This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/organization/project/commits/master?author=<username> | |
OR | |
https://github.com/organization/project/commits/master?author=<email address> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yq read ~/.kube/config.env users[0].user.client-certificate-data | base64 -D | openssl x509 -text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deny[reason] { | |
input.role != "admin" | |
reason = "User not an admin" | |
} | |
deny[reason] { | |
time.weekday(time.now_ns()) == "Sunday" | |
reason = "Access not allowed on Sundays" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: argoproj.io/v1alpha1 | |
kind: Workflow # new type of k8s spec | |
metadata: | |
generateName: hello-world- # name of the workflow spec | |
spec: | |
entrypoint: whalesay # invoke the whalesay template | |
templates: | |
- name: whalesay # name of the template | |
container: | |
image: alpine:3.7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
default allow = false | |
allow { | |
input.role == "admin" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package policy | |
allow { | |
true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package oidc | |
issuers = {"https://issuer1.example.com", "https://issuer2.example.com"} | |
metadata_discovery(issuer) = http.send({ | |
"url": concat("", [issuers[issuer], "/.well-known/openid-configuration"]), | |
"method": "GET", | |
"force_cache": true, | |
"force_cache_duration_seconds": 86400 # Cache response for 24 hours | |
}).body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package oidc | |
jwks_request(url) = http.send({ | |
"url": url, | |
"method": "GET", | |
"force_cache": true, | |
"force_cache_duration_seconds": 3600 # Cache response for an hour | |
}) | |
jwks = jwks_request("https://authorization-server.example.com/jwks").body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package oidc | |
jwks_request(url) = http.send({ | |
"url": url, | |
"method": "GET", | |
"force_cache": true, | |
"force_cache_duration_seconds": 3600 | |
}) | |
jwt_unverified := io.jwt.decode(input.token) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package oauth2 | |
token = t { | |
response := http.send({ | |
"url": "https://authorization-server.example.com/token", | |
"method": "POST", | |
"headers": { | |
"Content-Type": "application/x-www-form-urlencoded", | |
"Authorization": concat(" ", [ | |
"Basic", |