security/tools/jwt/sa-jwt.py - dubbo-go-pixiu - Git at Google

 #!/usr/bin/python

 # Copyright 2018 Istio Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 """Python script generates a JWT signed by a Google service account

 Example:
 ./sa-jwt.py  --iss example-issuer --aud foo,bar --claims=email:foo@google.com,dead:beef key.json
 """
 from __future__ import print_function
 import argparse
 import time

 import google.auth.crypt
 import google.auth.jwt


 def main(args):
     """Generates a signed JSON Web Token using a Google API Service Account."""
     signer = google.auth.crypt.RSASigner.from_service_account_file(
         args.service_account_file)
     now = int(time.time())
     payload = {
         # expire in one hour.
         "exp": now + 3600,
         "iat": now,
     }
     if args.iss:
         payload["iss"] = args.iss

     if args.sub:
         payload["sub"] = args.sub
     else:
         payload["sub"] = args.iss

     if args.aud:
         if "," in args.aud:
             payload["aud"] = args.aud.split(",")
         else:
             payload["aud"] = args.aud

     if args.claims:
         for item in args.claims.split(","):
             k, v = item.split(':')
             payload[k] = v

     signed_jwt = google.auth.jwt.encode(signer, payload)
     return signed_jwt


 if __name__ == '__main__':
     parser = argparse.ArgumentParser(
         description=__doc__,
         formatter_class=argparse.RawDescriptionHelpFormatter)
     # positional arguments
     parser.add_argument(
         'service_account_file',
         help='The path to your service account key file (in JSON format).')
     # optional arguments
     parser.add_argument("-iss", "--iss",
                         help="iss claim. This should be your service account email.")
     parser.add_argument("-aud", "--aud",
                         help="aud claim. This is comma-separated-list of audiences")
     parser.add_argument("-sub", "--sub",
                         help="sub claim. If not provided, it is set to the same as iss claim.")
     parser.add_argument("-claims", "--claims",
                         help="Other claims in format name1:value1,name2:value2 etc. Only string values are supported.")
     print(main(parser.parse_args()))
	#!/usr/bin/python

	# Copyright 2018 Istio Authors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	"""Python script generates a JWT signed by a Google service account

	Example:
	./sa-jwt.py --iss example-issuer --aud foo,bar --claims=email:foo@google.com,dead:beef key.json
	"""
	from __future__ import print_function
	import argparse
	import time

	import google.auth.crypt
	import google.auth.jwt


	def main(args):
	"""Generates a signed JSON Web Token using a Google API Service Account."""
	signer = google.auth.crypt.RSASigner.from_service_account_file(
	args.service_account_file)
	now = int(time.time())
	payload = {
	# expire in one hour.
	"exp": now + 3600,
	"iat": now,
	}
	if args.iss:
	payload["iss"] = args.iss

	if args.sub:
	payload["sub"] = args.sub
	else:
	payload["sub"] = args.iss

	if args.aud:
	if "," in args.aud:
	payload["aud"] = args.aud.split(",")
	else:
	payload["aud"] = args.aud

	if args.claims:
	for item in args.claims.split(","):
	k, v = item.split(':')
	payload[k] = v

	signed_jwt = google.auth.jwt.encode(signer, payload)
	return signed_jwt


	if __name__ == '__main__':
	parser = argparse.ArgumentParser(
	description=__doc__,
	formatter_class=argparse.RawDescriptionHelpFormatter)
	# positional arguments
	parser.add_argument(
	'service_account_file',
	help='The path to your service account key file (in JSON format).')
	# optional arguments
	parser.add_argument("-iss", "--iss",
	help="iss claim. This should be your service account email.")
	parser.add_argument("-aud", "--aud",
	help="aud claim. This is comma-separated-list of audiences")
	parser.add_argument("-sub", "--sub",
	help="sub claim. If not provided, it is set to the same as iss claim.")
	parser.add_argument("-claims", "--claims",
	help="Other claims in format name1:value1,name2:value2 etc. Only string values are supported.")
	print(main(parser.parse_args()))