opal-security 2.1.0 → 2.1.2

package/lib/commands/logout.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const command_1 = require("@oclif/command");
 const credentials_1 = require("../lib/credentials");
+const flags_1 = require("../lib/flags");
 class Logout extends command_1.Command {
     async run() {
         try {
@@ -17,6 +18,6 @@ exports.default = Logout;
 Logout.description = 'Clears locally stored Opal server authentication credentials.';
 Logout.examples = ['$ opal logout'];
 Logout.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
 };
 Logout.args = [];

package/lib/commands/postgres-instances/start.d.ts

@@ -7,6 +7,8 @@ export default class StartPostgresInstanceSession extends Command {
         id: flags.IOptionFlag<string | undefined>;
         accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
         sessionId: flags.IOptionFlag<string | undefined>;
+        refresh: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
+        action: flags.IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/postgres-instances/start.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const command_1 = require("@oclif/command");
+const inquirer = require("inquirer");
 const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
-const inquirer = require("inquirer");
 const resources_1 = require("../../lib/resources");
-const common_1 = require("../../lib/common");
+const util_1 = require("../../lib/util");
 const sessions_1 = require("../../lib/sessions");
+const flags_1 = require("../../lib/flags");
 const RdsSessionMetadataFragment = `
 ... on AwsIamFederatedRdsSession {
   dbUser
@@ -15,15 +16,33 @@ const RdsSessionMetadataFragment = `
   dbPort
   dbName
 }`;
+const methodChoices = [
+    {
+        name: 'Open external database app',
+        value: 'open',
+    },
+    {
+        name: 'Start psql session in shell',
+        value: 'psql',
+    },
+    {
+        name: 'View connection configuration details',
+        value: 'view',
+    },
+];
 class StartPostgresInstanceSession extends command_1.Command {
     async run() {
         cmd_1.setMostRecentCommand(this);
         const { flags } = this.parse(StartPostgresInstanceSession);
+        if (flags.sessionId && flags.refresh) {
+            return apollo_1.handleError(this, 'Cannot use both --sessionId and --refresh');
+        }
         let instanceId = flags.id;
         let instanceName = null;
         const sessionId = flags.sessionId;
+        let action = flags.action;
         if (!instanceId) {
-            const selectedInstance = await resources_1.promptUserForResource(this, 'AWS_RDS_POSTGRES_INSTANCE', 'Select an RDS Postgres instance to login to');
+            const selectedInstance = await resources_1.promptUserForResource(this, 'AWS_RDS_POSTGRES_INSTANCE', 'Select an RDS Postgres instance to connect to');
             if (!selectedInstance) {
                 return;
             }
@@ -34,7 +53,7 @@ class StartPostgresInstanceSession extends command_1.Command {
         if (!accessLevel) {
             return;
         }
-        const session = await sessions_1.getOrCreateSession(this, instanceId, accessLevel, sessionId, RdsSessionMetadataFragment);
+        const session = await sessions_1.getOrCreateSession(this, instanceId, accessLevel, sessionId, RdsSessionMetadataFragment, flags.refresh);
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedRdsSession': {
@@ -43,33 +62,23 @@ class StartPostgresInstanceSession extends command_1.Command {
                 // However, once connected, RDS sessions can be used for up to 12h.
                 // Since there's many options for how the user can use RDS credentials, it's unclear which expiration
                 // we want to show the user.
-                const externalAppLaunchName = 'Launch external database app';
-                const psqlSessionLaunchName = 'Launch shell with psql session';
-                const viewDetailsName = 'View connection configuration';
-                const selectedLaunchInfo = await inquirer.prompt([{
-                        name: 'launch',
-                        message: 'Select how to access the database',
-                        type: 'list',
-                        choices: [
-                            {
-                                name: externalAppLaunchName,
-                            },
-                            {
-                                name: psqlSessionLaunchName,
-                            },
-                            {
-                                name: viewDetailsName,
-                            },
-                        ],
-                    }]);
+                if (!action) {
+                    const selectedMethodInfo = await inquirer.prompt([{
+                            name: 'method',
+                            message: 'Select how to access the database',
+                            type: 'list',
+                            choices: methodChoices,
+                        }]);
+                    action = selectedMethodInfo.method;
+                }
                 const dbUrl = `postgresql://${metadata.dbUser}:${encodeURIComponent(metadata.dbPassword)}@${metadata.dbHostname}:${metadata.dbPort}/${metadata.dbName}`;
-                switch (selectedLaunchInfo.launch) {
-                    case externalAppLaunchName: {
+                switch (action) {
+                    case 'open': {
                         const startSessionCmd = `open ${dbUrl}`;
                         cmd_1.runCommandExec(startSessionCmd, `Opened external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`, `Failed to open external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
                         break;
                     }
-                    case viewDetailsName: {
+                    case 'view': {
                         const contentParts = [
                             `[Connection URL]\n${dbUrl}`,
                             `[Hostname]\n${metadata.dbHostname}`,
@@ -79,10 +88,10 @@ class StartPostgresInstanceSession extends command_1.Command {
                             `[Database]\n${metadata.dbName}`,
                         ];
                         const content = contentParts.join('\n\n');
-                        common_1.displayContent(content);
+                        util_1.displayContent(content);
                         break;
                     }
-                    case psqlSessionLaunchName: {
+                    case 'psql': {
                         const startSessionCmd = `psql ${dbUrl}`;
                         cmd_1.startInteractiveShell(startSessionCmd, `shell with psql session for ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
                         break;
@@ -96,24 +105,23 @@ class StartPostgresInstanceSession extends command_1.Command {
     }
 }
 exports.default = StartPostgresInstanceSession;
-StartPostgresInstanceSession.description = 'Starts a session to query a Postgres database.';
+StartPostgresInstanceSession.description = 'Starts a session to connect to a Postgres database.';
 StartPostgresInstanceSession.examples = [
     'opal postgres-instances:start',
     'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
-    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "fullaccess"',
+    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess',
+    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view',
 ];
 StartPostgresInstanceSession.flags = {
-    help: command_1.flags.help({ char: 'h' }),
-    id: command_1.flags.string({
-        multiple: false,
-        description: 'The ID of the Opal instance resource.',
-    }),
-    accessLevelRemoteId: command_1.flags.string({
-        multiple: false,
-        description: 'The remote ID of the access level with which to access the database.',
-    }),
-    sessionId: command_1.flags.string({
+    help: flags_1.SHARED_FLAGS.help,
+    id: flags_1.SHARED_FLAGS.id,
+    accessLevelRemoteId: flags_1.SHARED_FLAGS.accessLevelRemoteId,
+    sessionId: flags_1.SHARED_FLAGS.sessionId,
+    refresh: flags_1.SHARED_FLAGS.refresh,
+    action: command_1.flags.string({
         multiple: false,
-        description: 'SessionId of a session that has already been created via the web flow.',
+        description: 'Method of connecting to the database.\n' +
+            methodChoices.map(c => `- ${c.value}: ${c.name}`).join('\n'),
+        options: methodChoices.map(c => c.value),
     }),
 };

package/lib/commands/resources/get.d.ts

@@ -1,11 +1,11 @@
-import { Command, flags } from '@oclif/command';
+import { Command } from '@oclif/command';
 export declare const GetResourceDocument = "\nquery GetResource($id: ResourceId!) {\n  resource(input: {id: $id}) {\n    __typename\n    ... on ResourceResult {\n      resource {\n        name\n        id\n        description\n        resourceType\n        connection {\n          name\n          id\n          connectionType\n        }\n        parentResource {\n          name\n          id\n          resourceType\n        }\n        resourceUsers {\n          user {\n            fullName\n            email\n            id\n          }\n        }\n      }\n    }\n    ... on ResourceNotFoundError {\n      message\n    }\n  }\n}";
 export default class GetResource extends Command {
     static description: string;
     static examples: string[];
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
-        id: flags.IOptionFlag<string>;
+        id: import("@oclif/command/lib/flags").IOptionFlag<string | undefined>;
     };
     run(): Promise<void>;
 }

package/lib/commands/resources/get.js

@@ -5,6 +5,7 @@ const command_1 = require("@oclif/command");
 const handler_1 = require("../../handler");
 const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
+const flags_1 = require("../../lib/flags");
 exports.GetResourceDocument = `
 query GetResource($id: ResourceId!) {
   resource(input: {id: $id}) {
@@ -58,9 +59,6 @@ exports.default = GetResource;
 GetResource.description = 'Get resource info for a particular resource.';
 GetResource.examples = ['opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4'];
 GetResource.flags = {
-    help: command_1.flags.help({ char: 'h' }),
-    id: command_1.flags.string({
-        multiple: false,
-        required: true,
-    }),
+    help: flags_1.SHARED_FLAGS.help,
+    id: flags_1.SHARED_FLAGS.id,
 };

package/lib/commands/set-custom-header.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const command_1 = require("@oclif/command");
 const apollo_1 = require("../lib/apollo");
 const config_1 = require("../lib/config");
+const flags_1 = require("../lib/flags");
 class SetCustomHeader extends command_1.Command {
     async run() {
         try {
@@ -26,7 +27,7 @@ exports.default = SetCustomHeader;
 SetCustomHeader.description = 'Sets a custom HTTP header to connect to the Opal server.';
 SetCustomHeader.examples = ['$ opal set-custom-header --header \'cf-access-token: $TOKEN\''];
 SetCustomHeader.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
     header: command_1.flags.string({
         multiple: false,
     }),

package/lib/commands/set-token.js

@@ -8,6 +8,7 @@ const credentials_1 = require("../lib/credentials");
 const handler_1 = require("../handler");
 const credentials_2 = require("../lib/credentials");
 const login_1 = require("./login");
+const flags_1 = require("../lib/flags");
 class SetToken extends command_1.Command {
     async run() {
         var _a, _b, _c;
@@ -53,6 +54,6 @@ exports.default = SetToken;
 SetToken.description = 'Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.';
 SetToken.examples = ['$ opal set-token'];
 SetToken.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
 };
 SetToken.args = [];

package/lib/commands/set-url.js

@@ -4,6 +4,7 @@ const command_1 = require("@oclif/command");
 const apollo_1 = require("../lib/apollo");
 const config_1 = require("../lib/config");
 const credentials_1 = require("../lib/credentials");
+const flags_1 = require("../lib/flags");
 class SetUrl extends command_1.Command {
     async run() {
         try {
@@ -62,13 +63,14 @@ exports.default = SetUrl;
 SetUrl.description = `Sets the url of the Opal server. Defaults to ${config_1.defaultUrl}.`;
 SetUrl.examples = ['$ opal set-url'];
 SetUrl.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
     allowSelfSignedCerts: command_1.flags.boolean(),
-    // Legacy flags
+    // Deprecated
     custom: command_1.flags.string({
         multiple: false,
         hidden: true,
     }),
+    // Used only internally
     prod: command_1.flags.boolean({ hidden: true }),
     demo: command_1.flags.boolean({ hidden: true }),
     dev: command_1.flags.boolean({ hidden: true }),

package/lib/commands/ssh/copyFrom.js

@@ -7,6 +7,7 @@ const ssh_1 = require("../../lib/ssh");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
 const start_1 = require("./start");
+const flags_1 = require("../../lib/flags");
 class StartSCPSession extends command_1.Command {
     async run() {
         cmd_1.setMostRecentCommand(this);
@@ -53,30 +54,24 @@ StartSCPSession.examples = [
     'opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398',
 ];
 StartSCPSession.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
     src: command_1.flags.string({
         multiple: false,
         required: true,
-        description: 'The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
+        description: 'The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
     }),
     dest: command_1.flags.string({
         multiple: false,
         required: false,
         default: '.',
-        description: 'Pick which directory you want your files to be copied to.',
+        description: 'The directory you want your files to be copied to.',
     }),
     user: command_1.flags.string({
         multiple: false,
         required: false,
         default: 'ssm-user',
-        description: 'Pick which user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
-    }),
-    id: command_1.flags.string({
-        multiple: false,
-        description: 'The ID of the Opal instance resource.',
-    }),
-    sessionId: command_1.flags.string({
-        multiple: false,
-        description: 'SessionId of a session that has already been created via the web flow.',
+        description: 'The user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
     }),
+    id: flags_1.SHARED_FLAGS.id,
+    sessionId: flags_1.SHARED_FLAGS.sessionId,
 };

package/lib/commands/ssh/copyTo.js

@@ -7,6 +7,7 @@ const ssh_1 = require("../../lib/ssh");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
 const start_1 = require("./start");
+const flags_1 = require("../../lib/flags");
 class StartSCPSession extends command_1.Command {
     async run() {
         cmd_1.setMostRecentCommand(this);
@@ -53,30 +54,24 @@ StartSCPSession.examples = [
     'opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398',
 ];
 StartSCPSession.flags = {
-    help: command_1.flags.help({ char: 'h' }),
+    help: flags_1.SHARED_FLAGS.help,
     src: command_1.flags.string({
         multiple: false,
         required: true,
-        description: 'The path of the directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
+        description: 'The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.',
     }),
     dest: command_1.flags.string({
         multiple: false,
         required: false,
         default: '.',
-        description: 'Pick which directory you want your files to be copied to.',
+        description: 'The directory you want your files to be copied to.',
     }),
     user: command_1.flags.string({
         multiple: false,
         required: false,
         default: 'ssm-user',
-        description: 'Pick which user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
-    }),
-    id: command_1.flags.string({
-        multiple: false,
-        description: 'The ID of the Opal instance resource.',
-    }),
-    sessionId: command_1.flags.string({
-        multiple: false,
-        description: 'SessionId of a session that has already been created via the web flow.',
+        description: 'The user you want to run SCP over. Keep in mind not all users will have access to each other\'s home directory.',
     }),
+    id: flags_1.SHARED_FLAGS.id,
+    sessionId: flags_1.SHARED_FLAGS.sessionId,
 };

package/lib/commands/ssh/start.d.ts

@@ -1,12 +1,13 @@
-import { Command, flags } from '@oclif/command';
+import { Command } from '@oclif/command';
 export declare const Ec2SessionMetadataFragment = "\n... on AwsIamFederatedSSMSession {\n  awsAccessKeyId\n  awsSecretAccessKey\n  awsSessionToken\n  awsLoginUrl\n  federatedArn\n  ec2InstanceId\n  ec2Region\n}";
 export default class StartSSHSession extends Command {
     static description: string;
     static examples: string[];
     static flags: {
         help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
-        id: flags.IOptionFlag<string | undefined>;
-        sessionId: flags.IOptionFlag<string | undefined>;
+        id: import("@oclif/command/lib/flags").IOptionFlag<string | undefined>;
+        sessionId: import("@oclif/command/lib/flags").IOptionFlag<string | undefined>;
+        refresh: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
     };
     run(): Promise<void>;
 }

package/lib/commands/ssh/start.js

@@ -10,6 +10,7 @@ const get_1 = require("../../commands/resources/get");
 const aws_1 = require("../../lib/aws");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
+const flags_1 = require("../../lib/flags");
 exports.Ec2SessionMetadataFragment = `
 ... on AwsIamFederatedSSMSession {
   awsAccessKeyId
@@ -24,6 +25,9 @@ class StartSSHSession extends command_1.Command {
     async run() {
         cmd_1.setMostRecentCommand(this);
         const { flags } = this.parse(StartSSHSession);
+        if (flags.sessionId && flags.refresh) {
+            return apollo_1.handleError(this, 'Cannot use both --sessionId and --refresh');
+        }
         const pluginExists = await ssh_1.assertSessionManagerPluginExists();
         if (!pluginExists) {
             return;
@@ -56,7 +60,7 @@ class StartSSHSession extends command_1.Command {
             instanceName =
                 (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || 'ssh-instance';
         }
-        const session = await sessions_1.getOrCreateSession(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, exports.Ec2SessionMetadataFragment);
+        const session = await sessions_1.getOrCreateSession(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, exports.Ec2SessionMetadataFragment, flags.refresh);
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedSSMSession': {
@@ -82,19 +86,14 @@ StartSSHSession.examples = [
     'opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
 ];
 StartSSHSession.flags = {
-    help: command_1.flags.help({ char: 'h' }),
-    id: command_1.flags.string({
-        multiple: false,
-        description: 'The ID of the Opal instance resource.',
-    }),
+    help: flags_1.SHARED_FLAGS.help,
+    id: flags_1.SHARED_FLAGS.id,
     // TODO: Unfortunately allowing SSM over SSH disables logging
     // user: flags.string({
     //   multiple: false,
     //   required: false,
     //   default: "ssm-user",
     // }),
-    sessionId: command_1.flags.string({
-        multiple: false,
-        description: 'SessionId of a session that has already been created via the web flow.',
-    }),
+    sessionId: flags_1.SHARED_FLAGS.sessionId,
+    refresh: flags_1.SHARED_FLAGS.refresh,
 };

package/lib/lib/apollo.d.ts

@@ -1,6 +1,6 @@
 import { ApolloClient, NormalizedCacheObject } from '@apollo/client/core';
 import { Command } from '@oclif/command';
 export declare let client: ApolloClient<NormalizedCacheObject> | null;
-export declare const initClient: (command: Command) => Promise<void>;
 export declare const printResponse: (command: Command, resp: any) => void;
 export declare const handleError: (command: Command, err: any, resp?: any) => void;
+export declare const initClient: (command: Command) => Promise<void>;

package/lib/lib/apollo.js

@@ -1,22 +1,55 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleError = exports.printResponse = exports.initClient = exports.client = void 0;
+exports.initClient = exports.handleError = exports.printResponse = exports.client = void 0;
 const core_1 = require("@apollo/client/core");
 const context_1 = require("@apollo/client/link/context");
 const error_1 = require("@apollo/client/link/error");
 const prettyjson_1 = require("prettyjson");
+const semver_1 = require("semver");
+const chalk_1 = require("chalk");
+const moment = require("moment");
 const config_1 = require("../lib/config");
 const credentials_1 = require("../lib/credentials");
 const login_1 = require("../commands/login");
-const semver_1 = require("semver");
-const chalk_1 = require("chalk");
 const cmd_1 = require("../lib/cmd");
-const moment = require("moment");
 const fetch = require('node-fetch');
 const https = require('https');
 const http = require('http');
 exports.client = null;
 let alreadyNotifiedRecommendedVersion = false;
+exports.printResponse = (command, resp) => {
+    const filteredJson = JSON.parse(JSON.stringify(resp.data, (k, v) => {
+        if (k === '__typename' || v === null || (Array.isArray(v) && v.length === 0)) {
+            return undefined;
+        }
+        return v;
+    }));
+    command.log(prettyjson_1.render(filteredJson));
+};
+exports.handleError = (command, err, resp) => {
+    if (err && typeof err === 'object' && ('networkError' in err && 'statusCode' in err.networkError)) {
+        // Status code errors are already handled in the global Apollo handler, so we can just return here.
+        return;
+    }
+    let errorMsg;
+    if (!err) {
+        errorMsg = 'Unexpected response from server (see below). Please contact Opal support if this issue persists.';
+    }
+    else if (typeof err === 'object' && err.toString().includes('self signed certificate')) {
+        errorMsg = 'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
+    }
+    else {
+        errorMsg = `Error: ${err}`;
+    }
+    errorMsg = '❗ ' + errorMsg;
+    command.log(errorMsg);
+    if (resp) {
+        exports.printResponse(command, resp);
+    }
+    // OPAL-6579: Use process.exit to avoid UnhandledPromiseRejectionWarning
+    // eslint-disable-next-line no-process-exit,unicorn/no-process-exit
+    process.exit(1);
+};
 exports.initClient = async (command) => {
     const configDir = command.config.configDir;
     const currentCLIVersion = command.config.version;
@@ -98,6 +131,11 @@ exports.initClient = async (command) => {
             // to the login screen again.
             return;
         }
+        if (operation.operationName === login_1.CLISignInMethodName) {
+            // We have special handling for this operation due to the fact that the backend version
+            // can be out of date and not include the new cliClientId field.
+            return;
+        }
         if (networkError && 'statusCode' in networkError) {
             let errorMessage = null;
             if ('result' in networkError) {
@@ -122,8 +160,7 @@ exports.initClient = async (command) => {
                     break;
                 }
                 default:
-                    command.log(`❗ Error: received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ''}`);
-                    process.exit(networkError.statusCode);
+                    return exports.handleError(command, `Received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ''}`);
             }
         }
     });
@@ -135,40 +172,3 @@ exports.initClient = async (command) => {
         cache: new core_1.InMemoryCache(),
     });
 };
-exports.printResponse = (command, resp) => {
-    const filteredJson = JSON.parse(JSON.stringify(resp.data, (k, v) => {
-        if (k === '__typename') {
-            return undefined;
-        }
-        if (v === null || (Array.isArray(v) && v.length === 0)) {
-            return undefined;
-        }
-        return v;
-    }));
-    command.log(prettyjson_1.render(filteredJson));
-};
-exports.handleError = (command, err, resp) => {
-    if (err && typeof err === 'object' && ('networkError' in err && 'statusCode' in err.networkError)) {
-        // Status code errors are already handled in the global Apollo handler, so we can just return here.
-        return;
-    }
-    let errorMsg;
-    if (!err) {
-        errorMsg = 'Unexpected response from server (see below). Please contact Opal support if this issue persists.';
-    }
-    else if (typeof err === 'string') {
-        errorMsg = err;
-    }
-    else if (typeof err === 'object' && err.toString().includes('self signed certificate')) {
-        errorMsg = 'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
-    }
-    else {
-        errorMsg = `Error: ${err}`;
-    }
-    errorMsg = '❗ ' + errorMsg;
-    command.log(errorMsg);
-    if (resp) {
-        exports.printResponse(command, resp);
-    }
-    command.exit(1);
-};

package/lib/lib/credentials.d.ts

@@ -3,6 +3,7 @@ export declare const cred: {
     removeCredentials(after: number): Promise<void>;
     readonly accountId: Promise<string | undefined>;
     readonly organizationID: Promise<string | undefined>;
+    readonly clientIdCandidate: Promise<string | undefined>;
     readonly email: Promise<string | undefined>;
     readonly accessToken: Promise<string | undefined>;
 };

package/lib/lib/credentials.js

@@ -32,6 +32,20 @@ exports.cred = {
             if (!parts || parts.length <= 1) {
                 return undefined;
             }
+            return parts[1];
+        })();
+    },
+    get clientIdCandidate() {
+        return (async () => {
+            const keyContents = await keytar.findCredentials(exports.OPAL_CREDS_KEY);
+            if (!keyContents[0]) {
+                return undefined;
+            }
+            const { account } = keyContents[0];
+            const parts = account.split('|');
+            if (!parts || parts.length <= 2) {
+                return undefined;
+            }
             return parts.pop();
         })();
     },

package/lib/lib/flags.d.ts

@@ -0,0 +1,8 @@
+import { flags } from '@oclif/command';
+export declare const SHARED_FLAGS: {
+    help: import("@oclif/parser/lib/flags").IBooleanFlag<void>;
+    id: flags.IOptionFlag<string | undefined>;
+    accessLevelRemoteId: flags.IOptionFlag<string | undefined>;
+    sessionId: flags.IOptionFlag<string | undefined>;
+    refresh: import("@oclif/parser/lib/flags").IBooleanFlag<boolean>;
+};

package/lib/lib/flags.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SHARED_FLAGS = void 0;
+const command_1 = require("@oclif/command");
+exports.SHARED_FLAGS = {
+    help: command_1.flags.help({ char: 'h' }),
+    id: command_1.flags.string({
+        multiple: false,
+        char: 'i',
+        description: 'The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]',
+    }),
+    accessLevelRemoteId: command_1.flags.string({
+        multiple: false,
+        char: 'a',
+        description: 'The remote ID of the access level with which to access the resource.',
+    }),
+    sessionId: command_1.flags.string({
+        multiple: false,
+        char: 's',
+        description: 'The Opal ID of the session to connect to. Uses an existing session that was created via the web flow.',
+    }),
+    refresh: command_1.flags.boolean({
+        char: 'r',
+        description: 'Starts a new session even if one already exists. Useful if a session is about to expire.',
+    }),
+};