Eric Johnson ejohn20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jwt-decode() { | |
| jq -R 'split(".") | .[1] | @base64d | fromjson' <<<"$1" | |
| } | |
| jwt-header-decode() { | |
| jq -R 'split(".") | .[0] | @base64d | fromjson' <<<"$1" | |
| } |
ejohn20
/ az-aks-audit-workload-identity.sh
Created
February 13, 2024 00:26
az-aks-audit-workload-identity.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while IFS= read -r sa_metadata; do | |
| service_account=$(jq -r .name <<<"${sa_metadata}") | |
| namespace=$(jq -r .namespace <<<"${sa_metadata}") | |
| sp_client_id=$(jq -r .servicePrincipalClientId <<<"${sa_metadata}") | |
| ad_sp_data=$(az ad sp show --id "${sp_client_id}") | |
| ad_sp_id=$(jq -r '.id' <<<"${ad_sp_data}") | |
| ad_sp_display_name=$(jq -r '.displayName' <<<"${ad_sp_data}") |
ejohn20
/ aws-eks-audit-pod-identity-pods.sh
Created
February 12, 2024 21:16
aws-eks-audit-pod-identity-pods.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| CLUSTER_NAME="$1" | |
| while IFS= read -r pod_identity_assn; do | |
| association_id=$(jq -r .associationId <<<"${pod_identity_assn}") | |
| service_account=$(jq -r .serviceAccount <<<"${pod_identity_assn}") | |
| namespace=$(jq -r .namespace <<<"${pod_identity_assn}") | |
| association=$(aws eks describe-pod-identity-association --cluster "${CLUSTER_NAME}" --association-id "${association_id}") | |
| role_arn=$(jq -r '.association.roleArn' <<<"${association}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while IFS= read -r sa_metadata; do | |
| service_account=$(jq -r .name <<<"${sa_metadata}") | |
| namespace=$(jq -r .namespace <<<"${sa_metadata}") | |
| role_arn=$(jq -r .rolearn <<<"${sa_metadata}") | |
| role_name=$(jq -r '.rolearn | split("/") | .[1]' <<<"${sa_metadata}") | |
| echo "Service Account: system:serviceaccount:${namespace}:${service_account}" | |
| echo "Role ARN: ${role_arn}" |
ejohn20
/ cfn_nag_junit.sh
Last active
March 1, 2019 21:18
Exports cfn_nag results to xUnit / jUnit formatted results for CI processing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function escapeXml() { | |
| export xmlEncoded=$(echo "$1" | sed 's/&/\&/g; s/</\</g; s/>/\>/g; s/"/\"/g; s/'"'"'/\'/g') | |
| } | |
| function createJUnitTestSuites() { | |
| if [[ -f cfn_nag_junit.xml ]]; then | |
| rm cfn_nag_junit.xml | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd usr/bin/ | |
| wget https://github.com/dmayer/idb/raw/master/lib/utils/keychain_editor/keychaineditor | |
| chmod keychaineditor 0744 | |
| keychaineditor --action dump --find "<appname>" |