opal-security 3.2.4 → 4.0.2

package/lib/commands/login.js

@@ -1,286 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CLITokenExchangeName = exports.CLIAuthSessionCheckDocument = exports.CLIAuthSessionCheckName = exports.CLISignInMethodName = void 0;
-const core_1 = require("@oclif/core");
-const open = require("open");
-const openid_client_1 = require("openid-client");
-const client_1 = require("@apollo/client");
-const inquirer = require("inquirer");
-const handler_1 = require("../handler");
-const apollo_1 = require("../lib/apollo");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
-const flags_1 = require("../lib/flags");
-const util_1 = require("../lib/util");
-const ISSUER_PROD = "https://auth.opal.dev";
-const ISSUER_DEV = "https://authdev.opal.dev";
-const GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
-const CLIENT_ID_PROD = "42rm6E5v7o67LBpRfjdT9KhnjrQHr9UF";
-const CLIENT_ID_DEV = "XYV8qoAvZG7dHnhRp2g5XMJ1zX9fBP6s";
-const CLISignInMethodDocumentLegacy = `
-query CLISignInMethod($input: SignInMethodInput!) {
-  signInMethod(input: $input) {
-    __typename
-    ... on SignInMethodResult {
-      signInOrganizations {
-        organizationId
-        organizationName
-      }
-    }
-  }
-}`;
-exports.CLISignInMethodName = "CLISignInMethod";
-const CLISignInMethodDocument = `
-query CLISignInMethod($input: SignInMethodInput!) {
-  signInMethod(input: $input) {
-    __typename
-    ... on SignInMethodResult {
-      signInOrganizations {
-        organizationId
-        organizationName
-        cliClientId
-      }
-    }
-  }
-}`;
-exports.CLIAuthSessionCheckName = "CLIAuthSessionCheck";
-exports.CLIAuthSessionCheckDocument = `
-query CLIAuthSessionCheck {
-  organizationSettings {
-      ... on OrganizationSettingsResult {
-        settings {
-          id
-        }
-      }
-  }
-}
-`;
-const SignInDocument = `
-mutation SignIn($input: SignInInput!) {
-  signIn(input: $input) {
-    __typename
-    ... on SignInResult {
-      state
-      forceExtraStep
-      authURL
-      __typename
-    }
-  }
-}
-`;
-exports.CLITokenExchangeName = "CLITokenExchange";
-const CLITokenExchangeDocument = `
-mutation CLITokenExchange($input: CLITokenExchangeInput!) {
-  cliTokenExchange(input: $input) {
-    __typename
-    ... on CLITokenExchangeOutput {
-      sessionID
-    }
-  }
-}
-`;
-class Login extends core_1.Command {
-    async run() {
-        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
-        try {
-            await (0, apollo_1.initClient)(this, false);
-            const { flags } = await this.parse(Login);
-            const configDir = this.config.configDir;
-            const configData = (0, config_1.getOrCreateConfigData)(configDir);
-            let email = flags.email;
-            let organizationId;
-            let organizationName;
-            let clientIDCandidate;
-            const existingCreds = await (0, credentials_1.getOpalCredentials)(this, false);
-            // Only use the previous email + organizationID if email isn't explicitly specified.
-            if (!email) {
-                email = existingCreds.email;
-                organizationId = existingCreds.organizationID;
-                organizationName = existingCreds.organizationName;
-                clientIDCandidate = existingCreds.clientIDCandidate;
-            }
-            await (0, credentials_1.removeOpalCredentials)(this);
-            this.log("Welcome to Opal! ⚡\n");
-            this.log("Connecting to Opal server URL:", configData[config_1.urlKey]);
-            this.log("If this is incorrect, please run `opal set-url --help`\n");
-            if (email) {
-                this.log(`Signing in as: ${email} - to use a different account, run \`opal login --email [EMAIL]\``);
-            }
-            else {
-                const { email: promptEmail } = await inquirer.prompt([
-                    {
-                        name: "email",
-                        message: "Enter your email:",
-                        type: "input",
-                        validate: (email) => Boolean(email),
-                    },
-                ]);
-                email = promptEmail;
-            }
-            if (!organizationId) {
-                let signInOrganizationsLegacyResponse;
-                const { resp: signInOrganizationsResponse, error } = await (0, handler_1.runQueryDeprecated)({
-                    command: this,
-                    query: CLISignInMethodDocument,
-                    variables: { input: { email } },
-                });
-                if (error) {
-                    if (client_1.ServerError.is(error) && error.statusCode === 422) {
-                        const { resp, error: legacyError } = await (0, handler_1.runQueryDeprecated)({
-                            command: this,
-                            query: CLISignInMethodDocumentLegacy,
-                            variables: { input: { email } },
-                        });
-                        signInOrganizationsLegacyResponse = resp;
-                        if (legacyError) {
-                            this.log(""); // Intentional newline
-                            return (0, apollo_1.handleError)(this, "Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)");
-                        }
-                    }
-                    else {
-                        this.log(""); // Intentional newline
-                        return (0, apollo_1.handleError)(this, "Could not connect to Opal. Did you set the right URL? (`opal set-url --help`)");
-                    }
-                }
-                const signInOrganizations = ((_b = (_a = signInOrganizationsResponse === null || signInOrganizationsResponse === void 0 ? void 0 : signInOrganizationsResponse.data) === null || _a === void 0 ? void 0 : _a.signInMethod) === null || _b === void 0 ? void 0 : _b.__typename) ===
-                    "SignInMethodResult"
-                    ? signInOrganizationsResponse.data.signInMethod.signInOrganizations
-                    : ((_d = (_c = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data) === null || _c === void 0 ? void 0 : _c.signInMethod) === null || _d === void 0 ? void 0 : _d.__typename) === "SignInMethodResult"
-                        ? (_e = signInOrganizationsLegacyResponse === null || signInOrganizationsLegacyResponse === void 0 ? void 0 : signInOrganizationsLegacyResponse.data.signInMethod) === null || _e === void 0 ? void 0 : _e.signInOrganizations
-                        : undefined;
-                if (signInOrganizations && signInOrganizations.length > 0) {
-                    if (signInOrganizations.length === 1) {
-                        organizationId = signInOrganizations[0].organizationId;
-                        organizationName = signInOrganizations[0].organizationName;
-                        clientIDCandidate = signInOrganizations[0].cliClientId;
-                    }
-                    else {
-                        const responses = await inquirer.prompt([
-                            {
-                                name: "signInOrganization",
-                                message: "Select an organization:",
-                                type: "list",
-                                choices: signInOrganizations.map((signInOrganization) => ({
-                                    name: signInOrganization === null || signInOrganization === void 0 ? void 0 : signInOrganization.organizationName,
-                                    value: signInOrganization,
-                                })),
-                            },
-                        ]);
-                        organizationId = responses.signInOrganization.organizationId;
-                        organizationName = responses.signInOrganization.organizationName;
-                        clientIDCandidate = responses.signInOrganization.cliClientId;
-                    }
-                }
-                else {
-                    // If there are no organizations for the user, require the user to login before failing,
-                    // which is parity with our web app.
-                }
-            }
-            const { resp: signInResp } = await (0, handler_1.runMutation)({
-                command: this,
-                query: SignInDocument,
-                variables: {
-                    input: { organizationId },
-                },
-            });
-            const state = (_g = (_f = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data) === null || _f === void 0 ? void 0 : _f.signIn) === null || _g === void 0 ? void 0 : _g.state;
-            let issuer;
-            // issuerURL may come from configData if set by set-airgap-auth
-            if (configData.issuerURL) {
-                issuer = await openid_client_1.Issuer.discover(configData.issuerURL);
-            }
-            else if ((0, config_1.isProduction)(this.config.configDir)) {
-                issuer = await openid_client_1.Issuer.discover(ISSUER_PROD);
-            }
-            else {
-                issuer = await openid_client_1.Issuer.discover(ISSUER_DEV);
-            }
-            let clientID;
-            if (clientIDCandidate) {
-                // clientIdCandidate gets stored in creds, and is mostly relevant for on-prem envs using Auth0 and SAML
-                clientID = clientIDCandidate;
-            }
-            else if (configData.clientID) {
-                // clientID may come from configData if set by set-airgap-auth
-                clientID = configData.clientID;
-            }
-            else if ((0, config_1.isProduction)(this.config.configDir)) {
-                clientID = CLIENT_ID_PROD;
-            }
-            else {
-                clientID = CLIENT_ID_DEV;
-            }
-            const client = new issuer.Client({
-                grant_types: [GRANT_TYPE],
-                client_id: clientID,
-                response_types: [],
-                redirect_uris: [],
-                token_endpoint_auth_method: "none",
-                application_type: "native",
-            });
-            // Add the mfa:skip scope to the scopes according to appropriate org settings
-            // This scope is evaluated in Auth0 "MFA Rule" Action to skip or enabled MFA
-            let scopes = "openid email profile";
-            if (!((_j = (_h = signInResp === null || signInResp === void 0 ? void 0 : signInResp.data) === null || _h === void 0 ? void 0 : _h.signIn) === null || _j === void 0 ? void 0 : _j.forceExtraStep)) {
-                scopes += " mfa:skip";
-            }
-            const handle = await client.deviceAuthorization({
-                audience: "https://opal.dev",
-                scope: scopes,
-            });
-            this.log("\nYou are being redirected to your browser to authenticate.\n");
-            this.log(`      User Code: ${handle.user_code}\n`);
-            this.log("If your browser doesn't open, go to:", handle.verification_uri_complete, "\n");
-            // Wait before opening the browser window to ensure the user has time to
-            // see the User Code.
-            await (0, util_1.sleep)(1000);
-            await open(handle.verification_uri_complete, { wait: false });
-            const tokenSet = await handle.poll();
-            const { error: tokenExchangeError } = await (0, handler_1.runMutation)({
-                command: this,
-                query: CLITokenExchangeDocument,
-                variables: {
-                    input: {
-                        accessToken: tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token,
-                        state,
-                    },
-                },
-            });
-            if (tokenExchangeError) {
-                this.log("WARN: Failed to exchange access token for session in Opal. Falling back to using access token for authenticating requests\n");
-                // TODO: consider adding a warn line recommending upgrading Opal to version XYZ, once accompanying PR is pushed to prod
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, (tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.access_token) || "", credentials_1.SecretType.ApiToken, organizationName);
-            }
-            else {
-                await (0, credentials_1.setOpalCredentials)(this, email, organizationId !== null && organizationId !== void 0 ? organizationId : "", clientIDCandidate, apollo_1.cookieStr, credentials_1.SecretType.Cookie, organizationName);
-            }
-            // "Representative" authenticated call to check the log-in worked as expected.
-            const { resp: authCheckResp, error: authCheckErr } = await (0, handler_1.runQueryDeprecated)({
-                command: this,
-                query: exports.CLIAuthSessionCheckDocument,
-                variables: {},
-            });
-            if (authCheckErr ||
-                !((_m = (_l = (_k = authCheckResp === null || authCheckResp === void 0 ? void 0 : authCheckResp.data) === null || _k === void 0 ? void 0 : _k.organizationSettings) === null || _l === void 0 ? void 0 : _l.settings) === null || _m === void 0 ? void 0 : _m.id)) {
-                this.log("Error verifying log in. Authenticated commands may fail. Please double check your URL and use `opal logout; opal login` to try again.\n");
-                await (0, credentials_1.removeOpalCredentials)(this);
-                process.exit(1);
-            }
-            this.log("🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n");
-        }
-        catch (error) {
-            this.error(error);
-        }
-    }
-}
-Login.description = "Authenticates you with the Opal server.";
-Login.examples = ["$ opal login"];
-Login.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-    email: core_1.Flags.string({
-        multiple: false,
-        description: "Email address to login with.",
-    }),
-};
-Login.args = {};
-exports.default = Login;

package/lib/commands/logout.js

@@ -1,23 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const credentials_1 = require("../lib/credentials");
-const flags_1 = require("../lib/flags");
-class Logout extends core_1.Command {
-    async run() {
-        try {
-            await (0, credentials_1.removeOpalCredentials)(this);
-            this.log("Successfully removed the saved Account ID and Auth Token from this computer");
-        }
-        catch (error) {
-            this.error(error);
-        }
-    }
-}
-Logout.description = "Clears locally stored Opal server authentication credentials.";
-Logout.examples = ["$ opal logout"];
-Logout.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-};
-Logout.args = {};
-exports.default = Logout;

package/lib/commands/set-auth-provider.d.ts

@@ -1,11 +0,0 @@
-import { Command } from "@oclif/core";
-export default class SetAuthProvider extends Command {
-    static description: string;
-    static examples: string[];
-    static flags: {
-        help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
-        clientID: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
-        issuerUrl: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
-    };
-    run(): Promise<void>;
-}

package/lib/commands/set-auth-provider.js

@@ -1,44 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
-const flags_1 = require("../lib/flags");
-class SetAuthProvider extends core_1.Command {
-    async run() {
-        try {
-            const { flags, args } = await this.parse(SetAuthProvider);
-            const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
-            configData.issuerURL = flags.issuerUrl;
-            configData.clientID = flags.clientID;
-            (0, config_1.writeConfigData)(this.config.configDir, configData);
-            await (0, credentials_1.removeOpalCredentials)(this);
-            this.log("Client ID and Issuer URL updated");
-        }
-        catch (error) {
-            this.error(error);
-        }
-    }
-}
-SetAuthProvider.description = `Sets the Issuer URL and Client ID of the Auth Provider that the CLI will authenticate with.
-  Only use this if you are running a self-hosted, air-gapped instance of Opal that uses a custom Auth Provider.
-
-  Note - you will need an OIDC provider that supports the device_code grant.
-  `;
-SetAuthProvider.examples = [
-    "$ opal set-auth-provider --clientID 1234asdf --issuerUrl https://auth.example.com",
-];
-SetAuthProvider.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-    clientID: core_1.Flags.string({
-        multiple: false,
-        description: "Client ID of your Auth Provider",
-        required: true,
-    }),
-    issuerUrl: core_1.Flags.string({
-        multiple: false,
-        description: "Issuer URL of your Auth Provider",
-        required: true,
-    }),
-};
-exports.default = SetAuthProvider;

package/lib/commands/set-custom-header.js

@@ -1,37 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const apollo_1 = require("../lib/apollo");
-const config_1 = require("../lib/config");
-const flags_1 = require("../lib/flags");
-class SetCustomHeader extends core_1.Command {
-    async run() {
-        try {
-            const { flags } = await this.parse(SetCustomHeader);
-            let header;
-            if (flags.header) {
-                header = flags.header;
-            }
-            const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
-            configData[config_1.customHttpHeaderKey] = header;
-            (0, config_1.writeConfigData)(this.config.configDir, configData);
-            await (0, apollo_1.initClient)(this);
-            this.log("Custom HTTP header updated");
-        }
-        catch (error) {
-            this.error(error);
-        }
-    }
-}
-SetCustomHeader.description = "Sets a custom HTTP header to connect to the Opal server.";
-SetCustomHeader.examples = [
-    "$ opal set-custom-header --header 'cf-access-token: $TOKEN'",
-];
-SetCustomHeader.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-    header: core_1.Flags.string({
-        multiple: false,
-    }),
-};
-SetCustomHeader.args = {};
-exports.default = SetCustomHeader;

package/lib/commands/whoami.js

@@ -1,34 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
-const flags_1 = require("../lib/flags");
-class WhoAmI extends core_1.Command {
-    async run() {
-        const opalCreds = await (0, credentials_1.getOpalCredentials)(this, false);
-        const organizationName = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationName;
-        const email = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.email;
-        const configData = (0, config_1.getOrCreateConfigData)(this.config.configDir);
-        const url = configData[config_1.urlKey];
-        if (email) {
-            this.log(`User:         ${email}`);
-        }
-        if (organizationName) {
-            if (organizationName === "unset-org-id") {
-                this.log("Authenticated with Opal API Token.");
-            }
-            else {
-                this.log(`Organization: ${organizationName}`);
-            }
-        }
-        if (url) {
-            this.log(`Server:       ${url}`);
-        }
-    }
-}
-WhoAmI.description = "Describes current url set, organization name, and logged in user if applicable.";
-WhoAmI.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-};
-exports.default = WhoAmI;

package/lib/graphql/index.d.ts

@@ -1,2 +0,0 @@
-export * from "./fragment-masking";
-export * from "./gql";

package/lib/graphql/index.js

@@ -1,5 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./fragment-masking"), exports);
-tslib_1.__exportStar(require("./gql"), exports);

package/lib/handler.js

@@ -1,41 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.runQueryDeprecated = exports.runMutation = void 0;
-const graphql_tag_1 = require("graphql-tag");
-const apollo_1 = require("./lib/apollo");
-const runMutation = async ({ command, query, variables, }) => {
-    await (0, apollo_1.initClient)(command);
-    let mutationResp = undefined;
-    let mutationError = null;
-    try {
-        mutationResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.mutate({
-            mutation: (0, graphql_tag_1.default) `
-        ${query}
-      `,
-            variables: variables,
-        }));
-    }
-    catch (error) {
-        mutationError = error;
-    }
-    return { resp: mutationResp, error: mutationError };
-};
-exports.runMutation = runMutation;
-const runQueryDeprecated = async ({ command, query, variables, }) => {
-    await (0, apollo_1.initClient)(command);
-    let queryResp = null;
-    let queryError = null;
-    try {
-        queryResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.query({
-            query: (0, graphql_tag_1.default) `
-        ${query}
-      `,
-            variables: variables,
-        }));
-    }
-    catch (error) {
-        queryError = error;
-    }
-    return { resp: queryResp, error: queryError };
-};
-exports.runQueryDeprecated = runQueryDeprecated;

package/lib/index.js

@@ -1,5 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = void 0;
-var core_1 = require("@oclif/core");
-Object.defineProperty(exports, "run", { enumerable: true, get: function () { return core_1.run; } });

package/lib/labels.js

@@ -1,40 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DisplayLabels = exports.connectionTypeLabelByType = void 0;
-const graphql_1 = require("./graphql/graphql");
-exports.connectionTypeLabelByType = {
-    [graphql_1.ConnectionType.ActiveDirectory]: "Active Directory",
-    [graphql_1.ConnectionType.Aws]: "Amazon Web Services (Legacy)",
-    [graphql_1.ConnectionType.AwsSso]: "Amazon Web Services",
-    [graphql_1.ConnectionType.Custom]: "Custom Integration",
-    [graphql_1.ConnectionType.CustomConnector]: "Custom App Connector",
-    [graphql_1.ConnectionType.Duo]: "Duo",
-    [graphql_1.ConnectionType.Gcp]: "Google Cloud Platform",
-    [graphql_1.ConnectionType.GitHub]: "GitHub",
-    [graphql_1.ConnectionType.GitLab]: "GitLab",
-    [graphql_1.ConnectionType.GoogleGroups]: "Google Groups",
-    [graphql_1.ConnectionType.GoogleWorkspace]: "Google Workspace",
-    [graphql_1.ConnectionType.Ldap]: "LDAP",
-    [graphql_1.ConnectionType.Mongo]: "MongoDB Database",
-    [graphql_1.ConnectionType.MongoAtlas]: "MongoDB Atlas Database",
-    [graphql_1.ConnectionType.OktaDirectory]: "Okta Directory",
-    [graphql_1.ConnectionType.Opal]: "Opal",
-    [graphql_1.ConnectionType.Pagerduty]: "PagerDuty",
-    [graphql_1.ConnectionType.Tailscale]: "Tailscale",
-    [graphql_1.ConnectionType.Salesforce]: "Salesforce",
-    [graphql_1.ConnectionType.Workday]: "Workday",
-    [graphql_1.ConnectionType.Mysql]: "MySQL",
-    [graphql_1.ConnectionType.Mariadb]: "MariaDB",
-    [graphql_1.ConnectionType.Postgres]: "PostgreSQL",
-    [graphql_1.ConnectionType.Teleport]: "Teleport",
-    [graphql_1.ConnectionType.AzureAd]: "Azure",
-    [graphql_1.ConnectionType.Snowflake]: "Snowflake",
-    [graphql_1.ConnectionType.Databricks]: "Databricks",
-    [graphql_1.ConnectionType.Coupa]: "Coupa",
-    [graphql_1.ConnectionType.DatastaxAstra]: "DataStax Astra",
-    [graphql_1.ConnectionType.Ilevel]: "iLEVEL",
-};
-exports.DisplayLabels = {
-    [graphql_1.EntityType.Resource]: "Resource",
-    [graphql_1.EntityType.Group]: "Group",
-};

package/lib/lib/config.js

@@ -1,54 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isProduction = exports.writeConfigData = exports.getOrCreateConfigData = exports.customHttpHeaderKey = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
-const fs = require("node:fs");
-const path = require("node:path");
-exports.urlKey = "url";
-exports.defaultUrl = "https://app.opal.dev";
-exports.allowSelfSignedCertsKey = "allowSelfSignedCerts";
-exports.defaultAllowSelfSignedCerts = false;
-exports.customHttpHeaderKey = "customHttpHeader";
-const getOrCreateConfigData = (configDir) => {
-    if (!fs.existsSync(configDir)) {
-        fs.mkdirSync(configDir, { recursive: true });
-    }
-    const configFilePath = path.join(configDir, "config.json");
-    if (!fs.existsSync(configFilePath)) {
-        fs.writeFileSync(configFilePath, JSON.stringify({
-            [exports.urlKey]: exports.defaultUrl,
-            [exports.allowSelfSignedCertsKey]: exports.defaultAllowSelfSignedCerts,
-        }));
-    }
-    let configData = {};
-    try {
-        const configDataRaw = fs.readFileSync(configFilePath);
-        configData = JSON.parse(configDataRaw === null || configDataRaw === void 0 ? void 0 : configDataRaw.toString());
-    }
-    catch (error) {
-        if (error.code !== "ENOENT") {
-            throw error;
-        }
-    }
-    return configData;
-};
-exports.getOrCreateConfigData = getOrCreateConfigData;
-const writeConfigData = (configDir, newConfigData) => {
-    const existingData = (0, exports.getOrCreateConfigData)(configDir);
-    for (const [key, value] of Object.entries(newConfigData)) {
-        existingData[key] = value;
-    }
-    const configFilePath = path.join(configDir, "config.json");
-    fs.writeFileSync(configFilePath, JSON.stringify(existingData), {
-        mode: 0o0600,
-    });
-};
-exports.writeConfigData = writeConfigData;
-const isProduction = (configDir) => {
-    const configData = (0, exports.getOrCreateConfigData)(configDir);
-    // Custom URLs are considered production since it includes on-prem
-    return (configData[exports.urlKey] !== "https://dev.opal.dev" &&
-        configData[exports.urlKey] !== "https://demo.opal.dev" &&
-        configData[exports.urlKey] !== "https://staging.opal.dev" &&
-        !configData[exports.urlKey].match(/https?:\/\/localhost/));
-};
-exports.isProduction = isProduction;

package/lib/lib/credentials/index.js

@@ -1,67 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.removeOpalCredentials = exports.getOpalCredentials = exports.setOpalCredentials = exports.SecretType = void 0;
-const config_1 = require("../config");
-const keychain_1 = require("./keychain");
-const localEncryption_1 = require("./localEncryption");
-var SecretType;
-(function (SecretType) {
-    SecretType["Cookie"] = "COOKIE";
-    SecretType["ApiToken"] = "API_TOKEN";
-})(SecretType || (exports.SecretType = SecretType = {}));
-const setOpalCredentials = async (command, email, organizationID, clientIDCandidate, secret, secretType, organizationName) => {
-    const givenEmail = email || "email-unset";
-    const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    configData.creds = {
-        clientIDCandidate,
-        email,
-        organizationID,
-        organizationName,
-        secretType,
-    };
-    (0, config_1.writeConfigData)(command.config.configDir, configData);
-    if (process.platform === "darwin") {
-        await (0, keychain_1.setSecretInKeychain)(givenEmail, secret);
-    }
-    else {
-        await (0, localEncryption_1.setSecretInConfig)(command, configData, secret);
-    }
-};
-exports.setOpalCredentials = setOpalCredentials;
-const getOpalCredentials = async (command, includeAuthSecret = true) => {
-    var _a, _b;
-    const creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
-    if (!includeAuthSecret) {
-        return creds;
-    }
-    let secret = null;
-    if (process.platform === "darwin") {
-        secret = await (0, keychain_1.getSecretFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || "email-unset");
-    }
-    else {
-        secret = await (0, localEncryption_1.getSecretFromConfig)(creds);
-    }
-    if (secret) {
-        creds.secret = secret;
-        // This is a fallback for users with stored credentials from before we converted to session auth with the CLITokenExchange mutation
-        // It will allow them to continue authenticating with an access token in an Authorization header, which will work until we remove support for that
-        if (!creds.secretType) {
-            creds.secretType = SecretType.ApiToken;
-        }
-    }
-    return creds;
-};
-exports.getOpalCredentials = getOpalCredentials;
-const removeOpalCredentials = async (command) => {
-    var _a;
-    const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || "email-unset";
-    // On linux, the access token is stored encrypted in configData.creds, so this effectively removes it
-    configData.creds = {};
-    (0, config_1.writeConfigData)(command.config.configDir, configData);
-    // but on OSX, we need an extra step to delete the token from the keychain
-    if (process.platform === "darwin") {
-        await (0, keychain_1.deleteSecretFromKeychain)(email);
-    }
-};
-exports.removeOpalCredentials = removeOpalCredentials;

package/lib/lib/request/api/index.d.ts

@@ -1,6 +0,0 @@
-export { queryRequestableApps } from "./queries/apps";
-export { queryRequestableAssets, queryCatalogItems } from "./queries/assets";
-export { queryAssetRoles, queryAssociatedItems } from "./queries/roles";
-export { queryRequestDefaults } from "./queries/request-defaults";
-export { queryRequest, queryRequests } from "./queries/requests";
-export { createRequest } from "./mutations/create-request";