November 2024 – Cloudtech

Quick test on Terraform with Azure DevOps

Trying to terraform with Azure DevOps, and using these instructions available in internet:
https://www.carbonlogiq.io/post/azure-devops-pipeline-terraform-deployment-tutorial

The original pipeline and terraform files are available at
https://github.com/andrew-kelleher/terraformadopipeline

The files I used are summarized below:

Pipeline files consist of 2 files:

deploy/tfdemo-env01-terraform.yml
- name: Terraform - deploy Service Bus to env01
- stages: template: templates/terraform-template.yml

deploy/templates/terraform-template.yml
- stages: 
  - stage: 'Terraform_Plan'
  - stage: 'Terraform_Apply'

Terraform files are:

terraform/main.tf
- resource "azurerm_resource_group"

terraform/providers.tf
- required_providers azurerm
- backend "azurerm"

terraform/servicebus.tf
- resource "azurerm_servicebus_namespace"
- resource "azurerm_servicebus_queue" "queue01"
- resource "azurerm_servicebus_queue" "queue02"

terraform/variables.tf
- Variable definitions

terraform/tfdemo.env01.tfvars
- Variables values

The main relationships between the files are shown in the picture below.

Pipeline defines the stages Plan and Apply, and refers to all Terraform files located in the Terraform folder.
The actual Terraform commands are executed in the pool agent.

In order to get things working, one has to create self-hosted agent.
The overall working setup is depicted in the picture below:

Fixing naming conflicts in files:

- providers.tf 
- tfdemo.env01.tfvars

Had to define local pool in tfdemo.env01.tfvars:

- pool:
    name: Local
    demands: Agent.Name -equals MUNACER

and in terraform-template.yml:

- pool: Local

For creating self-hosted agents for the local pool, one can download the software via Azure DevOps:
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/windows-agent?view=azure-devops

How to delete virtual resources

Something not mentioned in the original instructions, is how to delete the resources you have just created.

One way to delete the resources is to use a duplicate of the pipeline and adding
“-destroy” parameter to all Terraform plan and apply commands

Here is an example below:

tfdemo-destroy-part1.yml
- pointing the template to the next yml file:
  template: tfdemo-destroy-part2.yml
tfdemo-destroy-part2.yml
- adding "-destroy" to Plan and Apply stages:
  terraform plan -destroy ...
  terraform apply -destroy ...

Burp Suite and academy for learning

I have been dabbling a little bit with Burp Suite.
As usual, for those interested there will be links at the end.

Burp Suite is a web application testing tool, and there are two versions:
A community edition, which is free.
A professional edition, which has a subscription payment model.

I used Burp Suite’s community edition and I feel it is a good starting point for learning web application testing.

In the academy, there are many courses for learning different subjects. These courses are called “paths” and they are divided into different skill levels: Apprentice, Practitioner and Expert.
I started out at the Apprentice level path “Server-side vulnerabilities”. I really enjoyed that path, and I fully recommend it as a solid starting point for beginners like me!

Each path is further broken down into Labs, a hands-on exercise to help learn a concept that was taught previously with some basic theory.
I will be sharing some pictures that are related to two Labs that I had completed. The pictures show the setups of these Labs.

Lab: Basic SSRF against the local server

Lab: Basic SSRF against another back-end system

Trying out Burp Suite was definitely a good experience. So far i have not proceeded into other paths, having only completed “Server-side vulnerabilities”, but i might try to advance further if I have the time.

Links:
Download: https://portswigger.net/burp/communitydownload
Server-side vulnerabilities: https://portswigger.net/web-security/learning-paths/server-side-vulnerabilities-apprentice
Other paths: https://portswigger.net/web-security/learning-paths

Infrastructure as a Service (quick test on Terraform)

I was recently testing Infrastructure as a Service (IaaS) through Terraform.

To be able to get a basic understanding of Terraform, I followed instructions in a book called Learning DevOps to try out a simple test they had outlined in the book.
Link to the book: https://www.packtpub.com/en-fi/product/learning devops-9781801818964

I found the test to be quite interesting, so I want to share the link to which the book had also instructed to go to look.
Link: https://github.com/PacktPublishing/Learning-DevOps-Second-Edition/tree/main/CHAP02/terraform_simple_script

First i had to install Terraform onto the PC.
During the test, I did have some trouble with naming conflicts and having to figure out some authentication mishaps, but after those were resolved it worked as intended.

Here is a picture i made of the setup

The Terraform script in the test creates various resources in Azure, e.g. VM (Virtual Machine) that is accessible from the internet.
There is actually a nice tool in Azure that lets one see the connections/dependencies of different resources. It’s called Resource Visualizer

A picture of the view Resource Visualizer showed me

The test’s execution was quite straightforward. I essentially just used the following four commands:
terraform init
terraform plan -out=terraform-run4.tfstate
terraform apply “terraform-run4.tfstate”
terraform destroy

In the future I have intentions of replicating a similar test to this one with Azure DevOps and Terraform.