gcp_iap_warden 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/README.md +21 -0
- data/lib/gcp_iap_warden/strategy/google_jwt_header.rb +18 -5
- data/lib/gcp_iap_warden/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 416a9d503695d5167b83f34a24326af75a48b178f4af79edc7cd048df41fc809
|
4
|
+
data.tar.gz: e1204729ae7320df2a701f8b0fb53b8a8e4f1a8a7d0eb1cb5a4b4b9b1a8d402d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce1853514e70a2eb6afd00e030a3c7769852d44572bbe70d3657de8b398a2931be81c113b496a6eb1a631c6d0f38f803329c446466360f52cbf0a593bdef7dbb
|
7
|
+
data.tar.gz: 64d2ddbf8a1ce630ce22990557c6a507f662a9dffd87d8d2b61a62ff4bc9a27e2b358de2bc7beac91b3858121bc4abd14b09cdd130c48e2860c492626b4108cc
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -35,6 +35,27 @@ Rails.application.config.middleware.insert_after(
|
|
35
35
|
end
|
36
36
|
```
|
37
37
|
|
38
|
+
Or for AppEngine like
|
39
|
+
|
40
|
+
```
|
41
|
+
# ./config/initializers/warden.rb
|
42
|
+
|
43
|
+
require "gcp_iap_warden"
|
44
|
+
|
45
|
+
GcpIapWarden::Strategy::GoogleJWTHeader.config(
|
46
|
+
project: ENV.fetch("GCP_PROJECT_ID"),
|
47
|
+
backend: ENV.fetch("APP_ENGINE_PROJECT_ID")
|
48
|
+
platform: :app_engine
|
49
|
+
)
|
50
|
+
|
51
|
+
Rails.application.config.middleware.insert_after(
|
52
|
+
ActionDispatch::Session::CookieStore, Warden::Manager
|
53
|
+
) do |manager|
|
54
|
+
manager.default_strategies :gcp_iap_google_jwt_header
|
55
|
+
manager.failure_app = UnauthorizedController
|
56
|
+
end
|
57
|
+
```
|
58
|
+
|
38
59
|
Your `UnauthorizedController` may look like
|
39
60
|
|
40
61
|
```
|
@@ -10,28 +10,41 @@ module GcpIapWarden::Strategy
|
|
10
10
|
JWT_ISS = "https://cloud.google.com/iap"
|
11
11
|
JWT_HEADER = "HTTP_X_GOOG_IAP_JWT_ASSERTION"
|
12
12
|
|
13
|
+
PLATFORMS = {
|
14
|
+
app_engine: "apps",
|
15
|
+
gce: "global/backendServices",
|
16
|
+
gke: "global/backendServices",
|
17
|
+
}.freeze
|
18
|
+
|
13
19
|
@key_store = GcpIapWarden::KeyStore.new
|
14
20
|
|
15
21
|
class << self
|
16
22
|
attr_accessor :jwt_options, :key_store
|
17
23
|
|
18
|
-
def config(project:, backend:)
|
19
|
-
raise "Invalid config for project" if project.nil?
|
20
|
-
raise "Invalid config for backend" if backend.nil?
|
21
|
-
|
24
|
+
def config(project:, backend:, platform: :gce)
|
22
25
|
@jwt_options = {
|
23
26
|
algorithm: JWT_ALG,
|
24
27
|
verify_iss: true,
|
25
28
|
verify_iat: true,
|
26
29
|
verify_aud: true,
|
27
30
|
iss: JWT_ISS,
|
28
|
-
aud:
|
31
|
+
aud: aud(project, platform, backend),
|
29
32
|
}
|
30
33
|
end
|
31
34
|
|
32
35
|
def config_reset!
|
33
36
|
@jwt_options = nil
|
34
37
|
end
|
38
|
+
|
39
|
+
private
|
40
|
+
|
41
|
+
def aud(project, platform, backend)
|
42
|
+
platform = PLATFORMS[platform]
|
43
|
+
raise "Invalid config for project" if project.nil?
|
44
|
+
raise "Invalid config for backend" if backend.nil?
|
45
|
+
raise "Invalid config for platform" if platform.nil?
|
46
|
+
"/projects/#{project}/#{platform}/#{backend}"
|
47
|
+
end
|
35
48
|
end
|
36
49
|
|
37
50
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gcp_iap_warden
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Max Shytikov
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-03-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -238,8 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
238
238
|
- !ruby/object:Gem::Version
|
239
239
|
version: '0'
|
240
240
|
requirements: []
|
241
|
-
|
242
|
-
rubygems_version: 2.7.6
|
241
|
+
rubygems_version: 3.0.1
|
243
242
|
signing_key:
|
244
243
|
specification_version: 4
|
245
244
|
summary: GCP Cloud IAP strategy for Warden
|