From bb853e8cd546530476aad080f8e985a3d7d41266 Mon Sep 17 00:00:00 2001
From: Github Actions <4399427+kferrone@users.noreply.github.com>
Date: Tue, 3 Dec 2024 15:21:06 -0700
Subject: [PATCH] new gcp jit command

---
 CHANGELOG.md              |  6 ++++++
 src/duplo_resource/jit.py | 41 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f610057..f0a69e7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- gcp jit command with example cli usage
+
 ## [0.2.40] - 2024-11-21
 
+### Fixed
+
   - Removed potential cyclic dependencies in `docker-compose.yaml` by explicitly defining inherited sections
   
 ## [0.2.39] - 2024-11-12
diff --git a/src/duplo_resource/jit.py b/src/duplo_resource/jit.py
index 844082b..1992dd2 100644
--- a/src/duplo_resource/jit.py
+++ b/src/duplo_resource/jit.py
@@ -47,6 +47,47 @@ def token(self) -> dict:
       token: The JWT token.
     """
     return {"token": self.duplo.token}
+  
+  @Command()
+  def gcp(self, nocache: bool = None) -> dict:
+    """GCP Access Token
+    
+    Get the GCP JWT token for the current user. This is the token that is used to authenticate with the GCP API. 
+
+    Example: Using for gcloud cli access
+      Here is how to set the needed enviornment variables for the gcloud cli.
+
+      ```sh
+      for i in $(duploctl jit gcp -q '{CLOUDSDK_AUTH_ACCESS_TOKEN: Token, CLOUDSDK_CORE_PROJECT: ProjectId}' -o env); do export $i; done
+      ```
+
+    Usage:  
+      ```sh
+      duploctl jit gcp
+      ```
+
+    Returns:
+      token: The GCP JWT token.
+    """
+    k = self.duplo.cache_key_for("gcp-creds")
+    nc = nocache if nocache is not None else self.duplo.nocache
+    t = self.duplo.load("tenant")
+    tenant = t.find()
+    path = f"v3/admin/google/{tenant['TenantId']}/apiToken"
+    # try and get those creds
+    try:
+      if nc:
+        sts = self.duplo.get(path).json()
+      else:
+        sts = self.duplo.get_cached_item(k)
+        if self.duplo.expired(sts.get("Expiration", None)):
+          raise DuploExpiredCache(k)
+    except DuploExpiredCache:
+      sts = self.duplo.get(path).json()
+      if "Expiration" not in sts:
+        sts["Expiration"] = self.duplo.expiration()
+      self.duplo.set_cached_item(k, sts)
+    return sts
 
   @Command()
   def aws(self, nocache: bool = None) -> dict: