Skip to content

Instantly share code, notes, and snippets.

View javabrett's full-sized avatar

Brett Randall javabrett

55 followers · 36 following
View GitHub Profile
@javabrett
javabrett / gist:db13d6d4425c8ce5255c2fa981115ae1
Created August 13, 2023 23:16
AWS granted convert to AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN
granted credential-process --profile $AWS_PROFILE | jq -r '"export AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)\nexport AWS_SESSION_TOKEN=\(.SessionToken)"'
@javabrett
javabrett / README.md
Last active March 12, 2023 20:54
nginx proxy config to convert all POSTs to GETs, forward to 169.254.169.254:80, add header Metadata=true

This nginx.conf can be used to convert an OAuth2 / OIDC client_credentials POST request (e.g. from am application) into the form required by Azure Managed Identities tokenss issued by the Azure Instance Metadata Service (IMDS).

IMDS presents a non-standard interface for OAuth - namely:

  • It only accepts HTTP GETs, not POSTs as is required for client_credentials.
  • It doesn't require the normal HTTP BASIC credentials presented, but these are safely ignored.
  • It requires a static HTTP request header Metadata=true.

This config proxies these requests, makes the above changes and forwards to local IMDS on 169.254.169.254:80.

@javabrett
javabrett / README.md
Last active November 24, 2023 05:01
Node JS Script to decode and print all certificates in the tls.rootCertificates store

Node JS Script to decode and print all certificates in the tls.rootCertificates store

How to run against a standard Node JS Docker image:

docker run -it --rm -v "$PWD":/usr/src/app -w /usr/src/app node node-js-print-ca-certs.js

Example output:

@javabrett
javabrett / bash-strict-mode.sh
Last active November 8, 2020 21:27
Bash Strict Mode
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
@javabrett
javabrett / Dockerfile
Created October 18, 2020 11:00
Build kafkacat on Centos 8
FROM centos:centos8.2.2004
RUN yum update -y && \
yum group install -y "Development Tools" && \
yum install -y git cyrus-sasl-devel cmake libcurl-devel
RUN git clone https://github.com/edenhill/kafkacat.git && \
cd kafkacat/ && \
./bootstrap.sh && \
./kafkacat -h
@javabrett
javabrett / Dockerfile
Last active May 4, 2020 12:24
FROM ubuntu:18.04
ENV SASL_MECHANISMS="PLAIN"
ENV SECURITY_PROTOCOL="SASL_SSL"
RUN apt-get update && \
apt-get install -y python3 python3-pip curl vim
RUN pip3 install -U confluent-kafka
COPY *.py ./
@javabrett
javabrett / gtfs-realtime.pb.go
Last active November 11, 2019 09:37
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: gtfs-realtime.proto
package main
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
math "math"
)
@javabrett
javabrett / TibJmsPoke.java
Created October 21, 2019 01:04
TIBCO EMS client test
package test;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.JMSException;
import com.tibco.tibjms.TibjmsConnectionFactory;
public class TibJmsPoke {
public static void main(String[] args) throws JMSException {
@javabrett
javabrett / delete.md
Last active August 19, 2018 22:39 
I deployed to PythonAnywhere
It worked it worked I had no care
I used the lovely API
It told the truth it did not lie

But then I found I need DELETE
Then my script would be replete
Then surely I could redeploy
And my world is filled with joy
@javabrett
javabrett / username_specs.yml
Last active August 4, 2018 22:33
swagger: "2.0"
tags:
- users
parameters:
- in: path
name: username
type: string
required: true
responses:
200: