I did this for an EC2 Client VPN Endpoint and certificate based authentication in a continuous integration environment. It might also be suitable for localhost certificates and is pretty much what Minica or Easy RSA does. But I do a lot of infrastructure work with Terraform, so here we are. Another important note: AWS has… Continue reading Create Your Own Certificate Authority with Terraform
Waiting for MySQL to be Ready in Docker Compose
Had a ... fun thing happen in GitHub Actions today where my tests were starting before the MySQL server they needed was up and running. MySQL in this case was running in Docker compose. So I started my process with a little shell script using mysqladmin: #!/usr/bin/env bash count=0 alive="no" while [ "$count" -lt 5… Continue reading Waiting for MySQL to be Ready in Docker Compose
Github API Calls via Github Actions Do Not Trigger Workflows
Github actions provides a token to actions with a set of permissions, however the docs have this little tidbit: When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. Which makes some sense, you… Continue reading Github API Calls via Github Actions Do Not Trigger Workflows
AWS Transfer: SFTP rename Fails with Permission Denied
Just hit this little fun thing. Using the rename command for SFTP seems to use the s3:CopyObject action, which attempts to copy any object tags as well as the actual object itself. The IAM Permission associated with the SFTP user must allow s3:GetObjectTagging and s3:PutObjectTagging or a rename command will get an Access Denied message… Continue reading AWS Transfer: SFTP rename Fails with Permission Denied
Using Org-Wide Secrets in Shared Github Actions Workflows
This was suprisingly hard to find the answer too. TL;DR: you cannot use org-wide secrets in a shared workflow without secrets: inherit Take a shared workflow like this: name: shared test workflow on: workflow_call: jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: 16 - name: NPM Auth run: echo '//registry.npmjs.org/:_authToken=${{… Continue reading Using Org-Wide Secrets in Shared Github Actions Workflows
Using PHP 8.2 on TravisCI
Ran into this recently, and it seems that TravisCI has PHP 8.2 support but only on Ubuntu 20.04 Focal Fossa and it's missing a library. Hints on this forum post. The gist is that dist: focal has to be set as well as an extra package installed form apt. Without the apt package, an error… Continue reading Using PHP 8.2 on TravisCI
Using AWS Transfer with a Custom Lambda Identity Provider
This week I got a chance to work on implementing AWS Transfer as an SFTP server backed by a set of S3 buckets. Authentication in this new system is handled by another, self-serve SFTP application. Users can create an manage SFTP users there and AWS Transfer uses their usernames, passswords, and public keys to authenticate… Continue reading Using AWS Transfer with a Custom Lambda Identity Provider
Docker Compose Exec on Github Actions
Just hit this error running a Github Action that used docker compose exec ...: the input device is not a TTY Github actions doesn't give you a true terminal or shell (input/output environment, a TTY) and docker compose exec by default does, essentially, docker exec -it ... where -i means interative and -t is run… Continue reading Docker Compose Exec on Github Actions
OAuth PKCE with Go
This is going to describe how to do Proof Key for Code Exchange (PKCE) with Go's golang.org/x/oauth2. A Brief Overview of PKCE PKCE is meant to be an extra layer of client authentication during the authorization code grant flow with public oauth clients (native apps, single page JS apps -- basically anything that cant' kep… Continue reading OAuth PKCE with Go
Using Structs in Custom Terraform Provider Data Sources
At PMG we maintain a custom terraform provider that talks to a few of our internal, platform APIs. APIs can change and evolve, and without a layer in between the API responses and terraform data sourcess, a custom TF provider can break when the API changes. I know this because I naïvely did this exact… Continue reading Using Structs in Custom Terraform Provider Data Sources
Christopher Davis 