v0.20.7

Added better error handling for oauth2 invalid_grant error

we have added better error handling for the oauth2 invalid_grant error. Now, whenever this error is encountered, Granted automatically clears the cached token and sends a message like:

[i] It looks like the above error was caused by an invalid authentication token. We have cleared the token from your keychain. To re-run the command, you'll need to authenticate again by running: 'granted login https://d3h0e9z8klkkkk.cloudfront.net/'

What's Changed

• Improve oauth2 error handling for Glide authentication by @shwethaumashanker in #596
• Update service_map.go to add codeartifact, codesuite and codecommit by @wayne-folkes in #594

Full Changelog: v0.20.6...v0.20.7

v0.20.6

Fix for assume --exec with multiple arguments/spaces

The output from goassume when --exec is provided now returns the arguments with proper escaping/splitting to ensure they are evaluated when passed to sh -c in the assume script.

What's Changed

• Fix export lookup values when exporting credentials by @cedieio in #578
• fix: assume --exec with multiple arguments/spaces by @lyoung-confluent in #584
• Fix backwards invocation of io.Copy by @sosheskaz in #589
• Create ~/.aws/config if it does not exist by @sosheskaz in #590

Full Changelog: v0.20.5...v0.20.6

v0.20.5

What's Changed

• Fix SSO_START_URL lookup for credential exports by @cedieio in #572
• Revert "Ensure proper initialization of profiles with source_profile" by @JoshuaWilkes in #576

Full Changelog: v0.20.4...v0.20.5

v0.20.4

Added TTY support for --exec

--exec now uses the shell script to execute commands instead of Go; this enables TTY applications to work as expected.

ExportSSOToken Configuration and --export-sso-token Flag

@cedieio has introduced the --export-sso-token flag, which exports the SSO token to ~/.aws/sso/cache. The ExportSSOToken configuration automatically exports the SSO token by default.

Change in EKS set up

The command field in your ~/.kube/config needs to be changed to assume from assumego. Follow docs here

What's Changed

• Allow access token to be exported to plain text on ~/.aws/sso/cache by @cedieio in #518
• fix(fish_alias): fix assume script path for fish alias for brew by @Mallear in #561
• support exec using shell script for TTY applications by @JoshuaWilkes in #549
• Ensure proper initialization of profiles with source_profile by @XargsUK in #559
• Do not overwrite AWS config when sync fails by @sosheskaz in #569
• 🐛 Fix SSO token lookup keys by @cedieio in #565
• 🔧 Add ExportSSOToken config by @cedieio in #566

New Contributors

• @cedieio made their first contribution in #518
• @Mallear made their first contribution in #561
• @XargsUK made their first contribution in #559

Full Changelog: v0.20.3...v0.20.4

v0.20.3

Generate JSON output for SSO token expiry

Run granted sso-tokens expiry --json to print the SSO token expiry in JSON. Additionally, you can use jq to filter and display only the expired tokens in JSON format: granted sso-tokens expiry --json | jq -r '[.[] | select(.is_expired == true)]'

What's Changed

• add aos (Amazon OpenSearch) to ServiceMap by @eserte in #552
• fix(firefox_dev): fix granted containers for Firefox Dev Edition by @paulhobbel in #553
• Fix for IAM in secure storage + MFA issue by @shwethaumashanker in #557
• Output-sso-expiry-in-JSON by @shwethaumashanker in #550

New Contributors

• @eserte made their first contribution in #552
• @paulhobbel made their first contribution in #553

Full Changelog: v0.20.2...v0.20.3

v0.20.2

What's Changed

Downgrades aws config package and dependency ini due to a performance regression causing large config files to hang

• Update ini vers by @meyerjrr in #546

Full Changelog: v0.20.1...v0.20.2

v0.20.1

What's Changed

• Add method to profile to fetch the correct sso region and sso start url by @JoshuaWilkes in #544
• fix assume output for setting up SSO ENV VARS by @JoshuaWilkes in #545

Full Changelog: v0.20.0...v0.20.1

v0.20.0

--chain flag for Inline Role Assumption

You can now use the new --chain flag to assume another role inline. This feature can be utilized in conjunction with either the --exec option or as part of a regular profile definition.

assume <base-profile> --chain arn:aws:iam::12345678912:role/aws-example --exec -- aws sts get-caller-identity

or

assume <base-profile> --chain arn:aws:iam::12345678912:role/aws-example

DefaultExportAllEnvVar config

You can now include the DefaultExportAllEnvVar=true configuration in your ~/.granted/config file. This configuration will enable the automatic export of all environment variables by default when credential_process is used.

ExportCredsToAWS config

You can also include the ExportCredsToAWS=true configuration in your ~/.granted/config file. This will enable credentials to be exported to ~/.aws/credentials by default.

What's Changed

• fix: --unset flag not unsetting AWS_DEFAULT_REGION by @Eddie023 in #526
• add skip cred process string validation option by @JoshuaWilkes in #514
• Added ExportCredsToAWS config by @shwethaumashanker in #541
• Added DefaultExportAllEnvVar config by @shwethaumashanker in #540
• fix panic: runtime error by @shwethaumashanker in #537
• fix AWS SSO polling config by @chrnorm in #535
• add --chain flag to assume another role inline by @JoshuaWilkes in #527
• Use AWS SDK to load sso-session sections enable multiple sso users by @JoshuaWilkes in #530

Full Changelog: v0.19.2...v0.20.0

v0.19.2

What's Changed

• revert change to validation by @JoshuaWilkes in #523
• fix chrome profiles not launching if they contain slashes + automatically rename Chrome profiles by @chrnorm in #525

Full Changelog: v0.19.1...v0.19.2

v0.19.1

What's Changed

• -x alias for --export-all-env-vars by @dlambda in #520
• added assume debugging by @shwethaumashanker in #513
• Fix for RegisterClient AWS region error by @shwethaumashanker in #521

New Contributors

• @dlambda made their first contribution in #520

Full Changelog: v0.19.0...v0.19.1