Merge pull request #75 from ContainerSolutions/feat/azure-checks

Adding more VMs to demo
ContainerSolutions · Jul 26, 2023 · e682b8e · e682b8e
2 parents 2d27431 + 046c366
commit e682b8e
Show file tree

Hide file tree

Showing 30 changed files with 589 additions and 0 deletions.
diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf
@@ -5,4 +5,7 @@ provider "google" {
 
 variable "project_id" {
     type = string
+}
+variable "password" {
+    type = string
 }
diff --git a/infrastructure/vms.tf b/infrastructure/vms.tf
@@ -30,4 +30,44 @@ resource "google_compute_instance" "one" {
     email  = google_service_account.vm.email
     scopes = ["cloud-platform"]
   }
+  tags = [
+    "http-server",
+    "https-server",
+  ]
+}
+
+resource "google_compute_instance" "block" {
+  count = 3
+  name         = "vm-block-${count.index}"
+  machine_type = "e2-small"
+  zone         = "us-central1-a"
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-11"
+    }
+  }
+
+
+  network_interface {
+    network = "default"
+
+    access_config {
+      // Ephemeral public IP
+    }
+  }
+
+   metadata_startup_script = <<EOT
+      sudo apt-get update; \
+      sudo apt-get install -y nginx; \
+      sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config; \
+      useradd argus -d /home/argus; \
+      yes ${var.password} | sudo passwd argus
+      EOT
+
+  service_account {
+    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
+    email  = google_service_account.vm.email
+    scopes = ["cloud-platform"]
+  }
 }
diff --git a/operator/config/manager/manager.yaml b/operator/config/manager/manager.yaml
@@ -98,6 +98,21 @@ spec:
             secretKeyRef:
               name: argus
               key: hostname
+        - name: HOSTNAME2
+          valueFrom:
+            secretKeyRef:
+              name: argus
+              key: hostname2
+        - name: HOSTNAME3
+          valueFrom:
+            secretKeyRef:
+              name: argus
+              key: hostname3
+        - name: HOSTNAME4
+          valueFrom:
+            secretKeyRef:
+              name: argus
+              key: hostname4
         - name: PASSWORD
           valueFrom:
             secretKeyRef:

diff --git a/operator/config/samples/assessment-nginx2.yaml b/operator/config/samples/assessment-nginx2.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nginx2
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: OPRES-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-02
+    namespace: default
diff --git a/operator/config/samples/assessment-nginx3.yaml b/operator/config/samples/assessment-nginx3.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nginx3
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: OPRES-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-03
+    namespace: default
diff --git a/operator/config/samples/assessment-nginx4.yaml b/operator/config/samples/assessment-nginx4.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nginx4
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: OPRES-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-04
+    namespace: default
diff --git a/operator/config/samples/assessment-nsswitch2.yaml b/operator/config/samples/assessment-nsswitch2.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nsswitch2
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: VM-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-02
+    namespace: default
diff --git a/operator/config/samples/assessment-nsswitch3.yaml b/operator/config/samples/assessment-nsswitch3.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nsswitch3
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: VM-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-03
+    namespace: default
diff --git a/operator/config/samples/assessment-nsswitch4.yaml b/operator/config/samples/assessment-nsswitch4.yaml
@@ -0,0 +1,19 @@
+apiVersion: argus.io/v1alpha1
+kind: Assessment
+metadata:
+  labels:
+    app.kubernetes.io/name: assessment
+    app.kubernetes.io/instance: assessment-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: assessment-nsswitch4
+spec:
+  class: DetectiveControl
+  cascadePolicy: None
+  controlRef:
+    code: VM-CFG-REQ-01
+    version: 1.0.0
+  componentRef:
+  - name: vm-04
+    namespace: default
diff --git a/operator/config/samples/attestation-nginx2.yaml b/operator/config/samples/attestation-nginx2.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nginx2
+spec:
+  assessmentRef: "assessment-nginx2"
+  providerRef: 
+    name: nginx2
+    namespace: default
diff --git a/operator/config/samples/attestation-nginx3.yaml b/operator/config/samples/attestation-nginx3.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nginx3
+spec:
+  assessmentRef: "assessment-nginx3"
+  providerRef: 
+    name: nginx3
+    namespace: default
diff --git a/operator/config/samples/attestation-nginx4.yaml b/operator/config/samples/attestation-nginx4.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nginx4
+spec:
+  assessmentRef: "assessment-nginx4"
+  providerRef: 
+    name: nginx4
+    namespace: default
diff --git a/operator/config/samples/attestation-nsswitch2.yaml b/operator/config/samples/attestation-nsswitch2.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nsswitch2
+spec:
+  assessmentRef: "assessment-nsswitch2"
+  providerRef: 
+    name: nsswitch2
+    namespace: default
diff --git a/operator/config/samples/attestation-nsswitch3.yaml b/operator/config/samples/attestation-nsswitch3.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nsswitch3
+spec:
+  assessmentRef: "assessment-nsswitch3"
+  providerRef: 
+    name: nsswitch3
+    namespace: default
diff --git a/operator/config/samples/attestation-nsswitch4.yaml b/operator/config/samples/attestation-nsswitch4.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: Attestation
+metadata:
+  labels:
+    app.kubernetes.io/name: attestation
+    app.kubernetes.io/instance: attestation-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: attestation-nsswitch4
+spec:
+  assessmentRef: "assessment-nsswitch4"
+  providerRef: 
+    name: nsswitch4
+    namespace: default
diff --git a/operator/config/samples/nginx-prov2.yaml b/operator/config/samples/nginx-prov2.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: AttestationProvider
+metadata:
+  labels:
+    app.kubernetes.io/name: attestationprovider
+    app.kubernetes.io/instance: attestationprovider-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: nginx2
+spec:
+  type: command
+  providerConfig:
+    cmd: "/scripts/nginx2.py"
+    expectedStatusCode: "0"
diff --git a/operator/config/samples/nginx-prov3.yaml b/operator/config/samples/nginx-prov3.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: AttestationProvider
+metadata:
+  labels:
+    app.kubernetes.io/name: attestationprovider
+    app.kubernetes.io/instance: attestationprovider-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: nginx3
+spec:
+  type: command
+  providerConfig:
+    cmd: "/scripts/nginx3.py"
+    expectedStatusCode: "0"
diff --git a/operator/config/samples/nginx-prov4.yaml b/operator/config/samples/nginx-prov4.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: AttestationProvider
+metadata:
+  labels:
+    app.kubernetes.io/name: attestationprovider
+    app.kubernetes.io/instance: attestationprovider-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: nginx4
+spec:
+  type: command
+  providerConfig:
+    cmd: "/scripts/nginx4.py"
+    expectedStatusCode: "0"
diff --git a/operator/config/samples/nsswitch-prov2.yaml b/operator/config/samples/nsswitch-prov2.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: AttestationProvider
+metadata:
+  labels:
+    app.kubernetes.io/name: attestationprovider
+    app.kubernetes.io/instance: attestationprovider-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: nsswitch2
+spec:
+  type: command
+  providerConfig:
+    cmd: "/scripts/nsswitch2.py"
+    expectedStatusCode: "0"
diff --git a/operator/config/samples/nsswitch-prov3.yaml b/operator/config/samples/nsswitch-prov3.yaml
@@ -0,0 +1,15 @@
+apiVersion: argus.io/v1alpha1
+kind: AttestationProvider
+metadata:
+  labels:
+    app.kubernetes.io/name: attestationprovider
+    app.kubernetes.io/instance: attestationprovider-sample
+    app.kubernetes.io/part-of: operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: operator
+  name: nsswitch3
+spec:
+  type: command
+  providerConfig:
+    cmd: "/scripts/nsswitch3.py"
+    expectedStatusCode: "0"