A tool for to manage Identity-Aware Proxy policy google cloud platform
Project description
Allow connection to instances on multiple criteria via Identity-Aware Proxy
Installation :
pip install google-iap
Prerequisites:
The service account used must have at least the roles Compute Viewer and IAP Policy Admin
You must authorize the Identity-Aware Proxy network (35.235.240.0/20) on port 22 as input to the desired network at the firewall
Example of use :
google-iap iap get --credentials=service-account.json --project=<projectId>
google-iap iap get --credentials=service-account.json --project=<projectId> --zone=<zone>
google-iap iap get --credentials=service-account.json --project=<projectId> --zone=<zone> --instance=<instance>
google-iap iap get --credentials=service-account.json --project=<projectId> --zone=<zone> --instance=<instance> --format=yaml
google-iap iap get --credentials=service-account.json --project=<projectId> --zone=<zone> --instance=<instance> --format=json
google-iap iap set --credentials=service-account.json --project=<projectId> --policy=POLICY_FILE.json
google-iap iap set --credentials=service-account.json --project=<projectId> --policy=POLICY_FILE.yaml
google-iap iap set --credentials=service-account.json --project=<projectId> --zone=<zone> --policy=POLICY_FILE.yaml
google-iap iap set --credentials=service-account.json --project=<projectId> --zone=<zone> --instance=<instance> --policy=POLICY_FILE.yaml
File example POLICY_FILE.yaml :
---
policy:
bindings:
- role: roles/iap.tunnelResourceAccessor
members:
- user:account@gmail.com
condition:
title: adm-ssh
expression: "resource.name.startsWith(\"instance-name\") && resource.type == \"google.cloud.compute.Instance\" && destination.port == 22"
File example POLICY_FILE.json :
{
"policy": {
"bindings": [
{
"role": "roles/iap.tunnelResourceAccessor",
"members": ["user:account@gmail.com"],
"condition": {
"title": "adm-ssh",
"expression": "resource.name.startsWith(\"instance-name\") && resource.type == \"google.cloud.compute.Instance\" && destination.port == 22"
}
}
]
}
}
You can show CEL expression -> https://cloud.google.com/iam/docs/conditions-overview?hl=ko#example_destination_ipport_expressions_for_cloud_iap_for_tcp_tunneling
Use :
- Ssh tunneling :
gcloud beta compute start-iap-tunnel <instance> 80 --local-host-port=localhost:8888 --network-interface=nic0 --zone=<zone> - Ssh connection :
gcloud beta compute ssh <instance> --tunnel-through-iap --zone=<zone>
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file google_iap-1.0.3-py3-none-any.whl.
File metadata
- Download URL: google_iap-1.0.3-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.9.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.6.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cece398793ca250c66ac7f92b825bd3f4c135254ed837b514c04a80bedf6f826
|
|
| MD5 |
4ca6c6daf9239d7682906424eb4ff241
|
|
| BLAKE2b-256 |
82a9fe4db1663e1607b5151aec7d8433d7af2da3cab9eba043e8fb9d0a2a4576
|
File details
Details for the file google_iap-1.0.3-py2-none-any.whl.
File metadata
- Download URL: google_iap-1.0.3-py2-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.13.0 setuptools/40.6.2 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cf2716dd5da7c501b1da173f536d93390e9ff573bb6e7bf118f46ad80789b906
|
|
| MD5 |
a644b3e1a9b7dedc95686b8c771ac9cd
|
|
| BLAKE2b-256 |
5e00c430dd1c06a2c99ff2e8eb8f560c55efc751a9e32c3e6feb8e22dc5d1295
|
