Skip to content

Commit 466b4d9

Browse files
bendehaanbendehaan
committed
feat: fix sa
1 parent c405e72 commit 466b4d9

File tree

3 files changed

+36
-172
lines changed

3 files changed

+36
-172
lines changed

build-and-deploy-minikube.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ echo "let's go!"
1515

1616
echo "password base64 encoded: " + $(kubectl get secrets wrongsecrets-balancer-secret -o=jsonpath='{.data.adminPassword}')
1717

18-
1918
kubectl port-forward service/wrongsecrets-balancer 3000:3000
2019

2120
kubectl port-forward service/prometheus-server 9090:80

wrongsecrets-balancer/src/kubernetes.js

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1792,6 +1792,16 @@ const createServiceAccountForWebTop = async (team) => {
17921792
};
17931793

17941794
const createRoleForWebTop = async (team) => {
1795+
const res = await k8sCoreApi.listNamespacedPod({
1796+
namespace: `t-${team}`,
1797+
pretty: true,
1798+
allowWatchBookmarks: true,
1799+
_continue: undefined,
1800+
fieldSelector: undefined,
1801+
labelSelector: `app=secret-challenge-53,team=${team},deployment-context=${get('deploymentContext')}`,
1802+
limit: 1
1803+
});
1804+
const podName = res.items[0].metadata.name;
17951805
const roleDefinitionForWebtop = {
17961806
kind: 'Role',
17971807
apiVersion: 'rbac.authorization.k8s.io/v1',
@@ -1814,13 +1824,13 @@ const createRoleForWebTop = async (team) => {
18141824
apiGroups: [''],
18151825
resources: ['pods/exec'],
18161826
verbs: ['create'],
1817-
resourceNames: [`t-${team}-secret-challenge-53*`],
1827+
resourceNames: [`${podName}`],
18181828
},
18191829
{
18201830
apiGroups: [''],
18211831
resources: ['pods'],
18221832
verbs: ['patch', 'update'],
1823-
resourceNames: [`t-${team}-secret-challenge-53*`],
1833+
resourceNames: [`${podName}`],
18241834
},
18251835
{
18261836
apiGroups: [''],
@@ -2124,7 +2134,7 @@ const deleteNamespaceForTeam = async (team) => {
21242134
};
21252135

21262136
const deletePodForTeam = async (team) => {
2127-
const res = await k8sCoreApi.listNamespacedPod({
2137+
const res = await k8sCoreApi.listNamespacedPod({
21282138
namespace: `t-${team}`,
21292139
pretty: true,
21302140
allowWatchBookmarks: true,

wrongsecrets-balancer/src/teams/teams.js

Lines changed: 23 additions & 168 deletions
Original file line numberDiff line numberDiff line change
@@ -321,6 +321,15 @@ async function createTeam(req, res) {
321321
res.status(500).send({ message: 'Failed to Create Instance' });
322322
}
323323

324+
try {
325+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
326+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
327+
logger.info(`Created challenge53 Deployment for team '${team}'`);
328+
} catch (error) {
329+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
330+
res.status(500).send({ message: 'Failed to Create Instance' });
331+
}
332+
324333
try {
325334
logger.info(`Creating role for virtual desktop in K8s '${team}'`);
326335
await createRoleForWebTop(team);
@@ -364,15 +373,6 @@ async function createTeam(req, res) {
364373
res.status(500).send({ message: 'Failed to Create Instance' });
365374
}
366375

367-
try {
368-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
369-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
370-
logger.info(`Created challenge53 Deployment for team '${team}'`);
371-
} catch (error) {
372-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
373-
res.status(500).send({ message: 'Failed to Create Instance' });
374-
}
375-
376376
try {
377377
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
378378

@@ -460,6 +460,15 @@ async function createAWSTeam(req, res) {
460460
res.status(500).send({ message: 'Failed to Create Instance' });
461461
}
462462

463+
try {
464+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
465+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
466+
logger.info(`Created challenge53 Deployment for team '${team}'`);
467+
} catch (error) {
468+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
469+
res.status(500).send({ message: 'Failed to Create Instance' });
470+
}
471+
463472
try {
464473
logger.info(`Creating role for virtual desktop in AWS '${team}'`);
465474
await createRoleForWebTop(team);
@@ -505,15 +514,6 @@ async function createAWSTeam(req, res) {
505514
res.status(500).send({ message: 'Failed to Create Instance' });
506515
}
507516

508-
try {
509-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
510-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
511-
logger.info(`Created challenge53 Deployment for team '${team}'`);
512-
} catch (error) {
513-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
514-
res.status(500).send({ message: 'Failed to Create Instance' });
515-
}
516-
517517
try {
518518
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
519519

@@ -591,50 +591,6 @@ async function createAzureTeam(req, res) {
591591
res.status(500).send({ message: 'Failed to Create Instance' });
592592
}
593593

594-
try {
595-
logger.info(`Creating role for virtual desktop in Azure '${team}'`);
596-
await createRoleForWebTop(team);
597-
logger.info(`Created role for virtual desktopfor team '${team}'`);
598-
} catch (error) {
599-
logger.error(
600-
`Error while creating role for virtual desktop for team ${team}: ${error.message}`
601-
);
602-
res.status(500).send({ message: 'Failed to Create Instance' });
603-
}
604-
605-
try {
606-
logger.info(`Creating roleBinding for virtual desktop in Azure '${team}'`);
607-
await createRoleBindingForWebtop(team);
608-
logger.info(`Created roleBinding for virtual desktopfor team '${team}'`);
609-
} catch (error) {
610-
logger.error(
611-
`Error while creating roleBinding for virtual desktop for team ${team}: ${error.message}`
612-
);
613-
res.status(500).send({ message: 'Failed to Create Instance' });
614-
}
615-
616-
try {
617-
logger.info(`Creating virtualdesktop Deployment for team '${team}'`);
618-
await createDesktopDeploymentForTeam({ team, passcodeHash: hash });
619-
await createDesktopServiceForTeam(team);
620-
621-
logger.info(`Created virtualdesktop Deployment for team '${team}'`);
622-
} catch (error) {
623-
logger.error(
624-
`Error while creating Virtualdesktop deployment or service for team ${team}: ${error.message}`
625-
);
626-
res.status(500).send({ message: 'Failed to Create Instance' });
627-
}
628-
629-
try {
630-
logger.info(`Creating network security policies for team '${team}'`);
631-
await createNSPsforTeam(team);
632-
633-
logger.info(`Created network security policies for team '${team}'`);
634-
} catch (error) {
635-
logger.error(`Error while network security policies for team ${team}: ${error}`);
636-
res.status(500).send({ message: 'Failed to Create Instance' });
637-
}
638594
try {
639595
logger.info(`Creating challenge53 Deployment for team '${team}'`);
640596
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
@@ -645,110 +601,18 @@ async function createAzureTeam(req, res) {
645601
}
646602

647603
try {
648-
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
649-
650-
res
651-
.cookie(get('cookieParser.cookieName'), `t-${team}`, {
652-
...cookieSettings,
653-
})
654-
.status(200)
655-
.json({
656-
message: 'Created Instance',
657-
passcode,
658-
});
659-
} catch (error) {
660-
logger.error(
661-
`Error while creating deployment or service for team ${team} on Azure: ${error.message}`
662-
);
663-
res.status(500).send({ message: 'Failed to Create Instance' });
664-
}
665-
}
666-
667-
/**
668-
* @param {import("express").Request} req
669-
* @param {import("express").Response} res
670-
*/
671-
async function createGCPTeam(req, res) {
672-
const { team } = req.params;
673-
const { passcode, hash } = await generatePasscode();
674-
try {
675-
logger.info(`Creating Namespace for team '${team}'`);
676-
await createNameSpaceForTeam(team);
677-
} catch (error) {
678-
logger.error(`Error while creating namespace for ${team}: ${error}`);
679-
res.status(500).send({ message: 'Failed to Create Instance' });
680-
}
681-
try {
682-
logger.info(`Creating Configmap for team '${team}'`);
683-
await createConfigmapForTeam(team);
684-
685-
logger.info(`Creating Secretsfile for team '${team}'`);
686-
await createSecretsfileForTeam(team);
687-
await createChallenge33SecretForTeam(team);
688-
} catch (error) {
689-
logger.error(`Error while creating secretsfile or configmap for ${team}: ${error}`);
690-
res.status(500).send({ message: 'Failed to Create Instance' });
691-
}
692-
try {
693-
logger.info(
694-
`Creating Secrets provider for team ${team}, please make sure the csi driver helm is installed and running`
695-
);
696-
await createGCPSecretsProviderForTeam(team);
697-
} catch (error) {
698-
logger.error(`Error while creating Secretsprovider for team ${team}: ${error}`);
699-
res.status(500).send({ message: 'Failed to Create Instance' });
700-
}
701-
702-
try {
703-
logger.info(`IAM service account for team '${team}'`);
704-
await createIAMServiceAccountForTeam(team);
705-
logger.info(`Created IAM service account for team '${team}'`);
706-
} catch (error) {
707-
logger.error(`Error while creating IAM service account for team ${team}: ${error}`);
708-
res.status(500).send({ message: 'Failed to Create Instance' });
709-
}
710-
711-
try {
712-
logger.info(`Binding IAM service account to workload for team '${team}'`);
713-
await bindIAMServiceAccountToWorkloadForTeam(team);
714-
logger.info(`Bound IAM service account to workload for team '${team}'`);
715-
} catch (error) {
716-
logger.error(`Error while binding IAM service account to workload for team ${team}: ${error}`);
717-
res.status(500).send({ message: 'Failed to Create Instance' });
718-
}
719-
720-
try {
721-
logger.info(`Annotating the service account for ${team},`);
722-
await patchServiceAccountForTeamForGCP(team);
723-
} catch (error) {
724-
logger.error(`Error while annotating the service account for ${team}: ${error}`);
725-
res.status(500).send({ message: 'Failed to Create Instance' });
726-
}
727-
728-
try {
729-
logger.info(`Creating WrongSecrets Deployment for team '${team}' with GCP`);
730-
await createGCPDeploymentForTeam({ team, passcodeHash: hash });
731-
await createServiceForTeam(team);
732-
} catch (error) {
733-
logger.error(
734-
`Error while creating wrongsecrets deployment or service for team ${team}: ${error.message}`
735-
);
736-
res.status(500).send({ message: 'Failed to Create Instance' });
737-
}
738-
739-
try {
740-
logger.info(`Creating service account for virtual desktop in GCP '${team}'`);
741-
await createServiceAccountForWebTop(team);
742-
logger.info(`Created service account for virtual desktopfor team '${team}'`);
604+
logger.info(`Creating role for virtual desktop in Azure '${team}'`);
605+
await createRoleForWebTop(team);
606+
logger.info(`Created role for virtual desktopfor team '${team}'`);
743607
} catch (error) {
744608
logger.error(
745-
`Error while creating service account for virtual desktop for team ${team}: ${error.message}`
609+
`Error while creating role for virtual desktop for team ${team}: ${error.message}`
746610
);
747611
res.status(500).send({ message: 'Failed to Create Instance' });
748612
}
749613

750614
try {
751-
logger.info(`Creating role for virtual desktop in GCP '${team}'`);
615+
logger.info(`Creating roleBinding for virtual desktop in Azure '${team}'`);
752616
await createRoleForWebTop(team);
753617
logger.info(`Created role for virtual desktopfor team '${team}'`);
754618
} catch (error) {
@@ -791,15 +655,6 @@ async function createGCPTeam(req, res) {
791655
logger.error(`Error while network security policies for team ${team}: ${error}`);
792656
res.status(500).send({ message: 'Failed to Create Instance' });
793657
}
794-
try {
795-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
796-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
797-
logger.info(`Created challenge53 Deployment for team '${team}'`);
798-
} catch (error) {
799-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
800-
res.status(500).send({ message: 'Failed to Create Instance' });
801-
}
802-
803658
try {
804659
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
805660

0 commit comments

Comments
 (0)