-
Notifications
You must be signed in to change notification settings - Fork 17
/
azure-pipelines.yml
330 lines (280 loc) · 14.2 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
trigger:
- master
schedules:
- cron: "0 0 * * 0"
displayName: Weekly midnight (UTC) build
branches:
include:
- master
always: true
pool:
vmImage: 'ubuntu-20.04'
variables:
GOPATH: '$(Agent.BuildDirectory)/gopath' # Go workspace path
GOROOT: '$(Agent.BuildDirectory)/go' # Go installation path
GOBIN: '$(GOPATH)/bin' # Go binaries path
modulePath: '$(GOPATH)/src/github.com/$(build.repository.name)' # Path to the module's code
steps:
- script: |
wget "https://golang.org/dl/go1.15.2.linux-amd64.tar.gz" --output-document "$(Agent.BuildDirectory)/go1.15.2.tar.gz"
tar -C '$(Agent.BuildDirectory)' -xzf "$(Agent.BuildDirectory)/go1.15.2.tar.gz"
displayName: 'Install Go 1.15.2'
- script: |
mkdir -p '$(GOBIN)'
mkdir -p '$(GOPATH)/pkg'
mkdir -p '$(modulePath)'
mkdir -p '$(GOROOT)'
shopt -s extglob
shopt -s dotglob
mv !(gopath) '$(modulePath)'
echo '##vso[task.prependpath]$(GOBIN)'
echo '##vso[task.prependpath]$(GOROOT)/bin'
displayName: 'Set up the Go workspace'
- script: |
go get github.com/markbates/pkger/cmd/pkger
export GO111MODULE=on
go get -u -v
go build
mkdir -p payloads
displayName: 'Build MOSE'
workingDirectory: "$(modulePath)"
- script: |
export GO111MODULE=on
./mose -h
displayName: 'Show help menu'
workingDirectory: "$(modulePath)"
- script: |
export GO111MODULE=on
echo 'q' | ./mose chef -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" --websrvport 9999 --ssl &
wget --no-check-certificate --tries=10 --timeout=1 --retry-connrefused https://localhost:9999/chef-linux &
wait $!
echo 'q' | ./mose salt -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" --websrvport 8888 &
wget --no-check-certificate --tries=10 --timeout=1 --retry-connrefused http://localhost:8888/salt-linux &
wait $!
echo 'q' | ./mose ansible -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" --websrvport 8090 &
wget --no-check-certificate --tries=10 --timeout=1 --retry-connrefused http://localhost:8090/ansible-linux &
wait $!
displayName: 'Test download functionality'
workingDirectory: "$(modulePath)"
# Puppet
- script: |
export GO111MODULE=on
./mose puppet -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" -f payloads/puppet-linux
displayName: 'Generate a puppet payload'
workingDirectory: "$(modulePath)"
- script: |
git clone https://github.com/master-of-servers/puppet-test-lab.git
cd puppet-test-lab && cd basic
docker-compose up -d --build
sleep 40
# Enroll agent with puppet master
docker exec -i basic-puppetagent /bin/bash -c "puppet agent -t --waitforcert=120"
docker ps
displayName: 'Build and configure the puppet test environment'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to puppet master
docker cp payloads/puppet-linux basic-puppetmaster:/puppet-linux
# Run MOSE against the puppet master
docker exec -i basic-puppetmaster /bin/bash -c "echo 'Y' | /puppet-linux"
# Run puppet agent -t to enact the changes made by MOSE
docker exec -i basic-puppetagent /bin/bash -c "puppet agent -t"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-puppetagent /bin/bash -c "cat /tmp/test.txt"
displayName: 'Run MOSE generated payload on the puppet test environment'
workingDirectory: "$(modulePath)"
- script: |
echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
export GO111MODULE=on
./mose puppet -u payloads/notevil.sh -f payloads/puppet-linux
displayName: 'Generate a puppet payload to test file uploads'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to puppet master
docker cp payloads/puppet-linux.tar basic-puppetmaster:/puppet-linux.tar
# Run MOSE against the puppet master
docker exec -i basic-puppetmaster /bin/bash -c "tar -xvf puppet-linux.tar"
docker exec -i basic-puppetmaster /bin/bash -c "echo 'Y' | /puppet-linux"
# Run puppet agent -t to enact the changes made by MOSE
docker exec -i basic-puppetagent /bin/bash -c "puppet agent -t"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-puppetagent /bin/bash -c "cat /tmp/file_upload_test.txt"
displayName: 'Run MOSE generated file upload payload on the puppet test environment'
workingDirectory: "$(modulePath)"
# End Puppet
# Chef
- script: |
sudo apt-get update -y
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata
sudo apt-get install -y expect
export GO111MODULE=on
expect scripts/test_chef_workstation.exp
displayName: 'Generate a chef payload for workstation in the chef test environment'
workingDirectory: "$(modulePath)"
- script: |
git clone https://github.com/master-of-servers/chef-test-lab.git
cd chef-test-lab
cd docker/basic
bash create_ssh_key.sh
docker-compose up -d --build
echo "Sleeping for 12 minutes (720 seconds) while waiting for the chef environment to finish building."
sleep 720
docker ps
displayName: 'Build and configure the chef test environment'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to workstation
docker cp payloads/chef-linux basic-chef-workstation:/chef-linux
# This is very annoying and redundant work, but it seems to need to be done for the pipeline
docker exec -i basic-chef-workstation /bin/bash -c "cd /root/.chef/cookbooks && rm -rf chef-client && knife supermarket download chef-client && tar -xvf chef-client-*; rm *tar*"
docker exec -i basic-chef-workstation /bin/bash -c "cd /root/.chef/cookbooks && cp hello/Berksfile chef-client/Berksfile"
docker exec -i basic-chef-workstation /bin/bash -c "cd /root/.chef/cookbooks/chef-client && berks install && berks upload"
docker exec -i basic-chef-workstation /bin/bash -c "cd /root/.chef/ && knife ssl fetch && knife upload cookbooks"
docker exec -i basic-chef-workstation knife vault create secret_vault mysql_pw '{"user": "mysql", "password": "TheM0stS3cr3T!!!"}'
# Bootstrap agent with chef server
docker exec -i basic-chef-workstation /bin/bash -c "knife bootstrap chef-agent-1 -u root -P toor --sudo -N chef-agent-1 --run-list 'recipe[hello], recipe[chef-client::config]'"
# Run MOSE against the workstation
docker exec -i basic-chef-workstation /bin/bash -c "echo 'n' | /chef-linux"
# Run chef-client to enact the changes made by MOSE
docker exec -i basic-chef-agent-1 /bin/bash -c "chef-client"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-chef-agent-1 /bin/bash -c "cat /tmp/test.txt"
displayName: 'Run MOSE generated payload on workstation in the chef test environment'
workingDirectory: "$(modulePath)"
- script: |
echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
export GO111MODULE=on
expect scripts/test_chef_workstation_file_upload.exp
displayName: 'Generate a chef payload to test file uploads'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to workstation
docker cp payloads/chef-linux.tar basic-chef-workstation:/chef-linux.tar
# Run MOSE against the workstation
docker exec -i basic-chef-workstation /bin/bash -c "tar -xvf chef-linux.tar"
docker exec -i basic-chef-workstation /bin/bash -c "echo 'n' | /chef-linux"
# Run chef-client to enact the changes made by MOSE
docker exec -i basic-chef-agent-1 /bin/bash -c "chef-client"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-chef-agent-1 /bin/bash -c "cat /tmp/file_upload_test.txt"
displayName: 'Run MOSE generated file upload payload on workstation in the chef test environment'
workingDirectory: "$(modulePath)"
# End Chef
# Ansible
- script: |
export GO111MODULE=on
./mose ansible -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" -f payloads/ansible-linux
displayName: 'Generate an ansible payload'
workingDirectory: "$(modulePath)"
- script: |
git clone https://github.com/master-of-servers/ansible-test-lab.git
cd ansible-test-lab && cd basic
bash files/create_ssh_key.sh
cp files/authorized_keys control/files
cp files/id_rsa control/files
cp files/id_rsa.pub control/files
cp files/authorized_keys managed/files
cp files/id_rsa managed/files
cp files/id_rsa.pub managed/files
docker-compose up -d --force-recreate --build
echo "Decrypting the vault file"
docker exec -i basic-control-node ansible-vault decrypt /root/.ansible/group_vars/vault
docker exec -i basic-control-node cat /root/.ansible/group_vars/vault
echo "Encrypting the vault file"
docker exec -i basic-control-node ansible-vault encrypt /root/.ansible/group_vars/vault
docker exec -i basic-control-node cat /root/.ansible/group_vars/vault
echo "Applying the hello playbook to the managed node"
docker exec -i basic-control-node bash -c "cd ~/.ansible && ansible-playbook site.yml"
displayName: 'Build and configure the ansible test environment'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to ansible control node
docker cp payloads/ansible-linux basic-control-node:/ansible-linux
docker cp scripts/test_ansible_cmd.exp basic-control-node:/test_ansible_cmd.exp
# Run MOSE against the control node
docker exec -i basic-control-node /bin/bash -c "apt-get update -y"
docker exec -i basic-control-node /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata"
docker exec -i basic-control-node /bin/bash -c "apt-get install -y expect"
docker exec -i basic-control-node /bin/bash -c "expect /test_ansible_cmd.exp"
# Run ansible-cookbook to enact the changes made by MOSE
docker exec -i basic-control-node /bin/bash -c "ansible-playbook /root/.ansible/site.yml"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-managed-node /bin/bash -c "cat /tmp/test.txt"
displayName: 'Run MOSE generated payload on the ansible test environment'
workingDirectory: "$(modulePath)"
- script: |
echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
export GO111MODULE=on
./mose ansible -u payloads/notevil.sh -f payloads/ansible-linux
displayName: 'Generate an ansible payload to test file uploads'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to ansible control node
docker cp payloads/ansible-linux.tar basic-control-node:/ansible-linux.tar
# Copy MOSE payload to ansible control node
docker cp scripts/test_ansible_file_upload.exp basic-control-node:/test_ansible_file_upload.exp
# Run MOSE against the control node
docker exec -i basic-control-node /bin/bash -c "tar -xvf /ansible-linux.tar"
docker exec -i basic-control-node /bin/bash -c "expect /test_ansible_file_upload.exp"
# Run ansible-cookbook to enact the changes made by MOSE
docker exec -i basic-control-node /bin/bash -c "ansible-playbook /root/.ansible/site.yml"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-managed-node /bin/bash -c "cat /tmp/file_upload_test.txt"
displayName: 'Run MOSE generated file upload payload on the ansible test environment'
workingDirectory: "$(modulePath)"
# End Ansible
# Salt
- script: |
git clone https://github.com/master-of-servers/salt-test-lab.git
cd salt-test-lab && cd basic
docker-compose up -d --build
sleep 60 # Fix pillar issue
docker exec -it basic-salt-master /bin/bash -c "salt '*' saltutil.refresh_pillar"
# Enroll minion with salt master
docker exec -i basic-salt-master /bin/bash -c "salt '*' state.apply"
docker exec -i basic-salt-master /bin/bash -c "salt '*' pillar.items"
displayName: 'Build and configure salt test environment'
workingDirectory: "$(modulePath)"
- script: |
export GO111MODULE=on
./mose salt -c "touch /tmp/test.txt && echo test >> /tmp/test.txt" -f payloads/salt-linux
displayName: 'Generate a salt payload'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to salt master node
docker cp payloads/salt-linux basic-salt-master:/salt-linux
docker cp scripts/test_salt_cmd.exp basic-salt-master:/test_salt_cmd.exp
docker exec -i basic-salt-master /bin/bash -c "apt-get update -y"
docker exec -i basic-salt-master /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata"
docker exec -i basic-salt-master /bin/bash -c "apt-get install -y expect"
docker exec -i basic-salt-master /bin/bash -c "expect /test_salt_cmd.exp"
# Run salt module to enact the changes made by MOSE
docker exec -i basic-salt-master /bin/bash -c "salt '*' state.apply"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-salt-minion /bin/bash -c "cat /tmp/test.txt"
displayName: 'Run MOSE generated payload on the salt test environment'
workingDirectory: "$(modulePath)"
- script: |
echo 'echo testing file upload > /tmp/file_upload_test.txt' > payloads/notevil.sh
export GO111MODULE=on
./mose salt -u payloads/notevil.sh -f payloads/salt-linux
displayName: 'Generate a salt payload to test file uploads'
workingDirectory: "$(modulePath)"
- script: |
# Copy MOSE payload to salt master node
docker cp payloads/salt-linux.tar basic-salt-master:/salt-linux.tar
docker cp scripts/test_salt_file_upload.exp basic-salt-master:/test_salt_file_upload.exp
docker exec -i basic-salt-master /bin/bash -c "tar -xvf /salt-linux.tar"
docker exec -i basic-salt-master /bin/bash -c "expect /test_salt_file_upload.exp"
# Run salt module to enact the changes made by MOSE
docker exec -i basic-salt-master /bin/bash -c "salt '*' state.apply"
# Ensure that MOSE is working properly by running cat on the file it created
docker exec -i basic-salt-minion /bin/bash -c "cat /tmp/file_upload_test.txt"
displayName: 'Run MOSE generated file upload payload on the salt test environment'
workingDirectory: "$(modulePath)"
# End Salt
- script: |
export GO111MODULE=on
go test -count=1 -v -race ./...
displayName: 'Run unit tests'
workingDirectory: "$(modulePath)"