opal-security 3.2.2 → 3.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -22
- package/lib/commands/login.js +11 -11
- package/lib/commands/request/get.js +2 -1
- package/lib/graphql/graphql.d.ts +855 -158
- package/lib/graphql/graphql.js +107 -10
- package/lib/handler.d.ts +6 -6
- package/lib/handler.js +1 -1
- package/lib/labels.js +3 -0
- package/lib/lib/apollo.d.ts +3 -3
- package/lib/lib/apollo.js +24 -47
- package/lib/lib/request/api/mutations/create-request.d.ts +2 -2
- package/lib/lib/request/api/queries/apps.d.ts +2 -2
- package/lib/lib/request/api/queries/assets.d.ts +3 -3
- package/lib/lib/request/api/queries/assets.js +5 -5
- package/lib/lib/request/api/queries/request-defaults.d.ts +2 -2
- package/lib/lib/request/api/queries/request-defaults.js +2 -1
- package/lib/lib/request/api/queries/requests.d.ts +4 -4
- package/lib/lib/request/api/queries/roles.d.ts +3 -3
- package/lib/lib/request/api/queries/roles.js +9 -9
- package/lib/lib/request/displays.d.ts +3 -3
- package/lib/lib/request/displays.js +15 -15
- package/lib/lib/request/prompts/apps-prompt.d.ts +2 -2
- package/lib/lib/request/prompts/asset-prompt.d.ts +3 -3
- package/lib/lib/request/prompts/duration-prompt.js +3 -0
- package/lib/lib/request/prompts/role-prompt.d.ts +2 -2
- package/lib/lib/request/request-utils.d.ts +7 -8
- package/lib/lib/request/request-utils.js +17 -16
- package/lib/lib/resources.d.ts +1 -1
- package/lib/lib/sessions.d.ts +1 -1
- package/lib/lib/sessions.js +3 -2
- package/oclif.manifest.json +1 -1
- package/package.json +4 -3
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import type { GetCatalogItemQuery } from "../../../../graphql/graphql";
|
|
4
4
|
import { type PromptChoice } from "../../types";
|
|
5
|
-
export declare function queryRequestableAssets(cmd: Command, client: ApolloClient
|
|
6
|
-
export declare function queryCatalogItems(cmd: Command, client: ApolloClient
|
|
5
|
+
export declare function queryRequestableAssets(cmd: Command, client: ApolloClient, appId: string, input: string | undefined): Promise<PromptChoice[] | undefined>;
|
|
6
|
+
export declare function queryCatalogItems(cmd: Command, client: ApolloClient, assetId: string): Promise<ApolloClient.QueryResult<GetCatalogItemQuery>>;
|
|
@@ -41,7 +41,7 @@ const GET_ASSETS_QUERY = (0, graphql_1.graphql)(`
|
|
|
41
41
|
}
|
|
42
42
|
`);
|
|
43
43
|
async function queryRequestableAssets(cmd, client, appId, input) {
|
|
44
|
-
var _a, _b, _c, _d, _e, _f;
|
|
44
|
+
var _a, _b, _c, _d, _e, _f, _g;
|
|
45
45
|
try {
|
|
46
46
|
const resp = await client.query({
|
|
47
47
|
query: GET_ASSETS_QUERY,
|
|
@@ -53,9 +53,9 @@ async function queryRequestableAssets(cmd, client, appId, input) {
|
|
|
53
53
|
});
|
|
54
54
|
// no fall through doesn't consider process.exit();
|
|
55
55
|
let x;
|
|
56
|
-
switch (resp.data.app.__typename) {
|
|
56
|
+
switch ((_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.app.__typename) {
|
|
57
57
|
case "App":
|
|
58
|
-
return (
|
|
58
|
+
return (_e = (_d = (_c = (_b = resp.data) === null || _b === void 0 ? void 0 : _b.app) === null || _c === void 0 ? void 0 : _c.items) === null || _d === void 0 ? void 0 : _d.items) === null || _e === void 0 ? void 0 : _e.map((item) => {
|
|
59
59
|
var _a, _b, _c, _d, _e, _f, _g, _h;
|
|
60
60
|
const name = ((_a = item.resource) === null || _a === void 0 ? void 0 : _a.name) || ((_b = item.group) === null || _b === void 0 ? void 0 : _b.name);
|
|
61
61
|
const id = ((_c = item.resource) === null || _c === void 0 ? void 0 : _c.id) || ((_d = item.group) === null || _d === void 0 ? void 0 : _d.id);
|
|
@@ -70,7 +70,7 @@ async function queryRequestableAssets(cmd, client, appId, input) {
|
|
|
70
70
|
};
|
|
71
71
|
});
|
|
72
72
|
case "AppNotFoundError":
|
|
73
|
-
x = cmd.error((
|
|
73
|
+
x = cmd.error((_g = (_f = resp.data) === null || _f === void 0 ? void 0 : _f.app) === null || _g === void 0 ? void 0 : _g.message);
|
|
74
74
|
break;
|
|
75
75
|
default:
|
|
76
76
|
cmd.error(resp.error || "Unknown error occurred.");
|
|
@@ -131,6 +131,6 @@ async function queryCatalogItems(cmd, client, assetId) {
|
|
|
131
131
|
});
|
|
132
132
|
}
|
|
133
133
|
catch (_a) {
|
|
134
|
-
cmd.error("
|
|
134
|
+
cmd.error("Error retrieving catalog items");
|
|
135
135
|
}
|
|
136
136
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import type { RequestConfigurationGroupInput, RequestConfigurationResourceInput } from "../../../../graphql/graphql";
|
|
4
4
|
import type { RequestDefaults } from "../../types";
|
|
5
|
-
export declare function queryRequestDefaults(cmd: Command, client: ApolloClient
|
|
5
|
+
export declare function queryRequestDefaults(cmd: Command, client: ApolloClient, requestedResources: RequestConfigurationResourceInput[], requestedGroups: RequestConfigurationGroupInput[]): Promise<RequestDefaults | undefined>;
|
|
@@ -32,6 +32,7 @@ const REQUEST_DEFAULTS_QUERY = (0, graphql_1.graphql)(`
|
|
|
32
32
|
}
|
|
33
33
|
}`);
|
|
34
34
|
async function queryRequestDefaults(cmd, client, requestedResources, requestedGroups) {
|
|
35
|
+
var _a;
|
|
35
36
|
try {
|
|
36
37
|
const resp = await client.query({
|
|
37
38
|
query: REQUEST_DEFAULTS_QUERY,
|
|
@@ -41,7 +42,7 @@ async function queryRequestDefaults(cmd, client, requestedResources, requestedGr
|
|
|
41
42
|
},
|
|
42
43
|
fetchPolicy: "network-only", // to avoid caching
|
|
43
44
|
});
|
|
44
|
-
return resp.data.requestDefaults;
|
|
45
|
+
return (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.requestDefaults;
|
|
45
46
|
}
|
|
46
47
|
catch (error) {
|
|
47
48
|
if (error instanceof Error || typeof error === "string") {
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
2
|
-
export declare const queryRequest: (client: ApolloClient
|
|
3
|
-
export declare const queryRequests: (client: ApolloClient
|
|
4
|
-
export declare const queryBundle: (client: ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
|
+
export declare const queryRequest: (client: ApolloClient, requestId: string) => Promise<ApolloClient.QueryResult<import("../../../../graphql/graphql").GetRequestQuery>>;
|
|
3
|
+
export declare const queryRequests: (client: ApolloClient, pageSize: number, showPendingOnly: boolean) => Promise<ApolloClient.QueryResult<import("../../../../graphql/graphql").GetRequestsQuery>>;
|
|
4
|
+
export declare const queryBundle: (client: ApolloClient, bundleId: string) => Promise<ApolloClient.QueryResult<import("../../../../graphql/graphql").GetBundleQuery>>;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import type { PromptChoice } from "../../types";
|
|
4
|
-
export declare function queryAssetRoles(cmd: Command, client: ApolloClient
|
|
5
|
-
export declare function queryAssociatedItems(cmd: Command, client: ApolloClient
|
|
4
|
+
export declare function queryAssetRoles(cmd: Command, client: ApolloClient, assetType: string, assetId: string): Promise<PromptChoice[] | undefined>;
|
|
5
|
+
export declare function queryAssociatedItems(cmd: Command, client: ApolloClient, id: string, input: string | undefined): Promise<PromptChoice[] | undefined>;
|
|
@@ -44,7 +44,7 @@ query GroupAccessLevels($groupId: GroupId!) {
|
|
|
44
44
|
}
|
|
45
45
|
`);
|
|
46
46
|
async function queryAssetRoles(cmd, client, assetType, assetId) {
|
|
47
|
-
var _a, _b, _c, _d, _e, _f, _g, _h;
|
|
47
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
|
|
48
48
|
try {
|
|
49
49
|
switch (assetType) {
|
|
50
50
|
case graphql_2.EntityType.Resource: {
|
|
@@ -57,9 +57,9 @@ async function queryAssetRoles(cmd, client, assetType, assetId) {
|
|
|
57
57
|
});
|
|
58
58
|
// no fall through doesn't consider process.exit();
|
|
59
59
|
let x;
|
|
60
|
-
switch (resp.data.accessLevels.__typename) {
|
|
60
|
+
switch ((_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.accessLevels.__typename) {
|
|
61
61
|
case "ResourceAccessLevelsResult":
|
|
62
|
-
return (
|
|
62
|
+
return (_d = (_c = (_b = resp.data) === null || _b === void 0 ? void 0 : _b.accessLevels) === null || _c === void 0 ? void 0 : _c.accessLevels) === null || _d === void 0 ? void 0 : _d.map((role) => {
|
|
63
63
|
return {
|
|
64
64
|
message: role.accessLevelName || "",
|
|
65
65
|
value: {
|
|
@@ -69,7 +69,7 @@ async function queryAssetRoles(cmd, client, assetType, assetId) {
|
|
|
69
69
|
};
|
|
70
70
|
});
|
|
71
71
|
case "ResourceNotFoundError":
|
|
72
|
-
x = cmd.error((
|
|
72
|
+
x = cmd.error((_f = (_e = resp.data) === null || _e === void 0 ? void 0 : _e.accessLevels) === null || _f === void 0 ? void 0 : _f.message);
|
|
73
73
|
break;
|
|
74
74
|
default:
|
|
75
75
|
cmd.error(resp.error || "Unknown error occurred.");
|
|
@@ -86,9 +86,9 @@ async function queryAssetRoles(cmd, client, assetType, assetId) {
|
|
|
86
86
|
});
|
|
87
87
|
// no fall through doesn't consider process.exit();
|
|
88
88
|
let x;
|
|
89
|
-
switch (resp.data.groupAccessLevels.__typename) {
|
|
89
|
+
switch ((_g = resp === null || resp === void 0 ? void 0 : resp.data) === null || _g === void 0 ? void 0 : _g.groupAccessLevels.__typename) {
|
|
90
90
|
case "GroupAccessLevelsResult":
|
|
91
|
-
return (
|
|
91
|
+
return (_k = (_j = (_h = resp.data) === null || _h === void 0 ? void 0 : _h.groupAccessLevels) === null || _j === void 0 ? void 0 : _j.accessLevels) === null || _k === void 0 ? void 0 : _k.map((role) => {
|
|
92
92
|
return {
|
|
93
93
|
message: role.accessLevelName,
|
|
94
94
|
value: {
|
|
@@ -205,7 +205,7 @@ function appRolesFromEdge(edge) {
|
|
|
205
205
|
}
|
|
206
206
|
}
|
|
207
207
|
async function queryAssociatedItems(cmd, client, id, input) {
|
|
208
|
-
var _a, _b;
|
|
208
|
+
var _a, _b, _c;
|
|
209
209
|
try {
|
|
210
210
|
const resp = await client.query({
|
|
211
211
|
query: ASSOCIATED_ITEMS_QUERY,
|
|
@@ -215,7 +215,7 @@ async function queryAssociatedItems(cmd, client, id, input) {
|
|
|
215
215
|
},
|
|
216
216
|
fetchPolicy: "network-only", // to avoid caching
|
|
217
217
|
});
|
|
218
|
-
switch (resp.data.resource.__typename) {
|
|
218
|
+
switch ((_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.resource.__typename) {
|
|
219
219
|
case "ResourceResult": {
|
|
220
220
|
const associatedItems = resp.data.resource.resource.associatedItems.edges.filter((edge) => edge.__typename === "ResourceAssociatedItemEdge");
|
|
221
221
|
const initial = [];
|
|
@@ -225,7 +225,7 @@ async function queryAssociatedItems(cmd, client, id, input) {
|
|
|
225
225
|
return initial;
|
|
226
226
|
}
|
|
227
227
|
case "ResourceNotFoundError":
|
|
228
|
-
cmd.log((
|
|
228
|
+
cmd.log((_c = (_b = resp.data) === null || _b === void 0 ? void 0 : _b.resource) === null || _c === void 0 ? void 0 : _c.message);
|
|
229
229
|
break;
|
|
230
230
|
default:
|
|
231
231
|
cmd.error(resp.error || "Unknown error occurred.");
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core/lib/command";
|
|
3
3
|
import type { GetRequestQuery, GetRequestsQuery } from "../../graphql/graphql";
|
|
4
4
|
import type { RequestMap, RequestMetadata } from "./types";
|
|
@@ -6,7 +6,7 @@ export declare function headerMessage(cmd: Command): void;
|
|
|
6
6
|
export declare function treeifyRequestMap(cmd: Command, requestMap: RequestMap): void;
|
|
7
7
|
export declare function displayFinalRequestSummary(cmd: Command, metadata: RequestMetadata): void;
|
|
8
8
|
export declare function getStyledStatus(status: string): string;
|
|
9
|
-
export declare function displayRequestDetails(cmd: Command, requestResp:
|
|
10
|
-
export declare function displayRequestListTable(cmd: Command, requestResp:
|
|
9
|
+
export declare function displayRequestDetails(cmd: Command, requestResp: ApolloClient.QueryResult<GetRequestQuery>): void;
|
|
10
|
+
export declare function displayRequestListTable(cmd: Command, requestResp: ApolloClient.QueryResult<GetRequestsQuery>): void;
|
|
11
11
|
export declare function formatDuration(durationInMinutes: number): string;
|
|
12
12
|
export declare function displayRequestAgain(cmd: Command, id: string): void;
|
|
@@ -84,8 +84,8 @@ function getStyledStatus(status) {
|
|
|
84
84
|
}
|
|
85
85
|
}
|
|
86
86
|
function displayRequestDetails(cmd, requestResp) {
|
|
87
|
-
var _a, _b, _c, _d, _e, _f;
|
|
88
|
-
switch (requestResp.data.request.__typename) {
|
|
87
|
+
var _a, _b, _c, _d, _e, _f, _g;
|
|
88
|
+
switch ((_a = requestResp.data) === null || _a === void 0 ? void 0 : _a.request.__typename) {
|
|
89
89
|
case "RequestResult": {
|
|
90
90
|
const request = requestResp.data.request.request;
|
|
91
91
|
cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
|
|
@@ -94,8 +94,8 @@ function displayRequestDetails(cmd, requestResp) {
|
|
|
94
94
|
const status = request.status;
|
|
95
95
|
cmd.log(getStyledStatus(status));
|
|
96
96
|
// Request users "Requested by: <requester> -> Requested for: <targetUser>"
|
|
97
|
-
const requester = (
|
|
98
|
-
const targetUser = (
|
|
97
|
+
const requester = (_b = request.requester) === null || _b === void 0 ? void 0 : _b.displayName;
|
|
98
|
+
const targetUser = (_c = request.targetUser) === null || _c === void 0 ? void 0 : _c.displayName;
|
|
99
99
|
if (requester && targetUser) {
|
|
100
100
|
cmd.log(`${chalk_1.default.bold("Requested by:")} ${requester} ${chalk_1.default.gray("->")} ${chalk_1.default.bold("Requested for:")} ${targetUser}`);
|
|
101
101
|
}
|
|
@@ -106,20 +106,20 @@ function displayRequestDetails(cmd, requestResp) {
|
|
|
106
106
|
cmd.log(`${chalk_1.default.bold("Reason:")} "${chalk_1.default.italic(reason)}"`);
|
|
107
107
|
}
|
|
108
108
|
// Requested resources
|
|
109
|
-
const requestedResources = (
|
|
109
|
+
const requestedResources = (_e = (_d = request.requestedResources) === null || _d === void 0 ? void 0 : _d.map((resource) => {
|
|
110
110
|
var _a, _b;
|
|
111
111
|
if (((_a = resource.resource) === null || _a === void 0 ? void 0 : _a.__typename) === "Resource") {
|
|
112
112
|
const requestedResource = resource.resource;
|
|
113
113
|
return formatAssetName(requestedResource.displayName, ((_b = resource.accessLevel) === null || _b === void 0 ? void 0 : _b.accessLevelName) || "");
|
|
114
114
|
}
|
|
115
|
-
})) !== null &&
|
|
116
|
-
const requestedGroups = (
|
|
115
|
+
})) !== null && _e !== void 0 ? _e : [];
|
|
116
|
+
const requestedGroups = (_g = (_f = request.requestedGroups) === null || _f === void 0 ? void 0 : _f.map((group) => {
|
|
117
117
|
var _a, _b;
|
|
118
118
|
if (((_a = group.group) === null || _a === void 0 ? void 0 : _a.__typename) === "Group") {
|
|
119
119
|
const requestedGroup = group.group;
|
|
120
120
|
return formatAssetName(requestedGroup.name, ((_b = group.accessLevel) === null || _b === void 0 ? void 0 : _b.accessLevelName) || "");
|
|
121
121
|
}
|
|
122
|
-
})) !== null &&
|
|
122
|
+
})) !== null && _g !== void 0 ? _g : [];
|
|
123
123
|
const requestedItems = [...requestedResources, ...requestedGroups].join(", ");
|
|
124
124
|
if (requestedItems) {
|
|
125
125
|
cmd.log(`${chalk_1.default.bold("Requested Items:")} ${chalk_1.default.cyan(requestedItems)}`);
|
|
@@ -128,8 +128,8 @@ function displayRequestDetails(cmd, requestResp) {
|
|
|
128
128
|
}
|
|
129
129
|
}
|
|
130
130
|
function displayRequestListTable(cmd, requestResp) {
|
|
131
|
-
var _a, _b, _c, _d, _e;
|
|
132
|
-
switch (requestResp.data.requests.__typename) {
|
|
131
|
+
var _a, _b, _c, _d, _e, _f;
|
|
132
|
+
switch ((_a = requestResp.data) === null || _a === void 0 ? void 0 : _a.requests.__typename) {
|
|
133
133
|
case "RequestsResult": {
|
|
134
134
|
const requests = requestResp.data.requests.requests;
|
|
135
135
|
if (requests && requests.length > 0) {
|
|
@@ -148,26 +148,26 @@ function displayRequestListTable(cmd, requestResp) {
|
|
|
148
148
|
});
|
|
149
149
|
for (const req of requests) {
|
|
150
150
|
const request = req;
|
|
151
|
-
const targetUser = (
|
|
151
|
+
const targetUser = (_b = request.targetUser) === null || _b === void 0 ? void 0 : _b.displayName;
|
|
152
152
|
const reason = request.reason;
|
|
153
153
|
const status = request.status;
|
|
154
154
|
const formattedDuration = request.durationInMinutes
|
|
155
155
|
? formatDuration(request.durationInMinutes)
|
|
156
156
|
: "Permanent";
|
|
157
|
-
const requestedResources = (
|
|
157
|
+
const requestedResources = (_d = (_c = request.requestedResources) === null || _c === void 0 ? void 0 : _c.map((resource) => {
|
|
158
158
|
var _a, _b;
|
|
159
159
|
if (((_a = resource.resource) === null || _a === void 0 ? void 0 : _a.__typename) === "Resource") {
|
|
160
160
|
const requestedResource = resource.resource;
|
|
161
161
|
return formatAssetName(requestedResource.displayName, ((_b = resource.accessLevel) === null || _b === void 0 ? void 0 : _b.accessLevelName) || "");
|
|
162
162
|
}
|
|
163
|
-
})) !== null &&
|
|
164
|
-
const requestedGroups = (
|
|
163
|
+
})) !== null && _d !== void 0 ? _d : [];
|
|
164
|
+
const requestedGroups = (_f = (_e = request.requestedGroups) === null || _e === void 0 ? void 0 : _e.map((group) => {
|
|
165
165
|
var _a, _b;
|
|
166
166
|
if (((_a = group.group) === null || _a === void 0 ? void 0 : _a.__typename) === "Group") {
|
|
167
167
|
const requestedGroup = group.group;
|
|
168
168
|
return formatAssetName(requestedGroup.name, ((_b = group.accessLevel) === null || _b === void 0 ? void 0 : _b.accessLevelName) || "");
|
|
169
169
|
}
|
|
170
|
-
})) !== null &&
|
|
170
|
+
})) !== null && _f !== void 0 ? _f : [];
|
|
171
171
|
const requestedItems = [
|
|
172
172
|
...requestedResources,
|
|
173
173
|
...requestedGroups,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import type { RequestMap } from "../types";
|
|
4
|
-
export declare function selectRequestableItems(cmd: Command, client: ApolloClient
|
|
4
|
+
export declare function selectRequestableItems(cmd: Command, client: ApolloClient, requestMap: RequestMap): Promise<void>;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import { type EntityValue, type RequestMap } from "../types";
|
|
4
|
-
export declare function chooseOktaAzureRoles(cmd: Command, client: ApolloClient
|
|
5
|
-
export declare function chooseAssets(cmd: Command, client: ApolloClient
|
|
4
|
+
export declare function chooseOktaAzureRoles(cmd: Command, client: ApolloClient, app: EntityValue, requestMap: RequestMap): Promise<void>;
|
|
5
|
+
export declare function chooseAssets(cmd: Command, client: ApolloClient, appId: string, requestMap: RequestMap): Promise<void>;
|
|
@@ -96,6 +96,9 @@ async function setCustomDuration(metadata) {
|
|
|
96
96
|
validate: (answer) => {
|
|
97
97
|
var _a, _b, _c;
|
|
98
98
|
const { d, h, m } = getDurationNumbers(answer);
|
|
99
|
+
if (m % 1 !== 0) {
|
|
100
|
+
return "Fractional minutes not supported.";
|
|
101
|
+
}
|
|
99
102
|
const durationInMinutes = getDurationInMinutes(answer);
|
|
100
103
|
if (d < 0 || h < 0 || m < 0 || d + h + m === 0 || (h > 23 && m > 59)) {
|
|
101
104
|
return "Please enter a valid duration.";
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
3
|
import type { RequestMap } from "../types";
|
|
4
|
-
export declare function chooseRoles(cmd: Command, client: ApolloClient
|
|
4
|
+
export declare function chooseRoles(cmd: Command, client: ApolloClient, appId: string, assetId: string, requestMap: RequestMap): Promise<void>;
|
|
@@ -1,15 +1,14 @@
|
|
|
1
|
-
import type { ApolloClient
|
|
1
|
+
import type { ApolloClient } from "@apollo/client";
|
|
2
2
|
import type { Command } from "@oclif/core";
|
|
3
|
-
import { RequestMessageCode } from "../../graphql/graphql";
|
|
4
|
-
import { type ConnectionType } from "../../types";
|
|
3
|
+
import { type ConnectionType, RequestMessageCode } from "../../graphql/graphql";
|
|
5
4
|
import { type RequestMap, type RequestMetadata } from "./types";
|
|
6
5
|
export declare function initEmptyRequestMetadata(): RequestMetadata;
|
|
7
|
-
export declare function setRequestDefaults(cmd: Command, client: ApolloClient
|
|
8
|
-
export declare function submitFinalRequest(cmd: Command, client: ApolloClient
|
|
6
|
+
export declare function setRequestDefaults(cmd: Command, client: ApolloClient, metadata: RequestMetadata): Promise<void>;
|
|
7
|
+
export declare function submitFinalRequest(cmd: Command, client: ApolloClient, metadata: RequestMetadata): Promise<void>;
|
|
9
8
|
export declare function getRequestLink(cmd: Command, id: string): string;
|
|
10
9
|
export declare function generateRequestLink(cmd: Command, defaultDurationInMinutes: number): string;
|
|
11
|
-
export declare function bypassRequestSelection(cmd: Command, client: ApolloClient
|
|
10
|
+
export declare function bypassRequestSelection(cmd: Command, client: ApolloClient, flagValue: string[], metadata: RequestMetadata): Promise<void>;
|
|
12
11
|
export declare function bypassDuration(cmd: Command, duration: number, metadata: RequestMetadata): void;
|
|
13
12
|
export declare function getRequestMessageFromCode(cmd: Command, code: RequestMessageCode, connectionName: string | undefined, connectionType: ConnectionType | undefined, extraParams?: string, sourceGroupRedirect?: () => void): string;
|
|
14
|
-
export declare function duplicateRequestTemplate(cmd: Command, client: ApolloClient
|
|
15
|
-
export declare function copyBundleAssets(cmd: Command, client: ApolloClient
|
|
13
|
+
export declare function duplicateRequestTemplate(cmd: Command, client: ApolloClient, requestId: string, metadata: RequestMetadata): Promise<void>;
|
|
14
|
+
export declare function copyBundleAssets(cmd: Command, client: ApolloClient, bundleId: string, requestMap: RequestMap): Promise<void>;
|
|
@@ -14,11 +14,10 @@ const chalk_1 = require("chalk");
|
|
|
14
14
|
const graphql_1 = require("../../graphql/graphql");
|
|
15
15
|
const labels_1 = require("../../labels");
|
|
16
16
|
const config_1 = require("../../lib/config");
|
|
17
|
-
const types_1 = require("../../types");
|
|
18
17
|
const api_1 = require("./api");
|
|
19
18
|
const requests_1 = require("./api/queries/requests");
|
|
20
19
|
const displays_1 = require("./displays");
|
|
21
|
-
const
|
|
20
|
+
const types_1 = require("./types");
|
|
22
21
|
/*
|
|
23
22
|
Init Request Metadata
|
|
24
23
|
This function initializes the request metadata with empty defaults and an empty request map.
|
|
@@ -197,7 +196,7 @@ function generateRequestLink(cmd, defaultDurationInMinutes) {
|
|
|
197
196
|
return `${configData[config_1.urlKey]}/request-access?durationInMinutes=${defaultDurationInMinutes}`;
|
|
198
197
|
}
|
|
199
198
|
async function bypassRequestSelection(cmd, client, flagValue, metadata) {
|
|
200
|
-
var _a, _b;
|
|
199
|
+
var _a, _b, _c, _d;
|
|
201
200
|
try {
|
|
202
201
|
// Query Catalog Item endpoint to identify what the id belongs to (resource or group)
|
|
203
202
|
for (const val of flagValue) {
|
|
@@ -205,10 +204,10 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
|
|
|
205
204
|
const assetId = delimiterIndex === -1 ? val : val.substring(0, delimiterIndex);
|
|
206
205
|
const roleName = delimiterIndex === -1 ? "" : val.substring(delimiterIndex + 1);
|
|
207
206
|
const resp = await (0, api_1.queryCatalogItems)(cmd, client, assetId);
|
|
208
|
-
switch (resp.data.catalogItem.__typename) {
|
|
207
|
+
switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.catalogItem.__typename) {
|
|
209
208
|
case "Group":
|
|
210
209
|
case "Resource": {
|
|
211
|
-
const item = resp.data.catalogItem;
|
|
210
|
+
const item = (_b = resp.data) === null || _b === void 0 ? void 0 : _b.catalogItem;
|
|
212
211
|
const assetName = item.__typename === "Resource" ? item.displayName : item.name;
|
|
213
212
|
const requestableRoles = (item.accessLevels || [])
|
|
214
213
|
// TODO: Support okta azure apps ?.filter((role) => role.accessLevelName !== "") // This assumes length == 1
|
|
@@ -216,10 +215,10 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
|
|
|
216
215
|
id: role.accessLevelRemoteId,
|
|
217
216
|
name: role.accessLevelName,
|
|
218
217
|
}));
|
|
219
|
-
const appId = ((
|
|
218
|
+
const appId = ((_c = item.connection) === null || _c === void 0 ? void 0 : _c.id) || "";
|
|
220
219
|
if (!(appId in metadata.requestMap)) {
|
|
221
220
|
metadata.requestMap[appId] = {
|
|
222
|
-
appName: ((
|
|
221
|
+
appName: ((_d = item.connection) === null || _d === void 0 ? void 0 : _d.displayName) || "",
|
|
223
222
|
appId: appId,
|
|
224
223
|
assets: {},
|
|
225
224
|
};
|
|
@@ -229,7 +228,7 @@ async function bypassRequestSelection(cmd, client, flagValue, metadata) {
|
|
|
229
228
|
metadata.requestMap[appId].assets[assetId] = {
|
|
230
229
|
assetId: assetId,
|
|
231
230
|
assetName: assetName,
|
|
232
|
-
type: (0,
|
|
231
|
+
type: (0, types_1.entityTypeFromString)(item.__typename),
|
|
233
232
|
roles: {},
|
|
234
233
|
};
|
|
235
234
|
}
|
|
@@ -287,7 +286,7 @@ sourceGroupRedirect) {
|
|
|
287
286
|
// This case the connection has a third party provider such as GitLab,
|
|
288
287
|
// GitHub that requires the use to create a manual step into the end
|
|
289
288
|
// system.
|
|
290
|
-
const isThirdPartyProvider = Object.values(
|
|
289
|
+
const isThirdPartyProvider = Object.values(graphql_1.ThirdPartyProvider).find((v) => v === connectionType);
|
|
291
290
|
if (isThirdPartyProvider) {
|
|
292
291
|
const configData = (0, config_1.getOrCreateConfigData)(cmd.config.configDir);
|
|
293
292
|
return `This item requires you to link your ${connectionLabel} account to Opal before requesting access.
|
|
@@ -315,7 +314,7 @@ function addRequestedResourcesToMetadata(requestedResources, requestMap) {
|
|
|
315
314
|
if (!resource)
|
|
316
315
|
continue;
|
|
317
316
|
const { id: assetId, displayName: assetName, connection, connectionId, __typename, } = resource;
|
|
318
|
-
const type = (0,
|
|
317
|
+
const type = (0, types_1.entityTypeFromString)(__typename);
|
|
319
318
|
const roleId = accessLevel.accessLevelRemoteId;
|
|
320
319
|
const roleName = accessLevel.accessLevelName;
|
|
321
320
|
if (!requestMap[connectionId]) {
|
|
@@ -347,7 +346,7 @@ function addRequestedGroupsToMetadata(requestedGroups, requestMap) {
|
|
|
347
346
|
if (!group)
|
|
348
347
|
continue;
|
|
349
348
|
const { id: assetId, name: assetName, connection, connectionId, __typename, } = group;
|
|
350
|
-
const type = (0,
|
|
349
|
+
const type = (0, types_1.entityTypeFromString)(__typename);
|
|
351
350
|
const roleId = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelRemoteId;
|
|
352
351
|
const roleName = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelName;
|
|
353
352
|
if (!requestMap[connectionId]) {
|
|
@@ -391,18 +390,19 @@ async function convertRequestToMetadata(cmd, request, metadata) {
|
|
|
391
390
|
addRequestedGroupsToMetadata(requestedGroups, metadata.requestMap);
|
|
392
391
|
}
|
|
393
392
|
async function duplicateRequestTemplate(cmd, client, requestId, metadata) {
|
|
393
|
+
var _a, _b, _c, _d;
|
|
394
394
|
cmd.log("Loading request template from ID: ", requestId);
|
|
395
395
|
const resp = await (0, api_1.queryRequest)(client, requestId);
|
|
396
396
|
// no fall through doesn't consider process.exit();
|
|
397
397
|
let x;
|
|
398
|
-
switch (resp.data.request.__typename) {
|
|
398
|
+
switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.request.__typename) {
|
|
399
399
|
case "RequestResult": {
|
|
400
|
-
if (resp.data.request.request.status ===
|
|
400
|
+
if (((_b = resp.data) === null || _b === void 0 ? void 0 : _b.request.request).status ===
|
|
401
401
|
graphql_1.RequestStatus.Pending) {
|
|
402
402
|
cmd.error("⏳ Cannot duplicate a request that is still in progress");
|
|
403
403
|
}
|
|
404
404
|
cmd.log("Creating new request with same configuration...");
|
|
405
|
-
convertRequestToMetadata(cmd, resp.data.request.request, metadata);
|
|
405
|
+
convertRequestToMetadata(cmd, (_d = (_c = resp.data) === null || _c === void 0 ? void 0 : _c.request) === null || _d === void 0 ? void 0 : _d.request, metadata);
|
|
406
406
|
break;
|
|
407
407
|
}
|
|
408
408
|
case "RequestNotFoundError":
|
|
@@ -448,14 +448,15 @@ async function convertBundleToMetadata(cmd, bundle, requestMap) {
|
|
|
448
448
|
cmd.log("Added all requestable items in the bundle");
|
|
449
449
|
}
|
|
450
450
|
async function copyBundleAssets(cmd, client, bundleId, requestMap) {
|
|
451
|
+
var _a, _b;
|
|
451
452
|
cmd.log("Loading assets from bundle: ", bundleId);
|
|
452
453
|
const resp = await (0, requests_1.queryBundle)(client, bundleId);
|
|
453
454
|
// no fall through doesn't consider process.exit();
|
|
454
455
|
let x;
|
|
455
|
-
switch (resp.data.bundle.__typename) {
|
|
456
|
+
switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.bundle.__typename) {
|
|
456
457
|
case "BundleResult": {
|
|
457
458
|
cmd.log("Creating new request with assets in the bundle...");
|
|
458
|
-
convertBundleToMetadata(cmd, resp.data.bundle.bundle, requestMap);
|
|
459
|
+
convertBundleToMetadata(cmd, (_b = resp.data) === null || _b === void 0 ? void 0 : _b.bundle.bundle, requestMap);
|
|
459
460
|
break;
|
|
460
461
|
}
|
|
461
462
|
case "BundleNotFoundError":
|
package/lib/lib/resources.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Command } from "@oclif/core";
|
|
2
|
-
import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../
|
|
2
|
+
import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../graphql/graphql";
|
|
3
3
|
export type ResourceInfo = {
|
|
4
4
|
id: string;
|
|
5
5
|
name: string;
|
package/lib/lib/sessions.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import type { Command } from "@oclif/core";
|
|
2
|
-
import type { ResourceAccessLevelInput } from "../
|
|
2
|
+
import type { ResourceAccessLevelInput } from "../graphql/graphql";
|
|
3
3
|
export declare const getOrCreateSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string, wantNewSession?: boolean) => Promise<any>;
|
|
4
4
|
export declare const getSessionExpirationMessage: (session: any) => string;
|
package/lib/lib/sessions.js
CHANGED
|
@@ -118,6 +118,7 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
|
|
|
118
118
|
return session;
|
|
119
119
|
};
|
|
120
120
|
const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession) => {
|
|
121
|
+
var _a, _b, _c, _d;
|
|
121
122
|
const { resp, error } = await (0, handler_1.runMutation)({
|
|
122
123
|
command: command,
|
|
123
124
|
query: CreateSessionDocument.replace("METADATA_FRAGMENT", metadataFragment),
|
|
@@ -130,9 +131,9 @@ const createSession = async (command, resourceId, accessLevel, sessionId, metada
|
|
|
130
131
|
if (error) {
|
|
131
132
|
return (0, apollo_1.handleError)(command, error);
|
|
132
133
|
}
|
|
133
|
-
switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
|
|
134
|
+
switch ((_b = (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.createSession) === null || _b === void 0 ? void 0 : _b.__typename) {
|
|
134
135
|
case "CreateSessionResult": {
|
|
135
|
-
return resp.data.createSession.session;
|
|
136
|
+
return (_d = (_c = resp.data) === null || _c === void 0 ? void 0 : _c.createSession) === null || _d === void 0 ? void 0 : _d.session;
|
|
136
137
|
}
|
|
137
138
|
case "MfaInvalidError": {
|
|
138
139
|
return openBrowserAndPollForSession(command, "❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "opal-security",
|
|
3
3
|
"description": "Opal allows you to centrally manage access to all of your sensitive systems.",
|
|
4
|
-
"version": "3.2.
|
|
4
|
+
"version": "3.2.3",
|
|
5
5
|
"author": "Stephen Cobbe",
|
|
6
6
|
"bin": {
|
|
7
7
|
"opal": "./bin/run"
|
|
8
8
|
},
|
|
9
9
|
"bugs": "https://github.com/opalsecurity/opal-cli/issues",
|
|
10
10
|
"dependencies": {
|
|
11
|
-
"@apollo/client": "^
|
|
11
|
+
"@apollo/client": "^4.0.4",
|
|
12
12
|
"@oclif/core": "^3.19.3",
|
|
13
13
|
"@oclif/plugin-autocomplete": "^1.4.6",
|
|
14
14
|
"@oclif/plugin-help": "^5.2.20",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"chalk": "^2.4.2",
|
|
18
18
|
"cli-table3": "^0.6.5",
|
|
19
19
|
"enquirer": "^2.4.1",
|
|
20
|
-
"graphql": "^
|
|
20
|
+
"graphql": "^16.11.0",
|
|
21
21
|
"inquirer": "^8.2.6",
|
|
22
22
|
"inquirer-autocomplete-prompt": "^2.0.1",
|
|
23
23
|
"keychain": "^1.5.0",
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
"open": "^8.0.4",
|
|
28
28
|
"openid-client": "^5.6.5",
|
|
29
29
|
"prettyjson": "^1.2.1",
|
|
30
|
+
"rxjs": "^7.8.2",
|
|
30
31
|
"semver": "^7.5.4",
|
|
31
32
|
"tslib": "^2.8.1"
|
|
32
33
|
},
|