opal-security 3.0.0 → 3.0.1-beta.4262451

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.0.0 darwin-arm64 node-v22.14.0
+opal-security/3.0.1-beta.4262451 linux-x64 node-v20.19.0
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -100,7 +100,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -120,7 +120,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -137,7 +137,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/curl-example.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -187,7 +187,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles:start`
 
@@ -218,7 +218,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -239,7 +239,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -259,7 +259,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/logout.ts)_
 
 ## `opal postgres-instances:start`
 
@@ -267,7 +267,7 @@ Starts a session to connect to a Postgres database.
 
 ```
 USAGE
-  $ opal postgres-instances:start [-h] [-i <value>] [-a <value>] [-s <value>] [-r] [--action open|psql|view]
+  $ opal postgres-instances:start [-h] [-i <value>] [-a <value>] [-s <value>] [-r] [--action psql|view]
 
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
@@ -279,10 +279,9 @@ FLAGS
   -s, --sessionId=<value>            The Opal ID of the session to connect to. Uses an existing session that was created
                                      via the web flow.
       --action=<option>              Method of connecting to the database.
-                                     - open: Open external database app
                                      - psql: Start psql session in shell
                                      - view: View connection configuration details
-                                     <options: open|psql|view>
+                                     <options: psql|view>
 
 DESCRIPTION
   Starts a session to connect to a Postgres database.
@@ -297,7 +296,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources:get`
 
@@ -318,7 +317,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -344,7 +343,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -365,7 +364,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -385,7 +384,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -409,7 +408,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/set-url.ts)_
 
 ## `opal ssh:copyFrom`
 
@@ -440,7 +439,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh:copyTo`
 
@@ -471,7 +470,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh:start`
 
@@ -498,7 +497,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.0/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.0.1-beta.4262451/src/commands/ssh/start.ts)_
 
 ## `opal version`
 

package/lib/commands/aws/identity.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class Identity extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/aws/identity.js

@@ -6,12 +6,12 @@ const flags_1 = require("../../lib/flags");
 class Identity extends core_1.Command {
     async run() {
         (0, cmd_1.setMostRecentCommand)(this);
-        const currentCallerIdentityCmd = 'aws sts get-caller-identity --profile opal';
+        const currentCallerIdentityCmd = "aws sts get-caller-identity --profile opal";
         (0, cmd_1.runCommandExec)(currentCallerIdentityCmd, 'This is the current caller identity for the "opal" AWS profile.', 'Failed to get the current caller identity for the "opal" AWS profile.');
     }
 }
 Identity.description = 'Gets the current caller identity for the "opal" AWS profile.';
-Identity.examples = ['opal aws:identity'];
+Identity.examples = ["opal aws:identity"];
 Identity.flags = {
     help: flags_1.SHARED_FLAGS.help,
 };

package/lib/commands/clear-auth-provider.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class ClearAuthProvider extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/clear-auth-provider.js

@@ -13,15 +13,15 @@ class ClearAuthProvider extends core_1.Command {
             configData.clientID = null;
             (0, config_1.writeConfigData)(this.config.configDir, configData);
             await (0, credentials_1.removeOpalCredentials)(this);
-            this.log('Client ID and Issuer URL reset to defaults');
+            this.log("Client ID and Issuer URL reset to defaults");
         }
         catch (error) {
             this.error(error);
         }
     }
 }
-ClearAuthProvider.description = `Clears the custom Issuer URL and Client ID set by set-airgap-auth, returning to the default.`;
-ClearAuthProvider.examples = ['$ opal clear-auth-provider'];
+ClearAuthProvider.description = "Clears the custom Issuer URL and Client ID set by set-airgap-auth, returning to the default.";
+ClearAuthProvider.examples = ["$ opal clear-auth-provider"];
 ClearAuthProvider.flags = {
     help: flags_1.SHARED_FLAGS.help,
 };

package/lib/commands/curl-example.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class CurlExample extends Command {
     static description: string;
     static flags: {

package/lib/commands/curl-example.js

@@ -11,7 +11,7 @@ class CurlExample extends core_1.Command {
         const organizationID = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationID;
         const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
         const url = configData[config_1.urlKey];
-        let authStr = '';
+        let authStr = "";
         if (opalCreds.secretType === credentials_1.SecretType.ApiToken) {
             authStr = `Authorization: Bearer ${secret}`;
         }
@@ -27,7 +27,7 @@ curl -v ${url}/query \\
 `);
     }
 }
-CurlExample.description = 'Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.';
+CurlExample.description = "Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.";
 CurlExample.flags = {
     help: flags_1.SHARED_FLAGS.help,
 };

package/lib/commands/iam-roles/start.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class StartIAMRoleSession extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/iam-roles/start.js

@@ -1,14 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
+const get_1 = require("../../commands/resources/get");
 const handler_1 = require("../../handler");
-const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
 const aws_1 = require("../../lib/aws");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
-const get_1 = require("../../commands/resources/get");
 const sessions_1 = require("../../lib/sessions");
-const flags_1 = require("../../lib/flags");
 const IamSessionMetadataFragment = `
 ... on AwsIamFederatedRoleSession {
   awsAccessKeyId
@@ -22,13 +22,13 @@ class StartIAMRoleSession extends core_1.Command {
         (0, cmd_1.setMostRecentCommand)(this);
         const { flags } = await this.parse(StartIAMRoleSession);
         if (flags.sessionId && flags.refresh) {
-            return (0, apollo_1.handleError)(this, 'Cannot use both --sessionId and --refresh');
+            return (0, apollo_1.handleError)(this, "Cannot use both --sessionId and --refresh");
         }
         let roleId = flags.id;
         let roleName = null;
         const sessionId = flags.sessionId;
         if (!roleId) {
-            const selectedRole = await (0, resources_1.promptUserForResource)(this, 'AWS_IAM_ROLE', 'Select an IAM role to assume');
+            const selectedRole = await (0, resources_1.promptUserForResource)(this, "AWS_IAM_ROLE", "Select an IAM role to assume");
             if (!selectedRole) {
                 return;
             }
@@ -36,7 +36,7 @@ class StartIAMRoleSession extends core_1.Command {
             roleName = selectedRole.name;
         }
         else {
-            const { resp, error } = await (0, handler_1.runQuery)({
+            const { resp, error } = await (0, handler_1.runQueryDeprecated)({
                 command: this,
                 query: get_1.GetResourceDocument,
                 variables: {
@@ -49,9 +49,9 @@ class StartIAMRoleSession extends core_1.Command {
             if (!(resp === null || resp === void 0 ? void 0 : resp.data.resource.resource)) {
                 return (0, apollo_1.handleError)(this, `Resource not found for ID: ${roleId}`);
             }
-            roleName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || 'iam-role';
+            roleName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || "iam-role";
         }
-        if (flags.profileName && flags.profileName !== '') {
+        if (flags.profileName && flags.profileName !== "") {
             roleName = flags.profileName;
         }
         const session = await (0, sessions_1.getOrCreateSession)(this, roleId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, IamSessionMetadataFragment, flags.refresh);
@@ -60,10 +60,10 @@ class StartIAMRoleSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedRoleSession': {
+            case "AwsIamFederatedRoleSession": {
                 const updateAwsConfigCommand = (0, aws_1.getAwsConfigUpdateCmd)(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
                 const startSessionCmd = `${updateAwsConfigCommand}`;
-                const roleText = roleName ? `"${roleName}" role` : 'role';
+                const roleText = roleName ? `"${roleName}" role` : "role";
                 const expirationMessage = (0, sessions_1.getSessionExpirationMessage)(session);
                 (0, cmd_1.runCommandExec)(startSessionCmd, `Now set to use ${roleText}. (session expires in ${expirationMessage})${(0, aws_1.getAwsEnvVarMessage)()}`, `Failed to use ${roleText}.`);
                 break;
@@ -73,10 +73,10 @@ class StartIAMRoleSession extends core_1.Command {
         }
     }
 }
-StartIAMRoleSession.description = 'Starts a session to assume an IAM role.';
+StartIAMRoleSession.description = "Starts a session to assume an IAM role.";
 StartIAMRoleSession.examples = [
-    'opal iam-roles:start',
-    'opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
+    "opal iam-roles:start",
+    "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
     'opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"',
 ];
 StartIAMRoleSession.flags = {
@@ -86,7 +86,7 @@ StartIAMRoleSession.flags = {
     refresh: flags_1.SHARED_FLAGS.refresh,
     profileName: core_1.Flags.string({
         multiple: false,
-        description: 'Uses a custom AWS profile name for the IAM role. Default value is the role\'s name.',
+        description: "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
     }),
 };
 exports.default = StartIAMRoleSession;

package/lib/commands/kube-roles/start.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class StartKubeIAMRoleSession extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/kube-roles/start.js

@@ -1,12 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
-const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
 const aws_1 = require("../../lib/aws");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
 const sessions_1 = require("../../lib/sessions");
-const flags_1 = require("../../lib/flags");
 const EksSessionMetadataFragment = `
 ... on AwsIamFederatedEksSession {
   awsAccessKeyId
@@ -20,19 +20,19 @@ class StartKubeIAMRoleSession extends core_1.Command {
         (0, cmd_1.setMostRecentCommand)(this);
         const { flags } = await this.parse(StartKubeIAMRoleSession);
         if (flags.sessionId && flags.refresh) {
-            return (0, apollo_1.handleError)(this, 'Cannot use both --sessionId and --refresh');
+            return (0, apollo_1.handleError)(this, "Cannot use both --sessionId and --refresh");
         }
         let clusterId = flags.id;
         const sessionId = flags.sessionId;
         if (!clusterId) {
-            const selectedCluster = await (0, resources_1.promptUserForResource)(this, 'AWS_EKS_CLUSTER', 'Select an EKS Kubernetes cluster to connect to');
+            const selectedCluster = await (0, resources_1.promptUserForResource)(this, "AWS_EKS_CLUSTER", "Select an EKS Kubernetes cluster to connect to");
             if (!selectedCluster) {
                 return;
             }
             clusterId = selectedCluster.id;
         }
         // Fetch all access levels for resource
-        const accessLevel = await (0, resources_1.promptUserForAccessLevels)(this, clusterId, 'Kubernetes cluster', flags.accessLevelRemoteId);
+        const accessLevel = await (0, resources_1.promptUserForAccessLevels)(this, clusterId, "Kubernetes cluster", flags.accessLevelRemoteId);
         if (!accessLevel) {
             return;
         }
@@ -42,12 +42,12 @@ class StartKubeIAMRoleSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedEksSession': {
+            case "AwsIamFederatedEksSession": {
                 const roleName = accessLevel.accessLevelName;
                 const updateAwsConfigCommand = (0, aws_1.getAwsConfigUpdateCmd)(roleName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
                 const updateKubeConfigCmd = `aws eks update-kubeconfig --name ${metadata.clusterName} --region ${metadata.clusterRegion} --alias ${metadata.clusterName} --profile opal`;
                 const startSessionCmd = `${updateAwsConfigCommand} && ${updateKubeConfigCmd}`;
-                const roleText = roleName ? `"${roleName}" role` : 'role';
+                const roleText = roleName ? `"${roleName}" role` : "role";
                 const expirationMessage = (0, sessions_1.getSessionExpirationMessage)(session);
                 (0, cmd_1.runCommandExec)(startSessionCmd, `Now set to use ${roleText} with updated Kube config pointing to "${metadata.clusterName}" cluster. (session expires in ${expirationMessage})${(0, aws_1.getAwsEnvVarMessage)()}`, `Failed to assume ${roleText} and update Kube config.`);
                 break;
@@ -57,10 +57,10 @@ class StartKubeIAMRoleSession extends core_1.Command {
         }
     }
 }
-StartKubeIAMRoleSession.description = 'Starts a session to assume a Kubernetes cluster IAM role.';
+StartKubeIAMRoleSession.description = "Starts a session to assume a Kubernetes cluster IAM role.";
 StartKubeIAMRoleSession.examples = [
-    'opal kube-roles:start',
-    'opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
+    "opal kube-roles:start",
+    "opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
     'opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"',
 ];
 StartKubeIAMRoleSession.flags = {

package/lib/commands/login.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export declare const CLISignInMethodName = "CLISignInMethod";
 export declare const CLIAuthSessionCheckName = "CLIAuthSessionCheck";
 export declare const CLIAuthSessionCheckDocument = "\nquery CLIAuthSessionCheck {\n  organizationSettings {\n      ... on OrganizationSettingsResult {\n        settings {\n          id\n        }\n      }\n  }\n}\n";