opal-security 2.3.4 → 3.0.1-beta.4262451

package/oclif.manifest.json

@@ -1,5 +1,36 @@
 {
   "commands": {
+    "clear-auth-provider": {
+      "aliases": [],
+      "args": {},
+      "description": "Clears the custom Issuer URL and Client ID set by set-airgap-auth, returning to the default.",
+      "examples": [
+        "$ opal clear-auth-provider"
+      ],
+      "flags": {
+        "help": {
+          "char": "h",
+          "description": "Show CLI help.",
+          "name": "help",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "clear-auth-provider",
+      "pluginAlias": "opal-security",
+      "pluginName": "opal-security",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": false,
+      "isESM": false,
+      "relativePath": [
+        "lib",
+        "commands",
+        "clear-auth-provider.js"
+      ]
+    },
     "curl-example": {
       "aliases": [],
       "args": {},
@@ -97,10 +128,13 @@
         "logout.js"
       ]
     },
-    "migrate-creds": {
+    "set-auth-provider": {
       "aliases": [],
       "args": {},
-      "description": "Migrates credentials from old keystore to new store. Should only need to be run once",
+      "description": "Sets the Issuer URL and Client ID of the Auth Provider that the CLI will authenticate with.\n  Only use this if you are running a self-hosted, air-gapped instance of Opal that uses a custom Auth Provider.\n\n  Note - you will need an OIDC provider that supports the device_code grant.\n  ",
+      "examples": [
+        "$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com"
+      ],
       "flags": {
         "help": {
           "char": "h",
@@ -108,11 +142,27 @@
           "name": "help",
           "allowNo": false,
           "type": "boolean"
+        },
+        "clientID": {
+          "description": "Client ID of your Auth Provider",
+          "name": "clientID",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "issuerUrl": {
+          "description": "Issuer URL of your Auth Provider",
+          "name": "issuerUrl",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
         }
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "migrate-creds",
+      "id": "set-auth-provider",
       "pluginAlias": "opal-security",
       "pluginName": "opal-security",
       "pluginType": "core",
@@ -122,7 +172,7 @@
       "relativePath": [
         "lib",
         "commands",
-        "migrate-creds.js"
+        "set-auth-provider.js"
       ]
     },
     "set-custom-header": {
@@ -477,12 +527,11 @@
           "type": "boolean"
         },
         "action": {
-          "description": "Method of connecting to the database.\n- open: Open external database app\n- psql: Start psql session in shell\n- view: View connection configuration details",
+          "description": "Method of connecting to the database.\n- psql: Start psql session in shell\n- view: View connection configuration details",
           "name": "action",
           "hasDynamicHelp": false,
           "multiple": false,
           "options": [
-            "open",
             "psql",
             "view"
           ],
@@ -752,5 +801,5 @@
       ]
     }
   },
-  "version": "2.3.4"
+  "version": "3.0.1-beta.4262451"
 }

package/package.json

@@ -1,26 +1,24 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "2.3.4",
+  "version": "3.0.1-beta.4262451",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"
   },
   "bugs": "https://github.com/opalsecurity/opal-cli/issues",
   "dependencies": {
-    "@apollo/client": "^3.9.5",
+    "@apollo/client": "^3.13.5",
     "@oclif/core": "^3.19.3",
     "@oclif/plugin-autocomplete": "^1.4.6",
     "@oclif/plugin-help": "^5.2.20",
     "@oclif/plugin-version": "^2.0.12",
-    "@types/prettyjson": "0.0.29",
     "argon2": "^0.40.1",
     "chalk": "^2.4.2",
     "graphql": "^15.5.0",
     "inquirer": "^8.2.6",
     "inquirer-autocomplete-prompt": "^2.0.1",
     "keychain": "^1.5.0",
-    "keytar": "^7.7.0",
     "lodash": "^4.17.21",
     "moment": "^2.30.1",
     "node-fetch": "^2.6.7",
@@ -28,34 +26,27 @@
     "openid-client": "^5.6.5",
     "prettyjson": "^1.2.1",
     "semver": "^7.5.4",
-    "tslib": "^1.14.1"
+    "tslib": "^2.8.1"
   },
   "devDependencies": {
+    "@biomejs/biome": "1.9.4",
     "@graphql-codegen/cli": "^5.0.2",
-    "@graphql-codegen/near-operation-file-preset": "^3.0.0",
-    "@graphql-codegen/typescript": "^4.0.5",
-    "@graphql-codegen/typescript-oclif": "^3.0.0",
-    "@oclif/test": "^3",
-    "@types/chai": "^4.2.16",
+    "@graphql-codegen/client-preset": "^4.8.0",
+    "@oclif/test": "^4.1.12",
     "@types/inquirer": "^8.2.10",
     "@types/keychain": "^1.4.4",
     "@types/lodash": "^4.14.169",
-    "@types/mocha": "^5.2.7",
-    "@types/node": "^18.11.9",
+    "@types/node": "^22.14.0",
+    "@types/prettyjson": "0.0.29",
     "@types/semver": "^7.3.8",
-    "@typescript-eslint/eslint-plugin": "^7.0.2",
     "better-npm-audit": "^3.7.3",
-    "chai": "^4.3.4",
-    "eslint-config-oclif": "^5.0.2",
-    "eslint-config-oclif-typescript": "^3.1.4",
-    "eslint-plugin-simple-import-sort": "^12.0.0",
-    "eslint-plugin-unused-imports": "^3.1.0",
-    "globby": "^10.0.2",
-    "mocha": "^10.0.0",
+    "get-graphql-schema": "^2.1.2",
+    "nock": "^14.0.2",
     "nyc": "^15.1.0",
     "oclif": "^4.8.0",
     "ts-node": "^8.10.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.8.2",
+    "vitest": "^3.1.1"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -80,23 +71,26 @@
       "@oclif/plugin-help",
       "@oclif/plugin-autocomplete",
       "@oclif/plugin-version"
-    ]
+    ],
+    "macos": {
+      "identifier": "dev.opal.cli"
+    }
   },
   "repository": {
     "type": "git",
     "url": "https://github.com/opalsecurity/opal-cli.git"
   },
-  "resolutions": {
-    "agent-base": "^6.0.1",
-    "ansi-regex": "5.0.1"
-  },
   "scripts": {
     "build": "rm -rf lib && tsc -b",
     "postpack": "rm -f oclif.manifest.json",
-    "posttest": "eslint . --ext .ts --config .eslintrc",
     "prepack": "npm run build && oclif manifest && oclif readme",
-    "test": "nyc --extension .ts mocha --forbid-only \"test/**/*.test.ts\"",
-    "version": "oclif readme && git add README.md"
+    "test": "vitest",
+    "coverage": "vitest run --coverage",
+    "version": "oclif readme && git add README.md",
+    "posttest": "biome check",
+    "biome-ci": "biome ci --reporter=github",
+    "gql-codegen": "graphql-codegen",
+    "get-gql-schema": "get-graphql-schema http://localhost:3000/query > schema.graphql && biome check --write schema.graphql"
   },
   "types": "lib/index.d.ts"
 }

package/lib/commands/migrate-creds.js

@@ -1,48 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const keytar = require("keytar");
-const credentials_1 = require("../lib/credentials");
-const flags_1 = require("../lib/flags");
-const OPAL_KEYTAR_CREDS_KEY = 'opal';
-/**
- * This command helps users migrate from the old credential store w/ keytar to the new credential store
- * It should only be recommended to users on OSX, since keytar does not reliably work on linux/WSL
- *
- * TODO: delete this after some time has passed, and users have likely migrated their credentials over
- */
-const removeKeytarCreds = async () => {
-    const keyContents = await keytar.findCredentials(OPAL_KEYTAR_CREDS_KEY);
-    keyContents === null || keyContents === void 0 ? void 0 : keyContents.forEach(credential => keytar.deletePassword(OPAL_KEYTAR_CREDS_KEY, credential.account));
-};
-const getKeytarCreds = async () => {
-    const keyContents = await keytar.findCredentials(OPAL_KEYTAR_CREDS_KEY);
-    if (!keyContents[0]) {
-        return undefined;
-    }
-    const { account, password } = keyContents[0];
-    const parts = account.split('|') || [];
-    return {
-        email: parts[0],
-        organizationID: parts[1],
-        clientIDCandidate: parts[2],
-        accessToken: password
-    };
-};
-class MigrateCreds extends core_1.Command {
-    async run() {
-        const creds = await getKeytarCreds();
-        if (!creds) {
-            this.log("No credentials found in system keystore that need to be migrated");
-            return;
-        }
-        (0, credentials_1.setOpalCredentials)(this, creds.email, creds.organizationID, creds.clientIDCandidate, creds.accessToken);
-        await removeKeytarCreds();
-        this.log("Successfully migrated credentials from system keystore to new store. You should now be able to use the CLI normally, without re-authenticating");
-    }
-}
-MigrateCreds.description = 'Migrates credentials from old keystore to new store. Should only need to be run once';
-MigrateCreds.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-};
-exports.default = MigrateCreds;