Jenna Massardo jmassardo

## Invoke-WebRequest_Ignore_SSL.ps1
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }

## create_github_org.sh
curl -H "Authorization: token ${GH_PAT}" -X POST \
-d '{"query": "mutation {create_org: createEnterpriseOrganization(input: {adminLogins: [\"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\"] billingEmail: \"<ADMIN_EMAIL>\" enterpriseId: \"<ENTPRISE_ID>\" login: \"<ORG_SLUG>\" profileName: \"<ORG_FULL_NAME>\" }){organization {id}}}"}' https://api.github.com/graphql

## RemoveStaleChefNodes.sh
for node in $(knife search node "ohai_time:[* TO $(date +%s -d '30 days ago')]" -i); do
  knife client delete $node
  knife node delete $node
done

## fetch_user_count_by_org.rb
#!/usr/bin/env ruby

require 'octokit'
require 'json'

client = Octokit::Client.new(access_token: ENV['GITHUB_TOKEN'])

query = <<-GRAPHQL
query {
  enterprise(slug: "<MY-ENT-NAME>"){

## rego_testing6.rego
package policy["com.styra.kubernetes.validating"].test.test

import data.policy["com.styra.kubernetes.validating"].rules.rules

test_block_priv_mode {
    in := {
  "kind": "AdmissionReview",
  "request": {
    "kind": {
      "kind": "Pod",

## rego_testing5.rego
block_priv_mode[decision] {
  not excludedNamespaces[input.request.namespace]
  data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

  decision := {
    "allowed": false,
    "message": message
  }
}

## rego_testing4.rego
enforce[decision] {
  not excludedNamespaces[input.request.namespace]
  data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

  decision := {
    "allowed": false,
    "message": message
  }
}

## rego_testing3.rego
test_post_allowed {
    in := {"path": ["users"], "method": "POST"}
    allow with input as in
}

## rego_testing2.rego
#example_test.rego

test_post_allowed {
    allow with input as {"path": ["users"], "method": "POST"}
}

## rego_testing1.rego
#example.rego

package authz

allow {
    input.path == ["users"]
    input.method == "POST"
}
	add-type @"
	using System.Net;
	using System.Security.Cryptography.X509Certificates;
	public class TrustAllCertsPolicy : ICertificatePolicy {
	public bool CheckValidationResult(
	ServicePoint srvPoint, X509Certificate certificate,
	WebRequest request, int certificateProblem) {
	return true;
	}
	}
	curl -H "Authorization: token ${GH_PAT}" -X POST \
	-d '{"query": "mutation {create_org: createEnterpriseOrganization(input: {adminLogins: [\"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\", \"<ADMIN_HANDLE>\"] billingEmail: \"<ADMIN_EMAIL>\" enterpriseId: \"<ENTPRISE_ID>\" login: \"<ORG_SLUG>\" profileName: \"<ORG_FULL_NAME>\" }){organization {id}}}"}' https://api.github.com/graphql
	for node in $(knife search node "ohai_time:[* TO $(date +%s -d '30 days ago')]" -i); do
	knife client delete $node
	knife node delete $node
	done
	#!/usr/bin/env ruby

	require 'octokit'
	require 'json'

	client = Octokit::Client.new(access_token: ENV['GITHUB_TOKEN'])

	query = <<-GRAPHQL
	query {
	enterprise(slug: "<MY-ENT-NAME>"){
	package policy["com.styra.kubernetes.validating"].test.test

	import data.policy["com.styra.kubernetes.validating"].rules.rules

	test_block_priv_mode {
	in := {
	"kind": "AdmissionReview",
	"request": {
	"kind": {
	"kind": "Pod",
	block_priv_mode[decision] {
	not excludedNamespaces[input.request.namespace]
	data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

	decision := {
	"allowed": false,
	"message": message
	}
	}
	enforce[decision] {
	not excludedNamespaces[input.request.namespace]
	data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

	decision := {
	"allowed": false,
	"message": message
	}
	}
	test_post_allowed {
	in := {"path": ["users"], "method": "POST"}
	allow with input as in
	}
	#example_test.rego

	test_post_allowed {
	allow with input as {"path": ["users"], "method": "POST"}
	}
	#example.rego

	package authz

	allow {
	input.path == ["users"]
	input.method == "POST"
	}