From f2c4afb9e165dbb06a05adf88f8254dbef534ec7 Mon Sep 17 00:00:00 2001 From: Kien Do <67518620+kienmarkdo@users.noreply.github.com> Date: Tue, 19 Nov 2024 22:11:07 -0500 Subject: [PATCH] Update T1078.004.yaml (#2982) * Update T1078.004.md Added comment noting that this T1078.004-2 will only work if the Azure account (that the command is trying to login with) does not have 2FA enabled. * Update T1078.004.md * Update T1078.004.yaml Update T1078.004-2 so that core functionalities work again (regular execution, -GetPrereqs, and -CleanUp) * Revert T1078.004.md changes * Update terraform.tfvars Hardcoded Azure values. * Update T1078.004.yaml Hardcoded test 2's values to match `./atomics/T1078.004/src/T1078.004-2/terraform.tfvars` * Update terraform.tfvars * Update T1078.004.yaml --------- Co-authored-by: Bhavin Patel --- atomics/T1078.004/T1078.004.yaml | 38 +++++++++---------- .../src/T1078.004-2/terraform.tfvars | 6 +-- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml index d4d7fc6ce9..db03142cc7 100644 --- a/atomics/T1078.004/T1078.004.yaml +++ b/atomics/T1078.004/T1078.004.yaml @@ -62,26 +62,18 @@ atomic_tests: supported_platforms: - iaas:azure input_arguments: - username: - description: Azure username - type: string - default: null - password: - description: Azure password - type: string - default: null resource_group: description: Name of the resource group type: string - default: null + default: ART-ResourceGroupName-T1078-004 runbook_name: description: Name of the runbook name type: string - default: null + default: ART-RunbookName-T1078-004 automation_account_name: description: Name of the automation account name type: string - default: null + default: ART-AutomationAccountName-T1078-004 dependency_executor_name: powershell dependencies: - description: | @@ -89,37 +81,45 @@ atomic_tests: prereq_command: | terraform version get_prereq_command: | - echo Please install terraform. + echo "Please install terraform via https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli (URL accurate as of Nov. 15, 2024)." - description: | - Install-Module -Name Az + Check if Azure CLI and Azure Powershell are installed. + + * Login to Azure CLI with "az login", and login to Azure Powershell with "Connect-AzAccount". Sessions are not shared. + * Azure Powershell used in this test as they have better automation performance and error logging than Azure CLI. prereq_command: | try {if (Get-InstalledModule -Name Az -ErrorAction SilentlyContinue) {exit 0} else {exit 1}} catch {exit 1} get_prereq_command: | - Install-Module -Name Az -Scope CurrentUser -Force + $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindowsx64 -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi - description: | Check if the user is logged into Azure. prereq_command: | - az account show + try {if (-not (Get-AzContext)) { exit 1 } else { exit 0 }} catch {exit 1} get_prereq_command: | - echo Configure your Azure account using: az login. + echo "* Configure your Azure account using: Connect-AzAccount" - description: | Create dependency resources using terraform + + * If fail to meet prereq, navigate to T1078.004-2 using "cd $PathToAtomicsFolder/T1078.004/src/T1078.004-2/" + * Open the "terraform.tfvars" file and fill in the variables with your desired values. + * Re-run -GetPrereqs prereq_command: | try {if (Test-Path "$PathToAtomicsFolder/T1078.004/src/T1078.004-2/terraform.tfstate" ){ exit 0 } else {exit 1}} catch {exit 1} get_prereq_command: | + echo "Navigating to: $PathToAtomicsFolder/T1078.004/src/T1078.004-2/" cd "$PathToAtomicsFolder/T1078.004/src/T1078.004-2/" terraform init terraform apply -auto-approve executor: command: | - $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force - $creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd - Connect-AzAccount -Credential $creds New-AzAutomationRunbook -Name #{runbook_name} -Type PowerShell -ResourceGroupName #{resource_group} -Description 'my-test-runbook' -AutomationAccountName #{automation_account_name} name: powershell elevation_required: false cleanup_command: | Remove-AzAutomationRunbook -AutomationAccountName #{automation_account_name} -Name #{runbook_name} -ResourceGroupName #{resource_group} -Force + Remove-AzAutomationAccount -ResourceGroupName "MarkResourceGroup" -Name "MarkAutomationAccountName" -Force + Remove-AzResourceGroup -Name "MarkResourceGroup" -Force + echo "Cleanup should be completed. Run 'terraform destroy` to ensure remaining resources are also deleted." cd "$PathToAtomicsFolder/T1078.004/src/T1078.004-2/" terraform destroy -auto-approve - name: GCP - Create Custom IAM Role diff --git a/atomics/T1078.004/src/T1078.004-2/terraform.tfvars b/atomics/T1078.004/src/T1078.004-2/terraform.tfvars index 89bf814801..ab4f34c967 100644 --- a/atomics/T1078.004/src/T1078.004-2/terraform.tfvars +++ b/atomics/T1078.004/src/T1078.004-2/terraform.tfvars @@ -1,3 +1,3 @@ -automation_account_name = "" -resource_group = "" -runbook_name = "" \ No newline at end of file +automation_account_name = "ART-AutomationAccountName-T1078-004" +resource_group = "ART-ResourceGroupName-T1078-004" +runbook_name = "ART-RunbookName-T1078-004"