ilan iloveicedgreentea

## dashboard.yml
views:
  - title: Home
    path: home
    theme: Google Dark Theme
    badges: []
    cards:
      - type: horizontal-stack
        cards:
          - type: custom:button-card
            color_type: label-card

## blog_main.yaml
rules:
- id: wrong-project
  patterns:
    - pattern-inside: resource "google_compute_firewall" "..." {...}
    - pattern-inside: project="..."
    - pattern-not: project = "myproject"
  languages:
    - generic
  paths:
    include:

## blog_main.rego
package main

import input as tfplan

# Restrict all resources to one project
required_project = "myproject"

# Ban ports
banned_ports = ["80", "22"]

## blog_terraform.tf
resource "google_compute_firewall" "ingress" {
  name    = "ingress"
  network = "default"

  project = "notmyproject"
  target_tags = [ "test" ]

  provisioner "local-exec" {
    command = "echo 'bypass'"
  }

## blog_py_read_json.rego
package main

# Deny if somevalue is false
deny[msg] {
	val := input.somelist[i]
	not val
	msg := sprintf("%d: %s", [i, val])
}

## blog_py_read_json.py
import json

# Read a file and get some value if it is false
with open("test.json", 'r') as file:
  json_input = json.loads(file.read())

for i, val in enumerate(json_input["somelist"]):
  if val is False:
    print(f"{i}: False")

## Dockerfile
FROM python:3.8-slim
# Update and install deps. Install packages the app needs and remove list cache to save space. Notice this is done in one layer
RUN apt-get update && apt-get upgrade -y && \
  apt-get install zip unzip -y && \
  rm -rf /var/lib/apt/lists/*

# Set a home directory specifically for this container
ENV WORKDIR="/app"
# Create the user, our app directory, and set the owner
RUN useradd -s /bin/bash --no-create-home app && mkdir -p ${WORKDIR} && chown -R app:app ${WORKDIR}

## Dockerfile
# Set a home directory specifically for this container
ENV WORKDIR="/app"
# Create the user, our app directory, and set the owner
RUN useradd -s /bin/bash --no-create-home app && mkdir -p ${WORKDIR} && chown -R app:app ${WORKDIR}
# run as app user
USER app
# set our relative directory to /app
WORKDIR ${WORKDIR}

## keybase.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                iloveicedgreentea
                / keybase.md
            
            
              Created
              October 4, 2019 17:20
            
          
        
      
        
  
      
    Keybase proof

I hereby claim:

I am iloveicedgreentea on github.
I am ilanpo (https://keybase.io/ilanpo) on keybase.
I have a public key whose fingerprint is 5F24 760E D425 AE00 4059  A326 1827 3F84 5303 8D71

To claim this, I am signing this object:
	views:
	- title: Home
	path: home
	theme: Google Dark Theme
	badges: []
	cards:
	- type: horizontal-stack
	cards:
	- type: custom:button-card
	color_type: label-card
	rules:
	- id: wrong-project
	patterns:
	- pattern-inside: resource "google_compute_firewall" "..." {...}
	- pattern-inside: project="..."
	- pattern-not: project = "myproject"
	languages:
	- generic
	paths:
	include:
	package main

	import input as tfplan

	# Restrict all resources to one project
	required_project = "myproject"

	# Ban ports
	banned_ports = ["80", "22"]
	resource "google_compute_firewall" "ingress" {
	name = "ingress"
	network = "default"

	project = "notmyproject"
	target_tags = [ "test" ]

	provisioner "local-exec" {
	command = "echo 'bypass'"
	}
	package main

	# Deny if somevalue is false
	deny[msg] {
	val := input.somelist[i]
	not val
	msg := sprintf("%d: %s", [i, val])
	}
	import json

	# Read a file and get some value if it is false
	with open("test.json", 'r') as file:
	json_input = json.loads(file.read())

	for i, val in enumerate(json_input["somelist"]):
	if val is False:
	print(f"{i}: False")
	FROM python:3.8-slim
	# Update and install deps. Install packages the app needs and remove list cache to save space. Notice this is done in one layer
	RUN apt-get update && apt-get upgrade -y && \
	apt-get install zip unzip -y && \
	rm -rf /var/lib/apt/lists/*

	# Set a home directory specifically for this container
	ENV WORKDIR="/app"
	# Create the user, our app directory, and set the owner
	RUN useradd -s /bin/bash --no-create-home app && mkdir -p ${WORKDIR} && chown -R app:app ${WORKDIR}