iap_curl
is a curl wrapper for making HTTP request to IAP-protected app in CLI more easier than curl
command.
- Install Go according from the most (https://go.dev/doc/install)[up-to-date instructions] from Go.
- To install a local build:
make build
- ./airbyte-iap-curl
To test releases locally:
- Install
goreleaser
:
brew install goreleaser/tap/goreleaser
- Run
goreleaser
$ export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
$ export IAP_CLIENT_ID="342624545358-asdfd8fas9df8sd7ga0sdguadfpvqp69.apps.googleusercontent.com"
$ iap_curl http://iap-protected.webapp.com
Option2: Use Impersonate Service Account
$ export CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT="[email protected]"
$ export IAP_CLIENT_ID="342624545358-asdfd8fas9df8sd7ga0sdguadfpvqp69.apps.googleusercontent.com"
$ iap_curl http://iap-protected.webapp.com
The options of iap_curl
are fully compatible with curl
command.
If you want to use httpstat instead of curl
, please specify IAP_CURL_BIN
environment variable:
$ export IAP_CURL_BIN="httpstat.sh"
$ iap_curl https://tellme.tokyo
Connected to 104.31.70.103:443
HTTP/2.0 200 OK
Server: cloudflare-nginx
Access-Control-Allow-Origin: *
Cache-Control: max-age=600
Cf-Ray: 3af48c40aa3694cf-NRT
Content-Type: text/html; charset=utf-8
Date: Tue, 17 Oct 2017 16:13:54 GMT
Expires: Tue, 17 Oct 2017 16:23:54 GMT
Last-Modified: Mon, 16 Oct 2017 04:33:46 GMT
Set-Cookie: __cfduid=db7e1d73f138bcb26e0d6a040e9f5df491508256834; expires=Wed, 17-Oct-18 16:13:54 GMT; path=/; domain=.tellme.tokyo; HttpOnly; Secure
Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
X-Github-Request-Id: 2A8B:16E6:10351CA:186074E:59E62C3F
Body discarded
DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer
[ 2ms | 57ms | 320ms | 303ms | 0ms ]
| | | | |
namelookup:2ms | | | |
connect:60ms | | |
pretransfer:381ms | |
starttransfer:684ms |
total:684ms
You can save the URL of frequently used service together with its Env (IAP_CLIENT_ID
...) in a JSON file (see also #1). This file is located in ~/.config/iap_curl/config.json
.
If you're using another application to make requests to an IAP-protected application, you may need just an ID Token. In order to print an ID Token to use as a Bearer token:
$ iap_curl --id-token http://iap-protected.webapp.com
eyJhbGciOiJSUzI1NiIsImtp...
{
"services": [
{
"url": "https://my.service.com/health",
"env": {
"GOOGLE_APPLICATION_CREDENTIALS": "/Users/b4b4r07/Downloads/my-service-dev-b5e624fd28ee.json",
"IAP_CLIENT_ID": "839558305167-s3akt4doo38lckhaac1ucfdp0e4921tc.apps.googleusercontent.com",
"IAP_CURL_BIN": "curl"
}
}
]
}
Option2: Use Impersonate Service Account
{
"services": [
{
"url": "https://my.service.com/health",
"env": {
"CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT": "[email protected]",
"IAP_CLIENT_ID": "839558305167-s3akt4doo38lckhaac1ucfdp0e4921tc.apps.googleusercontent.com",
"IAP_CURL_BIN": "curl"
}
}
]
}
Thanks to that, you can access more easier like curl.
$ iap_curl https://my.service.com/health
Also, some original options are added. So you can use more and more easier to access the service by using peco/fzf. For more information about its options, please see iap_curl --help
.
$ iap_curl $(iap_curl --list-urls | peco) # peco is similar to fzf
Get binary from GitHub Releases and put it to your PATH or:
$ go get github.com/b4b4r07/iap_curl
MIT
b4b4r07