Jenna Massardo jmassardo
- GitHub Staff
jmassardo
/ create_github_org.sh
Created
January 12, 2023 21:27
Auto create GitHub (GHEC) organizations via the GraphQL API endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -H "Authorization: token ${GH_PAT}" -X POST \ | |
| -d '{"query": "mutation {create_org: createEnterpriseOrganization(input: {adminLogins: [\"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\"] billingEmail: \"<ADMIN_EMAIL>\" enterpriseId: \"<ENTPRISE_ID>\" login: \"<ORG_SLUG>\" profileName: \"<ORG_FULL_NAME>\" }){organization {id}}}"}' https://api.github.com/graphql |
jmassardo
/ fetch_user_count_by_org.rb
Created
November 16, 2021 15:00
A simple ruby script to get a list of orgs and the user count for each.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'octokit' | |
| require 'json' | |
| client = Octokit::Client.new(access_token: ENV['GITHUB_TOKEN']) | |
| query = <<-GRAPHQL | |
| query { | |
| enterprise(slug: "<MY-ENT-NAME>"){ |
jmassardo
/ rego_testing6.rego
Created
March 19, 2021 18:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package policy["com.styra.kubernetes.validating"].test.test | |
| import data.policy["com.styra.kubernetes.validating"].rules.rules | |
| test_block_priv_mode { | |
| in := { | |
| "kind": "AdmissionReview", | |
| "request": { | |
| "kind": { | |
| "kind": "Pod", |
jmassardo
/ rego_testing5.rego
Created
March 19, 2021 18:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| block_priv_mode[decision] { | |
| not excludedNamespaces[input.request.namespace] | |
| data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message] | |
| decision := { | |
| "allowed": false, | |
| "message": message | |
| } | |
| } |
jmassardo
/ rego_testing4.rego
Created
March 19, 2021 18:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enforce[decision] { | |
| not excludedNamespaces[input.request.namespace] | |
| data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message] | |
| decision := { | |
| "allowed": false, | |
| "message": message | |
| } | |
| } |
jmassardo
/ rego_testing3.rego
Created
March 19, 2021 18:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| test_post_allowed { | |
| in := {"path": ["users"], "method": "POST"} | |
| allow with input as in | |
| } |
jmassardo
/ rego_testing2.rego
Created
March 19, 2021 18:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #example_test.rego | |
| test_post_allowed { | |
| allow with input as {"path": ["users"], "method": "POST"} | |
| } |
jmassardo
/ rego_testing1.rego
Created
March 19, 2021 18:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #example.rego | |
| package authz | |
| allow { | |
| input.path == ["users"] | |
| input.method == "POST" | |
| } |
jmassardo
/ TerraformAzureInsecureNSGPorts.rego
Created
February 19, 2021 20:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # List of insecure ports | |
| disallowedPorts = {"22", "80", "3389"} | |
| deny[msg] { | |
| # loop through the resources and find all the network security groups. | |
| # Get all their security rules and destination ports | |
| resourcePorts := {p | c = input.resource_changes[_]; | |
| p = c.change.after.security_rule[_].destination_port_range} | |
| # Find any resource ports that match a port on the disallowed list |
jmassardo
/ ArmTemplateImageSafety.rego
Created
February 19, 2021 17:11
Resources in ARM Templates should not use the `latest` image version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deny[msg] { | |
| input.resources[_].properties.storageProfile.imageReference.version == "latest" | |
| msg := "Resources should not use the `latest` image version" | |
| } |
NewerOlder