Skip to content

Instantly share code, notes, and snippets.

Avatar

Richard Cheney richeney

View GitHub Profile
@richeney
richeney / import_keyvault_certificates.sh
Created Jan 19, 2022
Bash crontab script to import PEM certs downloaded by the Azure Keyvault extension
View import_keyvault_certificates.sh
#!/usr/bin/env bash
################################################################
# Search for certs downloaded by the Azure Key Vault Extension,
# convert from PEM to DER format and update the CA certificates.
#
# Designed to be run as root from crontab.
# Will be silent if no files are converted.
################################################################
error()
@richeney
richeney / azcmagent_token
Last active Mar 22, 2021
Creates and displays a token if a resource is specified. Defaults to https://management.azure.com. Designed for Azure Arc VMs.
View azcmagent_token
#/bin/bash
error()
{
[[ -n "$@" ]] && echo "ERROR: $@" >&2
exit 1
}
urlencode() {
# urlencode <string>
@richeney
richeney / addpolicy.sh
Created Jan 25, 2021
Takes a full Azure Policy JSON file and creates a policy definition. Requires jq and zip.
View addpolicy.sh
#!/bin/bash
###################################################################################################
## Loop through stdin of ARM resource compliant policy files
## Example format is
## https://github.com/richeney/azure-blueprints/blob/master/policies/auditemptytag.json
## Requires az and jq
## Can use unpathed URIs if you have exported URIBASE
###################################################################################################
error()
@richeney
richeney / cloudshell.vim
Created Dec 3, 2020
Custom VIM colours
View cloudshell.vim
" Vim color file
" Maintainer: Richard Cheney (from delek.vim)
" Last Change: 2018 Apr 09
hi clear
let g:colors_name = "cloudshell"
" Normal should come first
hi Normal guifg=Black guibg=White
@richeney
richeney / installLatestHashicorpBinary.sh
Last active Jan 18, 2023
Installs either terraform or packer
View installLatestHashicorpBinary.sh
#!/bin/bash
######################################################
# Utility script to download latest Hashicorp
# binaries and move into /usr/local/bin. Uses their
# releases APIs.
#
# Requires sudo password unless sudoers is configured.
#
# Can be renamed to installLatestTerraform.sh or
# installLatestPacker.sh. If not then specify
@richeney
richeney / denyWildcardJITSecurityRules.sh
Created Jul 28, 2020
custom policy to prevent JIT wildcard entries - not working?!
View denyWildcardJITSecurityRules.sh
#!/bin/bash
subscriptionId=$(az account show --query id --output tsv)
read -r -d '' policyRule <<'EOF'
{
"if": {
"allOf": [
{
"field": "type",