salrashid123’s gists

salrashid123 / gke.txt

Created April 28, 2022 13:03

SignedURL using GKE workload federation (https://blog.salrashid.dev/articles/2021/cloud_sdk_missing_manual/gcs_signedurl/)

	export PROJECT_ID=`gcloud config get-value core/project`
	export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format='value(projectNumber)'`

	gcloud iam service-accounts create ocsp-svc
	gcloud container clusters create cluster-1 --workload-pool=$PROJECT_ID.svc.id.goog

	kubectl create namespace ns1
	kubectl create serviceaccount --namespace ns1 ksa-1

	gcloud iam service-accounts add-iam-policy-binding \

salrashid123 / main.py

Created April 25, 2022 11:26

GCP impersonated and iam credentials to signJWT, generateIDToken (ref https://blog.salrashid.dev/articles/2022/appengine_jwt/)


	import os
	import json
	import time
	from google.auth import impersonated_credentials
	from google.auth.transport.requests import AuthorizedSession, Request
	import google.oauth2.credentials
	from google.cloud import iam_credentials_v1

	# export GCLOUD_USER=`gcloud config get-value core/account`

salrashid123 / main.py

Last active April 24, 2022 03:34

Generate Service Account JWT from Appengine (for cloud endpoints https://blog.salrashid.dev/articles/2022/appengine_jwt/)

	from flask import Flask
	import os
	import json
	import time
	from google.auth import compute_engine
	from werkzeug.exceptions import HTTPException
	from google.auth.transport.requests import AuthorizedSession, Request
	import google.oauth2.credentials
	from google.cloud import iam_credentials_v1

salrashid123 / serial.go

Created April 22, 2022 16:25

hmac sha256 with bq remote function (no goroutine) (https://github.com/salrashid123/bq_cloud_function_golang)

salrashid123 / murmur.go

Created April 21, 2022 23:55

murmur3 google cloud function

salrashid123 / auditlogstreaming.go

Last active April 18, 2022 11:20

GCP CLoud Logging streaming of auditlogs

	package main

	import (
	"fmt"
	"io"

	logging "cloud.google.com/go/logging/apiv2"
	"golang.org/x/net/context"
	"google.golang.org/genproto/googleapis/cloud/audit"
	loggingpb "google.golang.org/genproto/googleapis/logging/v2"

salrashid123 / main.go

Created April 2, 2022 00:23

Using signBlob to get an access and id_token (https://blog.salrashid.dev/articles/2022/concentric_iam/)

salrashid123 / outage_dataset.txt

Created March 31, 2022 12:41

GCP Outage Dataset Sample query (https://blog.salrashid.dev/articles/2022/gcp_cloud_status_dataset/)

	bq query --nouse_legacy_sql '
	SELECT
	DISTINCT(id), service_name,severity,external_desc, begin,`end` , modified
	FROM
	gcp-status-log.status_dataset.status
	WHERE
	service_name = "Google Compute Engine"
	ORDER BY
	modified
	'

salrashid123 / server.go

Created March 29, 2022 23:40

SignedURL, SignedJWT and SignBlob on Cloud Run Cloud Functions, GCE, GKE

	package main

	/*

	Issue self-signed JWTs signBlob on Cloud Run, Cloud Functions, GCE, GKE


	Assume the environment is running as `your_svc_account@project_id.iam.gserviceaccount.com `

salrashid123 / main.go

Last active March 19, 2022 13:16