opal-security 3.2.4 → 4.0.2

package/{lib → build}/commands/ssh/copyTo.js

@@ -1,18 +1,16 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const core_1 = require("@oclif/core");
-const apollo_1 = require("../../lib/apollo");
-const cmd_1 = require("../../lib/cmd");
-const flags_1 = require("../../lib/flags");
-const resources_1 = require("../../lib/resources");
-const sessions_1 = require("../../lib/sessions");
-const ssh_1 = require("../../lib/ssh");
-const start_1 = require("./start");
-class StartSCPSession extends core_1.Command {
+import { Command, Flags } from "@oclif/core";
+import { handleError } from "../../lib/apollo.js";
+import { runCommandSpawn, setMostRecentCommand } from "../../lib/cmd.js";
+import { SHARED_FLAGS } from "../../lib/flags.js";
+import { DEFAULT_ACCESS_LEVEL } from "../../lib/resources.js";
+import { getOrCreateSession } from "../../lib/sessions.js";
+import { assertSessionManagerPluginExists, selectComputeInstance, } from "../../lib/ssh.js";
+import { Ec2SessionMetadataFragment } from "./start.js";
+class StartSCPSession extends Command {
     async run() {
-        (0, cmd_1.setMostRecentCommand)(this);
+        setMostRecentCommand(this);
         const { flags } = await this.parse(StartSCPSession);
-        const pluginExists = await (0, ssh_1.assertSessionManagerPluginExists)();
+        const pluginExists = await assertSessionManagerPluginExists();
         if (!pluginExists) {
             return;
         }
@@ -20,14 +18,14 @@ class StartSCPSession extends core_1.Command {
         let instanceName = null;
         const sessionId = flags.sessionId;
         if (!instanceId) {
-            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, "SCP into");
+            const selectedInstance = await selectComputeInstance(this, "SCP into");
             if (!selectedInstance) {
                 return;
             }
             instanceId = selectedInstance.id;
             instanceName = selectedInstance.name;
         }
-        const session = await (0, sessions_1.getOrCreateSession)(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, start_1.Ec2SessionMetadataFragment);
+        const session = await getOrCreateSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
         if (!session) {
             return;
         }
@@ -42,11 +40,11 @@ class StartSCPSession extends core_1.Command {
                 // Run SCP script
                 const scpCmd = `$SCRIPT_PATH/../../scripts/ssh_ssm_scp_to_server.sh ${metadata.ec2InstanceId} ${flags.user} ${flags.src} ${metadata.ec2Region} ${flags.dest}`;
                 const outputMessage = `from "${flags.src}" locally to "${flags.dest}" on ${instanceName ? `"${instanceName}" instance` : "instance"}.`;
-                (0, cmd_1.runCommandSpawn)(scpCmd, `Copied ${outputMessage}`, `Failed to copy ${outputMessage}.`, envVars);
+                runCommandSpawn(scpCmd, `Copied ${outputMessage}`, `Failed to copy ${outputMessage}.`, envVars);
                 break;
             }
             default:
-                return (0, apollo_1.handleError)(this, undefined, session);
+                return handleError(this, undefined, session);
         }
     }
 }
@@ -56,25 +54,25 @@ StartSCPSession.examples = [
     "opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398",
 ];
 StartSCPSession.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-    src: core_1.Flags.string({
+    help: SHARED_FLAGS.help,
+    src: Flags.string({
         multiple: false,
         required: true,
         description: "The directory or file you would like to copy over SCP. Note we only support one file or directory at a time.",
     }),
-    dest: core_1.Flags.string({
+    dest: Flags.string({
         multiple: false,
         required: false,
         default: ".",
         description: "The directory you want your files to be copied to.",
     }),
-    user: core_1.Flags.string({
+    user: Flags.string({
         multiple: false,
         required: false,
         default: "ssm-user",
         description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
     }),
-    id: flags_1.SHARED_FLAGS.id,
-    sessionId: flags_1.SHARED_FLAGS.sessionId,
+    id: SHARED_FLAGS.id,
+    sessionId: SHARED_FLAGS.sessionId,
 };
-exports.default = StartSCPSession;
+export default StartSCPSession;

package/{lib → build}/commands/ssh/start.js

@@ -1,17 +1,14 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Ec2SessionMetadataFragment = void 0;
-const core_1 = require("@oclif/core");
-const get_1 = require("../../commands/resources/get");
-const handler_1 = require("../../handler");
-const apollo_1 = require("../../lib/apollo");
-const aws_1 = require("../../lib/aws");
-const cmd_1 = require("../../lib/cmd");
-const flags_1 = require("../../lib/flags");
-const resources_1 = require("../../lib/resources");
-const sessions_1 = require("../../lib/sessions");
-const ssh_1 = require("../../lib/ssh");
-exports.Ec2SessionMetadataFragment = `
+import { Command } from "@oclif/core";
+import { GetResourceDocument } from "../../commands/resources/get.js";
+import { runQueryDeprecated } from "../../handler.js";
+import { handleError } from "../../lib/apollo.js";
+import { getAwsConfigUpdateCmd } from "../../lib/aws.js";
+import { setMostRecentCommand, startInteractiveShell } from "../../lib/cmd.js";
+import { SHARED_FLAGS } from "../../lib/flags.js";
+import { DEFAULT_ACCESS_LEVEL } from "../../lib/resources.js";
+import { getOrCreateSession, getSessionExpirationMessage, } from "../../lib/sessions.js";
+import { assertSessionManagerPluginExists, selectComputeInstance, } from "../../lib/ssh.js";
+export const Ec2SessionMetadataFragment = `
 ... on AwsIamFederatedSSMSession {
   awsAccessKeyId
   awsSecretAccessKey
@@ -21,14 +18,14 @@ exports.Ec2SessionMetadataFragment = `
   ec2InstanceId
   ec2Region
 }`;
-class StartSSHSession extends core_1.Command {
+class StartSSHSession extends Command {
     async run() {
-        (0, cmd_1.setMostRecentCommand)(this);
+        setMostRecentCommand(this);
         const { flags } = await this.parse(StartSSHSession);
         if (flags.sessionId && flags.refresh) {
-            return (0, apollo_1.handleError)(this, "Cannot use both --sessionId and --refresh");
+            return handleError(this, "Cannot use both --sessionId and --refresh");
         }
-        const pluginExists = await (0, ssh_1.assertSessionManagerPluginExists)();
+        const pluginExists = await assertSessionManagerPluginExists();
         if (!pluginExists) {
             return;
         }
@@ -36,7 +33,7 @@ class StartSSHSession extends core_1.Command {
         let instanceName = null;
         const sessionId = flags.sessionId;
         if (!instanceId) {
-            const selectedInstance = await (0, ssh_1.selectComputeInstance)(this, "SSH into");
+            const selectedInstance = await selectComputeInstance(this, "SSH into");
             if (!selectedInstance) {
                 return;
             }
@@ -44,40 +41,40 @@ class StartSSHSession extends core_1.Command {
             instanceName = selectedInstance.name;
         }
         else {
-            const { resp, error } = await (0, handler_1.runQueryDeprecated)({
+            const { resp, error } = await runQueryDeprecated({
                 command: this,
-                query: get_1.GetResourceDocument,
+                query: GetResourceDocument,
                 variables: {
                     id: instanceId,
                 },
             });
             if (error) {
-                return (0, apollo_1.handleError)(this, error, resp);
+                return handleError(this, error, resp);
             }
             if (!(resp === null || resp === void 0 ? void 0 : resp.data.resource.resource)) {
-                return (0, apollo_1.handleError)(this, `Resource not found for ID: ${instanceId}`);
+                return handleError(this, `Resource not found for ID: ${instanceId}`);
             }
             instanceName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || "ssh-instance";
         }
-        const session = await (0, sessions_1.getOrCreateSession)(this, instanceId, resources_1.DEFAULT_ACCESS_LEVEL, sessionId, exports.Ec2SessionMetadataFragment, flags.refresh);
+        const session = await getOrCreateSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment, flags.refresh);
         if (!session) {
             return;
         }
         const metadata = session.metadata;
         switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
             case "AwsIamFederatedSSMSession": {
-                this.log(`\n🕰  Connecting to a session that expires in ${(0, sessions_1.getSessionExpirationMessage)(session)}.`);
-                const updateAwsConfigCommand = (0, aws_1.getAwsConfigUpdateCmd)(instanceName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
+                this.log(`\n🕰  Connecting to a session that expires in ${getSessionExpirationMessage(session)}.`);
+                const updateAwsConfigCommand = getAwsConfigUpdateCmd(instanceName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
                 const sessionCmd = `aws ssm start-session --target ${metadata.ec2InstanceId} --region ${metadata.ec2Region} --profile opal`;
                 // TODO: Unfortunately allowing SSH over SSM disables logging
                 // Run SSH script
                 // const sessionCmd = `../../scripts/ssh_ssm.sh ${metadata.ec2InstanceId} ${flags.user} ${metadata.ec2Region}`
                 const startSessionCmd = `${updateAwsConfigCommand} && ${sessionCmd}`;
-                (0, cmd_1.startInteractiveShell)(startSessionCmd, `shell into ${instanceName ? `"${instanceName}" instance` : "instance"}`);
+                startInteractiveShell(startSessionCmd, `shell into ${instanceName ? `"${instanceName}" instance` : "instance"}`);
                 break;
             }
             default:
-                return (0, apollo_1.handleError)(this, undefined, session);
+                return handleError(this, undefined, session);
         }
     }
 }
@@ -87,15 +84,15 @@ StartSSHSession.examples = [
     "opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
 ];
 StartSSHSession.flags = {
-    help: flags_1.SHARED_FLAGS.help,
-    id: flags_1.SHARED_FLAGS.id,
+    help: SHARED_FLAGS.help,
+    id: SHARED_FLAGS.id,
     // TODO: Unfortunately allowing SSM over SSH disables logging
     // user: flags.string({
     //   multiple: false,
     //   required: false,
     //   default: "ssm-user",
     // }),
-    sessionId: flags_1.SHARED_FLAGS.sessionId,
-    refresh: flags_1.SHARED_FLAGS.refresh,
+    sessionId: SHARED_FLAGS.sessionId,
+    refresh: SHARED_FLAGS.refresh,
 };
-exports.default = StartSSHSession;
+export default StartSSHSession;

package/build/commands/whoami.js

@@ -0,0 +1,27 @@
+import { Command } from "@oclif/core";
+import { getOrCreateConfigData, urlKey } from "../lib/config.js";
+import { getOpalCredentials } from "../lib/credentials/index.js";
+import { SHARED_FLAGS } from "../lib/flags.js";
+class WhoAmI extends Command {
+    async run() {
+        const opalCreds = await getOpalCredentials(this, false);
+        const organizationID = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationID;
+        const email = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.email;
+        const configData = getOrCreateConfigData(this.config.configDir);
+        const url = configData[urlKey];
+        if (email) {
+            this.log(`User email:         ${email}`);
+        }
+        if (organizationID) {
+            this.log(`OrganizationID: ${organizationID}`);
+        }
+        if (url) {
+            this.log(`Server:       ${url}`);
+        }
+    }
+}
+WhoAmI.description = "Describes current url set, organization name, and logged in user if applicable.";
+WhoAmI.flags = {
+    help: SHARED_FLAGS.help,
+};
+export default WhoAmI;

package/{lib → build}/graphql/fragment-masking.d.ts

@@ -1,5 +1,5 @@
 import type { DocumentTypeDecoration, ResultOf, TypedDocumentNode } from "@graphql-typed-document-node/core";
-import type { Incremental } from "./graphql";
+import type { Incremental } from "./graphql.js";
 export type FragmentType<TDocumentType extends DocumentTypeDecoration<any, any>> = TDocumentType extends DocumentTypeDecoration<infer TType, any> ? [TType] extends [{
     " $fragmentName"?: infer TKey;
 }] ? TKey extends string ? {

package/{lib → build}/graphql/fragment-masking.js

@@ -1,15 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.useFragment = useFragment;
-exports.makeFragmentData = makeFragmentData;
-exports.isFragmentReady = isFragmentReady;
-function useFragment(_documentNode, fragmentType) {
+export function useFragment(_documentNode, fragmentType) {
     return fragmentType;
 }
-function makeFragmentData(data, _fragment) {
+export function makeFragmentData(data, _fragment) {
     return data;
 }
-function isFragmentReady(queryNode, fragmentNode, data) {
+export function isFragmentReady(queryNode, fragmentNode, data) {
     var _a, _b;
     const deferredFields = (_a = queryNode.__meta__) === null || _a === void 0 ? void 0 : _a.deferredFields;
     if (!deferredFields)

package/{lib → build}/graphql/gql.d.ts

@@ -1,5 +1,5 @@
 import type { TypedDocumentNode as DocumentNode } from "@graphql-typed-document-node/core";
-import * as types from "./graphql";
+import * as types from "./graphql.js";
 /**
  * Map of all GraphQL operations in the project.
  *

package/{lib → build}/graphql/gql.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.graphql = graphql;
 /* eslint-disable */
-const types = require("./graphql");
+import * as types from "./graphql.js";
 const documents = {
     "\nquery GetGroup($id: GroupId!) {\n    group(input: { id: $id }) {\n    __typename\n    ... on GroupResult {\n      group {\n        name\n        id\n        description\n        groupType\n        adminOwnerId\n        groupLeaders {\n            fullName\n            email\n            id\n        }\n        connection {\n            name\n            id\n            connectionType\n        }\n        paginatedGroupUsers {\n            totalNumGroupUsers\n            groupUsers {\n                user {\n                    fullName\n                    email\n                    id\n                }\n            }\n        }\n      }\n    }\n    ... on GroupNotFoundError {\n      message\n    }\n  }\n}": types.GetGroupDocument,
     "\nquery CheckAuthSessionQuery {\n  organizationSettings {\n    ... on OrganizationSettingsResult {\n      settings {\n        id\n      }\n    }\n  }\n}\n": types.CheckAuthSessionQueryDocument,
@@ -21,7 +18,7 @@ const documents = {
     "\nquery GroupAccessLevels($groupId: GroupId!) {\n  groupAccessLevels(\n    input: { groupId: $groupId }\n  ) {\n    ... on GroupAccessLevelsResult {\n      groupId\n      accessLevels {\n        ... on GroupAccessLevel {\n            accessLevelName\n            accessLevelRemoteId\n          }\n      }\n    }\n  }\n}\n": types.GroupAccessLevelsDocument,
     "\n  query GetAssociatedItems($resourceId: ResourceId!, $searchQuery: String) {\n    resource(input: {\n      id: $resourceId\n    }) {\n      __typename\n      ... on ResourceResult {\n        __typename\n        resource {\n          associatedItems(\n            first: 200\n            filters: {\n              searchQuery: {\n                contains: $searchQuery\n              }\n              access: REQUESTABLE\n              endUserVisible: true\n              entityType: {\n                in: [GROUP, RESOURCE]\n              }\n            }\n          ) {\n            edges {\n              __typename\n              ... on ResourceAssociatedItemEdge {\n                alias\n                node {\n                  __typename\n                  id\n                  name\n                  ... on Resource {\n                    accessLevels(\n                    filters: {\n                      skipRemoteAccessLevels: false # azure app roles are remote\n                    }\n                  ) {\n                    __typename\n                    accessLevelName\n                    accessLevelRemoteId\n                  }\n                  }\n                }\n              }\n            }\n          }\n        }\n      }\n      ... on ResourceNotFoundError {\n        message\n      }\n    }\n  }\n": types.GetAssociatedItemsDocument,
 };
-function graphql(source) {
+export function graphql(source) {
     var _a;
     return (_a = documents[source]) !== null && _a !== void 0 ? _a : {};
 }