Anders Eknert anderseknert
👨💻
anderseknert
/ find_commits.txt
Created
November 17, 2019 18:31
Find GitHub commits by commiter name or e-mail
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/organization/project/commits/master?author=<username> | |
| OR | |
| https://github.com/organization/project/commits/master?author=<email address> |
anderseknert
/ gist:2a24232fa3a6e8c8c823e103acd33731
Created
January 3, 2020 09:58
Read kubernetes certificate data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yq read ~/.kube/config.env users[0].user.client-certificate-data | base64 -D | openssl x509 -text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deny[reason] { | |
| input.role != "admin" | |
| reason = "User not an admin" | |
| } | |
| deny[reason] { | |
| time.weekday(time.now_ns()) == "Sunday" | |
| reason = "Access not allowed on Sundays" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: argoproj.io/v1alpha1 | |
| kind: Workflow # new type of k8s spec | |
| metadata: | |
| generateName: hello-world- # name of the workflow spec | |
| spec: | |
| entrypoint: whalesay # invoke the whalesay template | |
| templates: | |
| - name: whalesay # name of the template | |
| container: | |
| image: alpine:3.7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy | |
| default allow = false | |
| allow { | |
| input.role == "admin" | |
| } |
anderseknert
/ policy.rego
Created
January 26, 2021 19:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy | |
| allow { | |
| true | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package oidc | |
| issuers = {"https://issuer1.example.com", "https://issuer2.example.com"} | |
| metadata_discovery(issuer) = http.send({ | |
| "url": concat("", [issuers[issuer], "/.well-known/openid-configuration"]), | |
| "method": "GET", | |
| "force_cache": true, | |
| "force_cache_duration_seconds": 86400 # Cache response for 24 hours | |
| }).body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package oidc | |
| jwks_request(url) = http.send({ | |
| "url": url, | |
| "method": "GET", | |
| "force_cache": true, | |
| "force_cache_duration_seconds": 3600 # Cache response for an hour | |
| }) | |
| jwks = jwks_request("https://authorization-server.example.com/jwks").body |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package oidc | |
| jwks_request(url) = http.send({ | |
| "url": url, | |
| "method": "GET", | |
| "force_cache": true, | |
| "force_cache_duration_seconds": 3600 | |
| }) | |
| jwt_unverified := io.jwt.decode(input.token) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package oauth2 | |
| token = t { | |
| response := http.send({ | |
| "url": "https://authorization-server.example.com/token", | |
| "method": "POST", | |
| "headers": { | |
| "Content-Type": "application/x-www-form-urlencoded", | |
| "Authorization": concat(" ", [ | |
| "Basic", |