opal-security 3.2.2 → 3.2.4

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/3.2.2 darwin-arm64 node-v18.20.4
+opal-security/3.2.4 darwin-arm64 node-v18.20.4
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -106,7 +106,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-provider`
 
@@ -126,7 +126,7 @@ EXAMPLES
   $ opal clear-auth-provider
 ```
 
-_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/clear-auth-provider.ts)_
+_See code: [src/commands/clear-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/clear-auth-provider.ts)_
 
 ## `opal curl-example`
 
@@ -143,7 +143,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -164,7 +164,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -214,7 +214,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -245,7 +245,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -266,7 +266,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -286,7 +286,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -324,7 +324,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/postgres-instances/start.ts)_
 
 ## `opal request create`
 
@@ -350,7 +350,7 @@ DESCRIPTION
   Creates an Opal access request via an interactive form
 ```
 
-_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/request/create.ts)_
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/request/create.ts)_
 
 ## `opal request get`
 
@@ -374,7 +374,7 @@ EXAMPLES
   $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
 ```
 
-_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/request/get.ts)_
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/request/get.ts)_
 
 ## `opal request list`
 
@@ -406,7 +406,7 @@ EXAMPLES
   $ opal request list --n 5 --pending --verbose
 ```
 
-_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/request/list.ts)_
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/request/list.ts)_
 
 ## `opal request ls`
 
@@ -457,7 +457,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/resources/get.ts)_
 
 ## `opal set-auth-provider`
 
@@ -483,7 +483,7 @@ EXAMPLES
   $ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/set-auth-provider.ts)_
+_See code: [src/commands/set-auth-provider.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/set-auth-provider.ts)_
 
 ## `opal set-custom-header`
 
@@ -504,7 +504,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -524,7 +524,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -548,7 +548,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -579,7 +579,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -610,7 +610,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -637,7 +637,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -674,5 +674,5 @@ DESCRIPTION
   Describes current url set, organization name, and logged in user if applicable.
 ```
 
-_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.2/src/commands/whoami.ts)_
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v3.2.4/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/lib/commands/login.js

@@ -4,6 +4,7 @@ exports.CLITokenExchangeName = exports.CLIAuthSessionCheckDocument = exports.CLI
 const core_1 = require("@oclif/core");
 const open = require("open");
 const openid_client_1 = require("openid-client");
+const client_1 = require("@apollo/client");
 const inquirer = require("inquirer");
 const handler_1 = require("../handler");
 const apollo_1 = require("../lib/apollo");
@@ -80,7 +81,7 @@ mutation CLITokenExchange($input: CLITokenExchangeInput!) {
 `;
 class Login extends core_1.Command {
     async run() {
-        var _a, _b, _c, _d, _e, _f, _g;
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
         try {
             await (0, apollo_1.initClient)(this, false);
             const { flags } = await this.parse(Login);
@@ -123,9 +124,8 @@ class Login extends core_1.Command {
                     query: CLISignInMethodDocument,
                     variables: { input: { email } },
                 });
-                if (error === null || error === void 0 ? void 0 : error.networkError) {
-                    if ("statusCode" in error.networkError &&
-                        error.networkError.statusCode === 422) {
+                if (error) {
+                    if (client_1.ServerError.is(error) && error.statusCode === 422) {
                         const { resp, error: legacyError } = await (0, handler_1.runQueryDeprecated)({
                             command: this,
                             query: CLISignInMethodDocumentLegacy,
@@ -142,11 +142,11 @@ class Login extends core_1.Command {
                         return (0, apollo_1.handleError)(this, "Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)");
                     }
                 }
-                const signInOrganizations = ((_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data.signInMethod) === null || _a === void 0 ? void 0 : _a.__typename) ===
+                const signInOrganizations = ((_b = (_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data) === null || _a === void 0 ? void 0 : _a.signInMethod) === null || _b === void 0 ? void 0 : _b.__typename) ===
                     "SignInMethodResult"
                     ? signInOrganizationsResponse.data.signInMethod.signInOrganizations
-                    : ((_b = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _b === void 0 ? void 0 : _b.__typename) === "SignInMethodResult"
-                        ? (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _c === void 0 ? void 0 : _c.signInOrganizations
+                    : ((_d = (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data) === null || _c === void 0 ? void 0 : _c.signInMethod) === null || _d === void 0 ? void 0 : _d.__typename) === "SignInMethodResult"
+                        ? (_e = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _e === void 0 ? void 0 : _e.signInOrganizations
                         : undefined;
                 if (signInOrganizations && signInOrganizations.length > 0) {
                     if (signInOrganizations.length === 1) {
@@ -161,7 +161,7 @@ class Login extends core_1.Command {
                                 message: "Select an organization:",
                                 type: "list",
                                 choices: signInOrganizations.map((signInOrganization) => ({
-                                    name: signInOrganization.organizationName,
+                                    name: signInOrganization === null || signInOrganization === void 0 ? void 0 : signInOrganization.organizationName,
                                     value: signInOrganization,
                                 })),
                             },
@@ -183,7 +183,7 @@ class Login extends core_1.Command {
                     input: { organizationId },
                 },
             });
-            const state = (_d = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data.signIn) === null || _d === void 0 ? void 0 : _d.state;
+            const state = (_g = (_f = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data) === null || _f === void 0 ? void 0 : _f.signIn) === null || _g === void 0 ? void 0 : _g.state;
             let issuer;
             // issuerURL may come from configData if set by set-airgap-auth
             if (configData.issuerURL) {
@@ -221,7 +221,7 @@ class Login extends core_1.Command {
             // Add the mfa:skip scope to the scopes according to appropriate org settings
             // This scope is evaluated in Auth0 "MFA Rule" Action to skip or enabled MFA
             let scopes = "openid email profile";
-            if (!(signInResp === null || signInResp === void 0 ? void 0 : signInResp.data.signIn.forceExtraStep)) {
+            if (!((_j = (_h = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data) === null || _h === void 0 ? void 0 : _h.signIn) === null || _j === void 0 ? void 0 : _j.forceExtraStep)) {
                 scopes += " mfa:skip";
             }
             const handle = await client.deviceAuthorization({
@@ -261,7 +261,7 @@ class Login extends core_1.Command {
                 variables: {},
             });
             if (authCheckErr ||
-                !((_g = (_f = (_e = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _e === void 0 ? void 0 : _e.organizationSettings) === null || _f === void 0 ? void 0 : _f.settings) === null || _g === void 0 ? void 0 : _g.id)) {
+                !((_m = (_l = (_k = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _k === void 0 ? void 0 : _k.organizationSettings) === null || _l === void 0 ? void 0 : _l.settings) === null || _m === void 0 ? void 0 : _m.id)) {
                 this.log("Error verifying log in. Authenticated commands may fail. Please double check your URL and use `opal logout; opal login` to try again.\n");
                 await (0, credentials_1.removeOpalCredentials)(this);
                 process.exit(1);

package/lib/commands/request/get.js

@@ -10,6 +10,7 @@ const api_1 = require("../../lib/request/api");
 const displays_1 = require("../../lib/request/displays");
 class GetRequest extends core_1.Command {
     async run() {
+        var _a;
         (0, cmd_1.setMostRecentCommand)(this);
         const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
         const client = await (0, apollo_1.getClient)(this, true);
@@ -21,7 +22,7 @@ class GetRequest extends core_1.Command {
             return;
         }
         const resp = await (0, api_1.queryRequest)(client, flags.id);
-        switch (resp.data.request.__typename) {
+        switch ((_a = resp.data) === null || _a === void 0 ? void 0 : _a.request.__typename) {
             case "RequestResult": {
                 if (flags.verbose) {
                     (0, apollo_1.printResponse)(this, resp);