jeffmccune

Updated property [core/disable_usage_reporting].

Authenticated with external account credentials for: [eso-creds-refresher@holos-run.iam.gserviceaccount.com].
Your current project is [holos-run].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
Fetching cluster endpoint and auth data.
kubeconfig entry generated for provisioner.

+ provisioner -n argocd create token --duration=12h eso-reader
+ provisioner -n argocd create token --duration=12h eso-writer

jeffmccune

# kubectl apply -f- <<...
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: default-creds
  annotations:
    kubernetes.io/service-account.name: default
...

jeffmccune

--- FAIL: TestServer (0.00s)
    --- FAIL: TestServer/NewServer (0.00s)
        testutils.go:16: DBG identity.go:80: could not get oidc provider err="Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\""
        server_suite_test.go:28:
                Error Trace:    /home/jeff/workspace/holos-run/holos-server-go/internal/server/server_suite_test.go:28
                Error:          Received unexpected error:
                                Get "/.well-known/openid-configuration": unsupported protocol scheme ""
                Test:           TestServer/NewServer

jeffmccune

# F!@#!$ing Apple calling /usr/libexec/path_helper from the always executed
# /etc/zshenv which has the result of re-ordering the PATH in a way we can't
# control.
#
# See: https://github.com/sorin-ionescu/prezto/issues/381#issuecomment-12745303

# Approach:
# 1: Store our current path, which is messed up by apple.
# 2: Determine the Apple default path.
# 3: Subtract the default path from the screwed up path.

jeffmccune

blueprint:
  name: Lock Automation
  description: Create automations to react to lock actions
  domain: automation

  input:
    device:
      name: Lock Device
      description: Lock Device
      selector:

jeffmccune

#! /bin/bash
#
# Return the subnets used by Google Services
#
# There are a growing number of netblocks, 2,3,4,5,6,7, etc...
# Dig them all until an empty string is returned.
txt="$(dig TXT _netblocks.google.com +short @8.8.8.8)"
idx=2
while [[ -n "${txt}" ]]; do
  echo "$txt" | tr '[:space:]+' "\n" | grep : | cut -d: -f2-

jeffmccune

Lookup a GCP role given a permission

The GCP docs generally list necessary permissions. For example the private service access docs state the servicenetworking.services.addPeering permission is needed, but doesn't mention which role has this permission.

Use this script to find the roles which grant a specific permission.

gcloud iam roles list '--format=value(name)' > roles.lst
xargs -n1 gcloud iam roles describe --format=json < roles.lst | tee roles.all

jeffmccune

# https://cloud.google.com/filestore/docs/performance#testing_performance
# https://github.com/portworx/fio-tools
# https://gist.githubusercontent.com/wallnerryan/cb8f9946a6fb9bdc0aabd403d9550e08/raw/seqwrite.fio
[global]
ioengine=sync
direct=0
fsync_on_close=1 
randrepeat=0
nrfiles=1

jeffmccune

#! /bin/bash
#
# Execute a command with GOOGLE_APPLICATION_CREDENTIALS set to point to a
# Google Service Account key JSON file. The key data is managed by vault and
# the lease is released on exit.
#
# Requires: vault, jq, base64

: "${VAULT_ADDR:=https://vault.example}"
: "${DEPLOY_ENV:=dev}"

jeffmccune

// ==UserScript==
// @name         Console Save
// @namespace    https://gist.github.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b
// @updateUrl    https://gist.githubusercontent.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b/raw/consolesave.user.js
// @downloadUrl  https://gist.githubusercontent.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b/raw/consolesave.user.js
// @version      1.0.1
// @description  Save an object in the console
// @author       Jeff McCune
// @match        https://home.personalcapital.com/*
// @grant        none