From 13c016082573e0dcc890546769c1f1c1a96d5ff3 Mon Sep 17 00:00:00 2001 From: Rudra Gupta Date: Wed, 7 Aug 2024 19:10:51 -0400 Subject: [PATCH 1/2] feat: adds armory and tactics impl --- {strikes => armory}/AutomatedBackups.go | 8 +- {strikes => armory}/Encryption.go | 4 +- {strikes => armory}/MultiRegion.go | 4 +- {strikes => armory}/RBAC.go | 4 +- {strikes => armory}/SQLFeatures.go | 4 +- {strikes => armory}/common.go | 101 ++++++++++++------------ cmd/debug.go | 2 +- cmd/root.go | 73 ++++++++++------- go.mod | 2 +- go.sum | 4 +- strikes/AutomatedBackups_test.go | 32 -------- strikes/Encryption_test.go | 32 -------- strikes/MultiRegion_test.go | 32 -------- strikes/RBAC_test.go | 32 -------- 14 files changed, 111 insertions(+), 223 deletions(-) rename {strikes => armory}/AutomatedBackups.go (90%) rename {strikes => armory}/Encryption.go (96%) rename {strikes => armory}/MultiRegion.go (97%) rename {strikes => armory}/RBAC.go (96%) rename {strikes => armory}/SQLFeatures.go (96%) rename {strikes => armory}/common.go (86%) delete mode 100644 strikes/AutomatedBackups_test.go delete mode 100644 strikes/Encryption_test.go delete mode 100644 strikes/MultiRegion_test.go delete mode 100644 strikes/RBAC_test.go diff --git a/strikes/AutomatedBackups.go b/armory/AutomatedBackups.go similarity index 90% rename from strikes/AutomatedBackups.go rename to armory/AutomatedBackups.go index 949d867..22cb443 100644 --- a/strikes/AutomatedBackups.go +++ b/armory/AutomatedBackups.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "context" @@ -10,11 +10,7 @@ import ( "github.com/privateerproj/privateer-sdk/utils" ) -// Todo/Roadmap: Features to evaluate implementing -// AutomatedBackup.go - AWS CLI - check backup interval - -// This creates a database table -func (a *Strikes) AutomatedBackups() (strikeName string, result raidengine.StrikeResult) { +func (a *RDSRaid) AutomatedBackups() (strikeName string, result raidengine.StrikeResult) { strikeName = "AutomatedBackups" result = raidengine.StrikeResult{ Passed: false, diff --git a/strikes/Encryption.go b/armory/Encryption.go similarity index 96% rename from strikes/Encryption.go rename to armory/Encryption.go index 19737aa..24c5fce 100644 --- a/strikes/Encryption.go +++ b/armory/Encryption.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "github.com/aws/aws-sdk-go-v2/aws" @@ -10,7 +10,7 @@ import ( // Encryption.go - AWS CLI // This creates a database table -func (a *Strikes) Encryption() (strikeName string, result raidengine.StrikeResult) { +func (a *RDSRaid) Encryption() (strikeName string, result raidengine.StrikeResult) { strikeName = "Encryption" result = raidengine.StrikeResult{ Passed: false, diff --git a/strikes/MultiRegion.go b/armory/MultiRegion.go similarity index 97% rename from strikes/MultiRegion.go rename to armory/MultiRegion.go index 294c760..9c48624 100644 --- a/strikes/MultiRegion.go +++ b/armory/MultiRegion.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "github.com/aws/aws-sdk-go-v2/aws" @@ -6,7 +6,7 @@ import ( "github.com/privateerproj/privateer-sdk/utils" ) -func (a *Strikes) MultiRegion() (strikeName string, result raidengine.StrikeResult) { +func (a *RDSRaid) MultiRegion() (strikeName string, result raidengine.StrikeResult) { strikeName = "MultiRegion" result = raidengine.StrikeResult{ Passed: false, diff --git a/strikes/RBAC.go b/armory/RBAC.go similarity index 96% rename from strikes/RBAC.go rename to armory/RBAC.go index 96cee07..30c2ef7 100644 --- a/strikes/RBAC.go +++ b/armory/RBAC.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "github.com/aws/aws-sdk-go-v2/aws" @@ -10,7 +10,7 @@ import ( // RBAC.go - AWS CLI // This creates a database table -func (a *Strikes) RBAC() (strikeName string, result raidengine.StrikeResult) { +func (a *RDSRaid) RBAC() (strikeName string, result raidengine.StrikeResult) { strikeName = "RBAC" result = raidengine.StrikeResult{ Passed: false, diff --git a/strikes/SQLFeatures.go b/armory/SQLFeatures.go similarity index 96% rename from strikes/SQLFeatures.go rename to armory/SQLFeatures.go index b0183ed..9da1d6a 100644 --- a/strikes/SQLFeatures.go +++ b/armory/SQLFeatures.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "fmt" @@ -25,7 +25,7 @@ import ( // Alerting.go - check for enabled, req API/CLI // This creates a database table -func (a *Strikes) SQLFeatures() (strikeName string, result raidengine.StrikeResult) { +func (a *RDSRaid) SQLFeatures() (strikeName string, result raidengine.StrikeResult) { strikeName = "SQLFeatures" result = raidengine.StrikeResult{ Passed: false, diff --git a/strikes/common.go b/armory/common.go similarity index 86% rename from strikes/common.go rename to armory/common.go index 6f67dd1..1b673cb 100644 --- a/strikes/common.go +++ b/armory/common.go @@ -1,4 +1,4 @@ -package strikes +package armory import ( "context" @@ -9,49 +9,25 @@ import ( "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/service/rds" - hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-hclog" "github.com/privateerproj/privateer-sdk/raidengine" "github.com/privateerproj/privateer-sdk/utils" "github.com/spf13/viper" ) -type Strikes struct { - Log hclog.Logger +type RDSRaid struct { + Tactics map[string][]raidengine.Strike // Required, allows you to sort which strikes are run for each control + Log hclog.Logger // Recommended, allows you to set the log level for each log message + Results map[string]raidengine.StrikeResult // Optional, allows cross referencing between strikes } -type Movement struct { - Strike string -} - -func (a *Strikes) SetLogger(loggerName string) { +func (a *RDSRaid) SetLogger(loggerName string) hclog.Logger { a.Log = raidengine.GetLogger(loggerName, false) + return a.Log } -func getDBConfig() (string, error) { - err := checkConfigValues([]string{ - "raids.rds.config.host", - "raids.rds.config.database", - }) - if err != nil { - return "", err - } - return "database_host_placeholder", nil -} - -func getHostDBInstanceIdentifier() (string, error) { - id := viper.GetString("raids.rds.config.instance_identifier") - err := checkConfigValues([]string{ - "raids.rds.config.instance_identifier", - }) - return id, err // id will be "" if not set, err will be nil if id is set -} - -func getHostRDSRegion() (string, error) { - region := viper.GetString("raids.rds.config.primary_region") - err := checkConfigValues([]string{ - "raids.rds.config.primary_region", - }) - return region, err // region will be "" if not set, err will be nil if region is set +func (a *RDSRaid) GetTactics() map[string][]raidengine.Strike { + return a.Tactics } func getAWSConfig() (cfg aws.Config, err error) { @@ -75,6 +51,32 @@ func getAWSConfig() (cfg aws.Config, err error) { return } +// TODO: This could be a good addition to the SDK for future raids to use +func checkConfigValues(config_values []string) (err error) { + missing_values := []string{} + for _, value := range config_values { + if !viper.IsSet(value) { + missing_values = append(missing_values, value) + } + } + if len(missing_values) > 0 { + err = errors.New("Missing config values: " + strings.Join(missing_values, ", ")) + return + } + return +} + +func getDBConfig() (string, error) { + err := checkConfigValues([]string{ + "raids.rds.config.host", + "raids.rds.config.database", + }) + if err != nil { + return "", err + } + return "database_host_placeholder", nil +} + func connectToDb() (result raidengine.MovementResult) { result = raidengine.MovementResult{ Description: "The database host must be available and accepting connections", @@ -89,6 +91,22 @@ func connectToDb() (result raidengine.MovementResult) { return } +func getHostDBInstanceIdentifier() (string, error) { + id := viper.GetString("raids.rds.config.instance_identifier") + err := checkConfigValues([]string{ + "raids.rds.config.instance_identifier", + }) + return id, err // id will be "" if not set, err will be nil if id is set +} + +func getHostRDSRegion() (string, error) { + region := viper.GetString("raids.rds.config.primary_region") + err := checkConfigValues([]string{ + "raids.rds.config.primary_region", + }) + return region, err // region will be "" if not set, err will be nil if region is set +} + func checkRDSInstanceMovement(cfg aws.Config) (result raidengine.MovementResult) { // check if the instance is available result = raidengine.MovementResult{ @@ -120,18 +138,3 @@ func getRDSInstanceFromIdentifier(cfg aws.Config, identifier string) (instance * instance, err = rdsClient.DescribeDBInstances(context.TODO(), input) return } - -// TODO: This could be a good addition to the SDK for future raids to use -func checkConfigValues(config_values []string) (err error) { - missing_values := []string{} - for _, value := range config_values { - if !viper.IsSet(value) { - missing_values = append(missing_values, value) - } - } - if len(missing_values) > 0 { - err = errors.New("Missing config values: " + strings.Join(missing_values, ", ")) - return - } - return -} diff --git a/cmd/debug.go b/cmd/debug.go index 17b97bd..4855b32 100644 --- a/cmd/debug.go +++ b/cmd/debug.go @@ -13,7 +13,7 @@ var ( Use: "debug", Short: "Run the Raid in debug mode", Run: func(cmd *cobra.Command, args []string) { - err := raidengine.Run(RaidName, AvailableStrikes, Strikes) + err := raidengine.Run(RaidName, Armory) if err != nil { log.Fatal(err) } diff --git a/cmd/root.go b/cmd/root.go index f21b60b..f74d90f 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -9,7 +9,8 @@ import ( "github.com/privateerproj/privateer-sdk/plugin" "github.com/privateerproj/privateer-sdk/raidengine" - "github.com/krumIO/raid-rds/strikes" + // "github.com/krumIO/raid-rds/strikes" + "github.com/krumIO/raid-rds/armory" ) var ( @@ -19,32 +20,35 @@ var ( buildTime string RaidName = "RDS" - Strikes = &strikes.Strikes{} - - AvailableStrikes = map[string][]raidengine.Strike{ - "default": { - Strikes.SQLFeatures, - Strikes.AutomatedBackups, - Strikes.MultiRegion, - Strikes.Encryption, - }, - "CCC-Taxonomy": { - Strikes.SQLFeatures, - Strikes.AutomatedBackups, - Strikes.MultiRegion, - Strikes.Encryption, - Strikes.RBAC, - // Strikes.VerticalScaling, - // Strikes.Replication, - // Strikes.BackupRecovery, - // Strikes.Logging, - // Strikes.Monitoring, - // Strikes.Alerting, - }, - "CIS": { - // Strikes.DNE, - }, - } + // Strikes = &strikes.Strikes{} + + // AvailableStrikes = map[string][]raidengine.Strike{ + // "default": { + // Strikes.SQLFeatures, + // Strikes.AutomatedBackups, + // Strikes.MultiRegion, + // Strikes.Encryption, + // }, + // "CCC-Taxonomy": { + // Strikes.SQLFeatures, + // Strikes.AutomatedBackups, + // Strikes.MultiRegion, + // Strikes.Encryption, + // Strikes.RBAC, + // // Strikes.VerticalScaling, + // // Strikes.Replication, + // // Strikes.BackupRecovery, + // // Strikes.Logging, + // // Strikes.Monitoring, + // // Strikes.Alerting, + // }, + // "CIS": { + // // Strikes.DNE, + // }, + // } + + Armory = &armory.RDSRaid{} + // runCmd represents the base command when called without any subcommands runCmd = &cobra.Command{ Use: RaidName, @@ -78,6 +82,19 @@ func Execute(version, commitHash, builtAt string) { } func init() { + + Armory.Tactics = map[string][]raidengine.Strike{ + "CCC-Taxonomy": { + Armory.AutomatedBackups, + }, + "CCC-Hardening": { + Armory.AutomatedBackups, + }, + "CIS": { + Armory.AutomatedBackups, + }, + } + command.SetBase(runCmd) // This initializes the base CLI functionality } @@ -95,5 +112,5 @@ func cleanupFunc() error { // Adding raidengine.SetupCloseHandler(cleanupFunc) will allow you to append custom cleanup behavior func (r *Raid) Start() error { raidengine.SetupCloseHandler(cleanupFunc) - return raidengine.Run(RaidName, AvailableStrikes, Strikes) + return raidengine.Run(RaidName, Armory) } diff --git a/go.mod b/go.mod index 48428dd..8bc1baf 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/aws/aws-sdk-go-v2/credentials v1.13.43 github.com/aws/aws-sdk-go-v2/service/rds v1.57.0 github.com/hashicorp/go-hclog v1.2.0 - github.com/privateerproj/privateer-sdk v0.0.6 + github.com/privateerproj/privateer-sdk v0.0.7 github.com/spf13/cobra v1.4.0 github.com/spf13/viper v1.15.0 ) diff --git a/go.sum b/go.sum index a325b97..b7755b6 100644 --- a/go.sum +++ b/go.sum @@ -701,8 +701,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/privateerproj/privateer-sdk v0.0.6 h1:JLMI6whAR6I9Vc8yzsVPOB7ePOTh8enhl8pMKRKVDZ4= -github.com/privateerproj/privateer-sdk v0.0.6/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4= +github.com/privateerproj/privateer-sdk v0.0.7 h1:amvOH0fFDR/HsarKqBNMCBUNGhv7kUweXsOjsUi/Xhs= +github.com/privateerproj/privateer-sdk v0.0.7/go.mod h1:wLc/yv9UDFXR9kZ0ioXpCOdWhm4hTSK3VqMEziJqMo4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= diff --git a/strikes/AutomatedBackups_test.go b/strikes/AutomatedBackups_test.go deleted file mode 100644 index 5fd0741..0000000 --- a/strikes/AutomatedBackups_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package strikes - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/spf13/viper" -) - -func TestAutomatedBackup(t *testing.T) { - viper.AddConfigPath("../") - viper.SetConfigName("config") - viper.SetConfigType("yaml") - err := viper.ReadInConfig() - - if err != nil { - fmt.Println("Config file not found...") - return - } - - strikes := Strikes{} - strikeName, result := strikes.AutomatedBackups() - - fmt.Println(strikeName) - b, err := json.MarshalIndent(result, "", " ") - if err != nil { - fmt.Println(err) - } - fmt.Print(string(b)) - fmt.Println() -} diff --git a/strikes/Encryption_test.go b/strikes/Encryption_test.go deleted file mode 100644 index 186e5db..0000000 --- a/strikes/Encryption_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package strikes - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/spf13/viper" -) - -func TestEncryption(t *testing.T) { - viper.AddConfigPath("../") - viper.SetConfigName("config") - viper.SetConfigType("yaml") - err := viper.ReadInConfig() - - if err != nil { - fmt.Println("Config file not found...") - return - } - - strikes := Strikes{} - strikeName, result := strikes.Encryption() - - fmt.Println(strikeName) - b, err := json.MarshalIndent(result, "", " ") - if err != nil { - fmt.Println(err) - } - fmt.Print(string(b)) - fmt.Println() -} diff --git a/strikes/MultiRegion_test.go b/strikes/MultiRegion_test.go deleted file mode 100644 index 34b6c67..0000000 --- a/strikes/MultiRegion_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package strikes - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/spf13/viper" -) - -func TestMultiRegion(t *testing.T) { - viper.AddConfigPath("../") - viper.SetConfigName("config") - viper.SetConfigType("yaml") - err := viper.ReadInConfig() - - if err != nil { - fmt.Println("Config file not found...") - return - } - - strikes := Strikes{} - strikeName, result := strikes.MultiRegion() - - fmt.Println(strikeName) - b, err := json.MarshalIndent(result, "", " ") - if err != nil { - fmt.Println(err) - } - fmt.Print(string(b)) - fmt.Println() -} diff --git a/strikes/RBAC_test.go b/strikes/RBAC_test.go deleted file mode 100644 index 39676cd..0000000 --- a/strikes/RBAC_test.go +++ /dev/null @@ -1,32 +0,0 @@ -package strikes - -import ( - "encoding/json" - "fmt" - "testing" - - "github.com/spf13/viper" -) - -func TestRBAC(t *testing.T) { - viper.AddConfigPath("../") - viper.SetConfigName("config") - viper.SetConfigType("yaml") - err := viper.ReadInConfig() - - if err != nil { - fmt.Println("Config file not found...") - return - } - - strikes := Strikes{} - strikeName, result := strikes.RBAC() - - fmt.Println(strikeName) - b, err := json.MarshalIndent(result, "", " ") - if err != nil { - fmt.Println(err) - } - fmt.Print(string(b)) - fmt.Println() -} From 9b7b132da35ddcacda5b568e831c7d359b292fed Mon Sep 17 00:00:00 2001 From: Rudra Gupta Date: Wed, 7 Aug 2024 19:14:52 -0400 Subject: [PATCH 2/2] chore: adds more function --- cmd/root.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cmd/root.go b/cmd/root.go index f74d90f..399dbb5 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -86,6 +86,9 @@ func init() { Armory.Tactics = map[string][]raidengine.Strike{ "CCC-Taxonomy": { Armory.AutomatedBackups, + Armory.Encryption, + Armory.MultiRegion, + Armory.SQLFeatures, }, "CCC-Hardening": { Armory.AutomatedBackups,