opal-security 5.0.1 → 5.1.1

package/build/hooks/init/version-check.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from "@oclif/core";
+declare const hook: Hook<"init">;
+export default hook;

package/build/hooks/init/version-check.js

@@ -0,0 +1,110 @@
+import http from "node:http";
+import https from "node:https";
+import chalk from "chalk";
+import { allowSelfSignedCertsKey, getOrCreateConfigData, urlKey, } from "../../lib/config.js";
+// Commands that should skip the version check (e.g., configuration commands)
+const SKIP_VERSION_CHECK_COMMANDS = [
+    "set-url",
+    "set-token",
+    "set-auth-config",
+    "version",
+    "help",
+    "autocomplete",
+];
+const hook = async (opts) => {
+    // Skip version check for certain commands
+    if (opts.id && SKIP_VERSION_CHECK_COMMANDS.includes(opts.id)) {
+        return;
+    }
+    try {
+        const configData = getOrCreateConfigData(opts.config.configDir);
+        const baseUrl = configData[urlKey];
+        const allowSelfSignedCerts = configData[allowSelfSignedCertsKey];
+        if (!baseUrl) {
+            return;
+        }
+        const cliVersion = opts.config.version;
+        const url = new URL("/api/cli/version-check", baseUrl);
+        url.searchParams.set("version", cliVersion);
+        const response = await fetchWithTimeout(url.toString(), {
+            method: "GET",
+            headers: {
+                "User-Agent": `Opal CLI v${cliVersion}`,
+            },
+        }, allowSelfSignedCerts, 5000);
+        if (!response.ok) {
+            // Silently fail on non-2xx responses - don't block the CLI
+            return;
+        }
+        const data = JSON.parse(response.body);
+        if (data.status === "ok") {
+            return;
+        }
+        // Display message based on status
+        const formattedMessage = formatMessage(data.status, data.message);
+        if (formattedMessage) {
+            process.stderr.write(`${formattedMessage}\n`);
+        }
+    }
+    catch (_a) {
+        // Silently fail on any errors (network issues, etc.) - don't block the CLI
+    }
+};
+function formatMessage(status, message) {
+    if (!message) {
+        return "";
+    }
+    switch (status) {
+        case "error":
+            return chalk.red(`❗ ${message}`);
+        case "warn":
+            return chalk.yellow(`⚠️  ${message}`);
+        case "info":
+            return chalk.blue(`ℹ️  ${message}`);
+        default:
+            return message;
+    }
+}
+function fetchWithTimeout(url, options, allowSelfSignedCerts, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const parsedUrl = new URL(url);
+        const isHttps = parsedUrl.protocol === "https:";
+        const lib = isHttps ? https : http;
+        const requestOptions = {
+            hostname: parsedUrl.hostname,
+            port: parsedUrl.port || (isHttps ? 443 : 80),
+            path: parsedUrl.pathname + parsedUrl.search,
+            method: options.method,
+            headers: options.headers,
+            timeout: timeoutMs,
+        };
+        if (isHttps) {
+            requestOptions.rejectUnauthorized =
+                !allowSelfSignedCerts;
+        }
+        const req = lib.request(requestOptions, (res) => {
+            let body = "";
+            res.on("data", (chunk) => {
+                body += chunk;
+            });
+            res.on("end", () => {
+                resolve({
+                    ok: res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode < 300,
+                    status: res.statusCode || 0,
+                    body,
+                });
+            });
+        });
+        req.on("error", reject);
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Request timed out"));
+        });
+        req.end();
+    });
+}
+export default hook;

package/build/labels.d.ts

@@ -1,3 +1,7 @@
-import { ConnectionType, EntityType } from "./graphql/graphql.js";
+import { ConnectionType, EntityType, GroupType, ResourceType } from "./graphql/graphql.js";
 export declare const connectionTypeLabelByType: Record<ConnectionType, string>;
-export declare const DisplayLabels: Partial<Record<EntityType, string>>;
+export declare const EntityTypeLabels: Partial<Record<EntityType, string>>;
+export declare const ResourceTypeLabels: Record<ResourceType, string>;
+export declare const GroupTypeLabels: Record<GroupType, string>;
+export declare function getAssetTypeLabel(entityType: EntityType, assetType: ResourceType | GroupType | undefined): string;
+export declare function getAppTypeLabel(appType: ConnectionType | ResourceType): string;

package/build/labels.js

@@ -1,4 +1,4 @@
-import { ConnectionType, EntityType } from "./graphql/graphql.js";
+import { ConnectionType, EntityType, GroupType, ResourceType, } from "./graphql/graphql.js";
 export const connectionTypeLabelByType = {
     [ConnectionType.ActiveDirectory]: "Active Directory",
     [ConnectionType.Aws]: "Amazon Web Services (Legacy)",
@@ -34,8 +34,139 @@ export const connectionTypeLabelByType = {
     [ConnectionType.Cursor]: "Cursor",
     [ConnectionType.OpenaiPlatform]: "OpenAI Platform",
     [ConnectionType.OracleFusion]: "Oracle Fusion",
+    [ConnectionType.Devin]: "Devin",
+    [ConnectionType.Incidentio]: "incident.io",
+    [ConnectionType.OktaCiam]: "Okta CIAM",
+    [ConnectionType.Vault]: "HashiCorp Vault",
 };
-export const DisplayLabels = {
+export const EntityTypeLabels = {
     [EntityType.Resource]: "Resource",
     [EntityType.Group]: "Group",
 };
+// ResourceTypeLabels maps readable labels from model resource types
+export const ResourceTypeLabels = {
+    [ResourceType.AwsEc2Instance]: "AWS EC2",
+    [ResourceType.AwsEksCluster]: "AWS EKS",
+    [ResourceType.AwsIamRole]: "AWS IAM Role",
+    [ResourceType.AwsAccount]: "AWS Account",
+    [ResourceType.AwsOrganizationalUnit]: "AWS Organizational Unit",
+    [ResourceType.AwsSsoPermissionSet]: "AWS Identity Center Role",
+    [ResourceType.AwsRdsMysqlInstance]: "AWS RDS MySQL Instance",
+    [ResourceType.AwsRdsMysqlCluster]: "AWS RDS MySQL Cluster",
+    [ResourceType.AwsRdsPostgresInstance]: "AWS RDS Postgres Instance",
+    [ResourceType.AwsRdsPostgresCluster]: "AWS RDS Postgres Cluster",
+    [ResourceType.Custom]: "Custom",
+    [ResourceType.CustomConnector]: "Connector Resource",
+    [ResourceType.GcpOrganization]: "GCP Organization",
+    [ResourceType.GcpBucket]: "GCP Bucket",
+    [ResourceType.GcpFolder]: "GCP Folder",
+    [ResourceType.GcpComputeInstance]: "GCP Compute",
+    [ResourceType.GcpCloudSqlMysqlInstance]: "GCP Cloud SQL MySQL",
+    [ResourceType.GcpCloudSqlPostgresInstance]: "GCP Cloud SQL Postgres",
+    [ResourceType.GcpGkeCluster]: "GCP GKE",
+    [ResourceType.GcpProject]: "GCP Project",
+    [ResourceType.GcpBigQueryDataset]: "GCP BigQuery Dataset",
+    [ResourceType.GcpBigQueryTable]: "GCP BigQuery Table",
+    [ResourceType.GcpServiceAccount]: "GCP Service Account",
+    [ResourceType.GoogleWorkspaceRole]: "Google Workspace Role",
+    [ResourceType.GitHubRepo]: "GitHub Repo",
+    [ResourceType.GitHubOrg]: "GitHub Organization",
+    [ResourceType.GitHubOrgRole]: "GitHub Organization Role",
+    [ResourceType.GitLabProject]: "GitLab Project",
+    [ResourceType.MongoInstance]: "Mongo",
+    [ResourceType.MongoAtlasInstance]: "Mongo Atlas",
+    [ResourceType.OktaApp]: "Okta App",
+    [ResourceType.OktaRole]: "Okta Role",
+    [ResourceType.OpalRole]: "Opal Role",
+    [ResourceType.OpalScopedRole]: "Opal Custom Role",
+    [ResourceType.PagerdutyRole]: "PagerDuty Role",
+    [ResourceType.TailscaleSsh]: "Tailscale SSH",
+    [ResourceType.SalesforcePermissionSet]: "SFDC Permission Set",
+    [ResourceType.SalesforceProfile]: "SFDC Profile",
+    [ResourceType.SalesforceRole]: "SFDC Role",
+    [ResourceType.SnowflakeDatabase]: "Snowflake Database",
+    [ResourceType.SnowflakeSchema]: "Snowflake Schema",
+    [ResourceType.SnowflakeTable]: "Snowflake Table",
+    [ResourceType.WorkdayRole]: "Workday Organization Role",
+    [ResourceType.MysqlInstance]: "MySQL",
+    [ResourceType.MariadbInstance]: "MariaDB",
+    [ResourceType.PostgresInstance]: "Postgres",
+    [ResourceType.TeleportRole]: "Teleport Role",
+    [ResourceType.AzureManagementGroup]: "Azure Management Group",
+    [ResourceType.AzureResourceGroup]: "Azure Resource Group",
+    [ResourceType.AzureSubscription]: "Azure Subscription",
+    [ResourceType.AzureVirtualMachine]: "Azure Virtual Machine",
+    [ResourceType.AzureStorageAccount]: "Azure Storage Account",
+    [ResourceType.AzureStorageContainer]: "Azure Storage Container",
+    [ResourceType.AzureSqlServer]: "Azure SQL Server",
+    [ResourceType.AzureSqlManagedInstance]: "Azure SQL Managed Instance",
+    [ResourceType.AzureSqlDatabase]: "Azure SQL Database",
+    [ResourceType.AzureSqlManagedDatabase]: "Azure SQL Managed Database",
+    [ResourceType.AzureUserAssignedManagedIdentity]: "Azure User-Assigned Managed Identity",
+    [ResourceType.AzureEntraIdRole]: "Microsoft Entra ID Role",
+    [ResourceType.AzureEnterpriseApp]: "Azure Enterprise Application",
+    [ResourceType.DatabricksAccountServicePrincipal]: "Databricks Account-Level Service Principal",
+    [ResourceType.IlevelAdvancedRole]: "iLEVEL Advanced Role",
+    [ResourceType.DatastaxAstraRole]: "Astra Role",
+    [ResourceType.CoupaRole]: "Coupa Role",
+    [ResourceType.CursorOrganization]: "Cursor Organization",
+    [ResourceType.OpenaiPlatformProject]: "OpenAI Platform Project",
+    [ResourceType.OpenaiPlatformServiceAccount]: "OpenAI Platform Service Account",
+    [ResourceType.AnthropicWorkspace]: "Anthropic Workspace",
+    [ResourceType.OracleFusionRole]: "Oracle Fusion Role",
+    [ResourceType.DevinOrganization]: "Devin Organization",
+    [ResourceType.DevinRole]: "Devin Role",
+    [ResourceType.VaultOidcRole]: "Vault OIDC Role",
+    [ResourceType.VaultPolicy]: "Vault Policy",
+    [ResourceType.VaultSecret]: "Vault Secret",
+};
+// GroupTypeLabels maps readable labels from model group types
+export const GroupTypeLabels = {
+    [GroupType.ActiveDirectoryGroup]: "AD Group",
+    [GroupType.AwsSsoGroup]: "AWS IAM Group",
+    [GroupType.DuoGroup]: "Duo Group",
+    [GroupType.GitHubTeam]: "GitHub Team",
+    [GroupType.GitLabGroup]: "GitLab Group",
+    [GroupType.GoogleGroupsGroup]: "Google Group",
+    [GroupType.GoogleGroupsGkeGroup]: "GKE Google Group",
+    [GroupType.LdapGroup]: "LDAP Group",
+    [GroupType.OktaGroup]: "Okta Group",
+    [GroupType.OpalGroup]: "Opal Group",
+    [GroupType.AzureAdMicrosoft_365Group]: "Microsoft 365 Group",
+    [GroupType.AzureAdSecurityGroup]: "Microsoft Entra ID Security Group",
+    [GroupType.ConnectorGroup]: "Connector Group",
+    [GroupType.SnowflakeRole]: "Snowflake Role",
+    [GroupType.TailscaleGroup]: "Tailscale Group",
+    [GroupType.WorkdayUserSecurityGroup]: "Workday User Security Group",
+    [GroupType.OpalAccessRule]: "Access Rule",
+    [GroupType.OktaGroupRule]: "Okta Group Rule",
+    [GroupType.DatabricksAccountGroup]: "Databricks Account-Level Group",
+    [GroupType.DevinGroup]: "Devin Group",
+    [GroupType.IncidentioOnCallSchedule]: "incident.io On-Call Schedule",
+    [GroupType.PagerdutyOnCallSchedule]: "PagerDuty On-Call Schedule",
+};
+export function getAssetTypeLabel(entityType, assetType) {
+    var _a;
+    if (assetType === undefined) {
+        // If asset type is not defined (e.g., Okta/Azure group), return empty string
+        return "";
+    }
+    let assetTypeLabel = (_a = EntityTypeLabels[entityType]) !== null && _a !== void 0 ? _a : entityType;
+    if (entityType === EntityType.Resource) {
+        assetTypeLabel =
+            ResourceTypeLabels[assetType] || assetTypeLabel;
+    }
+    else if (entityType === EntityType.Group) {
+        assetTypeLabel = GroupTypeLabels[assetType] || assetTypeLabel;
+    }
+    return `[${assetTypeLabel}]`;
+}
+export function getAppTypeLabel(appType) {
+    if (appType in connectionTypeLabelByType) {
+        return connectionTypeLabelByType[appType];
+    }
+    if (appType in ResourceTypeLabels) {
+        return ResourceTypeLabels[appType];
+    }
+    return "App";
+}

package/build/lib/request/api/queries/apps.js

@@ -1,4 +1,5 @@
 import { graphql } from "../../../../graphql/index.js";
+import { ResourceTypeLabels, connectionTypeLabelByType, } from "../../../../labels.js";
 // TODO: add pagination ability from CLI. (Load more...) option
 const GET_REQUESTABLE_APPS_QUERY = graphql(`
   query GetRequestableAppsQuery($searchQuery: String) {
@@ -41,18 +42,21 @@ export async function queryRequestableApps(cmd, client, input) {
         });
         return (_b = (_a = resp === null || resp === void 0 ? void 0 : resp.data) === null || _a === void 0 ? void 0 : _a.appsV2) === null || _b === void 0 ? void 0 : _b.edges.map((edge) => {
             let type = undefined;
+            let message = "";
             switch (edge.node.__typename) {
                 case "Resource":
                     type = edge.node.resourceType;
+                    message = `${edge.node.displayName} [${ResourceTypeLabels[type]}]`;
                     break;
                 case "Connection":
                     type = edge.node.connectionType;
+                    message = `${edge.node.displayName} [${connectionTypeLabelByType[type]}]`;
                     break;
                 default:
                     type = edge.node.__typename;
             }
             return {
-                message: `${edge.node.displayName} [${type}]`,
+                message: message,
                 value: {
                     id: edge.node.id,
                     name: edge.node.displayName,

package/build/lib/request/api/queries/assets.js

@@ -1,4 +1,5 @@
 import { graphql } from "../../../../graphql/index.js";
+import { getAssetTypeLabel } from "../../../../labels.js";
 import { entityTypeFromString } from "../../types.js";
 const GET_ASSETS_QUERY = graphql(`
   query PaginatedEntityDropdown(
@@ -21,10 +22,12 @@ const GET_ASSETS_QUERY = graphql(`
           resource {
             id
             name
+            resourceType
           }
           group {
             id
             name
+            groupType
           }
         }
         cursor
@@ -55,13 +58,17 @@ export async function queryRequestableAssets(cmd, client, appId, input) {
                     var _a, _b, _c, _d, _e, _f, _g, _h;
                     const name = ((_a = item.resource) === null || _a === void 0 ? void 0 : _a.name) || ((_b = item.group) === null || _b === void 0 ? void 0 : _b.name);
                     const id = ((_c = item.resource) === null || _c === void 0 ? void 0 : _c.id) || ((_d = item.group) === null || _d === void 0 ? void 0 : _d.id);
-                    const type = ((_e = item.resource) === null || _e === void 0 ? void 0 : _e.__typename) || ((_f = item.group) === null || _f === void 0 ? void 0 : _f.__typename);
+                    const entityType = entityTypeFromString(((_e = item.resource) === null || _e === void 0 ? void 0 : _e.__typename) || ((_f = item.group) === null || _f === void 0 ? void 0 : _f.__typename));
+                    const assetType = ((_g = item.resource) === null || _g === void 0 ? void 0 : _g.resourceType) || ((_h = item.group) === null || _h === void 0 ? void 0 : _h.groupType);
+                    const assetTypeLabel = getAssetTypeLabel(entityType, assetType);
                     return {
-                        message: `${name} [${type}]`,
+                        message: `${name} ${assetTypeLabel}`,
                         value: {
                             name: name || "",
                             id: id || "",
-                            type: entityTypeFromString(((_g = item.resource) === null || _g === void 0 ? void 0 : _g.__typename) || ((_h = item.group) === null || _h === void 0 ? void 0 : _h.__typename)),
+                            entityType: entityType,
+                            assetType: assetType,
+                            toString: () => name || "",
                         },
                     };
                 });

package/build/lib/request/api/queries/roles.js

@@ -1,6 +1,6 @@
 import { graphql } from "../../../../graphql/index.js";
 import { EntityType, } from "../../../../graphql/graphql.js";
-import { DisplayLabels } from "../../../../labels.js";
+import { EntityTypeLabels, GroupTypeLabels } from "../../../../labels.js";
 const RESOURCE_ROLES_QUERY = graphql(`
   query ResourceAccessLevels($resourceId: ResourceId!) {
     accessLevels(input: {
@@ -61,6 +61,7 @@ export async function queryAssetRoles(cmd, client, assetType, assetId) {
                                 value: {
                                     name: role.accessLevelName || "",
                                     id: role.accessLevelRemoteId || "",
+                                    entityType: EntityType.Resource,
                                 },
                             };
                         });
@@ -90,6 +91,7 @@ export async function queryAssetRoles(cmd, client, assetType, assetId) {
                                 value: {
                                     name: role.accessLevelName,
                                     id: role.accessLevelRemoteId,
+                                    entityType: EntityType.Group,
                                 },
                             };
                         });
@@ -136,7 +138,11 @@ const ASSOCIATED_ITEMS_QUERY = graphql(`
                   __typename
                   id
                   name
+                  ... on Group {
+                    groupType
+                  }
                   ... on Resource {
+                    resourceType
                     accessLevels(
                     filters: {
                       skipRemoteAccessLevels: false # azure app roles are remote
@@ -169,7 +175,6 @@ function appRolesFromEdge(edge) {
                     value: {
                         id: edge.node.id + accessLevel.accessLevelRemoteId,
                         name: accessLevel.accessLevelName,
-                        type: DisplayLabels[EntityType.Resource],
                         toString: () => accessLevel.accessLevelName,
                     },
                 }));
@@ -180,7 +185,7 @@ function appRolesFromEdge(edge) {
                     value: {
                         id: edge.node.id,
                         name: (_b = edge.alias) !== null && _b !== void 0 ? _b : edge.node.name,
-                        type: DisplayLabels[EntityType.Resource],
+                        type: EntityTypeLabels[EntityType.Resource],
                         toString: () => { var _a; return (_a = edge.alias) !== null && _a !== void 0 ? _a : edge.node.name; },
                     },
                 },
@@ -189,11 +194,12 @@ function appRolesFromEdge(edge) {
         case "Group":
             return [
                 {
-                    message: `${(_c = edge.alias) !== null && _c !== void 0 ? _c : edge.node.name} ${EntityType.Group}`,
+                    message: `${(_c = edge.alias) !== null && _c !== void 0 ? _c : edge.node.name} [${GroupTypeLabels[edge.node.groupType]}]`,
                     value: {
                         id: edge.node.id,
                         name: (_d = edge.alias) !== null && _d !== void 0 ? _d : edge.node.name,
-                        type: DisplayLabels[EntityType.Group],
+                        type: EntityTypeLabels[EntityType.Group],
+                        assetType: edge.node.groupType,
                         toString: () => { var _a; return (_a = edge.alias) !== null && _a !== void 0 ? _a : edge.node.name; },
                     },
                 },

package/build/lib/request/displays.js

@@ -1,6 +1,6 @@
 import chalk from "chalk";
 import Table from "cli-table3";
-import { DisplayLabels } from "../../labels.js";
+import { getAppTypeLabel, getAssetTypeLabel } from "../../labels.js";
 export function headerMessage(cmd) {
     console.clear();
     cmd.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
@@ -10,21 +10,26 @@ export function headerMessage(cmd) {
 /*
 Example treeified output:
 
-Opal [App]
-└── Infosec Group [Group]
-└── Infosec Prod Databases [Group]
-MongoDB Atlas Test [App]
-└── my-mongo-db-atlas [Resource]
+Opal [AppType]
+└── Infosec Group [GroupType]
+└── Infosec Prod Databases [GroupType]
+MongoDB Atlas Test [AppType]
+└── my-mongo-db-atlas [ResourceType]
     └── admin:test [Role]
 */
 export function treeifyRequestMap(cmd, requestMap) {
+    headerMessage(cmd);
     for (const [_appId, appNode] of Object.entries(requestMap)) {
         // Print App title first (without tree lines)
-        cmd.log(`${chalk.bold(appNode.appName)} ${chalk.dim("[App]")}`);
+        const appTypeLabel = appNode.appType
+            ? getAppTypeLabel(appNode.appType)
+            : "App";
+        cmd.log(`${chalk.bold(appNode.appName)} ${chalk.dim(`[${appTypeLabel}]`)}`);
         for (const [_assetId, assetNode] of Object.entries(appNode.assets)) {
             // If okta/azure asset with no role, change asset name
             const assetName = assetNode.assetName || "No Role (Direct access)";
-            cmd.log(`└── ${assetName} ${chalk.dim(`[${DisplayLabels[assetNode.type]}]`)}`);
+            const assetTypeLabel = getAssetTypeLabel(assetNode.entityType, assetNode.assetType);
+            cmd.log(`└── ${assetName} ${chalk.dim(`${assetTypeLabel}`)}`);
             if (assetNode.roles !== undefined) {
                 for (const [_roleId, roleNode] of Object.entries(assetNode.roles)) {
                     const roleName = roleNode.roleName;

package/build/lib/request/prompts/asset-prompt.js

@@ -5,6 +5,7 @@ import enquirer from "enquirer-esm";
 // @ts-expect-error - enquirer-esm doesn't export autocomplete in types but it exists at runtime
 const { autocomplete } = enquirer;
 export async function chooseOktaAzureRoles(cmd, client, app, requestMap) {
+    var _a;
     const associatedItems = (await queryAssociatedItems(cmd, client, app.id, "")) || [];
     const selectedRole = await autocomplete({
         name: "Roles",
@@ -24,7 +25,8 @@ export async function chooseOktaAzureRoles(cmd, client, app, requestMap) {
         entry.assets[selectedRole.id] = {
             assetId: selectedRole.id,
             assetName: selectedRole.name,
-            type: entityTypeFromString(selectedRole.type),
+            entityType: entityTypeFromString(selectedRole.type),
+            assetType: (_a = selectedRole.assetType) !== null && _a !== void 0 ? _a : undefined,
             roles: {},
         };
     }
@@ -53,7 +55,8 @@ export async function chooseAssets(cmd, client, appId, requestMap) {
         entry.assets[selectedAsset.id] = {
             assetId: selectedAsset.id,
             assetName: selectedAsset.name,
-            type: selectedAsset.type,
+            entityType: selectedAsset.entityType,
+            assetType: selectedAsset.assetType,
             roles: {},
         };
     }

package/build/lib/request/prompts/role-prompt.js

@@ -10,7 +10,7 @@ export async function chooseRoles(cmd, client, appId, assetId, requestMap) {
     if (entry === undefined || assetEntry === undefined) {
         throw new Error(`App ${appId} or Asset ${assetId} not found in requestMap`);
     }
-    const assetRoles = (_a = (await queryAssetRoles(cmd, client, assetEntry.type, assetId))) !== null && _a !== void 0 ? _a : [];
+    const assetRoles = (_a = (await queryAssetRoles(cmd, client, assetEntry.entityType, assetId))) !== null && _a !== void 0 ? _a : [];
     if (assetRoles !== undefined &&
         (assetRoles.length === 0 ||
             (assetRoles.length === 1 && assetRoles[0].value.name === ""))) {

package/build/lib/request/request-utils.d.ts

@@ -1,6 +1,6 @@
 import type { ApolloClient } from "@apollo/client";
 import type { Command } from "@oclif/core";
-import { type ConnectionType, RequestMessageCode } from "../../graphql/graphql.js";
+import { type ConnectionType, RequestMessageCode, type ResourceType } from "../../graphql/graphql.js";
 import { type RequestMap, type RequestMetadata } from "./types.js";
 export declare function initEmptyRequestMetadata(): RequestMetadata;
 export declare function setRequestDefaults(cmd: Command, client: ApolloClient, metadata: RequestMetadata): Promise<void>;
@@ -9,6 +9,6 @@ export declare function getRequestLink(cmd: Command, id: string): string;
 export declare function generateRequestLink(cmd: Command, defaultDurationInMinutes: number): string;
 export declare function bypassRequestSelection(cmd: Command, client: ApolloClient, flagValue: string[], metadata: RequestMetadata): Promise<void>;
 export declare function bypassDuration(cmd: Command, duration: number, metadata: RequestMetadata): void;
-export declare function getRequestMessageFromCode(cmd: Command, code: RequestMessageCode, connectionName: string | undefined, connectionType: ConnectionType | undefined, extraParams?: string, sourceGroupRedirect?: () => void): string;
+export declare function getRequestMessageFromCode(cmd: Command, code: RequestMessageCode, appName: string | undefined, appType: ConnectionType | ResourceType | undefined, extraParams?: string, sourceGroupRedirect?: () => void): string;
 export declare function duplicateRequestTemplate(cmd: Command, client: ApolloClient, requestId: string, metadata: RequestMetadata): Promise<void>;
 export declare function copyBundleAssets(cmd: Command, client: ApolloClient, bundleId: string, requestMap: RequestMap): Promise<void>;

package/build/lib/request/request-utils.js

@@ -1,6 +1,6 @@
 import chalk from "chalk";
 import { EntityType, RequestMessageCode, RequestStatus, ThirdPartyProvider, } from "../../graphql/graphql.js";
-import { connectionTypeLabelByType } from "../../labels.js";
+import { getAppTypeLabel } from "../../labels.js";
 import { getOrCreateConfigData, urlKey } from "../../lib/config.js";
 import { createRequest, queryCatalogItems, queryRequest, queryRequestDefaults, } from "./api/index.js";
 import { queryBundle } from "./api/queries/requests.js";
@@ -49,7 +49,7 @@ export async function setRequestDefaults(cmd, client, metadata) {
                 });
                 const roleIds = mappedRoles.length ? mappedRoles : [""];
                 for (const roleId of roleIds) {
-                    switch (assetNode.type) {
+                    switch (assetNode.entityType) {
                         case EntityType.Resource: {
                             requestedResources.push({
                                 resourceId: assetId,
@@ -86,22 +86,22 @@ export async function setRequestDefaults(cmd, client, metadata) {
             metadata.requestDefaults.requesterIsAdmin =
                 requestDefaults.requesterIsAdmin;
             for (const message of requestDefaults.messages || []) {
-                let connectionName = undefined;
-                let connectionType = undefined;
+                let appName = undefined;
+                let appType = undefined;
                 // If the message has an entityId, retrieve the connection name and type
                 if (message.entityId) {
                     for (const appNode of Object.values(requestMap)) {
                         for (const assetNode of Object.values(appNode.assets)) {
                             if (assetNode.assetId === message.entityId) {
-                                connectionName = appNode.appName;
-                                connectionType = appNode.appType;
+                                appName = appNode.appName;
+                                appType = appNode.appType;
                                 break;
                             }
                         }
                     }
                 }
                 // Log the request message based on the code
-                cmd.log(chalk.dim(`\n${chalk.italic(message.level)}:`), getRequestMessageFromCode(cmd, message.code, connectionName, connectionType));
+                cmd.log(chalk.dim(`\n${chalk.italic(message.level)}:`), getRequestMessageFromCode(cmd, message.code, appName, appType));
                 if (message.level === "ERROR") {
                     process.exit(1);
                 }
@@ -134,7 +134,7 @@ export async function submitFinalRequest(cmd, client, metadata) {
                 });
                 const roleIds = mappedRoles.length > 0 ? mappedRoles : [""];
                 for (const roleId of roleIds) {
-                    switch (assetNode.type) {
+                    switch (assetNode.entityType) {
                         case EntityType.Resource: {
                             requestedResources.push({
                                 resourceId: assetId,
@@ -216,7 +216,7 @@ export async function bypassRequestSelection(cmd, client, flagValue, metadata) {
                         metadata.requestMap[appId].assets[assetId] = {
                             assetId: assetId,
                             assetName: assetName,
-                            type: entityTypeFromString(item.__typename),
+                            entityType: entityTypeFromString(item.__typename),
                             roles: {},
                         };
                     }
@@ -264,23 +264,23 @@ export function bypassDuration(cmd, duration, metadata) {
         metadata.durationInMinutes = duration;
     }
 }
-export function getRequestMessageFromCode(cmd, code, connectionName, connectionType, extraParams, 
+export function getRequestMessageFromCode(cmd, code, appName, appType, extraParams, 
 // sourceGroup?: PropsFor<typeof GroupBindingGroupLabel>["group"];
 sourceGroupRedirect) {
     switch (code) {
         case RequestMessageCode.RequireUserAuthToken: {
-            if (connectionType) {
-                const connectionLabel = connectionTypeLabelByType[connectionType];
+            if (appType) {
+                const appLabel = getAppTypeLabel(appType);
                 // This case the connection has a third party provider such as GitLab,
                 // GitHub that requires the use to create a manual step into the end
                 // system.
-                const isThirdPartyProvider = Object.values(ThirdPartyProvider).find((v) => v === connectionType);
+                const isThirdPartyProvider = Object.values(ThirdPartyProvider).find((v) => v === appType);
                 if (isThirdPartyProvider) {
                     const configData = getOrCreateConfigData(cmd.config.configDir);
-                    return `This item requires you to link your ${connectionLabel} account to Opal before requesting access.
-You can link your ${connectionLabel} account at ${`${configData[urlKey]}/user/settings/identities`}`;
+                    return `This item requires you to link your ${appLabel} account to Opal before requesting access.
+You can link your ${appLabel} account at ${`${configData[urlKey]}/user/settings/identities`}`;
                 }
-                const name = connectionName !== null && connectionName !== void 0 ? connectionName : connectionLabel;
+                const name = appName !== null && appName !== void 0 ? appName : appLabel;
                 // This case would be hit in case the user is not provisioned onto the end system, such as AWS, GCP, Okta, etc.
                 return `This item requires you to be provisioned on ${name} before requesting access.\
 Please contact your Opal admin to provision your user on ${name}.`;
@@ -302,7 +302,7 @@ function addRequestedResourcesToMetadata(requestedResources, requestMap) {
         if (!resource)
             continue;
         const { id: assetId, displayName: assetName, connection, connectionId, __typename, } = resource;
-        const type = entityTypeFromString(__typename);
+        const entityType = entityTypeFromString(__typename);
         const roleId = accessLevel.accessLevelRemoteId;
         const roleName = accessLevel.accessLevelName;
         if (!requestMap[connectionId]) {
@@ -318,7 +318,7 @@ function addRequestedResourcesToMetadata(requestedResources, requestMap) {
             appAssets[assetId] = {
                 assetId,
                 assetName,
-                type,
+                entityType,
                 roles: {},
             };
         }
@@ -334,7 +334,7 @@ function addRequestedGroupsToMetadata(requestedGroups, requestMap) {
         if (!group)
             continue;
         const { id: assetId, name: assetName, connection, connectionId, __typename, } = group;
-        const type = entityTypeFromString(__typename);
+        const entityType = entityTypeFromString(__typename);
         const roleId = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelRemoteId;
         const roleName = accessLevel === null || accessLevel === void 0 ? void 0 : accessLevel.accessLevelName;
         if (!requestMap[connectionId]) {
@@ -350,7 +350,7 @@ function addRequestedGroupsToMetadata(requestedGroups, requestMap) {
             appAssets[assetId] = {
                 assetId,
                 assetName,
-                type,
+                entityType,
                 roles: {},
             };
         }