Skip to content

Instantly share code, notes, and snippets.

View InfoSec812's full-sized avatar

Deven Phillips InfoSec812

View GitHub Profile
@InfoSec812
InfoSec812 / README.md
Last active June 11, 2024 11:22
Find all keys which have a value matching a string, then output the full "path" to those keys

In Windows Powershell, you need some extra "escapes"

yq '.. | ( select (.[] == \"*<target>*\" and keys and parent)) | (path | join(\".\"))' <input file>.yaml \ | sed -E "s@\\.\([0-9]+\)\(\.|$\)@[\\1]\\2@g"

On *NIX, you can use the cleaner form:

yq '.. | ( select (.[] == "*<target>*" and keys and parent)) | (path | join("."))' <input file>.yaml | sed -E "s@\.([0-9]+)(.|$)@[\1]\2@g"

Output:

objects[0].metadata
@InfoSec812
InfoSec812 / README.md
Last active May 6, 2023 02:22
Configuring OpenShift Service Mesh 2.3 To Trust A JSON Web Key Set Certificate
  1. Retrieve the JSON Web Key Set using the JWKS URI
    • For example, for Keycloak it would be https://<keycloak server>/auth/realms/<realm>/protocol/openid-connect/certs
  2. From the JSON body you can extract the CA Certificate
    • If you are using jq you can extract the CA certificate using the JSONPath expression .keys[0].x5c[0]
    • curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs| jq -r ".keys[0].x5c[0]"
  3. In the ServiceMeshControlPlane custom resource, add the CA Certificate as shown below:
    apiVersion: maistra.io/v2
    kind: ServiceMeshControlPlane
    

metadata:

---
openapi: 3.0.2
info:
title: Todo
version: 1.0.0
description: My Todo list API
contact:
url: "http://localhost:8080/api/v1"
email: deven.phillips@redhat.com
license:
@InfoSec812
InfoSec812 / KeycloakOperatorSpec.yaml
Created August 18, 2021 18:30
OpenAPI Schema Definition for KeyCloak Operator CRD
---
openapi: '3.0.3'
info:
description: Keycloak CRD
title: Keycloak CRD
version: 15.0.1
paths:
/:
description: test
components:
@InfoSec812
InfoSec812 / README.md
Last active March 17, 2021 01:48
Bootstrapping A New Apache Camel Project Using Maven Archetypes

Overview

Apache Camel is a tool designed to solve implementation of Enterprise Integration Patterns in a simple, consistent, and repeatable manner.

Getting Started

Camel is a framework written for the Java Virtual Machine and it provide many components which can be used to implement your business process. For example, you could translate messages encoded with XML into messages encoded with JSON.

@InfoSec812
InfoSec812 / pipeline-libraries.groovy
Last active July 25, 2023 21:20
A script which can configure global pipeline libraries in Jenkins using configmaps from Kubernetes/OpenShift
import groovy.json.JsonSlurper
import groovy.json.JsonOutput
import jenkins.plugins.git.GitSCMSource
import jenkins.plugins.git.traits.BranchDiscoveryTrait
import org.jenkinsci.plugins.workflow.libs.GlobalLibraries
import org.jenkinsci.plugins.workflow.libs.LibraryConfiguration
import org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever
import net.sf.json.JSONObject
/*
@InfoSec812
InfoSec812 / build.gradle
Created January 7, 2020 20:56
Showing how to pass Vert.x Clustering parameters using the JavaExec gradle task type
task runExecutableJar(type: JavaExec) {
// Executable jars can have only _one_ jar on the classpath.
classpath = files(target/cluster-1.0-SNAPSHOT.jar)
// 'main' does not need to be specified
// arguments to pass to the application
args [
'-cluster',
'-cluster-host',
@InfoSec812
InfoSec812 / document.md
Last active June 12, 2019 18:11
Using A Multi Container Pipeline For Running Zed Attack Proxy

Overview

Leveraging a multi-container Pod in Jenkins means that we can use external tools like OWASP Zed Attack Proxy. Instead of installing ZAP into each and every potential Jenkins agent container (Maven, Gradle, NPM, etc...), we can use the sidecar pattern to run ZAP alongside whatever build container we would normally used without any changes.

Background

The goal of achieving continuous deployment/delivery is one which many feel uncomfortable with. How can we be assured that the product which is being deployed meets our standards for quality, reliability, and (sometimes most importantly) security? Each stage we add to a CI/CD pipeline is intended to give use further comfort and assurance that our deployed release is up to those standards; but how can we ensure that we are doing all that is needed to analyze for security vulnerabilities? Enter OWASP Zed Attack Proxy, wh

@InfoSec812
InfoSec812 / document.md
Created June 12, 2019 18:07
Configuring Multi-Container Pipelines For Jenkins on OpenShift

Overview

Sometimes it is useful to be able to leverage multiple containers in a Jenkins pipeline instead of modifying a specific container to include additional tools. One example would be using OWASP ZAP to perform penetration testing against web applications and services. Instead of trying to add ZAP into Maven agents and NodeJS agents and whatever other Jenkins agents you might you, you can load a ZAP container as a sidecar.

Background

In OpenShift, Jenkins will automatically detect container images which can be used as agents when it sees ImageStreams which are labeled as shown:

  labels:
 role: jenkins-slave
@InfoSec812
InfoSec812 / authenticate.js
Created April 17, 2019 16:28
How to add `vue-authenticate` to a Quasar v1 application
import VueAuthenticate from 'vue-authenticate'
import VueCookies from 'vue-cookies'
export default async ({ Vue }) => {
const authPromise = new Promise(function(resolve, reject) {
Vue.use(VueCookies)
Vue.use(VueAuthenticate, {
baseUrl: 'http://localhost:3000', // Your API domain