Skip to content

Instantly share code, notes, and snippets.

View gitrgoliveira's full-sized avatar
💭
I may be slow to respond.

Ricardo Oliveira gitrgoliveira

💭
I may be slow to respond.
27 followers · 12 following
  • Hashicorp
  • UK
  • 17:16 (UTC +01:00)
View GitHub Profile
@gitrgoliveira
gitrgoliveira / whatranwhen.py
Last active July 1, 2024 11:45
A rate limited version of https://github.com/richard-russell/tfe_scripts/blob/main/whatranwhen.py
#! /usr/bin/env python3
# Retrieve workspace resource counts and output sorted list (most resources first)
# NB: skeleton code ... only checks for basic errors in responses
# Reads inputs from env vars or interactively
import argparse
from getpass import getpass
import os
import requests
import threading
@gitrgoliveira
gitrgoliveira / tfe_counter.py
Last active March 22, 2023 13:58
import os
from terrasnek.api import TFC as TFP
# do `pip install terrasnek` before running this script
TFE_TOKEN = os.getenv("TFE_TOKEN", None)
TFE_URL = os.getenv("TFE_URL", "https://app.terraform.io") # ex: https://app.terraform.io
api = TFP(TFE_TOKEN, url=TFE_URL)
orgs = api.orgs.list()['data']
@gitrgoliveira
gitrgoliveira / nomad_sentinel_demo.sh
Last active October 2, 2023 21:19
Nomad Enterprise Sentinel Testing
nomad agent -dev -bind 0.0.0.0 -acl-enabled >nomad-server.log &
sleep 5
nomad acl bootstrap -json > bootstrap.json
export NOMAD_TOKEN=$(jq -r .SecretID bootstrap.json)
# creating a namespace and quota
nomad namespace apply -description "QA instances of webservers" web-qa
nomad quota init
nomad quota apply spec.hcl
@gitrgoliveira
gitrgoliveira / vault_setup.sh
Last active January 17, 2022 16:06
vault setup bash
vault auth enable jwt
vault write auth/jwt/config \
oidc_discovery_url="https://token.actions.githubusercontent.com" \
bound_issuer="https://token.actions.githubusercontent.com" \
default_role="demo"
# "user_claim": "workflow" defines the entity alias.
vault write auth/jwt/role/demo -<<EOF
{
@gitrgoliveira
gitrgoliveira / github_actions_snippet.yaml
Created December 16, 2021 11:49
GitHub Actions snippet
jobs:
build:
permissions:
contents: read
id-token: write
runs-on: self-hosted
steps:
- uses: actions/checkout@v2
- name: Import Secrets
uses: hashicorp/vault-action@v2.4.0
@gitrgoliveira
gitrgoliveira / vault_github_action.yml
Created December 6, 2021 14:38
a GitHub Action that read from Vault and builds a docker image.
name: ImageBuilder
# Run this workflow every time a new commit pushed to your repository
on:
push:
workflow_dispatch:
jobs:
build:
permissions:
contents: read
@gitrgoliveira
gitrgoliveira / vault_gh_setup.sh
Created December 6, 2021 14:15
setting up vault for GitHub Action OIDC auth
export VAULT_ADDR="https://xxxx:8200"
export VAULT_NAMESPACE="admin"
export VAULT_TOKEN=xxx
tee vault-action.hcl <<EOF
path "kv/data/ci" {
capabilities = ["read"]
}
@gitrgoliveira
gitrgoliveira / boundary-AzureAD.sh
Created May 26, 2021 15:09
Setting up OIDC in boundary with AzureAD
#! /bin/bash
#
# `az login` must be run first
#
BOUNDARY_ADDR=https://boundary.ric-lnd.ric.aws.hashidemos.io:9200
if [ -f "boundary_auth_created.json" ]; then
echo "removing previous OIDC"
boundary auth-methods delete -id $(jq -r .item.id boundary_auth_created.json)
@gitrgoliveira
gitrgoliveira / demo-tde.sh
Last active March 3, 2020 13:31
#! /bin/bash
# downloading MongoDB
mkdir -p mongodb
mkdir -p mongodb_data
curl -o mongodb/mongodb.tgz https://downloads.mongodb.com/osx/mongodb-macos-x86_64-enterprise-4.2.2.tgz
tar -zxvf mongodb/mongodb.tgz --strip-components=1 -C mongodb
# assuming Vault Enterprise is already installed
# setting it up
@gitrgoliveira
gitrgoliveira / gcp_demo.sh
Created November 8, 2019 12:53
setting up Vault and GCP auth and secrets backend
#! /bin/bash
#
# based on https://medium.com/google-cloud/vault-auth-and-secrets-on-gcp-51bd7bbaceb
#
################################################################
# setup GCP
################################################################
PROJECT_ID=`gcloud config get-value core/project`