- As of v1.4.0 release candidates will be published in an effort to get new features out faster while still allowing time for full QA testing before moving the release candidate to a full release.
What's New:
- Added a new global config setting for CA bundle certificates.
Enhancements:
- Added new
ca_bundleglobal setting for user provided CA bundle certs.
Bug Fixes:
- Switched
pybritive-kube-execto full path in for kube config.
Dependencies:
britive>=2.25.0rc4
Other:
- None
What's New:
- Support for step up MFA/OTP when performing a
checkout, using the--otpflag.
Enhancements:
- None
Bug Fixes:
- Fixed
python3.7compatibility issues. - Removed unexpected keyword argument from
hashlib.sha512calls.
Dependencies:
britive>=2.25.0rc3- Moved to minimally freezing dependencies.
Other:
- Documentation linting/conformity updates.
- Python linting changes.
- Resolve dependabot issue dependabot/7.
- Testing updates for
python3.7compatability and warn when API token is present instead of fail.
What's New:
- Display system announcement/banner if one is present for the tenant
- Support for OpenShift checkout modes
os-ocloginandos-ocloginexec. These checkout modes will perform the OIDC authorization code grant flow and extraction of theoc logincommand in code vs. having to use the browser. It is a "best effort" approach as the OpenShift login pages and programmatic access pages could change over time.
Enhancements:
- New checkout mode of
gcloudauthexecwhich will invoke, via sub-shell, thegcloud auth activate-service-accountcommand to switch credentials forgcloud. Additionally, acheckinwill reset this configuration. - Adds 3 part profile name for command
ls profiles -f json- #141
Bug Fixes:
- Fix issue related to the
cacheandclearcommands when no global default tenant is set - Fixes issue with
--force-renewoncheckoutnot providing the--consoleflag properly tocheckin - Flag
-pwas being used by--maxpolltimeand--passphrasefor commandcheckout. Switched--maxpolltimeto-x.
Dependencies:
britive>=2.24.0- Removal of
pkg_resourcesdependency
Other:
- Documentation updates for
--federation-providerandspacelift - Documentation update for Azure Managed Identities
- Introduction of
__version__in__init.py__ - Re-enabling the system banner/announcement logic
What's New:
- Support for OpenShift checkout modes
os-ocloginandos-ocloginexec. These checkout modes will perform the OIDC authorization code grant flow and extraction of theoc logincommand in code vs. having to use the browser. It is a "best effort" approach as the OpenShift login pages and programmatic access pages could change over time.
Enhancements:
- Adds 3 part profile name for command
ls profiles -f json- #141
Bug Fixes:
- Fixes issue with
--force-renewoncheckoutnot providing the--consoleflag properly tocheckin - Flag
-pwas being used by--maxpolltimeand--passphrasefor commandcheckout. Switched--maxpolltimeto-x.
Dependencies:
britive>=2.24.0rc5- Removal of
pkg_resourcesdependency
Other:
- Documentation updates for
--federation-providerandspacelift - Documentation update for Azure Managed Identities
- Introduction of
__version__in__init.py__ - Re-enabling the system banner/announcement logic
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Remove the banner logic as the banner api is not yet available in production
Dependencies:
- None
Other:
- None
What's New:
- Display system announcement/banner if one is present for the tenant
Enhancements:
- New checkout mode of
gcloudauthexecwhich will invoke, via sub-shell, thegcloud auth activate-service-accountcommand to switch credentials forgcloud. Additionally, acheckinwill reset this configuration.
Bug Fixes:
- Fix issue related to the
cacheandclearcommands when no global default tenant is set
Dependencies:
britive>=2.24.0rc1
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fixes issue when an authentication token has been invalidated on the server side by discarding local credentials and re-authenticating
- Send proper logout type based on the type of user (local or SAML)
Dependencies:
- None
Other:
- Additional debug logging related to the authentication process
- Remove logic for "safe token expiration" now that CLI and Browser tokens are shared
- Switch to extracting expiration time from the JWT instead of calculating based on auth time + session duration
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
- None
Other:
- Additional debug logging related to the authentication process
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Switch to extracting expiration time from the JWT instead of calculating based on auth time + session duration
Dependencies:
- None
Other:
- Additional debug logging related to the authentication process
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Remove logic for "safe token expiration" now that CLI and Browser tokens are shared
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Continuing to troubleshoot the
401 - EOOOOlogin issue.
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- Send proper logout type based on the type of user (local or SAML)
Bug Fixes:
- Fixes issue with
usercommand
Dependencies:
- None
Other:
- Additional logging when entering a login/logout loop
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fixes issue when an authentication token has been invalidated on the server side by auto-logging out the user from the CLI and re-authenticating
Dependencies:
- None
Other:
- None
What's New:
- Initial support for Kubernetes - this functionality is not yet available publicly on the Britive Platform - this is a beta feature for internal use only
Enhancements:
- Add command
cache kubeconfig - Update command
cache clearto delete the kube config file if it exists - Add global config flag
auto-refresh-kube-configset byconfigure update global auto-refresh-kube-config true - Add checkout mode
k8s-execfor use exclusively inside anexeccommand of a kube config file - Add console helper script
pybritive-kube-execfor use exclusively inside anexeccommand of a kube config file - Add the
pybritivepackage version into theUser-Agentstring used by the Britive Python SDK (britivepackage) - For command
ls profiles -cshow the time remaining for the checkout - Add new flag
-e/--extendto commandcheckoutwhich will extend the expiration time of a currently checked out profile (only applicable to specific application types)
Bug Fixes:
- Clarified language in an error message when an authentication token has been invalidated on the server side and the resulting action the user must take to clear the token
- Fix bug in
configure importrelated to the default AWS checkout mode
Dependencies:
britive>=2.23.0
Other:
- Documentation update to reflect that auto-login via browser will only work if the browser launched by
pybritiveis the same as the browser where the user is already authenticated to Britive.
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix bug in
pybritive-kube-execandpybritive-aws-cred-processfor handling the--extendflag of acheckoutcommand
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- For command
ls profiles -cshow the time remaining for the checkout - Add new flag
-e/--extendto commandcheckoutwhich will extend the expiration time of a currently checked out profile (only applicable to specific application types)
Bug Fixes:
- Fix bug in
configure importrelated to the default AWS checkout mode
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Clarified language in an error message when an authentication token has been invalidated on the server side and the resulting action the user must take to clear the token.
- More gracefully handle when a Kubernetes
certificate-authority-datacannot be base64 decoded to a proper certificate - we will skip over that specific cluster.
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fixed bug with auto generated kube config when no alias existed for a profile.
Dependencies:
- None
Other:
- None
What's New:
- Initial support for Kubernetes - this functionality is not yet available publicly on the Britive Platform - this is a beta feature for internal use only
Enhancements:
- Add command
cache kubeconfig - Update command
cache clearto delete the kube config file if it exists - Add global config flag
auto-refresh-kube-configset byconfigure update global auto-refresh-kube-config true - Add checkout mode
k8s-execfor use exclusively inside anexeccommand of a kube config file - Add console helper script
pybritive-kube-execfor use exclusively inside anexeccommand of a kube config file - Add the
pybritivepackage version into theUser-Agentstring used by the Britive Python SDK (britivepackage)
Bug Fixes:
- None
Dependencies:
- None
Other:
- Documentation update on bash command to add the python
binpath to yourPATHenvironment variable.
What's New:
- None
Enhancements:
- Enrich shell completion results for the
apicommand - Support
browseroption forlogincommand - Support environment variable
PYBRITIVE_BROWSERto allow a user to specify a default browser option, as well as use non-standardwebbrowseroptions.
Bug Fixes:
- Fixes an issue with interactive login when randomly generated tokens include
--which the WAF sometimes sees as a SQL injection attack - Fixes an issue with
ssh-addand temporary keys filling up thessh-agentdue to the order of command flags - Fixes and issue with
checkinchecking in the wrong profile type (programmatic vs console) - Fixes bug which did not always honor the specified browser.
Dependencies:
britive>=2.22.0
Other:
- Various linting
- Updates to the documentation calling out the requirement to properly escape input based on the shell you are using
- Resolve dependabot issue dependabot/6
- Documentation updates
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive>=2.22.0
Other:
- Updates to the documentation calling out the requirement to properly escape input based on the shell you are using
- Resolve dependabot issue dependabot/6
What's New:
- None
Enhancements:
- Support
browseroption forlogincommand - Support environment variable
PYBRITIVE_BROWSERto allow a user to specify a default browser option, as well as use non-standardwebbrowseroptions.
Bug Fixes:
- Fixes bug which did not always honor the specified browser.
Dependencies:
- None
Other:
- Various linting
What's New:
- None
Enhancements:
- Enrich shell completion results for the
apicommand
Bug Fixes:
- Fixes an issue with interactive login when randomly generated tokens include
--which the WAF sometimes sees as a SQL injection attack - Fixes an issue with
ssh-addand temporary keys filling up thessh-agentdue to the order of command flags - Fixes and issue with
checkinchecking in the wrong profile type (programmatic vs console)
Dependencies:
britive>=2.21.0
Other:
- None
What's New:
pybritive ssh gcp identity-aware-proxycommand - supports OS Login and SSH Instance Metadata- Command
request approve - Command
request reject - Command
ls approvals
Enhancements:
- Support for
sso_idpin the tenant configuration block of the config file. Set withconfigure update tenant-<name> sso_idp <value>. This will enable automatic re-direction to your identity provider, thus eliminating a manual step when authenticating to your tenant. - When checking in an AWS profile remove any AWS
credential_processcached credentials. clear cached-aws-credentials PROFILE
Bug Fixes:
- Better handling which submitting a request to checkout a profile but a prior request has already been approved.
- Properly catch and error when Cognito tokens have been invalidated.
- Resolved issue with profile alias names which included uppercase and special characters.
- Resolved an issue with
checkout --mode browser-*that was not actually launching the browser.
Dependencies:
- Fix dependabot alert for
requests- dependabot/4 - Fix dependabot alert for
cryptography- dependabot/5 britive>=2.20.1
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Better handling which submitting a request to checkout a profile but a prior request has already been approved.
Dependencies:
britive>=2.20.1
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix bug with lowercase vs. uppercase when using tenant config attribute
sso_idp.
Dependencies:
- None
Other:
- None
What's New:
pybritive ssh gcp identity-aware-proxycommand - supports OS Login and SSH Instance Metadata
Enhancements:
- Support for
sso_idpin the tenant configuration block of the config file. Set withconfigure update tenant-<name> sso_idp <value>. This will enable automatic re-direction to your identity provider, thus eliminating a manual step when authenticating to your tenant.
Bug Fixes:
- Properly catch and error when Cognito tokens have been invalidated.
Dependencies:
- Fix dependabot alert for
requests- dependabot/4 - Fix dependabot alert for
cryptography- dependabot/5 britive>=2.20.0
Other:
- None
What's New:
- None
Enhancements:
- When checking in an AWS profile remove any AWS
credential_processcached credentials. clear cached-aws-credentials PROFILE
Bug Fixes:
- None
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
checkoutbug when no--mode/-mis provided.
Dependencies:
- None
Other:
- None
What's New:
- Command
request approve - Command
request reject - Command
ls approvals
Enhancements:
- None
Bug Fixes:
- Resolved issue with profile alias names which included uppercase and special characters.
- Resolved an issue with
checkout --mode browser-*that was not actually launching the browser.
Dependencies:
britive>=2.19.0
Other:
- None
What's New:
pybritive ssh aws ssm-proxycommandpybritive aws consolecommand
Enhancements:
- Additional
--mode/-mvaluesconsole: checkout console access (without having to specify --console/-c`) and print the URLbrowser-mozilla: checkout console access and open a mozilla browser with the checked out URLbrowser-firefox: checkout console access and open a firefox browser with the checked out URLbrowser-windows-default: checkout console access and open a windows default browser with the checked out URLbrowser-macosx: checkout console access and open a macosx browser with the checked out URLbrowser-safari: checkout console access and open a safari browser with the checked out URLbrowser-chrome: checkout console access and open a chrome browser with the checked out URLbrowser-chromium: checkout console access and open a chromium browser with the checked out URL
- For the
checkoutcommand the option--mode/-mwith values ofbrowserandconsolenow implicitly indicate that the console version of the profile should be checked out (without having to specify--console/-c)
Bug Fixes:
- None
Dependencies:
britive>=2.18.0
Other:
- Addition of Community Projects to the README.
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix bug with
logoutcommand when no active credentials were available - Expand
--silent/-sflag to the following commandsapicache profilescheckinloginlogoutls [profiles|environments|applications|secrets]request [submit|withdraw]secret viewuser
- Fix bug when saving profile alias when the
PROFILEis only 2 parts instead of 3
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
apicommand shell completion fixed - dynamic sourcing ofmethodvalues and options from the Britive Python SDK.
Dependencies:
britive>=2.17.0
Other:
- None
What's New:
- Support for Azure Managed Identities as federation providers.
Enhancements:
- Fall back to reduced functionality (no shell completion) when the python environment is using
click<8.0.0.
Bug Fixes:
- If a justification for checkout/secrets viewing is provided, ensure it is <=255 characters.
- Fix issue with extraction of OIDC token expiration time. Moved to
jwtlibrary to perform the token decode.
Dependencies:
- Switching
britivedependency from a compatible version requirement to a>=requirement to capture minor updates. britive>=2.16.0from britive~=2.15.1
Other:
- Modify the error handling and reporting process to not raise
click.ClickExceptionexceptions in thesafe_climethod. Instead, raise the underlying exception so a better error message is provided.
What's New:
- None
Enhancements:
- None
Bug Fixes:
- fix issue with
checkin,request submit,request withdrawldue toPROFILEparameter changes
Dependencies:
- None
Other:
- None
What's New:
- Allowing 2 part
PROFILEparameters (see documentation for details) - Build support for multiple environment name formats (name, id, alternate environment name) for the
PROFILEparameter
Enhancements:
- None
Bug Fixes:
- add a default checkout mode for AWS - bug fix as the effort is to match parity with legacy CLI tool
Dependencies:
- None
Other:
- None
What's New:
- Moving out of beta and into general availability. No other changes except for documentation updates reflecting the move out of beta.
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
cryptography~=39.0.1to resolve dependabot alert #1 and #3certifi>=2022.12.7to resolve dependabot alert #2britive~=2.15.0to bring in new API calls
Other:
- None
What's New:
- The
apicommand is now available which exposes all the methods available in the Britive Python SDK.
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
- None
Other:
- Updated documentation with examples of how to use the new
apicommand.
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix issue with
checkoutand related commands that use thePROFILEpositional argument when the one or more of thePROFILEcomponents (application, environment, profile) have a/in the name. Caller must now properly escape any/with a\(e.g.AWS/Dev\/Test/Admin).
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix interactive login issue for local development when using
BRITIVE_NO_VERIFY_SSL
Dependencies:
- None
Other:
- None
What's New:
- Support Bitbucket as a federation provider
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.14.0frombritive~=2.13.0- bitbucket federation provider
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix GCP console checkout issue
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix console script
pybritive-aws-cred-processdue to recent changes with thecheckoutmethod
Dependencies:
- None
Other:
- None
What's New:
pybritive checkoutwill now report progress of the action by default (ifstdoutis a tty). Can show more verbose output with--verbose/-v. Can silence the progress with the already available--silent\-sflag.
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.13.0frombritive~=2.12.4- checkout progress callback
Other:
- None
What's New:
- Ability to store a GCP
gcloudkey file locally soeval $(pybritive checkout "profile" -m gcloudauth)will automatically authenticate the user with the gcloud CLI. - Ability to override the default location of the GCP
gcloudkey file withpybritive checkout "profile" -m gcloudauth --gcloud-key-file /path/to/key.json - New command
clearwith subcommandscacheandgcloud-key-files.cachehas same functionality aspybritive cache clearandgcloud-key-fileswill remove allpybritivegenerated temporary key files stored in the default location.
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.12.4frombritive~=2.12.3- AWS provider optional session token
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.12.3frombritive~=2.12.2- AWS provider tenant port removal, disable SSL verification, json decode bug fix
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.12.2frombritive~=2.12.1- AWS provider tenant logic fix
Other:
- None
What's New:
NOTE: This is a pre-release feature. It is being published in anticipation of upcoming features being released to production. This functionality will not yet work in production environments.
- Support for workload identity federation providers
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- When checking out a profile, the default is to check out programmatic access unless the
--console/-cflag is set. This enhancement will enable auto check out of console access if programmatic access is not available for the specified profile.
Bug Fixes:
- None
Dependencies:
- None
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- None
Dependencies:
britive~=2.11.2frombritive~=2.11.1- reduced # of API calls required to checkout a profile
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Allow local machine DNS to resolve (e.g. /etc/hosts) for tenant url
Dependencies:
britive~=2.11.1frombritive~=2.11.0
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Allow a port to be specified in a tenant URL
Dependencies:
britive~=2.11.0frombritive~=2.10.0
Other:
- None
What's New:
- None
Enhancements:
- Allow for non
*.britive-app.comtenants. Default tobritive-app.comif no valid URL is provided (for backwards compatibility)
Bug Fixes:
- None
Dependencies:
britive~=2.10.0frombritive~=2.9.0
Other:
- None
What's New:
- None
Enhancements:
- None
Bug Fixes:
- Fix and issue with
pybritive ls profile --checked-outwhere all environments for the checked out profile were being returned instead of just the actual environments checked out.
Dependencies:
britive~=2.9.0frombritive~=2.8.0
Other:
- None
What's New:
pybritive-aws-cred-process- a "side-car" helper script/CLI program that provides a minimal codebase in an effort to reduce the latency of obtaining credentials via the AWScredential_processcommand.
An example of how to use is below. Contents of ~/.aws/credentials...
[profile-a]
credential_process=pybritive-aws-cred-process --profile britive-profile-alias
region=us-east-1Note that the following is also still acceptable.
[profile-a]
credential_process=pybritive checkout britive-profile-alias -m awscredentialprocess
region=us-east-1However, the former reduces the latency of the call by ~50% while still maintaining basic functionality.
Enhancements:
- Provided a
GenericCloudCredentialPrinterclass which handles printing all cloud credentials not covered by a cloud specific credential printer.
Bug Fixes:
- Fixes an issue when checking in a profile due to the
--force-renewflag being set.
Dependencies:
- None
Other:
- None
What's New:
- None
- None
Bug Fixes:
- Fixes an issue with Britive tenant credential encryption when using
backend-credential-process=encrypted-file. If an invalid--passphraseis provided the encrypted credentials will now be removed and a new interactive login process will commence.
Dependencies:
- None
Other:
- None