opal-security 5.0.0 → 5.0.1

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/5.0.0 darwin-arm64 node-v22.21.1
+opal-security/5.0.1 darwin-arm64 node-v22.21.1
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -106,7 +106,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-config`
 
@@ -123,7 +123,7 @@ EXAMPLES
   $ opal clear-auth-config
 ```
 
-_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/clear-auth-config.ts)_
+_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/clear-auth-config.ts)_
 
 ## `opal curl-example`
 
@@ -140,7 +140,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -161,7 +161,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -208,7 +208,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -235,7 +235,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -258,7 +258,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -278,7 +278,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -312,7 +312,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/postgres-instances/start.ts)_
 
 ## `opal request create`
 
@@ -338,7 +338,7 @@ DESCRIPTION
   Creates an Opal access request via an interactive form
 ```
 
-_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/request/create.ts)_
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/request/create.ts)_
 
 ## `opal request get`
 
@@ -362,7 +362,7 @@ EXAMPLES
   $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
 ```
 
-_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/request/get.ts)_
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/request/get.ts)_
 
 ## `opal request list`
 
@@ -394,7 +394,7 @@ EXAMPLES
   $ opal request list --n 5 --pending --verbose
 ```
 
-_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/request/list.ts)_
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/request/list.ts)_
 
 ## `opal request ls`
 
@@ -445,7 +445,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/resources/get.ts)_
 
 ## `opal set-auth-config`
 
@@ -475,7 +475,7 @@ EXAMPLES
   $ opal set-auth-config --organizationID=org-456 --clientID=abc123 --issuerUrl=https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/set-auth-config.ts)_
+_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/set-auth-config.ts)_
 
 ## `opal set-custom-header`
 
@@ -496,7 +496,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -516,7 +516,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -540,7 +540,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -568,7 +568,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -596,7 +596,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -619,7 +619,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -656,5 +656,5 @@ DESCRIPTION
   Describes current url set, organization name, and logged in user if applicable.
 ```
 
-_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.0/src/commands/whoami.ts)_
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.0.1/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/build/commands/login.js

@@ -11,6 +11,7 @@ if (!globalThis.crypto) {
 import chalk from "chalk";
 import { runMutation, runQueryDeprecated } from "../handler.js";
 import { cookieStr, handleError, initClient } from "../lib/apollo.js";
+import { clearPendingCommandAfterAuth, pendingCommandAfterAuth, } from "../lib/cmd.js";
 import { getOrCreateConfigData, isProduction, urlKey } from "../lib/config.js";
 import { SecretType, getOpalCredentials, removeAuthSecret, setOpalCredentials, } from "../lib/credentials/index.js";
 import { SHARED_FLAGS } from "../lib/flags.js";
@@ -353,6 +354,15 @@ ${redirectTo}
                 process.exit(1);
             }
             this.log("\n🎉 You have successfully authenticated with Opal! You can now run authenticated commands.\n");
+            // If authentication was triggered by another command, re-run that command
+            if (pendingCommandAfterAuth) {
+                const { commandId, args } = pendingCommandAfterAuth;
+                clearPendingCommandAfterAuth();
+                this.log(`Resuming command: ${commandId}\n`);
+                // Re-run the original command
+                const { run } = await import("@oclif/core");
+                await run([commandId, ...args], this.config);
+            }
             process.exit(0);
         }
         catch (error) {

package/build/lib/apollo.js

@@ -8,6 +8,7 @@ import { major } from "semver";
 import { invariant } from "@apollo/client/utilities/invariant";
 import { from } from "rxjs";
 import Login, { CLIAuthSessionCheckName, CLISignInMethodName, CLITokenExchangeName, } from "../commands/login.js";
+import { setPendingCommandAfterAuth } from "./cmd.js";
 import { allowSelfSignedCertsKey, customHttpHeaderKey, getOrCreateConfigData, urlKey, } from "./config.js";
 import { SecretType, getOpalCredentials } from "./credentials/index.js";
 import http from "node:http";
@@ -168,6 +169,10 @@ export const initClient = async (command, fetchAccessToken = true) => {
             const errorMessage = error.message;
             if (errorMessage.includes("invalid authentication")) {
                 command.log("Your session is invalid or expired. Authenticating now...\n");
+                // Store the current command for re-execution after auth
+                if (command.id) {
+                    setPendingCommandAfterAuth(command.id, command.argv);
+                }
                 const loginCommand = new Login([], command.config);
                 return from(loginCommand.run()).pipe(mergeMap(() => forward(operation)));
             }

package/build/lib/cmd.d.ts

@@ -3,7 +3,13 @@ import type { Command } from "@oclif/core";
 import moment from "moment";
 export declare let mostRecentCommand: Command | null;
 export declare let mostRecentCommandTime: moment.Moment | null;
+export declare let pendingCommandAfterAuth: {
+    commandId: string;
+    args: string[];
+} | null;
 export declare const setMostRecentCommand: (cmd: Command) => void;
+export declare const setPendingCommandAfterAuth: (commandId: string, args: string[]) => void;
+export declare const clearPendingCommandAfterAuth: () => void;
 export declare const startInteractiveShell: (runCmd: string, shellName?: string) => void;
 export declare const runCommandExec: (runCmd: string, successMessage: string, errorMessage: string, envVars?: NodeJS.ProcessEnv) => void;
 export declare const runCommandExecWithCallback: (cmd: string, callback?: (error: ExecException | null, stdout: string, stderr: string) => void) => Promise<unknown>;

package/build/lib/cmd.js

@@ -7,10 +7,21 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 export let mostRecentCommand = null;
 export let mostRecentCommandTime = null;
+// Store command info for re-execution after auth
+export let pendingCommandAfterAuth = null;
 export const setMostRecentCommand = (cmd) => {
     mostRecentCommand = cmd;
     mostRecentCommandTime = moment(new Date());
 };
+export const setPendingCommandAfterAuth = (commandId, args) => {
+    pendingCommandAfterAuth = {
+        commandId,
+        args,
+    };
+};
+export const clearPendingCommandAfterAuth = () => {
+    pendingCommandAfterAuth = null;
+};
 export const startInteractiveShell = (runCmd, shellName) => {
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }),

package/oclif.manifest.json

@@ -383,12 +383,14 @@
         "identity.js"
       ]
     },
-    "groups:get": {
+    "iam-roles:start": {
       "aliases": [],
       "args": {},
-      "description": "Get group info for a particular group.",
+      "description": "Starts a session to assume an IAM role.",
       "examples": [
-        "opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"
+        "opal iam-roles:start",
+        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
+        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""
       ],
       "flags": {
         "help": {
@@ -405,11 +407,18 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
+        },
+        "profileName": {
+          "description": "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
+          "name": "profileName",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
         }
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "groups:get",
+      "id": "iam-roles:start",
       "pluginAlias": "opal-security",
       "pluginName": "opal-security",
       "pluginType": "core",
@@ -419,18 +428,16 @@
       "relativePath": [
         "build",
         "commands",
-        "groups",
-        "get.js"
+        "iam-roles",
+        "start.js"
       ]
     },
-    "iam-roles:start": {
+    "groups:get": {
       "aliases": [],
       "args": {},
-      "description": "Starts a session to assume an IAM role.",
+      "description": "Get group info for a particular group.",
       "examples": [
-        "opal iam-roles:start",
-        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398",
-        "opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName \"custom-profile\""
+        "opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4"
       ],
       "flags": {
         "help": {
@@ -447,18 +454,11 @@
           "hasDynamicHelp": false,
           "multiple": false,
           "type": "option"
-        },
-        "profileName": {
-          "description": "Uses a custom AWS profile name for the IAM role. Default value is the role's name.",
-          "name": "profileName",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
         }
       },
       "hasDynamicHelp": false,
       "hiddenAliases": [],
-      "id": "iam-roles:start",
+      "id": "groups:get",
       "pluginAlias": "opal-security",
       "pluginName": "opal-security",
       "pluginType": "core",
@@ -468,8 +468,8 @@
       "relativePath": [
         "build",
         "commands",
-        "iam-roles",
-        "start.js"
+        "groups",
+        "get.js"
       ]
     },
     "kube-roles:start": {
@@ -978,5 +978,5 @@
       ]
     }
   },
-  "version": "5.0.0"
+  "version": "5.0.1"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "type": "module",
   "author": "Opal Security",
   "bin": {
@@ -32,7 +32,7 @@
     "sanitize-html": "^2.17.0",
     "semver": "^7.5.4",
     "tslib": "^2.8.1",
-    "validator": "^13.15.20"
+    "validator": "^13.15.26"
   },
   "devDependencies": {
     "@biomejs/biome": "1.9.4",
@@ -72,9 +72,7 @@
     "/scripts"
   ],
   "homepage": "https://github.com/opalsecurity/opal-cli/",
-  "keywords": [
-    "oclif"
-  ],
+  "keywords": ["oclif"],
   "license": "MIT",
   "main": "build/index.js",
   "oclif": {