opal-security 3.1.1-beta.55edef9 → 3.1.1-beta.5641f4d

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.1.1-beta.55edef9 linux-x64 node-v20.19.2
+opal-security/3.1.1-beta.5641f4d linux-x64 node-v20.19.2
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -101,7 +101,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -121,7 +121,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -138,7 +138,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -150,7 +150,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get group info for a particular group.
@@ -159,7 +159,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -191,7 +191,7 @@ USAGE
 
 FLAGS
   -h, --help                 Show CLI help.
-  -i, --id=<value>           The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>           The Opal ID of the asset. You can find this from the URL, e.g.
                              https://opal.dev/resources/[ID]
   -r, --refresh              Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>    The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -209,7 +209,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -222,7 +222,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -240,7 +240,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -261,7 +261,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -281,7 +281,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -294,7 +294,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -318,7 +318,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources get`
 
@@ -330,7 +330,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get resource info for a particular resource.
@@ -339,7 +339,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -365,7 +365,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -386,7 +386,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -406,7 +406,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -430,7 +430,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -442,7 +442,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -461,7 +461,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -473,7 +473,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -492,7 +492,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -504,7 +504,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -r, --refresh            Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -519,7 +519,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.55edef9/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.5641f4d/src/commands/ssh/start.ts)_
 
 ## `opal version`
 

package/lib/commands/request/create.d.ts

@@ -2,5 +2,9 @@ import { Command } from "@oclif/core";
 export default class RequestCreate extends Command {
     static hidden: boolean;
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        id: import("@oclif/core/lib/interfaces").OptionFlag<string[] | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
     run(): Promise<void>;
 }

package/lib/commands/request/create.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
+const flags_1 = require("../../lib/flags");
 const requests_1 = require("../../lib/requests");
 const displays_1 = require("../../utils/displays");
 const utils_1 = require("../../utils/utils");
@@ -10,17 +11,23 @@ class RequestCreate extends core_1.Command {
         await (0, apollo_1.initClient)(this, true);
         const client = await (0, apollo_1.getClient)(this, true);
         (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
+        const { flags } = await this.parse(RequestCreate);
         const metadata = (0, requests_1.initEmptyRequestMetadata)();
-        (0, displays_1.headerMessage)(this);
-        let shouldProceed = false;
-        while (!shouldProceed) {
-            // Step 1: Select first round of assets from an app
-            await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
-            // Step 2: Display the selected items in a tree format
+        if (flags.id) {
+            (0, requests_1.bypassRequestSelection)(this, client, flags.id, metadata);
+        }
+        else {
             (0, displays_1.headerMessage)(this);
-            this.log((0, displays_1.treeifyRequestMap)(metadata.requestMap), "\n");
-            // Step 3: Prompt to add more items, repeat 1-3 if needed
-            shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            let shouldProceed = false;
+            while (!shouldProceed) {
+                // Step 1: Select first round of assets from an app
+                await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
+                // Step 2: Display the selected items in a tree format
+                (0, displays_1.headerMessage)(this);
+                (0, displays_1.treeifyRequestMap)(this, metadata.requestMap);
+                // Step 3: Prompt to add more items, repeat 1-3 if needed
+                shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            }
         }
         // Step 4: Set Request Defaults
         await (0, requests_1.setRequestDefaults)(this, client, metadata);
@@ -36,4 +43,12 @@ class RequestCreate extends core_1.Command {
 }
 RequestCreate.hidden = true;
 RequestCreate.description = "Creates an Opal access request via an interactive form";
+RequestCreate.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+    id: core_1.Flags.string({
+        char: "i",
+        multiple: true,
+        description: "The id of the asset (resource, group) to request access to. Append a role ID using a colon if needed, e.g. `--id 123:456`.",
+    }),
+};
 exports.default = RequestCreate;

package/lib/commands/request/list.js

@@ -66,7 +66,7 @@ class ListRequests extends core_1.Command {
         let showPendingOnly = false;
         const { flags } = await this.parse(ListRequests);
         if (flags.n) {
-            pageSize = flags.pageSinze;
+            pageSize = flags.n;
         }
         if (flags.showPendingOnly) {
             showPendingOnly = flags.showPendingOnly;
@@ -84,7 +84,7 @@ class ListRequests extends core_1.Command {
             (0, apollo_1.printResponse)(this, resp);
         }
         else {
-            (0, displays_1.displayRequestList)(this, resp);
+            (0, displays_1.displayRequestListTable)(this, resp);
         }
     }
 }

package/lib/graphql/gql.d.ts

@@ -22,6 +22,7 @@ type Documents = {
     "\nquery GroupAccessLevels($groupId: GroupId!) {\n  groupAccessLevels(\n    input: { groupId: $groupId }\n  ) {\n    ... on GroupAccessLevelsResult {\n      groupId\n      accessLevels {\n        ... on GroupAccessLevel {\n            accessLevelName\n            accessLevelRemoteId\n          }\n      }\n    }\n  }\n}\n": typeof types.GroupAccessLevelsDocument;
     "\n  query RequestDefaults(\n    $requestedResources: [RequestConfigurationResourceInput!]!\n    $requestedGroups: [RequestConfigurationGroupInput!]!\n    ) {\n    requestDefaults(input: {\n      requestedResources: $requestedResources,\n      requestedGroups: $requestedGroups,\n      }\n    ) {\n      ... on RequestDefaults {\n        durationOptions {\n          durationInMinutes\n          label\n        }\n        recommendedDurationInMinutes\n        defaultDurationInMinutes\n        maxDurationInMinutes\n        requireSupportTicket\n        reasonOptional\n        requesterIsAdmin\n      }\n    }\n  }": typeof types.RequestDefaultsDocument;
     "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n": typeof types.CreateRequestDocument;
+    "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  ": typeof types.GetCatalogItemDocument;
 };
 declare const documents: Documents;
 /**
@@ -77,5 +78,9 @@ export declare function graphql(source: "\n  query RequestDefaults(\n    $reques
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export declare function graphql(source: "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n"): (typeof documents)["\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n"];
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  "): (typeof documents)["\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  "];
 export type DocumentType<TDocumentNode extends DocumentNode<any, any>> = TDocumentNode extends DocumentNode<infer TType, any> ? TType : never;
 export {};

package/lib/graphql/gql.js

@@ -14,6 +14,7 @@ const documents = {
     "\nquery GroupAccessLevels($groupId: GroupId!) {\n  groupAccessLevels(\n    input: { groupId: $groupId }\n  ) {\n    ... on GroupAccessLevelsResult {\n      groupId\n      accessLevels {\n        ... on GroupAccessLevel {\n            accessLevelName\n            accessLevelRemoteId\n          }\n      }\n    }\n  }\n}\n": types.GroupAccessLevelsDocument,
     "\n  query RequestDefaults(\n    $requestedResources: [RequestConfigurationResourceInput!]!\n    $requestedGroups: [RequestConfigurationGroupInput!]!\n    ) {\n    requestDefaults(input: {\n      requestedResources: $requestedResources,\n      requestedGroups: $requestedGroups,\n      }\n    ) {\n      ... on RequestDefaults {\n        durationOptions {\n          durationInMinutes\n          label\n        }\n        recommendedDurationInMinutes\n        defaultDurationInMinutes\n        maxDurationInMinutes\n        requireSupportTicket\n        reasonOptional\n        requesterIsAdmin\n      }\n    }\n  }": types.RequestDefaultsDocument,
     "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n": types.CreateRequestDocument,
+    "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  ": types.GetCatalogItemDocument,
 };
 function graphql(source) {
     var _a;

package/lib/graphql/graphql.d.ts

@@ -11752,6 +11752,48 @@ export type CreateRequestMutation = {
         userId: string;
     };
 };
+export type GetCatalogItemQueryVariables = Exact<{
+    uuid: Scalars["UUID"]["input"];
+}>;
+export type GetCatalogItemQuery = {
+    __typename?: "Query";
+    catalogItem: {
+        __typename: "Connection";
+        id: string;
+        displayName: string;
+    } | {
+        __typename: "Group";
+        id: string;
+        name: string;
+        connection?: {
+            __typename?: "Connection";
+            id: string;
+            displayName: string;
+        } | null;
+        accessLevels?: Array<{
+            __typename?: "GroupAccessLevel";
+            accessLevelName: string;
+            accessLevelRemoteId: string;
+        }> | null;
+    } | {
+        __typename: "Resource";
+        id: string;
+        displayName: string;
+        connection?: {
+            __typename?: "Connection";
+            id: string;
+            displayName: string;
+        } | null;
+        accessLevels?: Array<{
+            __typename?: "ResourceAccessLevel";
+            accessLevelName: string;
+            accessLevelRemoteId: string;
+        }> | null;
+    } | {
+        __typename: "UserFacingError";
+        message: string;
+    };
+};
 export declare const GetGroupDocument: DocumentNode<GetGroupQuery, GetGroupQueryVariables>;
 export declare const GetRequestDocument: DocumentNode<GetRequestQuery, GetRequestQueryVariables>;
 export declare const GetRequestsDocument: DocumentNode<GetRequestsQuery, GetRequestsQueryVariables>;
@@ -11762,3 +11804,4 @@ export declare const ResourceAccessLevelsDocument: DocumentNode<ResourceAccessLe
 export declare const GroupAccessLevelsDocument: DocumentNode<GroupAccessLevelsQuery, GroupAccessLevelsQueryVariables>;
 export declare const RequestDefaultsDocument: DocumentNode<RequestDefaultsQuery, RequestDefaultsQueryVariables>;
 export declare const CreateRequestDocument: DocumentNode<CreateRequestMutation, CreateRequestMutationVariables>;
+export declare const GetCatalogItemDocument: DocumentNode<GetCatalogItemQuery, GetCatalogItemQueryVariables>;

package/lib/graphql/graphql.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.GroupUserSource = exports.GroupUserSortByField = exports.GroupType = exports.GroupResourceSource = exports.GroupBindingsSortByField = exports.GroupBindingSuggestionsSortByField = exports.GeneralSettingType = exports.FiltersMatchMode = exports.FilterRule = exports.FactorType = exports.EventType = exports.EventSeverity = exports.ErrorNotificationSettingType = exports.EntityType = exports.ConnectionValidationStatus = exports.ConnectionValidationSeverity = exports.ConnectionType = exports.BundlesSortByField = exports.BundleItemsSortByField = exports.AuthType = exports.AuthSessionStatus = exports.AuthFlowType = exports.AssociatedItemsSortByField = exports.AssignmentsSortByField = exports.AppsSortByField = exports.AppType = exports.AppItemsSortByField = exports.AppCategory = exports.ApiAuthType = exports.ApiAccessLevel = exports.AldwinRole = exports.AccessType = exports.AccessRuleStatus = exports.AccessReviewUserWarningType = exports.AccessReviewType = exports.AccessReviewTab = exports.AccessReviewSummaryStatus = exports.AccessReviewStatus = exports.AccessReviewReviewerAssignmentPolicy = exports.AccessReviewItemsSortByField = exports.AccessReviewItemStatus = exports.AccessReviewItemOutcome = exports.AccessReviewGroupResourceVisibilityPolicy = exports.AccessReviewGroupItemKind = exports.AccessReviewEndUserView = exports.AccessReviewAssignedStatus = exports.AccessReviewAction = exports.AccessOption = exports.AccessChangeType = exports.AwsIdentityCenterImportSetting = void 0;
 exports.TagsSortByField = exports.TagFilterMatchMode = exports.SyncType = exports.SyncTaskStatus = exports.SubEventsSortByField = exports.StringFormatType = exports.SortDirection = exports.ServiceType = exports.SearchType = exports.RolePermissionTargetType = exports.RolePermission = exports.RoleAssignmentsSortByField = exports.RoleAssignmentSource = exports.RiskLevel = exports.ReviewerUserStatus = exports.ReviewerAction = exports.ReviewStageOperator = exports.ResourceUserSource = exports.ResourceUserSortByField = exports.ResourceType = exports.RequestsSortByField = exports.RequestType = exports.RequestTemplateCustomFieldType = exports.RequestStatus = exports.RequestMessageLevel = exports.RequestMessageCode = exports.RequestApprovalType = exports.RecommendationsSubscoreType = exports.RecommendationsMetricType = exports.RecommendationsFeedbackType = exports.RecommendationsEntityType = exports.PubsubPublishMessageType = exports.PubsubPublishMessageStatusCode = exports.PubsubPublishConnectionType = exports.ProvisionSource = exports.PropagationTaskType = exports.PropagationStatusCode = exports.OwnersSortByField = exports.OrganizationType = exports.OidcProviderType = exports.NotificationType = exports.MessageChannelType = exports.MfaProvider = exports.IntegrationType = exports.ImportSetting = exports.IdpConnectionUserAttributeUseAs = exports.IdpConnectionType = exports.IdentityCategory = exports.HrIdpStatus = exports.HealthStatus = void 0;
-exports.CreateRequestDocument = exports.RequestDefaultsDocument = exports.GroupAccessLevelsDocument = exports.ResourceAccessLevelsDocument = exports.PaginatedEntityDropdownDocument = exports.GetRequestableAppsQueryDocument = exports.CheckAuthSessionQueryDocument = exports.GetRequestsDocument = exports.GetRequestDocument = exports.GetGroupDocument = exports.RequestDecisionLevel = exports.WebhookPubsubPublishConnectionAuthType = exports.WebhookPubsubPublishConnectionApiKeyLocation = exports.Visibility = exports.VerifyFactorStatus = exports.UsersSortByField = exports.UserProductRole = exports.UserErrorType = exports.UsageAttributionType = exports.UiSource = exports.TimePeriod = exports.TimeBucket = exports.ThirdPartyProvider = exports.TaskTrigger = void 0;
+exports.GetCatalogItemDocument = exports.CreateRequestDocument = exports.RequestDefaultsDocument = exports.GroupAccessLevelsDocument = exports.ResourceAccessLevelsDocument = exports.PaginatedEntityDropdownDocument = exports.GetRequestableAppsQueryDocument = exports.CheckAuthSessionQueryDocument = exports.GetRequestsDocument = exports.GetRequestDocument = exports.GetGroupDocument = exports.RequestDecisionLevel = exports.WebhookPubsubPublishConnectionAuthType = exports.WebhookPubsubPublishConnectionApiKeyLocation = exports.Visibility = exports.VerifyFactorStatus = exports.UsersSortByField = exports.UserProductRole = exports.UserErrorType = exports.UsageAttributionType = exports.UiSource = exports.TimePeriod = exports.TimeBucket = exports.ThirdPartyProvider = exports.TaskTrigger = void 0;
 var AwsIdentityCenterImportSetting;
 (function (AwsIdentityCenterImportSetting) {
     AwsIdentityCenterImportSetting["All"] = "ALL";
@@ -3496,3 +3496,186 @@ exports.CreateRequestDocument = {
         },
     ],
 };
+exports.GetCatalogItemDocument = {
+    kind: "Document",
+    definitions: [
+        {
+            kind: "OperationDefinition",
+            operation: "query",
+            name: { kind: "Name", value: "GetCatalogItem" },
+            variableDefinitions: [
+                {
+                    kind: "VariableDefinition",
+                    variable: { kind: "Variable", name: { kind: "Name", value: "uuid" } },
+                    type: {
+                        kind: "NonNullType",
+                        type: { kind: "NamedType", name: { kind: "Name", value: "UUID" } },
+                    },
+                },
+            ],
+            selectionSet: {
+                kind: "SelectionSet",
+                selections: [
+                    {
+                        kind: "Field",
+                        name: { kind: "Name", value: "catalogItem" },
+                        arguments: [
+                            {
+                                kind: "Argument",
+                                name: { kind: "Name", value: "id" },
+                                value: {
+                                    kind: "Variable",
+                                    name: { kind: "Name", value: "uuid" },
+                                },
+                            },
+                        ],
+                        selectionSet: {
+                            kind: "SelectionSet",
+                            selections: [
+                                { kind: "Field", name: { kind: "Name", value: "__typename" } },
+                                {
+                                    kind: "InlineFragment",
+                                    typeCondition: {
+                                        kind: "NamedType",
+                                        name: { kind: "Name", value: "Connection" },
+                                    },
+                                    selectionSet: {
+                                        kind: "SelectionSet",
+                                        selections: [
+                                            { kind: "Field", name: { kind: "Name", value: "id" } },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "displayName" },
+                                            },
+                                        ],
+                                    },
+                                },
+                                {
+                                    kind: "InlineFragment",
+                                    typeCondition: {
+                                        kind: "NamedType",
+                                        name: { kind: "Name", value: "Resource" },
+                                    },
+                                    selectionSet: {
+                                        kind: "SelectionSet",
+                                        selections: [
+                                            { kind: "Field", name: { kind: "Name", value: "id" } },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "displayName" },
+                                            },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "connection" },
+                                                selectionSet: {
+                                                    kind: "SelectionSet",
+                                                    selections: [
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "id" },
+                                                        },
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "displayName" },
+                                                        },
+                                                    ],
+                                                },
+                                            },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "accessLevels" },
+                                                selectionSet: {
+                                                    kind: "SelectionSet",
+                                                    selections: [
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "accessLevelName" },
+                                                        },
+                                                        {
+                                                            kind: "Field",
+                                                            name: {
+                                                                kind: "Name",
+                                                                value: "accessLevelRemoteId",
+                                                            },
+                                                        },
+                                                    ],
+                                                },
+                                            },
+                                        ],
+                                    },
+                                },
+                                {
+                                    kind: "InlineFragment",
+                                    typeCondition: {
+                                        kind: "NamedType",
+                                        name: { kind: "Name", value: "Group" },
+                                    },
+                                    selectionSet: {
+                                        kind: "SelectionSet",
+                                        selections: [
+                                            { kind: "Field", name: { kind: "Name", value: "id" } },
+                                            { kind: "Field", name: { kind: "Name", value: "name" } },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "connection" },
+                                                selectionSet: {
+                                                    kind: "SelectionSet",
+                                                    selections: [
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "id" },
+                                                        },
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "displayName" },
+                                                        },
+                                                    ],
+                                                },
+                                            },
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "accessLevels" },
+                                                selectionSet: {
+                                                    kind: "SelectionSet",
+                                                    selections: [
+                                                        {
+                                                            kind: "Field",
+                                                            name: { kind: "Name", value: "accessLevelName" },
+                                                        },
+                                                        {
+                                                            kind: "Field",
+                                                            name: {
+                                                                kind: "Name",
+                                                                value: "accessLevelRemoteId",
+                                                            },
+                                                        },
+                                                    ],
+                                                },
+                                            },
+                                        ],
+                                    },
+                                },
+                                {
+                                    kind: "InlineFragment",
+                                    typeCondition: {
+                                        kind: "NamedType",
+                                        name: { kind: "Name", value: "UserFacingError" },
+                                    },
+                                    selectionSet: {
+                                        kind: "SelectionSet",
+                                        selections: [
+                                            {
+                                                kind: "Field",
+                                                name: { kind: "Name", value: "message" },
+                                            },
+                                        ],
+                                    },
+                                },
+                            ],
+                        },
+                    },
+                ],
+            },
+        },
+    ],
+};

package/lib/lib/flags.js

@@ -7,7 +7,7 @@ exports.SHARED_FLAGS = {
     id: core_1.Flags.string({
         multiple: false,
         char: "i",
-        description: "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+        description: "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
     }),
     accessLevelRemoteId: core_1.Flags.string({
         multiple: false,

package/lib/lib/requests.d.ts

@@ -43,4 +43,5 @@ export declare function setRequestDefaults(cmd: Command, client: ApolloClient<No
 export declare function promptForReason(metadata: RequestMetadata): Promise<void>;
 export declare function promptForExpiration(metadata: RequestMetadata): Promise<void>;
 export declare function submitFinalRequest(cmd: Command, client: ApolloClient<NormalizedCacheObject>, metadata: RequestMetadata): Promise<void>;
+export declare function bypassRequestSelection(cmd: Command, client: ApolloClient<NormalizedCacheObject>, flagIds: string[], metadata: RequestMetadata): Promise<void>;
 export {};

package/lib/lib/requests.js

@@ -9,6 +9,7 @@ exports.setRequestDefaults = setRequestDefaults;
 exports.promptForReason = promptForReason;
 exports.promptForExpiration = promptForExpiration;
 exports.submitFinalRequest = submitFinalRequest;
+exports.bypassRequestSelection = bypassRequestSelection;
 const chalk_1 = require("chalk");
 const inquirer = require("inquirer");
 const graphql_1 = require("../graphql");
@@ -89,13 +90,12 @@ async function queryRequestableApps(cmd, client, input) {
                 default:
                     type = edge.node.__typename;
             }
-            const label = `${edge.node.displayName} (${type})`;
             return {
-                message: label,
+                message: `${edge.node.displayName} [${type}]`,
                 value: {
                     id: edge.node.id,
-                    name: label,
-                    toString: () => label,
+                    name: edge.node.displayName,
+                    toString: () => edge.node.displayName,
                 },
             };
         });
@@ -162,11 +162,10 @@ async function queryRequestableAssets(cmd, client, appId, input) {
                     const name = ((_a = item.resource) === null || _a === void 0 ? void 0 : _a.name) || ((_b = item.group) === null || _b === void 0 ? void 0 : _b.name);
                     const id = ((_c = item.resource) === null || _c === void 0 ? void 0 : _c.id) || ((_d = item.group) === null || _d === void 0 ? void 0 : _d.id);
                     const type = ((_e = item.resource) === null || _e === void 0 ? void 0 : _e.__typename) || ((_f = item.group) === null || _f === void 0 ? void 0 : _f.__typename);
-                    const label = `${name} (${type})`;
                     return {
-                        message: label,
+                        message: `${name} [${type}]`,
                         value: {
-                            name: label || "",
+                            name: name || "",
                             id: id || "",
                             type: ((_g = item.resource) === null || _g === void 0 ? void 0 : _g.__typename) || ((_h = item.group) === null || _h === void 0 ? void 0 : _h.__typename) || "",
                         },
@@ -428,57 +427,56 @@ async function createRequest(cmd, client, requestedResources, requestedGroups, r
                 durationInMinutes: durationInMinutes,
             },
         });
-        let x;
         switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.createRequest.__typename) {
             case "CreateRequestResult":
                 return (_b = resp.data) === null || _b === void 0 ? void 0 : _b.createRequest.request;
             case "RequestDurationTooLargeError":
-                x = cmd.error((_c = resp.data) === null || _c === void 0 ? void 0 : _c.createRequest.message);
+                cmd.log((_c = resp.data) === null || _c === void 0 ? void 0 : _c.createRequest.message);
                 break;
             case "RequestRequiresUserAuthTokenForConnectionError":
-                x = cmd.error((_d = resp.data) === null || _d === void 0 ? void 0 : _d.createRequest.message);
+                cmd.log((_d = resp.data) === null || _d === void 0 ? void 0 : _d.createRequest.message);
                 break;
             case "NoReviewersSetForOwnerError":
-                x = cmd.error((_e = resp.data) === null || _e === void 0 ? void 0 : _e.createRequest.message);
+                cmd.log((_e = resp.data) === null || _e === void 0 ? void 0 : _e.createRequest.message);
                 break;
             case "NoReviewersSetForResourceError":
-                x = cmd.error((_f = resp.data) === null || _f === void 0 ? void 0 : _f.createRequest.message);
+                cmd.log((_f = resp.data) === null || _f === void 0 ? void 0 : _f.createRequest.message);
                 break;
             case "NoReviewersSetForGroupError":
-                x = cmd.error((_g = resp.data) === null || _g === void 0 ? void 0 : _g.createRequest.message);
+                cmd.log((_g = resp.data) === null || _g === void 0 ? void 0 : _g.createRequest.message);
                 break;
             case "NoManagerSetForRequestingUserError":
-                x = cmd.error((_h = resp.data) === null || _h === void 0 ? void 0 : _h.createRequest.message);
+                cmd.log((_h = resp.data) === null || _h === void 0 ? void 0 : _h.createRequest.message);
                 break;
             case "MfaInvalidError":
-                x = cmd.error((_j = resp.data) === null || _j === void 0 ? void 0 : _j.createRequest.message);
+                cmd.log((_j = resp.data) === null || _j === void 0 ? void 0 : _j.createRequest.message);
                 break;
             case "BulkRequestTooLargeError":
-                x = cmd.error((_k = resp.data) === null || _k === void 0 ? void 0 : _k.createRequest.message);
+                cmd.log((_k = resp.data) === null || _k === void 0 ? void 0 : _k.createRequest.message);
                 break;
             case "ItemCannotBeRequestedError":
-                x = cmd.error((_l = resp.data) === null || _l === void 0 ? void 0 : _l.createRequest.message);
+                cmd.log((_l = resp.data) === null || _l === void 0 ? void 0 : _l.createRequest.message);
                 break;
             case "UserCannotRequestAccessForTargetGroupError":
-                x = cmd.error((_m = resp.data) === null || _m === void 0 ? void 0 : _m.createRequest.message);
+                cmd.log((_m = resp.data) === null || _m === void 0 ? void 0 : _m.createRequest.message);
                 break;
             case "GroupNestingNotAllowedError":
-                x = cmd.error((_o = resp.data) === null || _o === void 0 ? void 0 : _o.createRequest.message);
+                cmd.log((_o = resp.data) === null || _o === void 0 ? void 0 : _o.createRequest.message);
                 break;
             case "TargetUserHasNestedAccessError":
-                x = cmd.error((_p = resp.data) === null || _p === void 0 ? void 0 : _p.createRequest.message);
+                cmd.log((_p = resp.data) === null || _p === void 0 ? void 0 : _p.createRequest.message);
                 break;
             case "RequestReasonMissingError":
-                x = cmd.error((_q = resp.data) === null || _q === void 0 ? void 0 : _q.createRequest.message);
+                cmd.log((_q = resp.data) === null || _q === void 0 ? void 0 : _q.createRequest.message);
                 break;
             case "RequestFieldValueMissingError":
-                x = cmd.error((_r = resp.data) === null || _r === void 0 ? void 0 : _r.createRequest.message);
+                cmd.log((_r = resp.data) === null || _r === void 0 ? void 0 : _r.createRequest.message);
                 break;
             case "LinkedGroupNotRequestableError":
-                x = cmd.error((_s = resp.data) === null || _s === void 0 ? void 0 : _s.createRequest.message);
+                cmd.log((_s = resp.data) === null || _s === void 0 ? void 0 : _s.createRequest.message);
                 break;
             case "RequestReasonBelowMinLengthError":
-                x = cmd.error((_t = resp.data) === null || _t === void 0 ? void 0 : _t.createRequest.message);
+                cmd.log((_t = resp.data) === null || _t === void 0 ? void 0 : _t.createRequest.message);
                 break;
         }
     }
@@ -488,6 +486,44 @@ async function createRequest(cmd, client, requestedResources, requestedGroups, r
         }
     }
 }
+const CATALOG_ITEM = (0, graphql_1.graphql)(`
+  query GetCatalogItem($uuid: UUID!) {
+    catalogItem(id: $uuid) {
+      __typename
+      ... on Connection {
+        id
+        displayName
+      }
+      ... on Resource {
+        id
+        displayName
+        connection {
+          id
+          displayName
+        }
+        accessLevels{
+          accessLevelName
+          accessLevelRemoteId
+        }
+      }
+      ...on Group {
+        id
+        name
+        connection {
+          id
+          displayName
+        }
+        accessLevels{
+          accessLevelName
+          accessLevelRemoteId
+        }
+      }
+      ... on UserFacingError {
+        message
+      }
+    }
+  }
+  `);
 // Helper functions
 async function selectRequestableItems(cmd, client, requestMap) {
     const initialChoices = (await queryRequestableApps(cmd, client, "")) || [];
@@ -665,10 +701,16 @@ async function promptForReason(metadata) {
 async function promptForExpiration(metadata) {
     var _a, _b;
     const durations = ((_b = (_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.durationOptions) === null || _b === void 0 ? void 0 : _b.map((option) => {
-        const label = option.durationInMinutes ===
-            metadata.requestDefaults.recommendedDurationInMinutes
-            ? `${option.label} (Recommended)`
-            : option.label;
+        var _a;
+        let label = option.label;
+        if (option.durationInMinutes ===
+            ((_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.maxDurationInMinutes)) {
+            label = `${label} (MAX)`;
+        }
+        if (option.durationInMinutes ===
+            metadata.requestDefaults.recommendedDurationInMinutes) {
+            label = `${label} (RECOMMENDED)`;
+        }
         return {
             message: label,
             value: {
@@ -690,7 +732,7 @@ async function promptForExpiration(metadata) {
     let selected = await expirationSelect.run();
     switch (selected.label) {
         case "Custom": {
-            selected = await setCustomDuration();
+            selected = await setCustomDuration(metadata);
             break;
         }
         case "Permanent": {
@@ -701,7 +743,36 @@ async function promptForExpiration(metadata) {
     metadata.durationInMinutes = selected.durationInMinutes;
     metadata.durationLabel = selected.label;
 }
-async function setCustomDuration() {
+function getDurationNumbers(duration) {
+    const d = +duration.days || 0;
+    const h = +duration.hours || 0;
+    const m = +duration.minutes || 0;
+    return { d, h, m };
+}
+function getDurationInMinutes(duration) {
+    const { d, h, m } = getDurationNumbers(duration);
+    const minutesInDay = 1440; // 24 hours * 60 minutes
+    const minutesInHour = 60;
+    return d * minutesInDay + h * minutesInHour + m;
+}
+function getDHMFromMinutes(minutes) {
+    const label = [];
+    const d = Math.floor(minutes / 1440);
+    if (d > 0) {
+        label.push(`${d}d`);
+    }
+    const remainingMinutes = minutes % 1440;
+    const h = Math.floor(remainingMinutes / 60);
+    if (h > 0) {
+        label.push(`${h}h`);
+    }
+    const m = remainingMinutes % 60;
+    if (m > 0) {
+        label.push(`${m}m`);
+    }
+    return label.join(" ");
+}
+async function setCustomDuration(metadata) {
     const durationForm = new Form({
         name: "user",
         message: "Please set a custom access duration:",
@@ -711,31 +782,27 @@ async function setCustomDuration() {
             { name: "minutes", message: "Minutes", initial: "0" },
         ],
         validate: (answer) => {
-            const days = Number.parseInt(answer.days);
-            const hours = Number.parseInt(answer.hours);
-            const minutes = Number.parseInt(answer.minutes);
-            if (days < 0 ||
-                hours < 0 ||
-                minutes < 0 ||
-                (days === 0 && hours === 0 && minutes === 0)) {
+            var _a, _b, _c;
+            const { d, h, m } = getDurationNumbers(answer);
+            const durationInMinutes = getDurationInMinutes(answer);
+            if (d < 0 || h < 0 || m < 0 || d + h + m === 0 || (h > 23 && m > 59)) {
                 return "Please enter a valid duration.";
             }
+            if (((_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.maxDurationInMinutes) &&
+                durationInMinutes > ((_b = metadata.requestDefaults) === null || _b === void 0 ? void 0 : _b.maxDurationInMinutes)) {
+                const maxDHM = getDHMFromMinutes((_c = metadata.requestDefaults) === null || _c === void 0 ? void 0 : _c.maxDurationInMinutes);
+                return `The max duration for the selected assets is ${maxDHM}.`;
+            }
             return true;
         },
+        return: (answer) => {
+            return getDurationInMinutes(answer);
+        },
     });
-    const duration = await durationForm.run();
-    // Convert to minutes, define the new custom label
-    const durationInMinutes = duration.days * 1440 + duration.hours * 60 + duration.minutes;
-    let durationLabel = "";
-    if (duration.days > 0) {
-        durationLabel += `${duration.days}d `;
-    }
-    if (duration.hours > 0) {
-        durationLabel += `${duration.hours}h `;
-    }
-    if (duration.minutes > 0) {
-        durationLabel += `${duration.minutes}m`;
-    }
+    const durationResult = await durationForm.run();
+    const { d, h, m } = getDurationNumbers(durationResult);
+    const durationInMinutes = getDurationInMinutes(durationResult);
+    const durationLabel = getDHMFromMinutes(durationInMinutes);
     return {
         durationInMinutes: durationInMinutes,
         label: durationLabel,
@@ -815,3 +882,75 @@ async function submitFinalRequest(cmd, client, metadata) {
         }
     }
 }
+async function bypassRequestSelection(cmd, client, flagIds, metadata) {
+    var _a, _b;
+    try {
+        for (const id of flagIds) {
+            const resp = await client.query({
+                query: CATALOG_ITEM,
+                variables: {
+                    uuid: id || "",
+                },
+                fetchPolicy: "network-only", // to avoid caching
+            });
+            switch (resp.data.catalogItem.__typename) {
+                case "Resource": {
+                    const resourceName = resp.data.catalogItem.displayName;
+                    const roles = (resp.data.catalogItem.accessLevels || [])
+                        // TODO: Support okta azure apps ?.filter((role) => role.accessLevelName !== "") // This assumes length == 1
+                        .map((role) => ({
+                        id: role.accessLevelRemoteId,
+                        name: role.accessLevelName,
+                    }));
+                    if (roles.length > 0 &&
+                        !(roles.length === 1 && roles[0].name === "")) {
+                        cmd.log(`Roles not implemented yet for resource ${resourceName}. Skipping roles selection.`); //TODO: Implement roles support
+                        continue;
+                    }
+                    const appId = ((_a = resp.data.catalogItem.connection) === null || _a === void 0 ? void 0 : _a.id) || "";
+                    if (!(appId in metadata.requestMap)) {
+                        metadata.requestMap[appId] = {
+                            appName: ((_b = resp.data.catalogItem.connection) === null || _b === void 0 ? void 0 : _b.displayName) || "Unknown App",
+                            assets: {},
+                        };
+                    }
+                    const assetEntry = metadata.requestMap[appId].assets[id];
+                    if (!assetEntry) {
+                        metadata.requestMap[appId].assets[id] = {
+                            assetName: resourceName,
+                            type: "Resource",
+                            roles: {},
+                        };
+                    }
+                    if (roles) {
+                        if (!metadata.requestMap[appId].assets[id].roles) {
+                            metadata.requestMap[appId].assets[id].roles = {};
+                        }
+                        for (const role of roles) {
+                            metadata.requestMap[appId].assets[id].roles[role.id] = {
+                                roleName: role.name,
+                            };
+                        }
+                    }
+                    break;
+                }
+                case "Group": {
+                    //TODO
+                    break;
+                }
+                case "Connection": {
+                    //TODO
+                    break;
+                }
+                default:
+                    cmd.error("Unknown error occurred.");
+            }
+        }
+    }
+    catch (error) {
+        if (error instanceof Error || typeof error === "string") {
+            cmd.error(error);
+        }
+    }
+    return;
+}

package/lib/utils/displays.d.ts

@@ -3,8 +3,8 @@ import type { Command } from "@oclif/core/lib/command";
 import type { GetRequestQuery, GetRequestsQuery } from "../graphql/graphql";
 import type { RequestMap, RequestMetadata } from "../lib/requests";
 export declare function headerMessage(cmd: Command): void;
-export declare function treeifyRequestMap(requestMap: RequestMap): string;
+export declare function treeifyRequestMap(cmd: Command, requestMap: RequestMap): void;
 export declare function displayFinalRequestSummary(cmd: Command, metadata: RequestMetadata): void;
 export declare function getStyledStatus(status: string): string;
 export declare function displayRequestDetails(cmd: Command, requestResp: ApolloQueryResult<GetRequestQuery>): void;
-export declare function displayRequestList(cmd: Command, requestResp: ApolloQueryResult<GetRequestsQuery>): void;
+export declare function displayRequestListTable(cmd: Command, requestResp: ApolloQueryResult<GetRequestsQuery>): void;

package/lib/utils/displays.js

@@ -5,48 +5,64 @@ exports.treeifyRequestMap = treeifyRequestMap;
 exports.displayFinalRequestSummary = displayFinalRequestSummary;
 exports.getStyledStatus = getStyledStatus;
 exports.displayRequestDetails = displayRequestDetails;
-exports.displayRequestList = displayRequestList;
+exports.displayRequestListTable = displayRequestListTable;
 const chalk_1 = require("chalk");
-const treeify = require("object-treeify");
 const Table = require("cli-table3");
+const treeify = require("object-treeify").default;
 function headerMessage(cmd) {
     console.clear();
     cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
     cmd.log("Opal Access Request ✏️");
     cmd.log("Press Ctrl+C to cancel at any time.\n");
 }
-function treeifyRequestMap(requestMap) {
-    const requestTree = {};
-    // Create a tree structure from the requestMap
-    // Iterate over apps
+function treeifyRequestMap(cmd, requestMap) {
+    // Configuration options for treeify
+    const options = {
+        joined: true,
+        spacerNoNeighbour: "    ",
+        spacerNeighbour: "│   ",
+        keyNoNeighbour: "└── ",
+        keyNeighbour: "├── ",
+        separator: "",
+    };
     for (const [_appId, appNode] of Object.entries(requestMap)) {
-        const appKey = `🔧${appNode.appName}`;
-        requestTree[appKey] = {}; // Initialize the app key
-        // Iterate over assets
+        const assetsTree = {};
         for (const [_assetId, assetNode] of Object.entries(appNode.assets)) {
-            const assetKey = `📦${assetNode.assetName}`;
+            const assetKey = `${assetNode.assetName} ${chalk_1.default.dim(`[${assetNode.type}]`)}`;
             if (assetNode.roles !== undefined) {
-                // If no roles were previously selected
-                requestTree[appKey][assetKey] = {}; // Initialize the asset key
-                // Iterate over roles
+                assetsTree[assetKey] = {};
                 for (const [_roleId, roleNode] of Object.entries(assetNode.roles)) {
-                    requestTree[appKey][assetKey][roleNode.roleName] = null; // Initialize the role key
+                    const roleKey = `${roleNode.roleName} ${chalk_1.default.dim("[Role]")}`;
+                    assetsTree[assetKey][roleKey] = null;
                 }
             }
             else {
-                requestTree[appKey][assetKey] = null;
+                assetsTree[assetKey] = null;
             }
         }
+        // Render tree for this app's assets
+        const assetsTreeString = treeify(assetsTree, options);
+        // Print App title first (without tree lines)
+        cmd.log(`${chalk_1.default.bold(appNode.appName)} ${chalk_1.default.dim("[App]")}`);
+        // Print its assets/roles indented underneath
+        cmd.log(assetsTreeString);
     }
-    return String(treeify(requestTree));
+    cmd.log();
 }
 function displayFinalRequestSummary(cmd, metadata) {
-    headerMessage(cmd);
-    cmd.log("Final Summary of Request\n");
-    const requestedAssets = treeifyRequestMap(metadata.requestMap);
-    const table = new Table();
-    table.push(["Requested Assets", requestedAssets], ["Reason", metadata.reason], ["Expiration", metadata.durationLabel]);
-    cmd.log(table.toString());
+    console.clear();
+    cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+    cmd.log("Final Summary of Request ✏️");
+    cmd.log("Press Ctrl+C to cancel at any time.\n");
+    cmd.log();
+    treeifyRequestMap(cmd, metadata.requestMap);
+    const durationInMinutes = metadata.durationInMinutes;
+    cmd.log(`Duration: ${durationInMinutes ? formatDuration(durationInMinutes) : "Permanent"}`);
+    const reason = metadata.reason;
+    if (reason) {
+        cmd.log(`Reason: "${chalk_1.default.italic(reason)}"`);
+    }
+    cmd.log();
 }
 function getStyledStatus(status) {
     switch (status) {
@@ -83,9 +99,7 @@ function displayRequestDetails(cmd, requestResp) {
                 cmd.log(`${chalk_1.default.bold("Requested by:")} ${requester} ${chalk_1.default.gray("->")} ${chalk_1.default.bold("Requested for:")} ${targetUser}`);
             }
             const durationInMinutes = requestResp.data.request.request.durationInMinutes;
-            if (durationInMinutes) {
-                cmd.log(`${chalk_1.default.bold("Duration:")} ${formatDuration(durationInMinutes)}`);
-            }
+            cmd.log(`${chalk_1.default.bold("Duration:")} ${durationInMinutes ? formatDuration(durationInMinutes) : "Permanent"}`);
             const reason = requestResp.data.request.request.reason;
             if (reason) {
                 cmd.log(`${chalk_1.default.bold("Reason:")} "${chalk_1.default.italic(reason)}"`);
@@ -110,7 +124,7 @@ function displayRequestDetails(cmd, requestResp) {
         }
     }
 }
-function displayRequestList(cmd, requestResp) {
+function displayRequestListTable(cmd, requestResp) {
     var _a, _b, _c, _d, _e;
     switch (requestResp.data.requests.__typename) {
         case "RequestsResult": {
@@ -133,10 +147,9 @@ function displayRequestList(cmd, requestResp) {
                     const targetUser = (_a = request.targetUser) === null || _a === void 0 ? void 0 : _a.displayName;
                     const reason = request.reason;
                     const status = request.status;
-                    let formattedDuration = "";
-                    if (request.durationInMinutes) {
-                        formattedDuration = formatDuration(request.durationInMinutes);
-                    }
+                    const formattedDuration = request.durationInMinutes
+                        ? formatDuration(request.durationInMinutes)
+                        : "Permanent";
                     const requestedResources = (_c = (_b = request.requestedResources) === null || _b === void 0 ? void 0 : _b.map((resource) => {
                         var _a, _b, _c;
                         if (((_a = resource.resource) === null || _a === void 0 ? void 0 : _a.__typename) === "Resource") {

package/oclif.manifest.json

@@ -365,7 +365,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -407,7 +407,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -471,7 +471,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -537,7 +537,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -598,7 +598,23 @@
       "aliases": [],
       "args": {},
       "description": "Creates an Opal access request via an interactive form",
-      "flags": {},
+      "flags": {
+        "help": {
+          "char": "h",
+          "description": "Show CLI help.",
+          "name": "help",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "id": {
+          "char": "i",
+          "description": "The id of the asset (resource, group) to request access to. Append a role ID using a colon if needed, e.g. `--id 123:456`.",
+          "name": "id",
+          "hasDynamicHelp": false,
+          "multiple": true,
+          "type": "option"
+        }
+      },
       "hasDynamicHelp": false,
       "hidden": true,
       "hiddenAliases": [],
@@ -634,7 +650,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -741,7 +757,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -808,7 +824,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -883,7 +899,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -932,7 +948,7 @@
         },
         "id": {
           "char": "i",
-          "description": "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
+          "description": "The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
           "name": "id",
           "hasDynamicHelp": false,
           "multiple": false,
@@ -971,5 +987,5 @@
       ]
     }
   },
-  "version": "3.1.1-beta.55edef9"
+  "version": "3.1.1-beta.5641f4d"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "3.1.1-beta.55edef9",
+  "version": "3.1.1-beta.5641f4d",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"
@@ -24,6 +24,7 @@
     "lodash": "^4.17.21",
     "moment": "^2.30.1",
     "node-fetch": "^2.6.7",
+    "object-treeify": "^5.0.1",
     "open": "^8.0.4",
     "openid-client": "^5.6.5",
     "prettyjson": "^1.2.1",