Matt Ray mattray

## fake-creds.json
{
  "aws": {
    "athena": [
      {
        "bucket": "s3://aws-athena-query-results-eks-integration-test",
        "region": "us-west-1",
        "database": "athenacurcfn_eks_integration_test",
        "table": "eks_integration_test",
        "workgroup": "",
        "account": "123455854685",

## *shell*.txt
~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
$ knife client create upload1 -f upload1.pem --key meta-user.pem --user meta-user --server-url "https://ndnd/organizations/test1" --disable-editing -c no_ssl.rb
Created client[upload1]
~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
$ knife acl add client upload1 containers cookbooks create --key meta-user.pem --user meta-user --server-url "https://ndnd/organizations/test1" --disable-editing -c no_ssl.rb
Adding 'upload1' to 'create' ACE of 'cookbooks'
~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
$ knife cookbook upload managed_automate -o cookbooks --key upload1.pem --user upload1 --server-url "https://ndnd/organizations/test1" -c no_ssl.rb
Uploading managed_automate [0.12.0]
ERROR: You authenticated successfully to https://ndnd/organizations/test1 as upload1 but you are not authorized for this action.

## gist:43bebc08236ed3835628410cbf617fff
                          D | 2019-09-28T09:49:47+10:00 | gcc  -I/opt/omnibus-toolchain/embedded/include -O2 -Wl,--export-dynamic -Wl,-rpath,/opt/omnibus-toolchain/embedded/lib -L/opt/omnibus-toolchain/embedded/lib -o make ar.o arscan.o commands.o default.o dir.o expand.o file.o function.o getopt.o getopt1.o guile.o implicit.o job.o load.o loadapi.o main.o misc.o posixos.o output.o read.o remake.o rule.o signame.o strcache.o variable.o version.o vpath.o hash.o remote-stub.o glob/libglob.a   -ldl
                          D | 2019-09-28T09:49:47+10:00 | /usr/bin/ld: glob/libglob.a(glob.o): in function `glob_in_dir':
                          D | 2019-09-28T09:49:47+10:00 | glob.c:(.text+0x2be): undefined reference to `__alloca'
                          D | 2019-09-28T09:49:47+10:00 | /usr/bin/ld: glob.c:(.text+0x4a9): undefined reference to `__alloca'
                          D | 2019-09-28T09:49:47+10:00 | /usr/bin/ld: glob.c:(.text+0x570): undefined reference to `__alloca'
                          D | 20

## FileSize.rb
# check the contents of the directory to see if any of the file are above 1MB
rule "FileSize>1MB", "Contents of files/ is larger than 1MB" do
  tags %w{files}
  cookbook do |path|
    files = File.join(path, "files")
    values = []
    Dir.foreach(files) do |file|
      next if ['.', '..'].member?(file)
      size = File.size(File.join(path,'files',file))
      if size > 1024*1024 # 1 megabyte

## scratch.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mattray
                / scratch.md
            
            
              Created
              December 5, 2018 04:02
            
          
    [root@default-centos-7 ~]# /tmp/test/chef-automate version
CLI version: 20181122140654
Server version: 20181112131523
[root@default-centos-7 ~]# /tmp/test/chef-automate upgrade run --airgap-bundle /tmp/test/automate-20181112131523.aib
Installing airgap install bundle
Chef Automate up-to-date
[root@default-centos-7 ~]# /tmp/test/chef-automate version
CLI version: 20181122140654
Server version: 20181112131523

  
## gist:9a5d7cfd44b352e01a42082dd9da06d3
      [Builder: nokogiri] I | 2018-12-05T09:17:22+11:00 | gem `install nokogiri -- --use-system-libraries --with-xml2-lib=/opt/omnibus-toolchain/embedded/lib --with-xml2-include=/opt/omnibus-toolchain/embedded/include/libxml2 --with-xslt-lib=/opt/omnibus-toolchain/embedded/lib --with-xslt-include=/opt/omnibus-toolchain/embedded/include/libxslt --without-iconv --with-zlib-dir=/opt/omnibus-toolchain/embedded': 177.1439s
      [Builder: nokogiri] I | 2018-12-05T09:17:22+11:00 | delete `/opt/omnibus-toolchain/embedded/lib/ruby/gems/2.1.0/gems/mini_portile2-2.0.0/test': 0.0428s
      [Builder: nokogiri] I | 2018-12-05T09:17:22+11:00 | Build nokogiri: 177.2009s
      [Builder: nokogiri] I | 2018-12-05T09:17:22+11:00 | Finished build
     [GitCache: nokogiri] I | 2018-12-05T09:17:23+11:00 | Performing incremental cache
     [GitCache: nokogiri] I | 2018-12-05T09:17:23+11:00 | Removing git directories
     [GitCache: nokogiri] I | 2018-12-05T09:17:23+11:00 | $ git -c core.autocrlf=false -c core.ignorecase=false --git

## output.1
                    [CLI] I | 2018-12-01T22:44:57+11:00 | Using config from 'omnibus.rb'
 [Software: config_guess] W | 2018-12-01T22:45:03+11:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
Building omnibus-toolchain 1.1.93+20181201114457...
  [Software: preparation] I | 2018-12-01T22:45:05+11:00 | Resolving manifest entry for preparation
[NullFetcher: preparation] I | 2018-12-01T22:45:05+11:00 | Fetching `preparation' (nothing to fetch)
 [Software: config_guess] I | 2018-12-01T22:45:05+11:00 | Resolving manifest entry for config_guess
 [Software: config_guess] W | 2018-12-01T22:45:05+11:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
 [Software: config_guess] W | 2018-12-01T22:45:05+11:00 | Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this v

## controls.rb
begin
  awsclient = Aws::CloudFormation::Client.new()
  cfn = awsclient.list_stack_resources({ stack_name: "mattray-Fri-Chef-Demo-20180914T024057Z" }).to_hash
  resources = {}
  cfn[:stack_resource_summaries].each { |r| resources[r[:logical_resource_id]] = r[:physical_resource_id] }
rescue Exception => e
  raise(e) unless @conf['profile'].check_mode
end

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mattray
                / README.md
            
            
              Created
              September 14, 2018 03:02
            
          
    Description


InSpec-Iggy (InSpec Generate -> "IG" -> "Iggy") is an InSpec plugin for generating compliance controls and profiles from Terraform tfstate files and AWS CloudFormation templates. Iggy generates InSpec controls by mapping Terraform and CloudFormation resources to InSpec resources and exports a profile that may be used from the inspec CLI or uploaded to Chef Automate.
inspec terraform generate -n myprofile
inspec exec myprofile -t aws://us-west-2
inspec compliance upload myprofile


## scratch.rb
repodir = '/etc/yum.repos.d/'

# remove all undesired (unspecified) repos
Dir[repodir + '*.repo'].each do |file_name|
  repo_name = File.basename(file_name, '.repo')
  unless node['software']['repo'].values.member?(repo_name)
    yum_repository repo_name do
      action :delete
    end
  end
	{
	"aws": {
	"athena": [
	{
	"bucket": "s3://aws-athena-query-results-eks-integration-test",
	"region": "us-west-1",
	"database": "athenacurcfn_eks_integration_test",
	"table": "eks_integration_test",
	"workgroup": "",
	"account": "123455854685",
	~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
	$ knife client create upload1 -f upload1.pem --key meta-user.pem --user meta-user --server-url "https://ndnd/organizations/test1" --disable-editing -c no_ssl.rb
	Created client[upload1]
	~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
	$ knife acl add client upload1 containers cookbooks create --key meta-user.pem --user meta-user --server-url "https://ndnd/organizations/test1" --disable-editing -c no_ssl.rb
	Adding 'upload1' to 'create' ACE of 'cookbooks'
	~/ws/home-repo/meta-user on :master [Δ?] via ℜ:v2.7.1
	$ knife cookbook upload managed_automate -o cookbooks --key upload1.pem --user upload1 --server-url "https://ndnd/organizations/test1" -c no_ssl.rb
	Uploading managed_automate [0.12.0]
	ERROR: You authenticated successfully to https://ndnd/organizations/test1 as upload1 but you are not authorized for this action.
	D \| 2019-09-28T09:49:47+10:00 \| gcc -I/opt/omnibus-toolchain/embedded/include -O2 -Wl,--export-dynamic -Wl,-rpath,/opt/omnibus-toolchain/embedded/lib -L/opt/omnibus-toolchain/embedded/lib -o make ar.o arscan.o commands.o default.o dir.o expand.o file.o function.o getopt.o getopt1.o guile.o implicit.o job.o load.o loadapi.o main.o misc.o posixos.o output.o read.o remake.o rule.o signame.o strcache.o variable.o version.o vpath.o hash.o remote-stub.o glob/libglob.a -ldl
	D \| 2019-09-28T09:49:47+10:00 \| /usr/bin/ld: glob/libglob.a(glob.o): in function `glob_in_dir':
	D \| 2019-09-28T09:49:47+10:00 \| glob.c:(.text+0x2be): undefined reference to `__alloca'
	D \| 2019-09-28T09:49:47+10:00 \| /usr/bin/ld: glob.c:(.text+0x4a9): undefined reference to `__alloca'
	D \| 2019-09-28T09:49:47+10:00 \| /usr/bin/ld: glob.c:(.text+0x570): undefined reference to `__alloca'
	D \| 20
	# check the contents of the directory to see if any of the file are above 1MB
	rule "FileSize>1MB", "Contents of files/ is larger than 1MB" do
	tags %w{files}
	cookbook do \|path\|
	files = File.join(path, "files")
	values = []
	Dir.foreach(files) do \|file\|
	next if ['.', '..'].member?(file)
	size = File.size(File.join(path,'files',file))
	if size > 1024*1024 # 1 megabyte
	[Builder: nokogiri] I \| 2018-12-05T09:17:22+11:00 \| gem `install nokogiri -- --use-system-libraries --with-xml2-lib=/opt/omnibus-toolchain/embedded/lib --with-xml2-include=/opt/omnibus-toolchain/embedded/include/libxml2 --with-xslt-lib=/opt/omnibus-toolchain/embedded/lib --with-xslt-include=/opt/omnibus-toolchain/embedded/include/libxslt --without-iconv --with-zlib-dir=/opt/omnibus-toolchain/embedded': 177.1439s
	[Builder: nokogiri] I \| 2018-12-05T09:17:22+11:00 \| delete `/opt/omnibus-toolchain/embedded/lib/ruby/gems/2.1.0/gems/mini_portile2-2.0.0/test': 0.0428s
	[Builder: nokogiri] I \| 2018-12-05T09:17:22+11:00 \| Build nokogiri: 177.2009s
	[Builder: nokogiri] I \| 2018-12-05T09:17:22+11:00 \| Finished build
	[GitCache: nokogiri] I \| 2018-12-05T09:17:23+11:00 \| Performing incremental cache
	[GitCache: nokogiri] I \| 2018-12-05T09:17:23+11:00 \| Removing git directories
	[GitCache: nokogiri] I \| 2018-12-05T09:17:23+11:00 \| $ git -c core.autocrlf=false -c core.ignorecase=false --git
	[CLI] I \| 2018-12-01T22:44:57+11:00 \| Using config from 'omnibus.rb'
	[Software: config_guess] W \| 2018-12-01T22:45:03+11:00 \| Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
	Building omnibus-toolchain 1.1.93+20181201114457...
	[Software: preparation] I \| 2018-12-01T22:45:05+11:00 \| Resolving manifest entry for preparation
	[NullFetcher: preparation] I \| 2018-12-01T22:45:05+11:00 \| Fetching `preparation' (nothing to fetch)
	[Software: config_guess] I \| 2018-12-01T22:45:05+11:00 \| Resolving manifest entry for config_guess
	[Software: config_guess] W \| 2018-12-01T22:45:05+11:00 \| Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this version.
	[Software: config_guess] W \| 2018-12-01T22:45:05+11:00 \| Version master for software config_guess was not parseable. Comparison methods such as #satisfies? will not be available for this v
	begin
	awsclient = Aws::CloudFormation::Client.new()
	cfn = awsclient.list_stack_resources({ stack_name: "mattray-Fri-Chef-Demo-20180914T024057Z" }).to_hash
	resources = {}
	cfn[:stack_resource_summaries].each { \|r\| resources[r[:logical_resource_id]] = r[:physical_resource_id] }
	rescue Exception => e
	raise(e) unless @conf['profile'].check_mode
	end
	repodir = '/etc/yum.repos.d/'

	# remove all undesired (unspecified) repos
	Dir[repodir + '*.repo'].each do \|file_name\|
	repo_name = File.basename(file_name, '.repo')
	unless node['software']['repo'].values.member?(repo_name)
	yum_repository repo_name do
	action :delete
	end
	end