salrashid123’s gists

salrashid123 / main.go

Created January 23, 2022 15:49

ebpf golang for TLS

	// This just my non-working version of
	// https://gist.github.com/NathanFrench/d38ab24b98a3d5c9536e8993e7964997
	// which tries to capture both the read+write ssl (i.,e outbound and inbound)

	package main

	import (
	"C"
	"bytes"
	"encoding/binary"

salrashid123 / main.go

Last active May 13, 2022 15:48

Google BigQuery Client-side AEAD Encryption https://blog.salrashid.dev/articles/2022/bq_client_side_aead/

	package main

	/*
	Client-side BQ AEAD Encryption

	Sample that encrypts data client side and uses BigQuery streaming insert.

	The data is encrypted and is compatible with BQ AEAD functions
	https://cloud.google.com/bigquery/docs/reference/standard-sql/aead_encryption_functions

salrashid123 / curl.sh

Created December 23, 2021 21:41

What is my IP using cli tools (curl)


	curl -s https://httpbin.org/get \| jq -r '.origin'

	1.2.3.4

salrashid123 / main.py

Created December 21, 2021 18:59

google-auth python. Impersonate and domain-delegate using iam_credentials_v1.IAMCredentialsClient

	# snippet uses ADC credentials to impersonate [email protected]
	# then use that server's credentials to create a token for user2 using domain delegation
	# after that, the gcs and pubsub calls are done as if its user2

	import google.auth
	import time


	from google.auth import credentials
	from google.cloud import iam_credentials_v1

salrashid123 / main.py

Last active December 21, 2021 18:58

google-auth python. Impersonate and domain-delegate using impersonated_credentials

	# snippet uses ADC credentials to impersonate [email protected]
	# then use that server's credentials to create a token for user2 using domain delegation
	# after that, the gcs and pubsub calls are done as if its user2

	import google.auth
	import time

	from google.auth import credentials
	from google.cloud import iam_credentials_v1
	from google.auth import impersonated_credentials

salrashid123 / static_credentials.py

Created December 20, 2021 16:39

google.auth.StaticCredentils

	## StaticCredentials should be in google.auth.

	# sc = StaticCredentials(token=access_token,expires_in=expires_in,token_type=token_type)

	# from google.cloud import storage
	# client = storage.Client(project=project, credentials=sc)
	# for b in client.list_buckets():
	# print(b.name)

salrashid123 / kms_rsa.md

Created December 16, 2021 14:15

Encrypt/Decrypt using RSA openssl and GCP Cloud KMS

given a key of type

gcloud kms keys list --keyring=mykeyring --location=us-central1
   projects/mineral-minutia-820/locations/us-central1/keyRings/mykeyring/cryptoKeys/dlp            ASYMMETRIC_DECRYPT  RSA_DECRYPT_OAEP_2048_SHA1    SOFTWARE

gcloud kms keys versions get-public-key 1 --key dlp --keyring=mykeyring --location=us-central1 &gt; key.pub

salrashid123 / main.go

Last active December 8, 2021 12:33

Google Cloud Storage Downscope tokens api in go

	package main

	import (
	"context"
	"fmt"
	"io"
	"os"

	"cloud.google.com/go/storage"

salrashid123 / k8s_wif_14.txt

Created December 6, 2021 13:25

k8s_wif_14.txt

	export DISCOVERY_URL="https://e782-72-83-67-174.ngrok.io"

	minikube start --driver=kvm2 --feature-gates=ServiceAccountIssuerDiscovery=true \
	--extra-config=apiserver.service-account-jwks-uri=$DISCOVERY_URL/openid/v1/jwks \
	--extra-config=apiserver.service-account-issuer=$DISCOVERY_URL

	# enable the cluster role bindng to expose the discovery server

	kubectl create clusterrolebinding oidc-reviewer --clusterrole=system:service-account-issuer-discovery --group=system:unauthenticated

salrashid123 / k8s_ngrok.txt

Created December 6, 2021 13:24

k8s_ngrok.txt

	curl -s $DISCOVERY_URL/.well-known/openid-configuration \| jq '.'
	{
	"issuer": "https://e782-72-83-67-174.ngrok.io",
	"jwks_uri": "https://e782-72-83-67-174.ngrok.io/openid/v1/jwks",
	"response_types_supported": [
	"id_token"
	],
	"subject_types_supported": [
	"public"
	],