opal-security 3.0.0 → 3.0.1-beta.cbf0332

package/lib/commands/login.js

@@ -4,18 +4,18 @@ exports.CLITokenExchangeName = exports.CLIAuthSessionCheckDocument = exports.CLI
 const core_1 = require("@oclif/core");
 const open = require("open");
 const openid_client_1 = require("openid-client");
-const apollo_1 = require("../lib/apollo");
-const credentials_1 = require("../lib/credentials");
 const inquirer = require("inquirer");
 const handler_1 = require("../handler");
+const apollo_1 = require("../lib/apollo");
 const config_1 = require("../lib/config");
-const util_1 = require("../lib/util");
+const credentials_1 = require("../lib/credentials");
 const flags_1 = require("../lib/flags");
-const ISSUER_PROD = 'https://auth.opal.dev';
-const ISSUER_DEV = 'https://authdev.opal.dev';
-const GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
-const CLIENT_ID_PROD = '42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF';
-const CLIENT_ID_DEV = 'XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s';
+const util_1 = require("../lib/util");
+const ISSUER_PROD = "https://auth.opal.dev";
+const ISSUER_DEV = "https://authdev.opal.dev";
+const GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+const CLIENT_ID_PROD = "42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF";
+const CLIENT_ID_DEV = "XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s";
 const CLISignInMethodDocumentLegacy = `
 query CLISignInMethod($input: SignInMethodInput!) {
   signInMethod(input: $input) {
@@ -28,7 +28,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
     }
   }
 }`;
-exports.CLISignInMethodName = 'CLISignInMethod';
+exports.CLISignInMethodName = "CLISignInMethod";
 const CLISignInMethodDocument = `
 query CLISignInMethod($input: SignInMethodInput!) {
   signInMethod(input: $input) {
@@ -42,7 +42,7 @@ query CLISignInMethod($input: SignInMethodInput!) {
     }
   }
 }`;
-exports.CLIAuthSessionCheckName = 'CLIAuthSessionCheck';
+exports.CLIAuthSessionCheckName = "CLIAuthSessionCheck";
 exports.CLIAuthSessionCheckDocument = `
 query CLIAuthSessionCheck {
   organizationSettings {
@@ -67,7 +67,7 @@ mutation SignIn($input: SignInInput!) {
   }
 }
 `;
-exports.CLITokenExchangeName = 'CLITokenExchange';
+exports.CLITokenExchangeName = "CLITokenExchange";
 const CLITokenExchangeDocument = `
 mutation CLITokenExchange($input: CLITokenExchangeInput!) {
   cliTokenExchange(input: $input) {
@@ -80,81 +80,90 @@ mutation CLITokenExchange($input: CLITokenExchangeInput!) {
 `;
 class Login extends core_1.Command {
     async run() {
-        var _a, _b, _c, _d, _e, _f, _g, _h;
+        var _a, _b, _c, _d, _e, _f, _g;
         try {
             await (0, apollo_1.initClient)(this, false);
             const { flags } = await this.parse(Login);
             const configDir = this.config.configDir;
             const configData = (0, config_1.getOrCreateConfigData)(configDir);
             let email = flags.email;
-            let organizationID;
+            let organizationId;
             let clientIDCandidate;
             const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
             // Only use the previous email + organizationID if email isn't explicitly specified.
             if (!email) {
                 email = existingCreds.email;
-                organizationID = existingCreds.organizationID;
+                organizationId = existingCreds.organizationID;
                 clientIDCandidate = existingCreds.clientIDCandidate;
             }
             await (0, credentials_1.removeOpalCredentials)(this);
-            this.log('Welcome to Opal! ⚡️\n');
-            this.log('Connecting to Opal server URL:', configData[config_1.urlKey]);
-            this.log('If this is incorrect, please run `opal set-url --help`\n');
+            this.log("Welcome to Opal! ⚡\n");
+            this.log("Connecting to Opal server URL:", configData[config_1.urlKey]);
+            this.log("If this is incorrect, please run `opal set-url --help`\n");
             if (email) {
-                this.log('Signing in as: ' + email + ' - to use a different account, run `opal login --email [EMAIL]`');
+                this.log(`Signing in as: ${email} - to use a different account, run \`opal login --email [EMAIL]\``);
             }
             else {
-                const { email: promptEmail } = await inquirer.prompt([{
-                        name: 'email',
-                        message: 'Enter your email:',
-                        type: 'input',
-                        validate: email => Boolean(email),
-                    }]);
+                const { email: promptEmail } = await inquirer.prompt([
+                    {
+                        name: "email",
+                        message: "Enter your email:",
+                        type: "input",
+                        validate: (email) => Boolean(email),
+                    },
+                ]);
                 email = promptEmail;
             }
-            if (!organizationID) {
+            if (!organizationId) {
                 let signInOrganizationsLegacyResponse;
-                const { resp: signInOrganizationsResponse, error } = await (0, handler_1.runQuery)({
+                const { resp: signInOrganizationsResponse, error } = await (0, handler_1.runQueryDeprecated)({
                     command: this,
                     query: CLISignInMethodDocument,
                     variables: { input: { email } },
                 });
-                if (error && error.networkError) {
-                    if ('statusCode' in error.networkError && error.networkError.statusCode === 422) {
-                        const { resp, error: legacyError } = await (0, handler_1.runQuery)({
+                if (error === null || error === void 0 ? void 0 : error.networkError) {
+                    if ("statusCode" in error.networkError &&
+                        error.networkError.statusCode === 422) {
+                        const { resp, error: legacyError } = await (0, handler_1.runQueryDeprecated)({
                             command: this,
                             query: CLISignInMethodDocumentLegacy,
                             variables: { input: { email } },
                         });
                         signInOrganizationsLegacyResponse = resp;
                         if (legacyError) {
-                            this.log(''); // Intentional newline
-                            return (0, apollo_1.handleError)(this, 'Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)');
+                            this.log(""); // Intentional newline
+                            return (0, apollo_1.handleError)(this, "Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)");
                         }
                     }
                     else {
-                        this.log(''); // Intentional newline
-                        return (0, apollo_1.handleError)(this, 'Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)');
+                        this.log(""); // Intentional newline
+                        return (0, apollo_1.handleError)(this, "Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)");
                     }
                 }
-                const signInOrganizations = signInOrganizationsResponse ? (_b = (_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data) === null || _a === void 0 ? void 0 : _a.signInMethod) === null || _b === void 0 ? void 0 : _b.signInOrganizations :
-                    (_d = (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data) === null || _c === void 0 ? void 0 : _c.signInMethod) === null || _d === void 0 ? void 0 : _d.signInOrganizations;
+                const signInOrganizations = ((_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data.signInMethod) === null || _a === void 0 ? void 0 : _a.__typename) ===
+                    "SignInMethodResult"
+                    ? signInOrganizationsResponse.data.signInMethod.signInOrganizations
+                    : ((_b = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _b === void 0 ? void 0 : _b.__typename) === "SignInMethodResult"
+                        ? (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _c === void 0 ? void 0 : _c.signInOrganizations
+                        : undefined;
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
-                        organizationID = signInOrganizations[0].organizationId;
+                        organizationId = signInOrganizations[0].organizationId;
                         clientIDCandidate = signInOrganizations[0].cliClientId;
                     }
                     else {
-                        const responses = await inquirer.prompt([{
-                                name: 'signInOrganization',
-                                message: 'Select an organization:',
-                                type: 'list',
-                                choices: signInOrganizations.map(signInOrganization => ({
+                        const responses = await inquirer.prompt([
+                            {
+                                name: "signInOrganization",
+                                message: "Select an organization:",
+                                type: "list",
+                                choices: signInOrganizations.map((signInOrganization) => ({
                                     name: signInOrganization.organizationName,
                                     value: signInOrganization,
                                 })),
-                            }]);
-                        organizationID = responses.signInOrganization.organizationId;
+                            },
+                        ]);
+                        organizationId = responses.signInOrganization.organizationId;
                         clientIDCandidate = responses.signInOrganization.cliClientId;
                     }
                 }
@@ -167,13 +176,13 @@ class Login extends core_1.Command {
                 command: this,
                 query: SignInDocument,
                 variables: {
-                    input: { organizationId: organizationID },
+                    input: { organizationId },
                 },
             });
-            const state = (_e = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data.signIn) === null || _e === void 0 ? void 0 : _e.state;
+            const state = (_d = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data.signIn) === null || _d === void 0 ? void 0 : _d.state;
             let issuer;
             // issuerURL may come from configData if set by set-airgap-auth
-            if (!!configData.issuerURL) {
+            if (configData.issuerURL) {
                 issuer = await openid_client_1.Issuer.discover(configData.issuerURL);
             }
             else if ((0, config_1.isProduction)(this.config.configDir)) {
@@ -187,7 +196,7 @@ class Login extends core_1.Command {
                 // clientIdCandidate gets stored in creds, and is mostly relevant for on-prem envs using Auth0 and SAML
                 clientID = clientIDCandidate;
             }
-            else if (!!configData.clientID) {
+            else if (configData.clientID) {
                 // clientID may come from configData if set by set-airgap-auth
                 clientID = configData.clientID;
             }
@@ -197,21 +206,19 @@ class Login extends core_1.Command {
             else {
                 clientID = CLIENT_ID_DEV;
             }
-            /* eslint-disable camelcase */
             const client = new issuer.Client({
                 grant_types: [GRANT_TYPE],
                 client_id: clientID,
                 response_types: [],
                 redirect_uris: [],
-                token_endpoint_auth_method: 'none',
-                application_type: 'native',
+                token_endpoint_auth_method: "none",
+                application_type: "native",
             });
-            /* eslint-enable camelcase */
             const handle = await client.deviceAuthorization({
-                audience: 'https://opal.dev',
-                scope: 'openid email profile',
+                audience: "https://opal.dev",
+                scope: "openid email profile",
             });
-            this.log('\nYou are being redirected to your browser to authenticate.\n');
+            this.log("\nYou are being redirected to your browser to authenticate.\n");
             this.log(`      User Code: ${handle.user_code}\n`);
             // Wait before opening the browser window to ensure the user has time to
             // see the User Code.
@@ -231,36 +238,37 @@ class Login extends core_1.Command {
             if (tokenExchangeError) {
                 this.log("WARN: Failed to exchange access token for session in Opal. Falling back to using access token for authenticating requests\n");
                 // TODO: consider adding a warn line recommending upgrading Opal to version XYZ, once accompanying PR is pushed to prod
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationID, clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || '', credentials_1.SecretType.ApiToken);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken);
             }
             else {
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationID, clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie);
             }
             // "Representative" authenticated call to check the log-in worked as expected.
-            const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQuery)({
+            const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQueryDeprecated)({
                 command: this,
                 query: exports.CLIAuthSessionCheckDocument,
                 variables: {},
             });
-            if (authCheckErr || !((_h = (_g = (_f = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _f === void 0 ? void 0 : _f.organizationSettings) === null || _g === void 0 ? void 0 : _g.settings) === null || _h === void 0 ? void 0 : _h.id)) {
-                this.log('Error verifying log in. Authenticated commands may fail. Please double check your URL and use `opal logout; opal login` to try again.\n');
+            if (authCheckErr ||
+                !((_g = (_f = (_e = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _e === void 0 ? void 0 : _e.organizationSettings) === null || _f === void 0 ? void 0 : _f.settings) === null || _g === void 0 ? void 0 : _g.id)) {
+                this.log("Error verifying log in. Authenticated commands may fail. Please double check your URL and use `opal logout; opal login` to try again.\n");
                 await (0, credentials_1.removeOpalCredentials)(this);
                 process.exit(1);
             }
-            this.log('🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n');
+            this.log("🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n");
         }
         catch (error) {
             this.error(error);
         }
     }
 }
-Login.description = 'Authenticates you with the Opal server.';
-Login.examples = ['$ opal login'];
+Login.description = "Authenticates you with the Opal server.";
+Login.examples = ["$ opal login"];
 Login.flags = {
     help: flags_1.SHARED_FLAGS.help,
     email: core_1.Flags.string({
         multiple: false,
-        description: 'Email address to login with.',
+        description: "Email address to login with.",
     }),
 };
 Login.args = {};

package/lib/commands/logout.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class Logout extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/logout.js

@@ -7,15 +7,15 @@ class Logout extends core_1.Command {
     async run() {
         try {
             await (0, credentials_1.removeOpalCredentials)(this);
-            this.log('Successfully removed the saved Account ID and Auth Token from this computer');
+            this.log("Successfully removed the saved Account ID and Auth Token from this computer");
         }
         catch (error) {
             this.error(error);
         }
     }
 }
-Logout.description = 'Clears locally stored Opal server authentication credentials.';
-Logout.examples = ['$ opal logout'];
+Logout.description = "Clears locally stored Opal server authentication credentials.";
+Logout.examples = ["$ opal logout"];
 Logout.flags = {
     help: flags_1.SHARED_FLAGS.help,
 };

package/lib/commands/postgres-instances/start.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class StartPostgresInstanceSession extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/postgres-instances/start.js

@@ -2,12 +2,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const inquirer = require("inquirer");
-const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const resources_1 = require("../../lib/resources");
-const util_1 = require("../../lib/util");
 const sessions_1 = require("../../lib/sessions");
-const flags_1 = require("../../lib/flags");
+const util_1 = require("../../lib/util");
 const RdsSessionMetadataFragment = `
 ... on AwsIamFederatedRdsSession {
   dbUser
@@ -18,18 +18,18 @@ const RdsSessionMetadataFragment = `
 }`;
 const methodChoices = [
     {
-        name: 'Start psql session in shell',
-        value: 'psql',
+        name: "Start psql session in shell",
+        value: "psql",
     },
     {
-        name: 'View connection configuration details',
-        value: 'view',
+        name: "View connection configuration details",
+        value: "view",
     },
 ];
-if (process.platform === 'darwin') {
+if (process.platform === "darwin") {
     methodChoices.unshift({
-        name: 'Open external database app',
-        value: 'open',
+        name: "Open external database app",
+        value: "open",
     });
 }
 class StartPostgresInstanceSession extends core_1.Command {
@@ -37,21 +37,21 @@ class StartPostgresInstanceSession extends core_1.Command {
         (0, cmd_1.setMostRecentCommand)(this);
         const { flags } = await this.parse(StartPostgresInstanceSession);
         if (flags.sessionId && flags.refresh) {
-            return (0, apollo_1.handleError)(this, 'Cannot use both --sessionId and --refresh');
+            return (0, apollo_1.handleError)(this, "Cannot use both --sessionId and --refresh");
         }
         let instanceId = flags.id;
         let instanceName = null;
         const sessionId = flags.sessionId;
         let action = flags.action;
         if (!instanceId) {
-            const selectedInstance = await (0, resources_1.promptUserForResource)(this, 'AWS_RDS_POSTGRES_INSTANCE', 'Select an RDS Postgres instance to connect to');
+            const selectedInstance = await (0, resources_1.promptUserForResource)(this, "AWS_RDS_POSTGRES_INSTANCE", "Select an RDS Postgres instance to connect to");
             if (!selectedInstance) {
                 return;
             }
             instanceId = selectedInstance.id;
             instanceName = selectedInstance.name;
         }
-        const accessLevel = await (0, resources_1.promptUserForAccessLevels)(this, instanceId, 'Postgres database', flags.accessLevelRemoteId);
+        const accessLevel = await (0, resources_1.promptUserForAccessLevels)(this, instanceId, "Postgres database", flags.accessLevelRemoteId);
         if (!accessLevel) {
             return;
         }
@@ -61,29 +61,31 @@ class StartPostgresInstanceSession extends core_1.Command {
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
-            case 'AwsIamFederatedRdsSession': {
+            case "AwsIamFederatedRdsSession": {
                 // Don't inform the user about RDS session expiration time, since RDS works differently.
                 // Opal RDS sessions expire after 15min because after that time they can no longer be used to connect.
                 // However, once connected, RDS sessions can be used for up to 12h.
                 // Since there's many options for how the user can use RDS credentials, it's unclear which expiration
                 // we want to show the user.
                 if (!action) {
-                    const selectedMethodInfo = await inquirer.prompt([{
-                            name: 'method',
-                            message: 'Select how to access the database',
-                            type: 'list',
+                    const selectedMethodInfo = await inquirer.prompt([
+                        {
+                            name: "method",
+                            message: "Select how to access the database",
+                            type: "list",
                             choices: methodChoices,
-                        }]);
+                        },
+                    ]);
                     action = selectedMethodInfo.method;
                 }
                 const dbUrl = `postgresql://${metadata.dbUser}:${encodeURIComponent(metadata.dbPassword)}@${metadata.dbHostname}:${metadata.dbPort}/${metadata.dbName}`;
                 switch (action) {
-                    case 'open': {
-                        let startSessionCmd = `open ${dbUrl}`;
-                        (0, cmd_1.runCommandExec)(startSessionCmd, `Opened external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`, `Failed to open external app for ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
+                    case "open": {
+                        const startSessionCmd = `open ${dbUrl}`;
+                        (0, cmd_1.runCommandExec)(startSessionCmd, `Opened external app for ${instanceName ? `"${instanceName}" instance` : "instance"}`, `Failed to open external app for ${instanceName ? `"${instanceName}" instance` : "instance"}`);
                         break;
                     }
-                    case 'view': {
+                    case "view": {
                         const contentParts = [
                             `[Connection URL]\n${dbUrl}`,
                             `[Hostname]\n${metadata.dbHostname}`,
@@ -92,13 +94,13 @@ class StartPostgresInstanceSession extends core_1.Command {
                             `[Password]\n${metadata.dbPassword}`,
                             `[Database]\n${metadata.dbName}`,
                         ];
-                        const content = contentParts.join('\n\n');
+                        const content = contentParts.join("\n\n");
                         (0, util_1.displayContent)(content);
                         break;
                     }
-                    case 'psql': {
+                    case "psql": {
                         const startSessionCmd = `psql ${dbUrl}`;
-                        (0, cmd_1.startInteractiveShell)(startSessionCmd, `shell with psql session for ${instanceName ? `"${instanceName}" instance` : 'instance'}`);
+                        (0, cmd_1.startInteractiveShell)(startSessionCmd, `shell with psql session for ${instanceName ? `"${instanceName}" instance` : "instance"}`);
                         break;
                     }
                 }
@@ -109,12 +111,12 @@ class StartPostgresInstanceSession extends core_1.Command {
         }
     }
 }
-StartPostgresInstanceSession.description = 'Starts a session to connect to a Postgres database.';
+StartPostgresInstanceSession.description = "Starts a session to connect to a Postgres database.";
 StartPostgresInstanceSession.examples = [
-    'opal postgres-instances:start',
-    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398',
-    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess',
-    'opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view',
+    "opal postgres-instances:start",
+    "opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
+    "opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess",
+    "opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view",
 ];
 StartPostgresInstanceSession.flags = {
     help: flags_1.SHARED_FLAGS.help,
@@ -124,9 +126,8 @@ StartPostgresInstanceSession.flags = {
     refresh: flags_1.SHARED_FLAGS.refresh,
     action: core_1.Flags.string({
         multiple: false,
-        description: 'Method of connecting to the database.\n' +
-            methodChoices.map(c => `- ${c.value}: ${c.name}`).join('\n'),
-        options: methodChoices.map(c => c.value),
+        description: `Method of connecting to the database.\n${methodChoices.map((c) => `- ${c.value}: ${c.name}`).join("\n")}`,
+        options: methodChoices.map((c) => c.value),
     }),
 };
 exports.default = StartPostgresInstanceSession;

package/lib/commands/request/create.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "@oclif/core";
+export default class RequestCreate extends Command {
+    static hidden: boolean;
+    static description: string;
+    run(): Promise<void>;
+}

package/lib/commands/request/create.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const requests_1 = require("../../lib/requests");
+const displays_1 = require("../../utils/displays");
+const utils_1 = require("../../utils/utils");
+class RequestCreate extends core_1.Command {
+    async run() {
+        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
+        const requestMap = new Map();
+        (0, displays_1.headerMessage)();
+        let shouldProceed = false;
+        while (!shouldProceed) {
+            // Step 1: Select first round of assets from an app
+            await (0, requests_1.selectRequestableItems)(requestMap);
+            // Step 2: Display the selected items in a tree format
+            (0, displays_1.headerMessage)();
+            console.log((0, displays_1.treeifyRequestMap)(requestMap), "\n");
+            // Step 3: Prompt to add more items, repeat 1-3 if needed
+            shouldProceed = await (0, requests_1.doneSelectingAssets)();
+        }
+        // Step 4: Prompt for reason
+        const { reason } = await (0, requests_1.promptForReason)();
+        // Step 5: Prompt for expiration
+        const { expiration } = await (0, requests_1.promptForExpiration)();
+        // Step 6: Display final summary of request
+        (0, displays_1.displayFinalRequestSummary)(requestMap, reason, expiration);
+        // Step 7: Prompt for final submition
+        await (0, requests_1.submitFinalRequest)();
+    }
+}
+RequestCreate.hidden = true;
+RequestCreate.description = "Opens an Opal access request";
+exports.default = RequestCreate;

package/lib/commands/request/get.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "@oclif/core";
+export default class RequestGet extends Command {
+    static hidden: boolean;
+    static description: string;
+    run(): Promise<void>;
+}

package/lib/commands/request/get.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const utils_1 = require("../../utils/utils");
+class RequestGet extends core_1.Command {
+    async run() {
+        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
+        this.log("Running the get command");
+    }
+}
+RequestGet.hidden = true;
+RequestGet.description = "Lists access requests";
+exports.default = RequestGet;

package/lib/commands/request/list.d.ts

@@ -0,0 +1,7 @@
+import { Command } from "@oclif/core";
+export default class RequestList extends Command {
+    static hidden: boolean;
+    static description: string;
+    static aliases: string[];
+    run(): Promise<void>;
+}

package/lib/commands/request/list.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const utils_1 = require("../../utils/utils");
+class RequestList extends core_1.Command {
+    async run() {
+        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
+        this.log("Running the list command");
+    }
+}
+RequestList.hidden = true;
+RequestList.description = "Lists access requests";
+RequestList.aliases = ["request:ls"];
+exports.default = RequestList;

package/lib/commands/resources/get.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export declare const GetResourceDocument = "\nquery GetResource($id: ResourceId!) {\n  resource(input: {id: $id}) {\n    __typename\n    ... on ResourceResult {\n      resource {\n        name\n        id\n        description\n        resourceType\n        connection {\n          name\n          id\n          connectionType\n        }\n        parentResource {\n          name\n          id\n          resourceType\n        }\n        resourceUsers {\n          user {\n            fullName\n            email\n            id\n          }\n        }\n      }\n    }\n    ... on ResourceNotFoundError {\n      message\n    }\n  }\n}";
 export default class GetResource extends Command {
     static description: string;

package/lib/commands/resources/get.js

@@ -3,8 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.GetResourceDocument = void 0;
 const core_1 = require("@oclif/core");
 const handler_1 = require("../../handler");
-const cmd_1 = require("../../lib/cmd");
 const apollo_1 = require("../../lib/apollo");
+const cmd_1 = require("../../lib/cmd");
 const flags_1 = require("../../lib/flags");
 exports.GetResourceDocument = `
 query GetResource($id: ResourceId!) {
@@ -44,7 +44,7 @@ class GetResource extends core_1.Command {
     async run() {
         (0, cmd_1.setMostRecentCommand)(this);
         const { flags } = await this.parse(GetResource);
-        const { resp, error } = await (0, handler_1.runQuery)({
+        const { resp, error } = await (0, handler_1.runQueryDeprecated)({
             command: this,
             query: exports.GetResourceDocument,
             variables: flags,
@@ -55,8 +55,10 @@ class GetResource extends core_1.Command {
         (0, apollo_1.printResponse)(this, resp);
     }
 }
-GetResource.description = 'Get resource info for a particular resource.';
-GetResource.examples = ['opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4'];
+GetResource.description = "Get resource info for a particular resource.";
+GetResource.examples = [
+    "opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4",
+];
 GetResource.flags = {
     help: flags_1.SHARED_FLAGS.help,
     id: flags_1.SHARED_FLAGS.id,

package/lib/commands/set-auth-provider.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import { Command } from "@oclif/core";
 export default class SetAuthProvider extends Command {
     static description: string;
     static examples: string[];

package/lib/commands/set-auth-provider.js

@@ -13,7 +13,7 @@ class SetAuthProvider extends core_1.Command {
             configData.clientID = flags.clientID;
             (0, config_1.writeConfigData)(this.config.configDir, configData);
             await (0, credentials_1.removeOpalCredentials)(this);
-            this.log('Client ID and Issuer URL updated');
+            this.log("Client ID and Issuer URL updated");
         }
         catch (error) {
             this.error(error);
@@ -25,18 +25,20 @@ SetAuthProvider.description = `Sets the Issuer URL and Client ID of the Auth Pro
 
   Note - you will need an OIDC provider that supports the device_code grant.
   `;
-SetAuthProvider.examples = ['$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com'];
+SetAuthProvider.examples = [
+    "$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com",
+];
 SetAuthProvider.flags = {
     help: flags_1.SHARED_FLAGS.help,
     clientID: core_1.Flags.string({
         multiple: false,
         description: "Client ID of your Auth Provider",
-        required: true
+        required: true,
     }),
     issuerUrl: core_1.Flags.string({
         multiple: false,
         description: "Issuer URL of your Auth Provider",
-        required: true
+        required: true,
     }),
 };
 exports.default = SetAuthProvider;