Kion CLI v0.8.0

Version 0.8.0 adds support for Firefox containers, support for Windows Command Prompt and PowerShell, and improved shell history support when dropping into sub-shells (the kion stak command). Firefox container support adds the ability to federate into multiple AWS accounts at the same time for more advanced workflows. Note that Firefox container support requires the Open external links in a container add-on as well as an update to your ~/.kion.yml configuration file. See the repo README.md for more details. A big thank you to @joraff and @mjburling for help with development and testing!

Added

• Added support for Firefox containers [/pull/72]
• Added support for Windows Command Prompt and PowerShell [/pull/72]
• Configured subshells to pull and set HISTFILE in zsh [/pull/70]

Fixed

• Exit non-zero if an error is encountered [/pull/65]

Kion CLI v0.7.0

Version 0.7.0 adds flag support to console federation, addresses a bug that presented when using paths with AWS IAM roles, and adds a method for keeping your Kion password in encrypted storage (eg the system keyring).

Added

• Added support for flags (account alias/number and car) to console federation [/pull/61]
• Added support for storing login password in encrypted storage [/pull/53]

Fixed

• Console federation bug when using AWS IAM roles containing a path [/pull/60]

Kion CLI v0.6.0

Version 0.6.0 adds support for account aliases coming in Kion 3.9.9 and 3.10.2. Account aliases are globally unique user defined identifiers for accounts stored in Kion. Aliases can be used with the stak and run commands instead of specifying account numbers.

Added

• Added support for account aliases [/pull/51]

Kion CLI v0.5.0

This release changes how caching is handled for Gnome users. After upgrading a new empty cache in the default login keyring will be used. The old kion-cli keyring can be safely removed.

Changed

• Updated keyring config for Gnome Wallet (libsecret) to use the default login keyring [/pull/49]

Kion CLI v0.4.1

Fixed

• Patched the package github.com/dvsekhvalnov/jose2go to version 1.6.0 to address Dependabot security findings [/pull/48]

Kion CLI v0.4.0

SAML Authentication is now supported for Kion versions < 3.8.0. No additional configuration is required for use, see README.md for details on SAML authentication with the CLI.

Added

• A new version constraint will switch between SAML authentication behaviors based on the target Kion version. [/pull/46]

Kion CLI v0.3.0

You can now use Kion CLI with multiple instances of Kion through the use of configuration profiles or by pointing to alternate configuration files. Here are some usage examples:

# point to another configuration file
KION_CONFIG=~/.kion.development.yml kion stak

# use a 'development' profile within your ~/.kion.yml configuration file
kion --profile development fav sandbox

A configuration file for the profile usage example above would look something like this:

# default profile if none specified
kion:
  url: https://kion.mycompany.com
  api_key: "app_123"
favorites:
  - name: production
    account: "232323232323"
    cloud_access_role: ReadOnly

# alternate profiles called with the global `--profile [name]` flag
profiles:
  development:
    kion:
      url: https://dev.kion.mycompany.com
      api_key: "app_abc"
    favorites:
      - name: sandbox
        account: "121212121212"
        cloud_access_role: Admin

Added

• Users can now set a custom config file with the KION_CONFIG environment variable [/pull/42]
• Users can define profiles to use Kion CLI with multiple Kion instances [/pull/42]
• Created a util command and flush-cache subcommand to flush the cache [/pull/42]

Fixed

• Corrected an issue where the Kion CLI configuration file was not actually optional [/pull/42]

Kion CLI v0.2.1

Changed

• Federating into the web console is now handled without iframes or javascript [/pull/40]

Kion CLI v0.2.0

Caching and AWS credential_process support has been added to the Kion CLI! See the AWS docs HERE for more information as well as the README.md document in this repo for examples on how to use Kion CLI as a credential provider.

Kion CLI will now use cached STAKs by default to improve performance and reduce the number of calls to Kion. STAKs will be considered as valid for 15 minutes unless Kion reports back a longer STAK duration. Note that Kion is expected to start returning the duration of a STAK along with the STAK itself starting on versions 3.6.29, 3.7.19, 3.8.13, and 3.9.5.

The cache will be stored in the system's keychain, and depending on your operating system, you may be prompted to allow Kion CLI to access the cache entry on your first run.

Cached STAKs will be used by default unless:

• Caching is disabled via the --disable-cache global flag
• Caching is disabled in the ~/.kion.yml configuration file by setting kion.disable_cache: true
• The credential has less than 5 seconds left and Kion CLI is being used as an AWS credential provider
• The credential has less than 5 seconds left and Kion CLI is being used to run an ad hoc command
• The credential has less than 5 minutes left and Kion CLI is being used to print keys
• The credential has less than 5 minutes left and Kion CLI is being used to create an authenticated subshell
• The credential has less than 10 minutes left and Kion CLI is being used to create an AWS configuration profile

Lastly, the following environment variables will no longer be set when using the run command to execute ad hoc commands:

KION_ACCOUNT_NUM
KION_ACCOUNT_ALIAS
KION_CAR

Added

• Support to use Kion CLI as a credential process subsystem for AWS profiles [/pull/38]
• Add caching for faster operations [/pull/38]
• SAML tokens are now cached for 9.5 minutes [/pull/39]

Changed

• Kion session data has moved from the ~/.kion.yml configuration file to the cache [/pull/39]

Removed

• KION_* env variables removed from subshell environments when using the run command [/pull/38]

Kion CLI v0.1.1

Fixed

• Corrected version number when running --version flag [/pull/36]