aschmidt75

Pattern: Enforce Proper Access Control & Least Privilege in CI/CD Pipelines

This pattern, when properly implemented, ensures that CI/CD pipelines operate with the minimal necessary privileges, guarding against unauthorized actions and reducing the overall risk to software delivery workflows.

Context

Modern software delivery relies on Continuous Integration and Continuous Delivery (CI/CD) pipelines, often spanning multiple services, build agents, and cloud infrastructures. These pipelines must handle sensitive operations such as code compilation, artifact storage, secrets management, and deployment to production systems. As a result, rigorous Identity and Access Management (IAM) policies and Role-Based Access Control (RBAC) are critical to safeguard these processes.

Problem

Without proper access controls, unauthorized parties or processes can gain elevated privileges, manipulate the pipeline, access sensitive secrets, or compromise production environments. Inadequate RBAC and violation of the [Princ

aschmidt75

Function Convert-IpAddressStringToBinString {
	[CmdletBinding()]
	param(
		[Parameter(Mandatory)]
		[string]$IpAddress
	)

	$IpAddressFullBin = ""
	foreach ($octet in $IPAddress.Split(".")) {

aschmidt75

[CmdletBinding()]

class DrawIOStyle {
	[Hashtable]$elems
	[bool]$IsImage

	DrawIOStyle() {
		$this.elems = New-Object -TypeName Hashtable
	}

aschmidt75

Read

• Awesome Powershell
• PoshCode | The PowerShell Best Practices and Style Guide

UI/Term

• PoshCode | ANSI Escape Sequence Primer & Lib
• OhMyPosh

aschmidt75

I am attesting that this GitHub handle aschmidt75 is linked to the Tezos account tz1UbsLVDYYbc5itm5B7RgQjkXDqs3qdoS3T for tzprofiles

sig:edsigtumt29e7bT68gYrJhf5xNWGmsF6z6GEo4zLWdt5nU88sWyuVuzQbwfVGaD5c3YCMMfVrFzYdpQrgtjCj2AsKZ23ZuRtTna

aschmidt75

Example of c11 anonymous struct / Introduction of abstract interfaces

$  gcc -Wno-missing-declarations -std=c11 -fms-extensions -Wno-microsoft-anon-tag -o ex *.c && ./ex

aschmidt75

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
data:
  nginx.conf: |
    user nginx;
    worker_processes  3;
    error_log  /var/log/nginx/error.log;
    events {

aschmidt75

Instantiating chaincode.
enter Init
enter Invoke
requested function=registerIndividualParticipant, with args=[]string{"{ \"name\": \"Andreas\", \"address\": \"Some where 17, 50735 Cologne, DE\" }"}
enter registerIndividualParticipantInvocation.checkParseArguments
enter registerIndividualParticipant.process
arg=main.registerIndividualParticipantArg{Name:"Andreas", Address:"Some where 17, 50735 Cologne, DE"}
newId: PutState to key=sample.PreciousCargoChaincode.IndividualParticipant.index, index=1
key=sample.PreciousCargoChaincode.IndividualParticipant#0000000001
PutState to key=sample.PreciousCargoChaincode.IndividualParticipant#0000000001, data=main.IndividualParticipant{Participant:main.Participant{ID:main.ID{ID:"0000000001"}, Name:"Andreas"}, Address:"Some where 17, 50735 Cologne, DE"}

aschmidt75

#!/bin/bash

if [[ $# -ne 1 ]]; then
  echo 'Usage: cat inputdata.json | ./invoke.sh FUNCTIONNAME'
  exit 1
fi

FUNCTION="$1"
INPUTDATA0=`cat`
INPUTDATA=$(echo $INPUTDATA0 | sed 's/\"/\\"/g')

aschmidt75

func (r registry) create(stub shim.ChaincodeStubInterface, item interface{}) (string, error) {
	idStr, err := newID(stub, r.typeStr)
	if err != nil {
		return "", errors.New("internal error generating index key")
	}
	ck, err := getShipmentKey(stub, idStr)
	if err != nil {
		return "", errors.New("internal error generating composite key")
	}