opal-security 3.2.1 → 3.2.2

package/lib/lib/request/prompts/duration-prompt.d.ts

@@ -0,0 +1,2 @@
+import type { RequestMetadata } from "../types";
+export declare function promptForDuration(metadata: RequestMetadata): Promise<void>;

package/lib/lib/request/prompts/duration-prompt.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.promptForDuration = promptForDuration;
+const { AutoComplete, Form } = require("enquirer");
+async function promptForDuration(metadata) {
+    var _a, _b;
+    const durations = ((_b = (_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.durationOptions) === null || _b === void 0 ? void 0 : _b.map((option) => {
+        var _a;
+        let label = option.label;
+        if (option.durationInMinutes ===
+            ((_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.maxDurationInMinutes)) {
+            label = `${label} (MAX)`;
+        }
+        if (option.durationInMinutes ===
+            metadata.requestDefaults.recommendedDurationInMinutes) {
+            label = `${label} (RECOMMENDED)`;
+        }
+        return {
+            message: label,
+            value: {
+                label: label,
+                durationInMinutes: option.durationInMinutes,
+                toString: () => label,
+            },
+        };
+    })) || [];
+    // Sort durations by minutes
+    durations.sort((a, b) => {
+        // Sort so that Permanent is always last
+        if (a.message === "Permanent")
+            return 1;
+        if (b.message === "Permanent")
+            return -1;
+        return a.value.durationInMinutes - b.value.durationInMinutes;
+    });
+    const expirationSelect = new AutoComplete({
+        name: "expiration",
+        message: "When should access expire?",
+        hint: "Type to filter",
+        type: "list",
+        choices: durations,
+        pageSize: 15,
+    });
+    let selected = await expirationSelect.run();
+    switch (selected.label) {
+        case "Custom": {
+            selected = await setCustomDuration(metadata);
+            break;
+        }
+        case "Permanent": {
+            selected.durationInMinutes = undefined;
+            break;
+        }
+    }
+    metadata.durationInMinutes = selected.durationInMinutes;
+    metadata.durationLabel = selected.label;
+}
+function getDurationNumbers(duration) {
+    const d = +duration.days || 0;
+    const h = +duration.hours || 0;
+    const m = +duration.minutes || 0;
+    return { d, h, m };
+}
+function getDurationInMinutes(duration) {
+    const { d, h, m } = getDurationNumbers(duration);
+    const minutesInDay = 1440; // 24 hours * 60 minutes
+    const minutesInHour = 60;
+    return d * minutesInDay + h * minutesInHour + m;
+}
+function getDHMFromMinutes(minutes) {
+    const label = [];
+    const d = Math.floor(minutes / 1440);
+    if (d > 0) {
+        label.push(`${d}d`);
+    }
+    const remainingMinutes = minutes % 1440;
+    const h = Math.floor(remainingMinutes / 60);
+    if (h > 0) {
+        label.push(`${h}h`);
+    }
+    const m = remainingMinutes % 60;
+    if (m > 0) {
+        label.push(`${m}m`);
+    }
+    return label.join(" ");
+}
+async function setCustomDuration(metadata) {
+    const durationForm = new Form({
+        name: "user",
+        message: "Please set a custom access duration:",
+        choices: [
+            { name: "days", message: "Days", initial: "0" },
+            { name: "hours", message: "Hours", initial: "0" },
+            { name: "minutes", message: "Minutes", initial: "0" },
+        ],
+        validate: (answer) => {
+            var _a, _b, _c;
+            const { d, h, m } = getDurationNumbers(answer);
+            const durationInMinutes = getDurationInMinutes(answer);
+            if (d < 0 || h < 0 || m < 0 || d + h + m === 0 || (h > 23 && m > 59)) {
+                return "Please enter a valid duration.";
+            }
+            if (((_a = metadata.requestDefaults) === null || _a === void 0 ? void 0 : _a.maxDurationInMinutes) &&
+                durationInMinutes > ((_b = metadata.requestDefaults) === null || _b === void 0 ? void 0 : _b.maxDurationInMinutes)) {
+                const maxDHM = getDHMFromMinutes((_c = metadata.requestDefaults) === null || _c === void 0 ? void 0 : _c.maxDurationInMinutes);
+                return `The max duration for the selected assets is ${maxDHM}.`;
+            }
+            return true;
+        },
+        return: (answer) => {
+            return getDurationInMinutes(answer);
+        },
+    });
+    const durationResult = await durationForm.run();
+    const { d, h, m } = getDurationNumbers(durationResult);
+    const durationInMinutes = getDurationInMinutes(durationResult);
+    const durationLabel = getDHMFromMinutes(durationInMinutes);
+    return {
+        durationInMinutes: durationInMinutes,
+        label: durationLabel,
+    };
+}

package/lib/lib/request/prompts/index.d.ts

@@ -0,0 +1,8 @@
+export { selectRequestableItems } from "./apps-prompt";
+export { chooseOktaAzureRoles, chooseAssets } from "./asset-prompt";
+export { chooseRoles } from "./role-prompt";
+export { promptForReason } from "./reason-prompt";
+export { promptForDuration } from "./duration-prompt";
+export { doneSelectingAssets, promptRequestSubmission, } from "./validate-prompt";
+export declare const selectInstructions: string;
+export declare const multiSelectInstructions: string;

package/lib/lib/request/prompts/index.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.multiSelectInstructions = exports.selectInstructions = exports.promptRequestSubmission = exports.doneSelectingAssets = exports.promptForDuration = exports.promptForReason = exports.chooseRoles = exports.chooseAssets = exports.chooseOktaAzureRoles = exports.selectRequestableItems = void 0;
+const chalk_1 = require("chalk");
+var apps_prompt_1 = require("./apps-prompt");
+Object.defineProperty(exports, "selectRequestableItems", { enumerable: true, get: function () { return apps_prompt_1.selectRequestableItems; } });
+var asset_prompt_1 = require("./asset-prompt");
+Object.defineProperty(exports, "chooseOktaAzureRoles", { enumerable: true, get: function () { return asset_prompt_1.chooseOktaAzureRoles; } });
+Object.defineProperty(exports, "chooseAssets", { enumerable: true, get: function () { return asset_prompt_1.chooseAssets; } });
+var role_prompt_1 = require("./role-prompt");
+Object.defineProperty(exports, "chooseRoles", { enumerable: true, get: function () { return role_prompt_1.chooseRoles; } });
+var reason_prompt_1 = require("./reason-prompt");
+Object.defineProperty(exports, "promptForReason", { enumerable: true, get: function () { return reason_prompt_1.promptForReason; } });
+var duration_prompt_1 = require("./duration-prompt");
+Object.defineProperty(exports, "promptForDuration", { enumerable: true, get: function () { return duration_prompt_1.promptForDuration; } });
+var validate_prompt_1 = require("./validate-prompt");
+Object.defineProperty(exports, "doneSelectingAssets", { enumerable: true, get: function () { return validate_prompt_1.doneSelectingAssets; } });
+Object.defineProperty(exports, "promptRequestSubmission", { enumerable: true, get: function () { return validate_prompt_1.promptRequestSubmission; } });
+exports.selectInstructions = chalk_1.default.dim("[↑↓] Navigate · [Enter] Select · Type to filter");
+exports.multiSelectInstructions = chalk_1.default.dim("[↑↓] Navigate · [Space] Select · [Enter] Confirm · Type to filter");

package/lib/lib/request/prompts/reason-prompt.d.ts

@@ -0,0 +1,2 @@
+import type { RequestMetadata } from "../types";
+export declare function promptForReason(metadata: RequestMetadata): Promise<void>;

package/lib/lib/request/prompts/reason-prompt.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.promptForReason = promptForReason;
+const { prompt } = require("enquirer");
+async function promptForReason(metadata) {
+    const { reason } = await prompt([
+        {
+            name: "reason",
+            message: "Why do you need access?",
+            type: "input",
+            validate: (answer) => {
+                if (!metadata.requestDefaults.reasonOptional && answer.length < 1) {
+                    return "A reason for requesting these assets is required.";
+                }
+                return true;
+            },
+        },
+    ]);
+    metadata.reason = reason;
+}

package/lib/lib/request/prompts/role-prompt.d.ts

@@ -0,0 +1,4 @@
+import type { ApolloClient, NormalizedCacheObject } from "@apollo/client";
+import type { Command } from "@oclif/core";
+import type { RequestMap } from "../types";
+export declare function chooseRoles(cmd: Command, client: ApolloClient<NormalizedCacheObject>, appId: string, assetId: string, requestMap: RequestMap): Promise<void>;

package/lib/lib/request/prompts/role-prompt.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.chooseRoles = chooseRoles;
+const _1 = require(".");
+const api_1 = require("../api");
+const { AutoComplete } = require("enquirer");
+async function chooseRoles(cmd, client, appId, assetId, requestMap) {
+    var _a;
+    const entry = requestMap[appId];
+    const assetEntry = entry === null || entry === void 0 ? void 0 : entry.assets[assetId];
+    if (entry === undefined || assetEntry === undefined) {
+        throw new Error(`App ${appId} or Asset ${assetId} not found in requestMap`);
+    }
+    const assetRoles = (_a = (await (0, api_1.queryAssetRoles)(cmd, client, assetEntry.type, assetId))) !== null && _a !== void 0 ? _a : [];
+    if (assetRoles !== undefined &&
+        (assetRoles.length === 0 ||
+            (assetRoles.length === 1 && assetRoles[0].value.name === ""))) {
+        return;
+    }
+    const rolePrompt = new AutoComplete({
+        name: "Roles",
+        message: `Select one or more roles for ${assetEntry.assetName}:`,
+        hint: _1.multiSelectInstructions,
+        limit: 15,
+        multiple: true,
+        choices: assetRoles,
+        validate: (answer) => {
+            if (answer.length < 1) {
+                return "You must select at least one item.";
+            }
+            return true;
+        },
+    });
+    const roles = await rolePrompt.run();
+    if (!assetEntry.roles) {
+        assetEntry.roles = {};
+    }
+    for (const role of roles) {
+        assetEntry.roles[role.id] = {
+            roleId: role.id,
+            roleName: role.name,
+        };
+    }
+}

package/lib/lib/request/prompts/validate-prompt.d.ts

@@ -0,0 +1,4 @@
+import type { Command } from "@oclif/core";
+import type { RequestMetadata } from "../types";
+export declare function doneSelectingAssets(): Promise<boolean>;
+export declare function promptRequestSubmission(cmd: Command, metadata: RequestMetadata): Promise<boolean>;

package/lib/lib/request/prompts/validate-prompt.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.doneSelectingAssets = doneSelectingAssets;
+exports.promptRequestSubmission = promptRequestSubmission;
+const displays_1 = require("../displays");
+const { Select } = require("enquirer");
+async function doneSelectingAssets() {
+    const submitMessage = "✅ Yes, proceed with request";
+    const addMoreMessage = "❌ No, add more items";
+    const prompt = new Select({
+        name: "submitOrAdd",
+        message: "Is this all you want to request?",
+        choices: [submitMessage, addMoreMessage],
+    });
+    const submitOrAdd = await prompt.run();
+    return submitOrAdd === submitMessage;
+}
+async function promptRequestSubmission(cmd, metadata) {
+    (0, displays_1.displayFinalRequestSummary)(cmd, metadata);
+    const submitMessage = "✅ Yes, submit request";
+    const cancelMessage = "❌ No, cancel request";
+    const prompt = new Select({
+        name: "submitOrCancel",
+        message: "Is this all you want to request?",
+        choices: [submitMessage, cancelMessage],
+    });
+    const submitOrCancel = await prompt.run();
+    return submitOrCancel === submitMessage;
+}

package/lib/lib/request/request-utils.d.ts

@@ -0,0 +1,15 @@
+import type { ApolloClient, NormalizedCacheObject } from "@apollo/client";
+import type { Command } from "@oclif/core";
+import { RequestMessageCode } from "../../graphql/graphql";
+import { type ConnectionType } from "../../types";
+import { type RequestMap, type RequestMetadata } from "./types";
+export declare function initEmptyRequestMetadata(): RequestMetadata;
+export declare function setRequestDefaults(cmd: Command, client: ApolloClient<NormalizedCacheObject>, metadata: RequestMetadata): Promise<void>;
+export declare function submitFinalRequest(cmd: Command, client: ApolloClient<NormalizedCacheObject>, metadata: RequestMetadata): Promise<void>;
+export declare function getRequestLink(cmd: Command, id: string): string;
+export declare function generateRequestLink(cmd: Command, defaultDurationInMinutes: number): string;
+export declare function bypassRequestSelection(cmd: Command, client: ApolloClient<NormalizedCacheObject>, flagValue: string[], metadata: RequestMetadata): Promise<void>;
+export declare function bypassDuration(cmd: Command, duration: number, metadata: RequestMetadata): void;
+export declare function getRequestMessageFromCode(cmd: Command, code: RequestMessageCode, connectionName: string | undefined, connectionType: ConnectionType | undefined, extraParams?: string, sourceGroupRedirect?: () => void): string;
+export declare function duplicateRequestTemplate(cmd: Command, client: ApolloClient<NormalizedCacheObject>, requestId: string, metadata: RequestMetadata): Promise<void>;
+export declare function copyBundleAssets(cmd: Command, client: ApolloClient<NormalizedCacheObject>, bundleId: string, requestMap: RequestMap): Promise<void>;