npm - opal-security - Versions diffs - 3.1.1-beta.e92fdf8 → 3.1.1-beta.f1a5f49 - Mend

opal-security 3.1.1-beta.e92fdf8 → 3.1.1-beta.f1a5f49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +44 -26
package/lib/commands/login.js +6 -2
package/lib/commands/request/create.d.ts +6 -0
package/lib/commands/request/create.js +57 -14
package/lib/commands/whoami.d.ts +8 -0
package/lib/commands/whoami.js +34 -0
package/lib/graphql/gql.d.ts +10 -0
package/lib/graphql/gql.js +2 -0
package/lib/graphql/graphql.d.ts +85 -0
package/lib/graphql/graphql.js +539 -1
package/lib/lib/apollo.js +3 -4
package/lib/lib/credentials/index.d.ts +2 -1
package/lib/lib/credentials/index.js +2 -1
package/lib/lib/flags.js +1 -1
package/lib/lib/requests.d.ts +21 -15
package/lib/lib/requests.js +374 -75
package/lib/utils/displays.js +8 -3
package/oclif.manifest.json +99 -39
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.1.1-beta.e92fdf8 linux-x64 node-v20.19.2
+opal-security/3.1.1-beta.f1a5f49 linux-x64 node-v20.19.2
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -53,6 +53,7 @@ USAGE
 * [`opal ssh copyTo`](#opal-ssh-copyto)
 * [`opal ssh start`](#opal-ssh-start)
 * [`opal version`](#opal-version)
+* [`opal whoami`](#opal-whoami)
 ## `opal autocomplete [SHELL]`
@@ -101,7 +102,7 @@ EXAMPLES
   $ opal aws:identity
 ```
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/aws/identity.ts)_
 ## `opal clear-auth-provider`
@@ -121,7 +122,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/clear-auth-provider.ts)_
 ## `opal curl-example`
@@ -138,7 +139,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/curl-example.ts)_
 ## `opal groups get`
@@ -150,7 +151,7 @@ USAGE
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 DESCRIPTION
   Get group info for a particular group.
@@ -159,7 +160,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/groups/get.ts)_
 ## `opal help [COMMANDS]`
@@ -191,7 +192,7 @@ USAGE
 FLAGS
   -h, --help                 Show CLI help.
-  -i, --id=<value>           The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>           The Opal ID of the asset. You can find this from the URL, e.g.
                              https://opal.dev/resources/[ID]
   -r, --refresh              Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>    The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -209,7 +210,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/iam-roles/start.ts)_
 ## `opal kube-roles start`
@@ -222,7 +223,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -240,7 +241,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/kube-roles/start.ts)_
 ## `opal login`
@@ -261,7 +262,7 @@ EXAMPLES
   $ opal login
 ```
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/login.ts)_
 ## `opal logout`
@@ -281,7 +282,7 @@ EXAMPLES
   $ opal logout
 ```
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/logout.ts)_
 ## `opal postgres-instances start`
@@ -294,7 +295,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -318,7 +319,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/postgres-instances/start.ts)_
 ## `opal resources get`
@@ -330,7 +331,7 @@ USAGE
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 DESCRIPTION
   Get resource info for a particular resource.
@@ -339,7 +340,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/resources/get.ts)_
 ## `opal set-auth-provider`
@@ -365,7 +366,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/set-auth-provider.ts)_
 ## `opal set-custom-header`
@@ -386,7 +387,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/set-custom-header.ts)_
 ## `opal set-token`
@@ -406,7 +407,7 @@ EXAMPLES
   $ opal set-token
 ```
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/set-token.ts)_
 ## `opal set-url [URL]`
@@ -430,7 +431,7 @@ EXAMPLES
   $ opal set-url
 ```
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/set-url.ts)_
 ## `opal ssh copyFrom`
@@ -442,7 +443,7 @@ USAGE
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -461,7 +462,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/ssh/copyFrom.ts)_
 ## `opal ssh copyTo`
@@ -473,7 +474,7 @@ USAGE
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -492,7 +493,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/ssh/copyTo.ts)_
 ## `opal ssh start`
@@ -504,7 +505,7 @@ USAGE
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -r, --refresh            Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -519,7 +520,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.e92fdf8/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/ssh/start.ts)_
 ## `opal version`
@@ -540,4 +541,21 @@ FLAG DESCRIPTIONS
 ```
 _See code: [@oclif/plugin-version](https://github.com/oclif/plugin-version/blob/v2.2.27/src/commands/version.ts)_
+## `opal whoami`
+Describes current url set, organization name, and logged in user if applicabled.
+```
+USAGE
+  $ opal whoami [-h]
+FLAGS
+  -h, --help  Show CLI help.
+DESCRIPTION
+  Describes current url set, organization name, and logged in user if applicabled.
+```
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.1-beta.f1a5f49/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/lib/commands/login.js CHANGED Viewed

@@ -88,12 +88,14 @@ class Login extends core_1.Command {
             const configData = (0, config_1.getOrCreateConfigData)(configDir);
             let email = flags.email;
             let organizationId;
+            let organizationName;
             let clientIDCandidate;
             const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
             // Only use the previous email + organizationID if email isn't explicitly specified.
             if (!email) {
                 email = existingCreds.email;
                 organizationId = existingCreds.organizationID;
+                organizationName = existingCreds.organizationName;
                 clientIDCandidate = existingCreds.clientIDCandidate;
             }
             await (0, credentials_1.removeOpalCredentials)(this);
@@ -149,6 +151,7 @@ class Login extends core_1.Command {
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
                         organizationId = signInOrganizations[0].organizationId;
+                        organizationName = signInOrganizations[0].organizationName;
                         clientIDCandidate = signInOrganizations[0].cliClientId;
                     }
                     else {
@@ -164,6 +167,7 @@ class Login extends core_1.Command {
                             },
                         ]);
                         organizationId = responses.signInOrganization.organizationId;
+                        organizationName = responses.signInOrganization.organizationName;
                         clientIDCandidate = responses.signInOrganization.cliClientId;
                     }
                 }
@@ -238,10 +242,10 @@ class Login extends core_1.Command {
             if (tokenExchangeError) {
                 this.log("WARN: Failed to exchange access token for session in Opal. Falling back to using access token for authenticating requests\n");
                 // TODO: consider adding a warn line recommending upgrading Opal to version XYZ, once accompanying PR is pushed to prod
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken, organizationName);
             }
             else {
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie, organizationName);
             }
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQueryDeprecated)({

package/lib/commands/request/create.d.ts CHANGED Viewed

@@ -2,5 +2,11 @@ import { Command } from "@oclif/core";
 export default class RequestCreate extends Command {
     static hidden: boolean;
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        assets: import("@oclif/core/lib/interfaces").OptionFlag<string[] | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        reason: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        duration: import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
     run(): Promise<void>;
 }

package/lib/commands/request/create.js CHANGED Viewed

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
+const flags_1 = require("../../lib/flags");
 const requests_1 = require("../../lib/requests");
 const displays_1 = require("../../utils/displays");
 const utils_1 = require("../../utils/utils");
@@ -10,30 +11,72 @@ class RequestCreate extends core_1.Command {
         await (0, apollo_1.initClient)(this, true);
         const client = await (0, apollo_1.getClient)(this, true);
         (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
+        const { flags } = await this.parse(RequestCreate);
         const metadata = (0, requests_1.initEmptyRequestMetadata)();
-        (0, displays_1.headerMessage)(this);
-        let shouldProceed = false;
-        while (!shouldProceed) {
-            // Step 1: Select first round of assets from an app
-            await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
-            // Step 2: Display the selected items in a tree format
+        if (flags.assets) {
+            // if IDs are provided, bypass the interactive selection process
+            await (0, requests_1.bypassRequestSelection)(this, client, flags.assets, metadata);
+        }
+        else {
             (0, displays_1.headerMessage)(this);
-            (0, displays_1.treeifyRequestMap)(this, metadata.requestMap);
-            // Step 3: Prompt to add more items, repeat 1-3 if needed
-            shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            let shouldProceed = false;
+            while (!shouldProceed) {
+                // Step 1: Select first round of assets from an app
+                await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
+                // Step 2: Display the selected items in a tree format
+                (0, displays_1.headerMessage)(this);
+                (0, displays_1.treeifyRequestMap)(this, metadata.requestMap);
+                // Step 3: Prompt to add more items, repeat 1-3 if needed
+                shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            }
         }
         // Step 4: Set Request Defaults
         await (0, requests_1.setRequestDefaults)(this, client, metadata);
         // Step 4: Prompt for request reason
-        await (0, requests_1.promptForReason)(metadata);
+        if (flags.reason) {
+            metadata.reason = flags.reason;
+        }
+        else if (!(metadata.requestDefaults.reasonOptional &&
+            flags.assets &&
+            flags.duration)) {
+            await (0, requests_1.promptForReason)(metadata);
+        }
         // Step 5: Prompt for expiration
-        await (0, requests_1.promptForExpiration)(metadata);
+        if (flags.duration) {
+            (0, requests_1.bypassDuration)(this, flags.duration, metadata);
+        }
+        else {
+            await (0, requests_1.promptForExpiration)(metadata);
+        }
         // Step 6: Display final summary of request
-        (0, displays_1.displayFinalRequestSummary)(this, metadata);
-        // Step 7: Prompt for final submition
-        await (0, requests_1.submitFinalRequest)(this, client, metadata);
+        let canSubmit = true;
+        if (!(flags.assets &&
+            flags.duration &&
+            (metadata.requestDefaults.reasonOptional || flags.reason))) {
+            canSubmit = await (0, requests_1.promptRequestSubmission)(this, metadata);
+        }
+        // Step 7: Prompt for final submission
+        if (canSubmit)
+            await (0, requests_1.submitFinalRequest)(this, client, metadata);
     }
 }
 RequestCreate.hidden = true;
 RequestCreate.description = "Creates an Opal access request via an interactive form";
+RequestCreate.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+    assets: core_1.Flags.string({
+        char: "a",
+        multiple: true,
+        description: "The ids of the assets (resource, group) to request access to. Append a role ID using a colon if needed, e.g. `--assets 123:456`.\
+        \n If not provided, an interactive selection flow will be available to select assets to request.",
+    }),
+    reason: core_1.Flags.string({
+        char: "r",
+        description: "The reason for the request, contained in quotes. If not provided, you will be prompted.",
+    }),
+    duration: core_1.Flags.integer({
+        char: "d",
+        description: "The duration of access for the request in minutes. If not provided, you will be prompted.",
+    }),
+};
 exports.default = RequestCreate;

package/lib/commands/whoami.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { Command } from "@oclif/core";
+export default class WhoAmI extends Command {
+    static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/whoami.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const config_1 = require("../lib/config");
+const credentials_1 = require("../lib/credentials");
+const flags_1 = require("../lib/flags");
+class WhoAmI extends core_1.Command {
+    async run() {
+        const opalCreds = await (0, credentials_1.getOpalCredentials)(this, false);
+        const organizationName = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationName;
+        const email = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.email;
+        const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
+        const url = configData[config_1.urlKey];
+        if (email) {
+            this.log(`User:         ${email}`);
+        }
+        if (organizationName) {
+            if (organizationName === "unset-org-id") {
+                this.log("Authenticated with Opal API Token.");
+            }
+            else {
+                this.log(`Organization: ${organizationName}`);
+            }
+        }
+        if (url) {
+            this.log(`Server:       ${url}`);
+        }
+    }
+}
+WhoAmI.description = "Describes current url set, organization name, and logged in user if applicabled.";
+WhoAmI.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+};
+exports.default = WhoAmI;

package/lib/graphql/gql.d.ts CHANGED Viewed

@@ -22,6 +22,8 @@ type Documents = {
     "\nquery GroupAccessLevels($groupId: GroupId!) {\n  groupAccessLevels(\n    input: { groupId: $groupId }\n  ) {\n    ... on GroupAccessLevelsResult {\n      groupId\n      accessLevels {\n        ... on GroupAccessLevel {\n            accessLevelName\n            accessLevelRemoteId\n          }\n      }\n    }\n  }\n}\n": typeof types.GroupAccessLevelsDocument;
     "\n  query RequestDefaults(\n    $requestedResources: [RequestConfigurationResourceInput!]!\n    $requestedGroups: [RequestConfigurationGroupInput!]!\n    ) {\n    requestDefaults(input: {\n      requestedResources: $requestedResources,\n      requestedGroups: $requestedGroups,\n      }\n    ) {\n      ... on RequestDefaults {\n        durationOptions {\n          durationInMinutes\n          label\n        }\n        recommendedDurationInMinutes\n        defaultDurationInMinutes\n        maxDurationInMinutes\n        requireSupportTicket\n        reasonOptional\n        requesterIsAdmin\n      }\n    }\n  }": typeof types.RequestDefaultsDocument;
     "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n": typeof types.CreateRequestDocument;
+    "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  ": typeof types.GetCatalogItemDocument;
+    "\n  query GetAssociatedItems($resourceId: ResourceId!, $searchQuery: String) {\n    resource(input: {\n      id: $resourceId\n    }) {\n      __typename\n      ... on ResourceResult {\n        __typename\n        resource {\n          associatedItems(\n            first: 200\n            filters: {\n              searchQuery: {\n                contains: $searchQuery\n              }\n              access: REQUESTABLE\n              endUserVisible: true\n              entityType: {\n                in: [GROUP, RESOURCE]\n              }\n            }\n          ) {\n            edges {\n              __typename\n              ... on ResourceAssociatedItemEdge {\n                alias\n                node {\n                  __typename\n                  id\n                  name\n                  ... on Resource {\n                    accessLevels(\n                    filters: {\n                      skipRemoteAccessLevels: false # azure app roles are remote\n                    }\n                  ) {\n                    __typename\n                    accessLevelName\n                    accessLevelRemoteId\n                  }\n                  }\n                }\n              }\n            }\n          }\n        }\n      }\n      ... on ResourceNotFoundError {\n        message\n      }\n    }\n  }\n": typeof types.GetAssociatedItemsDocument;
 };
 declare const documents: Documents;
 /**
@@ -77,5 +79,13 @@ export declare function graphql(source: "\n  query RequestDefaults(\n    $reques
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export declare function graphql(source: "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n"): (typeof documents)["\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n"];
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  "): (typeof documents)["\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  "];
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export declare function graphql(source: "\n  query GetAssociatedItems($resourceId: ResourceId!, $searchQuery: String) {\n    resource(input: {\n      id: $resourceId\n    }) {\n      __typename\n      ... on ResourceResult {\n        __typename\n        resource {\n          associatedItems(\n            first: 200\n            filters: {\n              searchQuery: {\n                contains: $searchQuery\n              }\n              access: REQUESTABLE\n              endUserVisible: true\n              entityType: {\n                in: [GROUP, RESOURCE]\n              }\n            }\n          ) {\n            edges {\n              __typename\n              ... on ResourceAssociatedItemEdge {\n                alias\n                node {\n                  __typename\n                  id\n                  name\n                  ... on Resource {\n                    accessLevels(\n                    filters: {\n                      skipRemoteAccessLevels: false # azure app roles are remote\n                    }\n                  ) {\n                    __typename\n                    accessLevelName\n                    accessLevelRemoteId\n                  }\n                  }\n                }\n              }\n            }\n          }\n        }\n      }\n      ... on ResourceNotFoundError {\n        message\n      }\n    }\n  }\n"): (typeof documents)["\n  query GetAssociatedItems($resourceId: ResourceId!, $searchQuery: String) {\n    resource(input: {\n      id: $resourceId\n    }) {\n      __typename\n      ... on ResourceResult {\n        __typename\n        resource {\n          associatedItems(\n            first: 200\n            filters: {\n              searchQuery: {\n                contains: $searchQuery\n              }\n              access: REQUESTABLE\n              endUserVisible: true\n              entityType: {\n                in: [GROUP, RESOURCE]\n              }\n            }\n          ) {\n            edges {\n              __typename\n              ... on ResourceAssociatedItemEdge {\n                alias\n                node {\n                  __typename\n                  id\n                  name\n                  ... on Resource {\n                    accessLevels(\n                    filters: {\n                      skipRemoteAccessLevels: false # azure app roles are remote\n                    }\n                  ) {\n                    __typename\n                    accessLevelName\n                    accessLevelRemoteId\n                  }\n                  }\n                }\n              }\n            }\n          }\n        }\n      }\n      ... on ResourceNotFoundError {\n        message\n      }\n    }\n  }\n"];
 export type DocumentType<TDocumentNode extends DocumentNode<any, any>> = TDocumentNode extends DocumentNode<infer TType, any> ? TType : never;
 export {};

package/lib/graphql/gql.js CHANGED Viewed

@@ -14,6 +14,8 @@ const documents = {
     "\nquery GroupAccessLevels($groupId: GroupId!) {\n  groupAccessLevels(\n    input: { groupId: $groupId }\n  ) {\n    ... on GroupAccessLevelsResult {\n      groupId\n      accessLevels {\n        ... on GroupAccessLevel {\n            accessLevelName\n            accessLevelRemoteId\n          }\n      }\n    }\n  }\n}\n": types.GroupAccessLevelsDocument,
     "\n  query RequestDefaults(\n    $requestedResources: [RequestConfigurationResourceInput!]!\n    $requestedGroups: [RequestConfigurationGroupInput!]!\n    ) {\n    requestDefaults(input: {\n      requestedResources: $requestedResources,\n      requestedGroups: $requestedGroups,\n      }\n    ) {\n      ... on RequestDefaults {\n        durationOptions {\n          durationInMinutes\n          label\n        }\n        recommendedDurationInMinutes\n        defaultDurationInMinutes\n        maxDurationInMinutes\n        requireSupportTicket\n        reasonOptional\n        requesterIsAdmin\n      }\n    }\n  }": types.RequestDefaultsDocument,
     "\n  mutation CreateRequest(\n    $requestedResources: [RequestedResourceInput!]!\n    $requestedGroups: [RequestedGroupInput!]!\n    $reason: String!\n    $durationInMinutes: Int\n  ) {\n    createRequest(\n      input: {\n        requestedResources: $requestedResources\n        requestedGroups: $requestedGroups\n        reason: $reason\n        durationInMinutes: $durationInMinutes\n      }\n    ) {\n      ... on CreateRequestResult {\n        request {\n          id\n          status\n        }\n      }\n      ... on RequestDurationTooLargeError {\n        message\n      }\n      ... on RequestRequiresUserAuthTokenForConnectionError {\n        message\n      }\n      ... on NoReviewersSetForOwnerError {\n        message\n        ownerId\n      }\n      ... on NoReviewersSetForResourceError {\n        message\n        resourceId\n      }\n      ... on NoReviewersSetForGroupError {\n        message\n        groupId\n      }\n      ... on NoManagerSetForRequestingUserError {\n        message\n      }\n      ... on MfaInvalidError {\n        message\n      }\n      ... on BulkRequestTooLargeError {\n        message\n      }\n      ... on ItemCannotBeRequestedError {\n        message\n      }\n      ... on UserCannotRequestAccessForTargetGroupError {\n        message\n        groupId\n        userId\n      }\n      ... on GroupNestingNotAllowedError {\n        message\n        fromGroupId\n        toGroupId\n      }\n      ... on TargetUserHasNestedAccessError {\n        message\n        groupIds\n      }\n      ... on RequestReasonMissingError {\n        message\n      }\n      ... on RequestFieldValueMissingError {\n        message\n        fieldName\n      }\n      ... on LinkedGroupNotRequestableError {\n        message\n        sourceGroupId\n        groupBindingId\n      }\n      ... on RequestReasonBelowMinLengthError {\n        message\n      }\n\n    }\n  }\n": types.CreateRequestDocument,
+    "\n  query GetCatalogItem($uuid: UUID!) {\n    catalogItem(id: $uuid) {\n      __typename\n      ... on Connection {\n        id\n        displayName\n      }\n      ... on Resource {\n        id\n        displayName\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ...on Group {\n        id\n        name\n        connection {\n          id\n          displayName\n        }\n        accessLevels{\n          accessLevelName\n          accessLevelRemoteId\n        }\n      }\n      ... on UserFacingError {\n        message\n      }\n    }\n  }\n  ": types.GetCatalogItemDocument,
+    "\n  query GetAssociatedItems($resourceId: ResourceId!, $searchQuery: String) {\n    resource(input: {\n      id: $resourceId\n    }) {\n      __typename\n      ... on ResourceResult {\n        __typename\n        resource {\n          associatedItems(\n            first: 200\n            filters: {\n              searchQuery: {\n                contains: $searchQuery\n              }\n              access: REQUESTABLE\n              endUserVisible: true\n              entityType: {\n                in: [GROUP, RESOURCE]\n              }\n            }\n          ) {\n            edges {\n              __typename\n              ... on ResourceAssociatedItemEdge {\n                alias\n                node {\n                  __typename\n                  id\n                  name\n                  ... on Resource {\n                    accessLevels(\n                    filters: {\n                      skipRemoteAccessLevels: false # azure app roles are remote\n                    }\n                  ) {\n                    __typename\n                    accessLevelName\n                    accessLevelRemoteId\n                  }\n                  }\n                }\n              }\n            }\n          }\n        }\n      }\n      ... on ResourceNotFoundError {\n        message\n      }\n    }\n  }\n": types.GetAssociatedItemsDocument,
 };
 function graphql(source) {
     var _a;

package/lib/graphql/graphql.d.ts CHANGED Viewed

@@ -11752,6 +11752,89 @@ export type CreateRequestMutation = {
         userId: string;
     };
 };
+export type GetCatalogItemQueryVariables = Exact<{
+    uuid: Scalars["UUID"]["input"];
+}>;
+export type GetCatalogItemQuery = {
+    __typename?: "Query";
+    catalogItem: {
+        __typename: "Connection";
+        id: string;
+        displayName: string;
+    } | {
+        __typename: "Group";
+        id: string;
+        name: string;
+        connection?: {
+            __typename?: "Connection";
+            id: string;
+            displayName: string;
+        } | null;
+        accessLevels?: Array<{
+            __typename?: "GroupAccessLevel";
+            accessLevelName: string;
+            accessLevelRemoteId: string;
+        }> | null;
+    } | {
+        __typename: "Resource";
+        id: string;
+        displayName: string;
+        connection?: {
+            __typename?: "Connection";
+            id: string;
+            displayName: string;
+        } | null;
+        accessLevels?: Array<{
+            __typename?: "ResourceAccessLevel";
+            accessLevelName: string;
+            accessLevelRemoteId: string;
+        }> | null;
+    } | {
+        __typename: "UserFacingError";
+        message: string;
+    };
+};
+export type GetAssociatedItemsQueryVariables = Exact<{
+    resourceId: Scalars["ResourceId"]["input"];
+    searchQuery?: InputMaybe<Scalars["String"]["input"]>;
+}>;
+export type GetAssociatedItemsQuery = {
+    __typename?: "Query";
+    resource: {
+        __typename: "ResourceNotFoundError";
+        message: string;
+    } | {
+        __typename: "ResourceResult";
+        resource: {
+            __typename?: "Resource";
+            associatedItems: {
+                __typename?: "AssociatedItemConnection";
+                edges: Array<{
+                    __typename: "ConnectionAssociatedItemEdge";
+                } | {
+                    __typename: "GroupAssociatedItemEdge";
+                } | {
+                    __typename: "ResourceAssociatedItemEdge";
+                    alias?: string | null;
+                    node: {
+                        __typename: "Group";
+                        id: string;
+                        name: string;
+                    } | {
+                        __typename: "Resource";
+                        id: string;
+                        name: string;
+                        accessLevels?: Array<{
+                            __typename: "ResourceAccessLevel";
+                            accessLevelName: string;
+                            accessLevelRemoteId: string;
+                        }> | null;
+                    };
+                }>;
+            };
+        };
+    };
+};
 export declare const GetGroupDocument: DocumentNode<GetGroupQuery, GetGroupQueryVariables>;
 export declare const GetRequestDocument: DocumentNode<GetRequestQuery, GetRequestQueryVariables>;
 export declare const GetRequestsDocument: DocumentNode<GetRequestsQuery, GetRequestsQueryVariables>;
@@ -11762,3 +11845,5 @@ export declare const ResourceAccessLevelsDocument: DocumentNode<ResourceAccessLe
 export declare const GroupAccessLevelsDocument: DocumentNode<GroupAccessLevelsQuery, GroupAccessLevelsQueryVariables>;
 export declare const RequestDefaultsDocument: DocumentNode<RequestDefaultsQuery, RequestDefaultsQueryVariables>;
 export declare const CreateRequestDocument: DocumentNode<CreateRequestMutation, CreateRequestMutationVariables>;
+export declare const GetCatalogItemDocument: DocumentNode<GetCatalogItemQuery, GetCatalogItemQueryVariables>;
+export declare const GetAssociatedItemsDocument: DocumentNode<GetAssociatedItemsQuery, GetAssociatedItemsQueryVariables>;