Releases: Cox-Automotive/alks-cli
v3.9.2
v3.9.1
Fixes a bug with storing/retrieving the password from the os keychain. Prior to this, the password was being stored under alkspassword but retrieved from alksuid, effectively making it impossible to update your password in the keychain. I don't know how nobody else has had issues with this yet
v3.9.0
Adds the --non-interactive flag so that you can pre-/configure individual fields when running alks developer configure.
The request for this feature is coming from the need in the arf-core repo to be able to configure a credential-process for the ALKS cli while keeping all other user settings (by copying the ~/.alks-cli/ folder into a docker container). However, I believe this feature will also serve other use cases since I've seen usages where people try to preconfigure the CLI by setting the ALKS_SERVER, ALKS_USERID, and ALKS_PASSWORD environment variables, but now they will be able to do this without needing to set environment variables
v3.8.0
As requested by @psmith6, this provides a way to bypass alks opening up the token management page by allowing you to directly pass in your token by piping it through STDIN. Since this change was made for MFA token authentication I figured it was only fair to extend it to basic username/password authentication as well.
I liked the idea of allowing users to pass their tokens easily through CLI args and I had already started working on this exact feature a couple weeks ago but unfortunately discovered it's fairly unsafe since it leaks credentials to any other process on the user's machine. This article does a decent job explaining this reasoning if you want to read more. As an alternative, I made this PR on top of the changes you provided so that you can still configure the cli via a oneliner by piping your credentials like this as long as all the other necessary options are provided:
echo 'your-refresh-token' | alks developer configure \
--server 'https://alks.coxautoinc.com/rest' \
--username bwatson3 \
--account '012345678910/ALKSAdmin - awstest123' \
--role Admin \
--auth-type refresh-token \
--output envand you can also set only your refresh token via
echo 'your-refresh-token' | alks developer login2fabut keep in mind for this command the cli will still need you to have already set a server url so that it can verify the refresh token works, so you'd need to make sure you had either already configured the cli with alks developer configure ... or set the ALKS_SERVER environment variable
Piping credentials in this way is more safe than specifying them via cli args and doing so will cause ALKS to skip the logic where it opens up a browser window with the token management page
Contributors
Assets 2
v3.7.4
v3.7.3
v3.7.2
Fixes the following bugs related to the automatic migration of the alks.db file:
- moves the logic for ensuring that the
~/.alks-clidirectory is created into its own function so that it can guarantee the existence of the directory before trying to move or read files in that location - re-adds support for the
ALKS_DBenvironment variable for specifying a custom path for thealks.dbfile (which was broken by a recent update) to support legacy use cases
v3.7.1
v3.7.0
v3.6.0
Adds support for dynamic roles with template fields. For example, to create a role with the role type Amazon EKS IRSA you could do the following with the CLI:
alks iam createrole --rolename MyDynamicRole -t 'Amazon EKS IRSA' -a '336692926357/ALKSAdmin - awsalksnp' -r Admin -T OIDC_PROVIDER=field1,K8S_NAMESPACE=field2,K8S_SERVICE_ACCOUNT=field3