Google Experts Program Google has honored me with Google Developers Experts Cloud Platform. I am the twentieth expert in North America. This is a global program to recognize individuals who are experts and thought leaders in one or more Google… Continue Reading →
Starting today, I am copying all of my source code for the articles on this website to GitHub. This will take a week to complete. Today’s article on Cloud Run now has a GitHub repository to make downloads and builds… Continue Reading →
Introduction This article discusses HTTP to HTTPS redirection in software. I will show you one method of server-side redirects in Python 3 and Flask. I will start by analyzing the HTTP headers received by a Cloud Run container application and… Continue Reading →
Introduction This article discusses HTTP to HTTPS redirection as implemented by Google Cloud Run. Today, all websites should deliver traffic over HTTPS. Google Cloud has adopted this policy providing HTTPS for Cloud Run service URLs with automatic redirects from HTTP to… Continue Reading →
Introduction My personal website which covers articles about Google Cloud has been growing both in traffic and content. After I wrote my article Google Professional Cloud Security Engineer Certification, my website lit up with traffic and has continued to grow…. Continue Reading →
Introduction This article covers how to add IPv6 to a load balancer on Google Cloud and create the correct DNS resource records. Google Compute Engine does not support IPv6, so this requires that a Google HTTP Load Balancer (and… Continue Reading →
Introduction On August 15, 2018, Google released the Alpha release of Google Cloud Run. Many of us saw the potential and went to work learning this new platform. Everything serverless gets our attention. Cloud Run is Google’s entry into serverless… Continue Reading →
Date created: May 7, 2019 Last updated: May 7, 2019 Today I received an email titled “jhanley@jhanley.com has been hacked, change your password ASAP”. The hacker claims to know my login and password, has full control over my account and… Continue Reading →
Date created: May 4, 2019 Last updated: May 5, 2019 Gmail stats graphic courtesy Google Security Blog Introduction One of the major problems with email is email spam. Spammers impersonate your identity to send emails that appear to be sent… Continue Reading →
Date created: May 2, 2019 Last updated: May 4, 2019 Introduction For the articles on this site, I often create subdomains for testing. This is neither safe nor secure and a mistake could take down my entire domain. Therefore, I… Continue Reading →
I think that Google has done a nice job creating certification badges. Certify with Google Cloud and G Suite and get your own badges. Google Cloud Certified
Date created: April 17, 2019 Last updated: April 19, 2019 Introduction Redis (REmote DIctionary Server) is one of the most popular databases in the world. Redis is a Key Value dictionary. Google Cloud Memorystore is Google’s managed service for Redis…. Continue Reading →
Date created: February 27, 2019 Last updated: March 2, 2019 Introduction This month I completed two beta Google certification exams (Security, Network) with another exam scheduled for March 11th. In preparing for these exams I realized that it is important… Continue Reading →
Date created: February 10, 2019 Last updated: March 13, 2019 Update: March 13, 2019. I passed this certification. Update: February 21, 2019. Bad news. My work schedule has been so long each day that I have not been able to… Continue Reading →
Date created: January 30, 2019 Last updated: May 5, 2019 Exam Completed: February 15, 2019 Part 1: Introduction Part 2: Post Exam Review Part 3: Daily Study Part 4: Tips and Advice Part 5: Final Exam Update March 29, 2019…. Continue Reading →
In my earlier article on how to test Google OAuth 2.0 flows from the command line I showed how to generate Google OAuth 2.0 Access Token, Refresh Token, and ID Token. In this article, I will show how to refresh… Continue Reading →
If you have ever wanted to test Google OAuth 2.0 flows from the command line you will like this short article. This article is the second version. I wrote a previous article on using curl, but that version did not… Continue Reading →
This article shows how to display a list of Google Cloud Projects that you have access to list. This article includes two examples in Python that use two different Google Cloud Python libraries. These examples produce the same output as the… Continue Reading →
Google Cloud IAM supports several member types that can be authorized to access Google Cloud resources. The following member types can be added to Google Cloud IAM to authorize access to your Google Cloud Platform services. Google IAM Member Types:… Continue Reading →
The following example shows several important steps to call Google Cloud APIs without using an SDK in Python. Similar code works in just about any language (c#, java, php, nodejs). Change the source code with the filename of your service… Continue Reading →
I have written a number of articles about Google Cloud Credentials. For Service Account credentials, there are two on-disk formats: P12 and Json. This article shows how to convert these credentials from P12 to Json.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
############################################################ # Version 1.00 # Date Created: 2018-12-22 # Last Update: 2018-12-22 # https://www.jhanley.com # Copyright (c) 2018, John J. Hanley # Author: John Hanley ############################################################ ''' This program converts Google Service Account credentials from P12 format into Json format. The critical items to know: Service Account Email address that matches the service account credentials. If this is wrong, the credentials won't work (P12 or Json). Project ID. P12 Password. ''' import json import OpenSSL.crypto # This is the output file with the generated service account credentials from P12 credentials json_filename = 'service-account.json' # Details on the Google Service Account. The email must match the Google Console. project_id = 'development-123456' sa_filename = 'compute-engine.p12' sa_password = 'notasecret' sa_email = 'development-123456@developer.gserviceaccount.com' # client_id is the 'Unique ID' in the Google Console under 'Service account details' # This value is unique per service account email # Optional client_id = '123456789064738430393' # pkey_id is the 'Key ID' in the Google Console under 'Service account details' # This value is unique per key. One serice account can have more than one key issued # Optional pkey_id = 'e13865c612a34567abcdef1a8753d1c6789abcdb' def load_private_key(p12_path, p12_password): ''' Read the private key and return as base64 encoded ''' # print('Opening:', p12_path) with open(p12_path, 'rb') as f: data = f.read() # print('Loading P12 (PFX) contents:') p12 = OpenSSL.crypto.load_pkcs12(data, p12_password) # Dump the Private Key in PKCS#1 PEM format key = OpenSSL.crypto.dump_privatekey( OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()) # return the private key return key def my_encode(s): ''' This routine encodes the Json 'client_x509_cert_url' ''' # Replace @ with %40 return s.replace('@', '%40') # Generate the cert_url cert_url = 'https://www.googleapis.com/robot/v1/metadata/x509/' + sa_email # Load the private key from P12 pkey = load_private_key(sa_filename, sa_password) # Json that will be writting to json_filename sa = { "type": "service_account", "project_id": project_id, "private_key_id": pkey_id, "private_key": pkey.decode('utf-8'), "client_email": sa_email, "client_id": client_id, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": my_encode(cert_url) } with open(json_filename, 'w') as outfile: json.dump(sa, outfile, indent=2) |
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to process a P12 file and split into Private Key and Certificate. This code also works… Continue Reading →
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to use P12 credentials to list the buckets in Google Cloud Storage without using an SDK…. Continue Reading →
I have worked with Google Cloud Stackdriver for about three months. The more I learn about Stackdriver the more I like it. Great product for logging, monitoring, error reporting, application tracing and application debugging and more. One of the items… Continue Reading →
Google Cloud Application Default Credentials (ADC) are not credentials. ADC is a strategy to locate Google Cloud Service Account credentials. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set, ADC will use the filename that the variable points to for service account credentials. This… Continue Reading →
If you have ever wanted to test Google OAuth 2.0 flows from the command line you will like this short article. [Update: I thought about the problem below with the copy and paste requirement. I created a simple python web… Continue Reading →
This article is written for Windows, but the same principles apply to Linux and Mac. A service account is a special Google account that is used with applications or services, such as, Google Compute Engine. Service account credentials are stored… Continue Reading →
Google Cloud stores your credentials in a database on your system. These credentials can then be used over and over. Google’s choice of a database means that the CLI and SDK tools can manage a huge number of credentials efficiently…. Continue Reading →
In this article we will download and install the Google gcloud CLI. Then we will setup gcloud with Google Service Account credentials. This article is for Windows based system but the same principles apply to Linux and Mac systems. Step… Continue Reading →
This article is written for Windows, but the same principles apply to Linux and Mac. I need to work with multiple Google Cloud accounts and be able to easily switch my credentials between accounts. For those of you with AWS… Continue Reading →
On October 23, 2018, Google introduced private DNS zones for Google Cloud DNS. This is an important announcement as this keeps internal DNS names private. Today’s article covers how to implement this new feature in Google Cloud Platform. Update: May… Continue Reading →
Google Cloud supports a Cloud Billing Catalog API. I have not worked with this API yet. Today, I plan to experiment. Documentation page to get started with Google Cloud Platform Pricing: Get Google Cloud Platform Pricing Information This API requires… Continue Reading →
When you configure an instance that will forward packets, you need to change an option. The option name depends on the cloud vendor. Example usage would be a VPN, or NAT instance. Normally an instance is source or destination for… Continue Reading →
Let’s Encrypt is a Certificate Authority (CA) that issues free SSL certifications. I have used these certificates on web servers, cloud functions, load balancers, and many more. In this article I will show how to obtain an SSL certificate from… Continue Reading →
Date created: October 26, 2018 Last updated: March 10, 2019 Note: I have written a newer version of the this article that goes much deeper into setting up Google Stackdriver on Compute Engine. Google Compute – Stackdriver Logging – Installation,… Continue Reading →
I have been testing Google Compute VM instances with custom startup scripts. I wanted to figure out how long my startup scripts were taking to initialize an instance. The VM instance has Debian 9 Stretch as the OS. Knowing the… Continue Reading →
Google Cloud Storage uses scopes to determine what permissions an identity has on a specified resource. Google scopes are formatted as urls. There are three basic types: read-only, read-write and full-control. read-only Only allows access to read data, including listing… Continue Reading →
October 13, 2018. Welcome to my new blogging site where I will publish my articles on software development for the cloud. I support AWS, Alibaba, Azure, Google, and IBM. Languages C/C++, Python, PHP, Java/Scala, JavaScript/Node.js and C#/.NET. I prefer to… Continue Reading →
© 2019 John Hanley — Powered by WordPress
Theme by Anders Noren — Up ↑