
-            }
-            case 'OidcIDTokenNotFoundError': {
-                common_1.handleOidcRedirect(this, clusterId);
+        const session = await sessions_1.getOrCreateSession(this, clusterId, accessLevel, sessionId, EksSessionMetadataFragment);
+        const metadata = session.metadata;
+        switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
+            case 'AwsIamFederatedEksSession': {
+                const roleName = accessLevel.accessLevelName;
+                const updateAwsConfigCommand = aws_1.getAwsConfigUpdateCmd(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
+                const updateKubeConfigCmd = `aws eks update-kubeconfig --name ${metadata.clusterName} --region ${metadata.clusterRegion} --alias ${metadata.clusterName} --profile opal`;
+                const startSessionCmd = `${updateAwsConfigCommand} && ${updateKubeConfigCmd}`;
+                const roleText = roleName ? `"${roleName}" role` : 'role';
+                const expirationMessage = sessions_1.getSessionExpirationMessage(session);
+                cmd_1.runCommandExec(startSessionCmd, `Now set to use ${roleText} with updated Kube config pointing to "${metadata.clusterName}" cluster. (session expires in ${expirationMessage})${aws_1.getAwsEnvVarMessage()}`, `Failed to assume ${roleText} and update Kube config.`);
                 break;
             }
             default:
-                apollo_1.printRequestOutput(this, resp, error);
+                return apollo_1.handleError(this, undefined, session);
         }
     }
 }

package/lib/commands/login.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/command';
+import { Command, flags } from '@oclif/command';
 export declare const CLIAuthSessionCheckName = "CLIAuthSessionCheck";
 export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n  organizationSettings {\n      ... on OrganizationSettingsResult {\n        settings {\n          id\n        }\n      }\n  }\n}\n";
 export default class Login extends Command {
@@ -6,6 +6,7 @@ export default class Login extends Command {
     static examples: string[];
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
+        email: flags.IOptionFlag<string | undefined>;
     };
     static args: never[];
     run(): Promise<void>;