googlecodelabs/tools 2129
Codelabs management & hosting tools
GoogleCloudPlatform/berglas 925
A tool for managing secrets on Google Cloud
google-github-actions/setup-gcloud 863
A collection of GitHub Actions for interfacing with Google Cloud Platform.
dgageot/demoit 706
Live coding demos without Context Switching
google/oauth2l 377
oauth2l ("oauth tool") is a simple CLI for interacting with Google API authentication.
kelseyhightower/vault-on-google-kubernetes-engine 369
How to guide on running HashiCorp's Vault on Google Kubernetes Engine
Bootstrap Forms makes Twitter's Bootstrap on Rails easy!
hashicorp/waypoint-examples 239
Example Apps that can be deployed with Waypoint
Pull request review commentgoogle/exposure-notifications-verification-server
add SMS signing keys at the DB layer
+// Copyright 2021 Google LLC+//+// Licensed under the Apache License, Version 2.0 (the "License");+// you may not use this file except in compliance with the License.+// You may obtain a copy of the License at+//+// http://www.apache.org/licenses/LICENSE-2.0+//+// Unless required by applicable law or agreed to in writing, software+// distributed under the License is distributed on an "AS IS" BASIS,+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+// See the License for the specific language governing permissions and+// limitations under the License.++package database++import (+ "fmt"+ "time"++ "github.com/jinzhu/gorm"+)++var _ ManagedKey = (*SMSSigningKey)(nil)++// SMSSigningKey represents a reference to a KMS backed signing key+// version for SMS payload signing.+type SMSSigningKey struct {+ gorm.Model+ Errorable++ // A signing key belongs to exactly one realm.+ RealmID uint `gorm:"index:realm"`++ // Reference to an exact version of a key in the KMS+ KeyID string+ Active bool+}++// GetKID returns the 'kid' field value to use in signing JWTs.+func (s *SMSSigningKey) GetKID() string {+ return fmt.Sprintf("r%dv%d", s.RealmID, s.ID)
SMSSigningKeyID is the KMS key - this is the KID for public consumption
comment created time in 4 minutes
Pull request review commentgoogle/exposure-notifications-verification-server
add SMS signing keys at the DB layer
func (r *Realm) SigningKeyID() string { return fmt.Sprintf("realm-%d", r.ID) } +func (r *Realm) SMSSigningKeyID() string {+ return fmt.Sprintf("realm-sms-%d", r.ID)+}+ // CreateSigningKeyVersion creates a new signing key version on the key manager // and saves a reference to the new key version in the database. If creating the // key in the key manager fails, the database is not updated. However, if // updating the signing key in the database fails, the key is NOT deleted from // the key manager. func (r *Realm) CreateSigningKeyVersion(ctx context.Context, db *Database) (string, error) {+ newKey := &SigningKey{}+ return r.createdManagedSigningKey(ctx, db, r.SigningKeyID(), "signing_keys", "certificate", newKey)+}++// CreateSMSSigningKeyVersion creates a new SMS signing key versino on the key manager+// and saves a reference to the new key version in the database.+func (r *Realm) CreateSMSSigningKeyVersion(ctx context.Context, db *Database) (string, error) {+ newKey := &SMSSigningKey{}+ return r.createdManagedSigningKey(ctx, db, r.SMSSigningKeyID(), "sms_signing_keys", "SMS", newKey)+}++func (r *Realm) createdManagedSigningKey(ctx context.Context, db *Database, keyID, table, purpose string, signingKey ManagedKey) (string, error) {
I moved Table() and Purpose() to methods on the ManagedKey interface.
comment created time in 10 minutes
Pull request review commentgoogle/exposure-notifications-verification-server
add SMS signing keys at the DB layer
func (db *Database) Migrations(ctx context.Context) []*gormigrate.Migration { return nil }, },+ {+ ID: "00090-AddSMSSigningKeys",+ Migrate: func(tx *gorm.DB) error {+ return multiExec(tx,+ `CREATE TABLE sms_signing_keys (+ id BIGSERIAL,+ created_at TIMESTAMP WITH TIME ZONE,+ updated_at TIMESTAMP WITH TIME ZONE,+ deleted_at TIMESTAMP WITH TIME ZONE,+ realm_id INTEGER,+ key_id TEXT,+ active BOOLEAN,
please double check my index statement
comment created time in 25 minutes
Pull request review commentgoogle/exposure-notifications-verification-server
add SMS signing keys at the DB layer
+// Copyright 2021 Google LLC+//+// Licensed under the Apache License, Version 2.0 (the "License");+// you may not use this file except in compliance with the License.+// You may obtain a copy of the License at+//+// http://www.apache.org/licenses/LICENSE-2.0+//+// Unless required by applicable law or agreed to in writing, software+// distributed under the License is distributed on an "AS IS" BASIS,+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+// See the License for the specific language governing permissions and+// limitations under the License.++package database++// ManagedKey is an interface that allows for a realm to manage signing keys+// for different purposes.+type ManagedKey interface {+ // GetKID returns the public key version string+ GetKID() string+ // ManagedKeyID returns the reference to the key ID in the KMS.+ ManagedKeyID() string+ // IsActive() returns true if this key is active+ IsActive() bool++ SetRealmID(id uint)
Introduced RealmManagedKey - moved SetRealmID there.
this opens up extending ManagedKey to token signing keys in a follow up.
comment created time in 30 minutes
pull request commentgoogle/exposure-notifications-verification-server
Implement first pass at SMS signature algorithm
@sethvargo: The following test failed, say /retest to rerun all failed tests:
| Test name | Commit | Details | Rerun command |
|---|---|---|---|
| pull-en-server-release-unit | a4ca05acbd39bcf1a25e91928f3a12d568e701d0 | link | /test pull-en-server-release-unit |
<details>
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->
comment created time in 12 minutes
pull request commentgoogle/exposure-notifications-verification-server
Implement first pass at SMS signature algorithm
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-verification-server/pull/1650#" title="Author self-approved">sethvargo</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[sethvargo]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 15 minutes
PR closed sethvargo/vault-init
When using auto-unseal it could be useful to encrypt the Recovery Keys and the Root Token with GPG to make it easier to then distribute the encrypted shares to the key holders.
Encrypting the Root Token and the Standard shares , while less useful, can still be enabled based on the specific needs.
pr closed time in 2 hours
push eventgoogle/exposure-notifications-verification-server
commit sha d35953fcccf6e026bf2742099dce08e9c0208f04
Condition should contain a unit. (#1647) * Condition should contain a unit. * Use 1/s instead of Hz to avoid confusion.
push time in 2 hours
PR merged google/exposure-notifications-verification-server
Fixes #1644
pr closed time in 2 hours
issue closedgoogle/exposure-notifications-verification-server
Error creating AlertPolicy: googleapi: Error 400
Error creating AlertPolicy: googleapi: Error 400
Ignoring units for operation '>', which is combining two values, the first with
unit '1/s' and the second with no units. Units need to be given for neither or
both of the inputs to '>'. Units can be added to the second argument by the
`cast_units` function (example `cast_units(<expression>, "By/s")`) or, for
literals, by annotation (example `3.3 "GiBy"`). Units can be removed by
`cast_units(<expression>, "")`.
/assign @yegle
closed time in 2 hours
sethvargo
pull request commentgoogle/exposure-notifications-verification-server
Condition should contain a unit.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-verification-server/pull/1647#pullrequestreview-573419865" title="LGTM">sethvargo</a>, <a href="https://github.com/google/exposure-notifications-verification-server/pull/1647#" title="Author self-approved">yegle</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[sethvargo,yegle]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 2 hours
startedsethvargo/vault-on-gke
started time in 3 hours
startedsethvargo/vault-kubernetes-workshop
started time in 3 hours
pull request commenthashicorp/vault-plugin-secrets-gcp
Refactor roleset into utils mk II
Hey @kalafut sorry to prod you again. Could this be looked at please?
comment created time in 15 hours
Pull request review commentgoogle/exposure-notifications-verification-server
Condition should contain a unit.
resource "google_monitoring_alert_policy" "UpstreamUserRecreates" { generic_task :: custom.googleapis.com/opencensus/en-verification-server/user/upstream_user_recreate_count | align rate(5m) | every 1m- | group_by [], [val: aggregate(value.upstream_user_recreate_count)]- | condition val > 5+ | group_by [], [val: sum(value.upstream_user_recreate_count)]+ | condition val > 5 'Hz'
Hz is an alias of 1/s. But agree this is a bit confusing.
comment created time in 16 hours
pull request commentgoogle/exposure-notifications-verification-server
add SMS signing keys at the DB layer
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-verification-server/pull/1649#" title="Author self-approved">mikehelmick</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[mikehelmick]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 16 hours
PR opened google/exposure-notifications-verification-server
towards #1640
Proposed Changes
- Add new SMSSiginingKey model
- Create ManagedKey interface
- Refactor realm key management to work on multiple type of managed keys
Release Note
Add database model for managed keys for signing SMS messages.
pr created time in 16 hours
push eventgoogle/exposure-notifications-server
commit sha b91b7ba5df9aef2ff7d6070a5e5702cdf6952307
Update docs for jwks rename (#1302)
push time in 17 hours
delete branch google/exposure-notifications-server
delete branch : sethvargo/clean
delete time in 17 hours
PR merged google/exposure-notifications-server
Release Note
<!-- Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "action required". If no release note is required, write "NONE". -->
NONE
/assign @mikehelmick
pr closed time in 17 hours
pull request commentgoogle/exposure-notifications-server
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-server/pull/1302#pullrequestreview-572796139" title="Approved">mikehelmick</a>, <a href="https://github.com/google/exposure-notifications-server/pull/1302#" title="Author self-approved">sethvargo</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[mikehelmick,sethvargo]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 17 hours
push eventgoogle/exposure-notifications-server
commit sha 4c34c2b8282055cc34123ace2590a5c4fd4bea2e
Switch 30d to hours (#1303) d is not a valid Go duration suffix
push time in 18 hours
delete branch google/exposure-notifications-server
delete branch : sethvargo/doh
delete time in 18 hours
PR merged google/exposure-notifications-server
d is not a valid Go duration suffix
Release Note
<!-- Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "action required". If no release note is required, write "NONE". -->
Switch 30d to 720h
pr closed time in 18 hours
pull request commentgoogle/exposure-notifications-server
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-server/pull/1303#pullrequestreview-572770747" title="Approved">mikehelmick</a>, <a href="https://github.com/google/exposure-notifications-server/pull/1303#" title="Author self-approved">sethvargo</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[mikehelmick,sethvargo]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 18 hours
pull request commentgoogle/exposure-notifications-server
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-server/pull/1303#" title="Author self-approved">sethvargo</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[sethvargo]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 18 hours
pull request commentgoogle/exposure-notifications-server
@sethvargo: The following test failed, say /retest to rerun all failed tests:
| Test name | Commit | Details | Rerun command |
|---|---|---|---|
| pull-en-server-release-unit | 0a75091f1ac41c6bcaac33c30bc746d8ddf38c8d | link | /test pull-en-server-release-unit |
<details>
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. </details> <!-- test report -->
comment created time in 18 hours
pull request commentgoogle/exposure-notifications-server
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: <a href="https://github.com/google/exposure-notifications-server/pull/1302#" title="Author self-approved">sethvargo</a>
The full list of commands accepted by this bot can be found here.
The pull request process is described here
<details > Needs approval from an approver in each of these files:
OWNERS[sethvargo]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
</details>
<!-- META={"approvers":[]} -->
comment created time in 18 hours
push eventgoogle/exposure-notifications-server
commit sha 9b131563bf9bbdea166246186f8e1a78ee2a7fc4
Build all binaries at once (faster build) (#1301)
push time in 18 hours
delete branch google/exposure-notifications-server
delete branch : sethvargo/faster
delete time in 18 hours