May 08, 2021

Accessing the GitLab remote Terraform state from Ansible

Note to self: How to get the outputs from a GitLab remote Terrafrom state from Ansible.

---
- name: Get Terraform outputs from the GitLab remote state
  hosts:
    - localhost
  connection: local
  become: false
  gather_facts: false
  vars:
    project_name: amilive
    tf_workspace: "{{ lookup('env', 'TF_WORKSPACE')|default('default', true) }}"
    gitlab_token: "{{ lookup('env', 'GITLAB_TOKEN') }}"
    gitlab_base_url: "{{ lookup('env', 'GITLAB_BASE_URL') }}"

  tasks:
    - name: Projects
      ansible.builtin.uri:
        headers:
          PRIVATE-TOKEN: "{{ gitlab_token }}"
        method: GET
        url: "{{ gitlab_base_url }}/projects"
      register: projects

    - name: Request
      ansible.builtin.uri:
        headers:
          PRIVATE-TOKEN: "{{ gitlab_token }}"
        method: GET
        return_content: true
        status_code: [200]
        url: "{{ gitlab_base_url }}/projects/{{ project_id }}/terraform/state/{{ tf_workspace }}"
      vars:
        project_id: "{{ (projects.json|selectattr('path', 'equalto', project_name))[0].id }}"
      register: tf_state

    - name: Env output
      debug:
        var: (tf_state.content|from_json)["outputs"]["env"]["value"]

Nov 20, 2020

Spam me - Update

In last month' post I wrote about the new direct messaging I setup and the concern about abuse from that (spam and privacy concerns). While I can't speak on the privacy part (I don't know if anybody is listening to that channel besides me), I can update on the spam part. Since going live I recieved exactly 0 unsolicited messages. Nada, zilch, bupkis, גורנישט. I'm a little disappointed with that since it shows that my blog is not read by millions of people (a shock, I know). But it also seems that automated scanners, scanning repos in Github don't act on this kind of information. With that, I plan on keeping everything running for the foreseeable furture.

Oct 24, 2020

Spam me

A while back I saw an interesting project, Patchbay. At first I wanted to use it when I run long tasks on remote machines (as the example shows). I would obviously script the desktop part, commit it to my rcfiles repo and have it run on startup. As a security/ privacy concern, I planned on keeping the full URL private. So I shelved it until I would have a proper secret management system in place for such things.

A few months went by and I remembered that project and started to play around with receiving such messages but sending them from a webpage. The outcome is shore.co.il/spam. I'm annnouncing this on my blog as I'm actually interested to see if I get any spam this way. The desktop side of things is in this rcfiles commit and the source for web page is in my blog commit, both are quite public.

There isn't something technically interesting here (apart from Patchbay). But the experiment aspect is interesting to me. I would like to see who reads my blog and will send me messages (hopefully interesting ones). I'm not going to advertise this in any other way. And I would like to see if I get any spam as a result of this blog entry or from having the URL public in my Git repos. I'll post an update in a few weeks with initial results.

Next →Page 1 of 8