opal-security 3.2.1 → 3.2.3

package/lib/lib/request/request-utils.js

@@ -0,0 +1,468 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initEmptyRequestMetadata = initEmptyRequestMetadata;
+exports.setRequestDefaults = setRequestDefaults;
+exports.submitFinalRequest = submitFinalRequest;
+exports.getRequestLink = getRequestLink;
+exports.generateRequestLink = generateRequestLink;
+exports.bypassRequestSelection = bypassRequestSelection;
+exports.bypassDuration = bypassDuration;
+exports.getRequestMessageFromCode = getRequestMessageFromCode;
+exports.duplicateRequestTemplate = duplicateRequestTemplate;
+exports.copyBundleAssets = copyBundleAssets;
+const chalk_1 = require("chalk");
+const graphql_1 = require("../../graphql/graphql");
+const labels_1 = require("../../labels");
+const config_1 = require("../../lib/config");
+const api_1 = require("./api");
+const requests_1 = require("./api/queries/requests");
+const displays_1 = require("./displays");
+const types_1 = require("./types");
+/*
+Init Request Metadata
+This function initializes the request metadata with empty defaults and an empty request map.
+*/
+function initEmptyRequestMetadata() {
+    // Initialize with empty defaults
+    const requestDefaults = {
+        durationOptions: [],
+        recommendedDurationInMinutes: undefined,
+        defaultDurationInMinutes: undefined,
+        maxDurationInMinutes: undefined,
+        requireSupportTicket: false,
+        reasonOptional: false,
+        requesterIsAdmin: false,
+    };
+    // Initialize with empty map
+    const requestMap = {};
+    return {
+        requestMap,
+        requestDefaults,
+        durationLabel: "",
+        durationInMinutes: 0,
+        reason: "",
+    };
+}
+/*
+After setting up the request map, this function fetches the request defaults
+from the server based on the requested resources and groups.
+It updates the metadata with the fetched defaults.
+*/
+async function setRequestDefaults(cmd, client, metadata) {
+    var _a;
+    const requestMap = metadata.requestMap;
+    const requestedResources = [];
+    const requestedGroups = [];
+    for (const appNode of Object.values(requestMap)) {
+        for (const [assetId, assetNode] of Object.entries(appNode.assets)) {
+            if (assetNode.roles !== undefined) {
+                const mappedRoles = Object.entries(assetNode.roles).map(([roleId, _roleNode]) => {
+                    return roleId;
+                });
+                const roleIds = mappedRoles.length ? mappedRoles : [""];
+                for (const roleId of roleIds) {
+                    switch (assetNode.type) {
+                        case graphql_1.EntityType.Resource: {
+                            requestedResources.push({
+                                resourceId: assetId,
+                                accessLevelRemoteId: roleId,
+                            });
+                            break;
+                        }
+                        case graphql_1.EntityType.Group: {
+                            requestedGroups.push({
+                                groupId: assetId,
+                                accessLevelRemoteId: roleId,
+                            });
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    try {
+        const requestDefaults = await (0, api_1.queryRequestDefaults)(cmd, client, requestedResources, requestedGroups);
+        if (requestDefaults !== undefined) {
+            metadata.requestDefaults.durationOptions =
+                requestDefaults.durationOptions;
+            metadata.requestDefaults.recommendedDurationInMinutes =
+                requestDefaults.recommendedDurationInMinutes;
+            metadata.requestDefaults.defaultDurationInMinutes =
+                requestDefaults.defaultDurationInMinutes;
+            metadata.requestDefaults.maxDurationInMinutes =
+                requestDefaults.maxDurationInMinutes;
+            metadata.requestDefaults.requireSupportTicket =
+                requestDefaults.requireSupportTicket;
+            metadata.requestDefaults.reasonOptional = requestDefaults.reasonOptional;
+            metadata.requestDefaults.requesterIsAdmin =
+                requestDefaults.requesterIsAdmin;
+            for (const message of requestDefaults.messages || []) {
+                let connectionName = undefined;
+                let connectionType = undefined;
+                // If the message has an entityId, retrieve the connection name and type
+                if (message.entityId) {
+                    for (const appNode of Object.values(requestMap)) {
+                        for (const assetNode of Object.values(appNode.assets)) {
+                            if (assetNode.assetId === message.entityId) {
+                                connectionName = appNode.appName;
+                                connectionType = appNode.appType;
+                                break;
+                            }
+                        }
+                    }
+                }
+                // Log the request message based on the code
+                cmd.log(chalk_1.default.dim(`\n${chalk_1.default.italic(message.level)}:`), getRequestMessageFromCode(cmd, message.code, connectionName, connectionType));
+                if (message.level === "ERROR") {
+                    process.exit(1);
+                }
+            }
+            if (requestDefaults.requireSupportTicket) {
+                cmd.log("\nA support ticket is required for this request. Please submit through the Opal website.");
+                const requestLink = generateRequestLink(cmd, (_a = metadata.requestDefaults.defaultDurationInMinutes) !== null && _a !== void 0 ? _a : 60);
+                cmd.log(`${chalk_1.default.bold("Link:")} ${requestLink}\n`);
+                process.exit(1);
+            }
+        }
+    }
+    catch (_b) {
+        cmd.error("Error fetching request defaults.");
+    }
+}
+async function submitFinalRequest(cmd, client, metadata) {
+    var _a, _b, _c, _d;
+    // Build requested assets lists for the mutation
+    const requestedResources = [];
+    const requestedGroups = [];
+    for (const appNode of Object.values(metadata.requestMap)) {
+        // This extraction is different than the one in setRequestDefaults.
+        // Both extract the requestedResources and requestedGroups,
+        // use different formats.
+        for (const [assetId, assetNode] of Object.entries(appNode.assets)) {
+            if (assetNode.roles) {
+                const mappedRoles = Object.entries(assetNode.roles).map(([roleId, _roleNode]) => {
+                    return roleId;
+                });
+                const roleIds = mappedRoles.length > 0 ? mappedRoles : [""];
+                for (const roleId of roleIds) {
+                    switch (assetNode.type) {
+                        case graphql_1.EntityType.Resource: {
+                            requestedResources.push({
+                                resourceId: assetId,
+                                accessLevel: {
+                                    accessLevelName: ((_b = (_a = assetNode.roles) === null || _a === void 0 ? void 0 : _a[roleId]) === null || _b === void 0 ? void 0 : _b.roleName) || "",
+                                    accessLevelRemoteId: roleId,
+                                },
+                            });
+                            break;
+                        }
+                        case graphql_1.EntityType.Group: {
+                            requestedGroups.push({
+                                groupId: assetId,
+                                accessLevel: {
+                                    accessLevelName: ((_d = (_c = assetNode.roles) === null || _c === void 0 ? void 0 : _c[roleId]) === null || _d === void 0 ? void 0 : _d.roleName) || "",
+                                    accessLevelRemoteId: roleId,
+                                },
+                            });
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    const resp = await (0, api_1.createRequest)(cmd, client, requestedResources, requestedGroups, metadata.reason, metadata.durationInMinutes);
+    // Build link to request
+    if (resp === null || resp === void 0 ? void 0 : resp.id) {
+        cmd.log("\n🎉 Your Access Request has been submitted!\n");
+        cmd.log(`${chalk_1.default.bold("ID:")} ${chalk_1.default.cyan(resp.id)}`);
+        if (resp === null || resp === void 0 ? void 0 : resp.status) {
+            cmd.log((0, displays_1.getStyledStatus)(resp.status));
+        }
+        const requestLink = getRequestLink(cmd, resp.id);
+        cmd.log(`${chalk_1.default.bold("Link:")} ${chalk_1.default.underline(requestLink)}\n`);
+        (0, displays_1.displayRequestAgain)(cmd, resp.id);
+    }
+    return;
+}
+function getRequestLink(cmd, id) {
+    const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
+    return `${configData[config_1.urlKey]}/requests/sent/${id}`;
+}
+function generateRequestLink(cmd, defaultDurationInMinutes) {
+    const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
+    // Including the duration in the URL so that the cancel button on the request page works as expected
+    return `${configData[config_1.urlKey]}/request-access?durationInMinutes=${defaultDurationInMinutes}`;
+}
+async function bypassRequestSelection(cmd, client, flagValue, metadata) {
+    var _a, _b, _c, _d;
+    try {
+        // Query Catalog Item endpoint to identify what the id belongs to (resource or group)
+        for (const val of flagValue) {
+            const delimiterIndex = val.indexOf(":");
+            const assetId = delimiterIndex === -1 ? val : val.substring(0, delimiterIndex);
+            const roleName = delimiterIndex === -1 ? "" : val.substring(delimiterIndex + 1);
+            const resp = await (0, api_1.queryCatalogItems)(cmd, client, assetId);
+            switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.catalogItem.__typename) {
+                case "Group":
+                case "Resource": {
+                    const item = (_b = resp.data) === null || _b === void 0 ? void 0 : _b.catalogItem;
+                    const assetName = item.__typename === "Resource" ? item.displayName : item.name;
+                    const requestableRoles = (item.accessLevels || [])
+                        // TODO: Support okta azure apps ?.filter((role) => role.accessLevelName !== "") // This assumes length == 1
+                        .map((role) => ({
+                        id: role.accessLevelRemoteId,
+                        name: role.accessLevelName,
+                    }));
+                    const appId = ((_c = item.connection) === null || _c === void 0 ? void 0 : _c.id) || "";
+                    if (!(appId in metadata.requestMap)) {
+                        metadata.requestMap[appId] = {
+                            appName: ((_d = item.connection) === null || _d === void 0 ? void 0 : _d.displayName) || "",
+                            appId: appId,
+                            assets: {},
+                        };
+                    }
+                    const assetEntry = metadata.requestMap[appId].assets[assetId];
+                    if (!assetEntry) {
+                        metadata.requestMap[appId].assets[assetId] = {
+                            assetId: assetId,
+                            assetName: assetName,
+                            type: (0, types_1.entityTypeFromString)(item.__typename),
+                            roles: {},
+                        };
+                    }
+                    if (requestableRoles.length > 0 &&
+                        !(requestableRoles.length === 1 && requestableRoles[0].name === "")) {
+                        const selectedRole = requestableRoles.find((role) => role.name === roleName);
+                        if (selectedRole !== undefined) {
+                            if (!metadata.requestMap[appId].assets[assetId].roles) {
+                                metadata.requestMap[appId].assets[assetId].roles = {};
+                            }
+                            metadata.requestMap[appId].assets[assetId].roles[selectedRole.id] = {
+                                roleId: selectedRole.id,
+                                roleName: selectedRole.name,
+                            };
+                        }
+                        else {
+                            cmd.error(`Access level specified does not match one of ${assetName}'s defined access levels: ${requestableRoles.map((role) => `"${role.name}"`)}`);
+                        }
+                    }
+                    break;
+                }
+                default:
+                    cmd.error("Invalid asset id was passed in using the --id flag.");
+            }
+        }
+    }
+    catch (error) {
+        if (error instanceof Error || typeof error === "string") {
+            cmd.error(error);
+        }
+    }
+    return;
+}
+function bypassDuration(cmd, duration, metadata) {
+    const maxDuration = metadata.requestDefaults.maxDurationInMinutes;
+    // Permanent duration is represented by 0, but should not be allowed
+    // if a max duration is set.
+    if (maxDuration && (duration > maxDuration || duration === 0)) {
+        cmd.error(`The requested duration exceeds the allowed limit of ${(0, displays_1.formatDuration)(maxDuration)}. Please choose a shorter duration.`);
+    }
+    if (duration === 0) {
+        metadata.durationInMinutes = undefined;
+    }
+    else {
+        metadata.durationInMinutes = duration;
+    }
+}
+function getRequestMessageFromCode(cmd, code, connectionName, connectionType, extraParams, 
+// sourceGroup?: PropsFor<typeof GroupBindingGroupLabel>["group"];
+sourceGroupRedirect) {
+    switch (code) {
+        case graphql_1.RequestMessageCode.RequireUserAuthToken: {
+            if (connectionType) {
+                const connectionLabel = labels_1.connectionTypeLabelByType[connectionType];
+                // This case the connection has a third party provider such as GitLab,
+                // GitHub that requires the use to create a manual step into the end
+                // system.
+                const isThirdPartyProvider = Object.values(graphql_1.ThirdPartyProvider).find((v) => v === connectionType);
+                if (isThirdPartyProvider) {
+                    const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
+                    return `This item requires you to link your ${connectionLabel} account to Opal before requesting access.
+You can link your ${connectionLabel} account at ${`${configData[config_1.urlKey]}/user/settings/identities`}`;
+                }
+                const name = connectionName !== null && connectionName !== void 0 ? connectionName : connectionLabel;
+                // This case would be hit in case the user is not provisioned onto the end system, such as AWS, GCP, Okta, etc.
+                return `This item requires you to be provisioned on ${name} before requesting access.\
+Please contact your Opal admin to provision your user on ${name}.`;
+            }
+            // This should never happen, but just in case we forgot to pass in the third party provider or the connection type
+            return "Your user does not exist on the end system. Please contact your Opal admin to add your user to the end system.";
+        }
+        case graphql_1.RequestMessageCode.NestedGroupAccessNotAllowed:
+            return "You cannot request access to this group because you already have nested access.";
+        case graphql_1.RequestMessageCode.LinkedGroupNotRequestable:
+            return "You cannot request access to this group because it is linked to another group";
+        default:
+            return `Unknown request message code: ${code}`;
+    }
+}
+function addRequestedResourcesToMetadata(requestedResources, requestMap) {
+    var _a;
+    for (const { resource, accessLevel } of requestedResources) {
+        if (!resource)
+            continue;
+        const { id: assetId, displayName: assetName, connection, connectionId, __typename, } = resource;
+        const type = (0, types_1.entityTypeFromString)(__typename);
+        const roleId = accessLevel.accessLevelRemoteId;
+        const roleName = accessLevel.accessLevelName;
+        if (!requestMap[connectionId]) {
+            requestMap[connectionId] = {
+                appId: connectionId,
+                appName: (_a = connection === null || connection === void 0 ? void 0 : connection.name) !== null && _a !== void 0 ? _a : "",
+                appType: connection === null || connection === void 0 ? void 0 : connection.connectionType,
+                assets: {},
+            };
+        }
+        const appAssets = requestMap[connectionId].assets;
+        if (!appAssets[assetId]) {
+            appAssets[assetId] = {
+                assetId,
+                assetName,
+                type,
+                roles: {},
+            };
+        }
+        if (!appAssets[assetId].roles) {
+            appAssets[assetId].roles = {};
+        }
+        appAssets[assetId].roles[roleId] = { roleId, roleName };
+    }
+}
+function addRequestedGroupsToMetadata(requestedGroups, requestMap) {
+    var _a;
+    for (const { group, accessLevel } of requestedGroups) {
+        if (!group)
+            continue;
+        const { id: assetId, name: assetName, connection, connectionId, __typename, } = group;
+        const type = (0, types_1.entityTypeFromString)(__typename);
+        const roleId = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelRemoteId;
+        const roleName = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelName;
+        if (!requestMap[connectionId]) {
+            requestMap[connectionId] = {
+                appId: connectionId,
+                appName: (_a = connection === null || connection === void 0 ? void 0 : connection.name) !== null && _a !== void 0 ? _a : "",
+                appType: connection === null || connection === void 0 ? void 0 : connection.connectionType,
+                assets: {},
+            };
+        }
+        const appAssets = requestMap[connectionId].assets;
+        if (!appAssets[assetId]) {
+            appAssets[assetId] = {
+                assetId,
+                assetName,
+                type,
+                roles: {},
+            };
+        }
+        if (!appAssets[assetId].roles) {
+            appAssets[assetId].roles = {};
+        }
+        if (roleId) {
+            appAssets[assetId].roles[roleId] = { roleId, roleName: roleName !== null && roleName !== void 0 ? roleName : "" };
+        }
+    }
+}
+async function convertRequestToMetadata(cmd, request, metadata) {
+    const { status, durationInMinutes, reason, requestedResources, requestedGroups, } = request;
+    if (status === graphql_1.RequestStatus.Pending) {
+        cmd.log("⏳ Request is still in progress");
+        return;
+    }
+    if (durationInMinutes === undefined) {
+        cmd.error("Duration in minutes is required but was not provided.");
+    }
+    // if durationInMinutes is null, the request had a permanent duration
+    metadata.durationInMinutes = durationInMinutes !== null && durationInMinutes !== void 0 ? durationInMinutes : 0;
+    metadata.reason = reason;
+    addRequestedResourcesToMetadata(requestedResources, metadata.requestMap);
+    addRequestedGroupsToMetadata(requestedGroups, metadata.requestMap);
+}
+async function duplicateRequestTemplate(cmd, client, requestId, metadata) {
+    var _a, _b, _c, _d;
+    cmd.log("Loading request template from ID: ", requestId);
+    const resp = await (0, api_1.queryRequest)(client, requestId);
+    // no fall through doesn't consider process.exit();
+    let x;
+    switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.request.__typename) {
+        case "RequestResult": {
+            if (((_b = resp.data) === null || _b === void 0 ? void 0 : _b.request.request).status ===
+                graphql_1.RequestStatus.Pending) {
+                cmd.error("⏳ Cannot duplicate a request that is still in progress");
+            }
+            cmd.log("Creating new request with same configuration...");
+            convertRequestToMetadata(cmd, (_d = (_c = resp.data) === null || _c === void 0 ? void 0 : _c.request) === null || _d === void 0 ? void 0 : _d.request, metadata);
+            break;
+        }
+        case "RequestNotFoundError":
+            x = cmd.error(`🚫 Request with id ${requestId} was not found`);
+            break;
+        default:
+            cmd.error("🚫 Error retrieving request data");
+    }
+}
+async function convertBundleToMetadata(cmd, bundle, requestMap) {
+    const { name, id, items } = bundle;
+    const requestedResources = [];
+    const requestedGroups = [];
+    let notRequestableCount = 0;
+    for (const item of items.edges) {
+        if (item.node.isRequestable) {
+            if (item.node.__typename === "Resource") {
+                requestedResources.push({
+                    resource: item.node,
+                    accessLevel: item.accessLevel,
+                });
+            }
+            else if (item.node.__typename === "Group") {
+                requestedGroups.push({
+                    group: item.node,
+                    accessLevel: item.accessLevel,
+                });
+            }
+        }
+        else {
+            notRequestableCount++;
+        }
+    }
+    addRequestedResourcesToMetadata(requestedResources, requestMap);
+    addRequestedGroupsToMetadata(requestedGroups, requestMap);
+    const requestableCount = requestedResources.length + requestedGroups.length;
+    if (requestableCount === 0) {
+        cmd.error(`No requestable items in the bundle: ${name}`);
+    }
+    if (notRequestableCount > 0) {
+        cmd.log(`You do not have permission to request access to ${notRequestableCount} items in this bundle`);
+    }
+    cmd.log("Added all requestable items in the bundle");
+}
+async function copyBundleAssets(cmd, client, bundleId, requestMap) {
+    var _a, _b;
+    cmd.log("Loading assets from bundle: ", bundleId);
+    const resp = await (0, requests_1.queryBundle)(client, bundleId);
+    // no fall through doesn't consider process.exit();
+    let x;
+    switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.bundle.__typename) {
+        case "BundleResult": {
+            cmd.log("Creating new request with assets in the bundle...");
+            convertBundleToMetadata(cmd, (_b = resp.data) === null || _b === void 0 ? void 0 : _b.bundle.bundle, requestMap);
+            break;
+        }
+        case "BundleNotFoundError":
+            x = cmd.error(`🚫 Bundle with id ${bundleId} was not found`);
+            break;
+        default:
+            cmd.error("🚫 Error retrieving bundle data");
+    }
+}

package/lib/lib/request/types.d.ts

@@ -0,0 +1,55 @@
+import { type ConnectionType, EntityType, type RequestMessageCode, type RequestMessageLevel } from "../../graphql/graphql";
+type AppNode = {
+    appId: string;
+    appName: string;
+    appType?: ConnectionType;
+    assets: Record<string, AssetNode>;
+};
+type AssetNode = {
+    assetId: string;
+    assetName: string;
+    type: EntityType;
+    roles?: Record<string, RoleNode>;
+};
+type RoleNode = {
+    roleId: string;
+    roleName: string;
+};
+export type RequestMap = Record<string, AppNode>;
+export declare function entityTypeFromString(str?: string): EntityType;
+export type DurationOption = {
+    durationInMinutes: number;
+    label: string;
+};
+export type RequestDefaults = {
+    durationOptions?: DurationOption[];
+    recommendedDurationInMinutes?: number | null;
+    defaultDurationInMinutes?: number;
+    maxDurationInMinutes?: number | null;
+    requireSupportTicket?: boolean;
+    reasonOptional?: boolean;
+    requesterIsAdmin?: boolean;
+    messages?: {
+        entityId?: string | null;
+        level: RequestMessageLevel;
+        code: RequestMessageCode;
+    }[];
+};
+export type RequestMetadata = {
+    requestMap: RequestMap;
+    requestDefaults: RequestDefaults;
+    durationLabel: string;
+    durationInMinutes?: number;
+    reason: string;
+};
+export type EntityValue = {
+    id: string;
+    name: string;
+    type?: string;
+    toString?: () => string;
+};
+export type PromptChoice = {
+    message: string;
+    value: EntityValue;
+};
+export {};

package/lib/lib/request/types.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.entityTypeFromString = entityTypeFromString;
+const graphql_1 = require("../../graphql/graphql");
+function entityTypeFromString(str) {
+    const capStr = str === null || str === void 0 ? void 0 : str.toLocaleUpperCase();
+    if (capStr === "RESOURCE") {
+        return graphql_1.EntityType.Resource;
+    }
+    if (capStr === "GROUP") {
+        return graphql_1.EntityType.Group;
+    }
+    // if type unknown, default to resource
+    return graphql_1.EntityType.Resource;
+}

package/lib/lib/resources.d.ts

@@ -1,5 +1,5 @@
 import type { Command } from "@oclif/core";
-import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../types";
+import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../graphql/graphql";
 export type ResourceInfo = {
     id: string;
     name: string;

package/lib/lib/sessions.d.ts

@@ -1,4 +1,4 @@
 import type { Command } from "@oclif/core";
-import type { ResourceAccessLevelInput } from "../types";
+import type { ResourceAccessLevelInput } from "../graphql/graphql";
 export declare const getOrCreateSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string, wantNewSession?: boolean) => Promise<any>;
 export declare const getSessionExpirationMessage: (session: any) => string;

package/lib/lib/sessions.js

@@ -118,6 +118,7 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
     return session;
 };
 const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession) => {
+    var _a, _b, _c, _d;
     const { resp, error } = await (0, handler_1.runMutation)({
         command: command,
         query: CreateSessionDocument.replace("METADATA_FRAGMENT", metadataFragment),
@@ -130,9 +131,9 @@ const createSession = async (command, resourceId, accessLevel, sessionId, metada
     if (error) {
         return (0, apollo_1.handleError)(command, error);
     }
-    switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
+    switch ((_b = (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.createSession) === null || _b === void 0 ? void 0 : _b.__typename) {
         case "CreateSessionResult": {
-            return resp.data.createSession.session;
+            return (_d = (_c = resp.data) === null || _c === void 0 ? void 0 : _c.createSession) === null || _d === void 0 ? void 0 : _d.session;
         }
         case "MfaInvalidError": {
             return openBrowserAndPollForSession(command, "❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);

package/lib/lib/util.d.ts

@@ -1,3 +1,4 @@
+export declare function restrictToDev(): void;
 export declare const sleep: (ms: number) => Promise<unknown>;
 export declare const copyToClipboard: (content: string) => import("child_process").ChildProcess;
 export declare const displayContent: (content: string) => import("child_process").ChildProcess;

package/lib/lib/util.js

@@ -1,7 +1,23 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.displayContent = exports.copyToClipboard = exports.sleep = void 0;
+exports.restrictToDev = restrictToDev;
 const node_child_process_1 = require("node:child_process");
+/*
+Use restrictToDev function in the run functions of commands still in development-
+
+static hidden = true; # Use this in tandem with restrictToDev function to hide from help menu.
+async run() {
+    restrictToDev();
+    ...
+}
+*/
+function restrictToDev() {
+    if (process.env.NODE_ENV !== "development") {
+        console.error("Command still under development. Please look out for product announcements for official release.");
+        process.exit(1);
+    }
+}
 const sleep = (ms) => {
     return new Promise((resolve) => {
         setTimeout(resolve, ms);

package/lib/types.d.ts

@@ -1047,20 +1047,36 @@ export type ConnectionResult = {
 };
 export declare enum ConnectionType {
     ActiveDirectory = "ACTIVE_DIRECTORY",
+    /**
+     * Deprecated. Legacy integration no longer offered - use AWS_SSO instead.
+     * @deprecated Legacy integration no longer offered - use AWS_SSO instead.
+     */
     Aws = "AWS",
+    AwsSso = "AWS_SSO",
+    AzureAd = "AZURE_AD",
     Custom = "CUSTOM",
+    CustomConnector = "CUSTOM_CONNECTOR",
+    Databricks = "DATABRICKS",
     Duo = "DUO",
-    GitHub = "GIT_HUB",
     Gcp = "GCP",
+    GitHub = "GIT_HUB",
+    GitLab = "GIT_LAB",
     GoogleGroups = "GOOGLE_GROUPS",
     GoogleWorkspace = "GOOGLE_WORKSPACE",
-    Salesforce = "SALESFORCE",
     Ldap = "LDAP",
+    Mariadb = "MARIADB",
     Mongo = "MONGO",
     MongoAtlas = "MONGO_ATLAS",
+    Mysql = "MYSQL",
     OktaDirectory = "OKTA_DIRECTORY",
     Opal = "OPAL",
-    Pagerduty = "PAGERDUTY"
+    Pagerduty = "PAGERDUTY",
+    Postgres = "POSTGRES",
+    Salesforce = "SALESFORCE",
+    Snowflake = "SNOWFLAKE",
+    Tailscale = "TAILSCALE",
+    Teleport = "TELEPORT",
+    Workday = "WORKDAY"
 }
 export type ConnectionUrlInvalidError = Error & {
     __typename?: "ConnectionURLInvalidError";