Skip to content

Latest commit

 

History

History
202 lines (137 loc) · 10.3 KB

CHANGELOG.md

File metadata and controls

202 lines (137 loc) · 10.3 KB
Raw

Changelog

1.2.2 (August 30, 2023)

  • Ensure evaluation of CLI flag for profile is in the same order as the other flags #124
  • Retry cached access token if it isn't expired by but receives API error #127

1.2.1 (August 15, 2023)

  • Friendly IdP and Role labels don't also print out ARN value (less text clutter in the UI)

1.2.0 (August 15, 2023)

1.1.0 (July 13, 2023)

  • Print out operational debugging information flag #113, thanks @monde!

1.0.2 (June 27, 2023)

  • #112, thanks @monde!
    • Fix broken preselecting --aws-iam-idp / OKTA_AWSCLI_IAM_IDP value #95
    • Ensure ENV VAR OKTA_AWSCLI_PROFILE is honored. #109
    • Operation to debug/inspect okta.yaml config for valid format #106

1.0.1 (May 04, 2023)

1.0.0 (May 02, 2023)

ENHANCEMENTS

NOTICES

New Features

  • --expiry-aws-variables CLI flag for x_security_token_expires support in AWS creds file
  • --cache-access-token CLI flag to cache the access token associated device authorization to preempt needing to open the browser frequently
  • Friendly IdP menu labels for long ARN values can be set in $HOME/.okta/okta.yaml

ENV VAR changes

The following ENV VARs have been renamed

old value new value
AWS_IAM_IDP OKTA_AWSCLI_IAM_IDP
AWS_IAM_ROLE OKTA_AWSCLI_IAM_ROLE
AWS_SESSION_DURATION OKTA_AWSCLI_SESSION_DURATION
FORMAT OKTA_AWSCLI_FORMAT
PROFILE OKTA_AWSCLI_PROFILE
QR_CODE OKTA_AWSCLI_QR_CODE
OPEN_BROWSER OKTA_AWSCLI_OPEN_BROWSER
AWS_CREDENTIALS OKTA_AWSCLI_AWS_CREDENTIALS
WRITE_AWS_CREDENTIALS OKTA_AWSCLI_WRITE_AWS_CREDENTIALS
LEGACY_AWS_VARIABLES OKTA_AWSCLI_LEGACY_AWS_VARIABLES
DEBUG_API_CALLS OKTA_AWSCLI_DEBUG_API_CALLS

Support for non-admin users needing multiple AWS Federation Application support

Multiple AWS environments requires extra configuration for non-admin users. Follow these steps to support non-admin users.

  1. Create a custom admin role with the only permission being "View application and their details", and a resource set constrained to "All AWS Account Federation apps".

  2. Create a group that will contain the AWS custom admin role users.

  3. Add a rule on the admin console authentication policy that denies access if the use is a member of the group from step 2.

  4. Assign non-admin users this custom role in step 1 and assign them to the group in step 2.

The "Admin" button will be visible on the Okta dashboard of non-admin users but they will receive a 403 if they attempt to open the Admin UI.

It is on our feature backlog to get support into the Okta API to allow the multiple AWS Fed apps feature into okta-aws-cli without needing this work around using a custom admin role.

0.3.0 (March 15, 2023)

ENHANCEMENTS

  • Remove an extra colon in usage text #76, thanks @ZhongRuoyu!
  • Deal with deprecated/obsolete/unsupported aws_security_token variable #79, thanks @monde!
  • added proxy support to http client #80, thanks @SaltyPeaches!
  • Try to help the operator if they are using a URL format value for org #82, thanks @monde!
  • Pre-flight check if org is Classic or OIE #84, thanks @monde!
  • Promote AWS_REGION from .env if it exists for proper AWS API behavior #85, thanks @monde!
  • Emit tar.gz and zip archives upon release #87, thanks @monde!

BUG FIXES

  • Fix "SETX commands emitted on Windows have incorrect syntax" #78, thanks @laura-rodriguez!
  • Correctly set session duration from AWS_SESSION_DURATION env var #81, thanks @monde!

MAINTENANCE

NOTICES

In the v1.0.0 release ENV VARs specific to okta-aws-cli will be prefixed with OKTA_ in 12factor format.

old value new value
AWS_IAM_IDP OKTA_AWS_IAM_IDP
AWS_IAM_ROLE OKTA_AWS_IAM_ROLE
AWS_SESSION_DURATION OKTA_AWS_SESSION_DURATION
FORMAT OKTA_FORMAT
PROFILE OKTA_PROFILE
QR_CODE OKTA_QR_CODE
OPEN_BROWSER OKTA_OPEN_BROWSER
AWS_CREDENTIALS OKTA_AWS_CREDENTIALS
WRITE_AWS_CREDENTIALS OKTA_WRITE_AWS_CREDENTIALS
LEGACY_AWS_VARIABLES OKTA_LEGACY_AWS_VARIABLES
DEBUG_API_CALLS OKTA_DEBUG_API_CALLS

0.2.1 (January 24, 2023)

BUG FIXES

  • Fix IdP text rendering bug caused by linting changes #54, thanks @monde!

0.2.0 (January 24, 2023)

ENHANCEMENTS

  • setx output when in Windows environment #49, thanks @monde!
  • --write-aws-credentials implies output format aws-credentials #40, thanks @monde!
  • Verbose HTTP API call/response logging with --debug-api-calls flag #43, thanks @monde!
  • Return underlying Error if present in fetchWebSSO() #47, thanks @emanor-okta!

BUG FIXES

  • Fix setting/getting IDP ARN value when Role Value Pattern is used on AWS Federation App #51, thanks @monde!
  • Accept OPEN_BROWSER, WRITE_AWS_CREDENTALS env vars #50, thanks @monde!

0.1.0 (December 21, 2022)

First GA release

NEW FEATURES

  • Auto pop system web browser to device authorization form when --open-browser CLI flag is present - PR #21
  • Full multiple AWS Federation Applications support - see README - Multiple AWS environments - #28
  • Write/update (instead of append) AWS Credentials file when --write-aws-credentials CLI flag is present - PR #30

ENHANCEMENTS

  • Print response body with error message when API error occurs #22
  • Don't render ncurses select menu for IdP or Role when there is only one item to choose from #25
  • Document policy recommendation for AWS Fed App and OIDC Native App
  • Document need for AWS_REGION env variable if AWS IdP is in a non-commercial AWS region
  • Auto-correct org domain when it is in admin form - ORGNAME-admin.okta.com to ORGNAME.okta.com
  • Illustrate make tools is used to install the tools the Makefile makes use of
  • Notorizing OSX x86_64 and arm64 binaries

BUG FIXES

  • Correctly write creds file when AWS_CREDENTIALS env var is set
  • AWS_PROFILE is unnecessary in env var output

0.0.4 (October 24, 2022)

MVP release

0.0.3 (October 20, 2022)

MVP release

0.0.2 (October 10, 2022)

Release testing

0.0.1 (September 09, 2022)

Initial implementation