Skip to content

Instantly share code, notes, and snippets.

🏠
Working from home

KUOKA Yusuke mumoshu

🏠
Working from home
Block or report user

Report or block mumoshu

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jjo
jjo / kubectl-root-in-host-nopriv.pks.sh
Last active Nov 3, 2019
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
View kubectl-root-in-host-nopriv.pks.sh
#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
#
# Tweaked for PKS nodes, which run their docker stuff from different
# /var/vcap/... paths
node=${1}
case "${node}" in
@crgimenes
crgimenes / stringToReaderCloser.go
Last active Nov 2, 2019
string to io.ReadCloser
View stringToReaderCloser.go
package main
import (
"bytes"
"fmt"
"io/ioutil"
)
func main() {
r := ioutil.NopCloser(bytes.NewReader([]byte("hello world"))) // r type is io.ReadCloser
@fuzzyami
fuzzyami / gist:f3a7231037166117a6fef9607960aee7
Last active Aug 21, 2019
golang encyrpt, decrypt key with kms
View gist:f3a7231037166117a6fef9607960aee7
/*
The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using
KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox).
The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey().
Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified.
The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials)
and opts for the 'default' role.
Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt),
View watchdog.rb
require 'socket'
require 'logger'
STDOUT.sync = true
logger = Logger.new(STDOUT)
watchdog_timeout = (ENV['WATCHDOG_USEC'].to_i / 1_000_000)
sd_notify_socket = Socket.new(Socket::AF_UNIX, Socket::SOCK_DGRAM)
sd_notify_socket.connect(Addrinfo.unix(ENV['NOTIFY_SOCKET']))
loop do
@tnoda
tnoda / proposal.org
Last active Aug 29, 2015
#scala_kb proposal
View proposal.org

12/13(土) 第1回 Scala 関西勉強会プロポーザル

プロポーザル

12/13(土) 第1回 Scala 関西勉強会.次の (1) か (2) のどちらかを予定.

(1) Competitive Scala Programming

前回の

@hayajo
hayajo / flag-slice.go
Created Jul 28, 2014
golangのflagで値をスライスであつかう
View flag-slice.go
package main
import (
"flag"
"fmt"
"log"
)
type items []string
@gakuzzzz
gakuzzzz / 1_.md
Last active Oct 18, 2019
Scala の省略ルール早覚え
View 1_.md

Scala の省略ルール早覚え

このルールさえ押さえておけば、読んでいるコードが省略記法を使っていてもほぼ読めるようになります。

メソッド定義

def concatAsString(a: Int, b: Int): String = {
  val a_ = a.toString();
  val b_ = b.toString();
@juanje
juanje / gist:9603938
Created Mar 17, 2014
Install gem before to require it at Test-Kitchen
View gist:9603938

Install gem before to require it at Test-Kitchen

Context

I was trying some TDD with [Tesk-Kitchen][1] and [ServerSpec][2] when I found myself in the following case scenario:

I have a integration test like this:

# cookbook_webtest/test/integration/default/serverspec/localhost/webtest_spec.rb
View boot2docker-fwd
#!/bin/bash
usage ()
{
cat <<UsageHERE
boot2docker-fwd -- Helper function to quickly manage port forwards between the boot2docker-vm and the host
Usage: boot2docker-fwd [ -n RULE_NAME ] [ -h HOST_PORT ] [ -p {tcp|udp} ] [ -i HOST_IP ] GUEST_PORT
or boot2docker-fwd -d RULE_NAME
or boot2docker-fwd -l
or boot2docker-fwd -A
@rhenning
rhenning / opsworks_blue_green_deploy_test_long_version
Created Feb 13, 2014
AWS OpsWorks full-stack blue/green deploy test
View opsworks_blue_green_deploy_test_long_version
$ aws opsworks describe-stacks
{
"Stacks": [
{
"ServiceRoleArn": "arn:aws:iam::047170177871:role/aws-opsworks-service-role",
"StackId": "575e1389-1df3-427d-99d3-d60f89a41442",
"DefaultRootDeviceType": "ebs",
"Name": "rhenning_test",
"ConfigurationManager": {
"Version": "11.4",
You can’t perform that action at this time.