Merge pull request #881 from OWASP/challengeport

(WIP) Upgrading to wrongsecrets 1.12.0 (WIP)

Author: commjoen

.github/workflows/minikube-k8s-test.yml

@@ -23,9 +23,9 @@ jobs:
       - name: Start minikube
         uses: medyagh/setup-minikube@master
         with:
-          minikube-version: 1.33.1
+          minikube-version: 1.35.0
           driver: docker
-          kubernetes-version: v1.30.0
+          kubernetes-version: v1.32.0
       - name: test script
         run: |
           eval $(minikube docker-env)
@@ -48,9 +48,9 @@ jobs:
       - name: Start minikube
         uses: medyagh/setup-minikube@master
         with:
-          minikube-version: 1.33.1
+          minikube-version: 1.35.0
           driver: docker
-          kubernetes-version: v1.30.0
+          kubernetes-version: v1.32.0
       - name: test script
         run: |
           eval $(minikube docker-env)

build-and-deploy-container-minikube.sh

@@ -4,7 +4,7 @@ source ./scripts/check-available-commands.sh
 checkCommandsAvailable helm docker kubectl yq minikube
 
 minikube delete
-minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.30.0
+minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.32.0
 eval $(minikube docker-env)
 ./build-and-deploy-container.sh
 

build-and-deploy-container.sh

@@ -19,6 +19,9 @@ WRONGSECRETS_BALANCER_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.
 WRONGSECRETS_BALANCER_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.balancer.tag')
 WRONGSECRETS_CLEANER_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecretsCleanup.repository')
 WRONGSECRETS_CLEANER_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecretsCleanup.tag')
+echo "doing workaround for selaed secrets"
+helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+helm install my-release sealed-secrets/sealed-secrets
 echo "Pulling in required images to actually run $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG & $WEBTOP_IMAGE:$WEBTOP_TAG."
 echo "If you see an authentication failure: pull them manually by the following 2 commands"
 echo "'docker pull $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG'"

build-and-deploy-minikube.sh

@@ -4,14 +4,18 @@ source ./scripts/check-available-commands.sh
 checkCommandsAvailable helm docker kubectl yq minikube
 
 minikube delete
-minikube start  --cpus=6 --memory=8000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.30.0
+minikube start  --cpus=8 --memory=12000MB --network-plugin=cni --cni=calico --driver=docker --kubernetes-version=1.32.0
 eval $(minikube docker-env)
 ./build-and-deploy.sh
 
-sleep 15
+echo "Waiting for wrongsecrets-balancer pods to be ready..."
+kubectl wait --for=condition=ready pod -l app=wrongsecrets-balancer --timeout=2s
 
 echo "let's go!"
 
+echo "password base64 encoded: " + $(kubectl get secrets wrongsecrets-balancer-secret -o=jsonpath='{.data.adminPassword}')
+
+
 kubectl port-forward service/wrongsecrets-balancer 3000:3000
 
 kubectl port-forward service/prometheus-server 9090:80

build-and-deploy.sh

@@ -12,10 +12,13 @@ checkCommandsAvailable helm docker kubectl yq
 version="$(uuidgen)"
 eval $(minikube docker-env)
 docker login
-WRONGSECRETS_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecrets.image')
-WRONGSECRETS_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.wrongsecrets.tag')
-WEBTOP_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.virtualdesktop.image')
-WEBTOP_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml| yq '.virtualdesktop.tag')
+WRONGSECRETS_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml | yq '.wrongsecrets.image')
+WRONGSECRETS_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml | yq '.wrongsecrets.tag')
+WEBTOP_IMAGE=$(cat helm/wrongsecrets-ctf-party/values.yaml | yq '.virtualdesktop.image')
+WEBTOP_TAG=$(cat helm/wrongsecrets-ctf-party/values.yaml | yq '.virtualdesktop.tag')
+echo "doing workaround for selaed secrets"
+helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+helm install ws-sealedsecrets sealed-secrets/sealed-secrets --namespace kube-system
 echo "Pulling in required images to actually run $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG & $WEBTOP_IMAGE:$WEBTOP_TAG."
 echo "If you see an authentication failure: pull them manually by the following 2 commands"
 echo "'docker pull $WRONGSECRETS_IMAGE:$WRONGSECRETS_TAG'"

cleaner/.jest/__mocks__/@kubernetes/client-node.js

@@ -0,0 +1,40 @@
+// Mock for @kubernetes/client-node
+class MockKubeConfig {
+  loadFromCluster() {
+    // Mock implementation
+  }
+
+  makeApiClient(ApiClass) {
+    return new ApiClass();
+  }
+}
+
+class MockAppsV1Api {
+  listNamespacedDeployment() {
+    return Promise.resolve({
+      body: {
+        items: []
+      }
+    });
+  }
+}
+
+class MockCoreV1Api {
+  listNamespace() {
+    return Promise.resolve({
+      body: {
+        items: []
+      }
+    });
+  }
+
+  deleteNamespace() {
+    return Promise.resolve({});
+  }
+}
+
+module.exports = {
+  KubeConfig: MockKubeConfig,
+  AppsV1Api: MockAppsV1Api,
+  CoreV1Api: MockCoreV1Api
+};

cleaner/jest.config.js

@@ -1,4 +1,7 @@
 module.exports = {
   setupFiles: ['./.jest/setEnvVars.js'],
-  // ... other configurations
+  testEnvironment: 'node',
+  moduleNameMapper: {
+    '^@kubernetes/client-node$': '<rootDir>/.jest/__mocks__/@kubernetes/client-node.js'
+  }
 };