gcp_iap_warden 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +2 -2
  3. data/README.md +21 -0
  4. data/lib/gcp_iap_warden/strategy/google_jwt_header.rb +18 -5
  5. data/lib/gcp_iap_warden/version.rb +1 -1
  6. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4d92337a92e1d522131bfecb184a047688861374e97f76bb4b0c78af1fc442d2
4
- data.tar.gz: f3fef4eeca0b8d1c0a09f87866969c5ce6d1faabe9b4ccb51ab0582ff5edfa18
3
+ metadata.gz: 416a9d503695d5167b83f34a24326af75a48b178f4af79edc7cd048df41fc809
4
+ data.tar.gz: e1204729ae7320df2a701f8b0fb53b8a8e4f1a8a7d0eb1cb5a4b4b9b1a8d402d
5
5
  SHA512:
6
- metadata.gz: 5d0b1513fbe66cd315eb038cdbb5efe69dd2c503ce368ff90437e18b4787a08e5c1a5a5b8da59ec7ab483f87ccd5936892a43d1620cc6a05903fa5e3dd5ba4d6
7
- data.tar.gz: 5a7ec499cbc9755c68c7daa8aa72c904430f625448d735c23533cdb8b6b95a917a0ff82e90efddb9fdc2cd463b4d8eec084c5bef44fb6d137d9d1bd782ad6a2a
6
+ metadata.gz: ce1853514e70a2eb6afd00e030a3c7769852d44572bbe70d3657de8b398a2931be81c113b496a6eb1a631c6d0f38f803329c446466360f52cbf0a593bdef7dbb
7
+ data.tar.gz: 64d2ddbf8a1ce630ce22990557c6a507f662a9dffd87d8d2b61a62ff4bc9a27e2b358de2bc7beac91b3858121bc4abd14b09cdd130c48e2860c492626b4108cc
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gcp_iap_warden (0.1.1)
4
+ gcp_iap_warden (0.2.0)
5
5
  jwt (~> 2.1.0)
6
6
  warden (~> 1.2.0)
7
7
 
@@ -118,4 +118,4 @@ DEPENDENCIES
118
118
  webmock (~> 3.3.0)
119
119
 
120
120
  BUNDLED WITH
121
- 1.17.1
121
+ 1.17.2
data/README.md CHANGED
@@ -35,6 +35,27 @@ Rails.application.config.middleware.insert_after(
35
35
  end
36
36
  ```
37
37
 
38
+ Or for AppEngine like
39
+
40
+ ```
41
+ # ./config/initializers/warden.rb
42
+
43
+ require "gcp_iap_warden"
44
+
45
+ GcpIapWarden::Strategy::GoogleJWTHeader.config(
46
+ project: ENV.fetch("GCP_PROJECT_ID"),
47
+ backend: ENV.fetch("APP_ENGINE_PROJECT_ID")
48
+ platform: :app_engine
49
+ )
50
+
51
+ Rails.application.config.middleware.insert_after(
52
+ ActionDispatch::Session::CookieStore, Warden::Manager
53
+ ) do |manager|
54
+ manager.default_strategies :gcp_iap_google_jwt_header
55
+ manager.failure_app = UnauthorizedController
56
+ end
57
+ ```
58
+
38
59
  Your `UnauthorizedController` may look like
39
60
 
40
61
  ```
data/lib/gcp_iap_warden/strategy/google_jwt_header.rb CHANGED
@@ -10,28 +10,41 @@ module GcpIapWarden::Strategy
10
10
  JWT_ISS = "https://cloud.google.com/iap"
11
11
  JWT_HEADER = "HTTP_X_GOOG_IAP_JWT_ASSERTION"
12
12
 
13
+ PLATFORMS = {
14
+ app_engine: "apps",
15
+ gce: "global/backendServices",
16
+ gke: "global/backendServices",
17
+ }.freeze
18
+
13
19
  @key_store = GcpIapWarden::KeyStore.new
14
20
 
15
21
  class << self
16
22
  attr_accessor :jwt_options, :key_store
17
23
 
18
- def config(project:, backend:)
19
- raise "Invalid config for project" if project.nil?
20
- raise "Invalid config for backend" if backend.nil?
21
-
24
+ def config(project:, backend:, platform: :gce)
22
25
  @jwt_options = {
23
26
  algorithm: JWT_ALG,
24
27
  verify_iss: true,
25
28
  verify_iat: true,
26
29
  verify_aud: true,
27
30
  iss: JWT_ISS,
28
- aud: "/projects/#{project}/global/backendServices/#{backend}",
31
+ aud: aud(project, platform, backend),
29
32
  }
30
33
  end
31
34
 
32
35
  def config_reset!
33
36
  @jwt_options = nil
34
37
  end
38
+
39
+ private
40
+
41
+ def aud(project, platform, backend)
42
+ platform = PLATFORMS[platform]
43
+ raise "Invalid config for project" if project.nil?
44
+ raise "Invalid config for backend" if backend.nil?
45
+ raise "Invalid config for platform" if platform.nil?
46
+ "/projects/#{project}/#{platform}/#{backend}"
47
+ end
35
48
  end
36
49
 
37
50
  private
data/lib/gcp_iap_warden/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module GcpIapWarden
4
- VERSION = "0.1.1"
4
+ VERSION = "0.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gcp_iap_warden
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Max Shytikov
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-03 00:00:00.000000000 Z
11
+ date: 2019-03-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -238,8 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
238
238
  - !ruby/object:Gem::Version
239
239
  version: '0'
240
240
  requirements: []
241
- rubyforge_project:
242
- rubygems_version: 2.7.6
241
+ rubygems_version: 3.0.1
243
242
  signing_key:
244
243
  specification_version: 4
245
244
  summary: GCP Cloud IAP strategy for Warden