Forem: Mbaoma

Testing infrastructure configurations with Checkov

Mbaoma — Sun, 19 Mar 2023 12:47:23 +0000

Checkov as a configuration testing tool

As an aspiring DevOps engineer, I understand the importance and flexibility of writing your infrastructure configuration as code; however, while building CI/CD pipelines, I always asked myself if there was any other way to test my Terraform configuration aside from running terraform validate.

Recently, I worked on a project where I had to setup a production level server with my friend, Adefemi and he introduced me to Checkov, an open-source tool that scans your infrastructure configuration (Teraform, CloudFormation, Kubernetes, etc.) for misconfigurations and also offers you a solution to fix the identified vulnerability.

Should you introduce Checkov into your build process?

Yes.

Checkov mitigates security risks by analyzing infrastructure as code (IaC) for security vulnerabilities, such as misconfigurations and compliance violations, and provides automated tests and repair recommendations.

By identifying misconfigurations and potential problems early in the development cycle, Checkov can save time and minimize the cost of fixing problems later in the development cycle.

Checkov may be incorporated into your CI/CD pipeline or used with pre-commit hooks to automate the scanning process, allowing developers to find errors without human code reviews.

How to use Checkov

There are various ways of running the Checkov tool against your configurations.

Checkov in Github Actions

....... 
jobs:
     - name: Test with Checkov
              id: checkov
              uses: bridgecrewio/checkov-action@master
              with:
                  framework: terraform
                  directory: .

Checkov in Terraform

You can run Checkov on a directory, module, or single file with the following commands respectively:

$ checkov -d /path/to/directory
$ checkov -m /path/to/module
$ checkov -f /path/to/file

Checkov in action

Let's run Checkov against a Terraform configuration to create a private S3 bucket.

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"

  tags = {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.b.id
  acl    = "private"
}

Running checkov -f /filename gives,

Passed checks: 4, Failed checks: 3, Skipped checks: 0

Check: CKV_AWS_93: "Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)"
        PASSED for resource: aws_s3_bucket.b
....................
Check: CKV2_AWS_43: "Ensure S3 Bucket does not allow access to all Authenticated users"
 PASSED for resource: aws_s3_bucket_acl.example
....................
Check: CKV_AWS_19: "Ensure all data stored in the S3 bucket is securely encrypted at rest"
PASSED for resource: aws_s3_bucket.b
............................
Check: CKV_AWS_57: "S3 Bucket has an ACL defined which allows public WRITE access."
        PASSED for resource: aws_s3_bucket.b
 .........................
Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
        FAILED for resource: aws_s3_bucket.b
        File: /test.tf:1-8

                1 | resource "aws_s3_bucket" "b" {
                2 |   bucket = "my-tf-test-bucket"
                3 | 
                4 |   tags = {
                5 |     Name        = "My bucket"
                6 |     Environment = "Dev"
                7 |   }
                8 | }

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
        FAILED for resource: aws_s3_bucket.b
        File: /test.tf:1-8
        Guide: https://docs.bridgecrew.io/docs/s3_16-enable-versioning

                1 | resource "aws_s3_bucket" "b" {
                2 |   bucket = "my-tf-test-bucket"
                3 | 
                4 |   tags = {
                5 |     Name        = "My bucket"
                6 |     Environment = "Dev"
                7 |   }
                8 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
        FAILED for resource: aws_s3_bucket.b
        File: /test.tf:1-8
        Guide: https://docs.bridgecrew.io/docs/ensure-that-s3-bucket-has-cross-region-replication-enabled

                1 | resource "aws_s3_bucket" "b" {
                2 |   bucket = "my-tf-test-bucket"
                3 | 
                4 |   tags = {
                5 |     Name        = "My bucket"
                6 |     Environment = "Dev"
                7 |   }
                8 | }

With this output, we see that Checkov gives us remediations to vulnerabilities. Personally, after viewing Checkov's suggestion, I head over to Terraform's official documentation to read up on how to implement the suggested fix.

Checkov provides a lot of flexibility and can be customized to fit your specific needs.

Cheers to building more secure infrastructure 🎉

AWS CloudFormation Series

Mbaoma — Fri, 16 Sep 2022 17:41:07 +0000

While learning about CloudFormation, I noticed there were not a lot of beginner-friendly articles available. Hence, the reason for this series of mine.

In this series, I aim to cover foundational concepts around AWS EC2 instances and services to help people new to CloudFormation.

What is CloudFormation

I refer to AWS CloudFormation as Terraform for AWS services.

CloudFormation like Terraform, is an Infrastructure as Code (IaC) tool that helps you provision resources. CloudFormation is AWS focused while Terraform works across various cloud and on-prem services.

According to the official documentation,
"CloudFormation is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS."

What are EC2 instances and what goes into creating them?

EC2 instances are AWS's virtual machines. According to AWS, an EC2 instance provides scalable computing capacity in the Amazon Web Services (AWS) Cloud.

To provision an EC2 instance, you need to set up the following:

Virtual Private Cloud: you create a VPC to isolate your EC2 instance within the AWS cloud.
Security Group: acts as a virtual firewall for your EC2 instances controlling incoming and outgoing traffic.
Key Pair: this consists of a public key and a private key. You use this key when connecting to an EC2 instance.
Internet Gateway: Allocates an internet gateway for use with a VPC. After creating the Internet gateway, you then attach it to a VPC.
VPC GateWay Attachment: Attaches an internet gateway, or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC.
Subnet (public and private): a logical partition of an IP network into multiple, smaller network segments.
Route Table (public and private): a rule called routes that determines where network traffic from your subnet or gateway is directed.
Route (public and private): within a VPC, route consists of a single destination prefix in CIDR format and a single next hop.
Subnet route table association (public and private): Associates a subnet with a route table.

CloudFormation's Syntax

In this section, we'd see hands-on examples of how to provision resources using CloudFormation.

Prerequisites

Feel free to setup an Identity and Access Management user. Grant this user full access to the service

AWS CloudFormation

.
Download and configure your AWS CLI with your login credentials.

aws configure

Creating an EC2 Instance

main.yml

Description: 
  Creating an EC2 Instance

Parameters:

  EnvironmentName:
    Description: Prefixed to resources
    Type: String

  VpcCIDR:
    Description: IP range (CIDR notation)
    Type: String
    Default: 10.0.0.0/16

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties: 
      CidrBlock: !Ref VpcCIDR
      EnableDnsHostnames: 'true'   
      Tags:
        - Key: Name 
          Value:  !Ref EnvironmentName

  InternetGateway:
      Type: 'AWS::EC2::InternetGateway'
      Properties:
        Tags:
          - Key: Name
            Value: !Ref EnvironmentName

  AttachGateway:
      Type: 'AWS::EC2::VPCGatewayAttachment'
      Properties:
        InternetGatewayId: !Ref InternetGateway
        VpcId: !Ref VPC

  KeyName:
      Type: 'AWS::EC2::KeyPair'
      Properties:
        KeyName: <keyname>
        KeyType: rsa
        Tags:
          - Key: Name
            Value: !Ref EnvironmentName

  PublicSubnet:
      Type: 'AWS::EC2::Subnet'
      Properties:
        VpcId: !Ref VPC
        CidrBlock: 10.0.1.0/24
        AvailabilityZone: <your-az-zone>
        MapPublicIpOnLaunch: true
        Tags:
          - Key: Name
            Value: !Ref EnvironmentName

  PrivateSubnet:
      Type: 'AWS::EC2::Subnet'
      Properties:
        VpcId: !Ref VPC
        CidrBlock: 10.0.2.0/24
        MapPublicIpOnLaunch: false
        AvailabilityZone: <your-az-zone>
        Tags:
          - Key: Name
            Value: !Ref EnvironmentName

  PublicRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
      Tags:
          - Key: Name
            Value: !Ref EnvironmentName

  PublicRoute:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable  

  PrivateRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Ref EnvironmentName

  PrivateSubnetRouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref PrivateSubnet
      RouteTableId: !Ref PrivateRouteTable    

  EC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-xxxxxx
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref SecurityGroup
      SubnetId: !Ref PublicSubnet
      KeyName: !Ref KeyName    

  SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security group to allow traffic to and from ports 80 and 22.
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: Name
          Value: !Ref EnvironmentName

parameters.json

[
    {
        "ParameterKey": "EnvironmentName",
        "ParameterValue": "cfArticle"
    }    

]

The


 file, holds the values of variables we defined in the

 ```main.yml```

 file.

To provision your VPC, run:


```bash
$ aws cloudformation create-stack --stack-name stackname --template-body file://file.yml --parameters file://file.json
{
    "StackId": "arn:aws:cloudformation:us-west-1:5000:stack/stack/xxxx-xxxx-xxxx-xxxxx-xxxxxxx"
}

CloudFormation Stack showing a collection of AWS resources that you can manage as a single unit

Connecting to your EC2 Instance

For you to SSH into your instance, you have to create the key-pair and reference it in your CloudFormation script like so:

KeyName: your-ec2-keypair

You can also connect to your instance using the EC2 Instance Connect (if you created the KeyPair using CloudFormation).

EC2 Instance Connect

CloudFormation Commands

To create a stack:

aws cloudformation create-stack \
--stack-name <value> \
--template-body file://file.yml \
--parameters file://file.json \

To update an existing stack

aws cloudformation update-stack \
--stack-name <value> \
--template-body file://file.yml \
--parameters file://file.json \

To delete a stack

delete-stack \
--stack-name <value>

You can find more CloudFormation commands here.

Note:

Deleting a stack, deletes all resources which the stack provisioned.
After updating or creating your stack, you can validate your script using AWS CloudFormation's designer by:
- Clicking on 'View in Designer'.
View in Designer
- Editing and validating your code. Viewing your code in JSON format, clearly shows the error source.
Validate button

Conclusion

CloudFormation is your go-to tool when you only want to provision AWS resources. Your CloudFormation scripts can be in either JSON or YAML file formats, however there is caveat where your files cannot exceed 51MB.
If your files exceed 51MB, you would have to create nested stacks.

Feel free to refer to my GitHub Repo.

Thanks for your time, kindly look forward to other articles in this series.

Building an AWS Auto Scaling Group (ASG) using Terraform Enterprise (contd)

Mbaoma — Tue, 22 Feb 2022 16:19:07 +0000

In the last article, we looked at how to push Terraform code through GithHub to Terraform enterprise, setting up our infrastructure.

The first part of this article can be viewed here.

This article highlights how to use CLI to push Terraform codes to Terraform enterprise to set up needed infrastructure.

Triggering the Run

Create a new workspace and select the run type as CLI-driven runs

Then set up variables such as your access key and secrets.

terraform login

Copy the API token and paste it in your terminal when prompted

Copy and add the given code block to your provider.tf file.
Run the following Terraform commands:

terraform init
terraform plan
terraform apply

Head over to your AWS account, to view the created resources
It is good practice to delete all provisioned services, to avoid incurring costs when using cloud providers.

terraform destroy

Useful Resources

Thanks for your time.

Feel free to connect with me via: LinkedIn, Twitter

Yoroshko!

Building an AWS Auto Scaling Group (ASG) using Terraform Enterprise

Mbaoma — Sun, 06 Feb 2022 10:21:41 +0000

Terraform is an Infrastructure as Code tool that focuses on the automation of infrastructure.

Terraform Cloud is a platform that performs Terraform runs to provision infrastructure, either on-demand or in response to various events.

This article covers the following sections:

Signing up to Terraform Enterprise
Creating a Terraform Workspace
- Using the Version Control Workflow
- Using the CLI driven Workflow

Create a Terraform Cloud account by taking the following steps:

Create an Organization
Create a Workspace: here, you are asked to select a method of building the workflow for your build; this can be through:
Version Control Workflow: A build is triggered by pushing your code to a selected Version Control System such as GitHub GitLab.
- CLI-driven workflow: Build infrastructure by running commands from your local terminal.
- API-driven workflow: implement Terraform using the Terraform API.

Version Control Workflow

To use Terraform code on a Version Control system to build an infrastructure on Terraform enterprise, follow the prompts presented under the Version Control Workflow, to connect your VCS of choice to your Terraform Organization.

Then set up variables such as your access key and secrets.

To trigger the build of any infrastructure, push the code to the repository to which you connected your Terraform Enterprise under the Version Control Workflow prompt.

Overview of an AWS ASG Infrastructure built with Terraform

The code for this section is available on GitHub.
The codes used to provision this architecture are modularized. A Terraform module is a set of Terraform configuration files in a single directory.

Our file structure is as follows:

Terraform Enterprise
-- main.tf
-- variables.tf
-- output.tf
-- provider.tf
The main.tf file, contains the configurations with values defined as variables.

The variables.tf file, contains the values used in the main.tf file.

The output.tf file, contains information that would be displayed publicly after running terraform apply .

The provider.tf file, contains details of the Terraform configuration for the cloud provider of choice, in this case AWS.

Triggering the Run

terraform login

Push your code to the previously created GitHub repository.

git add .
git commit -m '<commit message>'
git push <remote> <branch>

Then head over to the Terraform enterprise UI, following the prompts.

The configuration has been planned (equivalent to running terraform plan ), click on confirm and apply .

An applying tag becomes visible - this is equivalent to running terraform apply in the CLI.

Head over to your AWS account, to view the created resources.

N.B: Any new changes made to the Terraform code, should be pushed to GitHub so as to trigger a run to update your infrastructure

It is good practice to delete all provisioned services, to avoid incurring costs when using cloud providers.

For this use case, we click on the Queue Destroy Plan.

The sequel to this article will highlight the CLI Driven Workflow.

Thanks for your time.

Feel free to connect with me via: LinkedIn, Twitter

Yoroshko!

SonarQube as a code health checker for Flask project

Mbaoma — Thu, 14 Oct 2021 11:09:54 +0000

SonarQube is an open-source platform developed by SonarSource, which checks the quality of your code by running continuous checks for bug detection, code smells and security vulnerabilities. It supports over 20 programming languages.

We take the steps below, to run a health check on a Flask project:

Build the Flask project

Create and switch to a virtual environment

python3 -m venv venv
source venv/bin/activate

Install requirements

pip3 install -r requirements.txt

Run the project

python3 main.py

Install SonarQube

Install SonarQube using Docker

docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

Run SonarQube locally

http://localhost:9000/

Default username and password is admin for both fields.

If asked to update password, kindly do so

Run an Analysis on SonarQube

We run an analysis manually, by clicking on the 'manually' option at the bottom of the page
Fill the prompts and tell SonarQube to run your project locally
Generate a token
For our build, we select the 'Other' option, when asked what describes our build.
We also have to download a scanner based on our operating system.
We install SonarQube scanner following the prompts in this article.

wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip
unzip sonar-scanner-cli-4.2.0.1873-linux.zip
sudo mv sonar-scanner-4.2.0.1873-linux /opt/sonar-scanner

Edit the sonar-scanner.properties file

to contain

sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8

Create a file to automate the required environment variables configuration

sudo nano /etc/profile.d/sonar-scanner.sh

to contain

#/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"

Add the sonar-scanner commands, to PATH variables

source /etc/profile.d/sonar-scanner.sh

Verify that the PATH variable was changed as expected

env | grep PATH

Verify SonarQube scanner was installed

sonar-scanner -v

Next, run the command as marked in red ink in the picture below.

The command should be ran in the directory where you installed SonarQube

Expected result

SonarQube web page

Checkout my GitHub Repo to view my files.

Branch Protection in GitHub

Mbaoma — Sat, 12 Jun 2021 08:53:18 +0000

Ever been in a position where you wish you could prevent your teammates from merging unapproved code from a development branch to the main branch?

Do you want to prevent merging code which you are not sure of its build status to your main branch?

Recently, I found myself in this situation and I plan to share a concept which helped me out - 'Branch Protection in GitHub'.

What is Branch Protection?

Branch protection is the act of setting rules to prevent certain actions from occurring on your branch(es) without your approval.

This article focuses on, preventing branches (development etc) from being merged to the main branch; such that before any merge can occur, a pull request would require a selected reviewer to review the request and then merge the commit.

Prerequisites

It is expected that you have prior knowledge of:

Github
CI/CD tools (in this article, Travis CI)

Check out this guides for an introduction to Github and creating a simple .travis.yml file

Setting up branch protection rules

We take the following steps:

Click on the Settings option in your repository and then Branches (located on the left hand side of the page) - Click on Add Rule to create the rule(s) for your branch of choice

Next, under Branch name pattern type in the name of the branch you want to protect
For this article, we choose the following rules:
- 'Require pull request reviews before merging': we limit the number of required reviews to 1 (you can choose to increase the required reviews).
- Then, we select Include administrators , to ensure that as owners of the branch, our pull requests will have to be reviewed before a merge can occur (I mean, nobody is above mistakes 🥴)
Finally, we click on the 'Save changes' button to save our settings.

Setting up our Travis CI script

According to the Travis CI documentation, 'Travis CI supports your development process by automatically building and testing code changes, providing immediate feedback on the success of the change. Travis CI can also automate other parts of your development process by managing deployments and notifications.'

It is a Continuous Integration/Continuous Deployment tool which automatically runs the test(s) you specify in a .travis.yml file and sends you a report stating the build status of your commit, in this way, broken code is prevented from being pushed to production.

A simple Travis script can be written as follows:

language: python
python:
  - "3.6"      # current default Python on Travis CI

# command to install dependencies
install:
  - pip install -r requirements.txt

# command to run tests
script:
  - python -m unittest test

# safelist
branches:
  only:
  - main
  - dev

From the above script, and in other Travis scripts, commands are used to perform different operations. The ones used here are:

language: This is used to specify the programming language in which our code is written (in this case Python).
python: We can specify the language version to run our tests against.
install: This is used to specify the language specific command to install dependencies upon which our code is dependent.
script: This is used to specify the language specific command to run our pre-defined tests.
branches: the 'only' option shows the branches we want to build using a safelist (in this case 'main' and 'dev')

Demo Time

Now, to check out if all our branch protection and CI/CD rules work, we push some code to our secondary branch and open up a pull request.

The pull request will fail.

voila, we are unable to merge our pull request to the main branch (it's the audacity for me😁).
We are told that our pull request needs to be reviewed, so we add a reviewer by clicking on the icon next to 'Reviewers'.
Also, our builds passed (yay!), so our reviewer will be more confident in merging our pull request.

More information can be found in the GitHub Docs.

Feel free to check out my repository on which this article was built

I hope we protect our branches better from now onwards.

Feel free to reach out to me via Linkedin

Selah!!

Branch Protection in GitHub

Mbaoma — Sat, 12 Jun 2021 08:37:32 +0000

Ever been in a position where you wish you could prevent your teammates from merging unapproved code from a development branch to the main branch?

Do you want to prevent merging code which you are not sure of its build status to your main branch?

Recently, I found myself in this situation and I plan to share a concept which helped me out - 'Branch Protection in GitHub'.

What is Branch Protection?

Branch protection is the act of setting rules to prevent certain actions from occurring on your branch(es) without your approval.

Prerequisites

It is expected that you have prior knowledge of:

Github
CI/CD tools (in this article, Travis CI)

Check out this guides for an introduction to Github and creating a simple .travis.yml file

Setting up branch protection rules

We take the following steps:

Click on the Settings option in your repository and then Branches (located on the left hand side of the page) - Click on Add Rule to create the rule(s) for your branch of choice

Next, under Branch name pattern type in the name of the branch you want to protect
For this article, we choose the following rules:
- 'Require pull request reviews before merging': we limit the number of required reviews to 1 (you can choose to increase the required reviews).
- Then, we select Include administrators , to ensure that as owners of the branch, our pull requests will have to be reviewed before a merge can occur (I mean, nobody is above mistakes 🥴)
Finally, we click on the 'Save changes' button to save our settings.

Setting up our Travis CI script

A simple Travis script can be written as follows:

language: python
python:
  - "3.6"      # current default Python on Travis CI

# command to install dependencies
install:
  - pip install -r requirements.txt

# command to run tests
script:
  - python -m unittest test

# safelist
branches:
  only:
  - main
  - dev

From the above script, and in other Travis scripts, commands are used to perform different operations. The ones used here are:

language: This is used to specify the programming language in which our code is written (in this case Python).
python: We can specify the language version to run our tests against.
install: This is used to specify the language specific command to install dependencies upon which our code is dependent.
script: This is used to specify the language specific command to run our pre-defined tests.
branches: the 'only' option shows the branches we want to build using a safelist (in this case 'main' and 'dev')

Demo Time

Now, to check out if all our branch protection and CI/CD rules work, we push some code to our secondary branch and open up a pull request.

The pull request will fail.

voila, we are unable to merge our pull request to the main branch (it's the audacity for me😁).
We are told that our pull request needs to be reviewed, so we add a reviewer by clicking on the icon next to 'Reviewers'.
Also, our builds passed (yay!), so our reviewer will be more confident in merging our pull request.

More information can be found in the GitHub Docs.

Feel free to check out my repository on which this article was built

I hope we protect our branches better from now onwards.

Feel free to reach out to me via Linkedin

Selah!!

The Art of Successful Blogging

Mbaoma — Sat, 01 May 2021 11:39:09 +0000

Blogging is an art. It allows you express your thoughts in a manner that can be understood by your readers, and also helps you create an identity as a content creator.

Blogs can be made of a variety of contents. It could be words alone, or a combination of words, pictures, or short videos.

To blog successfully, the following tips should be hearkened to (not to the letter but whatever rocks your boat and makes your brand stand out):

Select a good blogging platform: It’s advised to build your blog on already existing services such as HashNode, WordPress, and a host of others, customize your blog to suit your brand, and create a niche for yourself by writing about specific or closely related topics.
Publicize your blog: after a marathon brainstorming session, your handy solution is ready to be put up on your blog, but no one knows about it yet. Publicity should not be looked down on. Your blog posts serve as solutions to challenges, the more reason the world needs to be aware when you publish a new post.
Also, encourage easy interaction on your blog as some people might have further questions or nice comments for you. Remember, people play an important role in the life of a blogger, so be courteous.
Be confident and tough, but open to improvement. At certain points, you might get a lot of visitors, and the more visitors, the higher the chances of a negative comment. This could make a blogger rethink their decision to write. But as a blogger, you must be willing to overcome such hurdles. Remember that people go where they can get value for their time and find fixes to their challenges, hence the overwhelming visitors your blog is getting. Also know that negative comments are simply opinions of others you could or not adhere to. Instead, be ready to accept changes you agree with, focus on being regular at publishing articles (especially if you see Search Engine Optimization as a major priority), try out new writing styles, ask your audience for their take on certain ideas you might have, see your blog as a community of learners.
Write clearly: what good would it be if your audience don't understand your solution? Your points should be passed across easily, employ the use of images, a simple choice of words, and a personal feel to your texts. Your blog should be correctly formatted and edited for typos (a trusted friend can be your personal editor), get personal with your audience (it’s okay to drop some personal experiences from time to time, whatever you are comfortable with sharing), and avoid clutter.
You owe your audience a seamless and pleasant reading experience!

Worthy mentions:

Employ social media in marketing your blog and announcing your awesome articles to your fans.
Keep an eye on analytics, how does your audience react to your articles? Identify areas where you can tailor your writing to suit a certain style your audience is more comfortable with, and also what topics bother your target audience most.
Ensure you enjoy what you are doing and write about what you love.
With time, as your blog gains popularity, you might be approached to advertise for other brands, and why not?
Blogging should be seen as a journey, with plenty of room for improvement, hence you should trust your process.

May the force be with you!

Edited by: @Akinwande Akinboluwarin

Build Smarter Spreadsheets with Python

Mbaoma — Sat, 01 May 2021 11:37:50 +0000

Hi there, today's article shows us how Python makes spreadsheet creation and data manipulation more fun!

First up, we discuss Excel, a spreadsheet package. This is a Microsoft Office tool which can be used to display data in a spreadsheet format. It is made up of cells and it can be used to display data in a manner which can be easily understood. It also enables users to perform arithmetic operations and sorting with ease.

The key terminologies which would be used in this article are highlighted below:

Spreadsheet: this is the document we will create and work with. It is a file made of rows and columns that help organize data efficiently.
Column: this is marked with upper case letters in an orderly fashion such as 'A', 'B', etc and can be seen vertically on the spreadsheet.
Row: this is marked with numbers in ascending order and can be seen horizontally on the leftmost part of the spreadsheet.
Cell: this is an intersection of a column and row. They are called by joining the letter of the column and the number of the row we are referring to. For example: 'A1', 'B2'etc

Next up, Openpyxl; this is a Python library used in reading and writing excel files. It supports the xlsx and xlsm formats of excel files.

Our tutorial will consider creating a smart payroll in form of a spreadsheet; but before delving into this task, let us quickly see a use case of Openpyxl and Excel.

Baby Steps ....

First, we install openpyxl.

pip install openpyxl
pip install pandas

Then, we create a spreadsheet

# import the openpyxl library
from openpyxl import Workbook

#create the spreadsheet
our_workbook = Workbook()
sheet_one = our_workbook.active

#add texts to the cells of the spreadsheet
sheet_one["A1"] = "Ganbare"
sheet_one["B1"] = "Tomodachi"

#save the file with the 'xlsx' extension
our_workbook.save(filename= "sheet_one.xlsx")

Run the code and watch our for an excel file which will be created in the same directory with the already assigned file name.

tadaaa!!!

Up next Smart, the Payroll Dude!

First we create a spreadsheet (with some style formating)

# import the openpyxl library
from openpyxl import Workbook

#add stying to the sheet by importing the following libraries
from openpyxl.styles import NamedStyle, Font, Color, Border, colors, Side
from openpyxl.styles.differential import DifferentialStyle
from openpyxl.formatting.rule import Rule

#create the spreadsheet
our_workbook = Workbook()
sheet_one = our_workbook.active

#name the sheet
sheet_one.title = "Employee details"

#effect the styling
bold_font = Font(bold=True, color=colors.BLUE, size=10)
font_border = Border(bottom=Side(border_style='thin'))
sheet_one.freeze_panes = "A1"

#add titles to the spreadsheet
sheet_one["A1"] = "NAME"
sheet_one["A1"].font = bold_font

sheet_one["B1"] = "GROSS PAY (N)"
sheet_one["B1"].font = bold_font

sheet_one["C1"] = "TOTAL WITH-HOLDINGS (N)"
sheet_one["C1"].font = bold_font

sheet_one["D1"] = "NET AMOUNT PAYABLE (N)"
sheet_one["D1"].font = bold_font

#save the file with the 'xlsx' extension
our_workbook.save(filename= "sheet_one.xlsx")

Then, we add data to our spreadsheet and save our changes on the sheet.

(Spreadsheet after some adjustments to the margins)

We write a script to work on the data on our spreadsheet. In this use case, we write a script similar to what we have below.

#this script reads data from an excel sheet and performs some calculations

#import 'load_workbook' from 'openpyxl' library
from openpyxl import load_workbook

#import pandas and DataFrame
from pandas import DataFrame 
import pandas as pd

#load the workbook containing data
old_workbook = load_workbook(filename="sheet_one.xlsx")
new_sheet = old_workbook.active

#read the file
filename = r"sheet_one.xlsx"
df = pd.read_excel(filename)

#get the user's input values from the columns in the spreadsheet as python lists
name = list(df["NAME"][0:])
gross_pay = list(df["GROSS PAY (N)"][0:])
with_holdings = list(df["TOTAL WITH-HOLDINGS (N)"][0:])
payable_amount = list(df["NET AMOUNT PAYABLE (N)"][0:])

#applying formulae to the values gotten from the spreadsheet
payable_amount = [(gross_pay[i] - with_holdings[i]) for i in range(len(gross_pay)) and range(len(with_holdings))]

#display the results of the above lists as excel columns
df = pd.DataFrame()

#to display final results gotten after performing calculations
df["NAME"] = name[::]
df["GROSS PAY (N)"] = gross_pay[::]
df["TOTAL WITH-HOLDINGS (N)"] = with_holdings[::]
df["NET AMOUNT PAYABLE (N)"] = payable_amount[::]


#then rewrite the values to a new sheet
df.to_excel("EmployeeSalary.xlsx", index=False)

In getting the user's inputs from the sheet, we grab values by specfying their cell names

We make use of list comprehension to subtract the total with-holdings amount from the gross pay

Run the script, then open the newly created excel file in your current directory with the assigned filename.

(Spreadsheet after some adjustments to the margins)

Phew! that was a lot! Hopefully you're still with me.

Check out these reading resources for more information on the wonders of Openpyxl and Excel

Code snippets can be found on Github

Thanks @AkinwandeBolu for helping me edit this piece.

Feel free to reach out to me via twitter

Sayonara!

My Microsoft Internship

Mbaoma — Sat, 01 May 2021 11:34:29 +0000

Hi there, I am Mbaoma Chioma Mary, and I just got an offer to intern with Microsoft. This is how it all happened....

I got a mail from Jenn Travis, a Microsoft University recruiter, on Tuesday, 1st December, 2020, thanking me for being interested in the role of a Software Engineer Intern. Normally, I would have expected a rejection, or something along that line, but instead she asked if I was interested in a Program Manager role as a follow up to my application.
Prior to this, I had gotten about 4 rejection mails from Microsoft Nigeria.

I read up about the role and decided to apply because, 'why not?' and mailed Jenn on my decision. At this time, I was struggling with my faulty laptop and had a summit coming up, where I had to give a talk. This was during the Microsoft Africa Students Summit and I later learned that there was recruitment ongoing.

That same day, Jenn mailed me saying I was invited to a first round of interview (mad o!). I informed Olumide Ogundare, Uchenna Jeremiah, Winner Emeto, Ndubuisi Onyemenam, Sodiq Akinjobi, Ifihan Olusheye, Abisola Jegede, Onuoha Maryann, Auwwal and Akinwunmi Aguda because I had zero idea on what to expect from an interview.
Winner, who was already working with Microsoft, gave me an insight on what the first round was expected to entail, basically behavioral questions.

I gathered all the reading resources I could get and started studying them, having mock interviews alongside (also watching other people's mock interviews on Youtube channels such as Exponent, ThatPMGuy etc). I also prayed a lot too.

Fast forward to the interview week, the transformer serving my street got spoilt, and our personal generator was also faulty (chai, village people o!). I charged my devices overnight at a neighbor's house and waited for 3:30pm December 14th, 2020.

My interviewer was Jacquelyn Ekwueme and she was kind. It felt more like a conversation with a friend, than an interview. My interview went well. Although, I felt I gave a 'wrong answer' to the last question I was asked, and that freaked me out. I felt like all prospects of me getting to the next round had been cancelled.

One week, two weeks, the countdown was on and my parents were asking me, 'how far?'. I continued praying and waiting and when I least expected it, I got a mail inviting me to the second round of the interview, I was so happpyyyyyyy!!!!! (I fell off my chair)

Another hurdle was in front of me, I informed my 'interview crew' and preparations began in earnest. Edet Bassey was very helpful at this stage as our roles had some similarities and he has experience to back him up (he is a product manager).

As my interview date drew near, I fell ill(tears), but I continued studying and praying, hoping for the best.
My interview date came, we had power supply and our generator had been fixed (can't be caught offguard twice); it was a rather exhausting process for me as I was straining my already weak body. But as I had my family supporting me, I did my best.

My interviewers were interesting people and the questions they asked were very intelligent. They were also very helpful. They answered all my questions and took the pain to explain the questions they asked. It was rather exciting! I am very grateful.

After the interview, I prepared myself to wait for at least another one or two weeks to get a response (as this was what my recruiter Katherine said earlier).
So, you can imagine my surprise when I received a mail from Katherine the next day. When I got the notification that Katherine Safar sent me a mail, I said 'ahan!', then I checked the heading and saw 'Chioma, Your Microsoft Interview Results!'. I said 'aaahhhhhh, so fast?', my heart started racing.
I quickly asked my friends who were also interviewed if they got mails(only one other person got a mail). I finally summoned courage and opened the mail, the first paragraph sent me to the ground, I could not believe it, I got the offer!

Yooo! Mama I made it!!

It has been rather thrilling, I never expected it. This picture was taken in February,2020 at Microsoft Lagos, Nigeria during the Microsoft Learn Student Ambassadors, Nigeria Summit.

Who would have thought that a few months later, I will be resuming there as an intern.

I am really grateful to everyone who has been supporting me and pray that we all get our heart desires.

Feel free to connect with me via linkedIn

Arigatou!

Ganbare!!

Managing Users, Groups and Permissions in Linux

Mbaoma — Sat, 01 May 2021 11:26:37 +0000

Hi, in today's article, we will be walking through the steps involved in setting up an Ubuntu virtual machine, creating users and groups, and assigning specific permissions to the different groups.

Users and groups are created to control access to the system's files, directories etc.

We assume you have provisioned a Virtual machine, if not, you can follow this guide to creating a VM (Virtual Machine) in Azure .

Let's get started:

Connecting to our VM

We connect to our VM using SSH. I advise to download your keys file (VMname.pem file) to your desktop for easy access.
On your VM homepage, select
```
and then

```SSH```
```

*You have to


 your VM if you already have one created, before you can

 ```Connect```

 to it*

*   If you are on a Windows machine, you have to download

 ```Putty```

 or any other client. In this tutorial, we assume your machine is linux based. In your terminal, cd to your desktop (wherever your keys file is) and run the following commands:

chmod 400 azurekeyfile.pm
ssh -i azureuser@40.75.89.163



*The first command gives us write permission to the specified file and the second logs us in securely to the VM we've created on an Azure server.
If successful, the username on our terminal changes to 'azureuser@VMname'*

### Creating Groups

For this artcle's sake, we limit ourselves to two groups namely,

 ```group_a```

 and

 ```group_b```

.

We create our groups by running:

sudo addgroup groupname



Example:

sudo addgroup group_a
sudo addgroup group_b




We run the following command to confirm if our groups are created:

tail /etc/group




To delete a group, run the following command:

sudo delgroup groupname




### Creating Users

For this artcle's sake, we limit ourselves to four users namely,

 ```May```

,

 ```Paul```

,

 ```Abel```

 and

 ```Solomon```

.

We create our users by running:

sudo adduser username



Example:

sudo adduser may
sudo adduser paul
sudo adduser abel
sudo adduser solomon



*You will be asked to enter a new password for the user*

We run the following command to confirm if our users are created:

cut -d: -f1 /etc/passwd




To delete a user, run the following command:

sudo deluser username




### Adding Users to our Groups

Run the following command:

sudo adduser username groupname




Example:

sudo adduser may group_a
sudo adduser paul group_b
sudo adduser abel group_a
sudo adduser solomon group_b




### Granting permissions to users

We first create three files, and specify the permissions they will have.
Permissions are:
execute(x): this gives a user or group of users the permission to execute a script(file).

read(r): this gives a user or group of users the permission to read a file.

write(w): this gives a user or group of users the permission to write (or edit) a file.

We run the following command to create our files:

touch filename




Example:

touch file_a
touch file_b




*To edit a file in the terminal, we use the nano text editor by running:*

nano filename




Example:

nano file_a
nano file_b




We save our files by pressing

 ```Ctrl + O```

,

 ```Enter```

 and then exit the editor with

 ```Ctrl + X```



We give group_a users the permission to execute, write and read file_a while they can only read file_b and vice-versa.

We assign file permissions to the groups:

chmod g+wrx file_a
chmod g+wrx file_b




We give read permission to 'other' users:

chmod o+r file_a
chmod o+r file_b




We assign file_a to group_a and file_b to group_b:

chgrp group_name file_name




Example:

chgrp group_a file_a
chgrp group_b file_b




We check our files and the permissions they have:

ls -l




Expected output:
![image](https://user-images.githubusercontent.com/49791498/107143218-1bc45680-6934-11eb-88e9-0f95276e17fa.png)
The above image shows us the permissions granted to our files


```-```

 means we are dealing with files.



```rw-```

 means the owner (azureuser) has read and write permissions to the file.



```rwx```

 means the group has read, write and execute permissions to the file.



```r--```

 means others have only read access to the file. 

The column which contains

 ```1```

, indicates the number of files in the directory(in our case, we are dealing with only one file)

The column which contains

 ```azureuser```

 shows the users while

 ```group_a```

 shows the name of the group name that owns the file.

The next columns contain the size of the file, date and time the file was last modified and the name of the available files.

Tada!! our job here is done.

To end our connection with our VM, run

exit




Remember to stop and then delete your VM from the azure portal!

## Test time!!
We login as one of the users we created and try to access the files we created.

To login as May, we run:

su -p may



We would be asked to provide our user password.

![image](https://user-images.githubusercontent.com/49791498/107800514-23826180-6d5f-11eb-8f50-2eee50b2793b.png)

*All we did in the picture above, is to login as May, print out the location of our home directory and then see the files in our home directory.*

May is a member of

 ```group_a```

 which means she should not be able to write to the file

 ```file_b```



We run:

nano file_b



*This command opens up the file in the nano editor*.

We write some texts on the file, but are unable to save the new changes to the file because as a member of

 ```group_a```

, we have no access to write to the file labeled

 ```file_b```


![image](https://user-images.githubusercontent.com/49791498/107800946-bae7b480-6d5f-11eb-975e-32610613f015.png)

There you have it folks!
We have successfully assigned permissions to our group members.

Hosting Flask Apps on Nginx

Mbaoma — Sat, 01 May 2021 11:23:16 +0000

Hi there, in this article, we would be looking at how to host a Flask app on Nginx (a webserver) on an Ubuntu Virtual Machine.

A webserver is a computer that has web server software installed (Apache, Nginx, Microsoft IIS) and serves resources, which could be webpages or multimedia files, over the web, to fulfill client's requests over the internet.

Nginx is a webserver that can be used as reverse proxy, load balancer, mail proxy and HTTP Cache. It is widely used due to it's ability to scale websites better.

The first thing, we do is to provision an Ubuntu Virtual Machine (I use Microsoft Azure) and then login to it via SSH.

To follow along with this article, you are expected to have a flask application already built and in a git repository. If you don't, you could use this

We then run the following command to update our repositories:

sudo apt update

Dependig on the version of your Ubuntu VM, you might want to upgrade your Python version.
After this, we continue with the steps below:

Step 1: We clone our app's GitHub repository into our VM:

sudo apt update
git clone <repo-url>

Step 2: We change our directory's name to app

ls
mv <repo-name>/ app

(The ls command is to list all the files and directories in our current work environment)

Step 3: We cd into our directory, create a virtual environment and activate it

sudo apt-get install python3-venv
python3 -m venv <virtual-environment-name>
source <virtual-environment-name>/bin/activate

Step 4: We install the requirements in our requirements.txt file

    pip3 install -r requirements.txt

run

pip3 list

to see a list of all installed dependencies

If uWSGI does not install, run the following;

sudo apt-get install build-essential python3-dev
pip3 install uwsgi

So far, so good!

Step 5: Now, we check if our app runs on uwsgi, but first we have to set our Uncomplicated Fire Wall (ufw) to allow both incoming and outgoing connections on port 9090, the port we would be making use of.

sudo ufw enable
sudo ufw allow 9090

Expected result:

Running

sudo ufw status

shows us the current state of our firewall; whether it is active or not and the ports our firewall gives us access to.

Step 6: run the following

uwsgi dev.ini

You might see the following in the output:

run this,

sudo apt-get install libpcre3 libpcre3-dev
pip3 install uwsgi -I --no-cache-dir

then re-run the command

uwsgi dev.ini

In your browser visit

<vmipaddress>:9090/

We expect to see our Flask app displayed via this port.

Step 7: we delete the firewall rule and deactivate our virtual environment

sudo ufw delete allow 9090
deactivate

Step 8: install nginx

sudo apt install Nginx

Now, we check the apps recognized by ufw and instruct it to allow for connection to Nginx:

sudo ufw app list
sudo ufw allow 'Nginx HTTP'

To confirm if Nginx was properly installed, we type our VM's IP address in our browser.

Expected result:

Omoshiroi...

Step 9: we create systemd unit file to reboot the server running our app

sudo nano /etc/systemd/system/<custom-name-of-service-app>.service

Example:

sudo nano /etc/systemd/system/app.service

And type in the following contents in our file:

[Unit]
Description=A simple Flask uWSGI application
After=network.target

[Service]
User=<yourusername>
Group=www-data
WorkingDirectory=/home/<yourusername>/app
Environment="PATH=/home/<yourusername>/app/venv/bin"
ExecStart=/home/<yourusername>/app/venv/bin/uwsgi --ini <name-of-app-ini file>

[Install]
WantedBy=multi-user.target

Step 10: we enable the service file we just created

sudo systemctl start <name-of-app>
sudo systemctl enable app <name-of-app>

Expected output:

To check if the file is running, type:

sudo systemctl status app

Also if a mistake is made in our service file and we correct it, we have to reload the daemon and restart systemctl

Step 11: we configure nginx by creating a config file

sudo nano /etc/nginx/sites-available/<name-of-file>

And type in the following contents:

server {
    listen 80;
    server_name <your_ip_address> <your_domain_name>;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/home/<username>/app/app.sock;
    }
}

*To check if there are any errors in our nginx configuration file, we run

sudo nginx -t

Step 12: we link our config file to sites-enabled directory (Nginx server blocks configuration files are stored in /etc/nginx/sites-available directory, which are enabled through symbolic links to the /etc/nginx/sites-enabled/ directory):

sudo ln -s /<path-to-config-file>/<config-file-name> /etc/nginx/sites-enabled

Example:

sudo ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled/

Running a syntax check at this point, comes in handy

Step 13: we restart nginx for our changes to take effect

sudo systemctl restart nginx

In our browser, we type in our VM's IP address without adding a port becase in our nginx config file, we have defined a port for nginx to listen on

tada!!

IP address

Azure custom domain name

Feel free to share your IP address with friends to check out your app

Thank you for your time!!!

Find below the GitHub repo for this task:
Github repo

Feel free to connect with me via Linkedin

Gokigen'yō