Skip to content

Instantly share code, notes, and snippets.

View WhatsARanjit's full-sized avatar

Ranjit Viswakumar WhatsARanjit

38 followers · 1 following
View GitHub Profile
@WhatsARanjit
WhatsARanjit / main.tf
Last active October 25, 2020 12:30
consul-terraform-sync
variable "services" {
description = "Consul Terraform Sync creates this variable"
}
resource "local_file" "tags" {
content = <<EOT
%{ for node in var.services ~}
${node.address}:
%{ for tag in node.tags ~}
- ${tag}
@WhatsARanjit
WhatsARanjit / web.config
Created October 5, 2020 20:34
web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=301879
-->
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
@WhatsARanjit
WhatsARanjit / vault_insights.sh
Last active December 13, 2019 03:14
Vault metrics pull
#!/bin/bash
echo "Vault address: ${VAULT_ADDR}"
function vault_curl() {
curl -sk \
${CURL_VERBOSE:+"-v"} \
--header "X-Vault-Token: $VAULT_TOKEN" \
--cert <(echo $VAULT_CLIENT_CERT) \
--key <(echo $VAULT_CLIENT_KEY) \
@WhatsARanjit
WhatsARanjit / aws-restrict-s3-buckets.sentinel
Created October 7, 2019 11:13
Prohibit defining any s3 buckets
import "tfplan"
# Get all S3 buckets from all modules
get_s3_buckets = func() {
buckets = []
for tfplan.module_paths as path {
buckets += values(tfplan.module(path).resources.aws_s3_bucket) else []
}
return buckets
}
@WhatsARanjit
WhatsARanjit / aws-restrict-s3-buckets.sentinel
Created October 7, 2019 11:13
Prohibit defining any s3 buckets
import "tfplan"
# Get all S3 buckets from all modules
get_s3_buckets = func() {
buckets = []
for tfplan.module_paths as path {
buckets += values(tfplan.module(path).resources.aws_s3_bucket) else []
}
return buckets
}
@WhatsARanjit
WhatsARanjit / examples-test.pp
Last active July 24, 2019 20:31
Puppet data to XML
$data = {
'?xml version="1.0" encoding="UTF-8"?' => false,
'xml' => {
'fruit' => 'apple',
'vegetables' => {
'green' => 'cucumber',
'brown' => 'potato'
},
'nested' => {
'one' => {
@WhatsARanjit
WhatsARanjit / recursive-get.sh
Created April 26, 2019 13:02
Recurse through all available secret paths
#!/bin/bash
vault_call() {
curl -sk \
--header "X-Vault-Token: $VAULT_TOKEN" \
--request $1 \
http://127.0.0.1:8200/v1/secret/$2
}
list=$(vault_call LIST metadata/$1 | jq -r '.data.keys[]')
SECRETS='[]'
for k in $list; do
@WhatsARanjit
WhatsARanjit / transit_and_kv.md
Last active April 4, 2019 20:08
Use transit to encrypt values before storing in K/V

Overview

  • Admins can check that a secret exists with READ permissions
  • Admins cannot actually see the value

Encrypt string before putting in K/V

➜  ~ VALUE=$(vault write transit/encrypt/ranjit -format=json plaintext=$(base64 <<< "supersecret") | jq -r '.data.ciphertext')
➜  ~ vault kv put kv/my-secret value=$VALUE
@WhatsARanjit
WhatsARanjit / main.tf
Created December 18, 2018 01:29
TFE remote enhanced backend
# Random number generator
resource "random_id" "random" {
keepers {
uuid = "${uuid()}"
}
byte_length = 8
}
# Dummy resource with attributes
@WhatsARanjit
WhatsARanjit / shell.sh
Created October 24, 2018 21:39
Run terraform docker image
➜ tf-external git:(master) ✗ docker run --name tf --rm -it -v `pwd`:/root -w /root hashicorp/terraform:light plan
➜ tf-external git:(master) ✗ docker run --name tf --rm -it -v `pwd`:/root -w /root hashicorp/terraform:0.11.8 -v
Terraform v0.11.8
+ provider.external v1.0.0
+ provider.null v1.0.0
+ provider.random v2.0.0
Your version of Terraform is out of date! The latest version
is 0.11.10. You can update by downloading from www.terraform.io/downloads.html