Skip to content

Instantly share code, notes, and snippets.

View dhrp's full-sized avatar

Thatcher dhrp

View GitHub Profile
@daxmc99
daxmc99 / cloud_sql_read_only.sql
Last active October 16, 2024 18:52
Make a user read-only after its created via the Google api (ie via Terraform)
-- CREATE read-only user when the user was created via the Google Cloud API (ie terraform)
-- GOOGLE CLOUD by default give fairly broad permissions
-- Prior reading https://stackoverflow.com/questions/13497352/error-permission-denied-for-relation-tablename-on-postgres-while-trying-a-selec
-- https://www.digitalocean.com/docs/databases/postgresql/how-to/modify-user-privileges/
REVOKE ALL ON DATABASE db FROM "dev-readonly";
-- This next line is important
REVOKE cloudsqlsuperuser FROM "dev-readonly";
GRANT USAGE ON SCHEMA public TO "dev-readonly";
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO "dev-readonly";
@lcrilly
lcrilly / README.md
Last active November 3, 2024 07:43
NGINX OAuth 2.0 Token Introspection

OAuth 2.0 Token Introspection with NGINX and njs

This configuration enables NGINX to validate an authentication token against an authorization server by using OAuth 2.0 Token Introspection (RFC 7662). This solution uses the auth_request module and the NGINX JavaScript module to require authentication and perform the token introspection request.

By default, the client's authentication token is expected as a bearer token supplied in the Authorization header. If supplied elsewhere in the HTTP request, the $access_token variable must be configured to specify where to obtain the token.

Token introspection requests are authenticated. By default, the $oauth_client_id and $oauth_client_secret variables are used to perform HTTP Basic authentication with the Authorization Server. If only the $oauth_client_secret variable is specified then that value is used

@ajhodges
ajhodges / eth-vpc.json
Created May 25, 2018 14:05
Prerequisites for AWS Blockchain for Ethereum
{
"Description": "Template used to create the base network infrastructure for the Ethereum nodes",
"Outputs": {
"ALBSecurityGroup": {
"Description": "Security group for ETH ALB",
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}-AlbSecurityGroup"
}
},