opal-security 5.1.0 → 5.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -22,7 +22,7 @@ $ npm install -g opal-security
|
|
|
22
22
|
$ opal COMMAND
|
|
23
23
|
running command...
|
|
24
24
|
$ opal (--version)
|
|
25
|
-
opal-security/5.1.
|
|
25
|
+
opal-security/5.1.1 darwin-arm64 node-v20.19.3
|
|
26
26
|
$ opal --help [COMMAND]
|
|
27
27
|
USAGE
|
|
28
28
|
$ opal COMMAND
|
|
@@ -106,7 +106,7 @@ EXAMPLES
|
|
|
106
106
|
$ opal aws:identity
|
|
107
107
|
```
|
|
108
108
|
|
|
109
|
-
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
109
|
+
_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/aws/identity.ts)_
|
|
110
110
|
|
|
111
111
|
## `opal clear-auth-config`
|
|
112
112
|
|
|
@@ -123,7 +123,7 @@ EXAMPLES
|
|
|
123
123
|
$ opal clear-auth-config
|
|
124
124
|
```
|
|
125
125
|
|
|
126
|
-
_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
126
|
+
_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/clear-auth-config.ts)_
|
|
127
127
|
|
|
128
128
|
## `opal curl-example`
|
|
129
129
|
|
|
@@ -140,7 +140,7 @@ DESCRIPTION
|
|
|
140
140
|
Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
|
|
141
141
|
```
|
|
142
142
|
|
|
143
|
-
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
143
|
+
_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/curl-example.ts)_
|
|
144
144
|
|
|
145
145
|
## `opal groups get`
|
|
146
146
|
|
|
@@ -161,7 +161,7 @@ EXAMPLES
|
|
|
161
161
|
$ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
|
|
162
162
|
```
|
|
163
163
|
|
|
164
|
-
_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
164
|
+
_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/groups/get.ts)_
|
|
165
165
|
|
|
166
166
|
## `opal help [COMMANDS]`
|
|
167
167
|
|
|
@@ -208,7 +208,7 @@ EXAMPLES
|
|
|
208
208
|
$ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
|
|
209
209
|
```
|
|
210
210
|
|
|
211
|
-
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
211
|
+
_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/iam-roles/start.ts)_
|
|
212
212
|
|
|
213
213
|
## `opal kube-roles start`
|
|
214
214
|
|
|
@@ -235,7 +235,7 @@ EXAMPLES
|
|
|
235
235
|
$ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
|
|
236
236
|
```
|
|
237
237
|
|
|
238
|
-
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
238
|
+
_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/kube-roles/start.ts)_
|
|
239
239
|
|
|
240
240
|
## `opal login`
|
|
241
241
|
|
|
@@ -256,7 +256,7 @@ EXAMPLES
|
|
|
256
256
|
$ opal login
|
|
257
257
|
```
|
|
258
258
|
|
|
259
|
-
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
259
|
+
_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/login.ts)_
|
|
260
260
|
|
|
261
261
|
## `opal logout`
|
|
262
262
|
|
|
@@ -276,7 +276,7 @@ EXAMPLES
|
|
|
276
276
|
$ opal logout
|
|
277
277
|
```
|
|
278
278
|
|
|
279
|
-
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
279
|
+
_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/logout.ts)_
|
|
280
280
|
|
|
281
281
|
## `opal postgres-instances start`
|
|
282
282
|
|
|
@@ -310,7 +310,7 @@ EXAMPLES
|
|
|
310
310
|
$ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
|
|
311
311
|
```
|
|
312
312
|
|
|
313
|
-
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
313
|
+
_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/postgres-instances/start.ts)_
|
|
314
314
|
|
|
315
315
|
## `opal request create`
|
|
316
316
|
|
|
@@ -336,7 +336,7 @@ DESCRIPTION
|
|
|
336
336
|
Creates an Opal access request via an interactive form
|
|
337
337
|
```
|
|
338
338
|
|
|
339
|
-
_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
339
|
+
_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/create.ts)_
|
|
340
340
|
|
|
341
341
|
## `opal request get`
|
|
342
342
|
|
|
@@ -360,7 +360,7 @@ EXAMPLES
|
|
|
360
360
|
$ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
|
|
361
361
|
```
|
|
362
362
|
|
|
363
|
-
_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
363
|
+
_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/get.ts)_
|
|
364
364
|
|
|
365
365
|
## `opal request list`
|
|
366
366
|
|
|
@@ -392,7 +392,7 @@ EXAMPLES
|
|
|
392
392
|
$ opal request list --n 5 --pending --verbose
|
|
393
393
|
```
|
|
394
394
|
|
|
395
|
-
_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
395
|
+
_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/list.ts)_
|
|
396
396
|
|
|
397
397
|
## `opal request ls`
|
|
398
398
|
|
|
@@ -443,7 +443,7 @@ EXAMPLES
|
|
|
443
443
|
$ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
|
|
444
444
|
```
|
|
445
445
|
|
|
446
|
-
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
446
|
+
_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/resources/get.ts)_
|
|
447
447
|
|
|
448
448
|
## `opal set-auth-config`
|
|
449
449
|
|
|
@@ -473,7 +473,7 @@ EXAMPLES
|
|
|
473
473
|
$ opal set-auth-config --organizationID=org-456 --clientID=abc123 --issuerUrl=https://auth.example.com
|
|
474
474
|
```
|
|
475
475
|
|
|
476
|
-
_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
476
|
+
_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-auth-config.ts)_
|
|
477
477
|
|
|
478
478
|
## `opal set-custom-header`
|
|
479
479
|
|
|
@@ -494,7 +494,7 @@ EXAMPLES
|
|
|
494
494
|
$ opal set-custom-header --header 'cf-access-token: $TOKEN'
|
|
495
495
|
```
|
|
496
496
|
|
|
497
|
-
_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
497
|
+
_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-custom-header.ts)_
|
|
498
498
|
|
|
499
499
|
## `opal set-token`
|
|
500
500
|
|
|
@@ -514,7 +514,7 @@ EXAMPLES
|
|
|
514
514
|
$ opal set-token
|
|
515
515
|
```
|
|
516
516
|
|
|
517
|
-
_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
517
|
+
_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-token.ts)_
|
|
518
518
|
|
|
519
519
|
## `opal set-url [URL]`
|
|
520
520
|
|
|
@@ -538,7 +538,7 @@ EXAMPLES
|
|
|
538
538
|
$ opal set-url
|
|
539
539
|
```
|
|
540
540
|
|
|
541
|
-
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
541
|
+
_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-url.ts)_
|
|
542
542
|
|
|
543
543
|
## `opal ssh copyFrom`
|
|
544
544
|
|
|
@@ -566,7 +566,7 @@ EXAMPLES
|
|
|
566
566
|
$ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
567
567
|
```
|
|
568
568
|
|
|
569
|
-
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
569
|
+
_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/copyFrom.ts)_
|
|
570
570
|
|
|
571
571
|
## `opal ssh copyTo`
|
|
572
572
|
|
|
@@ -594,7 +594,7 @@ EXAMPLES
|
|
|
594
594
|
$ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
595
595
|
```
|
|
596
596
|
|
|
597
|
-
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
597
|
+
_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/copyTo.ts)_
|
|
598
598
|
|
|
599
599
|
## `opal ssh start`
|
|
600
600
|
|
|
@@ -617,7 +617,7 @@ EXAMPLES
|
|
|
617
617
|
$ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
|
|
618
618
|
```
|
|
619
619
|
|
|
620
|
-
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
620
|
+
_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/start.ts)_
|
|
621
621
|
|
|
622
622
|
## `opal version`
|
|
623
623
|
|
|
@@ -654,5 +654,5 @@ DESCRIPTION
|
|
|
654
654
|
Describes current url set, organization name, and logged in user if applicable.
|
|
655
655
|
```
|
|
656
656
|
|
|
657
|
-
_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.
|
|
657
|
+
_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/whoami.ts)_
|
|
658
658
|
<!-- commandsstop -->
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
import http from "node:http";
|
|
2
|
+
import https from "node:https";
|
|
3
|
+
import chalk from "chalk";
|
|
4
|
+
import { allowSelfSignedCertsKey, getOrCreateConfigData, urlKey, } from "../../lib/config.js";
|
|
5
|
+
// Commands that should skip the version check (e.g., configuration commands)
|
|
6
|
+
const SKIP_VERSION_CHECK_COMMANDS = [
|
|
7
|
+
"set-url",
|
|
8
|
+
"set-token",
|
|
9
|
+
"set-auth-config",
|
|
10
|
+
"version",
|
|
11
|
+
"help",
|
|
12
|
+
"autocomplete",
|
|
13
|
+
];
|
|
14
|
+
const hook = async (opts) => {
|
|
15
|
+
// Skip version check for certain commands
|
|
16
|
+
if (opts.id && SKIP_VERSION_CHECK_COMMANDS.includes(opts.id)) {
|
|
17
|
+
return;
|
|
18
|
+
}
|
|
19
|
+
try {
|
|
20
|
+
const configData = getOrCreateConfigData(opts.config.configDir);
|
|
21
|
+
const baseUrl = configData[urlKey];
|
|
22
|
+
const allowSelfSignedCerts = configData[allowSelfSignedCertsKey];
|
|
23
|
+
if (!baseUrl) {
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
26
|
+
const cliVersion = opts.config.version;
|
|
27
|
+
const url = new URL("/api/cli/version-check", baseUrl);
|
|
28
|
+
url.searchParams.set("version", cliVersion);
|
|
29
|
+
const response = await fetchWithTimeout(url.toString(), {
|
|
30
|
+
method: "GET",
|
|
31
|
+
headers: {
|
|
32
|
+
"User-Agent": `Opal CLI v${cliVersion}`,
|
|
33
|
+
},
|
|
34
|
+
}, allowSelfSignedCerts, 5000);
|
|
35
|
+
if (!response.ok) {
|
|
36
|
+
// Silently fail on non-2xx responses - don't block the CLI
|
|
37
|
+
return;
|
|
38
|
+
}
|
|
39
|
+
const data = JSON.parse(response.body);
|
|
40
|
+
if (data.status === "ok") {
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
// Display message based on status
|
|
44
|
+
const formattedMessage = formatMessage(data.status, data.message);
|
|
45
|
+
if (formattedMessage) {
|
|
46
|
+
process.stderr.write(`${formattedMessage}\n`);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
catch (_a) {
|
|
50
|
+
// Silently fail on any errors (network issues, etc.) - don't block the CLI
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
function formatMessage(status, message) {
|
|
54
|
+
if (!message) {
|
|
55
|
+
return "";
|
|
56
|
+
}
|
|
57
|
+
switch (status) {
|
|
58
|
+
case "error":
|
|
59
|
+
return chalk.red(`❗ ${message}`);
|
|
60
|
+
case "warn":
|
|
61
|
+
return chalk.yellow(`⚠️ ${message}`);
|
|
62
|
+
case "info":
|
|
63
|
+
return chalk.blue(`ℹ️ ${message}`);
|
|
64
|
+
default:
|
|
65
|
+
return message;
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
function fetchWithTimeout(url, options, allowSelfSignedCerts, timeoutMs) {
|
|
69
|
+
return new Promise((resolve, reject) => {
|
|
70
|
+
const parsedUrl = new URL(url);
|
|
71
|
+
const isHttps = parsedUrl.protocol === "https:";
|
|
72
|
+
const lib = isHttps ? https : http;
|
|
73
|
+
const requestOptions = {
|
|
74
|
+
hostname: parsedUrl.hostname,
|
|
75
|
+
port: parsedUrl.port || (isHttps ? 443 : 80),
|
|
76
|
+
path: parsedUrl.pathname + parsedUrl.search,
|
|
77
|
+
method: options.method,
|
|
78
|
+
headers: options.headers,
|
|
79
|
+
timeout: timeoutMs,
|
|
80
|
+
};
|
|
81
|
+
if (isHttps) {
|
|
82
|
+
requestOptions.rejectUnauthorized =
|
|
83
|
+
!allowSelfSignedCerts;
|
|
84
|
+
}
|
|
85
|
+
const req = lib.request(requestOptions, (res) => {
|
|
86
|
+
let body = "";
|
|
87
|
+
res.on("data", (chunk) => {
|
|
88
|
+
body += chunk;
|
|
89
|
+
});
|
|
90
|
+
res.on("end", () => {
|
|
91
|
+
resolve({
|
|
92
|
+
ok: res.statusCode !== undefined &&
|
|
93
|
+
res.statusCode >= 200 &&
|
|
94
|
+
res.statusCode !== undefined &&
|
|
95
|
+
res.statusCode >= 200 &&
|
|
96
|
+
res.statusCode < 300,
|
|
97
|
+
status: res.statusCode || 0,
|
|
98
|
+
body,
|
|
99
|
+
});
|
|
100
|
+
});
|
|
101
|
+
});
|
|
102
|
+
req.on("error", reject);
|
|
103
|
+
req.on("timeout", () => {
|
|
104
|
+
req.destroy();
|
|
105
|
+
reject(new Error("Request timed out"));
|
|
106
|
+
});
|
|
107
|
+
req.end();
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
export default hook;
|
package/build/lib/resources.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Command } from "@oclif/core";
|
|
2
|
-
import type {
|
|
2
|
+
import type { ResourceAccessLevelInput } from "../graphql/graphql.js";
|
|
3
3
|
export type ResourceInfo = {
|
|
4
4
|
id: string;
|
|
5
5
|
name: string;
|
|
@@ -11,4 +11,4 @@ export type AccessLevelInfo = {
|
|
|
11
11
|
export declare const DEFAULT_ACCESS_LEVEL: ResourceAccessLevelInput;
|
|
12
12
|
export declare const filterChoices: (input: string, choices: ResourceInfo[] | AccessLevelInfo[]) => ResourceInfo[];
|
|
13
13
|
export declare const promptUserForResource: (command: Command, resourceType: string, message: string) => Promise<ResourceInfo | void>;
|
|
14
|
-
export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<
|
|
14
|
+
export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<ResourceAccessLevelInput | void>;
|
package/build/lib/resources.js
CHANGED
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "opal-security",
|
|
3
3
|
"description": "Opal allows you to centrally manage access to all of your sensitive systems.",
|
|
4
|
-
"version": "5.1.
|
|
4
|
+
"version": "5.1.1",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"author": "Opal Security",
|
|
7
7
|
"bin": {
|
|
@@ -83,6 +83,9 @@
|
|
|
83
83
|
"@oclif/plugin-autocomplete",
|
|
84
84
|
"@oclif/plugin-version"
|
|
85
85
|
],
|
|
86
|
+
"hooks": {
|
|
87
|
+
"init": "./build/hooks/init/version-check"
|
|
88
|
+
},
|
|
86
89
|
"macos": {
|
|
87
90
|
"identifier": "dev.opal.cli"
|
|
88
91
|
},
|