Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

225 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / amd-snp.md
Last active January 29, 2024 16:10
GCP AMD SNP client

scratchpad on starting up a GCP AMD-SEV instance

using go-sev-guest and virtee

# create instance

gcloud beta compute instances create snp-instance \
  --machine-type=n2d-standard-4 \
  --min-cpu-platform="AMD Milan" \
@salrashid123
salrashid123 / tpm_ca.md
Last active January 3, 2024 14:16
Issue CA-signed certificate for TPM public key using (-force_pubkey)
@salrashid123
salrashid123 / rules_oci.md
Last active December 20, 2023 21:26
Bazel rules_oci with go

Build container with rules_oci

First run a local registry

crane registry serve --address :4000
@salrashid123
salrashid123 / TestClient.java
Created July 11, 2019 15:28
Snippet for using google cloud pubsub java library with a proxy
package com.test;
import com.google.cloud.ServiceOptions;
import com.google.cloud.pubsub.v1.TopicAdminClient;
import com.google.cloud.pubsub.v1.TopicAdminSettings;
import com.google.pubsub.v1.Topic;
import com.google.pubsub.v1.ProjectName;
import com.google.auth.oauth2.GoogleCredentials;
@salrashid123
salrashid123 / bazel_gcp.md
Last active December 6, 2023 13:44
bazel build for gcp apis: (ref https://github.com/bazelbuild/rules_go/issues/3467)

ref

bazel build with go gcp library

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories

bazel run  --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 :main
@salrashid123
salrashid123 / ekm.go
Created October 28, 2023 14:59
Extract EKM using golang [RFC5705](https://datatracker.ietf.org/doc/html/rfc5705)
package main
/*
Sample that prints the EKM value for a TLS connection:
https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html
https://github.com/salrashid123/go_mtls_scratchpad/tree/main#exported-key-material
*/
import (
"context"
@salrashid123
salrashid123 / aws_federation_with_tags.md
Last active October 27, 2023 12:26
AWS Session Tags with OIDC Federation

AWS Session Tags with OIDC Federation

Snippet demonstrating how to setup AWS Federation for an OIDC provider which checks "custom claims" as session Tags

With this, you can define an AWS Trust Relationship for a role where you specify a custom claim.

Normally, AWS OIDC federation only allows you to set/use a very limited set of fields like aud:, sub:.

What this allows for is a very limited custom claim validation...i'm saying very limited because you apparently have to use the precise claim name aws looks for...

@salrashid123
salrashid123 / gce_eventlog.md
Last active October 20, 2023 10:16
TPM EventLog value for GCE Confidential VMs (SEV)

TPM EventLog value for GCE Confidential VMs (SEV)

Snippet used to confirm if AMD-SEV is enabled or not on a GCE VM using TPM PCR0 values.

GCE Shielded VM that have TPMs enabled asserts that PCR0 surfaces the following encoded measurements

0: Contains the value for PCR0, which contains information about firmware components and the memory encryption technology that is active. This PCR diverges from the TCG PCClient platform firmware profile in that it measures only the following events:
@salrashid123
salrashid123 / workload_federation_svc_account.go
Last active October 14, 2023 14:16
Access GCP and workspace APIs using GCP Workload Identity Federation usign Service Account Impersonation
package main
import (
"fmt"
"log"
"context"
"cloud.google.com/go/storage"
@salrashid123
salrashid123 / workload_federation_dwd.go
Last active October 13, 2023 16:49
Access GCP and workspace APIs using GCP Workload Identity Federation usign Domain Delegation
package main
import (
"fmt"
"log"
"context"
"cloud.google.com/go/storage"