Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

223 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / tinkrsa.go
Created April 17, 2024 00:17
tink-golang sign/verify and extract rsa.PublicKey
package main
import (
"bytes"
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/json"
"encoding/pem"
@salrashid123
salrashid123 / os-inventory.md
Created April 2, 2024 13:41
Parsing GCP OSInventory packages from metadata server

parsing the os-inventory metadata server struct

if you have os-inventory enabled, you can get the values on the VM itself by running

curl -s -H 'Metadata-Flavor: Google'  http://metadata.google.internal/computeMetadata/v1/instance/guest-attributes/guestInventory/InstalledPackages

parse the values using
(you can ofcourse otherwise get the packages via api

@salrashid123
salrashid123 / bazel_protobuf_1.33.0.md
Created March 18, 2024 18:45
Bazel rules_go error after upgrading google.golang.org/protobuf from 1.32.0 to 1.33.0

Bazel build issue after upgrading

to repro, copy all the files below to a folder, then:

go get cloud.google.com/go/iam/credentials/apiv1@latest

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories
@salrashid123
salrashid123 / bazel_py.md
Last active March 7, 2024 12:40
bazel_python 
$ bazel run :main

$ bazel run :server_image

$ docker run -ti localhost:4000/harness:server_image
Traceback (most recent call last):
  File "/app//py_image.binary.runfiles/qs/main.py", line 8, in <module>
    import tink
@salrashid123
salrashid123 / migrate.md
Last active January 31, 2024 13:03
Migrate non-org gcp project into org wihout console

this will migrate a project (your-project-to-migrate) that sits outside of an cloud org (yourdomain.com)

  1. its owned by alice@domain

  2. admin@domain is a cloud org domain owner who can migrate a project over

  3. enable domain wide delegation on a service account with scopes

    "https://www.googleapis.com/auth/cloud-platform"

    see ref

@salrashid123
salrashid123 / amd-snp.md
Last active January 29, 2024 16:10
GCP AMD SNP client

scratchpad on starting up a GCP AMD-SEV instance

using go-sev-guest and virtee

# create instance

gcloud beta compute instances create snp-instance \
  --machine-type=n2d-standard-4 \
  --min-cpu-platform="AMD Milan" \
@salrashid123
salrashid123 / rules_oci.md
Last active December 20, 2023 21:26
Bazel rules_oci with go

Build container with rules_oci

First run a local registry

crane registry serve --address :4000
@salrashid123
salrashid123 / bazel_gcp.md
Last active December 6, 2023 13:44
bazel build for gcp apis: (ref https://github.com/bazelbuild/rules_go/issues/3467)

ref

bazel build with go gcp library

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories

bazel run  --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 :main
@salrashid123
salrashid123 / ekm.go
Created October 28, 2023 14:59
Extract EKM using golang [RFC5705](https://datatracker.ietf.org/doc/html/rfc5705)
package main
/*
Sample that prints the EKM value for a TLS connection:
https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html
https://github.com/salrashid123/go_mtls_scratchpad/tree/main#exported-key-material
*/
import (
"context"
@salrashid123
salrashid123 / aws_federation_with_tags.md
Last active October 27, 2023 12:26
AWS Session Tags with OIDC Federation

AWS Session Tags with OIDC Federation

Snippet demonstrating how to setup AWS Federation for an OIDC provider which checks "custom claims" as session Tags

With this, you can define an AWS Trust Relationship for a role where you specify a custom claim.

Normally, AWS OIDC federation only allows you to set/use a very limited set of fields like aud:, sub:.

What this allows for is a very limited custom claim validation...i'm saying very limited because you apparently have to use the precise claim name aws looks for...