- deploy every infra component in a HA configuration
- store all infra-related secrets in Vault
- use short lived secrets wherever possible
- enable rotating all long-lived secrets with a high degree of automation
- as much as possible, make each infra component optional (i.e. support using RDS for PostgreSQL, managed Prometheus, etc.)
- use k8s operators where appropriate (e.g. zalando/postgres-operator, artemiscloud/activemq-artemis-operator)
- monitor all infra components with Prometheus
- keep audit trail of any secret access and other security relevant activity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Requirements | |
- deploy every infra component in a HA configuration | |
- store all infra-related secrets in Vault | |
- use short lived secrets wherever possible | |
- enable rotating all long-lived secrets with a high degree of automation | |
- as much as possible, make each infra component optional (i.e. support using RDS for PostgreSQL, managed Prometheus, etc.) | |
- use k8s operators where appropriate (e.g. zalando/postgres-operator, artemiscloud/activemq-artemis-operator) | |
- monitor all infra components with Prometheus | |
- keep audit trail of any secret access and other security relevant activity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Make a function that authenticates a Github user by checking that they are part of the | |
// given Github organisation. | |
fn make_auth_fn( | |
github_bot: &GithubBot, | |
username: &str, | |
org: &str, | |
repo_name: &str, | |
pr_number: i64, | |
) -> Box<dyn Fn() -> Result<()>> { | |
Box::new(async || { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from io import BytesIO | |
from urllib.request import urlopen | |
import yaml | |
from zipfile import ZipFile | |
RUBYSEC_DB_URL = 'https://github.com/rubysec/ruby-advisory-db/archive/master.zip' | |
def rubygem_advisories(url, prefix='ruby-advisory-db-master/gems/'): |
Open the settings dialog and navigate to "Project Interpreter". Click on the gear button in the upper left corner and select "Add Local". Find the python binary in the virtualenv
(bin/python
in the repository root) and confirm. Open a file that contains tests and set a breakpoint. Right click in the test and select "Debug <name of test>". Afterwards you can
re-run the same test in the debugger using the appropriate keyboard shortcut (e.g. Shift-F9, depending on platform and configured layout).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from collections import defaultdict | |
S = 'sports' | |
P = 'politics' | |
E = 'economics' | |
T = 'travel' | |
F = 'fashion' | |
class Article(object): | |
def __init__(self, content, category): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################### | |
# .gitignore file for Xcode4 / OS X Source projects | |
# | |
# NB: if you are storing "built" products, this WILL NOT WORK, | |
# and you should use a different .gitignore (or none at all) | |
# This file is for SOURCE projects, where there are many extra | |
# files that we want to exclude | |
# | |
# For updates, see: http://stackoverflow.com/questions/49478/git-ignore-file-for-xcode-projects | |
######################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Copyright (c) Django Software Foundation and individual contributors. | |
All rights reserved. | |
Redistribution and use in source and binary forms, with or without modification, | |
are permitted provided that the following conditions are met: | |
1. Redistributions of source code must retain the above copyright notice, | |
this list of conditions and the following disclaimer. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// NSURL+PathParameters.h | |
// | |
// Created by Johan Kool on 27/9/2011. | |
// Copyright 2011 Koolistov Pte. Ltd. All rights reserved. | |
// | |
// Redistribution and use in source and binary forms, with or without modification, are | |
// permitted provided that the following conditions are met: | |
// | |
// * Redistributions of source code must retain the above copyright notice, this list of |
Loosely ordered with the commands I use most towards the top. Sublime also offer full documentation.
Ctrl+C | copy current line (if no selection) |
Ctrl+X | cut current line (if no selection) |
Ctrl+⇧+K | delete line |
Ctrl+↩ | insert line after |