feat: new access method for pam

[sheensantoscapadngan]

Description 📣

This PR adds a new command to access PAM accounts

Relevant PR:
Infisical/infisical#5390

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Overview

Greptile Summary

This PR introduces a new access method for PAM accounts using --resource and --account flags instead of the single <account-path> argument. The changes maintain backward compatibility by keeping the legacy access-account commands hidden.

Key Changes:

• Added new access commands for db, ssh, and kubernetes subcommands that accept --resource and --account flags
• Introduced PAMAccessParams struct in base-proxy.go to handle both old (AccountPath) and new (ResourceName/AccountName) access methods
• Extracted approval workflow logic into reusable HandleApprovalWorkflow function
• Added MFA support to Kubernetes proxy (previously missing)
• Legacy access-account commands remain functional but are now hidden from help output

Issues Found:

• No documentation found for the new feature - users may not discover how to use the new access command

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation is well-structured with proper backward compatibility, code reuse through the new PAMAccessParams abstraction, and consistent patterns across all proxy types. The changes are additive rather than destructive, maintaining the legacy commands for existing users while introducing a more intuitive interface.
• No files require special attention

Important Files Changed

Filename	Overview
packages/api/model.go	Added ResourceName and AccountName fields to support the new resource/account access method alongside existing AccountPath
packages/pam/local/base-proxy.go	Introduced PAMAccessParams struct with helper methods and extracted approval workflow logic into reusable HandleApprovalWorkflow function
packages/cmd/pam.go	Added new access commands for db/ssh/kubernetes using --resource and --account flags; kept legacy access-account commands hidden for backward compatibility
packages/pam/local/database-proxy.go	Updated to use PAMAccessParams struct and HandleApprovalWorkflow; refactored output messages to handle both access methods
packages/pam/local/ssh-proxy.go	Updated to use PAMAccessParams struct and added approval workflow support via HandleApprovalWorkflow
packages/pam/local/kubernetes-proxy.go	Updated to use PAMAccessParams struct, added MFA and approval workflow support; refactored kubeconfig context naming for both access methods

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}