From 6871828fb41a2bb506d0ae949d21dd4d6decd4d1 Mon Sep 17 00:00:00 2001
From: Nathan Brahms <nathan.brahms@p0.dev>
Date: Wed, 21 Feb 2024 16:28:00 -0800
Subject: [PATCH] ssh: Show friendly error message if not installed

Rather than showing the error message for `p0 request`.
---
 src/commands/ssh.ts      | 18 +++++++++++++++++-
 src/plugins/ssh/types.ts | 12 ++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 src/plugins/ssh/types.ts

diff --git a/src/commands/ssh.ts b/src/commands/ssh.ts
index ca99b17..96fc2af 100644
--- a/src/commands/ssh.ts
+++ b/src/commands/ssh.ts
@@ -3,6 +3,7 @@ import { doc, guard } from "../drivers/firestore";
 import { print2 } from "../drivers/stdio";
 import { ssm } from "../plugins/aws/ssm";
 import { AwsSsh } from "../plugins/aws/types";
+import { SshConfig } from "../plugins/ssh/types";
 import { Authn } from "../types/identity";
 import {
   DENIED_STATUSES,
@@ -12,7 +13,7 @@ import {
   Request,
 } from "../types/request";
 import { request } from "./request";
-import { onSnapshot } from "firebase/firestore";
+import { getDoc, onSnapshot } from "firebase/firestore";
 import { pick } from "lodash";
 import yargs from "yargs";
 
@@ -33,6 +34,20 @@ export const sshCommand = (yargs: yargs.Argv) =>
     guard(ssh)
   );
 
+const validateSshInstall = async (authn: Authn) => {
+  const configDoc = await getDoc<SshConfig, object>(
+    doc(`o/${authn.identity.org.tenantId}/integrations/ssh`)
+  );
+  const items = configDoc
+    .data()
+    ?.workflows?.items.filter(
+      (i) => i.state === "installed" && i.type === "aws"
+    );
+  if (!items?.length) {
+    throw "This organization is not configured for SSH access via the P0 CLI";
+  }
+};
+
 // TODO: Move this to a shared utility
 /** Waits until P0 grants access for a request */
 const waitForProvisioning = async <P extends PluginRequest>(
@@ -83,6 +98,7 @@ const waitForProvisioning = async <P extends PluginRequest>(
 const ssh = async (args: yargs.ArgumentsCamelCase<{ instance: string }>) => {
   // Prefix is required because the backend uses it to determine that this is an AWS request
   const authn = await authenticate();
+  await validateSshInstall(authn);
   const response = await request(
     {
       ...pick(args, "$0", "_"),
diff --git a/src/plugins/ssh/types.ts b/src/plugins/ssh/types.ts
new file mode 100644
index 0000000..5c7846b
--- /dev/null
+++ b/src/plugins/ssh/types.ts
@@ -0,0 +1,12 @@
+type SshItemConfig = {
+  alias?: string;
+  identifier: string;
+  state: string;
+  type: "aws" | "gcloud";
+};
+
+export type SshConfig = {
+  workflows?: {
+    items: SshItemConfig[];
+  };
+};