0.0
No commit activity in last 3 years
No release in over 3 years
GCP Cloud IAP strategy for Warden
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.16
~> 0.11.3
~> 0.8.0
~> 13.0
~> 3.0
~> 1.2.0
~> 0.52.0
~> 0.9.0
~> 4.0.0
~> 3.3.0

Runtime

~> 2.1.0
~> 1.2.0
 Project Readme

GCP IAP Warden

Google Cloud Cloud Identity-Aware Proxy strategies for Warden

Usage

Below is just an example for ussage with rails. But you can easily reuse the code for you rack based app.

Read more about Warden here

You may have use different strategies: gcp_iap_google_jwt_header or gcp_iap_google_header

Recommended is gcp_iap_google_jwt_header read more here

Initialize the warden with something like

# ./config/initializers/warden.rb

require "gcp_iap_warden"

GcpIapWarden::Strategy::GoogleJWTHeader.config(
  project: ENV.fetch("GCP_PROJECT_ID"),
  backend: ENV.fetch("GCP_BACKEND_ID")
)

Rails.application.config.middleware.insert_after(
  ActionDispatch::Session::CookieStore, Warden::Manager
) do |manager|
  manager.default_strategies :gcp_iap_google_jwt_header
  manager.failure_app = UnauthorizedController
end

Or for AppEngine like

# ./config/initializers/warden.rb

require "gcp_iap_warden"

GcpIapWarden::Strategy::GoogleJWTHeader.config(
  project: ENV.fetch("GCP_PROJECT_ID"),
  backend: ENV.fetch("APP_ENGINE_PROJECT_ID")
  platform: :app_engine
)

Rails.application.config.middleware.insert_after(
  ActionDispatch::Session::CookieStore, Warden::Manager
) do |manager|
  manager.default_strategies :gcp_iap_google_jwt_header
  manager.failure_app = UnauthorizedController
end

Your UnauthorizedController may look like

# app/controllers/unauthorized_controller.rb

class UnauthorizedController < ActionController::Metal
  def self.call(env)
    env["warden"].errors.each do |message|
      Rails.logger.warn("[unauthorized] reason: #{message}")
    end
    @respond ||= action(:respond)
    @respond.call(env)
  end

  def respond
    self.response_body = "Unauthorized Action"
    self.status = :unauthorized
  end
end

Development

Setup and run tests

docker-compose run --rm app ./bin/setup