This simple script retrieves a secret of your choice from SecretsManager using the Lambda's provided event. Simply provide the payload:
{
"secret":"<identifier>"
}
where identifier is either the ID of the secret or the ARN of it.
Jim Speir jimbo8098
jimbo8098
/ repo-downloader-bitbucket.py
Last active
July 7, 2023 09:40
Get All BitBucket Repositories (App Password)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get all bitbucket repositories within an organisation and clone them in parallel | |
| # | |
| # Quick run: | |
| # docker run -it --rm -v "${PWD}:/src" -v "C:\Projects\:/repos" --env-file .env -w /src python:3.11 bash -c "pip install requests && python ./repo-downloader-bitbucket.py" | |
| # | |
| # 1. Set up an app password on your BitBucket account. Only repo read permissions are necessary. | |
| # 2. Setup your .env file or provide the environment variables listed below. The contents of the .env file are listed below: | |
| # # If you are using the default docker command above, /repos will work | |
| # #PROJECT_ROOT=/repos | |
| # PROJECT_ROOT= |
jimbo8098
/ GHCR Login.ps1
Created
March 13, 2023 21:50
A small login script which uses the Github CLI to log into GHCR instead of conventional tokens which must be made on the site.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Install Github CLI | |
| # Set the scopes used for the token | |
| gh auth login -s read:packages,write:packages,delete:packages | |
| # Read the token in and use it in the docker login call | |
| gh auth token | docker login ghcr.io -u username --password-stdin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Delete ECR Docker image in batch | |
| # Supports multiple regions if necessary | |
| $repositories = @( | |
| "image:tag" | |
| #... | |
| ); | |
| # Checked to verify which tags are present in a given region | |
| $primaryRegion = "eu-west-2" | |
| # Regions the image should be deleted from |
jimbo8098
/ aws-secret-provider.yml
Last active
June 26, 2023 14:54
Create an assumable IAM role to access AWS Secrets Manager parameters using the Secret Store CSI Provider for AWS (ASCP)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 | |
| kind: SecretProviderClass | |
| metadata: | |
| name: example-secret-provider | |
| namespace: secrets-csi-test | |
| spec: | |
| provider: aws | |
| secretObjects: | |
| # Each distinct secretObject creates a Secret which can be used within the namespace. Note that any pod able to access |
jimbo8098
/ terraform_complex_validation.tf
Last active
July 12, 2023 12:02
Complex variable validations in Terraform 1.5.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output "variable" { | |
| value = var.extra_secrets_maps | |
| } | |
| output "variable_secrets" { | |
| value = [for m in var.extra_secrets_maps: m.secrets] | |
| } | |
| output "variable_serviceaccounts" { | |
| value = [for m in var.extra_secrets_maps: m.namespace_serviceaccounts] |
jimbo8098
/ windows-fan-helm-template.ps1
Created
July 13, 2023 13:13
Fan out Helm template files into their own files to assist in debugging big charts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $InFile, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $OutDir | |
| ) | |
| $input = Get-Content $InFile -Delimiter "---" |
jimbo8098
/ locally-replicate-docker-login.ps1
Created
July 13, 2023 17:02
Replicate Docker credential locally from a Kubernetes secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( | |
| [switch] | |
| $Overwrite = $false, | |
| # If DockerServer is null, script performs the operation on all servers in the registry credential | |
| [string] | |
| $DockerServer = $null, | |
| [string] | |
| $SecretName = "regcred", |
Send payload:
{
"request": "<url>"
}
The lambda will request the address and return the output in it's logs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $payload = @{ | |
| Id = "test" | |
| MetricStat = @{ | |
| Metric = @{ | |
| Namespace = "EC2Extended" | |
| MetricName = "RootFreeSpace" | |
| Dimensions = [System.Array] @( | |
| @{ | |
| Name = "path" | |
| Value = "/" |
OlderNewer