opal-security 2.1.1 → 2.1.3

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (-v|--version|version)
-opal-security/2.1.1 darwin-x64 node-v14.16.1
+opal-security/2.1.3 darwin-x64 node-v14.16.1
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -88,7 +88,7 @@ EXAMPLE
   opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/aws/identity.ts)_
 
 ## `opal curl-example`
 
@@ -102,7 +102,7 @@ OPTIONS
   -h, --help  show CLI help
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/curl-example.ts)_
 
 ## `opal help [COMMAND]`
 
@@ -148,7 +148,7 @@ EXAMPLES
   opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles:start`
 
@@ -178,7 +178,7 @@ EXAMPLES
   "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -196,7 +196,7 @@ EXAMPLE
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -213,7 +213,7 @@ EXAMPLE
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/logout.ts)_
 
 ## `opal postgres-instances:start`
 
@@ -248,7 +248,7 @@ EXAMPLES
   opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources:get`
 
@@ -266,7 +266,7 @@ EXAMPLE
   opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/resources/get.ts)_
 
 ## `opal set-custom-header`
 
@@ -284,7 +284,7 @@ EXAMPLE
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -301,7 +301,7 @@ EXAMPLE
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -322,7 +322,7 @@ EXAMPLE
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/set-url.ts)_
 
 ## `opal ssh:copyFrom`
 
@@ -354,7 +354,7 @@ EXAMPLES
   opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh:copyTo`
 
@@ -386,7 +386,7 @@ EXAMPLES
   opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh:start`
 
@@ -412,5 +412,5 @@ EXAMPLES
   opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.1/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v2.1.3/src/commands/ssh/start.ts)_
 <!-- commandsstop -->

package/lib/commands/iam-roles/start.js

@@ -55,6 +55,9 @@ class StartIAMRoleSession extends command_1.Command {
             roleName = flags.profileName;
         }
         const session = await sessions_1.getOrCreateSession(this, roleId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, IamSessionMetadataFragment, flags.refresh);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedRoleSession': {

package/lib/commands/kube-roles/start.js

@@ -37,6 +37,9 @@ class StartKubeIAMRoleSession extends command_1.Command {
             return;
         }
         const session = await sessions_1.getOrCreateSession(this, clusterId, accessLevel, sessionId, EksSessionMetadataFragment, flags.refresh);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedEksSession': {

package/lib/commands/login.d.ts

@@ -1,4 +1,5 @@
 import { Command, flags } from '@oclif/command';
+export declare const CLISignInMethodName = "CLISignInMethod";
 export declare const CLIAuthSessionCheckName = "CLIAuthSessionCheck";
 export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n  organizationSettings {\n      ... on OrganizationSettingsResult {\n        settings {\n          id\n        }\n      }\n  }\n}\n";
 export default class Login extends Command {

package/lib/commands/login.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CLIAuthSessionCheckDocument = exports.CLIAuthSessionCheckName = void 0;
+exports.CLIAuthSessionCheckDocument = exports.CLIAuthSessionCheckName = exports.CLISignInMethodName = void 0;
 const command_1 = require("@oclif/command");
 const keytar = require("keytar");
 const open = require("open");
@@ -17,6 +17,19 @@ const ISSUER_DEV = 'https://authdev.opal.dev';
 const GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
 const CLIENT_ID_PROD = '42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF';
 const CLIENT_ID_DEV = 'XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s';
+const CLISignInMethodDocumentLegacy = `
+query CLISignInMethod($input: SignInMethodInput!) {
+  signInMethod(input: $input) {
+    __typename
+    ... on SignInMethodResult {
+      signInOrganizations {
+        organizationId
+        organizationName
+      }
+    }
+  }
+}`;
+exports.CLISignInMethodName = 'CLISignInMethod';
 const CLISignInMethodDocument = `
 query CLISignInMethod($input: SignInMethodInput!) {
   signInMethod(input: $input) {
@@ -25,6 +38,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
       signInOrganizations {
         organizationId
         organizationName
+        cliClientId
       }
     }
   }
@@ -43,7 +57,7 @@ query CLIAuthSessionCheck {
 `;
 class Login extends command_1.Command {
     async run() {
-        var _a, _b, _c, _d, _e;
+        var _a, _b, _c, _d, _e, _f, _g;
         try {
             await apollo_1.initClient(this);
             const { flags } = this.parse(Login);
@@ -51,11 +65,13 @@ class Login extends command_1.Command {
             const configData = config_1.getOrCreateConfigData(configDir);
             let email = flags.email;
             let organizationID;
+            let clientIdCandidate;
             if (await credentials_1.cred.accessToken) {
                 // Only use the previous email + organizationID if email isn't explicitly specified.
                 if (!email) {
                     email = await credentials_1.cred.email;
                     organizationID = await credentials_1.cred.organizationID;
+                    clientIdCandidate = await credentials_1.cred.clientIdCandidate;
                 }
                 await credentials_1.cred.removeCredentials(-1);
             }
@@ -75,31 +91,48 @@ class Login extends command_1.Command {
                 email = promptEmail;
             }
             if (!organizationID) {
+                let signInOrganizationsLegacyResponse;
                 const { resp: signInOrganizationsResponse, error } = await handler_1.runQuery({
                     command: this,
                     query: CLISignInMethodDocument,
                     variables: { input: { email } },
                 });
                 if (error) {
-                    this.log(''); // Intentional newline
-                    return apollo_1.handleError(this, 'Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)');
+                    if ('statusCode' in error.networkError && error.networkError.statusCode === 422) {
+                        const { resp, error: legacyError } = await handler_1.runQuery({
+                            command: this,
+                            query: CLISignInMethodDocumentLegacy,
+                            variables: { input: { email } },
+                        });
+                        signInOrganizationsLegacyResponse = resp;
+                        if (legacyError) {
+                            this.log(''); // Intentional newline
+                            return apollo_1.handleError(this, 'Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)');
+                        }
+                    }
+                    else {
+                        this.log(''); // Intentional newline
+                        return apollo_1.handleError(this, 'Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)');
+                    }
                 }
-                const signInOrganizations = (_b = (_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data) === null || _a === void 0 ? void 0 : _a.signInMethod) === null || _b === void 0 ? void 0 : _b.signInOrganizations;
+                const signInOrganizations = signInOrganizationsResponse ? (_b = (_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data) === null || _a === void 0 ? void 0 : _a.signInMethod) === null || _b === void 0 ? void 0 : _b.signInOrganizations : (_d = (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data) === null || _c === void 0 ? void 0 : _c.signInMethod) === null || _d === void 0 ? void 0 : _d.signInOrganizations;
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
                         organizationID = signInOrganizations[0].organizationId;
+                        clientIdCandidate = signInOrganizations[0].cliClientId;
                     }
                     else {
                         const responses = await inquirer.prompt([{
-                                name: 'organizationID',
+                                name: 'signInOrganization',
                                 message: 'Select an organization:',
                                 type: 'list',
                                 choices: signInOrganizations.map(signInOrganization => ({
                                     name: signInOrganization.organizationName,
-                                    value: signInOrganization.organizationId,
+                                    value: signInOrganization,
                                 })),
                             }]);
-                        organizationID = responses.organizationID;
+                        organizationID = responses.signInOrganization.organizationId;
+                        clientIdCandidate = responses.signInOrganization.cliClientId;
                     }
                 }
                 else {
@@ -108,13 +141,20 @@ class Login extends command_1.Command {
                 }
             }
             let issuer;
-            let clientId;
             if (config_1.isProduction(this.config.configDir)) {
                 issuer = await openid_client_1.Issuer.discover(ISSUER_PROD);
-                clientId = CLIENT_ID_PROD;
             }
             else {
                 issuer = await openid_client_1.Issuer.discover(ISSUER_DEV);
+            }
+            let clientId;
+            if (clientIdCandidate) {
+                clientId = clientIdCandidate;
+            }
+            else if (config_1.isProduction(this.config.configDir)) {
+                clientId = CLIENT_ID_PROD;
+            }
+            else {
                 clientId = CLIENT_ID_DEV;
             }
             /* eslint-disable camelcase */
@@ -139,14 +179,19 @@ class Login extends command_1.Command {
             await open(handle.verification_uri_complete, { wait: false });
             const tokenSet = await handle.poll();
             const userInfo = await client.userinfo(tokenSet);
-            await keytar.setPassword(credentials_1.OPAL_CREDS_KEY, (userInfo.email || 'unset-email') + '|' + organizationID, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || '');
+            let account = (userInfo.email || 'unset-email') + '|' + organizationID;
+            if (clientIdCandidate) {
+                // Save the clientIdCandidate only when SAML is set up for the org.
+                account = account + '|' + clientIdCandidate;
+            }
+            await keytar.setPassword(credentials_1.OPAL_CREDS_KEY, account, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || '');
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await handler_1.runQuery({
                 command: this,
                 query: exports.CLIAuthSessionCheckDocument,
                 variables: {},
             });
-            if (authCheckErr || !((_e = (_d = (_c = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _c === void 0 ? void 0 : _c.organizationSettings) === null || _d === void 0 ? void 0 : _d.settings) === null || _e === void 0 ? void 0 : _e.id)) {
+            if (authCheckErr || !((_g = (_f = (_e = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _e === void 0 ? void 0 : _e.organizationSettings) === null || _f === void 0 ? void 0 : _f.settings) === null || _g === void 0 ? void 0 : _g.id)) {
                 this.log('Error verifying log in. Authenticated commands may fail. Please double check your URL and use `opal logout; opal login` to try again.\n');
                 await credentials_1.cred.removeCredentials(-1);
                 apollo_1.handleError(this, authCheckErr);

package/lib/commands/postgres-instances/start.js

@@ -54,6 +54,9 @@ class StartPostgresInstanceSession extends command_1.Command {
             return;
         }
         const session = await sessions_1.getOrCreateSession(this, instanceId, accessLevel, sessionId, RdsSessionMetadataFragment, flags.refresh);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedRdsSession': {

package/lib/commands/ssh/copyFrom.js

@@ -28,6 +28,9 @@ class StartSCPSession extends command_1.Command {
             instanceName = selectedInstance.name;
         }
         const session = await sessions_1.getOrCreateSession(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, start_1.Ec2SessionMetadataFragment);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedSSMSession': {

package/lib/commands/ssh/copyTo.js

@@ -28,6 +28,9 @@ class StartSCPSession extends command_1.Command {
             instanceName = selectedInstance.name;
         }
         const session = await sessions_1.getOrCreateSession(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, start_1.Ec2SessionMetadataFragment);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedSSMSession': {

package/lib/commands/ssh/start.js

@@ -61,6 +61,9 @@ class StartSSHSession extends command_1.Command {
                 (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || 'ssh-instance';
         }
         const session = await sessions_1.getOrCreateSession(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, exports.Ec2SessionMetadataFragment, flags.refresh);
+        if (!session) {
+            return;
+        }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case 'AwsIamFederatedSSMSession': {

package/lib/lib/apollo.js

@@ -131,6 +131,11 @@ exports.initClient = async (command) => {
             // to the login screen again.
             return;
         }
+        if (operation.operationName === login_1.CLISignInMethodName) {
+            // We have special handling for this operation due to the fact that the backend version
+            // can be out of date and not include the new cliClientId field.
+            return;
+        }
         if (networkError && 'statusCode' in networkError) {
             let errorMessage = null;
             if ('result' in networkError) {

package/lib/lib/aws.js

@@ -2,18 +2,15 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAwsEnvVarMessage = exports.getAwsConfigUpdateCmd = void 0;
 const opalProfileKey = 'opal';
-const kebabCase = (str) => {
-    return str.replace(/([a-z])([A-Z])/g, '$1-$2').replace(/[\s_]+/g, '-').toLowerCase();
-};
 const sanitize = (str) => {
-    // remove non standard characters
-    let sanitizedStr = str.replace(/[^A-Za-z0-9- ]/g, '');
-    // de-dupe spaces
+    // Remove non standard characters.
+    // Note: AWS supports profile names containing alphanumeric characters, symbols, and white spaces
+    // from the ASCII character set.
+    let sanitizedStr = str.replace(/[^A-Za-z0-9-_ ]/g, '');
+    // De-dupe spaces
     sanitizedStr = sanitizedStr.replace(/\s+/g, ' ');
-    // map remaining spaces to '-;
+    // Map remaining spaces to '-'
     sanitizedStr = sanitizedStr.replace(/ /g, '-');
-    // convert to kebab case
-    sanitizedStr = kebabCase(sanitizedStr);
     return sanitizedStr;
 };
 exports.getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, awsSessionToken) => {

package/lib/lib/credentials.d.ts

@@ -3,6 +3,7 @@ export declare const cred: {
     removeCredentials(after: number): Promise<void>;
     readonly accountId: Promise<string | undefined>;
     readonly organizationID: Promise<string | undefined>;
+    readonly clientIdCandidate: Promise<string | undefined>;
     readonly email: Promise<string | undefined>;
     readonly accessToken: Promise<string | undefined>;
 };

package/lib/lib/credentials.js

@@ -32,6 +32,20 @@ exports.cred = {
             if (!parts || parts.length <= 1) {
                 return undefined;
             }
+            return parts[1];
+        })();
+    },
+    get clientIdCandidate() {
+        return (async () => {
+            const keyContents = await keytar.findCredentials(exports.OPAL_CREDS_KEY);
+            if (!keyContents[0]) {
+                return undefined;
+            }
+            const { account } = keyContents[0];
+            const parts = account.split('|');
+            if (!parts || parts.length <= 2) {
+                return undefined;
+            }
             return parts.pop();
         })();
     },

package/lib/types.d.ts

@@ -4892,6 +4892,7 @@ export declare type SignInOrganization = {
     organizationName: Scalars['String'];
     enableSocialSignIn: Scalars['Boolean'];
     enableSAMLSignIn: Scalars['Boolean'];
+    cliClientId?: Maybe<Scalars['String']>;
 };
 export declare type SignInOutput = SignInResult;
 export declare type SignInResult = {

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"2.1.1","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"email":{"name":"email","type":"option","description":"Email address to login with."}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-custom-header":{"id":"set-custom-header","description":"Sets a custom HTTP header to connect to the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-custom-header --header 'cf-access-token: $TOKEN'"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"header":{"name":"header","type":"option"}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-url"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"custom":{"name":"custom","type":"option","hidden":true},"prod":{"name":"prod","type":"boolean","hidden":true,"allowNo":false},"demo":{"name":"demo","type":"boolean","hidden":true,"allowNo":false},"dev":{"name":"dev","type":"boolean","hidden":true,"allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","hidden":true,"allowNo":false}},"args":[{"name":"url","description":"URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev","required":false}]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false},"profileName":{"name":"profileName","type":"option","description":"Uses a custom AWS profile name for the IAM role. Default value is the role's name."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","char":"a","description":"The remote ID of the access level with which to access the resource."},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to connect to a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","char":"a","description":"The remote ID of the access level with which to access the resource."},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false},"action":{"name":"action","type":"option","description":"Method of connecting to the database.\n- open: Open external database app\n- psql: Start psql session in shell\n- view: View connection configuration details","options":["open","psql","view"]}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"The directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"The directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Starts an SSH session to access a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false}},"args":[]}}}
+{"version":"2.1.3","commands":{"curl-example":{"id":"curl-example","description":"Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"login":{"id":"login","description":"Authenticates you with the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal login"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"email":{"name":"email","type":"option","description":"Email address to login with."}},"args":[]},"logout":{"id":"logout","description":"Clears locally stored Opal server authentication credentials.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal logout"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-custom-header":{"id":"set-custom-header","description":"Sets a custom HTTP header to connect to the Opal server.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-custom-header --header 'cf-access-token: $TOKEN'"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"header":{"name":"header","type":"option"}},"args":[]},"set-token":{"id":"set-token","description":"Sets an API token to authenticate with the Opal server - alternative auth flow for headless environments.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-token"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"set-url":{"id":"set-url","description":"Sets the url of the Opal server. Defaults to https://app.opal.dev.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["$ opal set-url"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"allowSelfSignedCerts":{"name":"allowSelfSignedCerts","type":"boolean","allowNo":false},"custom":{"name":"custom","type":"option","hidden":true},"prod":{"name":"prod","type":"boolean","hidden":true,"allowNo":false},"demo":{"name":"demo","type":"boolean","hidden":true,"allowNo":false},"dev":{"name":"dev","type":"boolean","hidden":true,"allowNo":false},"devLocal":{"name":"devLocal","type":"boolean","hidden":true,"allowNo":false}},"args":[{"name":"url","description":"URL of the Opal server to use. If unspecified, defaults to https://app.opal.dev","required":false}]},"aws:identity":{"id":"aws:identity","description":"Gets the current caller identity for the \"opal\" AWS profile.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal aws:identity"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false}},"args":[]},"iam-roles:start":{"id":"iam-roles:start","description":"Starts a session to assume an IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal iam-roles:start","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false},"profileName":{"name":"profileName","type":"option","description":"Uses a custom AWS profile name for the IAM role. Default value is the role's name."}},"args":[]},"kube-roles:start":{"id":"kube-roles:start","description":"Starts a session to assume a Kubernetes cluster IAM role.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal kube-roles:start","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId \"arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role\""],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","char":"a","description":"The remote ID of the access level with which to access the resource."},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false}},"args":[]},"postgres-instances:start":{"id":"postgres-instances:start","description":"Starts a session to connect to a Postgres database.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal postgres-instances:start","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess","opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"accessLevelRemoteId":{"name":"accessLevelRemoteId","type":"option","char":"a","description":"The remote ID of the access level with which to access the resource."},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false},"action":{"name":"action","type":"option","description":"Method of connecting to the database.\n- open: Open external database app\n- psql: Start psql session in shell\n- view: View connection configuration details","options":["open","psql","view"]}},"args":[]},"resources:get":{"id":"resources:get","description":"Get resource info for a particular resource.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"}},"args":[]},"ssh:copyFrom":{"id":"ssh:copyFrom","description":"Use SCP to copy files from a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyFrom --src instance/dir --dest my/dir","opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"The directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."}},"args":[]},"ssh:copyTo":{"id":"ssh:copyTo","description":"Use SCP to copy files to a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:copyTo --src my/dir --dest instance/dir","opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"src":{"name":"src","type":"option","description":"The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.","required":true},"dest":{"name":"dest","type":"option","description":"The directory you want your files to be copied to.","required":false,"default":"."},"user":{"name":"user","type":"option","description":"The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.","required":false,"default":"ssm-user"},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."}},"args":[]},"ssh:start":{"id":"ssh:start","description":"Starts an SSH session to access a compute instance.","pluginName":"opal-security","pluginType":"core","aliases":[],"examples":["opal ssh:start","opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398"],"flags":{"help":{"name":"help","type":"boolean","char":"h","description":"show CLI help","allowNo":false},"id":{"name":"id","type":"option","char":"i","description":"The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]"},"sessionId":{"name":"sessionId","type":"option","char":"s","description":"The Opal ID of the session to connect to. Uses an existing session that was created via the web flow."},"refresh":{"name":"refresh","type":"boolean","char":"r","description":"Starts a new session even if one already exists. Useful if a session is about to expire.","allowNo":false}},"args":[]}}}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "2.1.1",
+  "version": "2.1.3",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"