opal-security 5.1.0 → 5.1.1

package/README.md

@@ -22,7 +22,7 @@ $ npm install -g opal-security
 $ opal COMMAND
 running command...
 $ opal (--version)
-opal-security/5.1.0 darwin-arm64 node-v18.20.4
+opal-security/5.1.1 darwin-arm64 node-v20.19.3
 $ opal --help [COMMAND]
 USAGE
   $ opal COMMAND
@@ -106,7 +106,7 @@ EXAMPLES
   $ opal aws:identity
 ```
 
-_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/aws/identity.ts)_
+_See code: [src/commands/aws/identity.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/aws/identity.ts)_
 
 ## `opal clear-auth-config`
 
@@ -123,7 +123,7 @@ EXAMPLES
   $ opal clear-auth-config
 ```
 
-_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/clear-auth-config.ts)_
+_See code: [src/commands/clear-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/clear-auth-config.ts)_
 
 ## `opal curl-example`
 
@@ -140,7 +140,7 @@ DESCRIPTION
   Prints out an example cURL command containing the parameters the CLI uses to query the Opal server.
 ```
 
-_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/curl-example.ts)_
+_See code: [src/commands/curl-example.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/curl-example.ts)_
 
 ## `opal groups get`
 
@@ -161,7 +161,7 @@ EXAMPLES
   $ opal groups:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/groups/get.ts)_
+_See code: [src/commands/groups/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/groups/get.ts)_
 
 ## `opal help [COMMANDS]`
 
@@ -208,7 +208,7 @@ EXAMPLES
   $ opal iam-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --profileName "custom-profile"
 ```
 
-_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/iam-roles/start.ts)_
+_See code: [src/commands/iam-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/iam-roles/start.ts)_
 
 ## `opal kube-roles start`
 
@@ -235,7 +235,7 @@ EXAMPLES
   $ opal kube-roles:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId "arn:aws:iam::712234975475:role/acme-eks-cluster-admin-role"
 ```
 
-_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/kube-roles/start.ts)_
+_See code: [src/commands/kube-roles/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/kube-roles/start.ts)_
 
 ## `opal login`
 
@@ -256,7 +256,7 @@ EXAMPLES
   $ opal login
 ```
 
-_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/login.ts)_
+_See code: [src/commands/login.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/login.ts)_
 
 ## `opal logout`
 
@@ -276,7 +276,7 @@ EXAMPLES
   $ opal logout
 ```
 
-_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/logout.ts)_
+_See code: [src/commands/logout.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/logout.ts)_
 
 ## `opal postgres-instances start`
 
@@ -310,7 +310,7 @@ EXAMPLES
   $ opal postgres-instances:start --id 51f7176b-0464-4a6f-8369-e951e187b398 --accessLevelRemoteId fullaccess --action view
 ```
 
-_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/postgres-instances/start.ts)_
+_See code: [src/commands/postgres-instances/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/postgres-instances/start.ts)_
 
 ## `opal request create`
 
@@ -336,7 +336,7 @@ DESCRIPTION
   Creates an Opal access request via an interactive form
 ```
 
-_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/create.ts)_
+_See code: [src/commands/request/create.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/create.ts)_
 
 ## `opal request get`
 
@@ -360,7 +360,7 @@ EXAMPLES
   $ opal request get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4 --verbose
 ```
 
-_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/get.ts)_
+_See code: [src/commands/request/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/get.ts)_
 
 ## `opal request list`
 
@@ -392,7 +392,7 @@ EXAMPLES
   $ opal request list --n 5 --pending --verbose
 ```
 
-_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/request/list.ts)_
+_See code: [src/commands/request/list.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/request/list.ts)_
 
 ## `opal request ls`
 
@@ -443,7 +443,7 @@ EXAMPLES
   $ opal resources:get --id 54052a3e-5375-4392-aeaf-0c6c44c131d4
 ```
 
-_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/resources/get.ts)_
+_See code: [src/commands/resources/get.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/resources/get.ts)_
 
 ## `opal set-auth-config`
 
@@ -473,7 +473,7 @@ EXAMPLES
   $ opal set-auth-config --organizationID=org-456 --clientID=abc123 --issuerUrl=https://auth.example.com
 ```
 
-_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-auth-config.ts)_
+_See code: [src/commands/set-auth-config.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-auth-config.ts)_
 
 ## `opal set-custom-header`
 
@@ -494,7 +494,7 @@ EXAMPLES
   $ opal set-custom-header --header 'cf-access-token: $TOKEN'
 ```
 
-_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-custom-header.ts)_
+_See code: [src/commands/set-custom-header.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-custom-header.ts)_
 
 ## `opal set-token`
 
@@ -514,7 +514,7 @@ EXAMPLES
   $ opal set-token
 ```
 
-_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-token.ts)_
+_See code: [src/commands/set-token.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-token.ts)_
 
 ## `opal set-url [URL]`
 
@@ -538,7 +538,7 @@ EXAMPLES
   $ opal set-url
 ```
 
-_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/set-url.ts)_
+_See code: [src/commands/set-url.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/set-url.ts)_
 
 ## `opal ssh copyFrom`
 
@@ -566,7 +566,7 @@ EXAMPLES
   $ opal ssh:copyFrom --src instance/dir --dest my/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/copyFrom.ts)_
+_See code: [src/commands/ssh/copyFrom.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/copyFrom.ts)_
 
 ## `opal ssh copyTo`
 
@@ -594,7 +594,7 @@ EXAMPLES
   $ opal ssh:copyTo --src my/dir --dest instance/dir --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/copyTo.ts)_
+_See code: [src/commands/ssh/copyTo.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/copyTo.ts)_
 
 ## `opal ssh start`
 
@@ -617,7 +617,7 @@ EXAMPLES
   $ opal ssh:start --id 51f7176b-0464-4a6f-8369-e951e187b398
 ```
 
-_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/ssh/start.ts)_
+_See code: [src/commands/ssh/start.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/ssh/start.ts)_
 
 ## `opal version`
 
@@ -654,5 +654,5 @@ DESCRIPTION
   Describes current url set, organization name, and logged in user if applicable.
 ```
 
-_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.0/src/commands/whoami.ts)_
+_See code: [src/commands/whoami.ts](https://github.com/opalsecurity/opal-cli/blob/v5.1.1/src/commands/whoami.ts)_
 <!-- commandsstop -->

package/build/hooks/init/version-check.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from "@oclif/core";
+declare const hook: Hook<"init">;
+export default hook;

package/build/hooks/init/version-check.js

@@ -0,0 +1,110 @@
+import http from "node:http";
+import https from "node:https";
+import chalk from "chalk";
+import { allowSelfSignedCertsKey, getOrCreateConfigData, urlKey, } from "../../lib/config.js";
+// Commands that should skip the version check (e.g., configuration commands)
+const SKIP_VERSION_CHECK_COMMANDS = [
+    "set-url",
+    "set-token",
+    "set-auth-config",
+    "version",
+    "help",
+    "autocomplete",
+];
+const hook = async (opts) => {
+    // Skip version check for certain commands
+    if (opts.id && SKIP_VERSION_CHECK_COMMANDS.includes(opts.id)) {
+        return;
+    }
+    try {
+        const configData = getOrCreateConfigData(opts.config.configDir);
+        const baseUrl = configData[urlKey];
+        const allowSelfSignedCerts = configData[allowSelfSignedCertsKey];
+        if (!baseUrl) {
+            return;
+        }
+        const cliVersion = opts.config.version;
+        const url = new URL("/api/cli/version-check", baseUrl);
+        url.searchParams.set("version", cliVersion);
+        const response = await fetchWithTimeout(url.toString(), {
+            method: "GET",
+            headers: {
+                "User-Agent": `Opal CLI v${cliVersion}`,
+            },
+        }, allowSelfSignedCerts, 5000);
+        if (!response.ok) {
+            // Silently fail on non-2xx responses - don't block the CLI
+            return;
+        }
+        const data = JSON.parse(response.body);
+        if (data.status === "ok") {
+            return;
+        }
+        // Display message based on status
+        const formattedMessage = formatMessage(data.status, data.message);
+        if (formattedMessage) {
+            process.stderr.write(`${formattedMessage}\n`);
+        }
+    }
+    catch (_a) {
+        // Silently fail on any errors (network issues, etc.) - don't block the CLI
+    }
+};
+function formatMessage(status, message) {
+    if (!message) {
+        return "";
+    }
+    switch (status) {
+        case "error":
+            return chalk.red(`❗ ${message}`);
+        case "warn":
+            return chalk.yellow(`⚠️  ${message}`);
+        case "info":
+            return chalk.blue(`ℹ️  ${message}`);
+        default:
+            return message;
+    }
+}
+function fetchWithTimeout(url, options, allowSelfSignedCerts, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const parsedUrl = new URL(url);
+        const isHttps = parsedUrl.protocol === "https:";
+        const lib = isHttps ? https : http;
+        const requestOptions = {
+            hostname: parsedUrl.hostname,
+            port: parsedUrl.port || (isHttps ? 443 : 80),
+            path: parsedUrl.pathname + parsedUrl.search,
+            method: options.method,
+            headers: options.headers,
+            timeout: timeoutMs,
+        };
+        if (isHttps) {
+            requestOptions.rejectUnauthorized =
+                !allowSelfSignedCerts;
+        }
+        const req = lib.request(requestOptions, (res) => {
+            let body = "";
+            res.on("data", (chunk) => {
+                body += chunk;
+            });
+            res.on("end", () => {
+                resolve({
+                    ok: res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode !== undefined &&
+                        res.statusCode >= 200 &&
+                        res.statusCode < 300,
+                    status: res.statusCode || 0,
+                    body,
+                });
+            });
+        });
+        req.on("error", reject);
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Request timed out"));
+        });
+        req.end();
+    });
+}
+export default hook;

package/build/lib/resources.d.ts

@@ -1,5 +1,5 @@
 import type { Command } from "@oclif/core";
-import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../graphql/graphql.js";
+import type { ResourceAccessLevelInput } from "../graphql/graphql.js";
 export type ResourceInfo = {
     id: string;
     name: string;
@@ -11,4 +11,4 @@ export type AccessLevelInfo = {
 export declare const DEFAULT_ACCESS_LEVEL: ResourceAccessLevelInput;
 export declare const filterChoices: (input: string, choices: ResourceInfo[] | AccessLevelInfo[]) => ResourceInfo[];
 export declare const promptUserForResource: (command: Command, resourceType: string, message: string) => Promise<ResourceInfo | void>;
-export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<ResourceAccessLevel | void>;
+export declare const promptUserForAccessLevels: (command: Command, resourceId: string, instanceType: string, accessLevelRemoteId?: string) => Promise<ResourceAccessLevelInput | void>;

package/build/lib/resources.js

@@ -131,6 +131,5 @@ export const promptUserForAccessLevels = async (command, resourceId, instanceTyp
     return {
         accessLevelName: selectedAccessLevel.name,
         accessLevelRemoteId: selectedAccessLevel.id,
-        resourceId: resourceId,
     };
 };

package/oclif.manifest.json

@@ -971,5 +971,5 @@
       ]
     }
   },
-  "version": "5.1.0"
+  "version": "5.1.1"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opal-security",
   "description": "Opal allows you to centrally manage access to all of your sensitive systems.",
-  "version": "5.1.0",
+  "version": "5.1.1",
   "type": "module",
   "author": "Opal Security",
   "bin": {
@@ -83,6 +83,9 @@
       "@oclif/plugin-autocomplete",
       "@oclif/plugin-version"
     ],
+    "hooks": {
+      "init": "./build/hooks/init/version-check"
+    },
     "macos": {
       "identifier": "dev.opal.cli"
     },