-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create generate_self_signed_jwt.py #1414
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have tests for this file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be .rb
not .py
.
require "googleauth" | ||
require "google/cloud/iam_credentials/v1" | ||
require "jwt" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should there be region tags in this file?
require "google/cloud/iam_credentials/v1" | ||
require "jwt" | ||
|
||
def generate_jwt_payload(service_account_email, resource_url) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove the parentheses where possible.
}.to_json | ||
end | ||
|
||
def sign_jwt(target_sa, resource_url) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove parentheses
def sign_jwt(target_sa, resource_url) | ||
scope = "https://www.googleapis.com/auth/iam" | ||
credentials = Google::Auth.get_application_default([scope]) | ||
iam_client = Google::Cloud::IamCredentials::V1::IAMCredentials::Client.new(credentials: credentials) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove parentheses
end | ||
|
||
def sign_jwt_with_key_file(credential_key_file_path, resource_url) | ||
key_data = JSON.parse(File.read(credential_key_file_path)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove parentheses on this line and the line above it
private_key_id = key_data["private_key_id"] | ||
service_account_email = key_data["client_email"] | ||
|
||
payload = generate_jwt_payload(service_account_email, resource_url) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove parentheses
|
||
JWT.encode( | ||
payload, | ||
OpenSSL::PKey::RSA.new(private_key), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need to require "openssl"
for this to work?
iam_client = Google::Cloud::IamCredentials::V1::IAMCredentials::Client.new(credentials: credentials) | ||
|
||
response = iam_client.sign_jwt( | ||
name: iam_client.service_account_path('-', target_sa), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use double quotes for strings.
|
||
require "googleauth" | ||
require "google/cloud/iam_credentials/v1" | ||
require "jwt" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The JWT and IAM Credentials client gems probably need to be added to the Gemfile.
Description
Upload sample script for IAP public documentation update.
This will be documented the IAP public documentation
Note: It's a good idea to open an issue first for discussion.
Checklist
bundle exec rubocop