opal-security 4.1.0 ā†’ 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +47 -68
  2. package/build/commands/iam-roles/start.d.ts +0 -2
  3. package/build/commands/iam-roles/start.js +5 -7
  4. package/build/commands/kube-roles/start.d.ts +0 -2
  5. package/build/commands/kube-roles/start.js +5 -7
  6. package/build/commands/login.js +18 -8
  7. package/build/commands/postgres-instances/start.d.ts +0 -2
  8. package/build/commands/postgres-instances/start.js +4 -6
  9. package/build/commands/ssh/copyFrom.d.ts +0 -1
  10. package/build/commands/ssh/copyFrom.js +4 -5
  11. package/build/commands/ssh/copyTo.d.ts +0 -1
  12. package/build/commands/ssh/copyTo.js +4 -5
  13. package/build/commands/ssh/start.d.ts +0 -2
  14. package/build/commands/ssh/start.js +5 -7
  15. package/build/graphql/gql.d.ts +10 -0
  16. package/build/graphql/gql.js +2 -0
  17. package/build/graphql/graphql.d.ts +377 -378
  18. package/build/graphql/graphql.js +109 -38
  19. package/build/labels.js +4 -0
  20. package/build/lib/apollo.d.ts +1 -1
  21. package/build/lib/apollo.js +6 -1
  22. package/build/lib/cmd.d.ts +6 -0
  23. package/build/lib/cmd.js +11 -0
  24. package/build/lib/config.js +1 -0
  25. package/build/lib/flags.d.ts +0 -2
  26. package/build/lib/flags.js +0 -9
  27. package/build/lib/mfa.d.ts +2 -0
  28. package/build/lib/mfa.js +62 -0
  29. package/build/lib/oidc.d.ts +3 -0
  30. package/build/lib/oidc.js +64 -0
  31. package/build/lib/sessions.d.ts +3 -3
  32. package/build/lib/sessions.js +14 -133
  33. package/oclif.manifest.json +62 -138
  34. package/package.json +2 -2
package/build/commands/ssh/copyTo.d.ts CHANGED
@@ -8,7 +8,6 @@ export default class StartSCPSession extends Command {
8
8
  dest: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
9
9
  user: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
10
10
  id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
11
- sessionId: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
12
11
  };
13
12
  run(): Promise<void>;
14
13
  }
package/build/commands/ssh/copyTo.js CHANGED
@@ -3,7 +3,7 @@ import { handleError } from "../../lib/apollo.js";
3
3
  import { runCommandSpawn, setMostRecentCommand } from "../../lib/cmd.js";
4
4
  import { SHARED_FLAGS } from "../../lib/flags.js";
5
5
  import { DEFAULT_ACCESS_LEVEL } from "../../lib/resources.js";
6
- import { getOrCreateSession } from "../../lib/sessions.js";
6
+ import { createSession } from "../../lib/sessions.js";
7
7
  import { assertSessionManagerPluginExists, selectComputeInstance, } from "../../lib/ssh.js";
8
8
  import { Ec2SessionMetadataFragment } from "./start.js";
9
9
  class StartSCPSession extends Command {
@@ -25,11 +25,11 @@ class StartSCPSession extends Command {
25
25
  instanceId = selectedInstance.id;
26
26
  instanceName = selectedInstance.name;
27
27
  }
28
- const session = await getOrCreateSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
28
+ const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
29
29
  if (!session) {
30
30
  return;
31
31
  }
32
- const metadata = session.metadata;
32
+ const metadata = session.sessionMetadata;
33
33
  switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
34
34
  case "AwsIamFederatedSSMSession": {
35
35
  const envVars = {
@@ -44,7 +44,7 @@ class StartSCPSession extends Command {
44
44
  break;
45
45
  }
46
46
  default:
47
- return handleError(this, undefined, session);
47
+ return handleError(this, undefined);
48
48
  }
49
49
  }
50
50
  }
@@ -73,6 +73,5 @@ StartSCPSession.flags = {
73
73
  description: "The user you want to run SCP over. Keep in mind not all users will have access to each other's home directory.",
74
74
  }),
75
75
  id: SHARED_FLAGS.id,
76
- sessionId: SHARED_FLAGS.sessionId,
77
76
  };
78
77
  export default StartSCPSession;
package/build/commands/ssh/start.d.ts CHANGED
@@ -6,8 +6,6 @@ export default class StartSSHSession extends Command {
6
6
  static flags: {
7
7
  help: import("@oclif/core/lib/interfaces").BooleanFlag<void>;
8
8
  id: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
9
- sessionId: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
10
- refresh: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
11
9
  };
12
10
  run(): Promise<void>;
13
11
  }
package/build/commands/ssh/start.js CHANGED
@@ -6,7 +6,7 @@ import { getAwsConfigUpdateCmd } from "../../lib/aws.js";
6
6
  import { setMostRecentCommand, startInteractiveShell } from "../../lib/cmd.js";
7
7
  import { SHARED_FLAGS } from "../../lib/flags.js";
8
8
  import { DEFAULT_ACCESS_LEVEL } from "../../lib/resources.js";
9
- import { getOrCreateSession, getSessionExpirationMessage, } from "../../lib/sessions.js";
9
+ import { createSession, getSessionExpirationMessage } from "../../lib/sessions.js";
10
10
  import { assertSessionManagerPluginExists, selectComputeInstance, } from "../../lib/ssh.js";
11
11
  export const Ec2SessionMetadataFragment = `
12
12
  ... on AwsIamFederatedSSMSession {
@@ -56,14 +56,14 @@ class StartSSHSession extends Command {
56
56
  }
57
57
  instanceName = (resp === null || resp === void 0 ? void 0 : resp.data.resource.resource.name) || "ssh-instance";
58
58
  }
59
- const session = await getOrCreateSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment, flags.refresh);
59
+ const session = await createSession(this, instanceId, DEFAULT_ACCESS_LEVEL, sessionId, Ec2SessionMetadataFragment);
60
60
  if (!session) {
61
61
  return;
62
62
  }
63
- const metadata = session.metadata;
63
+ const metadata = session.sessionMetadata;
64
64
  switch (metadata === null || metadata === void 0 ? void 0 : metadata.__typename) {
65
65
  case "AwsIamFederatedSSMSession": {
66
- this.log(`\nšŸ•° Connecting to a session that expires in ${getSessionExpirationMessage(session)}.`);
66
+ this.log(`\nšŸ•° Connecting to a session that expires in ${getSessionExpirationMessage(session.session)}.`);
67
67
  const updateAwsConfigCommand = getAwsConfigUpdateCmd(instanceName, metadata.awsAccessKeyId, metadata.awsSecretAccessKey, metadata.awsSessionToken);
68
68
  const sessionCmd = `aws ssm start-session --target ${metadata.ec2InstanceId} --region ${metadata.ec2Region} --profile opal`;
69
69
  // TODO: Unfortunately allowing SSH over SSM disables logging
@@ -74,7 +74,7 @@ class StartSSHSession extends Command {
74
74
  break;
75
75
  }
76
76
  default:
77
- return handleError(this, undefined, session);
77
+ return handleError(this, undefined);
78
78
  }
79
79
  }
80
80
  }
@@ -92,7 +92,5 @@ StartSSHSession.flags = {
92
92
  // required: false,
93
93
  // default: "ssm-user",
94
94
  // }),
95
- sessionId: SHARED_FLAGS.sessionId,
96
- refresh: SHARED_FLAGS.refresh,
97
95
  };
98
96
  export default StartSSHSession;
package/build/graphql/gql.d.ts CHANGED
@@ -14,6 +14,8 @@ import * as types from "./graphql.js";
14
14
  type Documents = {
15
15
  "\nquery GetGroup($id: GroupId!) {\n group(input: { id: $id }) {\n __typename\n ... on GroupResult {\n group {\n name\n id\n description\n groupType\n adminOwnerId\n groupLeaders {\n fullName\n email\n id\n }\n connection {\n name\n id\n connectionType\n }\n paginatedGroupUsers {\n totalNumGroupUsers\n groupUsers {\n user {\n fullName\n email\n id\n }\n }\n }\n }\n }\n ... on GroupNotFoundError {\n message\n }\n }\n}": typeof types.GetGroupDocument;
16
16
  "\nquery CheckAuthSessionQuery {\n organizationSettings {\n ... on OrganizationSettingsResult {\n settings {\n id\n }\n }\n }\n}\n": typeof types.CheckAuthSessionQueryDocument;
17
+ "\n query GetLastMfaAt {\n lastMfaAt\n }\n ": typeof types.GetLastMfaAtDocument;
18
+ "\n query HasValidOidcIdToken($oidcProviderType: OIDCProviderType!) {\n hasValidOidcToken(oidcProviderType: $oidcProviderType)\n }\n ": typeof types.HasValidOidcIdTokenDocument;
17
19
  "\n mutation CreateRequest(\n $requestedResources: [RequestedResourceInput!]!\n $requestedGroups: [RequestedGroupInput!]!\n $reason: String!\n $durationInMinutes: Int\n ) {\n createRequest(\n input: {\n requestedResources: $requestedResources\n requestedGroups: $requestedGroups\n reason: $reason\n durationInMinutes: $durationInMinutes\n }\n ) {\n ... on CreateRequestResult {\n request {\n id\n status\n }\n }\n ... on RequestDurationTooLargeError {\n message\n }\n ... on RequestRequiresUserAuthTokenForConnectionError {\n message\n }\n ... on NoReviewersSetForOwnerError {\n message\n ownerId\n }\n ... on NoReviewersSetForResourceError {\n message\n resourceId\n }\n ... on NoReviewersSetForGroupError {\n message\n groupId\n }\n ... on NoManagerSetForRequestingUserError {\n message\n }\n ... on MfaInvalidError {\n message\n }\n ... on BulkRequestTooLargeError {\n message\n }\n ... on ItemCannotBeRequestedError {\n message\n }\n ... on UserCannotRequestAccessForTargetGroupError {\n message\n groupId\n userId\n }\n ... on GroupNestingNotAllowedError {\n message\n fromGroupId\n toGroupId\n }\n ... on TargetUserHasNestedAccessError {\n message\n groupIds\n }\n ... on RequestReasonMissingError {\n message\n }\n ... on RequestFieldValueMissingError {\n message\n fieldName\n }\n ... on LinkedGroupNotRequestableError {\n message\n sourceGroupId\n groupBindingId\n }\n ... on RequestReasonBelowMinLengthError {\n message\n }\n\n }\n }\n": typeof types.CreateRequestDocument;
18
20
  '\n query GetRequestableAppsQuery($searchQuery: String) {\n appsV2(\n filters: {\n access: REQUESTABLE\n searchQuery: $searchQuery\n }\n ) @connection(key: "paginated-app-dropdown") {\n edges {\n node {\n id\n displayName\n ... on Connection {\n connectionType\n }\n ... on Resource {\n resourceType\n }\n }\n }\n pageInfo {\n hasNextPage\n hasPreviousPage\n startCursor\n endCursor\n }\n }\n }\n ': typeof types.GetRequestableAppsQueryDocument;
19
21
  "\n query PaginatedEntityDropdown(\n $id: UUID!\n $searchQuery: String\n) {\n app(id: $id) {\n __typename\n ... on App {\n id\n items(\n input: {\n access: REQUESTABLE\n searchQuery: $searchQuery\n includeOnlyRequestable: true\n }\n ) {\n items {\n key\n resource {\n id\n name\n }\n group {\n id\n name\n }\n }\n cursor\n }\n }\n ... on AppNotFoundError {\n message\n }\n }\n}\n": typeof types.PaginatedEntityDropdownDocument;
@@ -51,6 +53,14 @@ export declare function graphql(source: "\nquery GetGroup($id: GroupId!) {\n
51
53
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
52
54
  */
53
55
  export declare function graphql(source: "\nquery CheckAuthSessionQuery {\n organizationSettings {\n ... on OrganizationSettingsResult {\n settings {\n id\n }\n }\n }\n}\n"): (typeof documents)["\nquery CheckAuthSessionQuery {\n organizationSettings {\n ... on OrganizationSettingsResult {\n settings {\n id\n }\n }\n }\n}\n"];
56
+ /**
57
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
58
+ */
59
+ export declare function graphql(source: "\n query GetLastMfaAt {\n lastMfaAt\n }\n "): (typeof documents)["\n query GetLastMfaAt {\n lastMfaAt\n }\n "];
60
+ /**
61
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
62
+ */
63
+ export declare function graphql(source: "\n query HasValidOidcIdToken($oidcProviderType: OIDCProviderType!) {\n hasValidOidcToken(oidcProviderType: $oidcProviderType)\n }\n "): (typeof documents)["\n query HasValidOidcIdToken($oidcProviderType: OIDCProviderType!) {\n hasValidOidcToken(oidcProviderType: $oidcProviderType)\n }\n "];
54
64
  /**
55
65
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
56
66
  */
package/build/graphql/gql.js CHANGED
@@ -3,6 +3,8 @@ import * as types from "./graphql.js";
3
3
  const documents = {
4
4
  "\nquery GetGroup($id: GroupId!) {\n group(input: { id: $id }) {\n __typename\n ... on GroupResult {\n group {\n name\n id\n description\n groupType\n adminOwnerId\n groupLeaders {\n fullName\n email\n id\n }\n connection {\n name\n id\n connectionType\n }\n paginatedGroupUsers {\n totalNumGroupUsers\n groupUsers {\n user {\n fullName\n email\n id\n }\n }\n }\n }\n }\n ... on GroupNotFoundError {\n message\n }\n }\n}": types.GetGroupDocument,
5
5
  "\nquery CheckAuthSessionQuery {\n organizationSettings {\n ... on OrganizationSettingsResult {\n settings {\n id\n }\n }\n }\n}\n": types.CheckAuthSessionQueryDocument,
6
+ "\n query GetLastMfaAt {\n lastMfaAt\n }\n ": types.GetLastMfaAtDocument,
7
+ "\n query HasValidOidcIdToken($oidcProviderType: OIDCProviderType!) {\n hasValidOidcToken(oidcProviderType: $oidcProviderType)\n }\n ": types.HasValidOidcIdTokenDocument,
6
8
  "\n mutation CreateRequest(\n $requestedResources: [RequestedResourceInput!]!\n $requestedGroups: [RequestedGroupInput!]!\n $reason: String!\n $durationInMinutes: Int\n ) {\n createRequest(\n input: {\n requestedResources: $requestedResources\n requestedGroups: $requestedGroups\n reason: $reason\n durationInMinutes: $durationInMinutes\n }\n ) {\n ... on CreateRequestResult {\n request {\n id\n status\n }\n }\n ... on RequestDurationTooLargeError {\n message\n }\n ... on RequestRequiresUserAuthTokenForConnectionError {\n message\n }\n ... on NoReviewersSetForOwnerError {\n message\n ownerId\n }\n ... on NoReviewersSetForResourceError {\n message\n resourceId\n }\n ... on NoReviewersSetForGroupError {\n message\n groupId\n }\n ... on NoManagerSetForRequestingUserError {\n message\n }\n ... on MfaInvalidError {\n message\n }\n ... on BulkRequestTooLargeError {\n message\n }\n ... on ItemCannotBeRequestedError {\n message\n }\n ... on UserCannotRequestAccessForTargetGroupError {\n message\n groupId\n userId\n }\n ... on GroupNestingNotAllowedError {\n message\n fromGroupId\n toGroupId\n }\n ... on TargetUserHasNestedAccessError {\n message\n groupIds\n }\n ... on RequestReasonMissingError {\n message\n }\n ... on RequestFieldValueMissingError {\n message\n fieldName\n }\n ... on LinkedGroupNotRequestableError {\n message\n sourceGroupId\n groupBindingId\n }\n ... on RequestReasonBelowMinLengthError {\n message\n }\n\n }\n }\n": types.CreateRequestDocument,
7
9
  '\n query GetRequestableAppsQuery($searchQuery: String) {\n appsV2(\n filters: {\n access: REQUESTABLE\n searchQuery: $searchQuery\n }\n ) @connection(key: "paginated-app-dropdown") {\n edges {\n node {\n id\n displayName\n ... on Connection {\n connectionType\n }\n ... on Resource {\n resourceType\n }\n }\n }\n pageInfo {\n hasNextPage\n hasPreviousPage\n startCursor\n endCursor\n }\n }\n }\n ': types.GetRequestableAppsQueryDocument,
8
10
  "\n query PaginatedEntityDropdown(\n $id: UUID!\n $searchQuery: String\n) {\n app(id: $id) {\n __typename\n ... on App {\n id\n items(\n input: {\n access: REQUESTABLE\n searchQuery: $searchQuery\n includeOnlyRequestable: true\n }\n ) {\n items {\n key\n resource {\n id\n name\n }\n group {\n id\n name\n }\n }\n cursor\n }\n }\n ... on AppNotFoundError {\n message\n }\n }\n}\n": types.PaginatedEntityDropdownDocument,