For over a decade, most of us built web UIs operating under the assumption that servers would render mostly-static HTML, and we’d boil the ocean and free all client-side memory with every page load. This was a simple world, where the server-side was aware of the user’s intent and context.
Enter the Single Page Application (SPA) - there are all sorts of usability and performance, and scalability benefits that come along with building a web app this way, but there are also some serious challenges. There are some implicit assumptions that our users make about how apps should work, and we must work a bit harder in order to keep them intact. Take the “Back” and “Refresh” buttons, for example: in order for this to work as our users expect, we must keep certain elements of state serialized in the URL in order to avoid “breaking” this as we simulate a multi-page experience in a SPA.
Add in the concept of “server-side rendering”, where our asset serving layer sometimes needs browser details (i.e. viewport dimensions) in order to render the correct content, and state decisions become even more consequential and complex.
In this talk, I’ll outline four types of state
Navigation state
Persisted state
UI state
“Will be persisted” state
and provide examples for each. Along the way, we’ll start to assemble a framework of questions that you can ask yourself when encountering new pieces of state, to lead you down the right path(s).
For over a decade, most of us built web UIs operating under the assumption that servers would render mostly-static HTML, and we’d boil the ocean and free all client-side memory with every page load. This was a simple world, where the server-side was aware of the user’s intent and context.
Enter the Single Page Application (SPA) - there are all sorts of usability and performance, and scalability benefits that come along with building a web app this way, but there are also some serious challenges. There are some implicit assumptions that our users make about how apps should work, and we must work a bit harder in order to keep them intact. Take the “Back” and “Refresh” buttons, for example: in order for this to work as our users expect, we must keep certain elements of state serialized in the URL in order to avoid “breaking” this as we simulate a multi-page experience in a SPA.
Add in the concept of “server-side rendering”, where our asset serving layer sometimes needs browser details (i.e. viewport dimensions) in order to render the correct content, and state decisions become even more consequential and complex.
In this talk, I’ll outline four types of state
Navigation state
Persisted state
UI state
“Will be persisted” state
and provide examples for each. Along the way, we’ll start to assemble a framework of questions that you can ask yourself when encountering new pieces of state, to lead you down the right path(s).
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingTal Melamed
Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to your benefit?
Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.
The lecture aims to enrich the pentester's toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.
In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.
The Cloud Foundry APIs provide a rich set of information for anyone trying to gain insight into the inner workings of the platform. This presentation explores some of the APIs, and provides some practical techniques for non-coder ways of interacting with those APIs.
This slide deck goes into detail about the main concepts in Hyperledger Fabric - peers, orderer, certificate authority, and channels. We talk about chaincode, and go into details about modeling a network which involves putting cars on an auction. I end with a demo of the IBM Blockchain Platform, and give you links to get a free 1-month trial of the Starter Plan Blockchain service on the IBM Blockchain Platform.
This advanced session will cover topics on how to leverage both CFML and ORM to start creating amazing applications that will be as lethal as a dinosaur riding a shark with an Uzi. We will cover ORM session management, virtual service layers, dynamic finders, dynamic counters and an enhanced Hibernate Criteria builder to create easy and programmatic HQL queries.
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
When we are working on tests exercising large parts of our software system (e.g. in an acceptance test suite), we often have to set up a considerable amount of data to set the stage for the scenario under test. This might include several calls to cumbersome APIs. At first, such code can be hard do get right. When it is working properly, many times the intention of the setup is greatly hidden in a convoluted mess of code. Therefore, such code can pose a major hurdle for the evolution of the project. Although intensive refactoring can provide benefits, there are things demanding even better readability. At this point, techniques, patterns and tools like Specflow can provide advantages.
In this talk we discuss typical problems faced with the setup of test data and means to address those. We illustrate three cases where non-trivial setup was needed. After understanding the challenges faced we will present and discuss the final solutions. All topics are supported by code examples from a 10+ year project that has faced all of those issues.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Basic PowerShell Toolmaking - Spiceworld 2016 sessionRob Dunn
PowerShell is everywhere. Admit it, even if you don't like change, you've probably needed to run a one-off command or small script in order to accomplish something...whether it was in AD, Exchange, VMWare or something else.
Running a single command is one thing, but what about making a reusable piece of code that anyone can run, or even better, schedule it? Get a report every Monday about drive space, remove old log files every month, report on logon failures...
We're going to take a command that fulfills a 'single-serving' role and turn it into something more dynamic; something that can be run over and over and be both relevant and timely!
Be ready to learn about parameters, basic functions, comment-based help, and other useful techniques - bring your laptop and code along with us!
Let's build a PowerShell tool!
Watch me present this topic via YouTube: https://youtu.be/akTypRvwr7g (video 1 of 2)
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingTal Melamed
Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to your benefit?
Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.
The lecture aims to enrich the pentester's toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.
In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.
The Cloud Foundry APIs provide a rich set of information for anyone trying to gain insight into the inner workings of the platform. This presentation explores some of the APIs, and provides some practical techniques for non-coder ways of interacting with those APIs.
This slide deck goes into detail about the main concepts in Hyperledger Fabric - peers, orderer, certificate authority, and channels. We talk about chaincode, and go into details about modeling a network which involves putting cars on an auction. I end with a demo of the IBM Blockchain Platform, and give you links to get a free 1-month trial of the Starter Plan Blockchain service on the IBM Blockchain Platform.
This advanced session will cover topics on how to leverage both CFML and ORM to start creating amazing applications that will be as lethal as a dinosaur riding a shark with an Uzi. We will cover ORM session management, virtual service layers, dynamic finders, dynamic counters and an enhanced Hibernate Criteria builder to create easy and programmatic HQL queries.
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
When we are working on tests exercising large parts of our software system (e.g. in an acceptance test suite), we often have to set up a considerable amount of data to set the stage for the scenario under test. This might include several calls to cumbersome APIs. At first, such code can be hard do get right. When it is working properly, many times the intention of the setup is greatly hidden in a convoluted mess of code. Therefore, such code can pose a major hurdle for the evolution of the project. Although intensive refactoring can provide benefits, there are things demanding even better readability. At this point, techniques, patterns and tools like Specflow can provide advantages.
In this talk we discuss typical problems faced with the setup of test data and means to address those. We illustrate three cases where non-trivial setup was needed. After understanding the challenges faced we will present and discuss the final solutions. All topics are supported by code examples from a 10+ year project that has faced all of those issues.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Basic PowerShell Toolmaking - Spiceworld 2016 sessionRob Dunn
PowerShell is everywhere. Admit it, even if you don't like change, you've probably needed to run a one-off command or small script in order to accomplish something...whether it was in AD, Exchange, VMWare or something else.
Running a single command is one thing, but what about making a reusable piece of code that anyone can run, or even better, schedule it? Get a report every Monday about drive space, remove old log files every month, report on logon failures...
We're going to take a command that fulfills a 'single-serving' role and turn it into something more dynamic; something that can be run over and over and be both relevant and timely!
Be ready to learn about parameters, basic functions, comment-based help, and other useful techniques - bring your laptop and code along with us!
Let's build a PowerShell tool!
Watch me present this topic via YouTube: https://youtu.be/akTypRvwr7g (video 1 of 2)
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Understanding Nidhi Software Pricing: A Quick Guide 🌟
Choosing the right software is vital for Nidhi companies to streamline operations. Our latest presentation covers Nidhi software pricing, key factors, costs, and negotiation tips.
📊 What You’ll Learn:
Key factors influencing Nidhi software price
Understanding the true cost beyond the initial price
Tips for negotiating the best deal
Affordable and customizable pricing options with Vector Nidhi Software
🔗 Learn more at: www.vectornidhisoftware.com/software-for-nidhi-company/
#NidhiSoftwarePrice #NidhiSoftware #VectorNidhi
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
First Steps with Globus Compute Multi-User Endpoints
Puppet Roles & Profiles Using Trusted Facts.
1. Roles, Profiles &
Trusted Facts!
Puppet Meetup, 23rd Feb 2016
Stephen Wallace
https://au.linkedin.com/in/stephenwallace
@stphnwallace
2. Who am I?
Devops contractor
Home brewer
Connector of people
(3000+)
3. What do I do?
• Help people (companies) stay
relevant in a fast moving world
• Build people, which builds
teams. Collaborative Economy
• Help enough people get what
they want…
4. What Are Roles & Profiles?
• An area of confusion!
• Role….business speak
• Profile….tech stacks…think Lego
• Classification….role only!
• IT facilitates the business, right?
• Quick peek at site.pp
5. How can we apply a role?
• /etc/puppetlabs/facter/facts.d/BLAH
• export FACTER_role=thingo
• custom fact to read a file
• console
6. Do you want this flexibility in
production?!
export FACTER_role=whatever
7. Normal vs Trusted Facts
• Normal facts are self-reported by the node, and nothing
guarantees their accuracy.
• Trusted facts are extracted from the node’s certificate,
which can prove that the CA checked and approved them.
• The variable name $trusted is reserved, so local scopes
cannot re-use it.
• Useful for deciding whether a given node should receive
sensitive data in its catalogue.
8. Enabling & Using
Trusted Facts
$ sudo puppet config print trusted_node_data immutable_node_data --section master
trusted_node_data = true
immutable_node_data = true
Example;
if $trusted['extensions']['pp_image_name'] == 'storefront_production' {
include private::storefront::private_keys
}
(*) If trusted facts are enabled, any cert extensions can be accessed in manifests as
$trusted[extensions][<EXTENSION OID>].
(*) OID / name mapping can be found here - https://docs.puppetlabs.com/
puppet/latest/reference/config_file_csr_attributes.html
9. What Other Practical Uses?
• Embed a deployment key ?
• $trusted[‘extensions']['pp_role'] ?
10. Setting Trusted Facts
• Extra data for the CSR is read from the
csr_attributes.yaml file in Puppet Agent’s $confdir.
• YAML hash containing one or both of the following
keys:
• custom_attributes
• extension_requests
• e.g.
---
extension_requests:
pp_preshared_key: banana
11. Checking for the CSR OIDs
• cd /etc/puppetlabs/puppet/ssl/ca/requests
• openssl req -noout -text -in ip-172-31-35-224.ap-
southeast-2.compute.internal.pem
• Check out the attributes section
Attributes:
Requested Extensions:
1.3.6.1.4.1.34380.1.1.4:
..banana
1.3.6.1.4.1.34380.1.1.13:
..webshop
Cool bananas? :)
12. Puppet Agent Workflow
- Before
• New agent generates certs, and submits CSR.
• Puppet master / CA signs the cert, and the catalog
is served.
• Uses cert for auth ongoing.
13. Puppet Agent Workflow
- After
• New agent generates CSR reading in any additional
attributes from the csr_attributes.yaml file in the
Puppet agent’s $confdir, and submits CSR.
• Puppet master / CA signs the cert with the option
for (*)auto-signing policy, and the catalog is served.
• Uses cert for auth ongoing, and reads trusted facts
when communicating with the PM
14. Policy Based Autosigning
• puppet config set --section master autosign /usr/
local/bin/autosign-psk.rb
• Can be used for policy based autosigning
• See autosign-psk.rb in appendix
19. Appendix 1
- autosign-psk.rb
#!/opt/puppetlabs/puppet/bin/ruby
require "openssl"
include OpenSSL
csr = OpenSSL::X509::Request.new $stdin.read
atts = csr.attributes()
if atts.empty?
exit 1
end
key = nil
atts.each do |a|
if (a.oid=="extReq")
val = a.value.value.first.value.first.value
if val[0].value == "1.3.6.1.4.1.34380.1.1.4"
key = val[1].value
key = key.chomp
end
end
end
if key == "banana"
print "Matchn"
exit 0
else
puts "The key in the CSR is #{key}, no match."
print "No matchn"
exit 1
end
20. Thanks!
• Stephen J Wallace
• whizbang.wallace@gmail.com
• Follow for details of CD training event in May 2016 -
@stphnwallace / @devopsdan