opal-security 3.1.1-beta.68e6f48 → 3.1.1-beta.6b4868b

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.1.1-beta.68e6f48 linux-x64 node-v20.19.2
+opal-security/3.1.1-beta.6b4868b linux-x64 node-v20.19.2
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -101,7 +101,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -121,7 +121,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -138,7 +138,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -159,7 +159,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -209,7 +209,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -240,7 +240,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -261,7 +261,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -281,7 +281,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -318,7 +318,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/postgres-instances/start.ts)_
 
 ## `opal resources get`
 
@@ -339,7 +339,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -365,7 +365,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -386,7 +386,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -406,7 +406,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -430,7 +430,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -461,7 +461,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -492,7 +492,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -519,7 +519,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.68e6f48/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.6b4868b/src/commands/ssh/start.ts)_
 
 ## `opal version`
 

package/lib/commands/request/create.d.ts

@@ -6,6 +6,7 @@ export default class RequestCreate extends Command {
         help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
         id: import("@oclif/core/lib/interfaces").OptionFlag<string[] | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         reason: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        duration: import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
 }

package/lib/commands/request/create.js

@@ -15,7 +15,7 @@ class RequestCreate extends core_1.Command {
         const metadata = (0, requests_1.initEmptyRequestMetadata)();
         if (flags.id) {
             // if IDs are provided, bypass the interactive selection process
-            (0, requests_1.bypassRequestSelection)(this, client, flags.id, metadata);
+            await (0, requests_1.bypassRequestSelection)(this, client, flags.id, metadata);
         }
         else {
             (0, displays_1.headerMessage)(this);
@@ -40,10 +40,17 @@ class RequestCreate extends core_1.Command {
             await (0, requests_1.promptForReason)(metadata);
         }
         // Step 5: Prompt for expiration
-        await (0, requests_1.promptForExpiration)(metadata);
+        if (flags.duration) {
+            (0, requests_1.bypassDuration)(this, flags.duration, metadata);
+        }
+        else {
+            await (0, requests_1.promptForExpiration)(metadata);
+        }
         // Step 6: Display final summary of request
-        (0, displays_1.displayFinalRequestSummary)(this, metadata);
-        // Step 7: Prompt for final submition
+        if (!(flags.id && flags.reason && flags.duration)) {
+            await (0, requests_1.promptRequestSubmission)(this, metadata);
+        }
+        // Step 7: Prompt for final submission
         await (0, requests_1.submitFinalRequest)(this, client, metadata);
     }
 }
@@ -61,5 +68,9 @@ RequestCreate.flags = {
         char: "r",
         description: "The reason for the request, contained in quotes. If not provided, you will be prompted.",
     }),
+    duration: core_1.Flags.integer({
+        char: "d",
+        description: "The duration of access for the request in minutes. If not provided, you will be prompted.",
+    }),
 };
 exports.default = RequestCreate;

package/lib/lib/requests.d.ts

@@ -1,16 +1,17 @@
 import type { NormalizedCacheObject } from "@apollo/client/core";
 import type { ApolloClient } from "@apollo/client/core/ApolloClient";
 import type { Command } from "@oclif/core/lib/command";
+import { type AppType, type ConnectionType, EntityType } from "../graphql/graphql";
 type AppNode = {
     appId: string;
     appName: string;
-    appType?: string;
+    appType?: AppType | ConnectionType;
     assets: Record<string, AssetNode>;
 };
 type AssetNode = {
     assetId: string;
     assetName: string;
-    type: string;
+    type: EntityType;
     roles?: Record<string, RoleNode>;
 };
 type RoleNode = {
@@ -44,6 +45,8 @@ export declare function doneSelectingAssets(): Promise<boolean>;
 export declare function setRequestDefaults(cmd: Command, client: ApolloClient<NormalizedCacheObject>, metadata: RequestMetadata): Promise<void>;
 export declare function promptForReason(metadata: RequestMetadata): Promise<void>;
 export declare function promptForExpiration(metadata: RequestMetadata): Promise<void>;
+export declare function promptRequestSubmission(cmd: Command, metadata: RequestMetadata): Promise<void>;
 export declare function submitFinalRequest(cmd: Command, client: ApolloClient<NormalizedCacheObject>, metadata: RequestMetadata): Promise<void>;
 export declare function bypassRequestSelection(cmd: Command, client: ApolloClient<NormalizedCacheObject>, flagValue: string[], metadata: RequestMetadata): Promise<void>;
+export declare function bypassDuration(cmd: Command, duration: number, metadata: RequestMetadata): void;
 export {};

package/lib/lib/requests.js

@@ -6,8 +6,10 @@ exports.doneSelectingAssets = doneSelectingAssets;
 exports.setRequestDefaults = setRequestDefaults;
 exports.promptForReason = promptForReason;
 exports.promptForExpiration = promptForExpiration;
+exports.promptRequestSubmission = promptRequestSubmission;
 exports.submitFinalRequest = submitFinalRequest;
 exports.bypassRequestSelection = bypassRequestSelection;
+exports.bypassDuration = bypassDuration;
 const chalk_1 = require("chalk");
 const inquirer = require("inquirer");
 const graphql_1 = require("../graphql");
@@ -15,6 +17,16 @@ const graphql_2 = require("../graphql/graphql");
 const displays_1 = require("../utils/displays");
 const config_1 = require("./config");
 const { AutoComplete, Select, prompt, Form } = require("enquirer");
+function entityTypeFromString(str) {
+    if (str === "Resource") {
+        return graphql_2.EntityType.Resource;
+    }
+    if (str === "Group") {
+        return graphql_2.EntityType.Group;
+    }
+    // if type unknown, default to resource
+    return graphql_2.EntityType.Resource;
+}
 function initEmptyRequestMetadata() {
     // Initialize with empty defaults
     const requestDefaults = {
@@ -611,11 +623,14 @@ async function queryAssociatedItems(cmd, client, id, input) {
     }
 }
 // Helper functions
+const selectInstructions = chalk_1.default.dim("↑↓ Navigate · Enter Select · Type to filter");
+const multiSelectInstructions = chalk_1.default.dim("↑↓ Navigate · Space Select · Enter Confirm · Type to filter");
 async function selectRequestableItems(cmd, client, requestMap) {
     const initial = (await queryRequestableApps(cmd, client, "")) || [];
     const appPrompt = new AutoComplete({
         name: "App",
-        message: "Select an app:",
+        message: "Select an app",
+        hint: selectInstructions,
         limit: 15,
         choices: initial,
         async suggest(input) {
@@ -643,6 +658,7 @@ async function chooseOktaAzureRoles(cmd, client, app, requestMap) {
     const rolePrompt = new AutoComplete({
         name: "Roles",
         message: `Select a role for ${app.name}:`,
+        hint: multiSelectInstructions,
         limit: 15,
         multiple: true,
         async choices(input) {
@@ -665,7 +681,7 @@ async function chooseOktaAzureRoles(cmd, client, app, requestMap) {
             entry.assets[role.id] = {
                 assetId: role.id,
                 assetName: role.name,
-                type: role.type || graphql_2.EntityType.Resource,
+                type: entityTypeFromString(role.type),
                 roles: {},
             };
         }
@@ -717,6 +733,7 @@ async function chooseAssets(cmd, client, appId, requestMap) {
     const assetPrompt = new AutoComplete({
         name: "Assets",
         message: "Select one or more assets:",
+        hint: multiSelectInstructions,
         limit: 15,
         multiple: true,
         async choices(input) {
@@ -766,6 +783,7 @@ async function chooseRoles(cmd, client, appId, assetId, requestMap) {
     const rolePrompt = new AutoComplete({
         name: "Roles",
         message: `Select one or more roles for ${assetEntry.assetName}:`,
+        hint: multiSelectInstructions,
         limit: 15,
         multiple: true,
         choices: assetRoles,
@@ -856,7 +874,7 @@ async function promptForReason(metadata) {
     const { reason } = await prompt([
         {
             name: "reason",
-            message: "I need access to this because...",
+            message: "Why do you need access?",
             type: "input",
             validate: (answer) => {
                 if (!metadata.requestDefaults.reasonOptional && answer.length < 1) {
@@ -978,8 +996,8 @@ async function setCustomDuration(metadata) {
         label: durationLabel,
     };
 }
-async function submitFinalRequest(cmd, client, metadata) {
-    var _a, _b, _c, _d;
+async function promptRequestSubmission(cmd, metadata) {
+    (0, displays_1.displayFinalRequestSummary)(cmd, metadata);
     const submitMessage = "✅ Yes, submit request";
     const cancelMessage = "❌ No, cancel request";
     const { submit } = await inquirer.prompt([
@@ -992,58 +1010,6 @@ async function submitFinalRequest(cmd, client, metadata) {
     ]);
     switch (submit) {
         case submitMessage: {
-            // Build requested assets lists for the mutation
-            const requestedResources = [];
-            const requestedGroups = [];
-            for (const appNode of Object.values(metadata.requestMap)) {
-                // This extraction is different than the one in setRequestDefaults.
-                // Both extract the requestedResources and requestedGroups,
-                // use different formats.
-                for (const [assetId, assetNode] of Object.entries(appNode.assets)) {
-                    if (assetNode.roles !== undefined) {
-                        const mappedRoles = Object.entries(assetNode.roles).map(([roleId, _roleNode]) => {
-                            return roleId;
-                        });
-                        const roleIds = mappedRoles.length ? mappedRoles : [""];
-                        for (const roleId of roleIds) {
-                            switch (assetNode.type) {
-                                case graphql_2.EntityType.Resource: {
-                                    requestedResources.push({
-                                        resourceId: assetId,
-                                        accessLevel: {
-                                            accessLevelName: ((_b = (_a = assetNode.roles) === null || _a === void 0 ? void 0 : _a[roleId]) === null || _b === void 0 ? void 0 : _b.roleName) || "",
-                                            accessLevelRemoteId: roleId,
-                                        },
-                                    });
-                                    break;
-                                }
-                                case graphql_2.EntityType.Group: {
-                                    requestedGroups.push({
-                                        groupId: assetId,
-                                        accessLevel: {
-                                            accessLevelName: ((_d = (_c = assetNode.roles) === null || _c === void 0 ? void 0 : _c[roleId]) === null || _d === void 0 ? void 0 : _d.roleName) || "",
-                                            accessLevelRemoteId: roleId,
-                                        },
-                                    });
-                                    break;
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-            const resp = await createRequest(cmd, client, requestedResources, requestedGroups, metadata.reason, metadata.durationInMinutes);
-            // Build link to request
-            const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
-            if (resp === null || resp === void 0 ? void 0 : resp.id) {
-                cmd.log("\n🎉 Your Access Request has been submitted!\n");
-                cmd.log(`${chalk_1.default.bold("ID: ")} ${chalk_1.default.cyan(resp === null || resp === void 0 ? void 0 : resp.id)}`);
-                if (resp === null || resp === void 0 ? void 0 : resp.status) {
-                    cmd.log((0, displays_1.getStyledStatus)(resp === null || resp === void 0 ? void 0 : resp.status));
-                }
-                const requestLink = `${configData[config_1.urlKey]}/requests/sent/${resp === null || resp === void 0 ? void 0 : resp.id}`;
-                cmd.log(`${chalk_1.default.bold("Link:")} ${chalk_1.default.underline(requestLink)}\n`);
-            }
             return;
         }
         case cancelMessage: {
@@ -1055,9 +1021,66 @@ async function submitFinalRequest(cmd, client, metadata) {
         }
     }
 }
+async function submitFinalRequest(cmd, client, metadata) {
+    var _a, _b, _c, _d;
+    // Build requested assets lists for the mutation
+    const requestedResources = [];
+    const requestedGroups = [];
+    for (const appNode of Object.values(metadata.requestMap)) {
+        // This extraction is different than the one in setRequestDefaults.
+        // Both extract the requestedResources and requestedGroups,
+        // use different formats.
+        for (const [assetId, assetNode] of Object.entries(appNode.assets)) {
+            if (assetNode.roles) {
+                const mappedRoles = Object.entries(assetNode.roles).map(([roleId, _roleNode]) => {
+                    return roleId;
+                });
+                const roleIds = mappedRoles.length > 0 ? mappedRoles : [""];
+                for (const roleId of roleIds) {
+                    switch (assetNode.type) {
+                        case graphql_2.EntityType.Resource: {
+                            requestedResources.push({
+                                resourceId: assetId,
+                                accessLevel: {
+                                    accessLevelName: ((_b = (_a = assetNode.roles) === null || _a === void 0 ? void 0 : _a[roleId]) === null || _b === void 0 ? void 0 : _b.roleName) || "",
+                                    accessLevelRemoteId: roleId,
+                                },
+                            });
+                            break;
+                        }
+                        case graphql_2.EntityType.Group: {
+                            requestedGroups.push({
+                                groupId: assetId,
+                                accessLevel: {
+                                    accessLevelName: ((_d = (_c = assetNode.roles) === null || _c === void 0 ? void 0 : _c[roleId]) === null || _d === void 0 ? void 0 : _d.roleName) || "",
+                                    accessLevelRemoteId: roleId,
+                                },
+                            });
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    const resp = await createRequest(cmd, client, requestedResources, requestedGroups, metadata.reason, metadata.durationInMinutes);
+    // Build link to request
+    const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
+    if (resp === null || resp === void 0 ? void 0 : resp.id) {
+        cmd.log("\n🎉 Your Access Request has been submitted!\n");
+        cmd.log(`${chalk_1.default.bold("ID: ")} ${chalk_1.default.cyan(resp === null || resp === void 0 ? void 0 : resp.id)}`);
+        if (resp === null || resp === void 0 ? void 0 : resp.status) {
+            cmd.log((0, displays_1.getStyledStatus)(resp === null || resp === void 0 ? void 0 : resp.status));
+        }
+        const requestLink = `${configData[config_1.urlKey]}/requests/sent/${resp === null || resp === void 0 ? void 0 : resp.id}`;
+        cmd.log(`${chalk_1.default.bold("Link:")} ${chalk_1.default.underline(requestLink)}\n`);
+    }
+    return;
+}
 async function bypassRequestSelection(cmd, client, flagValue, metadata) {
-    var _a, _b;
+    var _a, _b, _c, _d;
     try {
+        // Query Catalog Item endpoint to identify what the id belongs to (resource or group)
         for (const id of flagValue) {
             const resp = await client.query({
                 query: CATALOG_ITEM,
@@ -1093,11 +1116,11 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
                         metadata.requestMap[appId].assets[id] = {
                             assetId: id,
                             assetName: resourceName,
-                            type: "Resource",
+                            type: graphql_2.EntityType.Resource,
                             roles: {},
                         };
                     }
-                    if (roles) {
+                    if (roles && !(roles.length === 1 && roles[0].name === "")) {
                         if (!metadata.requestMap[appId].assets[id].roles) {
                             metadata.requestMap[appId].assets[id].roles = {};
                         }
@@ -1111,7 +1134,44 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
                     break;
                 }
                 case "Group": {
-                    //TODO
+                    const groupName = resp.data.catalogItem.name;
+                    const roles = (resp.data.catalogItem.accessLevels || []).map((role) => ({
+                        id: role.accessLevelRemoteId,
+                        name: role.accessLevelName,
+                    }));
+                    if (roles.length > 0 &&
+                        !(roles.length === 1 && roles[0].name === "")) {
+                        cmd.log(`Roles not implemented yet for group ${groupName}. Skipping roles selection.`); //TODO: Implement group roles support
+                        continue;
+                    }
+                    const appId = ((_c = resp.data.catalogItem.connection) === null || _c === void 0 ? void 0 : _c.id) || "";
+                    if (!(appId in metadata.requestMap)) {
+                        metadata.requestMap[appId] = {
+                            appName: ((_d = resp.data.catalogItem.connection) === null || _d === void 0 ? void 0 : _d.displayName) || "",
+                            appId: appId,
+                            assets: {},
+                        };
+                    }
+                    const assetEntry = metadata.requestMap[appId].assets[id];
+                    if (!assetEntry) {
+                        metadata.requestMap[appId].assets[id] = {
+                            assetId: id,
+                            assetName: groupName,
+                            type: graphql_2.EntityType.Group,
+                            roles: {},
+                        };
+                    }
+                    if (roles) {
+                        if (!metadata.requestMap[appId].assets[id].roles) {
+                            metadata.requestMap[appId].assets[id].roles = {};
+                        }
+                        for (const role of roles) {
+                            metadata.requestMap[appId].assets[id].roles[role.id] = {
+                                roleId: role.id,
+                                roleName: role.name,
+                            };
+                        }
+                    }
                     break;
                 }
                 case "Connection": {
@@ -1130,3 +1190,10 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
     }
     return;
 }
+function bypassDuration(cmd, duration, metadata) {
+    const maxDuration = metadata.requestDefaults.maxDurationInMinutes;
+    if (maxDuration && duration > maxDuration) {
+        cmd.error(`The requested duration exceeds the allowed limit of ${maxDuration}`);
+    }
+    metadata.durationInMinutes = duration;
+}

package/lib/utils/displays.js

@@ -35,8 +35,10 @@ function treeifyRequestMap(cmd, requestMap) {
                 assetsTree[assetKey] = {};
                 for (const [_roleId, roleNode] of Object.entries(assetNode.roles)) {
                     const roleName = roleNode.roleName;
-                    const roleKey = `${roleName} ${chalk_1.default.dim("[Role]")}`;
-                    assetsTree[assetKey][roleKey] = null;
+                    if (roleName !== "") {
+                        const roleKey = `${roleName} ${chalk_1.default.dim("[Role]")}`;
+                        assetsTree[assetKey][roleKey] = null;
+                    }
                 }
             }
             else {

package/oclif.manifest.json

@@ -621,6 +621,14 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "duration": {
+          "char": "d",
+          "description": "The duration of access for the request in minutes. If not provided, you will be prompted.",
+          "name": "duration",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
         }
       },
       "hasDynamicHelp": false,
@@ -995,5 +1003,5 @@
       ]
     }
   },
-  "version": "3.1.1-beta.68e6f48"
+  "version": "3.1.1-beta.6b4868b"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "3.1.1-beta.68e6f48",
+  "version": "3.1.1-beta.6b4868b",
   "author": "Stephen Cobbe",
   "bin": {
     "opal": "./bin/run"