opal-security 3.1.3 → 3.2.1

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.1.3 linux-x64 node-v20.19.0
+opal-security/3.2.1 darwin-arm64 node-v18.20.4
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -44,6 +44,10 @@ USAGE
 * [`opal login`](#opal-login)
 * [`opal logout`](#opal-logout)
 * [`opal postgres-instances start`](#opal-postgres-instances-start)
+* [`opal request create`](#opal-request-create)
+* [`opal request get`](#opal-request-get)
+* [`opal request list`](#opal-request-list)
+* [`opal request ls`](#opal-request-ls)
 * [`opal resources get`](#opal-resources-get)
 * [`opal set-auth-provider`](#opal-set-auth-provider)
 * [`opal set-custom-header`](#opal-set-custom-header)
@@ -53,6 +57,7 @@ USAGE
 * [`opal ssh copyTo`](#opal-ssh-copyto)
 * [`opal ssh start`](#opal-ssh-start)
 * [`opal version`](#opal-version)
+* [`opal whoami`](#opal-whoami)
 
 ## `opal autocomplete [SHELL]`
 
@@ -101,7 +106,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -121,7 +126,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -138,7 +143,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -150,7 +155,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get group info for a particular group.
@@ -159,7 +164,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -191,7 +196,7 @@ USAGE
 
 FLAGS
   -h, --help                 Show CLI help.
-  -i, --id=<value>           The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>           The Opal ID of the asset. You can find this from the URL, e.g.
                              https://opal.dev/resources/[ID]
   -r, --refresh              Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>    The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -209,7 +214,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -222,7 +227,7 @@ USAGE
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
@@ -240,7 +245,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -261,7 +266,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -281,7 +286,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -289,21 +294,22 @@ Starts a session to connect to a Postgres database.
 
 ```
 USAGE
-  $ opal postgres-instances start [-h] [-i <value>] [-a <value>] [-s <value>] [-r] [--action psql|view]
+  $ opal postgres-instances start [-h] [-i <value>] [-a <value>] [-s <value>] [-r] [--action open|psql|view]
 
 FLAGS
   -a, --accessLevelRemoteId=<value>  The remote ID of the access level with which to access the resource.
   -h, --help                         Show CLI help.
-  -i, --id=<value>                   The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>                   The Opal ID of the asset. You can find this from the URL, e.g.
                                      https://opal.dev/resources/[ID]
   -r, --refresh                      Starts a new session even if one already exists. Useful if a session is about to
                                      expire.
   -s, --sessionId=<value>            The Opal ID of the session to connect to. Uses an existing session that was created
                                      via the web flow.
       --action=<option>              Method of connecting to the database.
+                                     - open: Open external database app
                                      - psql: Start psql session in shell
                                      - view: View connection configuration details
-                                     <options: psql|view>
+                                     <options: open|psql|view>
 
 DESCRIPTION
   Starts a session to connect to a Postgres database.
@@ -318,7 +324,116 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/postgres-instances/start.ts)_
+
+## `opal request create`
+
+Creates an Opal access request via an interactive form
+
+```
+USAGE
+  $ opal request create [-h] [-a <value>...] [-r <value>] [-d <value>]
+
+FLAGS
+  -a, --assets=<value>...  The ids of the assets (resource, group) to request access to. Append a role name using a
+                           colon if needed, e.g. `--assets 123:456`.
+                           If not provided, an interactive selection flow will be available to select assets to request.
+  -d, --duration=<value>   The duration of access for the request in minutes. Pass in a 0 value for permanent access. If
+                           not provided, you will be prompted.
+  -h, --help               Show CLI help.
+  -r, --reason=<value>     The reason for the request, contained in quotes. If not provided, you will be prompted.
+
+DESCRIPTION
+  Creates an Opal access request via an interactive form
+```
+
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/request/create.ts)_
+
+## `opal request get`
+
+Lists access requests
+
+```
+USAGE
+  $ opal request get [-h] [-i <value>] [-v]
+
+FLAGS
+  -h, --help        Show CLI help.
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -v, --verbose     Enable verbose output, prints full response in JSON format. Defaults to false.
+
+DESCRIPTION
+  Lists access requests
+
+EXAMPLES
+  $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
+
+  $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
+```
+
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/request/get.ts)_
+
+## `opal request list`
+
+Lists your n recent outgoing access requests
+
+```
+USAGE
+  $ opal request list [-h] [-n <value>] [-p] [-v]
+
+FLAGS
+  -h, --help       Show CLI help.
+  -n, --n=<value>  [default: 10] Defines number of requests to be returned. 1 <= n <= 100.
+  -p, --pending    Show only pending requests. Defaults to false.
+  -v, --verbose    Enable verbose output, prints full response in JSON format. Defaults to false.
+
+DESCRIPTION
+  Lists your n recent outgoing access requests
+
+ALIASES
+  $ opal request ls
+
+EXAMPLES
+  $ opal request list --n 5
+
+  $ opal request list --n 5 --pending
+
+  $ opal request list --n 5 --verbose
+
+  $ opal request list --n 5 --pending --verbose
+```
+
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/request/list.ts)_
+
+## `opal request ls`
+
+Lists your n recent outgoing access requests
+
+```
+USAGE
+  $ opal request ls [-h] [-n <value>] [-p] [-v]
+
+FLAGS
+  -h, --help       Show CLI help.
+  -n, --n=<value>  [default: 10] Defines number of requests to be returned. 1 <= n <= 100.
+  -p, --pending    Show only pending requests. Defaults to false.
+  -v, --verbose    Enable verbose output, prints full response in JSON format. Defaults to false.
+
+DESCRIPTION
+  Lists your n recent outgoing access requests
+
+ALIASES
+  $ opal request ls
+
+EXAMPLES
+  $ opal request list --n 5
+
+  $ opal request list --n 5 --pending
+
+  $ opal request list --n 5 --verbose
+
+  $ opal request list --n 5 --pending --verbose
+```
 
 ## `opal resources get`
 
@@ -330,7 +445,7 @@ USAGE
 
 FLAGS
   -h, --help        Show CLI help.
-  -i, --id=<value>  The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
+  -i, --id=<value>  The Opal ID of the asset. You can find this from the URL, e.g. https://opal.dev/resources/[ID]
 
 DESCRIPTION
   Get resource info for a particular resource.
@@ -339,7 +454,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -365,7 +480,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -386,7 +501,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -406,7 +521,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -430,7 +545,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -442,7 +557,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -461,7 +576,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -473,7 +588,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
                            web flow.
@@ -492,7 +607,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -504,7 +619,7 @@ USAGE
 
 FLAGS
   -h, --help               Show CLI help.
-  -i, --id=<value>         The Opal ID of the resource. You can find this from the URL, e.g.
+  -i, --id=<value>         The Opal ID of the asset. You can find this from the URL, e.g.
                            https://opal.dev/resources/[ID]
   -r, --refresh            Starts a new session even if one already exists. Useful if a session is about to expire.
   -s, --sessionId=<value>  The Opal ID of the session to connect to. Uses an existing session that was created via the
@@ -519,7 +634,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.1.3/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -540,4 +655,21 @@ FLAG DESCRIPTIONS
 ```
 
 _See code: [@oclif/plugin-version](https://github.com/oclif/plugin-version/blob/v2.2.27/src/commands/version.ts)_
+
+## `opal whoami`
+
+Describes current url set, organization name, and logged in user if applicable.
+
+```
+USAGE
+  $ opal whoami [-h]
+
+FLAGS
+  -h, --help  Show CLI help.
+
+DESCRIPTION
+  Describes current url set, organization name, and logged in user if applicable.
+```
+
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.1/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/lib/commands/groups/get.js

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
-const parseAndCheckHttpResponse_1 = require("@apollo/client/link/http/parseAndCheckHttpResponse");
 const graphql_1 = require("../../graphql");
 const apollo_1 = require("../../lib/apollo");
 const cmd_1 = require("../../lib/cmd");
@@ -64,7 +63,7 @@ class GetGroup extends core_1.Command {
             (0, apollo_1.printResponse)(this, resp);
         }
         catch (error) {
-            return (0, parseAndCheckHttpResponse_1.handleError)(this, error);
+            return (0, apollo_1.handleError)(this, error);
         }
     }
 }

package/lib/commands/login.js

@@ -88,12 +88,14 @@ class Login extends core_1.Command {
             const configData = (0, config_1.getOrCreateConfigData)(configDir);
             let email = flags.email;
             let organizationId;
+            let organizationName;
             let clientIDCandidate;
             const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
             // Only use the previous email + organizationID if email isn't explicitly specified.
             if (!email) {
                 email = existingCreds.email;
                 organizationId = existingCreds.organizationID;
+                organizationName = existingCreds.organizationName;
                 clientIDCandidate = existingCreds.clientIDCandidate;
             }
             await (0, credentials_1.removeOpalCredentials)(this);
@@ -149,6 +151,7 @@ class Login extends core_1.Command {
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
                         organizationId = signInOrganizations[0].organizationId;
+                        organizationName = signInOrganizations[0].organizationName;
                         clientIDCandidate = signInOrganizations[0].cliClientId;
                     }
                     else {
@@ -164,6 +167,7 @@ class Login extends core_1.Command {
                             },
                         ]);
                         organizationId = responses.signInOrganization.organizationId;
+                        organizationName = responses.signInOrganization.organizationName;
                         clientIDCandidate = responses.signInOrganization.cliClientId;
                     }
                 }
@@ -238,10 +242,10 @@ class Login extends core_1.Command {
             if (tokenExchangeError) {
                 this.log("WARN: Failed to exchange access token for session in Opal. Falling back to using access token for authenticating requests\n");
                 // TODO: consider adding a warn line recommending upgrading Opal to version XYZ, once accompanying PR is pushed to prod
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken, organizationName);
             }
             else {
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie);
+                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie, organizationName);
             }
             // "Representative" authenticated call to check the log-in worked as expected.
             const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQueryDeprecated)({

package/lib/commands/request/create.d.ts

@@ -1,6 +1,11 @@
 import { Command } from "@oclif/core";
 export default class RequestCreate extends Command {
-    static hidden: boolean;
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        assets: import("@oclif/core/lib/interfaces").OptionFlag<string[] | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        reason: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        duration: import("@oclif/core/lib/interfaces").OptionFlag<number | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
     run(): Promise<void>;
 }

package/lib/commands/request/create.js

@@ -2,36 +2,80 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@oclif/core");
 const apollo_1 = require("../../lib/apollo");
+const cmd_1 = require("../../lib/cmd");
+const flags_1 = require("../../lib/flags");
 const requests_1 = require("../../lib/requests");
 const displays_1 = require("../../utils/displays");
-const utils_1 = require("../../utils/utils");
 class RequestCreate extends core_1.Command {
     async run() {
+        (0, cmd_1.setMostRecentCommand)(this);
         await (0, apollo_1.initClient)(this, true);
         const client = await (0, apollo_1.getClient)(this, true);
-        (0, utils_1.restrictToDev)(); //TODO: Remove after development is complete
-        const requestMap = new Map();
-        (0, displays_1.headerMessage)(this);
-        let shouldProceed = false;
-        while (!shouldProceed) {
-            // Step 1: Select first round of assets from an app
-            await (0, requests_1.selectRequestableItems)(this, client, requestMap);
-            // Step 2: Display the selected items in a tree format
+        const { flags } = await this.parse(RequestCreate);
+        const metadata = (0, requests_1.initEmptyRequestMetadata)();
+        if (flags.assets) {
+            // if IDs are provided, bypass the interactive selection process
+            await (0, requests_1.bypassRequestSelection)(this, client, flags.assets, metadata);
+        }
+        else {
             (0, displays_1.headerMessage)(this);
-            this.log((0, displays_1.treeifyRequestMap)(requestMap), "\n");
-            // Step 3: Prompt to add more items, repeat 1-3 if needed
-            shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            let shouldProceed = false;
+            while (!shouldProceed) {
+                // Step 1: Select first round of assets from an app
+                await (0, requests_1.selectRequestableItems)(this, client, metadata.requestMap);
+                // Step 2: Display the selected items in a tree format
+                (0, displays_1.headerMessage)(this);
+                (0, displays_1.treeifyRequestMap)(this, metadata.requestMap);
+                // Step 3: Prompt to add more items, repeat 1-3 if needed
+                shouldProceed = await (0, requests_1.doneSelectingAssets)();
+            }
         }
+        // Step 4: Set Request Defaults
+        await (0, requests_1.setRequestDefaults)(this, client, metadata);
         // Step 4: Prompt for request reason
-        const { reason } = await (0, requests_1.promptForReason)();
+        if (flags.reason) {
+            metadata.reason = flags.reason;
+        }
+        else if (!(metadata.requestDefaults.reasonOptional &&
+            flags.assets &&
+            flags.duration)) {
+            await (0, requests_1.promptForReason)(metadata);
+        }
         // Step 5: Prompt for expiration
-        const { expiration } = await (0, requests_1.promptForExpiration)();
+        if (flags.duration !== undefined) {
+            (0, requests_1.bypassDuration)(this, flags.duration, metadata);
+        }
+        else {
+            await (0, requests_1.promptForExpiration)(metadata);
+        }
         // Step 6: Display final summary of request
-        (0, displays_1.displayFinalRequestSummary)(this, requestMap, reason, expiration);
-        // Step 7: Prompt for final submition
-        await (0, requests_1.submitFinalRequest)(this);
+        let canSubmit = true;
+        if (!(flags.assets &&
+            flags.duration !== undefined &&
+            (metadata.requestDefaults.reasonOptional || flags.reason))) {
+            canSubmit = await (0, requests_1.promptRequestSubmission)(this, metadata);
+        }
+        // Step 7: Prompt for final submission
+        if (canSubmit)
+            await (0, requests_1.submitFinalRequest)(this, client, metadata);
     }
 }
-RequestCreate.hidden = true;
-RequestCreate.description = "Opens an Opal access request";
+RequestCreate.description = "Creates an Opal access request via an interactive form";
+RequestCreate.flags = {
+    help: flags_1.SHARED_FLAGS.help,
+    assets: core_1.Flags.string({
+        char: "a",
+        multiple: true,
+        description: "The ids of the assets (resource, group) to request access to. Append a role name using a colon if needed, e.g. `--assets 123:456`.\
+        \n If not provided, an interactive selection flow will be available to select assets to request.",
+    }),
+    reason: core_1.Flags.string({
+        char: "r",
+        description: "The reason for the request, contained in quotes. If not provided, you will be prompted.",
+    }),
+    duration: core_1.Flags.integer({
+        char: "d",
+        description: "The duration of access for the request in minutes. Pass in a 0 value for permanent access. If not provided, you will be prompted.",
+    }),
+};
 exports.default = RequestCreate;

package/lib/commands/request/get.d.ts

@@ -1,6 +1,11 @@
 import { Command } from "@oclif/core";
-export default class RequestGet extends Command {
-    static hidden: boolean;
+export default class GetRequest extends Command {
     static description: string;
+    static flags: {
+        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
+        id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
+        verbose: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+    };
+    static examples: string[];
     run(): Promise<void>;
 }