feat: add tencent cloud cvm virtual machine disks are unencrypted scenario

teamssix · teamssix · commit f72a1cbcb759 · 2022-06-09T17:12:23.000+08:00
diff --git a/README.md b/README.md
diff --git a/README_CN.md b/README_CN.md
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/README.md b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/README.md
@@ -0,0 +1,64 @@
+# Tencent Cloud CVM Virtual Machine's disk are unencrypted
+
+English | [中文](./README_CN.md)
+
+## Description
+
+This is a scenario used to build the Tencent Cloud CVM Virtual Machine's disk are unencrypted.
+
+## Deployment Environment
+
+Execute the following command in the container
+
+```shell
+cd /TerraformGoat/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted
+```
+
+Edit the `terraform.tfvars` file and write your `tencentcloud_secret_id` and `tencentcloud_secret_key` in the file
+
+```shell
+vim terraform.tfvars
+```
+
+> You can create and view your SecretKey on the [API Key Management](https://console.cloud.tencent.com/cam/capi) of the Tencent Cloud console
+
+Deploy Vulnerable Environment
+
+```shell
+terraform init
+terraform apply
+```
+
+> When the terminal prompts `Enter a value:`, enter `yes`
+
+After the environment is set up, you can see the ID of the instance in Outputs.
+
+## Steps
+
+Use Tencent Cloud command line tool to view the encryption of the instance mounted disk.
+
+```bash
+> tccli configure
+> apt-get install jq -y
+> tccli cvm DescribeInstances | jq '.InstanceSet[].DataDisks'
+
+[
+  {
+    "DiskSize": 50,
+    "DiskType": "CLOUD_PREMIUM",
+    "DiskId": "disk-11lafkjo",
+    "DeleteWithInstance": true,
+    "SnapshotId": null,
+    "Encrypt": false,
+    "KmsKeyId": null,
+    "ThroughputPerformance": 0,
+    "CdcId": null
+  }
+]
+```
+
+## Destroy the environment
+
+```shell
+terraform destroy
+```
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/README_CN.md b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/README_CN.md
@@ -0,0 +1,66 @@
+# 腾讯云 CVM 磁盘未加密场景
+
+[English](./README.md) | 中文
+
+## 描述信息
+
+这是一个用于构建腾讯云 CVM 磁盘未加密的场景。
+
+## 环境搭建
+
+在容器中执行以下命令
+
+```shell
+cd /TerraformGoat/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted
+```
+
+编辑 `terraform.tfvars` 文件，在文件中填入你的 `tencentcloud_secret_id` 和 `tencentcloud_secret_key`
+
+```shell
+vim terraform.tfvars
+```
+
+> 在腾讯云控制台的 [API 密钥管理](https://console.cloud.tencent.com/cam/capi) 可以创建和查看您的 SecretKey
+
+部署靶场
+
+```shell
+terraform init
+terraform apply
+```
+
+> 在终端提示 `Enter a value:` 时，输入 `yes` 即可
+
+环境搭建完后，在 Outputs 处可以看到实例的 ID
+
+## 步骤
+
+使用腾讯云命令行工具查看实例挂载磁盘的加密情况。
+
+```bash
+> tccli configure
+> apt-get install jq -y
+> tccli cvm DescribeInstances | jq '.InstanceSet[].DataDisks'
+
+[
+  {
+    "DiskSize": 50,
+    "DiskType": "CLOUD_PREMIUM",
+    "DiskId": "disk-11lafkjo",
+    "DeleteWithInstance": true,
+    "SnapshotId": null,
+    "Encrypt": false,
+    "KmsKeyId": null,
+    "ThroughputPerformance": 0,
+    "CdcId": null
+  }
+]
+```
+
+通过返回的内容可以看到 Encrypt 为 false，即未加密。
+
+## 销毁环境
+
+```shell
+terraform destroy
+```
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/main.tf b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/main.tf
@@ -0,0 +1,16 @@
+resource "tencentcloud_instance" "instance" {
+  instance_name     = "huocorp_terraform_goat_instance"
+  availability_zone = "ap-guangzhou-7"
+  image_id          = "img-pi0ii46r"
+  instance_type     = data.tencentcloud_instance_types.instance_types.instance_types.0.instance_type
+  data_disks {
+    data_disk_type = "CLOUD_PREMIUM"
+    data_disk_size = 50
+    encrypt        = false
+  }
+}
+
+data "tencentcloud_instance_types" "instance_types" {
+  cpu_core_count = 1
+  memory_size    = 1
+}
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/outputs.tf b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/outputs.tf
@@ -0,0 +1,3 @@
+output "tencentcloud_instance_id" {
+  value = tencentcloud_instance.instance.id
+}
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/terraform.tfvars b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/terraform.tfvars
@@ -0,0 +1,2 @@
+tencentcloud_secret_id  = "xxx"
+tencentcloud_secret_key = "xxx"
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/variables.tf b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/variables.tf
@@ -0,0 +1,13 @@
+variable "tencentcloud_secret_id" {
+  type        = string
+  description = "Set TencentCloud secret id."
+  sensitive   = true
+  nullable    = false
+}
+
+variable "tencentcloud_secret_key" {
+  type        = string
+  description = "Set TencentCloud secret key."
+  sensitive   = true
+  nullable    = false
+}
diff --git a/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/versions.tf b/tencentcloud/cvm/cvm_virtual_machine_disks_are_unencrypted/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    tencentcloud = {
+      source  = "tencentcloudstack/tencentcloud"
+      version = "1.70.2"
+    }
+  }
+}
+
+provider "tencentcloud" {
+  secret_id  = var.tencentcloud_secret_id
+  secret_key = var.tencentcloud_secret_key
+  region     = "ap-guangzhou"
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+output "tencentcloud_instance_id" {`
	`2`	`+ value = tencentcloud_instance.instance.id`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+tencentcloud_secret_id = "xxx"`
	`2`	`+tencentcloud_secret_key = "xxx"`