Skip to content

Commit 641a273

Browse files
commjoencommjoen
authored
Merge pull request #900 from OWASP/finish48and53
fix: sa for challenge53
2 parents adb2220 + c9c7478 commit 641a273

File tree

3 files changed

+48
-38
lines changed

3 files changed

+48
-38
lines changed

build-and-deploy-minikube.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ echo "let's go!"
1515

1616
echo "password base64 encoded: " + $(kubectl get secrets wrongsecrets-balancer-secret -o=jsonpath='{.data.adminPassword}')
1717

18-
1918
kubectl port-forward service/wrongsecrets-balancer 3000:3000
2019

2120
kubectl port-forward service/prometheus-server 9090:80

wrongsecrets-balancer/src/kubernetes.js

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1792,6 +1792,16 @@ const createServiceAccountForWebTop = async (team) => {
17921792
};
17931793

17941794
const createRoleForWebTop = async (team) => {
1795+
const res = await k8sCoreApi.listNamespacedPod({
1796+
namespace: `t-${team}`,
1797+
pretty: true,
1798+
allowWatchBookmarks: true,
1799+
_continue: undefined,
1800+
fieldSelector: undefined,
1801+
labelSelector: `app=secret-challenge-53,team=${team},deployment-context=${get('deploymentContext')}`,
1802+
limit: 1,
1803+
});
1804+
const podName = res.items[0].metadata.name;
17951805
const roleDefinitionForWebtop = {
17961806
kind: 'Role',
17971807
apiVersion: 'rbac.authorization.k8s.io/v1',
@@ -1814,13 +1824,13 @@ const createRoleForWebTop = async (team) => {
18141824
apiGroups: [''],
18151825
resources: ['pods/exec'],
18161826
verbs: ['create'],
1817-
resourceNames: [`t-${team}-secret-challenge-53*`],
1827+
resourceNames: [`${podName}`],
18181828
},
18191829
{
18201830
apiGroups: [''],
18211831
resources: ['pods'],
18221832
verbs: ['patch', 'update'],
1823-
resourceNames: [`t-${team}-secret-challenge-53*`],
1833+
resourceNames: [`${podName}`],
18241834
},
18251835
{
18261836
apiGroups: [''],

wrongsecrets-balancer/src/teams/teams.js

Lines changed: 36 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -321,6 +321,15 @@ async function createTeam(req, res) {
321321
res.status(500).send({ message: 'Failed to Create Instance' });
322322
}
323323

324+
try {
325+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
326+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
327+
logger.info(`Created challenge53 Deployment for team '${team}'`);
328+
} catch (error) {
329+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
330+
res.status(500).send({ message: 'Failed to Create Instance' });
331+
}
332+
324333
try {
325334
logger.info(`Creating role for virtual desktop in K8s '${team}'`);
326335
await createRoleForWebTop(team);
@@ -364,15 +373,6 @@ async function createTeam(req, res) {
364373
res.status(500).send({ message: 'Failed to Create Instance' });
365374
}
366375

367-
try {
368-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
369-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
370-
logger.info(`Created challenge53 Deployment for team '${team}'`);
371-
} catch (error) {
372-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
373-
res.status(500).send({ message: 'Failed to Create Instance' });
374-
}
375-
376376
try {
377377
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
378378

@@ -460,6 +460,15 @@ async function createAWSTeam(req, res) {
460460
res.status(500).send({ message: 'Failed to Create Instance' });
461461
}
462462

463+
try {
464+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
465+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
466+
logger.info(`Created challenge53 Deployment for team '${team}'`);
467+
} catch (error) {
468+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
469+
res.status(500).send({ message: 'Failed to Create Instance' });
470+
}
471+
463472
try {
464473
logger.info(`Creating role for virtual desktop in AWS '${team}'`);
465474
await createRoleForWebTop(team);
@@ -505,15 +514,6 @@ async function createAWSTeam(req, res) {
505514
res.status(500).send({ message: 'Failed to Create Instance' });
506515
}
507516

508-
try {
509-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
510-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
511-
logger.info(`Created challenge53 Deployment for team '${team}'`);
512-
} catch (error) {
513-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
514-
res.status(500).send({ message: 'Failed to Create Instance' });
515-
}
516-
517517
try {
518518
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
519519

@@ -591,6 +591,15 @@ async function createAzureTeam(req, res) {
591591
res.status(500).send({ message: 'Failed to Create Instance' });
592592
}
593593

594+
try {
595+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
596+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
597+
logger.info(`Created challenge53 Deployment for team '${team}'`);
598+
} catch (error) {
599+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
600+
res.status(500).send({ message: 'Failed to Create Instance' });
601+
}
602+
594603
try {
595604
logger.info(`Creating role for virtual desktop in Azure '${team}'`);
596605
await createRoleForWebTop(team);
@@ -635,14 +644,6 @@ async function createAzureTeam(req, res) {
635644
logger.error(`Error while network security policies for team ${team}: ${error}`);
636645
res.status(500).send({ message: 'Failed to Create Instance' });
637646
}
638-
try {
639-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
640-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
641-
logger.info(`Created challenge53 Deployment for team '${team}'`);
642-
} catch (error) {
643-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
644-
res.status(500).send({ message: 'Failed to Create Instance' });
645-
}
646647

647648
try {
648649
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
@@ -747,6 +748,15 @@ async function createGCPTeam(req, res) {
747748
res.status(500).send({ message: 'Failed to Create Instance' });
748749
}
749750

751+
try {
752+
logger.info(`Creating challenge53 Deployment for team '${team}'`);
753+
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
754+
logger.info(`Created challenge53 Deployment for team '${team}'`);
755+
} catch (error) {
756+
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
757+
res.status(500).send({ message: 'Failed to Create Instance' });
758+
}
759+
750760
try {
751761
logger.info(`Creating role for virtual desktop in GCP '${team}'`);
752762
await createRoleForWebTop(team);
@@ -791,15 +801,6 @@ async function createGCPTeam(req, res) {
791801
logger.error(`Error while network security policies for team ${team}: ${error}`);
792802
res.status(500).send({ message: 'Failed to Create Instance' });
793803
}
794-
try {
795-
logger.info(`Creating challenge53 Deployment for team '${team}'`);
796-
await createK8sChallenge53DeploymentForTeam({ team, passcodeHash: hash });
797-
logger.info(`Created challenge53 Deployment for team '${team}'`);
798-
} catch (error) {
799-
logger.error(`Error while creating challenge53 deployment for team ${team}: ${error.message}`);
800-
res.status(500).send({ message: 'Failed to Create Instance' });
801-
}
802-
803804
try {
804805
loginCounter.inc({ type: 'registration', userType: 'user' }, 1);
805806

0 commit comments

Comments
 (0)