gsts

Changelog

• Bump dependencies.
• Fix engines.node version constraint on package.json.

This version introduces a major shift of gsts to a credential_process provider - so much, in fact, that its internal structure has been completely adapted to behave like one by default.

As part of this refactor, there are a number of breaking changes too.

Breaking Changes

• gsts is now a credential_process provider and should not called manually anymore.

  The ~/.aws/config should similar to the below:

  [default]
  credential_process = gsts --idp-id=12345 --sp-id=67890
  

• Credentials are no longer stored under ~/.aws/config but instead under gsts own cache directory (~/Library/Caches/gsts on macOS, %LOCALAPPDATA%\gsts\Cache on Windows and ~/.cache/gsts on Linux) .

• All command line parameters are now overridable by corresponding environment variables with the GSTS_ prefix.

• Remove --google-* aliases.

• Remove support for node < 18.

• Daemon support has been removed in favor of the credential_process setup.

• Playwright-specific parameters (--engine-executable-path, --engine) have had --playwright added to them to make it more explicit on what they achieve (--playwright-engine-executable-path and --playwright-engine).

New Features

• Add support for cacheless operation mode with --no-credentials-cache.
• Add support for processing the following AWS CLI variables:
  • AWS_REGION
  • AWS_DEFAULT_REGION
  • AWS_PROFILE
• Add support for configuring gsts under ~/.aws/config (or any other directory configured via $AWS_CONFIG_FILE).
• Add support for setting the playwright engine channel via --playwright-engine-channel.
• Store SAML assertion in cache for further automation power.

Improvements

• Migrated to AWS SDK v3.
• Fix headless hang when Google forces interactive login mode.
• Logging has been reworked to make gsts a lot less verbose and respect non-TTY sessions more accurately.
• Set permissions for credentials file for read-write to the owner only (600).

Notable Updates

• Bump [email protected].

Changelog

• Add note about reported aws-cli workaround
• Fix mkdirp issues on Windows platforms

Changelog

Maintenance release

• Fix a failing test when testing JSON output.

Changelog

• Add support for credential_process via --json. The credentials will be printed to stdout in json allowing AWS tools to parse this output and use it as part of their internal authentication process. See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html for more details.

Changelog

Maintenance release.

• Add missing puppeteer-device-viewport-plugin to package.json.

Changelog

• Minor tweaks to run on node v8. This is not a future guarantee that node < 10 will continue to be supported.
• Improvements to puppeteer's stealth mode.

Changelog

• Fix issue with session validation when a custom role ARN is not set
• Add an improved iframe stealth plugin to make puppeteer more resilient

Changelog

• Add workaround attempt to avoid duplicate email insertion on login page.

Changelog

• Automatically fetch new session credentials if role ARN changes
• Use more reliable method of detecting max role session duration
• Always return control to the terminal in case an unhandled rejection occurs
• Add support for AWS China and AWS GovCloud (US) ARNs

Changelog

• Allow overriding session duration. By default, gsts will use the IDP-provided session duration, but the role may have a custom MaxSessionDuration setting. In these situations, gsts will attempt to fetch this property and make sure that the requested SessionDuration from the STS service never exceeds it.
• Make daemonizer dynamically aware of program arguments
• Fix console command throwing error

Changelog

• Initial implementation of AWS STS login via Google SSO using puppeteer

Changelog

• Whitelist further URLs used for Google SSO
• Bump dependencies

Changelog

• Use binary name to spawn child

Changelog

• Revamp documentation and new daemon mode
• Add project logo

Changelog

• Make sure the global gsts binary is called when going headful

Changelog

• Maintenance release to add a missing file (logger.js) to the npm package

Changelog

• Add PATH environment to generated plist

Changelog

• Use process.cwd() instead of relying on PATH
• Catch more errors when closing the browser UI
• Passthrough --clean and force re-authentication
• Add logging for cleaning up the session directory
• Skip parsing credentials if they are not available

Changelog

• Revert usage of process.cwd() instead of relying on PATH