feat: adds armory and tactics impl

strikes/AutomatedBackups.go → armory/AutomatedBackups.go

@@ -1,4 +1,4 @@
-package strikes
+package armory
 
 import (
 	"context"
@@ -10,11 +10,7 @@ import (
 	"github.com/privateerproj/privateer-sdk/utils"
 )
 
-// Todo/Roadmap: Features to evaluate implementing
-// AutomatedBackup.go - AWS CLI - check backup interval
-
-// This creates a database table
-func (a *Strikes) AutomatedBackups() (strikeName string, result raidengine.StrikeResult) {
+func (a *RDSRaid) AutomatedBackups() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "AutomatedBackups"
 	result = raidengine.StrikeResult{
 		Passed:      false,

strikes/Encryption.go → armory/Encryption.go

@@ -1,4 +1,4 @@
-package strikes
+package armory
 
 import (
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -10,7 +10,7 @@ import (
 // Encryption.go - AWS CLI
 
 // This creates a database table
-func (a *Strikes) Encryption() (strikeName string, result raidengine.StrikeResult) {
+func (a *RDSRaid) Encryption() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "Encryption"
 	result = raidengine.StrikeResult{
 		Passed:      false,

strikes/MultiRegion.go → armory/MultiRegion.go

@@ -1,12 +1,12 @@
-package strikes
+package armory
 
 import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/privateerproj/privateer-sdk/raidengine"
 	"github.com/privateerproj/privateer-sdk/utils"
 )
 
-func (a *Strikes) MultiRegion() (strikeName string, result raidengine.StrikeResult) {
+func (a *RDSRaid) MultiRegion() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "MultiRegion"
 	result = raidengine.StrikeResult{
 		Passed:      false,

strikes/RBAC.go → armory/RBAC.go

@@ -1,4 +1,4 @@
-package strikes
+package armory
 
 import (
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -10,7 +10,7 @@ import (
 // RBAC.go - AWS CLI
 
 // This creates a database table
-func (a *Strikes) RBAC() (strikeName string, result raidengine.StrikeResult) {
+func (a *RDSRaid) RBAC() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "RBAC"
 	result = raidengine.StrikeResult{
 		Passed:      false,

strikes/SQLFeatures.go → armory/SQLFeatures.go

@@ -1,4 +1,4 @@
-package strikes
+package armory
 
 import (
 	"fmt"
@@ -25,7 +25,7 @@ import (
 // Alerting.go - check for enabled, req API/CLI
 
 // This creates a database table
-func (a *Strikes) SQLFeatures() (strikeName string, result raidengine.StrikeResult) {
+func (a *RDSRaid) SQLFeatures() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "SQLFeatures"
 	result = raidengine.StrikeResult{
 		Passed:      false,

strikes/common.go → armory/common.go

@@ -1,4 +1,4 @@
-package strikes
+package armory
 
 import (
 	"context"
@@ -9,49 +9,25 @@ import (
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
-	hclog "github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-hclog"
 	"github.com/privateerproj/privateer-sdk/raidengine"
 	"github.com/privateerproj/privateer-sdk/utils"
 	"github.com/spf13/viper"
 )
 
-type Strikes struct {
-	Log hclog.Logger
+type RDSRaid struct {
+	Tactics map[string][]raidengine.Strike     // Required, allows you to sort which strikes are run for each control
+	Log     hclog.Logger                       // Recommended, allows you to set the log level for each log message
+	Results map[string]raidengine.StrikeResult // Optional, allows cross referencing between strikes
 }
 
-type Movement struct {
-	Strike string
-}
-
-func (a *Strikes) SetLogger(loggerName string) {
+func (a *RDSRaid) SetLogger(loggerName string) hclog.Logger {
 	a.Log = raidengine.GetLogger(loggerName, false)
+	return a.Log
 }
 
-func getDBConfig() (string, error) {
-	err := checkConfigValues([]string{
-		"raids.rds.config.host",
-		"raids.rds.config.database",
-	})
-	if err != nil {
-		return "", err
-	}
-	return "database_host_placeholder", nil
-}
-
-func getHostDBInstanceIdentifier() (string, error) {
-	id := viper.GetString("raids.rds.config.instance_identifier")
-	err := checkConfigValues([]string{
-		"raids.rds.config.instance_identifier",
-	})
-	return id, err // id will be "" if not set, err will be nil if id is set
-}
-
-func getHostRDSRegion() (string, error) {
-	region := viper.GetString("raids.rds.config.primary_region")
-	err := checkConfigValues([]string{
-		"raids.rds.config.primary_region",
-	})
-	return region, err // region will be "" if not set, err will be nil if region is set
+func (a *RDSRaid) GetTactics() map[string][]raidengine.Strike {
+	return a.Tactics
 }
 
 func getAWSConfig() (cfg aws.Config, err error) {
@@ -75,6 +51,32 @@ func getAWSConfig() (cfg aws.Config, err error) {
 	return
 }
 
+// TODO: This could be a good addition to the SDK for future raids to use
+func checkConfigValues(config_values []string) (err error) {
+	missing_values := []string{}
+	for _, value := range config_values {
+		if !viper.IsSet(value) {
+			missing_values = append(missing_values, value)
+		}
+	}
+	if len(missing_values) > 0 {
+		err = errors.New("Missing config values: " + strings.Join(missing_values, ", "))
+		return
+	}
+	return
+}
+
+func getDBConfig() (string, error) {
+	err := checkConfigValues([]string{
+		"raids.rds.config.host",
+		"raids.rds.config.database",
+	})
+	if err != nil {
+		return "", err
+	}
+	return "database_host_placeholder", nil
+}
+
 func connectToDb() (result raidengine.MovementResult) {
 	result = raidengine.MovementResult{
 		Description: "The database host must be available and accepting connections",
@@ -89,6 +91,22 @@ func connectToDb() (result raidengine.MovementResult) {
 	return
 }
 
+func getHostDBInstanceIdentifier() (string, error) {
+	id := viper.GetString("raids.rds.config.instance_identifier")
+	err := checkConfigValues([]string{
+		"raids.rds.config.instance_identifier",
+	})
+	return id, err // id will be "" if not set, err will be nil if id is set
+}
+
+func getHostRDSRegion() (string, error) {
+	region := viper.GetString("raids.rds.config.primary_region")
+	err := checkConfigValues([]string{
+		"raids.rds.config.primary_region",
+	})
+	return region, err // region will be "" if not set, err will be nil if region is set
+}
+
 func checkRDSInstanceMovement(cfg aws.Config) (result raidengine.MovementResult) {
 	// check if the instance is available
 	result = raidengine.MovementResult{
@@ -120,18 +138,3 @@ func getRDSInstanceFromIdentifier(cfg aws.Config, identifier string) (instance *
 	instance, err = rdsClient.DescribeDBInstances(context.TODO(), input)
 	return
 }
-
-// TODO: This could be a good addition to the SDK for future raids to use
-func checkConfigValues(config_values []string) (err error) {
-	missing_values := []string{}
-	for _, value := range config_values {
-		if !viper.IsSet(value) {
-			missing_values = append(missing_values, value)
-		}
-	}
-	if len(missing_values) > 0 {
-		err = errors.New("Missing config values: " + strings.Join(missing_values, ", "))
-		return
-	}
-	return
-}

cmd/debug.go

@@ -13,7 +13,7 @@ var (
 		Use:   "debug",
 		Short: "Run the Raid in debug mode",
 		Run: func(cmd *cobra.Command, args []string) {
-			err := raidengine.Run(RaidName, AvailableStrikes, Strikes)
+			err := raidengine.Run(RaidName, Armory)
 			if err != nil {
 				log.Fatal(err)
 			}

cmd/root.go

@@ -9,7 +9,8 @@ import (
 	"github.com/privateerproj/privateer-sdk/plugin"
 	"github.com/privateerproj/privateer-sdk/raidengine"
 
-	"github.com/krumIO/raid-rds/strikes"
+	// "github.com/krumIO/raid-rds/strikes"
+	"github.com/krumIO/raid-rds/armory"
 )
 
 var (
@@ -19,32 +20,35 @@ var (
 	buildTime          string
 
 	RaidName = "RDS"
-	Strikes  = &strikes.Strikes{}
-
-	AvailableStrikes = map[string][]raidengine.Strike{
-		"default": {
-			Strikes.SQLFeatures,
-			Strikes.AutomatedBackups,
-			Strikes.MultiRegion,
-			Strikes.Encryption,
-		},
-		"CCC-Taxonomy": {
-			Strikes.SQLFeatures,
-			Strikes.AutomatedBackups,
-			Strikes.MultiRegion,
-			Strikes.Encryption,
-			Strikes.RBAC,
-			// Strikes.VerticalScaling,
-			// Strikes.Replication,
-			// Strikes.BackupRecovery,
-			// Strikes.Logging,
-			// Strikes.Monitoring,
-			// Strikes.Alerting,
-		},
-		"CIS": {
-			// Strikes.DNE,
-		},
-	}
+	// Strikes  = &strikes.Strikes{}
+
+	// AvailableStrikes = map[string][]raidengine.Strike{
+	// 	"default": {
+	// 		Strikes.SQLFeatures,
+	// 		Strikes.AutomatedBackups,
+	// 		Strikes.MultiRegion,
+	// 		Strikes.Encryption,
+	// 	},
+	// 	"CCC-Taxonomy": {
+	// 		Strikes.SQLFeatures,
+	// 		Strikes.AutomatedBackups,
+	// 		Strikes.MultiRegion,
+	// 		Strikes.Encryption,
+	// 		Strikes.RBAC,
+	// 		// Strikes.VerticalScaling,
+	// 		// Strikes.Replication,
+	// 		// Strikes.BackupRecovery,
+	// 		// Strikes.Logging,
+	// 		// Strikes.Monitoring,
+	// 		// Strikes.Alerting,
+	// 	},
+	// 	"CIS": {
+	// 		// Strikes.DNE,
+	// 	},
+	// }
+
+	Armory = &armory.RDSRaid{}
+
 	// runCmd represents the base command when called without any subcommands
 	runCmd = &cobra.Command{
 		Use:   RaidName,
@@ -78,6 +82,19 @@ func Execute(version, commitHash, builtAt string) {
 }
 
 func init() {
+
+	Armory.Tactics = map[string][]raidengine.Strike{
+		"CCC-Taxonomy": {
+			Armory.AutomatedBackups,
+		},
+		"CCC-Hardening": {
+			Armory.AutomatedBackups,
+		},
+		"CIS": {
+			Armory.AutomatedBackups,
+		},
+	}
+
 	command.SetBase(runCmd) // This initializes the base CLI functionality
 }
 
@@ -95,5 +112,5 @@ func cleanupFunc() error {
 // Adding raidengine.SetupCloseHandler(cleanupFunc) will allow you to append custom cleanup behavior
 func (r *Raid) Start() error {
 	raidengine.SetupCloseHandler(cleanupFunc)
-	return raidengine.Run(RaidName, AvailableStrikes, Strikes)
+	return raidengine.Run(RaidName, Armory)
 }

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
 	github.com/aws/aws-sdk-go-v2/service/rds v1.57.0
 	github.com/hashicorp/go-hclog v1.2.0
-	github.com/privateerproj/privateer-sdk v0.0.6
+	github.com/privateerproj/privateer-sdk v0.0.7
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/viper v1.15.0
 )

go.sum

@@ -701,8 +701,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/privateerproj/privateer-sdk v0.0.6 h1:JLMI6whAR6I9Vc8yzsVPOB7ePOTh8enhl8pMKRKVDZ4=
-github.com/privateerproj/privateer-sdk v0.0.6/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4=
+github.com/privateerproj/privateer-sdk v0.0.7 h1:amvOH0fFDR/HsarKqBNMCBUNGhv7kUweXsOjsUi/Xhs=
+github.com/privateerproj/privateer-sdk v0.0.7/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=