@glrs-dev/assume 0.12.1 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,29 @@
1
1
  # @glrs-dev/assume
2
2
 
3
+ ## 0.13.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#292](https://github.com/iceglober/glrs/pull/292) [`f954712`](https://github.com/iceglober/glrs/commit/f9547129dd13c00ee316eb012bc087326a6307b7) Thanks [@iceglober](https://github.com/iceglober)! - GCP now wraps the gcloud CLI instead of reimplementing Google OAuth.
8
+
9
+ Previously glrs ran its own Google OAuth (gcloud's client ID, auth-code flow, raw refresh-token grants) and emulated the GCE metadata server. Under an org that enforces reauth, raw refresh grants are rejected (`invalid_rapt`) and glrs had no reauth flow, so GCP wedged — and the emulated `GCE_METADATA_HOST` shadowed gcloud's own credentials.
10
+
11
+ glrs now delegates GCP auth to gcloud, the idiomatic local-dev path:
12
+
13
+ - `gsa login gcp` runs `gcloud auth login` + `gcloud auth application-default login` (interactive — satisfies org reauth and writes a proper ADC).
14
+ - Credentials are delivered by gcloud's **Application Default Credentials**, not the daemon. glrs no longer sets `GCE_METADATA_HOST`; apps read gcloud's ADC natively. The daemon binds no GCP endpoint.
15
+ - Contexts are projects via `gcloud projects list`; `gsa use gcp <project>` sets `GOOGLE_CLOUD_PROJECT` (and `--default` also `gcloud config set project`); `gsa exec`/agent mint a token via `gcloud ... print-access-token`.
16
+ - When gcloud needs interactive reauth, the next command surfaces "run: gsa login gcp" (via the needs-login marker) instead of leaking a raw token-endpoint error.
17
+ - **Requires the Google Cloud SDK (`gcloud`) on PATH** for GCP; the in-house OAuth/ADC writer/metadata emulation are removed. AWS is unaffected.
18
+
19
+ ## 0.12.2
20
+
21
+ ### Patch Changes
22
+
23
+ - [#290](https://github.com/iceglober/glrs/pull/290) [`3e80b03`](https://github.com/iceglober/glrs/commit/3e80b034d092843d416cc1ee7797187bb06f4892) Thanks [@iceglober](https://github.com/iceglober)! - Only export a provider's ambient env when glrs has a default for it.
24
+
25
+ shell-init exported `GCE_METADATA_HOST` (and the AWS container vars) for every registered provider unconditionally — so even with GCP logged out, every shell routed all GCP credential resolution through glrs's daemon, shadowing gcloud's own ADC. Under an org that enforces reauth, glrs can't refresh GCP at all (it does raw refresh grants with no reauth flow), so this left GCP wedged with no fallback. Now each provider's ambient vars are emitted only when `gsa` actually has a default for it; `gsa logout gcp` (which clears the default) hands GCP credential resolution back to gcloud, which does handle reauth.
26
+
3
27
  ## 0.12.1
4
28
 
5
29
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@glrs-dev/assume",
3
- "version": "0.12.1",
3
+ "version": "0.13.0",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
@@ -51,9 +51,9 @@
51
51
  "typescript": "^5"
52
52
  },
53
53
  "optionalDependencies": {
54
- "@glrs-dev/assume-darwin-arm64": "0.12.1",
55
- "@glrs-dev/assume-darwin-x64": "0.12.1",
56
- "@glrs-dev/assume-linux-x64": "0.12.1",
57
- "@glrs-dev/assume-linux-arm64": "0.12.1"
54
+ "@glrs-dev/assume-darwin-arm64": "0.13.0",
55
+ "@glrs-dev/assume-darwin-x64": "0.13.0",
56
+ "@glrs-dev/assume-linux-x64": "0.13.0",
57
+ "@glrs-dev/assume-linux-arm64": "0.13.0"
58
58
  }
59
59
  }