Ricardo Oliveira gitrgoliveira

💭

I may be slow to respond.

gitrgoliveira / whatranwhen.py

Last active July 1, 2024 11:45

A rate limited version of https://github.com/richard-russell/tfe_scripts/blob/main/whatranwhen.py

	#! /usr/bin/env python3
	# Retrieve workspace resource counts and output sorted list (most resources first)
	# NB: skeleton code ... only checks for basic errors in responses
	# Reads inputs from env vars or interactively

	import argparse
	from getpass import getpass
	import os
	import requests
	import threading

gitrgoliveira / tfe_counter.py

Last active March 22, 2023 13:58

	import os
	from terrasnek.api import TFC as TFP
	# do `pip install terrasnek` before running this script

	TFE_TOKEN = os.getenv("TFE_TOKEN", None)
	TFE_URL = os.getenv("TFE_URL", "https://app.terraform.io") # ex: https://app.terraform.io

	api = TFP(TFE_TOKEN, url=TFE_URL)

	orgs = api.orgs.list()['data']

gitrgoliveira / nomad_sentinel_demo.sh

Last active December 3, 2024 12:25

Nomad Enterprise Sentinel Testing

	nomad agent -dev -bind 0.0.0.0 -acl-enabled >nomad-server.log &
	sleep 5

	nomad acl bootstrap -json > bootstrap.json
	export NOMAD_TOKEN=$(jq -r .SecretID bootstrap.json)

	# creating a namespace and quota
	nomad namespace apply -description "QA instances of webservers" web-qa
	nomad quota init
	nomad quota apply spec.hcl

gitrgoliveira / vault_setup.sh

Last active January 17, 2022 16:06

vault setup bash

	vault auth enable jwt

	vault write auth/jwt/config \
	oidc_discovery_url="https://token.actions.githubusercontent.com" \
	bound_issuer="https://token.actions.githubusercontent.com" \
	default_role="demo"

	# "user_claim": "workflow" defines the entity alias.
	vault write auth/jwt/role/demo -<<EOF
	{

gitrgoliveira / github_actions_snippet.yaml

Created December 16, 2021 11:49

GitHub Actions snippet

	jobs:
	build:
	permissions:
	contents: read
	id-token: write
	runs-on: self-hosted
	steps:
	- uses: actions/checkout@v2
	- name: Import Secrets
	uses: hashicorp/[email protected]

gitrgoliveira / vault_github_action.yml

Created December 6, 2021 14:38

a GitHub Action that read from Vault and builds a docker image.

	name: ImageBuilder
	# Run this workflow every time a new commit pushed to your repository
	on:
	push:
	workflow_dispatch:

	jobs:
	build:
	permissions:
	contents: read

gitrgoliveira / vault_gh_setup.sh

Created December 6, 2021 14:15

setting up vault for GitHub Action OIDC auth

	export VAULT_ADDR="https://xxxx:8200"
	export VAULT_NAMESPACE="admin"

	export VAULT_TOKEN=xxx

	tee vault-action.hcl <<EOF
	path "kv/data/ci" {
	capabilities = ["read"]
	}

gitrgoliveira / boundary-AzureAD.sh

Created May 26, 2021 15:09

Setting up OIDC in boundary with AzureAD

	#! /bin/bash
	#
	# `az login` must be run first
	#

	BOUNDARY_ADDR=https://boundary.ric-lnd.ric.aws.hashidemos.io:9200

	if [ -f "boundary_auth_created.json" ]; then
	echo "removing previous OIDC"
	boundary auth-methods delete -id $(jq -r .item.id boundary_auth_created.json)

gitrgoliveira / demo-tde.sh

Last active March 3, 2020 13:31

	#! /bin/bash

	# downloading MongoDB
	mkdir -p mongodb
	mkdir -p mongodb_data
	curl -o mongodb/mongodb.tgz https://downloads.mongodb.com/osx/mongodb-macos-x86_64-enterprise-4.2.2.tgz
	tar -zxvf mongodb/mongodb.tgz --strip-components=1 -C mongodb

	# assuming Vault Enterprise is already installed
	# setting it up

gitrgoliveira / gcp_demo.sh

Created November 8, 2019 12:53

setting up Vault and GCP auth and secrets backend

	#! /bin/bash
	#
	# based on https://medium.com/google-cloud/vault-auth-and-secrets-on-gcp-51bd7bbaceb
	#


	################################################################
	# setup GCP
	################################################################
	PROJECT_ID=`gcloud config get-value core/project`