opal-security 3.2.4 → 4.0.3

package/lib/lib/credentials/index.js

@@ -1,67 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.removeOpalCredentials = exports.getOpalCredentials = exports.setOpalCredentials = exports.SecretType = void 0;
-const config_1 = require("../config");
-const keychain_1 = require("./keychain");
-const localEncryption_1 = require("./localEncryption");
-var SecretType;
-(function (SecretType) {
-    SecretType["Cookie"] = "COOKIE";
-    SecretType["ApiToken"] = "API_TOKEN";
-})(SecretType || (exports.SecretType = SecretType = {}));
-const setOpalCredentials = async (command, email, organizationID, clientIDCandidate, secret, secretType, organizationName) => {
-    const givenEmail = email || "email-unset";
-    const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    configData.creds = {
-        clientIDCandidate,
-        email,
-        organizationID,
-        organizationName,
-        secretType,
-    };
-    (0, config_1.writeConfigData)(command.config.configDir, configData);
-    if (process.platform === "darwin") {
-        await (0, keychain_1.setSecretInKeychain)(givenEmail, secret);
-    }
-    else {
-        await (0, localEncryption_1.setSecretInConfig)(command, configData, secret);
-    }
-};
-exports.setOpalCredentials = setOpalCredentials;
-const getOpalCredentials = async (command, includeAuthSecret = true) => {
-    var _a, _b;
-    const creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
-    if (!includeAuthSecret) {
-        return creds;
-    }
-    let secret = null;
-    if (process.platform === "darwin") {
-        secret = await (0, keychain_1.getSecretFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || "email-unset");
-    }
-    else {
-        secret = await (0, localEncryption_1.getSecretFromConfig)(creds);
-    }
-    if (secret) {
-        creds.secret = secret;
-        // This is a fallback for users with stored credentials from before we converted to session auth with the CLITokenExchange mutation
-        // It will allow them to continue authenticating with an access token in an Authorization header, which will work until we remove support for that
-        if (!creds.secretType) {
-            creds.secretType = SecretType.ApiToken;
-        }
-    }
-    return creds;
-};
-exports.getOpalCredentials = getOpalCredentials;
-const removeOpalCredentials = async (command) => {
-    var _a;
-    const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || "email-unset";
-    // On linux, the access token is stored encrypted in configData.creds, so this effectively removes it
-    configData.creds = {};
-    (0, config_1.writeConfigData)(command.config.configDir, configData);
-    // but on OSX, we need an extra step to delete the token from the keychain
-    if (process.platform === "darwin") {
-        await (0, keychain_1.deleteSecretFromKeychain)(email);
-    }
-};
-exports.removeOpalCredentials = removeOpalCredentials;

package/lib/lib/request/api/index.d.ts

@@ -1,6 +0,0 @@
-export { queryRequestableApps } from "./queries/apps";
-export { queryRequestableAssets, queryCatalogItems } from "./queries/assets";
-export { queryAssetRoles, queryAssociatedItems } from "./queries/roles";
-export { queryRequestDefaults } from "./queries/request-defaults";
-export { queryRequest, queryRequests } from "./queries/requests";
-export { createRequest } from "./mutations/create-request";

package/lib/lib/request/api/index.js

@@ -1,20 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createRequest = exports.queryRequests = exports.queryRequest = exports.queryRequestDefaults = exports.queryAssociatedItems = exports.queryAssetRoles = exports.queryCatalogItems = exports.queryRequestableAssets = exports.queryRequestableApps = void 0;
-// Query exports
-var apps_1 = require("./queries/apps");
-Object.defineProperty(exports, "queryRequestableApps", { enumerable: true, get: function () { return apps_1.queryRequestableApps; } });
-var assets_1 = require("./queries/assets");
-Object.defineProperty(exports, "queryRequestableAssets", { enumerable: true, get: function () { return assets_1.queryRequestableAssets; } });
-Object.defineProperty(exports, "queryCatalogItems", { enumerable: true, get: function () { return assets_1.queryCatalogItems; } });
-var roles_1 = require("./queries/roles");
-Object.defineProperty(exports, "queryAssetRoles", { enumerable: true, get: function () { return roles_1.queryAssetRoles; } });
-Object.defineProperty(exports, "queryAssociatedItems", { enumerable: true, get: function () { return roles_1.queryAssociatedItems; } });
-var request_defaults_1 = require("./queries/request-defaults");
-Object.defineProperty(exports, "queryRequestDefaults", { enumerable: true, get: function () { return request_defaults_1.queryRequestDefaults; } });
-var requests_1 = require("./queries/requests");
-Object.defineProperty(exports, "queryRequest", { enumerable: true, get: function () { return requests_1.queryRequest; } });
-Object.defineProperty(exports, "queryRequests", { enumerable: true, get: function () { return requests_1.queryRequests; } });
-// Mutation exports
-var create_request_1 = require("./mutations/create-request");
-Object.defineProperty(exports, "createRequest", { enumerable: true, get: function () { return create_request_1.createRequest; } });

package/lib/lib/request/prompts/apps-prompt.js

@@ -1,35 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.selectRequestableItems = selectRequestableItems;
-const _1 = require(".");
-const api_1 = require("../api");
-const { AutoComplete } = require("enquirer");
-async function selectRequestableItems(cmd, client, requestMap) {
-    const initial = (await (0, api_1.queryRequestableApps)(cmd, client, "")) || [];
-    const appPrompt = new AutoComplete({
-        name: "App",
-        message: "Select an app",
-        hint: _1.selectInstructions,
-        limit: 15,
-        choices: initial,
-        async suggest(input) {
-            const filteredChoices = await (0, api_1.queryRequestableApps)(cmd, client, input || "");
-            return filteredChoices || initial;
-        },
-    });
-    const App = await appPrompt.run();
-    // Set the app in the requestMap and call choose assets step
-    if (!(App.id in requestMap)) {
-        requestMap[App.id] = {
-            appId: App.id,
-            appType: App.type,
-            appName: App.name,
-            assets: {},
-        };
-    }
-    if (App.type === "OKTA_APP" || App.type === "AZURE_ENTERPRISE_APP") {
-        await (0, _1.chooseOktaAzureRoles)(cmd, client, App, requestMap);
-        return;
-    }
-    await (0, _1.chooseAssets)(cmd, client, App.id, requestMap);
-}

package/lib/lib/request/prompts/asset-prompt.js

@@ -1,65 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.chooseOktaAzureRoles = chooseOktaAzureRoles;
-exports.chooseAssets = chooseAssets;
-const _1 = require(".");
-const api_1 = require("../api");
-const types_1 = require("../types");
-const { AutoComplete } = require("enquirer");
-async function chooseOktaAzureRoles(cmd, client, app, requestMap) {
-    const associatedItems = (await (0, api_1.queryAssociatedItems)(cmd, client, app.id, "")) || [];
-    const rolePrompt = new AutoComplete({
-        name: "Roles",
-        message: `Select a role for ${app.name}:`,
-        hint: _1.selectInstructions,
-        limit: 15,
-        choices: associatedItems,
-        async suggest(input) {
-            if (!input)
-                return associatedItems;
-            const filteredChoices = await (0, api_1.queryAssociatedItems)(cmd, client, app.id, input);
-            return filteredChoices || associatedItems;
-        },
-    });
-    const selectedRole = await rolePrompt.run();
-    const entry = requestMap[app.id];
-    if (!(selectedRole.id in entry.assets)) {
-        entry.assets[selectedRole.id] = {
-            assetId: selectedRole.id,
-            assetName: selectedRole.name,
-            type: (0, types_1.entityTypeFromString)(selectedRole.type),
-            roles: {},
-        };
-    }
-}
-async function chooseAssets(cmd, client, appId, requestMap) {
-    const initial = (await (0, api_1.queryRequestableAssets)(cmd, client, appId, "")) || [];
-    const assetPrompt = new AutoComplete({
-        name: "Assets",
-        message: "Select an asset to request:",
-        hint: _1.selectInstructions,
-        limit: 15,
-        async suggest(input, choices) {
-            if (!input) {
-                return initial;
-            }
-            const filteredChoices = await (0, api_1.queryRequestableAssets)(cmd, client, appId, input);
-            return filteredChoices || initial;
-        },
-        choices: initial,
-    });
-    const selectedAsset = await assetPrompt.run();
-    const entry = requestMap[appId];
-    if (entry === undefined) {
-        throw new Error(`Error formatting app ${appId} in request`);
-    }
-    if (!(selectedAsset.id in entry.assets)) {
-        entry.assets[selectedAsset.id] = {
-            assetId: selectedAsset.id,
-            assetName: selectedAsset.name,
-            type: selectedAsset.type,
-            roles: {},
-        };
-    }
-    await (0, _1.chooseRoles)(cmd, client, appId, selectedAsset.id, requestMap);
-}

package/lib/lib/request/prompts/index.d.ts

@@ -1,7 +0,0 @@
-export { selectRequestableItems } from "./apps-prompt";
-export { chooseOktaAzureRoles, chooseAssets } from "./asset-prompt";
-export { chooseRoles } from "./role-prompt";
-export { promptForReason } from "./reason-prompt";
-export { promptForDuration } from "./duration-prompt";
-export { doneSelectingAssets, promptRequestSubmission, } from "./validate-prompt";
-export declare const selectInstructions: string;

package/lib/lib/request/prompts/index.js

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.selectInstructions = exports.promptRequestSubmission = exports.doneSelectingAssets = exports.promptForDuration = exports.promptForReason = exports.chooseRoles = exports.chooseAssets = exports.chooseOktaAzureRoles = exports.selectRequestableItems = void 0;
-const chalk_1 = require("chalk");
-var apps_prompt_1 = require("./apps-prompt");
-Object.defineProperty(exports, "selectRequestableItems", { enumerable: true, get: function () { return apps_prompt_1.selectRequestableItems; } });
-var asset_prompt_1 = require("./asset-prompt");
-Object.defineProperty(exports, "chooseOktaAzureRoles", { enumerable: true, get: function () { return asset_prompt_1.chooseOktaAzureRoles; } });
-Object.defineProperty(exports, "chooseAssets", { enumerable: true, get: function () { return asset_prompt_1.chooseAssets; } });
-var role_prompt_1 = require("./role-prompt");
-Object.defineProperty(exports, "chooseRoles", { enumerable: true, get: function () { return role_prompt_1.chooseRoles; } });
-var reason_prompt_1 = require("./reason-prompt");
-Object.defineProperty(exports, "promptForReason", { enumerable: true, get: function () { return reason_prompt_1.promptForReason; } });
-var duration_prompt_1 = require("./duration-prompt");
-Object.defineProperty(exports, "promptForDuration", { enumerable: true, get: function () { return duration_prompt_1.promptForDuration; } });
-var validate_prompt_1 = require("./validate-prompt");
-Object.defineProperty(exports, "doneSelectingAssets", { enumerable: true, get: function () { return validate_prompt_1.doneSelectingAssets; } });
-Object.defineProperty(exports, "promptRequestSubmission", { enumerable: true, get: function () { return validate_prompt_1.promptRequestSubmission; } });
-exports.selectInstructions = chalk_1.default.dim("[↑↓] Navigate · [Enter] Select · Type to filter");

package/lib/lib/request/types.js

@@ -1,15 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.entityTypeFromString = entityTypeFromString;
-const graphql_1 = require("../../graphql/graphql");
-function entityTypeFromString(str) {
-    const capStr = str === null || str === void 0 ? void 0 : str.toLocaleUpperCase();
-    if (capStr === "RESOURCE") {
-        return graphql_1.EntityType.Resource;
-    }
-    if (capStr === "GROUP") {
-        return graphql_1.EntityType.Group;
-    }
-    // if type unknown, default to resource
-    return graphql_1.EntityType.Resource;
-}