v0.32.0

This release adds support for using Granted with the tcsh shell.

What's Changed

• Prevent a panic due to configFile being nil by @chrnorm in #717
• Access Request should not immediately extend after request has just been activated by @ckluy31 in #722
• Support multiple Common Fate profile Registries by @JoshuaWilkes in #724
• initial attempt at tcsh support by @bovine in #729
• keep in logic for backwards compatability in common fate timings by @meyerjrr in #720
• Fix potential panic in RDS instance selection by @chrnorm in #730

New Contributors

• @bovine made their first contribution in #729

Full Changelog: v0.31.2...v0.32.0

v0.31.2

What's Changed

• Fixes the granted request check command masking errors by @JoshuaWilkes in #716
• granted sso populate create ~/.aws if it does not exist by @shwethaumashanker in #714

Full Changelog: v0.31.1...v0.31.2

v0.31.1

What's Changed

• Fix the check for a grant being active in the retrier by @JoshuaWilkes in #712
• Wait by default in rds plugin by @JoshuaWilkes in #711

Full Changelog: v0.31.0...v0.31.1

v0.31.0

AWS RDS Proxy Plugin

This release adds an AWS RDS proxy plugin:

granted rds proxy

This plugin allows Granted to broker a connection to an AWS RDS database over AWS SSM Session Manager. The connection is routed through a Common Fate AWS Proxy which captures audit logs of the SQL statements executed.

The plugin uses the Common Fate control plane APIs to determine which databases a user is authorized to access, so to use this plugin a Common Fate instance is required. Email us at [email protected] if you'd like to test this and we'll set up an instance for you.

You can read more about the plugin here in our documentation.

Currently, plugins are compiled into the main Granted binary. We intend to shift to a model similar to the gh GitHub CLI where plugins can be independently versioned to Granted.

Fixes

A big thankyou to first-time contributor @dnrce for fixing the output message when credentials are exported with assume --export.

What's Changed

• Output actual credentials file path when exporting by @dnrce in #708
• Add AWS RDS Proxy plugin by @JoshuaWilkes in #709

New Contributors

• @dnrce made their first contribution in #708

Full Changelog: v0.30.0...v0.31.0

v0.30.0

This release adds granted request check which can be used to check the status of a Just-In-Time Access Request, for AWS profiles protected by Common Fate.

granted request check --aws-profile Production/ViewOnlyAccess

This release also includes some caching fixes. It removes some of the interactivity around 'granted cache clear' - it is a breaking API change but given that the previous API required manual user input, we do not believe this should be an issue for any users.

What's Changed

• Granted caching fixes by @chrnorm in #705
• Fix file backend not found by @meyerjrr in #704
• fix issue causing credential process to break by @meyerjrr in #703
• fix cache check error messages for 'granted request check' command by @chrnorm in #706

Full Changelog: v0.29.3...v0.30.0

v0.29.3

What's Changed

• Bump github.com/gorilla/schema from 1.2.0 to 1.4.1 by @dependabot in #697
• updated granted cache clear --all by @shwethaumashanker in #699
• Sanity check error matching of invalid_grant by @ckluy31 in #701
• bump sdk to v1.45.1 by @JoshuaWilkes in #702
• The NoAccess hook should not return an error when a user does not use Common Fate by @JoshuaWilkes in #700

Full Changelog: v0.29.2...v0.29.3

v0.29.2

What's Changed

• Fix default duration when requesting access with Granted by @chrnorm in #694
• added flag to disable cache lookup and saving by @meyerjrr in #695

Full Changelog: v0.29.1...v0.29.2

v0.29.1

This release fixes an issue which could cause Granted to hang when running assume if a duplicate profile existed while syncing Profile Registries.

What's Changed

• pass in stdio to dupe profile prompt by @meyerjrr in #696

Full Changelog: v0.29.0...v0.29.1

v0.29.0

This release adds a granted doctor command which can be used to identify issues with your AWS profiles or Granted configuration.

What's Changed

• Granted Doctor Command by @meyerjrr in #691
• Fix --confirm flag parsing by @chrnorm in #693

Full Changelog: v0.28.0...v0.29.0

v0.28.0

Added the option to clear the entire Granted cache

With Granted v0.28.0, you can run granted cache clear --all and choose which secure storage you want to clear the cache. The command will then clear all credentials for the selected secure storage.

What's Changed

• Add flag that waits for access to be active by @meyerjrr in #682
• Update file backend password prompt by @meyerjrr in #689
• Add option to clear the entire Granted cache by @meyerjrr in #689
• Handle nested parameters in granted settings set command by @meyerjrr in #690

Full Changelog: v0.27.5...v0.28.0