Releases: common-fate/granted
v0.3.0
Automatic config file population
This release adds support for automatically populating ~/.aws/config with available roles from AWS SSO (#230). Thanks to @misterjoshua for contributing support for this! We'd love to hear your feedback on how Granted can make your AWS config file easier to manage on this discussion: #249.
credential_process support
This release adds support for using Granted as a credential_process provider in your AWS config (#257). This allows Granted to work with the --profile flag in the AWS CLI. You can set up profiles as follows:
[profile my-profile]
region = ap-southeast-2
granted_sso_account_id = 123456789012
granted_sso_region = ap-southeast-2
granted_sso_role_name = MyRoleName
granted_sso_start_url = https://example.awsapps.com/start
credential_process = granted credential-process --profile my-profile
and then run
aws sts get-caller-identity --profile my-profile
and Granted keychain storage will be used to load the SSO token. This eliminates the need to authenticate with AWS SSO a second time when running commands which use the --profile flag.
Access request integration
If you're using the Granted CLI with Granted Approvals, running granted settings request-url set will set a request URL. You'll be prompted to request access to roles if Granted receives a ForbiddenException error when trying to assume them.
❯ aws sts get-caller-identity --profile needs-requesting
Error when retrieving credentials from custom-process: error: operation error SSO: GetRoleCredentials, https response error StatusCode: 403, RequestID: 88c940dd-9f53-4bdf-a49c-f6f6f6f2b50d, api error ForbiddenException: No access
You need to request access to this role:
https://example.com/access?type=commonfate%2Faws-sso&permissionSetArn.label=MyRole&accountId=123456789012
New service shortcuts
Running assume -s ce will open a console to Cost Explorer (#258). Thanks for the contribution @mjulian!
UX improvements
We now support automatically re-assuming roles for ZSH (#228). Thanks to @sosheskaz for the contribution! To enable this, set GRANTED_ENABLE_AUTO_REASSUME=true in your .zshrc. We're working on further improving this for other shells using the AWS credential_process's built in refreshing functionality in #263.
Our session credential duration is now displayed in a far more readable format too (#259). Thanks to @alexjurkiewicz for the contribution!
[demo-sandbox1](ap-southeast-2) session credentials will expire in 1 hour
Bug fixes
We fixed a regression which caused assume to not print any output on headless Linux machines (#260) - thanks to @QuinnyPig for helping to diagnose the specific commit which caused this! We've added additional testing to our CI to prevent this happening in future (#265).
We also fixed an issue where the browser launched by Granted would be closed if you pressed Control+C in the terminal which originally opened the browser (#252).
What's Changed
- Add granted sso populate/generate commands by @misterjoshua in #230
- Fix sso flag, prevent aws profile export by @JoshuaWilkes in #245
- fixed error checks by @meyerjrr in #251
- Add a shortcut for Cost Explorer by @mjulian in #258
- feat: Display credential duration in human-readable form by @alexjurkiewicz in #259
- refactor browser launching logic and use better process forking by @chrnorm in #252
- Add automatic reassume functionality for zsh by @sosheskaz in #228
- Add credential_process support, including the ability to request access to roles if CLI is used with Granted Approvals by @jordiup in #257
- fix assume script not printing output properly on linux by @chrnorm in #260
- Add shellcheck to CI pipeline by @chrnorm in #265
- Fix missing command by @JoshuaWilkes in #266
New Contributors
- @misterjoshua made their first contribution in #230
- @mjulian made their first contribution in #258
Full Changelog: v0.2.9...v0.3.0
Contributors
Assets 2
v0.2.9
What's Changed
- Allow filtering by multiple space-separated tokens by @alexjurkiewicz in #233
- update logic for running assume/sso command by @JoshuaWilkes in #234
- Add WSL support for browser auto-detection by @cmddx in #237
Full Changelog: v0.2.8...v0.2.9
Contributors
Assets 2
v0.2.8
What's Changed
- Fix sso aws outputs by @meyerjrr in #218
- Propagate environment vars to exec command by @sosheskaz in #223
- active role sso init by @jordiup in #225
- Use
role_session_namefrom AWS config if defined instead of unique generated ID by @pdecat in #226 - Add PREFIX variable to Makefile to allow installing to alternative locations by @pdecat in #227
- update the browser configuration flow by @JoshuaWilkes in #221
- Update flag usage by @JoshuaWilkes in #220
- fix make file prefix path by @JoshuaWilkes in #231
New Contributors
Full Changelog: 0.2.6...v0.2.8
Contributors
Assets 2
v0.2.6
What's Changed
- The -s flag now assumes -c by @cmddx in #204
- Add missing newline by @alexjurkiewicz in #202
- Update assume.ps1 to call assumego in the same directory by @fdx-wayne-yeap in #186
- Localize datetime for session token expiration by @sosheskaz in #206
- Fix conflicting exported names by @meyerjrr in #209
- Implement a basic sso command for arbitrary sso assumes by @JoshuaWilkes in #195
- update go.sum by @chrnorm in #210
- add additional expiry check for credentials by @JoshuaWilkes in #211
New Contributors
- @cmddx made their first contribution in #204
- @fdx-wayne-yeap made their first contribution in #186
- @sosheskaz made their first contribution in #206
Full Changelog: v0.2.5...v0.2.6
Contributors
Assets 2
v0.2.5
Fixes an issue where an error would be returned if the AWS credentials file (~/.aws/credentials on Unix machines) doesn't exist.
What's Changed
Full Changelog: v0.2.4...v0.2.5
New Contributors
Contributors
Assets 2
v0.2.4
Contributors
Assets 2
v0.2.3
This release includes a range of feature requests and fixes from our Issues on github.
Thanks @alexjurkiewicz for your shorthand region syntax allowing you to launch the console or terminal to a region without typing the whole name out. assume demo -r ue1 is equivalent to assume demo -r us-east-1
Thanks @tassm for introducing support for loading profiles from the .credentials file when running assume, you will now see options from both your ~/.aws/config file and your ~/.aws/credentials file.
We have made some improvements to our profile parsing which reduces response time of the assume command and autocomplete for users with large config files >7000 lines long. These users should see seconds reduced to milliseconds for the assume command.
What's Changed
- Assume profiles from credentials file [https://github.com//issues/117] by @tassm in #182
- Use external-id if available when sso assuming roles by @JoshuaWilkes in #187
- Shorthand region flag by @alexjurkiewicz in #188
- add a workaround to grant item permissions to granted binary by @JoshuaWilkes in #190
- Set keychain as default backend for new mac installs by @JoshuaWilkes in #191
- Make granted sessions uniquely identified by @JoshuaWilkes in #189
- reduce loading times by deferring initialisation of profile by @JoshuaWilkes in #192
New Contributors
Full Changelog: v0.2.2...v0.2.3
Contributors
Assets 2
v0.2.2
Contributors
Assets 2
v0.2.1
What's Changed
- Support arbitrary service names by @alexjurkiewicz in #177
- Assume and Granted Tab Completion for ZSH by @JoshuaWilkes in #180
Tab auto complete for zsh is now available, checkout the docs to get started using it!
Full Changelog: v0.2.0...v0.2.1
Contributors
Assets 2
v0.2.0
This release adds better support for using Granted to authenticate to EKS clusters! Thankyou to @nicgrayson for helping us improve Granted for this use case. We've added a recipe for using Granted with EKS to our documentation.
Additionally this release adds support for more service shortcuts when using the assume -s <SERVICE_NAME> command. Thanks to @alexjurkiewicz and @holly-evans for contributing these!
Download this release by following our getting started guide.
What's Changed
- Add waf & rds shortcuts by @alexjurkiewicz in #171
- Add service shortcuts by @holly-evans in #175
- don't prefix with GrantedOutput if env var is set by @chrnorm in #174
New Contributors
- @alexjurkiewicz made their first contribution in #171
- @holly-evans made their first contribution in #175
Full Changelog: v0.1.17...v0.2.0
