britive
diff --git a/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎docs/index.md‎
Lines changed: 83 additions & 1 deletion b/‎docs/index.md‎
Lines changed: 83 additions & 1 deletion
diff --git a/‎requirements.txt‎
Lines changed: 7 additions & 6 deletions b/‎requirements.txt‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎setup.cfg‎
Lines changed: 4 additions & 4 deletions b/‎setup.cfg‎
Lines changed: 4 additions & 4 deletions
@@ -3,6 +3,26 @@
 * All changes to the package starting with v0.3.1 will be logged here.
 * As of v1.4.0 release candidates will be published in an effort to get new features out faster while still allowing time for full QA testing before moving the release candidate to a full release.
 
+
+## v1.4.0rc4 [2023-06-22]
+#### What's New
+* `pybritive ssh gcp identity-aware-proxy` command - supports OS Login and SSH Instance Metadata
+
+#### Enhancements
+* Support for `sso_idp` in the tenant configuration block of the config file. Set with `configure update tenant-<name> sso_idp <value>`. This will enable automatic re-direction to your identity provider, thus eliminating a manual step when authenticating to your tenant.
+
+#### Bug Fixes
+* Properly catch and error when Cognito tokens have been invalidated.
+
+#### Dependencies
+* Fix dependabot alert for `requests` - https://github.com/britive/python-cli/security/dependabot/4
+* Fix dependabot alert for `cryptography` - https://github.com/britive/python-cli/security/dependabot/5
+* `britive>=2.20.0`
+
+#### Other
+* None
+
+
 ## v1.4.0rc3 [2023-05-16]
 #### What's New
 * None
 
@@ -264,7 +264,11 @@ The `ssh` command facilitates using the native SSH protocol to connect to privat
 
 The goal is to allow all functionality offered by the SSH protocol like local port forwarding to access private resources and `scp` to copy files to the remote host.
 
-At launch only AWS EC2 is supported. The requirements for using SSH with EC2 instances are provided below.
+AWS and GCP are supported.
+
+### AWS 
+
+The requirements for using SSH with EC2 instances are provided below.
 
 * EC2 instance must have the Systems Manager agent installed and operational.
 * EC2 instance must have the EC2 Instance Connect agent installed and operational (if using `--push-public-key`).
@@ -320,6 +324,84 @@ If `aws-region` is omitted then credentials for Session Manager and EC2 Instance
 
 The command `ssh aws config` can be invoked to generate the above `Match` directives.
 
+### GCP
+
+The requirements for using SSH with GCP compute engine instances are provided below.
+
+* `gcloud` CLI must be installed in the environment and `gcloud auth login` already performed.
+* Instance must accept SSH key from either [OS Login](https://cloud.google.com/compute/docs/oslogin/set-up-oslogin) or [SSH Instance Metadata](https://cloud.google.com/compute/docs/connect/add-ssh-keys#metadata) (if using `--push-public-key`).
+* If using OS Login two-factor authentication cannot be enabled.
+* The caller must have appropriate permissions to use identity aware proxy (for all `--key-source`s) and push a public key via OS Login or SSH Instance Metadata (if using `--push-public-key`).
+* The caller's environment must have the `gcloud` cli installed and `gcloud auth login` already performed.
+* The caller must use OpenSSH (and the SSH config file). Other SSH implementations are not currently supported.
+
+There are 3 ways that `pybritive` can help proxy an SSH session to a private compute instance.
+
+* Using just Identity Aware Proxy (IAP) SSH forwarding to establish the network path over which the SSH protocol will operate. It is left to the caller then to handle SSH authentication using whichever mechanism has already been established.
+
+~~~bash
+Host bastion.dev
+	 HostName gcp.instance-name.project-id
+	 
+Match host gcp.*
+    User username
+    ProxyCommand eval $(pybritive ssh gcp identity-aware-proxy --hostname %h --username %r --port-number %p)
+~~~
+
+* Using IAP SSH forwarding along with pushing a randomly generated SSH key pair public key via OS Login or Instance Metadata and identifying the private key via static path in the `IdentityFile` parameter.
+
+Using OS Login...
+~~~bash
+Host bastion.dev
+	 HostName gcp.instance-name.project-id
+	 
+Match host gcp.*
+    User username
+    IdentityFile ~/.britive/ssh/%h.%r.pem
+    ProxyCommand eval $(pybritive ssh gcp identity-aware-proxy --hostname %h --username %r --port-number %p --push-pulbic-key os-login --key-source static)
+~~~
+
+Using Instance Metadata...
+~~~bash
+Host bastion.dev
+	 HostName gcp.instance-name.project-id
+	 
+Match host gcp.*
+    User username
+    IdentityFile ~/.britive/ssh/%h.%r.pem
+    ProxyCommand eval $(pybritive ssh gcp identity-aware-proxy --hostname %h --username %r --port-number %p --push-pulbic-key instance-metadata --key-source static)
+~~~
+
+* Using IAP SSH forwarding along with pushing a randomly generated SSH key pair public key via OS Login or Instance Metadata and adding the private key to the `ssh-agent` via `ssh-add` so it is available without having to specify the `IdentityFile` parameter.
+
+Using OS Login...
+~~~bash
+Host bastion.dev
+	 HostName gcp.instance-name.project-id
+	 
+Match host gcp.*
+    User username
+    ProxyCommand eval $(pybritive ssh gcp identity-aware-proxy --hostname %h --username %r --port-number %p --push-pulbic-key os-login --key-source ssh-agent)
+~~~
+
+Using Instance Metadata...
+~~~bash
+Host bastion.dev
+	 HostName gcp.instance-name.project-id
+	 
+Match host gcp.*
+    User username
+    ProxyCommand eval $(pybritive ssh gcp identity-aware-proxy --hostname %h --username %r --port-number %p --push-pulbic-key instance-metadata --key-source ssh-agent)
+~~~
+
+The `HostName` parameter must be in the appropriate format. That format is
+
+~~~
+gcp.<instance name>.<project id>
+~~~
+
+The command `ssh gcp config` can be invoked to generate the above `Match` directives.
+
 ## `aws` Command
 
 The `aws` command group will hold actions related specifically to AWS. 
 
@@ -1,21 +1,22 @@
-britive>=2.19.0
+britive>=2.20.0
 certifi>=2022.12.7
 charset-normalizer==2.1.0
 click==8.1.3
 idna==3.3
 merge-args==0.1.5
 PyYAML==6.0
-requests==2.28.1
+requests>=2.31.0
 six==1.16.0
 tabulate==0.8.10
 toml==0.10.2
 urllib3==1.26.9
-cryptography~=39.0.1
-pytest
+cryptography>=41.0.0
+pytest~=7.1.2
 mkdocs==1.3.1
 mkdocs-click==0.8.0
 twine~=4.0.1
 python-dateutil~=2.8.2
 boto3
-jmespath
-pyjwt
+jmespath~=1.0.1
+pyjwt~=2.6.0
+google-cloud-compute
@@ -1,6 +1,6 @@
 [metadata]
 name = pybritive
-version = 1.4.0rc3
+version = 1.4.0rc4
 author = Britive Inc.
 author_email = support@britive.com
 description = A pure Python CLI for Britive
@@ -19,14 +19,14 @@ packages = find:
 python_requires = >=3.7
 install_requires =
     click
-    requests
+    requests>=2.31.0
     PyYAML
     merge_args
     tabulate
     toml
-    cryptography~=39.0.1
+    cryptography>=41.0.0
     python-dateutil
-    britive>=2.19.0
+    britive>=2.20.0
     jmespath
     pyjwt