Kevin Gilpin kgilpin

## executor.rb
        exit_code = Open3.popen3(env, cmd, opts) do |stdin, stdout, stderr, thread|
          stdin.close
          # Create a thread to read from each stream
          threads = [[:stdout, stdout], [:stderr, stderr]].collect do |method, stream|
            Thread.new do
              until (line = stream.gets).nil?
                callback.send(method, line)
              end
            end
          end

## gist:3537559
cd pkg && INSCITIV_ENV=stage rvm 1.9.2@myproject do bundle exec ../bin/conjur datafile:upload "Jenkins artifacts: myproject" *.gem

## gist:3873480
  # Need to find the next available device to let AWS know where to attach
  # the volume
  drive = (Array('c'..'z').map{|c| "/dev/xvd#{c}"} - Dir.glob("/dev/xvd*"))[0]
  device_id = drive[-1..-1]

## create_bacon.sh
$ conjur resource:create food:$ns/bacon
{
  "id":    "sandbox:food:1eqwg0/bacon",
  "owner": "sandbox:user:kgilpin",
  "permissions": []
}

## basic-org.rb
test_layer = nil

group "security_admin" do
  owns do
    scope "v1" do
      ops = group "ops" do
        owns do
          test_layer = layer "test"
          layer "production"
        end

## Notes
Upgrade Conjur CLI

$ sudo /opt/conjur/embedded/bin/gem install conjur-cli --no-rdoc --no-ri


## blue-green.rb
# Simple script which creates two groups, blue and green. Each
# group contains a couple of users. The groups have different permissions
# on 'webservice' resources. In an SDF gatekeeper scenario, the 'blue'
# team will be able to 'read' service a, and the 'green' team will be
# able to 'read' service b. Neither team can perform any action besides 'read'.
# The owner of the 'webservice' resources (which is the user that runs this script)
# has all permissions on all records, via Conjur ownership.

# Create the blue team
blue = group "blue" do

## WebQuake-Nginx-Conjur.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                kgilpin
                / WebQuake-Nginx-Conjur.md
            
            
              Last active
              October 2, 2018 10:36
            
          
    Here's a blog post about how we secured a Node.js port of Quake2 using Nginx and Conjur:
http://blog.conjur.net/how-securing-webquake-is-like-securing-an-enterprise-application
There's a link to a 6-minute video walkthrough at the end which is easy to miss so I am including it here:

Hope you find this interesting!

  
## How-To-Play-Quake2-With-Conjur.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                kgilpin
                / How-To-Play-Quake2-With-Conjur.md
            
            
              Last active
              August 29, 2015 14:26
            
          
    How to play Quake2 with Conjur

Have you checked out how we secured a Node.js port of Quake2 using Nginx and Conjur
and you want to give it a try yourself?
Here's how to do it.
Install the Conjur CLI

First, install the Conjur CLI. You'll need this to login to Conjur.

  
## bastion-policy.rb
# Defines a Bastion server layer.
#
# Usage:
# conjur policy load --as-group ops bastion-policy.rb
policy "bastion" do
  # Members of this group will be able to adminsiter the bastion.
  admins = group "admins"
  # Members of this group will be able to login to the bastion
  # with a regular, non-privileged account.
  users  = group "users"
	exit_code = Open3.popen3(env, cmd, opts) do \|stdin, stdout, stderr, thread\|
	stdin.close
	# Create a thread to read from each stream
	threads = [[:stdout, stdout], [:stderr, stderr]].collect do \|method, stream\|
	Thread.new do
	until (line = stream.gets).nil?
	callback.send(method, line)
	end
	end
	end
	# Need to find the next available device to let AWS know where to attach
	# the volume
	drive = (Array('c'..'z').map{\|c\| "/dev/xvd#{c}"} - Dir.glob("/dev/xvd*"))[0]
	device_id = drive[-1..-1]
	$ conjur resource:create food:$ns/bacon
	{
	"id": "sandbox:food:1eqwg0/bacon",
	"owner": "sandbox:user:kgilpin",
	"permissions": []
	}
	test_layer = nil

	group "security_admin" do
	owns do
	scope "v1" do
	ops = group "ops" do
	owns do
	test_layer = layer "test"
	layer "production"
	end
	Upgrade Conjur CLI

	$ sudo /opt/conjur/embedded/bin/gem install conjur-cli --no-rdoc --no-ri
	# Simple script which creates two groups, blue and green. Each
	# group contains a couple of users. The groups have different permissions
	# on 'webservice' resources. In an SDF gatekeeper scenario, the 'blue'
	# team will be able to 'read' service a, and the 'green' team will be
	# able to 'read' service b. Neither team can perform any action besides 'read'.
	# The owner of the 'webservice' resources (which is the user that runs this script)
	# has all permissions on all records, via Conjur ownership.

	# Create the blue team
	blue = group "blue" do
	# Defines a Bastion server layer.
	#
	# Usage:
	# conjur policy load --as-group ops bastion-policy.rb
	policy "bastion" do
	# Members of this group will be able to adminsiter the bastion.
	admins = group "admins"
	# Members of this group will be able to login to the bastion
	# with a regular, non-privileged account.
	users = group "users"