gcp_iap_warden 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +2 -2
  3. data/README.md +21 -0
  4. data/lib/gcp_iap_warden/strategy/google_jwt_header.rb +18 -5
  5. data/lib/gcp_iap_warden/version.rb +1 -1
  6. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4d92337a92e1d522131bfecb184a047688861374e97f76bb4b0c78af1fc442d2
4
- data.tar.gz: f3fef4eeca0b8d1c0a09f87866969c5ce6d1faabe9b4ccb51ab0582ff5edfa18
3
+ metadata.gz: 416a9d503695d5167b83f34a24326af75a48b178f4af79edc7cd048df41fc809
4
+ data.tar.gz: e1204729ae7320df2a701f8b0fb53b8a8e4f1a8a7d0eb1cb5a4b4b9b1a8d402d
5
5
  SHA512:
6
- metadata.gz: 5d0b1513fbe66cd315eb038cdbb5efe69dd2c503ce368ff90437e18b4787a08e5c1a5a5b8da59ec7ab483f87ccd5936892a43d1620cc6a05903fa5e3dd5ba4d6
7
- data.tar.gz: 5a7ec499cbc9755c68c7daa8aa72c904430f625448d735c23533cdb8b6b95a917a0ff82e90efddb9fdc2cd463b4d8eec084c5bef44fb6d137d9d1bd782ad6a2a
6
+ metadata.gz: ce1853514e70a2eb6afd00e030a3c7769852d44572bbe70d3657de8b398a2931be81c113b496a6eb1a631c6d0f38f803329c446466360f52cbf0a593bdef7dbb
7
+ data.tar.gz: 64d2ddbf8a1ce630ce22990557c6a507f662a9dffd87d8d2b61a62ff4bc9a27e2b358de2bc7beac91b3858121bc4abd14b09cdd130c48e2860c492626b4108cc
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gcp_iap_warden (0.1.1)
4
+ gcp_iap_warden (0.2.0)
5
5
  jwt (~> 2.1.0)
6
6
  warden (~> 1.2.0)
7
7
 
@@ -118,4 +118,4 @@ DEPENDENCIES
118
118
  webmock (~> 3.3.0)
119
119
 
120
120
  BUNDLED WITH
121
- 1.17.1
121
+ 1.17.2
data/README.md CHANGED
@@ -35,6 +35,27 @@ Rails.application.config.middleware.insert_after(
35
35
  end
36
36
  ```
37
37
 
38
+ Or for AppEngine like
39
+
40
+ ```
41
+ # ./config/initializers/warden.rb
42
+
43
+ require "gcp_iap_warden"
44
+
45
+ GcpIapWarden::Strategy::GoogleJWTHeader.config(
46
+ project: ENV.fetch("GCP_PROJECT_ID"),
47
+ backend: ENV.fetch("APP_ENGINE_PROJECT_ID")
48
+ platform: :app_engine
49
+ )
50
+
51
+ Rails.application.config.middleware.insert_after(
52
+ ActionDispatch::Session::CookieStore, Warden::Manager
53
+ ) do |manager|
54
+ manager.default_strategies :gcp_iap_google_jwt_header
55
+ manager.failure_app = UnauthorizedController
56
+ end
57
+ ```
58
+
38
59
  Your `UnauthorizedController` may look like
39
60
 
40
61
  ```
data/lib/gcp_iap_warden/strategy/google_jwt_header.rb CHANGED
@@ -10,28 +10,41 @@ module GcpIapWarden::Strategy
10
10
  JWT_ISS = "https://cloud.google.com/iap"
11
11
  JWT_HEADER = "HTTP_X_GOOG_IAP_JWT_ASSERTION"
12
12
 
13
+ PLATFORMS = {
14
+ app_engine: "apps",
15
+ gce: "global/backendServices",
16
+ gke: "global/backendServices",
17
+ }.freeze
18
+
13
19
  @key_store = GcpIapWarden::KeyStore.new
14
20
 
15
21
  class << self
16
22
  attr_accessor :jwt_options, :key_store
17
23
 
18
- def config(project:, backend:)
19
- raise "Invalid config for project" if project.nil?
20
- raise "Invalid config for backend" if backend.nil?
21
-
24
+ def config(project:, backend:, platform: :gce)
22
25
  @jwt_options = {
23
26
  algorithm: JWT_ALG,
24
27
  verify_iss: true,
25
28
  verify_iat: true,
26
29
  verify_aud: true,
27
30
  iss: JWT_ISS,
28
- aud: "/projects/#{project}/global/backendServices/#{backend}",
31
+ aud: aud(project, platform, backend),
29
32
  }
30
33
  end
31
34
 
32
35
  def config_reset!
33
36
  @jwt_options = nil
34
37
  end
38
+
39
+ private
40
+
41
+ def aud(project, platform, backend)
42
+ platform = PLATFORMS[platform]
43
+ raise "Invalid config for project" if project.nil?
44
+ raise "Invalid config for backend" if backend.nil?
45
+ raise "Invalid config for platform" if platform.nil?
46
+ "/projects/#{project}/#{platform}/#{backend}"
47
+ end
35
48
  end
36
49
 
37
50
  private
data/lib/gcp_iap_warden/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module GcpIapWarden
4
- VERSION = "0.1.1"
4
+ VERSION = "0.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gcp_iap_warden
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Max Shytikov
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-03 00:00:00.000000000 Z
11
+ date: 2019-03-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -238,8 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
238
238
  - !ruby/object:Gem::Version
239
239
  version: '0'
240
240
  requirements: []
241
- rubyforge_project:
242
- rubygems_version: 2.7.6
241
+ rubygems_version: 3.0.1
243
242
  signing_key:
244
243
  specification_version: 4
245
244
  summary: GCP Cloud IAP strategy for Warden