Introduce separate configuration for challenges

[nbaars]

This PR split the configuration of a challenge into two parts:

• Challenge definition
• Challenge (the actual code)

Each definition can link to 1 or more challenges. This makes it possible to have different implementations and documentation for each environment. For example:

   - name: Challenge 5
      url: "challenge-5"
      sources:
        - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.Challenge5"
          explanation: "explanations/challenge5.adoc"
          hint: "explanations/challenge5_hint.adoc"
          reason: "explanations/challenge5_reason.adoc"
          environments: [ *k8s, *k8s_vault ]
        - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.Challenge5"
          explanation: "explanations/challenge5.adoc"
          hint: "explanations/challenge5_hint_limited.adoc"
          reason: "explanations/challenge5_reason.adoc"
          environments: [ *okteto ]
      difficulty: *normal
      category: *config_maps
      ctf:
        enabled: true

This example shows how we can define for different environments different hints. This also makes it possible to have a different Challenge class per environment.

The configuration for the application is also part of the yaml configuration. For example, the environments, difficulty levels are now defined in the yaml file:

  difficulties:
    - &easy "easy"
    - &normal "normal"
    - &hard "hard"
    - &expert "expert"
    - &master "master"

Adding a new difficulty level is as easy as adding a new entry in this yaml section. No code changes are necessary to add a new difficulty level. Same applies for categories and environments it only needs a config update.

The UI now treats every challenge the same. No more specific "challenge" code leaks into the main part of the application.

The order of the challenges is now defined by the configuration file, if you want to change the order you can simply change the order in the yaml file. Also if you want to run WrongSecrets with a couple of challenges only need to change the yaml file.

** Performance **

Starting time locally is now:

o.o.w.WrongSecretsApplication            : Started WrongSecretsApplication in 1.978 seconds (process running for 2.312)

The memory consumption is around 90 Mb

Closes #502

[commjoen]

Review in progress, first looks: pretty good! Thank you @nbaars !

[commjoen]

Spotbugs spits out a few errors at https://github.com/OWASP/wrongsecrets/actions/runs/6909060649/job/18799652205?pr=1083: can you please have a look good sir?

[commjoen]

should we maybe just cache this value? it's just an int right?

[RemakingEden]

So Ive just been running the tests locally.

Positives

• They are so much neater and less hacky in the new place
• After a really long set up they run really quickly each time after

Negatives/questions

• It is a little hard to tell what has failed.
  
• How does a user get to the visual debugger?
• Is it possible to still upload screenshots and videos?

[RemakingEden]

Does this whole ui-test section need removing?

[nbaars]

Yes, it is now part of the normal tests. You can run it as a normal unit-test with different Spring Boot configurations per Cypress test if necessary

[nbaars]

The tests are still there they are now part of the normal tests

[RemakingEden]

Oh yeah sorry, I was saying that so far you have just deleted a step in the ui-test section. I think the whole "ui-test:" object needs removing

[nbaars]

So Ive just been running the tests locally.

Positives

• They are so much neater and less hacky in the new place
• After a really long set up they run really quickly each time after

Negatives/questions

• It is a little hard to tell what has failed.
  
• How does a user get to the visual debugger?

The screenshots are saved, you can also run the Cypress test directly from Intellij.

• Is it possible to still upload screenshots and videos?
  The screenshots are still saved in src/test/e2e/cypress/screenshots. For example:
  

[commjoen]

Re #1083 (comment): can we maybe have the "howto" added to the contributing.md ;) ?

[RemakingEden]

Re #1083 (comment): can we maybe have the "howto" added to the contributing.md ;) ?

Yeah I think something to explain this to new users and we will be away! Apart from those answered concerns I think everything is an improvement. It feels loads cleaner!!

[commjoen]

@nbaars can you please have a look at the remaining issues at https://github.com/OWASP/wrongsecrets/actions/runs/6948950794/job/18906041764?pr=1083 so we can merge and fix more bugs in separate PRs?

[commjoen]

Created #1105 for future improvements once this is merged

[RemakingEden]

I don't seem to be getting this mochawsome report when I run the tests. Should a report appear this in this path after each run?

[RemakingEden]

Weirdly I am also still not seeing screenshots on a failure

[RemakingEden]

This is my path after a failure

[RemakingEden]

I think a new section in here about how to use the visual debugger is important. Unless this is possible with maven. So we have one method of using it quickly and easily through unit tests and one way that is a little harder to run but way easier to debug visually. If youd like im happy to add this.

[commjoen]

Can you add this to #1105 please :-)?

[bendehaan]

Great improvements here, thanks a lot! 😁

[commjoen]

Thank you @nbaars for another big step forward! Now we can parallelize development of new challenges and do other improvements!