Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

248 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / main.py
Created November 2, 2021 20:45
Web oauth2 flow for cloud run
#!/usr/bin/python
from flask import Flask,redirect, session, request
import json
import os
import urllib
from urllib.request import urlopen
from oauth2client.file import Storage
from google_auth_oauthlib.flow import Flow
import google.oauth2.credentials
@salrashid123
salrashid123 / gist:70086c699b67a812197d3d1bbf51de74
Created November 1, 2021 21:39
ASNparsed Attribute Certificate (ref https://github.com/golang/go/issues/49270)
$ openssl asn1parse -inform PEM -in a.pem
0:d=0 hl=4 l=2456 cons: SEQUENCE
4:d=1 hl=4 l=2176 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :01
11:d=2 hl=3 l= 150 cons: SEQUENCE
14:d=3 hl=3 l= 147 cons: cont [ 0 ]
17:d=4 hl=3 l= 138 cons: SEQUENCE
20:d=5 hl=3 l= 135 cons: cont [ 4 ]
23:d=6 hl=3 l= 132 cons: SEQUENCE
26:d=7 hl=2 l= 11 cons: SET
@salrashid123
salrashid123 / minikube_custom_svc_issuer.txt
Created October 21, 2021 11:52
Expose minikube's OIDC endpoint
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
minikube start --driver=kvm2 --feature-gates=ServiceAccountIssuerDiscovery=true \
--extra-config=apiserver.service-account-jwks-uri=https://www.43eskaton.com/openid/v1/jwks \
--extra-config=apiserver.service-account-issuer=https://www.43eskaton.com
kubectl create clusterrolebinding oidc-reviewer --clusterrole=system:service-account-issuer-discovery --group=system:unauthenticated
@salrashid123
salrashid123 / gist:62874b5b07856b061f75163c01d12042
Last active October 17, 2021 23:00
export PROJECT_ID=`gcloud config get-value core/project`
export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format="value(projectNumber)"`
gcloud services enable cloudidentity.googleapis.com --project $PROJECT_ID
# Allow the user who is going to run this script access to use the API on the target project
# this admin user must be an OWNER of the group
export GROUP_OWNER="[email protected]"
@salrashid123
salrashid123 / gist:94776af2fc2c918ff28db2811d51a769
Created October 17, 2021 19:24
$ date
Sat Oct 16 08:04:23 AM EDT 2021
# list current members
$ gcloud identity groups memberships list [email protected]
---
name: groups/02grqrue4gb58m7/memberships/101638213306164197874
preferredMemberKey:
id: [email protected]
@salrashid123
salrashid123 / main.go
Created October 11, 2021 14:00
per-rpc quota distribution between projects with Google cloud pubsub go clients
package main
/*
Sample that overrides quota project at a _per rpc_ leve.
golang allows you to set the quota project manually using the
https://pkg.go.dev/google.golang.org/api/option#WithQuotaProject
flag but that flag applies to the whole client
@salrashid123
salrashid123 / server.key
Created September 30, 2021 19:03
expired server key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuikPNpngH+OQcOlj7pkvHisYxRkou3kx9E+Z6GxveniyY+/2
4ydgc/FAXn266vHbcjnlELvQFLfdjZdY2nr0byr7FBjpfOArLttUe3W7JlNWgZ4K
wbeHqjpTFX8rMGifdc2JMw4LY3G/O3gvmgCu2lz5eHGn8K8cwhMdIDUPy+RKqP3O
ymzxKLKvhx0CO0usPNgsns6cK53PZES6bsD14kpSMcmTZtECyTGPlFrbSWT/Hd7w
WX8GBlZ9P00RKbf1M5xpEBwPP1TKUJtEMHKilv/OUe/jvJDn8/RWtATaX4T2kDVb
4GlBT7/38Zd7AFlPzr0XfGnCV+YDJG1OHyOfoQIDAQABAoIBACwK5MeFNio1O4oL
HZJoeWZIye5vmlxoOvJTFtWPOfyeq43LSvzI5x/nFtSEKIHHQKTQn6oK1RrhuS/z
e5kM9+GJKKfDkRHzMyQ9zcn7u5BArTmzO1ZDZnxWmit+z6f/SKKlQu1qSDV5xsV6
FMD5omSVFIxzT0k5FLOxs/VXuGoDK8uc2RuFkxv08lpVWBjkULWrJgiZuPxwfzvM
@salrashid123
salrashid123 / server.crt
Created September 30, 2021 19:02
expired server cert
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIBADANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0G
A1UEChMGR29vZ2xlMRMwEQYDVQQLEwpFbnRlcnByaXNlMQ0wCwYDVQQDEwRNeUNB
MB4XDTIwMDEyOTE3MjUzNVoXDTIxMDMwNDE3MjUzNVowZDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBkdvb2dsZTETMBEGA1UECxMK
RW50ZXJwcmlzZTEaMBgGA1UEAxMRc2VydmVyLmRvbWFpbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6KQ82meAf45Bw6WPumS8eKxjFGSi7eTH0
T5nobG96eLJj7/bjJ2Bz8UBefbrq8dtyOeUQu9AUt92Nl1jaevRvKvsUGOl84Csu
21R7dbsmU1aBngrBt4eqOlMVfyswaJ91zYkzDgtjcb87eC+aAK7aXPl4cafwrxzC
@salrashid123
salrashid123 / CA_crt.pem
Created September 30, 2021 19:00
expiredCA
-----BEGIN CERTIFICATE-----
MIIDiTCCAnGgAwIBAgIUVuzNUMKJ2AyaeJgrDhM1iQ7brd0wDQYJKoZIhvcNAQEL
BQAwbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTETMBEGA1UECxMKRW50ZXJw
cmlzZTENMAsGA1UEAxMETXlDQTAeFw0yMDAxMjkxNzI1MTJaFw0yMTA5MjAxNzI1
MTJaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQKEwZHb29nbGUxEzARBgNVBAsTCkVudGVy
cHJpc2UxDTALBgNVBAMTBE15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDdGgFAOC00NUyaK6WXUQYJsUYJWsyTL2KC4zrmM46L9yg8reVmz/M8sUzu
XO1spYGK9Y+40DOE+lD2yKuBzEzOHP39qkKO4mjP7r5qeV3tDB5uH0YQRL33UB8o
@salrashid123
salrashid123 / Dockerfile
Last active September 18, 2021 18:10
OpenSSL3 with FIPS
FROM debian:latest
RUN apt-get update && apt-get install gcc build-essential git wget curl vim -y
WORKDIR /apps
# https://github.com/openssl/openssl/blob/master/README-FIPS.md
RUN wget https://www.openssl.org/source/openssl-3.0.0.tar.gz && tar -xzvf openssl-3.0.0.tar.gz
RUN cd openssl-3.0.0 && ./config enable-fips enable-ssl-trace && make && make install
ENV LD_LIBRARY_PATH /usr/local/lib/:/usr/local/lib64/
RUN openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so