Hello

Quick and rough notes

Formatting Gitleaks for Jenkins' Warnings-ng Plugin

I wanted Warnings-ng Plugin to pick up issues reported by Gitleaks. Sadly this isn’t a parser that currently exists. However I’ve managed to do such a thing using jq. First up, Gitleaks it a tool which scans a git repo and reports credendials found in plain text. And Warnings-ng is a Jenkins Plugin used to find and parse bug/warnings/errors in code and report them neatly in Jenkins UI. Will skip over much of what gitleaks is/how to use it, their docs will be way better....

December 3, 2021 · 2 min

JSON Formatting for the Apache Log

I’m a big fan of structure logging, having a machine injest logs as JSON speeds up the queryability of the data. Not having to pre-parse the raw log, then convert into JSON is a big win too. So when I had a new application, (an older PHP/CGI website), which is all in Apache I figured I’d bring it into the modern times. Logs are going into AWS Cloudwatch Logs from AWS Fargate, Cloudwatch Logs supports parsing JSON without having to pass in any formats....

July 22, 2021 · 2 min

Opentelemetry OTLP Structure

I’ve been finddling around with OpenTelemetery for a while, I wrote the SeanHood/laravel-opentelemetry package which used the Zipkin Exporter to get data out. However, recently Honeycomb.io added support for ingesting OTLP over GRPC nativly. This support isn’t quite there yet opentelemetry-php#230 but I wanted to see how far off it was. Information/docs on this layer of OpenTelemetry is incredibly sparse, you’re mostly down to reading source code. Anyway, in all of this I wasn trying to understand the structure of how a Span relates to an array of ResourceSpans so I came up with this psudocode:...

February 28, 2021 · 1 min

HTTPS Workarounds for Rubygems in Go

Sometimes you have a really old application which uses an old version of jRuby and can no longer talk to rubygems.org over HTTPS. In ~Dec 2020, Rubygems or Fastly removed TLSv1.1 support. I don’t blame them but it caused a couple issues installing gems on old software. You might see one of these sorts of errors: Error fetching https://rubygems.org/: Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz) ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) Received fatal alert: handshake_failure (https://api....

February 27, 2021 · 2 min

Terraform: Move resource from one state to another (Terraform Cloud)

So I wanted to move a database cluster from one Terraform setup to another. I could have used terraform import but this can be a pain. Instead I used terraform state mv, this post documents some of the pitfalls. Reading the docs it explains quite simply how to “export” a resource to be imported elsewhere. terraform state mv -state-out=database.json 'mongodbatlas_cluster.mongodb_cluster' 'mongodbatlas_cluster.mongodb_cluster' The problem came when using Terraform Cloud, the state file isn’t local at all....

February 10, 2021 · 1 min

Terraform and OPA/Conftest/Rego, what a pain in the arse

So this has taken me 24+ hours to figure out. All docs, references to using OPA with Terraform are about testing the plan. I want some static analysis on raw .tf files. An OPA based linter if you will. First thing I ran into was iterating over an object, then being able to use it’s key. In Python I’d do: for k,v in dict. In Rego, we do hash[key], then just go and use key wherever....

February 3, 2021 · 2 min

Docker Compose + roots/bedrock

A quick start guide Pre-Reqs Docker installed PHP Composer installed Steps composer create-project roots/bedrock my-project cd my-project ln -s web html as Apache will serve /var/www/html by default, this saves us from having to change that Create a docker-compose.yaml with the following: version: '3.1' services: wordpress: image: php:7-apache restart: always ports: - 8080:80 volumes: - .:/var/www db: image: mysql:5.7 restart: always environment: MYSQL_DATABASE: database_name MYSQL_USER: database_user MYSQL_PASSWORD: database_password MYSQL_RANDOM_ROOT_PASSWORD: '1' volumes: - db:/var/lib/mysql volumes: db: vi ....

November 1, 2020 · 1 min

Neat & Secure: Adding AWS SQS to a Laravel 5.6 Application

Neat & Secure: Adding AWS SQS to a Laravel 5.6 Application Y’know sometime when you’re working on an old codebase? and you wanna do something “new” but the docs don’t really help you much? Yeah? That’s what I’m documenting here. So I’m working on getting a Laravel 5.6 application into AWS Fargate with Terraform. This application began life as a Laravel 5.0 app ~6 years ago, so some of the codebase was somewhat templated from then....

October 16, 2020 · 4 min

Puppet 4 + Hiera 5 + Hashicorp Vault

Quick guide for setting up Vault with Puppet What doesn’t this cover Building a Production grade Vault cluster Puppet 5 and 6 (Yes, I know Puppet 4 is EOL) Vault Dynamic Secrets The more secure Puppet 6 deferred functions Setup Vault Since I have a Kubernetes cluster, I used the Vault Helm Chart to set this up, I mostly followed this guide to setup Vault in Dev mode, which looks to be easy to then convert to a real Raft based Vault cluster to productionise it afterwards: https://learn....

October 9, 2020 · 3 min

Link Shortening Bookmarklets

Amazon and eBay love to use ugly links which aren’t nice to share. Here’s two bookmarklets to clean up these URLs before copying them. How to use Create a bookmark in your browser of choice, copy and paste the below code into the URL part of the bookmark, give it a witty name and save. Tested with ebay.co.uk, ebay.com, ebay.de, amazon.co.uk, amazon.com in Chrome eBay javascript:(function(s){var l = /(.*ebay\..*itm.).*\/(\d+).*/.exec(location); prompt('Short URL', l[1]+l[2])})() Amazon javascript:(function(s){var l = /(....

April 26, 2019 · 1 min