Skip to content

Instantly share code, notes, and snippets.

View mumoshu's full-sized avatar
🏠
Working from home

Yusuke Kuoka mumoshu

🏠
Working from home
View GitHub Profile
@jjo
jjo / kubectl-root-in-host-nopriv.sh
Last active February 5, 2024 23:07
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
node=${1}
case "${node}" in
"")
nodeSelector=''
podName=${USER+${USER}-}docker-any
@crgimenes
crgimenes / stringToReaderCloser.go
Last active April 11, 2024 15:41
string to io.ReadCloser
package main
import (
"bytes"
"fmt"
"io"
"os"
"strings"
)
@pteich
pteich / main.go
Last active May 30, 2024 02:57
Example for using go's sync.errgroup together with signal detection signal.NotifyContext to stop all running goroutines
package main
import (
"context"
"errors"
"fmt"
"os/signal"
"syscall"
"time"
@fuzzyami
fuzzyami / gist:f3a7231037166117a6fef9607960aee7
Last active February 2, 2024 17:58
golang encyrpt, decrypt key with kms
/*
The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using
KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox).
The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey().
Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified.
The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials)
and opts for the 'default' role.
Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt),
require 'socket'
require 'logger'
STDOUT.sync = true
logger = Logger.new(STDOUT)
watchdog_timeout = (ENV['WATCHDOG_USEC'].to_i / 1_000_000)
sd_notify_socket = Socket.new(Socket::AF_UNIX, Socket::SOCK_DGRAM)
sd_notify_socket.connect(Addrinfo.unix(ENV['NOTIFY_SOCKET']))
loop do
@tnoda
tnoda / proposal.org
Last active August 29, 2015 14:10
#scala_kb proposal

12/13(土) 第1回 Scala 関西勉強会プロポーザル

プロポーザル

12/13(土) 第1回 Scala 関西勉強会.次の (1) か (2) のどちらかを予定.

(1) Competitive Scala Programming

前回の

@hayajo
hayajo / flag-slice.go
Created July 28, 2014 07:25
golangのflagで値をスライスであつかう
package main
import (
"flag"
"fmt"
"log"
)
type items []string
@gakuzzzz
gakuzzzz / 1_.md
Last active August 2, 2023 01:59
Scala の省略ルール早覚え

Scala の省略ルール早覚え

このルールさえ押さえておけば、読んでいるコードが省略記法を使っていてもほぼ読めるようになります。

メソッド定義

def concatAsString(a: Int, b: Int): String = {
  val a_ = a.toString();
  val b_ = b.toString();
@juanje
juanje / gist:9603938
Created March 17, 2014 17:20
Install gem before to require it at Test-Kitchen

Install gem before to require it at Test-Kitchen

Context

I was trying some TDD with [Tesk-Kitchen][1] and [ServerSpec][2] when I found myself in the following case scenario:

I have a integration test like this:

# cookbook_webtest/test/integration/default/serverspec/localhost/webtest_spec.rb
#!/bin/bash
usage ()
{
cat <<UsageHERE
boot2docker-fwd -- Helper function to quickly manage port forwards between the boot2docker-vm and the host
Usage: boot2docker-fwd [ -n RULE_NAME ] [ -h HOST_PORT ] [ -p {tcp|udp} ] [ -i HOST_IP ] GUEST_PORT
or boot2docker-fwd -d RULE_NAME
or boot2docker-fwd -l
or boot2docker-fwd -A