Tyler Treat tylertreat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: web | |
| namespace: default | |
| spec: | |
| selector: | |
| matchLabels: | |
| run: web | |
| template: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: web | |
| namespace: default | |
| spec: | |
| ports: | |
| - port: 8080 | |
| protocol: TCP | |
| targetPort: 8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: basic-ingress | |
| annotations: | |
| kubernetes.io/ingress.global-static-ip-name: "web-static-ip" | |
| spec: | |
| backend: | |
| serviceName: web | |
| servicePort: 8080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.gke.io/v1beta1 | |
| kind: ManagedCertificate | |
| metadata: | |
| name: iap-demo | |
| spec: | |
| domains: | |
| - example.com |
tylertreat
/ iterator2.go
Created
May 18, 2015 05:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| type IntContainer []int | |
| func (i IntContainer) Iterator(cancel <-chan struct{}) <-chan int { | |
| ch := make(chan int) | |
| go func() { | |
| for _, val := range i { | |
| select { | |
| case ch <- val: | |
| case <-cancel: | |
| close(ch) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <web-app version="3.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns="http://xmlns.jcp.org/xml/ns/javaee" | |
| xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> | |
| <servlet> | |
| <servlet-name>appengine-spring-boot</servlet-name> | |
| <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> | |
| <init-param> | |
| <param-name>contextClass</param-name> |
tylertreat
/ oidc_cloud_function.py
Last active
September 16, 2019 18:26
Example Cloud Function that makes authenticated requests to an IAP-protected resource
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import google.auth | |
| import google.oauth2.service_account | |
| from google.auth.transport.requests import Request | |
| import requests | |
| IAM_SCOPE = 'https://www.googleapis.com/auth/iam' | |
| OAUTH_TOKEN_URI = 'https://www.googleapis.com/oauth2/v4/token' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _adc_credentials, _ = google.auth.default(scopes=[IAM_SCOPE]) | |
| # For service accounts using the Compute Engine metadata service, which is the | |
| # case for Cloud Function service accounts, service_account_email isn't | |
| # available until refresh is called. | |
| _adc_credentials.refresh(GRequest()) | |
| # Since the Compute Engine metadata service doesn't expose the service | |
| # account key, we use the IAM signBlob API to sign instead. In order for this | |
| # to work, the Cloud Function's service account needs the "Service Account |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check path against whitelist. | |
| path = proxied_request.path | |
| if not path: | |
| path = '/' | |
| # TODO: Implement proper wildcarding for paths. | |
| if '*' not in _whitelist and path not in _whitelist: | |
| logging.warn('Rejected {} {}, not in whitelist'.format( | |
| proxied_request.method, url)) | |
| return 'Requested path {} not in whitelist'.format(path), 403 |
tylertreat
/ main.py
Last active
January 29, 2019 06:51
GCP OIDC proxy URL creation portion of handle_request
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def handle_request(proxied_request): | |
| """Proxy the given request to the URL in the Forward-Host header with an | |
| Authorization header set using an OIDC bearer token for the Cloud | |
| Function's service account. If the header is not present, return a 400 | |
| error. | |
| """ | |
| host = proxied_request.headers.get(HOST_HEADER) | |
| if not host: | |
| return 'Required header {} not present'.format(HOST_HEADER), 400 |