render out challenge information to markdown temporarily

Signed-off-by: Robert Detjens <[email protected]>

Author: detjensrobert

src/clients.rs

@@ -222,7 +222,7 @@ pub async fn apply_manifest_yaml(
     // this manifest has multiple documents (crds, deployment)
     for yaml in multidoc_deserialize(manifest)? {
         let obj: DynamicObject = serde_yml::from_value(yaml)?;
-        debug!(
+        trace!(
             "applying resource {} {}",
             obj.types.clone().unwrap_or_default().kind,
             obj.name_any()

src/commands/deploy.rs

@@ -1,4 +1,4 @@
-use anyhow::Result;
+use anyhow::{Context, Result};
 use itertools::Itertools;
 use std::process::exit;
 use tracing::{debug, error, info, trace, warn};
@@ -29,23 +29,9 @@ pub async fn run(profile_name: &str, no_build: &bool, _dry_run: &bool) -> Result
         build_results.iter().map(|b| &b.1).collect_vec()
     );
 
-    // deploy needs to:
-    // A) render kubernetes manifests
-    //    - namespace, deployment, service, ingress
-    //    - upgrade ingress config with new listen ports
-    //
-    // B) upload asset files to bucket
-    //
-    // C) update frontend with new state of challenges
-
-    // A)
-    deploy::kubernetes::deploy_challenges(profile_name, &build_results).await?;
-
-    // B)
-    deploy::s3::upload_assets(profile_name, &build_results).await?;
-
-    // C)
-    deploy::frontend::update_frontend(profile_name, &build_results).await?;
+    deploy::deploy_challenges(profile_name, &build_results)
+        .await
+        .context("could not deploy challenges")?;
 
     Ok(())
 }

src/deploy/frontend.rs

@@ -1,20 +1,147 @@
-use std::path::PathBuf;
+use std::fs::File;
+use std::io::Read;
+use std::path::{Path, PathBuf};
 
 use anyhow::{anyhow, bail, Context, Error, Ok, Result};
 use itertools::Itertools;
 use tracing::{debug, error, info, trace, warn};
 
 use crate::builder::BuildResult;
+use crate::configparser::challenge::{ExposeType, FlagType};
 use crate::configparser::config::ProfileConfig;
 use crate::configparser::{enabled_challenges, get_config, get_profile_config, ChallengeConfig};
+use crate::utils::render_strict;
+
+use super::kubernetes::KubeDeployResult;
+use super::s3::S3DeployResult;
 
 /// Sync deployed challenges with rCTF frontend
 pub async fn update_frontend(
     profile_name: &str,
-    build_results: &[(&ChallengeConfig, BuildResult)],
-) -> Result<()> {
+    chal: &ChallengeConfig,
+    build_result: &BuildResult,
+    kube_result: &KubeDeployResult,
+    s3_result: &S3DeployResult,
+) -> Result<String> {
     let profile = get_profile_config(profile_name)?;
     let enabled_challenges = enabled_challenges(profile_name)?;
 
-    todo!()
+    // TODO: hook this up to real frontend! Waiting on rCTF frontend reimplementation
+
+    // for now, render out all challenge information to a markdown file for
+    // admins to enter manually
+
+    let hostname = chal_domain(chal, &profile.challenges_domain);
+    let rendered_desc = render_strict(
+        &chal.description,
+        minijinja::context! {
+            challenge => chal,
+            host => hostname,
+            port => chal_port(chal),
+            nc => format!("`nc {} {}`", hostname, chal_port(chal)),
+            url => format!("[https://{hostname}](https://{hostname})", ),
+            link => format!("https://{hostname}"),
+        },
+    )?;
+
+    // urls to markdown links
+    let asset_urls = s3_result
+        .uploaded_asset_urls
+        .iter()
+        .map(|url| {
+            format!(
+                "[{}]({})",
+                Path::new(url)
+                    .file_name()
+                    .expect("asset URL has no path!")
+                    .to_string_lossy(),
+                url
+            )
+        })
+        .join("\n\n");
+    let flag = match &chal.flag {
+        FlagType::RawString(f) => f.clone(),
+        FlagType::File { file } => {
+            let full_path = chal.directory.join(file);
+            let mut flag = String::new();
+            let f = File::open(&full_path)
+                .with_context(|| {
+                    format!(
+                        "could not open flag file {:?} for challenge {:?}",
+                        &full_path, chal.directory
+                    )
+                })?
+                .read_to_string(&mut flag);
+            flag
+        }
+        FlagType::Text { text } => text.clone(),
+        FlagType::Regex { regex } => unimplemented!(),
+        FlagType::Verifier { verifier } => unimplemented!(),
+    };
+
+    let info_md = format!(
+        r"
+##  `{slug}`
+
+|        |   |
+--------:|---|
+name     | `{name}`
+category | `{cat}`
+author   | `{author}`
+
+### description
+
+```
+{desc}
+
+{asset_urls}
+```
+
+### flag
+
+`{flag}`
+
+---
+",
+        slug = chal.slugify_slash(),
+        name = chal.name,
+        cat = chal.category,
+        author = chal.author,
+        desc = rendered_desc,
+        asset_urls = asset_urls,
+        flag = flag,
+    );
+
+    // TODO: proper frontend updates
+
+    Ok(info_md)
+}
+
+// TODO: move to impl ChallengeConfig?
+// TODO: return Option and report errors when missing
+fn chal_domain(chal: &ChallengeConfig, chal_domain: &str) -> String {
+    // find first container with expose
+    match chal.pods.iter().find(|p| !p.ports.is_empty()) {
+        Some(p) => {
+            let subdomain = match &p.ports[0].expose {
+                ExposeType::Tcp(_port) => &chal.name,
+                ExposeType::Http(hostname) => hostname,
+            };
+            format!("{subdomain}.{chal_domain}")
+        }
+        // no pods have expose, no hostname for challenge
+        None => "".to_string(),
+    }
+}
+
+fn chal_port(chal: &ChallengeConfig) -> &i64 {
+    // find first container with expose
+    match chal.pods.iter().find(|p| !p.ports.is_empty()) {
+        Some(p) => match &p.ports[0].expose {
+            ExposeType::Tcp(port) => port,
+            ExposeType::Http(_hostname) => &443,
+        },
+        // no pods have expose, no hostname for challenge
+        None => &0,
+    }
 }

src/deploy/kubernetes/mod.rs

@@ -29,46 +29,18 @@ pub enum PodDeployResult {
     Tcp { port: usize },
 }
 
-/// Render challenge manifest templates and apply to cluster
-pub async fn deploy_challenges(
-    profile_name: &str,
-    build_results: &[(&ChallengeConfig, BuildResult)],
-) -> Result<Vec<KubeDeployResult>> {
-    let profile = get_profile_config(profile_name)?;
-
-    // Kubernetes deployment needs to:
-    // 1. render manifests
-    //   - namespace
-    //   - challenge pod deployment(s)
-    //   - service
-    //   - ingress
-    //
-    // 2. update ingress controller tcp ports
-    //
-    // 3. wait for all challenges to become ready
-    //
-    // 4. record domains and IPs of challenges to pass to frontend (?)
-
-    let results = build_results
-        .iter()
-        .map(|(chal, _)| deploy_single_challenge(profile_name, chal))
-        .try_join_all()
-        .await?;
-
-    update_ingress_tcp().await?;
-
-    Ok(results)
-}
-
 // Deploy all K8S resources for a single challenge `chal`.
 //
 // Creates the challenge namespace, deployments, services, and ingresses needed
 // to deploy and expose the challenge.
-async fn deploy_single_challenge(
+pub async fn apply_challenge_resources(
     profile_name: &str,
     chal: &ChallengeConfig,
 ) -> Result<KubeDeployResult> {
-    info!("  deploying chal {:?}...", chal.directory);
+    info!(
+        "  deploying kube resources for chal {:?}...",
+        chal.directory
+    );
     // render templates
 
     let profile = get_profile_config(profile_name)?;
@@ -127,9 +99,10 @@ async fn deploy_single_challenge(
         )?;
         trace!("DEPLOYMENT:\n{}", depl_manifest);
 
-        debug!(
+        trace!(
             "applying deployment for chal {:?} pod {:?}",
-            chal.directory, pod.name
+            chal.directory,
+            pod.name
         );
         let depl = apply_manifest_yaml(&kube, &depl_manifest).await?;
         for object in depl {
@@ -240,6 +213,7 @@ async fn deploy_single_challenge(
 // Updates the current ingress controller chart with the current set of TCP
 // ports needed for challenges.
 // TODO: move to Gateway to avoid needing to redeploy ingress?
-async fn update_ingress_tcp() -> Result<()> {
-    Ok(())
-}
+// TODO: is this needed? currently TCP challenges are separate LoadBalancer svcs
+// async fn update_ingress_tcp() -> Result<()> {
+//     Ok(())
+// }

src/deploy/mod.rs

@@ -7,11 +7,16 @@ use itertools::Itertools;
 use k8s_openapi::api::core::v1::Secret;
 use kube::api::ListParams;
 use std::env::current_exe;
+use std::fs::File;
+use std::io::Write;
 use tracing::{debug, error, info, trace, warn};
 
+use crate::builder::BuildResult;
 use crate::clients::kube_client;
 use crate::cluster_setup;
 use crate::configparser::config::ProfileConfig;
+use crate::configparser::{get_profile_config, ChallengeConfig};
+use crate::utils::TryJoinAll;
 
 /// check to make sure that the needed ingress charts are deployed and running
 pub async fn check_setup(profile: &ProfileConfig) -> Result<()> {
@@ -106,3 +111,57 @@ pub async fn check_setup(profile: &ProfileConfig) -> Result<()> {
         Ok(())
     }
 }
+
+/// For each challenge, deploy/upload all components of the challenge
+pub async fn deploy_challenges(
+    profile_name: &str,
+    build_results: &[(&ChallengeConfig, BuildResult)],
+) -> Result<Vec<()>> {
+    let profile = get_profile_config(profile_name)?;
+
+    let mut md_file = File::create(format!("challenge-info-{profile_name}.md"))?;
+    md_file.write_all(b"# Challenge Information\n\n")?;
+    let md_lock = std::sync::Mutex::new(md_file);
+
+    build_results
+        .iter()
+        .map(|(chal, build)| async {
+            let chal_md = deploy_single_challenge(profile_name, chal, build)
+                .await
+                .with_context(|| format!("could not deploy challenge {:?}", chal.directory))?;
+
+            debug!("writing chal {:?} info to file", chal.directory);
+            md_lock.lock().unwrap().write_all(chal_md.as_bytes())?;
+
+            Ok(())
+        })
+        .try_join_all()
+        .await
+}
+
+/// Deploy / upload all components of a single challenge.
+async fn deploy_single_challenge(
+    profile_name: &str,
+    chal: &ChallengeConfig,
+    build_result: &BuildResult,
+) -> Result<String> {
+    info!("  deploying chal {:?}...", chal.directory);
+    // deploy needs to:
+    // A) render kubernetes manifests
+    //    - namespace, deployment, service, ingress
+    //    - upgrade ingress config with new listen ports
+    //
+    // B) upload asset files to bucket
+    //
+    // C) update frontend with new state of challenges
+
+    let kube_results = kubernetes::apply_challenge_resources(profile_name, chal).await?;
+
+    let s3_urls = s3::upload_challenge_assets(profile_name, chal, build_result).await?;
+
+    let frontend_info =
+        frontend::update_frontend(profile_name, chal, build_result, &kube_results, &s3_urls)
+            .await?;
+
+    Ok(frontend_info)
+}