Skip to content

Instantly share code, notes, and snippets.

View richeney's full-sized avatar

Richard Cheney richeney

136 followers · 9 following
View GitHub Profile
@richeney
richeney / denyWildcardJITSecurityRules.sh
Created July 28, 2020 17:25
custom policy to prevent JIT wildcard entries - not working?!
#!/bin/bash
subscriptionId=$(az account show --query id --output tsv)
read -r -d '' policyRule <<'EOF'
{
"if": {
"allOf": [
{
"field": "type",
@richeney
richeney / installLatestHashicorpBinary.sh
Last active January 18, 2023 14:53
Installs either terraform or packer
#!/bin/bash
######################################################
# Utility script to download latest Hashicorp
# binaries and move into /usr/local/bin. Uses their
# releases APIs.
#
# Requires sudo password unless sudoers is configured.
#
# Can be renamed to installLatestTerraform.sh or
# installLatestPacker.sh. If not then specify
@richeney
richeney / cloudshell.vim
Created December 3, 2020 18:19
Custom VIM colours
" Vim color file
" Maintainer: Richard Cheney (from delek.vim)
" Last Change: 2018 Apr 09
hi clear
let g:colors_name = "cloudshell"
" Normal should come first
hi Normal guifg=Black guibg=White
@richeney
richeney / addpolicy.sh
Created January 25, 2021 14:11
Takes a full Azure Policy JSON file and creates a policy definition. Requires jq and zip.
#!/bin/bash
###################################################################################################
## Loop through stdin of ARM resource compliant policy files
## Example format is
## https://github.com/richeney/azure-blueprints/blob/master/policies/auditemptytag.json
## Requires az and jq
## Can use unpathed URIs if you have exported URIBASE
###################################################################################################
error()
@richeney
richeney / azcmagent_token
Last active March 22, 2021 19:39
Creates and displays a token if a resource is specified. Defaults to https://management.azure.com. Designed for Azure Arc VMs.
#/bin/bash
error()
{
[[ -n "$@" ]] && echo "ERROR: $@" >&2
exit 1
}
urlencode() {
# urlencode <string>
@richeney
richeney / import_keyvault_certificates.sh
Created January 19, 2022 12:09
Bash crontab script to import PEM certs downloaded by the Azure Keyvault extension
#!/usr/bin/env bash
################################################################
# Search for certs downloaded by the Azure Key Vault Extension,
# convert from PEM to DER format and update the CA certificates.
#
# Designed to be run as root from crontab.
# Will be silent if no files are converted.
################################################################
error()
@richeney
richeney / immutable-pls.md
Last active January 22, 2024 05:28
Immutable Storage Accounts and Private Link Service

Immutable Storage Accounts, Private Link and Private Link Service

Introduction

This is a POC for immutability in a legal hold situation. The assumption is that an Azure Storage Account will be used as a target for images, documents etc. that need to be provably unchanged for a required legal period.

Immutability policy scope

Immutability policies can be scoped to a blob version or to a container. How an object behaves under an immutability policy depends on the scope of the policy.

@richeney
richeney / terraform_cloud.md
Last active January 22, 2024 05:28
Terraform Cloud

Using Terraform Cloud with Vault and OIDC

Requires jo

sudo apt update && sudo apt install jo -y

Create an example repo

@richeney
richeney / codetunnel.md
Last active January 22, 2024 05:27
Code Tunnel

Code Tunnels

https://www.azurecitadel.com/arc/servers/access_vms/#code-tunnels

Install & configure on VM

wget https://code.visualstudio.com/sha/download?build=stable\&os=cli-alpine-x64 -O /tmp/code.tar.gz
sudo tar -zxvf /tmp/code.tar.gz -C /usr/local/bin && rm /tmp/code.tar.gz
code tunnel --name $(hostname) --accept-server-license-terms
@richeney
richeney / git_init_in_wsl.md
Last active April 21, 2023 09:53
Initialise Git repo from WSL2

Initialise git repo, push into GitHub

Needs git and gh.

Quick bashrc function

Add to .bashrc

github() {