opal-security 3.1.1-beta.778ef29 → 3.1.1-beta.7e1cc21

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.1.1-beta.778ef29 linux-x64 node-v20.19.1
+opal-security/3.1.1-beta.7e1cc21 linux-x64 node-v20.19.2
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -44,6 +44,9 @@ USAGE
 * [`opal login`](#opal-login)
 * [`opal logout`](#opal-logout)
 * [`opal postgres-instances start`](#opal-postgres-instances-start)
+* [`opal request create`](#opal-request-create)
+* [`opal request get`](#opal-request-get)
+* [`opal request list`](#opal-request-list)
 * [`opal resources get`](#opal-resources-get)
 * [`opal set-auth-provider`](#opal-set-auth-provider)
 * [`opal set-custom-header`](#opal-set-custom-header)
@@ -53,6 +56,7 @@ USAGE
 * [`opal ssh copyTo`](#opal-ssh-copyto)
 * [`opal ssh start`](#opal-ssh-start)
 * [`opal version`](#opal-version)
+* [`opal whoami`](#opal-whoami)
 
 ## `opal autocomplete [SHELL]`
 
@@ -101,7 +105,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -121,7 +125,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -138,7 +142,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -150,7 +154,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get group info for a particular group.
@@ -159,7 +163,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -191,7 +195,7 @@ USAGE
 
 FLAGS
   -h, --help                 Show CLI help.
-  -i, --id=<value>           The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>           The Opal ID of the asset. You can find this from the URL, e.g.
                              https://opal.dev/resources/[ID]
   -r, --refresh              Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>    The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -209,7 +213,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -222,7 +226,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -240,7 +244,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -261,7 +265,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -281,7 +285,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -294,7 +298,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -318,7 +322,82 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/postgres-instances/start.ts)_
+
+## `opal request create`
+
+Creates an Opal access request via an interactive form
+
+```
+USAGE
+  $ opal request create [-h] [-a <value>...] [-r <value>] [-d <value>]
+
+FLAGS
+  -a, --assets=<value>...  The ids of the assets (resource, group) to request access to. Append a role ID using a colon
+                           if needed, e.g. `--assets 123:456`.
+                           If not provided, an interactive selection flow will be available to select assets to request.
+  -d, --duration=<value>   The duration of access for the request in minutes. If not provided, you will be prompted.
+  -h, --help               Show CLI help.
+  -r, --reason=<value>     The reason for the request, contained in quotes. If not provided, you will be prompted.
+
+DESCRIPTION
+  Creates an Opal access request via an interactive form
+```
+
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/request/create.ts)_
+
+## `opal request get`
+
+Lists access requests
+
+```
+USAGE
+  $ opal request get [-h] [-i <value>] [-v]
+
+FLAGS
+  -h, --help        Show CLI help.
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -v, --verbose     Enable verbose output, prints full response in JSON format. Defaults to false.
+
+DESCRIPTION
+  Lists access requests
+
+EXAMPLES
+  $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
+
+  $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
+```
+
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/request/get.ts)_
+
+## `opal request list`
+
+Lists your n recent outgoing access requests
+
+```
+USAGE
+  $ opal request list [-h] [-n <value>] [-p] [-v]
+
+FLAGS
+  -h, --help       Show CLI help.
+  -n, --n=<value>  [default: 10] Defines number of requests to be returned. 1 <= n <= 100.
+  -p, --pending    Show only pending requests. Defaults to false.
+  -v, --verbose    Enable verbose output, prints full response in JSON format. Defaults to false.
+
+DESCRIPTION
+  Lists your n recent outgoing access requests
+
+EXAMPLES
+  $ opal request list --n 5
+
+  $ opal request list --n 5 --pending
+
+  $ opal request list --n 5 --verbose
+
+  $ opal request list --n 5 --pending --verbose
+```
+
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/request/list.ts)_
 
 ## `opal resources get`
 
@@ -330,7 +409,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get resource info for a particular resource.
@@ -339,7 +418,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -365,7 +444,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -386,7 +465,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -406,7 +485,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -430,7 +509,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -442,7 +521,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -461,7 +540,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -473,7 +552,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -492,7 +571,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -504,7 +583,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -r, --refresh            Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -519,7 +598,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.778ef29/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -540,4 +619,21 @@ FLAG DESCRIPTIONS
 ```
 
 _See code: [@oclif/plugin-version](https://github.com/oclif/plugin-version/blob/v2.2.27/src/commands/version.ts)_
+
+## `opal whoami`
+
+Describes current url set, organization name, and logged in user if applicabled.
+
+```
+USAGE
+  $ opal whoami [-h]
+
+FLAGS
+  -h, --help  Show CLI help.
+
+DESCRIPTION
+  Describes current url set, organization name, and logged in user if applicabled.
+```
+
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.7e1cc21/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/lib/commands/login.js

@@ -88,12 +88,14 @@ class Login extends core_1.Command {
             const configData = (0, config_1.getOrCreateConfigData)(configDir);
             let email = flags.email;
             let organizationId;
+            let organizationName;
             let clientIDCandidate;
             const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
             // Only use the previous email + organizationID if email isn't explicitly specified.
             if (!email) {
                 email = existingCreds.email;
                 organizationId = existingCreds.organizationID;
+                organizationName = existingCreds.organizationName;
                 clientIDCandidate = existingCreds.clientIDCandidate;
             }
             await (0, credentials_1.removeOpalCredentials)(this);
@@ -149,6 +151,7 @@ class Login extends core_1.Command {
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
                         organizationId = signInOrganizations[0].organizationId;
+                        organizationName = signInOrganizations[0].organizationName;
                         clientIDCandidate = signInOrganizations[0].cliClientId;
                     }
                     else {
@@ -164,6 +167,7 @@ class Login extends core_1.Command {
                             },
                         ]);
                         organizationId = responses.signInOrganization.organizationId;
+                        organizationName = responses.signInOrganization.organizationName;
                         clientIDCandidate = responses.signInOrganization.cliClientId;
                     }
                 }
@@ -238,10 +242,10 @@ class Login extends core_1.Command {
             if (tokenExchangeError) {
                 this.log("WARN: Failed to exchange access token for session in Opal. Falling back to using access token for authenticating requests\n");
                 // TODO: consider adding a warn line recommending upgrading Opal to version XYZ, once accompanying PR is pushed to prod
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken, organizationName);
             }
             else {
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie, organizationName);
             }
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQueryDeprecated)({

package/lib/commands/request/create.d.ts

@@ -1,6 +1,11 @@
 import { Command } from "@oclif/core";
 export default class RequestCreate extends Command {
-    static hidden: boolean;
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        assets: import("@oclif/core/lib/interfaces").OptionFlag<string[] | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        reason: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        duration: import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
     run(): Promise<void>;
 }

package/lib/commands/request/create.js

@@ -2,36 +2,80 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const requests_1 = require("../../lib/requests");
 const displays_1 = require("../../utils/displays");
-const utils_1 = require("../../utils/utils");
 class RequestCreate extends core_1.Command {
     async run() {
+        (0, cmd_1.setMostRecentCommand)(this);
         await (0, apollo_1.initClient)(this, true);
         const client = await (0, apollo_1.getClient)(this, true);
-        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
-        const requestMap = new Map();
-        (0, displays_1.headerMessage)(this);
-        let shouldProceed = false;
-        while (!shouldProceed) {
-            // Step 1: Select first round of assets from an app
-            await (0, requests_1.selectRequestableItems)(this, client, requestMap);
-            // Step 2: Display the selected items in a tree format
+        const { flags } = await this.parse(RequestCreate);
+        const metadata = (0, requests_1.initEmptyRequestMetadata)();
+        if (flags.assets) {
+            // if IDs are provided, bypass the interactive selection process
+            await (0, requests_1.bypassRequestSelection)(this, client, flags.assets, metadata);
+        }
+        else {
             (0, displays_1.headerMessage)(this);
-            this.log((0, displays_1.treeifyRequestMap)(requestMap), "\n");
-            // Step 3: Prompt to add more items, repeat 1-3 if needed
-            shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            let shouldProceed = false;
+            while (!shouldProceed) {
+                // Step 1: Select first round of assets from an app
+                await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
+                // Step 2: Display the selected items in a tree format
+                (0, displays_1.headerMessage)(this);
+                (0, displays_1.treeifyRequestMap)(this, metadata.requestMap);
+                // Step 3: Prompt to add more items, repeat 1-3 if needed
+                shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            }
         }
+        // Step 4: Set Request Defaults
+        await (0, requests_1.setRequestDefaults)(this, client, metadata);
         // Step 4: Prompt for request reason
-        const { reason } = await (0, requests_1.promptForReason)();
+        if (flags.reason) {
+            metadata.reason = flags.reason;
+        }
+        else if (!(metadata.requestDefaults.reasonOptional &&
+            flags.assets &&
+            flags.duration)) {
+            await (0, requests_1.promptForReason)(metadata);
+        }
         // Step 5: Prompt for expiration
-        const { expiration } = await (0, requests_1.promptForExpiration)();
+        if (flags.duration) {
+            (0, requests_1.bypassDuration)(this, flags.duration, metadata);
+        }
+        else {
+            await (0, requests_1.promptForExpiration)(metadata);
+        }
         // Step 6: Display final summary of request
-        (0, displays_1.displayFinalRequestSummary)(this, requestMap, reason, expiration);
-        // Step 7: Prompt for final submition
-        await (0, requests_1.submitFinalRequest)(this);
+        let canSubmit = true;
+        if (!(flags.assets &&
+            flags.duration &&
+            (metadata.requestDefaults.reasonOptional || flags.reason))) {
+            canSubmit = await (0, requests_1.promptRequestSubmission)(this, metadata);
+        }
+        // Step 7: Prompt for final submission
+        if (canSubmit)
+            await (0, requests_1.submitFinalRequest)(this, client, metadata);
     }
 }
-RequestCreate.hidden = true;
-RequestCreate.description = "Opens an Opal access request";
+RequestCreate.description = "Creates an Opal access request via an interactive form";
+RequestCreate.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+    assets: core_1.Flags.string({
+        char: "a",
+        multiple: true,
+        description: "The ids of the assets (resource, group) to request access to. Append a role ID using a colon if needed, e.g. `--assets 123:456`.\
+        \n If not provided, an interactive selection flow will be available to select assets to request.",
+    }),
+    reason: core_1.Flags.string({
+        char: "r",
+        description: "The reason for the request, contained in quotes. If not provided, you will be prompted.",
+    }),
+    duration: core_1.Flags.integer({
+        char: "d",
+        description: "The duration of access for the request in minutes. If not provided, you will be prompted.",
+    }),
+};
 exports.default = RequestCreate;

package/lib/commands/request/get.d.ts

@@ -1,6 +1,11 @@
 import { Command } from "@oclif/core";
-export default class RequestGet extends Command {
-    static hidden: boolean;
+export default class GetRequest extends Command {
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        verbose: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    static examples: string[];
     run(): Promise<void>;
 }

package/lib/commands/request/get.js

@@ -1,13 +1,111 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
-const utils_1 = require("../../utils/utils");
-class RequestGet extends core_1.Command {
+const chalk_1 = require("chalk");
+const graphql_1 = require("../../graphql");
+const apollo_1 = require("../../lib/apollo");
+const cmd_1 = require("../../lib/cmd");
+const config_1 = require("../../lib/config");
+const flags_1 = require("../../lib/flags");
+const displays_1 = require("../../utils/displays");
+const GET_REQUEST = (0, graphql_1.graphql)(`
+  query GetRequest(
+  $id: RequestId!
+) {
+  request(input: {id: $id}) {
+    __typename
+    ... on RequestResult {
+      request {
+        id
+        createdAt
+        status
+        requester {
+          displayName
+        }
+        targetUser {
+          displayName
+        }
+        requestedResources {
+          resource {
+            displayName
+            id
+          }
+          accessLevel {
+            accessLevelName
+            accessLevelRemoteId
+          }
+        }
+        durationInMinutes
+        requestedGroups {
+          group {
+            id
+            name
+          }
+          accessLevel {
+            accessLevelName
+            accessLevelRemoteId
+          }
+        }
+        reason
+      }
+    }
+    ... on RequestNotFoundError {
+      message
+    }
+  }
+}
+`);
+class GetRequest extends core_1.Command {
     async run() {
-        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
-        this.log("Running the get command");
+        (0, cmd_1.setMostRecentCommand)(this);
+        const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
+        const client = await (0, apollo_1.getClient)(this, true);
+        // Verify id tag was provided
+        const { flags } = await this.parse(GetRequest);
+        if (!flags.id) {
+            this.log("Error: Please provide a request ID using the --id flag.");
+            this.log("ex. opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4");
+            return;
+        }
+        const resp = await client.query({
+            query: GET_REQUEST,
+            variables: {
+                id: flags.id,
+            },
+            fetchPolicy: "network-only", // to avoid caching
+        });
+        switch (resp.data.request.__typename) {
+            case "RequestResult": {
+                if (flags.verbose) {
+                    (0, apollo_1.printResponse)(this, resp);
+                }
+                else {
+                    (0, displays_1.displayRequestDetails)(this, resp);
+                }
+                const url = `${configData[config_1.urlKey]}/requests/sent/${flags.id}`;
+                this.log(`\n💡Link to request details: ${chalk_1.default.underline(url)}`);
+                return;
+            }
+            case "RequestNotFoundError":
+                this.log(`🚫 Request with id ${flags.id} was not found`);
+                return;
+            default:
+                this.log("🚫 Error retrieving request data");
+        }
     }
 }
-RequestGet.hidden = true;
-RequestGet.description = "Lists access requests";
-exports.default = RequestGet;
+GetRequest.description = "Lists access requests";
+GetRequest.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+    id: flags_1.SHARED_FLAGS.id,
+    verbose: core_1.Flags.boolean({
+        char: "v",
+        description: "Enable verbose output, prints full response in JSON format. Defaults to false.",
+        default: false,
+    }),
+};
+GetRequest.examples = [
+    "opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4",
+    "opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose",
+];
+exports.default = GetRequest;

package/lib/commands/request/list.d.ts

@@ -1,6 +1,12 @@
 import { Command } from "@oclif/core";
-export default class RequestList extends Command {
-    static hidden: boolean;
+export default class ListRequests extends Command {
     static description: string;
+    static examples: string[];
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        n: import("@oclif/core/lib/interfaces").OptionFlag<number, import("@oclif/core/lib/interfaces").CustomOptions>;
+        pending: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        verbose: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
     run(): Promise<void>;
 }