New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple accounts on a single host #8425
Conversation
It makes clear the steps that should be needed to "switch" which should be shared between Login (add user and switch to it), Logout (remove user and switch to another), and Switch (no modification and switch to a user)
…uthCfg.SetActiveToken
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All in all, that is massive amount of effort as I expected! Aside from a nit and a suggestion for extra usage doc for gh auth switch
with GH_TOKEN
set, I've got nothing else to really contribute.
@@ -109,7 +109,7 @@ type cfg struct { | |||
token string | |||
} | |||
|
|||
func (c cfg) Token(hostname string) (string, string) { | |||
func (c cfg) ActiveToken(hostname string) (string, string) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I take it this is intended to be more meaningful as its possible even more so now that a user has multiple accounts with tokens, which was true being logged into GHES and GHEC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, previously there could only be one Token
per hostname. Now it's intended to be meaningful because there is only one active
one at a time (the one that is used for any API operations or as provided by the credential helper).
require.Equal(t, "test-user-1", activeUser) | ||
} | ||
|
||
func TestSwitchUserErrorsImmediatelyIfTheActiveTokenComesFromEnvironment(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This behavior should be documented as I don't know if others would consider it. In the case you are using a GitHub App user access token for GH_TOKEN
, should this still error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So firstly, this shouldn't really ever be hit because the Switch
command protects against this already but I wanted to be defensive here in case it happens in future.
The switch
command here acts the same as it does for login
and logout
which have exactly the same check. The idea is that if your token for a host is coming from the environment then we should be pretty suspicious of the user trying to make changes to their authorization set up because there's a good chance they are doing something surprising e.g. expecting that after logging in they are acting as someone else but it turns out it's coming from the env var.
I could go either way on this behaviour across all the commands but since it was in the others it felt sensible to include here.
Long: heredoc.Doc(` | ||
Switch the active account for a GitHub host. | ||
|
||
This command changes the authentication configuration that will | ||
be used when running commands targeting the specified GitHub host. | ||
`), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this include a line about how switching when GH_TOKEN
is set will cause an error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want but then we should mirror it for login
and logout
…nticated token user
Since its creation, `gh` has enforced a mapping of one account per host. Functionally, this meant that when targeting a | ||
single host (e.g. github.com) each `auth login` would replace the token being used for API requests, and for git | ||
operations when `gh` was configured as a git credential manager. Removing this limitation has been a [long requested | ||
feature](https://github.com/cli/cli/issues/326), with many community members offering workarounds for a variety of use cases. | ||
A particular shoutout to @gabe565 and his long term community support for https://github.com/gabe565/gh-profile in this space. | ||
|
||
With the release of `v2.40.0`, `gh` has begun supporting multiple accounts for some use cases on github.com and | ||
in GitHub Enterprise. We recognise that there are a number of missing quality of life features, and we've opted | ||
not to address the use case of automatic account switching based on some context (e.g. `pwd`, `git remote`, etc). | ||
However, we hope many of those using these custom solutions will now find it easier to obtain and update tokens (via the standard | ||
OAuth flow rather than as a PAT), and to store them securely in the system keyring managed by `gh`. | ||
|
||
We are by no means excluding these things from ever being native to `gh` but we wanted to ship this MVP and get more | ||
feedback so that we can iterate on it with the community. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this version read? Leaving diving into the nuances in subsequent sections, I hope this can give a high-level summary that people can get the gist.
Since its creation, `gh` has enforced a mapping of one account per host. Functionally, this meant that when targeting a | |
single host (e.g. github.com) each `auth login` would replace the token being used for API requests, and for git | |
operations when `gh` was configured as a git credential manager. Removing this limitation has been a [long requested | |
feature](https://github.com/cli/cli/issues/326), with many community members offering workarounds for a variety of use cases. | |
A particular shoutout to @gabe565 and his long term community support for https://github.com/gabe565/gh-profile in this space. | |
With the release of `v2.40.0`, `gh` has begun supporting multiple accounts for some use cases on github.com and | |
in GitHub Enterprise. We recognise that there are a number of missing quality of life features, and we've opted | |
not to address the use case of automatic account switching based on some context (e.g. `pwd`, `git remote`, etc). | |
However, we hope many of those using these custom solutions will now find it easier to obtain and update tokens (via the standard | |
OAuth flow rather than as a PAT), and to store them securely in the system keyring managed by `gh`. | |
We are by no means excluding these things from ever being native to `gh` but we wanted to ship this MVP and get more | |
feedback so that we can iterate on it with the community. | |
With the `v2.40.0` release, [multi-account support](https://github.blog/changelog/2023-11-03-multi-account-support-on-github-com/) is introduced to `gh` for GitHub.com and GitHub Enterprise and it is only the beginning! | |
Thanks to @gabe565 for his efforts to support multi-account capabilities with [`gh-profile` extension](https://github.com/gabe565/gh-profile) for this [long requested feature](https://github.com/cli/cli/issues/326)! ❤️ | |
This release focuses on several specific use cases: | |
- adding multiple accounts for GitHub.com and GitHub Enterprise with `gh auth login` | |
- switching manually between accounts for `gh` and `git` use with `gh auth switch` | |
- seeing multiple accounts with `gh auth status` | |
- logging out of accounts with `gh auth logout` | |
Future enhancements such as automatic account switching based on contexts and more are possible based upon user feedback! |
Really want to link "user feedback" to where people can click a link and leave said feedback.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, the tone of your suggested edits feels like release notes to me, and I think that it does a good job at that. However, I don't see this document as release notes but more a deep dive for the reader who wants more precision in what has actually changed.
How would you feel if we took your suggestion and used it in the release notes (and included a link to the release discussion for feedback), linking to this document?
4f19c56
to
94de529
Compare
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry) | minor | `v4.94.0` -> `v4.100.0` | | [cli/cli](https://togithub.com/cli/cli) | minor | `v2.39.2` -> `v2.40.0` | | [derailed/k9s](https://togithub.com/derailed/k9s) | minor | `v0.28.2` -> `v0.29.1` | | [kevincobain2000/gobrew](https://togithub.com/kevincobain2000/gobrew) | minor | `v1.9.9` -> `v1.10.1` | | [kubernetes-sigs/kustomize](https://togithub.com/kubernetes-sigs/kustomize) | minor | `v5.2.1` -> `v5.3.0` | | [mikefarah/yq](https://togithub.com/mikefarah/yq) | patch | `v4.40.3` -> `v4.40.4` | | [sigstore/cosign](https://togithub.com/sigstore/cosign) | patch | `v2.2.1` -> `v2.2.2` | | [simulot/immich-go](https://togithub.com/simulot/immich-go) | minor | `0.8.9` -> `0.9.0` | | [twpayne/chezmoi](https://togithub.com/twpayne/chezmoi) | patch | `v2.42.1` -> `v2.42.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.100.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.100.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.99.1...v4.100.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.100.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.100.0) | aquaproj/aqua-registry@v4.99.1...v4.100.0 ##### 🎉 New Packages [#​18031](https://togithub.com/aquaproj/aqua-registry/issues/18031) [traviswt/gke-auth-plugin](https://togithub.com/traviswt/gke-auth-plugin): A GKE standalone auth plugin, with no dependencies on gcloud cli and python [@​ponkio-o](https://togithub.com/ponkio-o) ### [`v4.99.1`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.99.1) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.99.0...v4.99.1) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.99.1) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.99.1) | aquaproj/aqua-registry@v4.99.0...v4.99.1 #### Fixes [#​18025](https://togithub.com/aquaproj/aqua-registry/issues/18025) open-policy-agent/opa: Use static binaries and fix old versions ### [`v4.99.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.99.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.98.0...v4.99.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.99.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.99.0) | aquaproj/aqua-registry@v4.98.0...v4.99.0 #### 🎉 New Packages [#​18001](https://togithub.com/aquaproj/aqua-registry/issues/18001) [dmtrKovalenko/blendr](https://togithub.com/dmtrKovalenko/blendr): The hacker's BLE (bluetooth low energy) browser terminal app [@​CrystalMethod](https://togithub.com/CrystalMethod) [#​17993](https://togithub.com/aquaproj/aqua-registry/issues/17993) [funbiscuit/spacedisplay-rs](https://togithub.com/funbiscuit/spacedisplay-rs): Fast and lightweight tool to scan your disk space [@​CrystalMethod](https://togithub.com/CrystalMethod) [#​17991](https://togithub.com/aquaproj/aqua-registry/issues/17991) [lxc/incus](https://togithub.com/lxc/incus): Powerful system container and virtual machine manager [@​CrystalMethod](https://togithub.com/CrystalMethod) ### [`v4.98.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.98.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.97.0...v4.98.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.98.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.98.0) | aquaproj/aqua-registry@v4.97.0...v4.98.0 #### 🎉 New Packages [#​17966](https://togithub.com/aquaproj/aqua-registry/issues/17966) [awslabs/eks-node-viewer](https://togithub.com/awslabs/eks-node-viewer): EKS Node Viewer [@​ponkio-o](https://togithub.com/ponkio-o) ### [`v4.97.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.97.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.96.0...v4.97.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.97.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.97.0) | aquaproj/aqua-registry@v4.96.0...v4.97.0 #### 🎉 New Packages [#​17929](https://togithub.com/aquaproj/aqua-registry/issues/17929) [LucasPickering/slumber](https://togithub.com/LucasPickering/slumber): Terminal-based REST client [@​CrystalMethod](https://togithub.com/CrystalMethod) [#​17932](https://togithub.com/aquaproj/aqua-registry/issues/17932) [firecow/gitlab-ci-local](https://togithub.com/firecow/gitlab-ci-local): Tired of pushing to test your .gitlab-ci.yml [@​tmeijn](https://togithub.com/tmeijn) [#​17930](https://togithub.com/aquaproj/aqua-registry/issues/17930) [sarub0b0/kubetui](https://togithub.com/sarub0b0/kubetui): An intuitive Terminal User Interface (TUI) tool for real-time monitoring and exploration of Kubernetes resources [@​CrystalMethod](https://togithub.com/CrystalMethod) #### 🎉 New Contributors Thank you for your contribution! [@​tmeijn](https://togithub.com/tmeijn) [#​17932](https://togithub.com/aquaproj/aqua-registry/issues/17932) ### [`v4.96.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.96.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.95.0...v4.96.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.96.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.96.0) | aquaproj/aqua-registry@v4.95.0...v4.96.0 #### 🎉 New Packages [#​17904](https://togithub.com/aquaproj/aqua-registry/issues/17904) [alpkeskin/mosint](https://togithub.com/alpkeskin/mosint): An automated e-mail OSINT tool [#​17903](https://togithub.com/aquaproj/aqua-registry/issues/17903) [go-gost/gost](https://togithub.com/go-gost/gost): GO Simple Tunnel - a simple tunnel written in golang [#​17896](https://togithub.com/aquaproj/aqua-registry/issues/17896) [masutaka/github-nippou](https://togithub.com/masutaka/github-nippou): Print today's your GitHub activity for issues and pull requests [@​ponkio-o](https://togithub.com/ponkio-o) #### Others [#​17898](https://togithub.com/aquaproj/aqua-registry/issues/17898) chore: fix the symbolic link to aqua-proxy when connecting to the container ### [`v4.95.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.95.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.94.0...v4.95.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.95.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.95.0) | aquaproj/aqua-registry@v4.94.0...v4.95.0 #### 🎉 New Packages [#​17859](https://togithub.com/aquaproj/aqua-registry/issues/17859) [dustinblackman/oatmeal](https://togithub.com/dustinblackman/oatmeal): Terminal UI to chat with large language models (LLM) using different model backends, and integrations with your favourite editors [@​CrystalMethod](https://togithub.com/CrystalMethod) [#​17888](https://togithub.com/aquaproj/aqua-registry/issues/17888) [tkuchiki/slp](https://togithub.com/tkuchiki/slp): SlowLog Profiler for MySQL and PostgreSQL #### Fixes [#​17816](https://togithub.com/aquaproj/aqua-registry/issues/17816) [#​17833](https://togithub.com/aquaproj/aqua-registry/issues/17833) cocogitto/cocogitto: Follow up changes of cocogitto 6.0.0 and 6.0.1 </details> <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.40.0`](https://togithub.com/cli/cli/releases/tag/v2.40.0): GitHub CLI 2.40.0 [Compare Source](https://togithub.com/cli/cli/compare/v2.39.2...v2.40.0) ##### Multiple Account Support With the `v2.40.0` release, [multi-account support](https://github.blog/changelog/2023-11-03-multi-account-support-on-github-com/) is introduced to `gh` for GitHub.com and GitHub Enterprise and it is only the beginning! Thanks to [@​gabe565](https://togithub.com/gabe565) for his efforts to support multi-account capabilities with [`gh-profile` extension](https://togithub.com/gabe565/gh-profile) for this [long requested feature](https://togithub.com/cli/cli/issues/326)! ❤️ This release focuses on several specific use cases: - adding multiple accounts for GitHub.com and GitHub Enterprise with `gh auth login` - switching manually between accounts for `gh` and `git` use with `gh auth switch` - seeing multiple accounts with `gh auth status` - logging out of accounts with `gh auth logout` Future enhancements such as automatic account switching based on context and more git automatic git configuration will be planned based on community feedback. For **much more detail** about the specific of multiple account support in this release as well as a discussion of the sharp edges, please see this [doc](https://togithub.com/cli/cli/blob/54d56cab3a0882b43ac794df59924dc3f93bb75c/docs/multiple-accounts.md). Please provide feedback in our [release discussion](https://togithub.com/cli/cli/discussions/8429). #### What's changed - Better codespaces error handling when the display name flag exceeds 48 characters by [@​mateusmarquezini](https://togithub.com/mateusmarquezini) in [cli/cli#8361 - Better error handling in `auth status` when there are connection issues by [@​tal66](https://togithub.com/tal66) in [cli/cli#8337 - Filtering `run list` results by commit sha by [@​nelsonchen304](https://togithub.com/nelsonchen304) in [cli/cli#8350 - More informative `pr merge` output when running interactively by [@​ffalor](https://togithub.com/ffalor) in [cli/cli#8381 - Unification of doc mark-ups by [@​muzimuzhi](https://togithub.com/muzimuzhi) in [cli/cli#8342 - Addition of progress indicator when installing an extension by [@​steiza](https://togithub.com/steiza) in [cli/cli#8411 - Support for multiple accounts on a single host by [@​williammartin](https://togithub.com/williammartin) in [cli/cli#8425 #### Other technical changes - Enhance discussion triage workflow by [@​andyfeller](https://togithub.com/andyfeller) in [cli/cli#8394 - Simplify triage workflow given GitHub Actions limitations on OSS pull requests by [@​andyfeller](https://togithub.com/andyfeller) in [cli/cli#8412 - andyfeller/triage the final enhancements by [@​andyfeller](https://togithub.com/andyfeller) in [cli/cli#8420 - Simplify git AddRemote to remove unused arg by [@​samcoe](https://togithub.com/samcoe) in [cli/cli#8392 #### New Contributors - [@​mateusmarquezini](https://togithub.com/mateusmarquezini) made their first contribution in [cli/cli#8361 - [@​tal66](https://togithub.com/tal66) made their first contribution in [cli/cli#8337 - [@​nelsonchen304](https://togithub.com/nelsonchen304) made their first contribution in [cli/cli#8350 - [@​steiza](https://togithub.com/steiza) made their first contribution in [cli/cli#8411 **Full Changelog**: cli/cli@v2.39.2...v2.40.0 <hr /><em>This discussion was created from the release <a href='https://github.com/cli/cli/releases/tag/v2.40.0'>GitHub CLI 2.40.0</a>.</em> </details> <details> <summary>derailed/k9s (derailed/k9s)</summary> ### [`v0.29.1`](https://togithub.com/derailed/k9s/releases/tag/v0.29.1) [Compare Source](https://togithub.com/derailed/k9s/compare/v0.29.0...v0.29.1) <img src="https://raw.githubusercontent.com/derailed/k9s/master/assets/k9s.png" align="center" width="800" height="auto"/> ### Release v0.29.1 #### Notes Thank you to all that contributed with flushing out issues and enhancements for K9s! I'll try to mark some of these issues as fixed. But if you don't mind grab the latest rev and see if we're happier with some of the fixes! If you've filed an issue please help me verify and close. Your support, kindness and awesome suggestions to make K9s better are, as ever, very much noted and appreciated! Also big thanks to all that have allocated their own time to help others on both slack and on this repo!! As you may know, K9s is not pimped out by corps with deep pockets, thus if you feel K9s is helping your Kubernetes journey, please consider joining our [sponsorship program](https://togithub.com/sponsors/derailed) and/or make some noise on social! [@​kitesurfer](https://twitter.com/kitesurfer) On Slack? Please join us [K9slackers](https://join.slack.com/t/k9sers/shared_invite/enQtOTA5MDEyNzI5MTU0LWQ1ZGI3MzliYzZhZWEyNzYxYzA3NjE0YTk1YmFmNzViZjIyNzhkZGI0MmJjYzhlNjdlMGJhYzE2ZGU1NjkyNTM) *** #### Maintenance Release *** #### Resolved Issues - [#​2330](https://togithub.com/derailed/k9s/issues/2330) Skins don't work v0.29.0 - [#​2329](https://togithub.com/derailed/k9s/issues/2329) New skin system in v0.29.0 doesn't work if you use different k8s context files - [#​2327](https://togithub.com/derailed/k9s/issues/2327) \[Bug] Item highlighting broke in v0.29.0 *** <img src="https://raw.githubusercontent.com/derailed/k9s/master/assets/imhotep_logo.png" width="32" height="auto"/> © 2023 Imhotep Software LLC. All materials licensed under [Apache v2.0](http://www.apache.org/licenses/LICENSE-2.0) ### [`v0.29.0`](https://togithub.com/derailed/k9s/releases/tag/v0.29.0) [Compare Source](https://togithub.com/derailed/k9s/compare/v0.28.2...v0.29.0) <img src="https://raw.githubusercontent.com/derailed/k9s/master/assets/k9s.png" align="center" width="800" height="auto"/> ### Release v0.29.0 #### Notes Thank you to all that contributed with flushing out issues and enhancements for K9s! I'll try to mark some of these issues as fixed. But if you don't mind grab the latest rev and see if we're happier with some of the fixes! If you've filed an issue please help me verify and close. Your support, kindness and awesome suggestions to make K9s better are, as ever, very much noted and appreciated! Also big thanks to all that have allocated their own time to help others on both slack and on this repo!! As you may know, K9s is not pimped out by corps with deep pockets, thus if you feel K9s is helping your Kubernetes journey, please consider joining our [sponsorship program](https://togithub.com/sponsors/derailed) and/or make some noise on social! [@​kitesurfer](https://twitter.com/kitesurfer) On Slack? Please join us [K9slackers](https://join.slack.com/t/k9sers/shared_invite/enQtOTA5MDEyNzI5MTU0LWQ1ZGI3MzliYzZhZWEyNzYxYzA3NjE0YTk1YmFmNzViZjIyNzhkZGI0MmJjYzhlNjdlMGJhYzE2ZGU1NjkyNTM) *** #### ♫ Sounds Behind The Release ♭ - [Snowbound - Donald Fagen](https://www.youtube.com/watch?v=bj8ZdBdKsfo) - [Pilgrim - Eric Clapton](https://www.youtube.com/watch?v=8V9tSQuIzbQ) - [Lucky Number - Lene Lovich](https://www.youtube.com/watch?v=KnIJOO\_\_jVo) *** #### 🦃 Happy (Belated!) ThanksGiving To All! 🦃 Hope you and yours had a wonderful holiday!! Hopefully this drop won't be a cold turkey 😳 I'd like to take this opportunity to honor two very special folks: - [Alexandru Placinta](https://togithub.com/placintaalexandru) - [Jayson Wang](https://togithub.com/wjiec) These guys have been relentless in fishing out bugs, helping out with support and addressing issues, not to mention enduring my code! 🙀 They dedicate a lot of their time to make `k9s` better for all of us! So if you happen to run into them live/virtual, please be sure to `Thank` them and give them a huge hug! 🤗 I am thankful for all of you for being kind, patient, understanding and one of the coolest OSS community on the web!! Feeling blessed and ever so humbled to be part of it. Thank you!! *** #### A Word From Our Sponsors... To all the good folks below that opted to `pay it forward` and join our sponsorship program, I salute you!! - [Marco Stuurman](https://togithub.com/fe-ax) - [Paul Sweeney](https://togithub.com/Kolossi) - [Cayla Fauver](https://togithub.com/cayla) - [alemanek](https://togithub.com/alemanek) - [Danske Commodities A/S](https://togithub.com/DanskeCommodities) > Sponsorship cancellations since the last release: **8** ;( *** #### 🎉 Feature Release 🎈👯 *** ##### Breaking Bad! WARNING! There are breaking change on this drop! 1. NodeShell configuration has moved up in the k9s config file from the context section to the top level config. More than likely, one uses the same nodeShell image with all the fixins to introspect nodes no matter the cluster. This update DRY's up k9s config and still allows one to opt in/out of nodeShell via the context specific feature gate. Please see README for the details. > NOTE: If you haven't customize the shellPod images on your contexts, the app will move the nodeShell config section to > it's new location and update your clusters information accordingly. > If not, you will need to edit the nodeShell section and manage it from a single location! 2. Log view used to default to the last 5mins aka `sinceSeconds: 300`. Changed the default to tail logs instead aka `sinceSeconds: -1` 3. Skins loading changed! In this release, we do away with the context specific skin files. You can now directly specify the skin to use for a given cluster directly in the k9s config file under the cluster configuration. K9s now expects a skins directory in the k9s config home with your skin files. You can use your custom skins and copy them to the `skins` directory or use the contributes skins found on this repo root. Specify the name of the skin in the config file and now your cluster will load the specified skin. For example: create a `skins` dir your k9s config home and add one_dark.yml skin file from this repo. Then edit your k9s config file as follows: ```yaml k9s: ... clusters: fred: ### Override the default skin and use this skin for this cluster. skin: one_dark # -> Look for a skin file in ~/.config/k9s/skins/one_dark.yml namespace: ... view: active: pod featureGates: nodeShell: false portForwardAddress: localhost ``` The `fred` cluster will now load with the specified skin name. Rinse and repeat for other clusters of your liking. In the case where neither the skin dir or skin file are present, k9s will still honor the global skin aka `skin.yml` in your k9s config home directory to skin all your clusters. *** ##### Walk Of SHelm... Added a `Releases` view to Helm! This provides the ability for Helm users to manage their releases directly from k9s. You can now press `enter` on a selected Helm install and view all associated releases. While in the releases view, you can also rollback an install to a previous revision. *** ##### Spock! Are You Out Of Your VulScan Mind? Tired of having malignent folks shoot holes in your prod clusters or failing compliance testing? Added ability to run image vulnerability scans directly from k9s. You can now monitor your security stance in dev/staging/... clusters prior to proclaiming `It's Open Season...` in prod! As it stands Pod, Deployment, StatefulSet, DaemonSet, CronJob, Job views will feature a new column for Vulnerability Scan aka `VS`. > NOTE! This feature is gated so you'll need to manually opt in/out by modifying your k9s config file like so: ```yaml k9s: liveViewAutoRefresh: false enableImageScan: true # <- Yes Please!! headless: false ... ``` Once enabled, a new column `VS` (aka Vulnerability Score) should be present on the aforementioned views where you will see your vulnerability scores (*Still work in progress!!*). The `VS` column displays a bit vector aka Sev-1|Sev-2|Sev-3|Sev-4|Sev-5|Sev-Unknown. When the bit is high it indicate the presence of the severity in the scans. Higher order bits = Higher severity For instance, the following vector `110001` indicates the presence of both critical (Sev-1) and high (Sev-2) and an unclassified severity (aka Sev-Unknown) issues in the scan. Sev-U indicates no classification currently exist in our vulnerability database. The image scans are run async, rendering the views eventually consistent, hence you may have to give the scores a few cycles for the dust to settle... Once the caches are primed, subsequent loads should be faster 🤞 You can sort the views by vulnerability score using `ShiftV`. Additionally, you can view the full scans report by pressing `v` on a selected resource. I've synced my entire Thanksgiving holiday break on this ding dang deal, so hopefully it works for most of you?? Also if you dig this new feature, please make some noise! 😍 💘 This is an experimental feature and likely will require additional TLC 💘 > NOTE! The lib we use to scan for vulnerabilities only supports macOS and Linux!! > NOTE: I have yet to test this feature on larger clusters, so likely this may break?? > Please take these reports with a grain of salt as likely your mileage will vary and help us > validate the accuracy of the report ie if we cry `Wolf`, is it actually there? The paint is still fresh on this deal!! ##### Do You Tube? My plan is to begin (again!) putting out short k9s episodes with how-tos, tips, tricks and features previews. Please dial [K9s Channel](https://www.youtube.com/channel/UC897uwPygni4QIjkPCpgjmw) for up coming content... The first drop should be up by the time you read this! - [Vulnerability Scans](https://youtu.be/ULkl0MsaidU) *** #### Resolved Issues - [#​2308](https://togithub.com/derailed/k9s/issues/2308) Unable to list CRs for crd with only list and get verb without watch verb - [#​2301](https://togithub.com/derailed/k9s/issues/2301) Add imagePullPolicy and imagePullSecrets on shell_pod for internal registry uses - [#​2298](https://togithub.com/derailed/k9s/issues/2298) Weird color after plugin usage - [#​2297](https://togithub.com/derailed/k9s/issues/2297) Select nodes with space does not work anymore - [#​2290](https://togithub.com/derailed/k9s/issues/2290) Provide release assets for freebsd amd64/arm64 - [#​2283](https://togithub.com/derailed/k9s/issues/2283) Adding auto complete in search bar - [#​2219](https://togithub.com/derailed/k9s/issues/2219) Add tty: true to the node shell pod manifest - [#​2167](https://togithub.com/derailed/k9s/issues/2167) Show wrong Configmap data - [#​2166](https://togithub.com/derailed/k9s/issues/2166) Taint count for the nodes view - [#​2165](https://togithub.com/derailed/k9s/issues/2165) Restart counter for init containers - [#​2162](https://togithub.com/derailed/k9s/issues/2162) Make edit work when describing a resource - [#​2154](https://togithub.com/derailed/k9s/issues/2154) Help and h command does not work if typed into cmdbuff - [#​2036](https://togithub.com/derailed/k9s/issues/2036) Crashed while do filtering - [#​2009](https://togithub.com/derailed/k9s/issues/2009) Ctrl-s: Name of file (Describe-....) - [#​1513](https://togithub.com/derailed/k9s/issues/1513) Problem regarding showing the logs - it hangs/slow on pods which are running for long time NOTE: Better but not cured! Perf improvements while viewing large cm (7k lines) from 26s->9s - [#​568](https://togithub.com/derailed/k9s/issues/568) Allow both .yaml and .yml yaml config files *** #### Contributed PRs Please be sure to give `Big Thanks!` and `ATTA Girls/Boys!` to all the fine contributors for making K9s better for all of us!! - [#​2322](https://togithub.com/derailed/k9s/pull/2322) Check if the service provides selectors - [#​2319](https://togithub.com/derailed/k9s/pull/2319) Proper handling of help commands (fixes [#​2154](https://togithub.com/derailed/k9s/issues/2154)) - [#​2315](https://togithub.com/derailed/k9s/pull/2315) Fix namespace suggestion error on context switch - [#​2313](https://togithub.com/derailed/k9s/pull/2313) Should not clear screen when executing plugin command - [#​2310](https://togithub.com/derailed/k9s/pull/2310) chore: Mot recommended to use k8s.io/kubernetes as a dependency - [#​2303](https://togithub.com/derailed/k9s/pull/2303) Clean up items - [#​2301](https://togithub.com/derailed/k9s/pull/2301) feat: Add imagePullSecrets and imagePullPolicy configuration for shellpod - [#​2289](https://togithub.com/derailed/k9s/pull/2289) Clean up issues introduced in [#​2125](https://togithub.com/derailed/k9s/issues/2125) - [#​2288](https://togithub.com/derailed/k9s/pull/2288) Fix merge issues from PR [#​2168](https://togithub.com/derailed/k9s/issues/2168) - [#​2284](https://togithub.com/derailed/k9s/issues/2284) Allow both .yaml and .yml yaml config files *** <img src="https://raw.githubusercontent.com/derailed/k9s/master/assets/imhotep_logo.png" width="32" height="auto"/> © 2023 Imhotep Software LLC. All materials licensed under [Apache v2.0](http://www.apache.org/licenses/LICENSE-2.0) </details> <details> <summary>kevincobain2000/gobrew (kevincobain2000/gobrew)</summary> ### [`v1.10.1`](https://togithub.com/kevincobain2000/gobrew/releases/tag/v1.10.1) [Compare Source](https://togithub.com/kevincobain2000/gobrew/compare/v1.10.0...v1.10.1) #### Changelog - [`0b38c28`](https://togithub.com/kevincobain2000/gobrew/commit/0b38c28) a few updates on README to make it readable - [`00f366c`](https://togithub.com/kevincobain2000/gobrew/commit/00f366c) feat: add workflow_dispatch to coverit workflow - [`1c24883`](https://togithub.com/kevincobain2000/gobrew/commit/1c24883) feat: cross build setup for main package - [`bcfeeb6`](https://togithub.com/kevincobain2000/gobrew/commit/bcfeeb6) feat: do not use -race in tests - [`6959ccb`](https://togithub.com/kevincobain2000/gobrew/commit/6959ccb) feat: parallel tests again - [`6c537f1`](https://togithub.com/kevincobain2000/gobrew/commit/6c537f1) feat: some refactoring - [`6f03dc7`](https://togithub.com/kevincobain2000/gobrew/commit/6f03dc7) feat: use t.Setenv for setting vars in tests - [`94d3740`](https://togithub.com/kevincobain2000/gobrew/commit/94d3740) fix: build workflows for package - [`f2a040f`](https://togithub.com/kevincobain2000/gobrew/commit/f2a040f) fix: do not use global variable - [`492c5c7`](https://togithub.com/kevincobain2000/gobrew/commit/492c5c7) fix: do not use parallel in test with os env - [`2ec9e92`](https://togithub.com/kevincobain2000/gobrew/commit/2ec9e92) fix: fake commit - [`02a8644`](https://togithub.com/kevincobain2000/gobrew/commit/02a8644) fix: go build command line - [`685b874`](https://togithub.com/kevincobain2000/gobrew/commit/685b874) fix: remove go prefix in getGolangVersions - [`b278466`](https://togithub.com/kevincobain2000/gobrew/commit/b278466) fix: simplify ask to false in test - [`6d5dbb1`](https://togithub.com/kevincobain2000/gobrew/commit/6d5dbb1) fix: use None result in tests - [`2a83bea`](https://togithub.com/kevincobain2000/gobrew/commit/2a83bea) should see yml and not yaml ### [`v1.10.0`](https://togithub.com/kevincobain2000/gobrew/releases/tag/v1.10.0) [Compare Source](https://togithub.com/kevincobain2000/gobrew/compare/v1.9.9...v1.10.0) #### Changelog - [`e57436f`](https://togithub.com/kevincobain2000/gobrew/commit/e57436f) CI should pass now - [`cf33539`](https://togithub.com/kevincobain2000/gobrew/commit/cf33539) feat: do not use slices package for currentVersion - [`15ddb99`](https://togithub.com/kevincobain2000/gobrew/commit/15ddb99) feat: exclude Merge pull request from changelog - [`f8d305e`](https://togithub.com/kevincobain2000/gobrew/commit/f8d305e) feat: improve gb.CurrentVersion() - [`350ecf1`](https://togithub.com/kevincobain2000/gobrew/commit/350ecf1) feat: os specific functions and vars - [`faba08b`](https://togithub.com/kevincobain2000/gobrew/commit/faba08b) feat: rename github workflows - [`3ef853a`](https://togithub.com/kevincobain2000/gobrew/commit/3ef853a) feat: tests in parallel - [`01a10fa`](https://togithub.com/kevincobain2000/gobrew/commit/01a10fa) feat: use bash shell for github actions - [`814b7e7`](https://togithub.com/kevincobain2000/gobrew/commit/814b7e7) feat: use filepath for process version - [`e686093`](https://togithub.com/kevincobain2000/gobrew/commit/e686093) fix: do not run tests in Parallel - [`4a397d3`](https://togithub.com/kevincobain2000/gobrew/commit/4a397d3) fix: issue with no tests were run </details> <details> <summary>kubernetes-sigs/kustomize (kubernetes-sigs/kustomize)</summary> ### [`v5.3.0`](https://togithub.com/kubernetes-sigs/kustomize/releases/tag/kustomize/v5.3.0) [Compare Source](https://togithub.com/kubernetes-sigs/kustomize/compare/kustomize/v5.2.1...kustomize/v5.3.0) [#​5211](https://togithub.com/kubernetes-sigs/kustomize/issues/5211): Fix nil pointer dereferencing when converting `vars` to ` replacements ` [#​5270](https://togithub.com/kubernetes-sigs/kustomize/issues/5270): helm: add support for kube-version and add cli args for both kube-version and api-versions [#​5391](https://togithub.com/kubernetes-sigs/kustomize/issues/5391): feat: edit set configmap [#​5402](https://togithub.com/kubernetes-sigs/kustomize/issues/5402): release cleanup, unpin the modules [#​5409](https://togithub.com/kubernetes-sigs/kustomize/issues/5409): refactor: move reusable bits in preparation for new 'edit set' commands [#​5412](https://togithub.com/kubernetes-sigs/kustomize/issues/5412): Use upstream go-yaml fork and remove our internal one [#​5421](https://togithub.com/kubernetes-sigs/kustomize/issues/5421): Replace gopkg.in/yaml.v2 with sigs.k8s.io/yaml/goyaml.v2 [#​5424](https://togithub.com/kubernetes-sigs/kustomize/issues/5424): Run go work sync [#​5430](https://togithub.com/kubernetes-sigs/kustomize/issues/5430): fix: handle empty namespace as default [#​5454](https://togithub.com/kubernetes-sigs/kustomize/issues/5454): fix: support namespace flag on edit remove secret/configmap [#​5455](https://togithub.com/kubernetes-sigs/kustomize/issues/5455): fix: flaky ConfigMap/Secret args tests [#​5456](https://togithub.com/kubernetes-sigs/kustomize/issues/5456): chore: rename files to match package pattern [#​5475](https://togithub.com/kubernetes-sigs/kustomize/issues/5475): Update kyaml to v0.16.0 [#​5476](https://togithub.com/kubernetes-sigs/kustomize/issues/5476): Update cmd/config to v0.13.0 [#​5477](https://togithub.com/kubernetes-sigs/kustomize/issues/5477): Update api to v0.16.0 </details> <details> <summary>mikefarah/yq (mikefarah/yq)</summary> ### [`v4.40.4`](https://togithub.com/mikefarah/yq/releases/tag/v4.40.4): - Fixed bug with creating maps with values based off keys [Compare Source](https://togithub.com/mikefarah/yq/compare/v4.40.3...v4.40.4) - Fixed bug with creating maps with values based off keys [#​1886](https://togithub.com/mikefarah/yq/issues/1886), [#​1889](https://togithub.com/mikefarah/yq/issues/1889) - Bumped dependencies </details> <details> <summary>sigstore/cosign (sigstore/cosign)</summary> ### [`v2.2.2`](https://togithub.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v222) [Compare Source](https://togithub.com/sigstore/cosign/compare/v2.2.1...v2.2.2) v2.2.2 adds a new container with a shell, `gcr.io/projectsigstore/cosign:vx.y.z-dev`, in addition to the existing container `gcr.io/projectsigstore/cosign:vx.y.z` without a shell. For private deployments, we have also added an alias for `--insecure-skip-log`, `--private-infrastructure`. #### Bug Fixes - chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 ([#​3411](https://togithub.com/sigstore/cosign/issues/3411)) which fixes a bug with using Azure KMS - Don't require CT log keys if using a key/sk ([#​3415](https://togithub.com/sigstore/cosign/issues/3415)) - Fix copy without any flag set ([#​3409](https://togithub.com/sigstore/cosign/issues/3409)) - Update cosign generate cmd to not include newline ([#​3393](https://togithub.com/sigstore/cosign/issues/3393)) - Fix idempotency error with signing ([#​3371](https://togithub.com/sigstore/cosign/issues/3371)) #### Features - Add `--yes` flag `cosign import-key-pair` to skip the overwrite confirmation. ([#​3383](https://togithub.com/sigstore/cosign/issues/3383)) - Use the timeout flag value in verify\* commands. ([#​3391](https://togithub.com/sigstore/cosign/issues/3391)) - add --private-infrastructure flag ([#​3369](https://togithub.com/sigstore/cosign/issues/3369)) #### Container Updates - Bump builder image to use go1.21.4 and add new cosign image tags with shell ([#​3373](https://togithub.com/sigstore/cosign/issues/3373)) #### Documentation - Update SBOM_SPEC.md ([#​3358](https://togithub.com/sigstore/cosign/issues/3358)) #### Contributors - Carlos Tadeu Panato Junior - Dylan Richardson - Hayden B - Lily Sturmann - Nikos Fotiou - Yonghe Zhao </details> <details> <summary>simulot/immich-go (simulot/immich-go)</summary> ### [`v0.9.0`](https://togithub.com/simulot/immich-go/releases/tag/0.9.0) [Compare Source](https://togithub.com/simulot/immich-go/compare/0.8.9...0.9.0) #### Changelog - [`7a445eb`](https://togithub.com/simulot/immich-go/commit/7a445eb) chore: immich API changes - [`fbb5635`](https://togithub.com/simulot/immich-go/commit/fbb5635) chore: update module paths - [`1e03019`](https://togithub.com/simulot/immich-go/commit/1e03019) doc: installation procedure rewording in readme.md - [`fab5422`](https://togithub.com/simulot/immich-go/commit/fab5422) feat: Add a flag to enable only stacking of RAW+JPG and NOT bursts [#​83](https://togithub.com/simulot/immich-go/issues/83) - [`dff58a0`](https://togithub.com/simulot/immich-go/commit/dff58a0) feat: transfer google-photo favorite to immich - [`c6c24cb`](https://togithub.com/simulot/immich-go/commit/c6c24cb) fix: stack: for Pixel 5 and Pixel 8 Pro naming schemes [#​94](https://togithub.com/simulot/immich-go/issues/94) - [`cd5edd3`](https://togithub.com/simulot/immich-go/commit/cd5edd3) fix: Live photos files are stacked and not recognized as live photos [#​67](https://togithub.com/simulot/immich-go/issues/67) - [`b5fcf7d`](https://togithub.com/simulot/immich-go/commit/b5fcf7d) fix: jpg must be the cover of jpg+raw stack - [`14f433f`](https://togithub.com/simulot/immich-go/commit/14f433f) wip: stacking name schemes </details> <details> <summary>twpayne/chezmoi (twpayne/chezmoi)</summary> ### [`v2.42.2`](https://togithub.com/twpayne/chezmoi/releases/tag/v2.42.2) [Compare Source](https://togithub.com/twpayne/chezmoi/compare/v2.42.1...v2.42.2) #### Changelog ##### Features - [`a9d389e`](https://togithub.com/twpayne/chezmoi/commit/a9d389e86) feat: Add CHEZMOI_COMMAND_DIR env var for hooks ##### Fixes - [`649c758`](https://togithub.com/twpayne/chezmoi/commit/649c75840) fix: Fix fromJson template function deserializing non-objects - [`c68ddac`](https://togithub.com/twpayne/chezmoi/commit/c68ddac75) fix: Handle extra slashes in path arguments </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 4pm on thursday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/scottames/dots). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Description
This PR is best understood by reading https://github.com/cli/cli/blob/c243f31a6ca2571b9e536c9d6cdd308ded51f4f5/docs/multiple-accounts.md
The summary is that we are adding support for authenticating against multiple accounts on a single host.
This work has been paired on by @samcoe and myself, with some asynchronous review.