Ilon Sjögren ilons
ilons
/ Demonstrate GCP GCS IAM permission with google-cloud-storage SDK
Last active
February 14, 2020 07:36
This demonstrates how you lists, writes and reads files with only permissions on the Google Cloud Storage bucket resource
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set project and credentials to use for PoC, plus resource names | |
| export CLOUDSDK_CORE_ACCOUNT=<user account address> | |
| export CLOUDSDK_CORE_PROJECT=<project name> | |
| export BUCKET_NAME=manual-iam-test-$(date --iso-8601) | |
| export SERVICE_ACCOUNT=manual-gcs-test | |
| # Create Service account and download json key | |
| gcloud beta iam service-accounts create ${SERVICE_ACCOUNT} --display-name "Manual GCS Test" | |
| gcloud beta iam service-accounts keys create ${SERVICE_ACCOUNT}.json --iam-account ${SERVICE_ACCOUNT}@${CLOUDSDK_CORE_PROJECT}.iam.gserviceaccount.com |
ilons
/ docker_image_gcr_config.py
Created
November 27, 2018 07:53
Using Google OAuth2 token from service account to get docker image config (without httplib2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import google.oauth2.service_account | |
| import google.auth.transport.requests | |
| import json | |
| image = 'gcr.io/<project>/<image>' | |
| digest = '<tag or digest>' | |
| credentials = google.oauth2.service_account.Credentials.from_service_account_file( | |
| '<path/to/service/account/json>', | |
| scopes=[ |
ilons
/ cf_kubernetes_config.py
Last active
August 9, 2018 15:44
Running requests against a kubernetes cluster from Google Cloud Functions on Python3.7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import tempfile | |
| import yaml | |
| import google.cloud.container_v1 | |
| import google.protobuf.json_format | |
| import kubernetes.client | |
| import kubernetes.config | |
ilons
/ gist:a512a9cdf392e4a94ec0ab49b866d20c
Last active
June 30, 2017 06:33
AWS S3 IAM S3 policy example to allow GetObject and ListBucket on the bucket `my-bucket-name`, but only on the prefix `allowed/prefix`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": ["s3:Get*"], | |
| "Resource": ["arn:aws:s3:::my-bucket-name/allowed/prefix/*"], | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": ["s3:ListBucket"], |
ilons
/ AWS Console Lambda viewport.user.js
Last active
June 27, 2017 12:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name AWS Console Lambda viewport | |
| // @namespace https://binarypa.in/tampermonkey/aws | |
| // @version 0.2 | |
| // @description Removing the hard-coded height for functions list in AWS console Lambda view | |
| // @author tm.aws.lambda.list@binarypa.in | |
| // @match https://*.console.aws.amazon.com/lambda* | |
| // @grant none | |
| // ==/UserScript== |