Edit balancer ui

Signed-off-by: osamamagdy <[email protected]>

Author: osamamagdy

.gitignore

@@ -20,3 +20,4 @@ db.zip
 *.auto.tfvars
 node_modules
 .npm
+gcp/k8s/secret-volume.yml

azure/build-and-deploy-azure.sh

@@ -57,6 +57,8 @@ export AZ_VAULT_URI="$(terraform output -raw vault_uri)"
 export AZ_KEY_VAULT_TENANT_ID="$(terraform output -raw tenant_id)"
 export AZ_KEY_VAULT_NAME="$(terraform output -raw vault_name)"
 
+export AZ_STORAGE_ACCOUNT="$(terraform output -chdir=./shared-state -raw storage_account_name)"
+
 # Set the kubeconfig
 az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME
 
@@ -150,6 +152,7 @@ echo "You can find the app password in password.txt"
 
 helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.K8S_ENV=azure" \
+  --set="balancer.env.REACT_APP_AZ_BLOB_URL=https://${AZ_STORAGE_ACCOUNT}.blob.core.windows.net/tfstate" \
   --set="balancer.env.REACT_APP_ACCESS_PASSWORD=${APP_PASSWORD}" \
   --set="balancer.env.REACT_APP_CREATE_TEAM_HMAC_KEY=${CREATE_TEAM_HMAC}" \
   --set="balancer.env.AZ_KEY_VAULT_NAME=${AZ_KEY_VAULT_NAME}" \

azure/shared-state/main.tf

@@ -3,9 +3,11 @@ terraform {
   required_providers {
     azurerm = {
       version = "~> 3.0"
+      source  = "hashicorp/azurerm"
     }
     random = {
       version = "~> 3.0"
+      source  = "hashicorp/random"
     }
   }
 }
@@ -16,7 +18,7 @@ provider "azurerm" {
 }
 
 # If you're using an existing resource group, modify this part. That'll definitely be the case if you're using shared state!
-# Note that you'll need to find/replace references to "arurerm_resource_group.default" to "data.azurerm_resource_group.default"
+# Note that you'll need to find/replace references to "azurerm_resource_group.default" to "data.azurerm_resource_group.default"
 #data "azurerm_resource_group" "default" {
 #  name = "owasp-wrongsecrets"
 #}

gcp/build-and-deploy-gcp.sh

@@ -35,6 +35,8 @@ echo "This is a script to bootstrap the configuration. You need to have installe
 
 export GCP_PROJECT=$(gcloud config list --format 'value(core.project)' 2>/dev/null)
 
+export GCP_BUCKET_NAME="$(terraform -chdir=./shared-state output -raw bucket)"
+
 # Patch the default namespace to use the secrets store CSI driver
 
 echo "Setting up workspace PSA to restricted for default"
@@ -102,11 +104,12 @@ echo "You can find the app password in password.txt"
 
 helm upgrade --install mj ../helm/wrongsecrets-ctf-party \
   --set="balancer.env.K8S_ENV=gcp" \
+  --set="balancer.env.REACT_APP_GCP_BUCKET_URL=https://console.cloud.google.com/storage/browser/${GCP_BUCKET_NAME}" \
   --set="balancer.env.REACT_APP_ACCESS_PASSWORD=${APP_PASSWORD}" \
   --set="balancer.env.REACT_APP_CREATE_TEAM_HMAC_KEY=${CREATE_TEAM_HMAC}" \
   --set="balancer.cookie.cookieParserSecret=${COOKIE_PARSER_SECRET}" \
   --set="balancer.env.GCP_PROJECT_ID=${GCP_PROJECT}" \
-  --set="balancer.repository=osamamagdy/wrongsecrets-balancer" \
+
 
 kubectl annotate serviceaccount \
   --namespace default wrongsecrets-balancer \

gcp/k8s/secret-volume.yml

@@ -84,8 +84,10 @@ Run Multi User "Capture the Flags" or Security Trainings with OWASP Wrongsecrets
 | balancer.env.IRSA_ROLE | string | `"arn:aws:iam::233483431651:role/wrongsecrets-secret-manager"` |  |
 | balancer.env.K8S_ENV | string | `"k8s"` |  |
 | balancer.env.REACT_APP_ACCESS_PASSWORD | string | `""` |  |
+| balancer.env.REACT_APP_AZ_BLOB_URL | string | `"az://funstuff"` |  |
 | balancer.env.REACT_APP_CREATE_TEAM_HMAC_KEY | string | `"hardcodedkey"` |  |
 | balancer.env.REACT_APP_CTFD_URL | string | `"https://ctfd.io"` |  |
+| balancer.env.REACT_APP_GCP_BUCKET_URL | string | `"gs://funstuff"` |  |
 | balancer.env.REACT_APP_HEROKU_WRONGSECRETS_URL | string | `"https://wrongsecrets-ctf.herokuapp.com"` |  |
 | balancer.env.REACT_APP_MOVING_GIF_LOGO | string | `"https://i.gifer.com/9kGQ.gif"` |  |
 | balancer.env.REACT_APP_S3_BUCKET_URL | string | `"s3://funstuff"` |  |

helm/wrongsecrets-ctf-party/README.md

@@ -91,7 +91,9 @@ balancer:
     REACT_APP_MOVING_GIF_LOGO: "https://i.gifer.com/9kGQ.gif" #displayed at the frontend when you enter the CTF
     REACT_APP_HEROKU_WRONGSECRETS_URL: "https://wrongsecrets-ctf.herokuapp.com" #required for 3 domain setup
     REACT_APP_CTFD_URL: "https://ctfd.io" #requierd for 2 and 3 domain setup
-    REACT_APP_S3_BUCKET_URL: "s3://funstuff" #the s3 bucket you use for teh aws challenges, don't forget to make it accessible!
+    REACT_APP_S3_BUCKET_URL: "s3://funstuff" #the s3 bucket you use for the aws challenges, don't forget to make it accessible!
+    REACT_APP_GCP_BUCKET_URL: "gs://funstuff" #the gcp bucket you use for the gcp challenges, don't forget to make it accessible!
+    REACT_APP_AZ_BLOB_URL: "az://funstuff" #the azure blob storage you use for the azure challenges, don't forget to make it accessible!
     K8S_ENV: "k8s" #or 'aws', 'azure', or 'gcp'
     REACT_APP_ACCESS_PASSWORD: "" #DEFAULT NO PASSWORD, PLAYING THIS IN PUBLIC? PUT A FANCY STRING HERE, BUT BE GENTLE: USERS NEED TO BE ABLE TO COPY THAT STUFF...
     REACT_APP_CREATE_TEAM_HMAC_KEY: "hardcodedkey"

helm/wrongsecrets-ctf-party/values.yaml

@@ -63,9 +63,12 @@ app.get('/balancer/dynamics', (req, res) => {
   }
   res.json({
     react_gif_logo: process.env['REACT_APP_MOVING_GIF_LOGO'],
+    k8s_env: process.env['K8S_ENV'],
     heroku_wrongsecret_ctf_url: process.env['REACT_APP_HEROKU_WRONGSECRETS_URL'],
     ctfd_url: process.env['REACT_APP_CTFD_URL'],
     s3_bucket_url: process.env['REACT_APP_S3_BUCKET_URL'],
+    azure_blob_url: process.env['REACT_APP_AZ_BLOB_URL'],
+    gcp_bucket_url: process.env['REACT_APP_GCP_BUCKET_URL'],
     hmac_key: process.env['REACT_APP_CREATE_TEAM_HMAC_KEY'] || 'hardcodedkey',
     enable_password: usePassword,
   });

wrongsecrets-balancer/src/app.js

@@ -96,9 +96,12 @@ export const JoinPage = injectIntl(({ intl }) => {
   const initialDynamics = {
     // type all the fields you need
     react_gif_logo: 'https://i.gifer.com/9kGQ.gif',
+    k8s_env: process.env['K8S_ENV'],
     heroku_wrongsecret_ctf_url: process.env['REACT_APP_HEROKU_WRONGSECRETS_URL'],
     ctfd_url: process.env['REACT_APP_CTFD_URL'],
     s3_bucket_url: process.env['REACT_APP_S3_BUCKET_URL'],
+    azure_blob_url: process.env['REACT_APP_AZ_BLOB_URL'],
+    gcp_bucket_url: process.env['REACT_APP_GCP_BUCKET_URL'],
     hmac_key: process.env['REACT_APP_CREATE_TEAM_HMAC_KEY'],
     enable_password: false,
   };
@@ -156,14 +159,37 @@ export const JoinPage = injectIntl(({ intl }) => {
               {dynamics.ctfd_url}
             </a>
           </li>
+          {dynamics.k8s_env === 'aws' ? (
           <li>
-            Optionally: the storage bucket with Terraform state for the cloud challenges:{' '}
+            Optionally: the aws storage bucket with Terraform state for the cloud challenges:{' '}
             <a href={dynamics.s3_bucket_url}>
               {dynamics.s3_bucket_url}
             </a>
             . For this you will need credentials that will be provided to you as part of the CTF
             instructions.
           </li>
+          ) : null }
+          {dynamics.k8s_env === 'azure' ? (
+            <li>
+              Optionally: the azure storage bucket with Terraform state for the cloud challenges:{' '}
+              <a href={dynamics.azure_blob_url}>
+                {dynamics.azure_blob_url}
+              </a>
+              . For this you will need credentials that will be provided to you as part of the CTF
+              instructions.
+            </li>
+          ) : null }
+          {dynamics.k8s_env === 'gcp' ? (
+          <li>
+            Optionally: the gcp storage bucket with Terraform state for the cloud challenges:{' '}
+            <a href={dynamics.gcp_bucket_url}>
+              {dynamics.gcp_bucket_url}
+            </a>
+            . For this you will need credentials that will be provided to you as part of the CTF
+            instructions.
+          </li>
+          ) : null }
+
         </ul>
         <FormattedMessage
           id="welcome_text_2"