Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

257 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / xds_client_logs.log
Created June 4, 2022 12:13
xds_client_logs (https://github.com/salrashid123/grpc_xds)
$ go run src/grpc_client.go --host xds:///be-srv
2022/06/04 08:04:55 INFO: [core] [Channel #1] Channel created
2022/06/04 08:04:55 INFO: [core] [Channel #1] original dial target is: "xds:///be-srv"
2022/06/04 08:04:55 INFO: [core] [Channel #1] parsed dial target is: {Scheme:xds Authority: Endpoint:be-srv URL:{Scheme:xds Opaque: User: Host: Path:/be-srv RawPath: ForceQuery:false RawQuery: Fragment: RawFragment:}}
2022/06/04 08:04:55 INFO: [core] [Channel #1] Channel authority set to "be-srv"
2022/06/04 08:04:55 INFO: [xds] [xds-resolver 0xc0003a0cc0] Creating resolver for target: {Scheme:xds Authority: Endpoint:be-srv URL:{Scheme:xds Opaque: User: Host: Path:/be-srv RawPath: ForceQuery:false RawQuery: Fragment: RawFragment:}}
2022/06/04 08:04:55 INFO: [xds] [xds-bootstrap] Bootstrap content: {
"xds_servers": [
{
@salrashid123
salrashid123 / server_tmpl.yaml
Created May 24, 2022 20:42
GCP Authentication filter server (https://blog.salrashid.dev/articles/2022/envoy_gcp_authn/ )
admin:
access_log_path: /dev/null
address:
socket_address:
address: 127.0.0.1
port_value: 9000
node:
cluster: service_greeter
id: test-id
static_resources:
@salrashid123
salrashid123 / client_tmpl.yaml
Created May 24, 2022 20:41
GCP Authentication filter client (https://blog.salrashid.dev/articles/2022/envoy_gcp_authn/ )
admin:
access_log_path: /dev/null
address:
socket_address:
address: 127.0.0.1
port_value: 19000
node:
cluster: service_greeter
id: test-id
static_resources:
@salrashid123
salrashid123 / main.go
Last active May 12, 2022 01:08
Reading live audit log changes using GCP Cloud Logging (https://blog.salrashid.dev/articles/2022/asset_monitor/
package main
import (
"bytes"
"flag"
"fmt"
"io"
"google.golang.org/protobuf/encoding/protojson"
@salrashid123
salrashid123 / main.go
Last active May 11, 2022 13:11
Using GCP Asset Inventory Feed to monitor resources (https://blog.salrashid.dev/articles/2022/asset_monitor/
package main
import (
"fmt"
"time"
"flag"
"cloud.google.com/go/pubsub"
"golang.org/x/net/context"
@salrashid123
salrashid123 / main.go
Last active September 22, 2022 18:16
GCP Service Account LastAuthentication using PolicyAnalyzer API
package main
import (
"encoding/json"
"flag"
"fmt"
"golang.org/x/net/context"
"google.golang.org/api/policyanalyzer/v1"
)
@salrashid123
salrashid123 / main.go
Last active May 12, 2022 14:19
List Groups using Workspace Directory API in golang
package main
/*
see https://blog.salrashid.dev/articles/2022/search_group_membership/
*/
import (
@salrashid123
salrashid123 / main.go
Last active May 12, 2022 14:18
Cloud Identity SearchTransitive Groups in go
package main
/*
see https://blog.salrashid.dev/articles/2022/search_group_membership/
*/
import (
@salrashid123
salrashid123 / gke.txt
Created April 28, 2022 13:03
SignedURL using GKE workload federation (https://blog.salrashid.dev/articles/2021/cloud_sdk_missing_manual/gcs_signedurl/)
export PROJECT_ID=`gcloud config get-value core/project`
export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format='value(projectNumber)'`
gcloud iam service-accounts create ocsp-svc
gcloud container clusters create cluster-1 --workload-pool=$PROJECT_ID.svc.id.goog
kubectl create namespace ns1
kubectl create serviceaccount --namespace ns1 ksa-1
gcloud iam service-accounts add-iam-policy-binding \
@salrashid123
salrashid123 / main.py
Created April 25, 2022 11:26
GCP impersonated and iam credentials to signJWT, generateIDToken (ref https://blog.salrashid.dev/articles/2022/appengine_jwt/)
import os
import json
import time
from google.auth import impersonated_credentials
from google.auth.transport.requests import AuthorizedSession, Request
import google.oauth2.credentials
from google.cloud import iam_credentials_v1
# export GCLOUD_USER=`gcloud config get-value core/account`