Skip to content

Instantly share code, notes, and snippets.

View jay0lee's full-sized avatar

Jay Lee jay0lee

371 followers · 3 following
View GitHub Profile
@jay0lee
jay0lee / app.yaml
Last active January 1, 2025 14:44
A simple OIDC IDP AppEngine app. Tested to work with Google Cloud Identity and Workforce Identity Federation. It is NOT fully compliant with OIDC standards. It IS NOT SECURE (you only need the magic word to log in as any user and make any claim) and may not properly guard token values. This is intended for testing/debugging purposes only.
runtime: python312
handlers:
- url: /.*
secure: always
script: auto
@jay0lee
jay0lee / yk-mtls-setup.sh
Last active August 21, 2024 21:13
Resets and fully configures the PIV app of a Yubikey for mTLS connections
#!/usr/bin/env bash
###
### Shell script to reset Yubikey PIV app and then fully generate and setup a
### non-exportable private key on the Yubikey that's ready to make mTLS
### requests.
###
### Running on Ubuntu, the following packages are needed:
###
### sudo apt update; sudo apt install opensc yubikey-manager gnutls-bin libengine-pkcs11-openssl
@jay0lee
jay0lee / three_legged.py
Last active September 26, 2024 11:59
Google 3-legged OAuth with optional mTLS support
#!/usr/bin/env python3
'''
Perform 3-legged OAuth with optional mTLS and Google Workspace API calls
'''
import argparse
import http.client
import json
import os
@jay0lee
jay0lee / detect_sa_key_type.py
Last active June 12, 2024 16:02
'''
Simple script to determine current service account private keys and
try to guess if they are user-managed (downloaded or created outside Google)
or google-managed (maintained by Google, private to Google).
Usage:
python3 detect_sa_key_type.py <service account email or Client ID>
Sample output:
'''
@jay0lee
jay0lee / delete_old_workstation_disks.py
Last active April 25, 2024 14:16
Delete old, unused Google Cloud Workstation Disks
#!/usr/bin/env python3
'''
Delete old Cloud Workstation Disks
WARNING: This script will delete disks and all data on them. It should be
considered "proof of concept" quality and should be customized to fit your
environmental needs, checked for logic errors and monitored. I am not
responsible for data loss by using this script.
@jay0lee
jay0lee / 3-legged-oauth.sh
Last active August 19, 2024 19:13
#!/usr/bin/env bash
###
### Shell script to get an access token for a user
### using Google 3-legged OAuth.
###
### Example to show your quota usage:
###
### # first run is to authorize.
### bash --credentials-file drive-quota.json \
@jay0lee
jay0lee / app.yaml
Last active May 8, 2023 19:49
BCE PoC - One Active User Device
runtime: python311
handlers:
- url: /
secure: always
script: auto
redirect_http_response_code: 301
- url: /debug
secure: always
@jay0lee
jay0lee / create-user.py
Created December 14, 2022 20:00
PoC script to create a new Workspace user using a GCP service account
#!/usr/bin/env python3
### This script requires a service account private key JSON credentials file.
### The service account should be granted an admin role in your domain that
### authorizes it to create users. See:
###
### https://support.google.com/a/answer/9807615?hl=en&ref_topic=9832445&fl=1#zippy=%2Cassign-a-role-to-a-service-account
###
### This script requires PyJWT and requests. Install it by running:
###
@jay0lee
jay0lee / app.yaml
Last active October 28, 2022 17:57
App Engine Workspace Service Account Example
runtime: python310
handlers:
- url: /.*
script: auto
@jay0lee
jay0lee / weekly-ooo.js
Created October 21, 2022 14:27
function myFunction() {
// connect to sheet
var ss = SpreadsheetApp.openById("1_6HeCZ_KEFyJIRD73joTYBwj6xKdJHXudaAfH-Apwto");
var sheet = ss.getSheets()[0];
// determine if weekly auto-reply is enabled
var range = sheet.getRange(11,2);
var weekly_autoreply_enabled = range.getValue();
if (! weekly_autoreply_enabled) {
Logger.log("Weekly auto-reply is disabled");