gcp_iap_warden 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 83f02c74294dd4ad8b16a61d661b374b9b5f0871ba811982c28e40a7ef431e8c
+  data.tar.gz: 686417b87b73fbb4668401cc26e70f5ae53fdfa10ecffcc63d20d37181f50167
+SHA512:
+  metadata.gz: b8b845d6cbb4b4f222b9d5bab185ecc6ab88f976e198a4399b42e520ae5ba2339e26dec7b17fbd89f6df2fbf667b15994d71ced5c1c25844db6c7ea193b8c553
+  data.tar.gz: e09b14ef8bd976162da13035cca66f99de2b24eb5f74535b337086864732df1c1a0798aaf6d09ec72f8273a7de1b83d585cc6046748f3688c96444001b568dfb

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+.rubocop-https*

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,8 @@
+inherit_from:
+  - https://raw.githubusercontent.com/bloomon/style-guide/v0.1.0/ruby/rubocop.yml
+
+Rails:
+  Enabled: true
+
+AllCops:
+  TargetRubyVersion: 2.4

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in gcp_iap_warden.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,121 @@
+PATH
+  remote: .
+  specs:
+    gcp_iap_warden (0.1.0)
+      jwt (~> 2.1.0)
+      warden (~> 1.2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    abstract_type (0.0.7)
+    adamantium (0.2.0)
+      ice_nine (~> 0.11.0)
+      memoizable (~> 0.4.0)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ast (2.3.0)
+    binding_of_caller (0.8.0)
+      debug_inspector (>= 0.0.1)
+    coderay (1.1.2)
+    concord (0.1.5)
+      adamantium (~> 0.2.0)
+      equalizer (~> 0.0.9)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    debug_inspector (0.0.3)
+    diff-lcs (1.3)
+    equalizer (0.0.11)
+    hashdiff (0.3.7)
+    ice_nine (0.11.2)
+    jwt (2.1.0)
+    memoizable (0.4.2)
+      thread_safe (~> 0.3, >= 0.3.1)
+    method_source (0.9.0)
+    parallel (1.12.1)
+    parser (2.4.0.2)
+      ast (~> 2.3)
+    powerpack (0.1.1)
+    proc_to_ast (0.1.0)
+      coderay
+      parser
+      unparser
+    procto (0.0.3)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    public_suffix (3.0.1)
+    rack (2.0.3)
+    rack-test (0.8.2)
+      rack (>= 1.0, < 3)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-parameterized (0.4.0)
+      binding_of_caller
+      parser
+      proc_to_ast
+      rspec (>= 2.13, < 4)
+      unparser
+    rspec-support (3.7.0)
+    rubocop (0.52.1)
+      parallel (~> 1.10)
+      parser (>= 2.4.0.2, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    safe_yaml (1.0.4)
+    thread_safe (0.3.6)
+    timecop (0.9.1)
+    unicode-display_width (1.3.0)
+    unparser (0.2.6)
+      abstract_type (~> 0.0.7)
+      adamantium (~> 0.2.0)
+      concord (~> 0.1.5)
+      diff-lcs (~> 1.3)
+      equalizer (~> 0.0.9)
+      parser (>= 2.3.1.2, < 2.5)
+      procto (~> 0.0.2)
+    vcr (4.0.0)
+    warden (1.2.7)
+      rack (>= 1.0)
+    webmock (3.3.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  gcp_iap_warden!
+  pry (~> 0.11.3)
+  rack-test (~> 0.8.0)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rspec-its (~> 1.2.0)
+  rspec-parameterized (~> 0.4.0)
+  rubocop (~> 0.52.0)
+  timecop (~> 0.9.0)
+  vcr (~> 4.0.0)
+  webmock (~> 3.3.0)
+
+BUNDLED WITH
+   1.16.1

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Bloomon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+# GCP IAP Warden
+
+Google Cloud [Cloud Identity-Aware Proxy](https://cloud.google.com/iap/)
+ strategies for [Warden](https://github.com/hassox/warden)
+
+## Usage
+
+Below is just an example for ussage with rails.
+But you can easily reuse the code for you rack based app.
+
+Read more about Warden [here](https://github.com/hassox/warden/wiki)
+
+You may have use different strategies:
+`gcp_iap_google_jwt_header` or `gcp_iap_google_header`
+
+Recommended is `gcp_iap_google_jwt_header` read more [here](https://cloud.google.com/iap/docs/signed-headers-howto)
+
+Initialize the warden with something like
+
+```
+# ./config/initializers/warden.rb
+
+require "gcp_iap_warden"
+
+GcpIapWarden::Strategy::GoogleJWTHeader.config(
+  project: ENV.fetch("GCP_PROJECT_ID"),
+  backend: ENV.fetch("GCP_BACKEND_ID")
+)
+
+Rails.application.config.middleware.insert_after(
+  ActionDispatch::Session::CookieStore, Warden::Manager
+) do |manager|
+  manager.default_strategies :gcp_iap_google_jwt_header
+  manager.failure_app = UnauthorizedController
+end
+```
+
+Your `UnauthorizedController` may look like
+
+```
+# app/controllers/unauthorized_controller.rb
+
+class UnauthorizedController < ActionController::Metal
+  def self.call(env)
+    env["warden"].errors.each do |message|
+      Rails.logger.warn("[unauthorized] reason: #{message}")
+    end
+    @respond ||= action(:respond)
+    @respond.call(env)
+  end
+
+  def respond
+    self.response_body = "Unauthorized Action"
+    self.status = :unauthorized
+  end
+end
+```
+
+## Development
+
+Setup and run tests
+
+```
+docker-compose run --rm app ./bin/setup
+```

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "gcp_iap_warden"
+
+require "pry"
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle check || bundle install
+bundle exec rspec
+bundle exec rubocop

data/docker-compose.yml

@@ -0,0 +1,10 @@
+version: '2'
+services:
+  app:
+    image: ruby:2.4
+    working_dir: /workdir
+    environment:
+      BUNDLE_PATH: /workdir/.bundle
+    command: ./bin/setup
+    volumes:
+      - .:/workdir

data/gcp_iap_warden.gemspec

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "gcp_iap_warden/version"
+
+Gem::Specification.new do |spec| # rubocop:disable Metrics/BlockLength
+  spec.name          = "gcp_iap_warden"
+  spec.version       = GcpIapWarden::VERSION
+  spec.authors       = ["Max Shytikov"]
+  spec.email         = ["mshytikov@gmail.com"]
+  spec.homepage      = "https://github.com/mshytikov/gcp_iap_warden"
+  spec.summary       = "GCP Cloud IAP strategy for Warden"
+  spec.description   = "GCP Cloud IAP strategy for Warden"
+  spec.license = "MIT"
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "jwt", "~> 2.1.0"
+  spec.add_dependency "warden", "~> 1.2.0"
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "pry", "~>  0.11.3"
+  spec.add_development_dependency "rack-test", "~> 0.8.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rspec-its", "~> 1.2.0"
+  spec.add_development_dependency "rspec-parameterized", "~> 0.4.0"
+  spec.add_development_dependency "rubocop", "~> 0.52.0"
+  spec.add_development_dependency "timecop", "~> 0.9.0"
+  spec.add_development_dependency "vcr", "~> 4.0.0"
+  spec.add_development_dependency "webmock", "~> 3.3.0"
+end

data/lib/gcp_iap_warden.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "warden"
+
+require "gcp_iap_warden/version"
+
+module GcpIapWarden
+  require_relative "gcp_iap_warden/utils"
+  require_relative "gcp_iap_warden/key_store"
+  require_relative "gcp_iap_warden/strategy"
+end

data/lib/gcp_iap_warden/key_store.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "open-uri"
+
+module GcpIapWarden
+  class KeyStore
+    GOOGLE_PUBLIC_KEY_URL = "https://www.gstatic.com/iap/verify/public_key"
+
+    def initialize
+      @keys = {}
+    end
+
+    def fetch(key_id)
+      return if key_id.nil?
+      key = keys[key_id]
+      return key if key
+
+      update_keys!(key_id)
+      keys.fetch(key_id)
+    end
+
+    private
+
+    attr_accessor :keys
+
+    def update_keys!(key_id)
+      new_keys = load_keys
+      raise "Can't find key with id: #{key_id}" unless new_keys.key?(key_id)
+      self.keys = new_keys
+    end
+
+    def load_keys
+      ::JSON.parse(open(GOOGLE_PUBLIC_KEY_URL).read)
+    end
+  end
+end

data/lib/gcp_iap_warden/strategy.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module GcpIapWarden
+  module Strategy
+    require_relative "strategy/base"
+    require_relative "strategy/google_header"
+    require_relative "strategy/google_jwt_header"
+  end
+end

data/lib/gcp_iap_warden/strategy/base.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module GcpIapWarden::Strategy
+  class Base < ::Warden::Strategies::Base
+    class << self
+      attr_accessor :strategy_name
+    end
+
+    def store?
+      false
+    end
+
+    def valid?
+      gcp_iap_headers?
+    end
+
+    def authenticate!
+      success!(validate_payload(decode_payload))
+    rescue StandardError => e
+      errors.add(self.class.strategy_name, e.message)
+      self.fail # rubocop:disable Style/RedundantSelf
+    end
+
+    private
+
+    def validate_payload(payload)
+      raise "Invalid google email" if payload[:google_email].nil?
+      raise "Invalid google user id" if payload[:google_user_id].nil?
+      payload
+    end
+  end
+end

data/lib/gcp_iap_warden/strategy/google_header.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module GcpIapWarden::Strategy
+  class GoogleHeader < Base
+    self.strategy_name = :gcp_iap_google_header
+
+    USER_EMAIL_HEADER = "HTTP_X_GOOG_AUTHENTICATED_USER_EMAIL"
+    USER_ID_HEADER = "HTTP_X_GOOG_AUTHENTICATED_USER_ID"
+
+    private
+
+    def gcp_iap_headers?
+      env.key?(USER_EMAIL_HEADER) && env.key?(USER_ID_HEADER)
+    end
+
+    def decode_payload
+      email_value = env.fetch(USER_EMAIL_HEADER)
+      user_id_value = env.fetch(USER_ID_HEADER)
+      {
+        google_email: GcpIapWarden::Utils.parse_google_value(email_value),
+        google_user_id:  GcpIapWarden::Utils.parse_google_value(user_id_value),
+      }
+    end
+  end
+end
+
+::Warden::Strategies.add(
+  GcpIapWarden::Strategy::GoogleHeader.strategy_name,
+  GcpIapWarden::Strategy::GoogleHeader
+)

data/lib/gcp_iap_warden/strategy/google_jwt_header.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require "jwt"
+
+module GcpIapWarden::Strategy
+  class GoogleJWTHeader < Base
+    self.strategy_name = :gcp_iap_google_jwt_header
+
+    JWT_ALG = "ES256"
+    JWT_ISS = "https://cloud.google.com/iap"
+    JWT_HEADER = "HTTP_X_GOOG_IAP_JWT_ASSERTION"
+
+    @key_store = GcpIapWarden::KeyStore.new
+
+    class << self
+      attr_accessor :jwt_options, :key_store
+
+      def config(project:, backend:)
+        raise "Invalid config for project" if project.nil?
+        raise "Invalid config for backend" if backend.nil?
+
+        @jwt_options = {
+          algorithm: JWT_ALG,
+          verify_iss: true,
+          verify_iat: true,
+          verify_aud: true,
+          iss: JWT_ISS,
+          aud:  "/projects/#{project}/global/backendServices/#{backend}",
+        }
+      end
+
+      def config_reset!
+        @jwt_options = nil
+      end
+    end
+
+    private
+
+    def gcp_iap_headers?
+      env.key?(JWT_HEADER)
+    end
+
+    def decode_and_verify_jwt
+      options = self.class.jwt_options
+      raise("#{self.class} is not configured") if options.nil?
+      key = nil
+      token = env[JWT_HEADER]
+      payload = ::JWT.decode(token, key, true, options) do |header|
+        OpenSSL::PKey::EC.new(self.class.key_store.fetch(header["kid"]))
+      end
+      payload.first # take first part which has user info
+    end
+
+    def decode_payload
+      payload = decode_and_verify_jwt
+      raise "Invalid jwt payload" if payload.nil?
+      {
+        google_email: payload["email"],
+        google_user_id: GcpIapWarden::Utils.parse_google_value(payload["sub"]),
+      }
+    end
+  end
+end
+
+::Warden::Strategies.add(
+  GcpIapWarden::Strategy::GoogleJWTHeader.strategy_name,
+  GcpIapWarden::Strategy::GoogleJWTHeader
+)

data/lib/gcp_iap_warden/utils.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module GcpIapWarden::Utils
+  GOOGLE_VALUE_PREFIX = "accounts.google.com:"
+  # returns value of google headers prefixed with `accounts.google.com:`
+  # example:
+  #   parse_google_value("accounts.google.com:example@gmail.com")
+  #   => example@gmail.com
+  #
+  def self.parse_google_value(str)
+    str.sub(GOOGLE_VALUE_PREFIX, "") if str&.start_with?(GOOGLE_VALUE_PREFIX)
+  end
+end

data/lib/gcp_iap_warden/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GcpIapWarden
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,246 @@
+--- !ruby/object:Gem::Specification
+name: gcp_iap_warden
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Max Shytikov
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-03-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.3
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: rspec-parameterized
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.52.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.52.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.3.0
+description: GCP Cloud IAP strategy for Warden
+email:
+- mshytikov@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- docker-compose.yml
+- gcp_iap_warden.gemspec
+- lib/gcp_iap_warden.rb
+- lib/gcp_iap_warden/key_store.rb
+- lib/gcp_iap_warden/strategy.rb
+- lib/gcp_iap_warden/strategy/base.rb
+- lib/gcp_iap_warden/strategy/google_header.rb
+- lib/gcp_iap_warden/strategy/google_jwt_header.rb
+- lib/gcp_iap_warden/utils.rb
+- lib/gcp_iap_warden/version.rb
+homepage: https://github.com/mshytikov/gcp_iap_warden
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.4
+signing_key: 
+specification_version: 4
+summary: GCP Cloud IAP strategy for Warden
+test_files: []