Releases: fwdcloudsec/granted
v0.26.0
This release introduces initial support for HTTP Profile Registries. HTTP registries implement the granted.registry.aws.v1alpha1 API.
To add a HTTP registry, you can run:
granted registry add --name <name> --url <url_of_registry_deployment> --type http
The Common Fate platform implements the HTTP Profile Registry in the v1.42.0 release.
You can read more about Profile Registries here.
What's Changed
- add command for setting up new cf registry by @meyerjrr in #653
- Fix the default type for the 'granted registry add' command by @chrnorm in #657
Full Changelog: v0.25.0...v0.26.0
Contributors
Assets 2
v0.25.0
This release adds support for using Sprig template functions in granted sso populate and granted sso generate. Here's an example:
granted sso populate --sso-region us-east-1 --prune --prefix gen_ --profile-template '{{ .RoleName | strings.ToLower }}-{{ .AccountName | strings.ToLower }}' https://<snip>.awsapps.com/startAdditionally, this release allows granted sso generate/granted sso populate configuration to be persisted in the Granted config file (~/.granted/config by default). You can now add the following section to your config file:
[SSO.default]
StartURL = "https://d-976708da7d.awsapps.com/start"
SSORegion = "ap-southeast-2"and then run the following command to generate a ~/.aws/profile file, without needing to provide additional arguments:
granted sso generateA huge thankyou to @mikesarver for contributing both of these new improvements.
Additionally, this release fixes some release pipeline issues which caused keychain errors in v0.24 for Intel MacOS (#647). If you're experiencing issues on v0.24 please update to this release.
What's Changed
- bump awsconfigfile by @mikesarver in #648
- for granted sso command, add storing parameters in input config #650 by @mikesarver in #651
New Contributors
- @mikesarver made their first contribution in #648
Full Changelog: v0.24.0...v0.25.0
Contributors
Assets 2
v0.24.0
This version adds support for clearing the Granted cache non-interactively, thanks to @jsproede in #643.
granted cache clear --storage session-credentials --profile [profile_name]
skips the prompts and clears the cache entry immediately.
This version additionally fixes the fish shell completions thanks to @Hawkbawk in #645.
What's Changed
- support JIT role activation in assume --console commands by @meyerjrr in #644
- CLI flags to specify storage and profile to clear credential cache without prompt by @jsproede in #643
- Autoload fish completions and fix Makefile by @Hawkbawk in #645
New Contributors
Full Changelog: v0.23.2...v0.24.0
Contributors
Assets 2
v0.23.2
What's Changed
- Increase backoff for attempted assume by @meyerjrr in #640
- Bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #641
Full Changelog: v0.23.1...v0.23.2
Contributors
Assets 2
v0.23.1
What's Changed
- Ensure "firefoxstdout" doesn't get prefix-matched as "firefox" by @gautamg795 in #635
- Propagate prefixDuplicateProfiles option by @sosheskaz in #639
- Add apigateway to service map by @treuherz in #636
New Contributors
- @gautamg795 made their first contribution in #635
- @treuherz made their first contribution in #636
Full Changelog: v0.23.0...v0.23.1
Contributors
Assets 2
v0.23.0
This release brings a few minor bug fixes and support for Just-In-Time (JIT) access using Common Fate. For more information on JIT access, check out the JIT recipe in our documentation. A big thankyou to @Nepoxx for making their first contribution in this release!
What's Changed
- Cleanup profile registry implementation + improve testability by @chrnorm in #622
- fix bug where every line is removed in config by @Nepoxx in #631
- Update just-in-time access integration by @chrnorm in #630
- cleanup the large banners and replace them with a single-line version by @chrnorm in #633
- add a check for empty access key ID when caching by @chrnorm in #632
New Contributors
Full Changelog: v0.22.0...v0.23.0
Contributors
Assets 2
v0.22.0
IAM Federated logins now have attributable username in Cloudtrail
- The changes refactor the way federation token ID is used for AWS IAM credentials. Instead of relying on the userID which was previously parsed, the code now uses the userName which is more easily attributable to the IAM user name in the Cloudtrail events list view.
What's Changed
- fix runtime error when sso token expires by @shwethaumashanker in #627
- Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @dependabot in #621
- feat: Use aws:username for IAM initiated federated console sessions. by @matthewhembree in #626
New Contributors
- @matthewhembree made their first contribution in #626
Full Changelog: v0.21.1...v0.22.0
Contributors
Assets 2
v0.21.1
Contributors
Assets 2
v0.21.0
Added support for refreshable AWS SSO
You can now add granted_sso_registration_scopes = sso:account:access to your ~/.aws/config, which will cause Granted to respect the session duration in IAM Identity Center. This can be extended to prompt less frequently. Supplying thesso:account:access scope will cause IAM Identity Center to return a refreshable access token, with a total allowed session time in accordance with your configured AWS SSO session length.
What's Changed
- Adds event bridge service map by @CodyDunlap in #611
- Delete former credentials when rotating (
granted credentials rotate) by @n3s7or in #582 - Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by @dependabot in #586
- Add support for refreshable AWS SSO tokens by @chrnorm in #616
New Contributors
- @CodyDunlap made their first contribution in #611
Full Changelog: v0.20.7...v0.21.0
Contributors
Assets 2
v0.20.7
Added better error handling for oauth2 invalid_grant error
we have added better error handling for the oauth2 invalid_grant error. Now, whenever this error is encountered, Granted automatically clears the cached token and sends a message like:
[i] It looks like the above error was caused by an invalid authentication token. We have cleared the token from your keychain. To re-run the command, you'll need to authenticate again by running: 'granted login https://d3h0e9z8klkkkk.cloudfront.net/'
What's Changed
- Improve oauth2 error handling for Glide authentication by @shwethaumashanker in #596
- Update service_map.go to add codeartifact, codesuite and codecommit by @wayne-folkes in #594
Full Changelog: v0.20.6...v0.20.7
