Now is the time for all good men to come to the aid of their country. This is just a regular paragraph.
ferrisargyle
ferrisargyle
/ RetryWithExponentialBackoff.js
Created
September 3, 2018 00:58
Embedded in this medium article: https://medium.com/@fargyle/google-apps-script-retry-with-exponential-backoff-fb223ddad76d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Retry with truncated exponential backoff | |
| * Mashup of https://gist.github.com/peterherrmann/2700284 exponential backoff and partials | |
| * @param {function} the function to retry | |
| * @param {numeric} number of times to retry before throwing an error | |
| * @param {string} optional function arguments | |
| * @param {function} optional logging function | |
| * @return {function applied} response of function | |
| * @private | |
| */ |
ferrisargyle
/ UploadGCSObjectsWithImpersonation.py
Created
September 3, 2018 00:36
Embedded in this medium article: https://medium.com/@fargyle/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Upload GCS objects with arbitrary user ownership | |
| # For test purposes, this is a simple upload; | |
| # you may wish to use # composite and multi-part uploads for performance and larger files | |
| from googleapiclient import discovery | |
| from googleapiclient import http | |
| from google.oauth2 import service_account | |
| domain = '[YOUR_DOMAIN]' |
ferrisargyle
/ CreateGCSbucketWithImpersonation.py
Created
September 3, 2018 00:32
Embedded in this medium article: https://medium.com/@fargyle/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create GCS bucket with arbitrary user ownership | |
| from googleapiclient import discovery | |
| from google.oauth2 import service_account | |
| domain = '[YOUR_DOMAIN]' | |
| user = '[BUCKET_OWNER]' # id only (ie. without @domain) | |
| key_file = '[SERVICE_ACCOUNT_JSON_KEY_FILE]' | |
| project = '[PROJECT_ID]' |
ferrisargyle
/ RestrictedIPRange.csv
Last active
September 2, 2018 23:47
Embedded in this medium article: https://medium.com/@fargyle/secure-and-audit-the-google-cloud-platform-perimeter-ade393c25467
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Solution component | GCE | K8S/GKE | App Engine Flex | App Engine Standard | Google Cloud Storage | |
|---|---|---|---|---|---|---|
| Published IP ranges | Yes* | Yes | Yes** | Yes** | Yes | |
| Single global or regional IP via Google Cloud Load Balancer | Yes | Yes | Not supported | Not supported | Yes for XML API only | |
| Single IP via reverse proxy such ans NGINX | Yes* | Yes*** | Yes | Yes | No |
ferrisargyle
/ test.md
Created
September 2, 2018 22:33
ferrisargyle
/ PrivateTransit.csv
Last active
September 2, 2018 23:32
Embedded in this medium post: https://medium.com/@fargyle/secure-and-audit-the-google-cloud-platform-perimeter-d16372fa6697
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Solution component | GCE | K8S/GKE | App Engine Flex | App Engine Standard | Google Cloud Storage | |
|---|---|---|---|---|---|---|
| GCP service private IP access from Google Cloud Loadbalancer or NGINX reverse proxy | Yes | Yes for the worker nodes*. The master can be protected by IP whitelisting** (beta) | Yes: via reverse proxy such as NGINX and only for requests to GAE | Yes: via reverse proxy such as NGINX and only for requests to GAE | Yes: via GCLB with VPC Private Access*** | |
| Cloud VPN | Yes | Yes | Yes: via reverse proxy such as NGINX | Yes: via reverse proxy such as NGINX | Yes: via reverse proxy such as NGINX | |
| Direct and Carrier Peering | Yes | Yes | Yes | Yes | Yes | |
| Dedicated and Partner Interconnect | Yes | Yes | Yes: via reverse proxy such as NGINX | Yes: via reverse proxy such as NGINX | Yes: via reverse proxy such as NGINX |
ferrisargyle
/ privatetransit.html
Last active
September 2, 2018 21:30
Secure And Audit The Google Cloud Platform Perimeter - "Private" transit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <style> | |
| table { | |
| font-family: arial, sans-serif; | |
| border-collapse: collapse; | |
| width: 100%; | |
| } |
NewerOlder