new gcp jit command

CHANGELOG.md

@@ -7,8 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- gcp jit command with example cli usage
+
 ## [0.2.40] - 2024-11-21
 
+### Fixed
+
   - Removed potential cyclic dependencies in `docker-compose.yaml` by explicitly defining inherited sections
 
 ## [0.2.39] - 2024-11-12

src/duplo_resource/jit.py

@@ -47,6 +47,47 @@ def token(self) -> dict:
       token: The JWT token.
     """
     return {"token": self.duplo.token}
+
+  @Command()
+  def gcp(self, nocache: bool = None) -> dict:
+    """GCP Access Token
+    
+    Get the GCP JWT token for the current user. This is the token that is used to authenticate with the GCP API. 
+
+    Example: Using for gcloud cli access
+      Here is how to set the needed enviornment variables for the gcloud cli.
+
+      ```sh
+      for i in $(duploctl jit gcp -q '{CLOUDSDK_AUTH_ACCESS_TOKEN: Token, CLOUDSDK_CORE_PROJECT: ProjectId}' -o env); do export $i; done
+      ```
+
+    Usage:  
+      ```sh
+      duploctl jit gcp
+      ```
+
+    Returns:
+      token: The GCP JWT token.
+    """
+    k = self.duplo.cache_key_for("gcp-creds")
+    nc = nocache if nocache is not None else self.duplo.nocache
+    t = self.duplo.load("tenant")
+    tenant = t.find()
+    path = f"v3/admin/google/{tenant['TenantId']}/apiToken"
+    # try and get those creds
+    try:
+      if nc:
+        sts = self.duplo.get(path).json()
+      else:
+        sts = self.duplo.get_cached_item(k)
+        if self.duplo.expired(sts.get("Expiration", None)):
+          raise DuploExpiredCache(k)
+    except DuploExpiredCache:
+      sts = self.duplo.get(path).json()
+      if "Expiration" not in sts:
+        sts["Expiration"] = self.duplo.expiration()
+      self.duplo.set_cached_item(k, sts)
+    return sts
 
   @Command()
   def aws(self, nocache: bool = None) -> dict: