Skip to content

Instantly share code, notes, and snippets.

View sbueringer's full-sized avatar

Stefan Büringer sbueringer

125 followers · 11 following
View GitHub Profile
@sbueringer
sbueringer / SecurityConfig.kt
Created September 30, 2017 09:22
Kotlin magic for Spring Security Config
// With a little bit of Kotlin magic
class WebSecurityConfig(val jwtValidator: JWTValidator) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) = http {
matchRequests { !EndpointRequest.toAnyEndpoint() }
disable { csrf() }
disable { cors() }
authorizeRequests {
authenticate { anyRequest() }
}
addFilterBefore(JWTFilter(jwtValidator), UsernamePasswordAuthenticationFilter::class.java)
@sbueringer
sbueringer / vagrant log
Created October 20, 2017 16:33
PS C:\Windows\system32> vagrant
INFO global: Vagrant version: 2.0.0
INFO global: Ruby version: 2.3.4
INFO global: RubyGems version: 2.5.2.1
INFO global: VAGRANT_EXECUTABLE="C:\\HashiCorp\\Vagrant\\embedded\\gems\\gems\\vagrant-2.0.0\\bin\\vagrant"
INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="C:\\HashiCorp\\Vagrant\\embedded"
INFO global: VAGRANT_INSTALLER_ENV="1"
INFO global: VAGRANT_INSTALLER_VERSION="2"
INFO global: VAGRANT_LOG="info"
INFO global: VAGRANT_OLD_ENV_="Q:=Q:\\"
@sbueringer
sbueringer / gist:c2fcf6de6341355d05e75c8c16be7c0d
Created March 25, 2018 06:56
keybase.md
### Keybase proof
I hereby claim:
* I am sbueringer on github.
* I am sbueringer (https://keybase.io/sbueringer) on keybase.
* I have a public key ASAWSdGxI8N0MxlfOX24-1xkB1cWlaPyituzWA-0S9cX5Ao
To claim this, I am signing this object:
@sbueringer
sbueringer / blog-opa-example1-cr.yaml
Last active January 9, 2019 18:17
Kubernetes Authorization via Open Policy Agent
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pods
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create", "update", "delete"]
---
kind: ClusterRoleBinding
@sbueringer
sbueringer / blog-opa-example2-cr.yaml
Created January 9, 2019 18:20
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: storageclasses
rules:
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["create", "update", "delete"]
---
kind: ClusterRoleBinding
@sbueringer
sbueringer / blog-opa-example2.rego.rb
Last active January 11, 2019 18:25
package authorization
import data.k8s.matches
deny[{
"id": "storageclasses",
"resource": {
"kind": kind,
"namespace": namespace,
"name": name,
@sbueringer
sbueringer / blog-opa-example1.rego.rb
Last active January 11, 2019 18:25
package authorization
import data.k8s.matches
deny[{
"id": "pods-kube-system",
"resource": {
"kind": kind,
"namespace": namespace,
"name": name,
@sbueringer
sbueringer / blog-opa-perf-mutating-webhook.yaml
Created February 18, 2019 20:37
blog-opa-perf-mutating-webhook.yaml
kind: MutatingWebhookConfiguration
apiVersion: admissionregistration.k8s.io/v1beta1
metadata:
name: opa
webhooks:
- name: opa.k8s.io
rules:
- operations: ["*"]
apiGroups: ["*"]
apiVersions: ["*"]
@sbueringer
sbueringer / blog-opa-perf-mutating-webhook-optimized.yaml
Created February 18, 2019 20:39
blog-opa-perf-mutating-webhook-optimized.yaml
kind: MutatingWebhookConfiguration
apiVersion: admissionregistration.k8s.io/v1beta1
metadata:
name: opa
webhooks:
- name: opa.k8s.io
rules:
- operations:
- CREATE
- UPDATE
@sbueringer
sbueringer / blog-opa-perf-old-object.rego.rb
Created February 18, 2019 20:56
blog-opa-perf-old-object.rego.rb
deny[{"id": id, "resource": {"kind": "namespaces", "namespace": "", "name": "YhPygPfFUx"}, "resolution": resolution}]
with data["kubernetes"]["namespaces"][""]["YhPygPfFUx"] as {
"uid":"f9603bca-33ab-11e9-9711-fa163e2ecb1b",
"kind":{
"group":"",
"version":"v1",
"kind":"Namespace"
},
"resource":{
"group":"",