britive · theborch · Jun 27, 2025 · Jun 26, 2025 · Jun 26, 2025 · Jun 26, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,29 @@
 > As of v1.4.0, release candidates will be published in an effort to get new features out faster while still allowing
 > time for full QA testing before moving the release candidate to a full release.
 
+## v2.2.1 [2025-06-26]
+
+__What's New:__
+
+* None
+
+__Enhancements:__
+
+* None
+
+__Bug Fixes:__
+
+* Fixed output error when GCP checkout falls back to `console` mode for profiles with no programmatic access.
+* Fixed missing `responseTemplates` when listing resources.
+
+__Dependencies:__
+
+* None
+
+__Other:__
+
+* None
+
 ## v2.2.0 [2025-05-08]
 
 __What's New:__

diff --git a/src/pybritive/__init__.py b/src/pybritive/__init__.py
@@ -1 +1 @@
-__version__ = '2.2.0'
+__version__ = '2.2.1'
diff --git a/src/pybritive/britive_cli.py b/src/pybritive/britive_cli.py
@@ -350,7 +350,12 @@ def list_resources(self):
             name = item['resourceName']
             if name not in found_resource_names:
                 resources.append(
-                    {'resourceId': item['resourceId'], 'resourceName': name, 'resourceLabels': item['resourceLabels']}
+                    {
+                        'resourceId': item['resourceId'],
+                        'resourceName': name,
+                        'resourceLabels': item['resourceLabels'],
+                        'responseTemplates': item['responseTemplates'],
+                    }
                 )
                 found_resource_names.append(name)
         self.print(resources, ignore_silent=True)
@@ -762,19 +767,22 @@ def _checkout(
                 # attempt to automatically checkout console access instead
                 # this is a cli only feature - not available in the sdk
                 self.print('no programmatic access available - checking out console access instead')
-                return self._checkout(
-                    app_name,
-                    blocktime,
-                    env_name,
-                    justification,
-                    maxpolltime,
-                    otp,
-                    profile_name,
-                    False,
-                    ticket_id,
-                    ticket_type,
-                    mode,
-                )
+                return {
+                    **self._checkout(
+                        app_name,
+                        blocktime,
+                        env_name,
+                        justification,
+                        maxpolltime,
+                        otp,
+                        profile_name,
+                        False,
+                        ticket_id,
+                        ticket_type,
+                        mode,
+                    ),
+                    'console-fallback': True,
+                }
             raise e
 
     @staticmethod
@@ -861,11 +869,12 @@ def _access_checkout(
             self._extend_checkout(profile, console)
             return None
 
-        credentials = None
+        self.verbose_checkout = verbose
         app_type = None
         cached_credentials_found = False
+        console_fallback = False
+        credentials = None
         k8s_processor = None
-        self.verbose_checkout = verbose
 
         # handle kube-exec since the profile is actually going to be passed in via another method
         # and perform some basic validation so we don't waste time performing a checkout when we
@@ -924,6 +933,7 @@ def _access_checkout(
             response = self._checkout(**params)
             app_type = self._get_app_type(response['appContainerId'])
             credentials = response['credentials']
+            console_fallback = response.get('console-fallback')
 
         # this handles the --force-renew flag
         # lets check to see if we should checkin this profile first and check it out again
@@ -937,12 +947,13 @@ def _access_checkout(
                 response = self._checkout(**params)
                 cached_credentials_found = False  # need to write new creds to cache
                 credentials = response['credentials']
+                console_fallback = response.get('console-fallback')
 
         if mode in self.cachable_modes and not cached_credentials_found:
             Cache(passphrase=passphrase).save_credentials(
                 profile_name=alias or profile, credentials=credentials, mode=mode
             )
-        return app_type, credentials, k8s_processor
+        return app_type, console_fallback, credentials, k8s_processor
 
     def checkout(
         self,
@@ -976,7 +987,7 @@ def checkout(
                 ticket_type=ticket_type,
             )
         else:
-            app_type, credentials, k8s_processor = self._access_checkout(
+            app_type, console_fallback, credentials, k8s_processor = self._access_checkout(
                 alias=alias,
                 blocktime=blocktime,
                 console=console,
@@ -998,7 +1009,7 @@ def checkout(
 
         self.__get_cloud_credential_printer(
             app_type,
-            console,
+            console or console_fallback,
             mode,
             alias or profile,
             self.silent,

diff --git a/src/pybritive/helpers/cloud_credential_printer.py b/src/pybritive/helpers/cloud_credential_printer.py
@@ -253,11 +253,12 @@ def __init__(self, console, mode, profile, silent, credentials, cli, gcloud_key_
     def print_json(self):
         self.cli.print(json.dumps(self.credentials, indent=2), ignore_silent=True)
         self.cli.print('', ignore_silent=True)
-        self.cli.print(
-            f"Run command: gcloud auth activate-service-account {self.credentials['client_email']} "
-            "--key-file <path-where-above-json-is-stored>",
-            ignore_silent=True,
-        )
+        if not self.console:
+            self.cli.print(
+                f'Run command: gcloud auth activate-service-account {self.credentials.get("client_email")} '
+                '--key-file <path-where-above-json-is-stored>',
+                ignore_silent=True,
+            )
 
     def print_gcloudauth(self):
         # get path to gcloud key file
@@ -271,7 +272,7 @@ def print_gcloudauth(self):
         path.write_text(json.dumps(self.credentials, indent=2), encoding='utf-8')
 
         self.cli.print(
-            f"gcloud auth activate-service-account {self.credentials['client_email']} --key-file {path!s}",
+            f'gcloud auth activate-service-account {self.credentials["client_email"]} --key-file {path!s}',
             ignore_silent=True,
         )