Initial scaffolding

.github/workflows/build.yml

@@ -3,9 +3,9 @@
 name: Build
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
 jobs:
   build:
     runs-on: ubuntu-latest

Makefile

@@ -1,4 +1,4 @@
-BINARY_NAME = experiments-runtime-tool
+BINARY_NAME = secops-chaos
 REPO_NAME = github.com/operantai/$(BINARY_NAME)
 GIT_COMMIT = $(shell git rev-list -1 HEAD)
 BUILD_DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
@@ -8,7 +8,7 @@ LD_FLAGS = "-X $(REPO_NAME)/cmd.GitCommit=$(GIT_COMMIT) -X $(REPO_NAME)/cmd.Vers
 all: fmt vet test build
 
 build: ## Build binary
-	@go build -o "bin/$(BINARY_NAME)" -ldflags $(LD_FLAGS) main.go
+	@go build -o "bin/$(BINARY_NAME)" -ldflags $(LD_FLAGS) cmd/cli/main.go
 
 fmt: ## Run go fmt
 	@go fmt ./...

README.md

@@ -1,10 +1,10 @@
-# Experiments Runtime Tool
+# secops-chaos
 
 ### Usage
 
 ``` sh
 Usage:
-  experiments-runtime-tool [command]
+  secops-chaos [command]
 
 Available Commands:
   clean       Clean up after an experiment run
@@ -15,7 +15,7 @@ Available Commands:
   version     Output CLI version information
 
 Flags:
-  -h, --help   help for experiments-runtime-tool
+  -h, --help   help for secops-chaos
 
-Use "experiments-runtime-tool [command] --help" for more information about a command.
+Use "secops-chaos [command] --help" for more information about a command.
 ```

cmd/cli/cmd/clean.go

@@ -0,0 +1,50 @@
+/*
+Copyright 2023 Operant AI
+*/
+package cmd
+
+import (
+	"github.com/operantai/secops-chaos/internal/experiments"
+	"github.com/operantai/secops-chaos/internal/output"
+	"github.com/spf13/cobra"
+)
+
+// cleanCmd represents the clean command
+var cleanCmd = &cobra.Command{
+	Use:   "clean",
+	Short: "Clean up after an experiment run",
+	Long:  "Clean up after an experiment run",
+	Run: func(cmd *cobra.Command, args []string) {
+		// Read the flags
+		namespace, err := cmd.Flags().GetString("namespace")
+		if err != nil {
+			output.WriteError("Error reading namespace flag: %v", err)
+		}
+		allNamespaces, err := cmd.Flags().GetBool("all")
+		if err != nil {
+			output.WriteError("Error reading all flag: %v", err)
+		}
+		files, err := cmd.Flags().GetStringSlice("file")
+		if err != nil {
+			output.WriteError("Error reading file flag: %v", err)
+		}
+
+		// Create a new experiment runner and clean up
+		ctx := cmd.Context()
+		er := experiments.NewRunner(ctx, namespace, allNamespaces, files)
+		er.Cleanup()
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(cleanCmd)
+
+	// Define the path of the experiment file to run
+	cleanCmd.Flags().StringSliceP("file", "f", []string{}, "Experiment file(s) to run")
+	cleanCmd.MarkFlagRequired("file")
+
+	// Define the namespace(s) to run the experiment in
+	cleanCmd.Flags().StringP("namespace", "n", "", "Namespace to run experiment in")
+	cleanCmd.Flags().BoolP("all", "a", false, "Run experiment in all namespaces")
+	cleanCmd.MarkFlagsMutuallyExclusive("namespace", "all")
+}

cmd/root.go → cmd/cli/cmd/root.go

@@ -4,14 +4,13 @@ Copyright 2023 Operant AI
 package cmd
 
 import (
-	"os"
-
+	"github.com/operantai/secops-chaos/internal/output"
 	"github.com/spf13/cobra"
 )
 
 // rootCmd represents the base command when called without any subcommands
 var rootCmd = &cobra.Command{
-	Use:   "experiments-runtime-tool",
+	Use:   "secops-chaos",
 	Short: "tbd",
 	Long:  "tbd",
 }
@@ -21,6 +20,6 @@ var rootCmd = &cobra.Command{
 func Execute() {
 	err := rootCmd.Execute()
 	if err != nil {
-		os.Exit(1)
+		output.WriteError(err.Error())
 	}
 }

cmd/cli/cmd/run.go

@@ -0,0 +1,50 @@
+/*
+Copyright 2023 Operant AI
+*/
+package cmd
+
+import (
+	"github.com/operantai/secops-chaos/internal/experiments"
+	"github.com/operantai/secops-chaos/internal/output"
+	"github.com/spf13/cobra"
+)
+
+// runCmd represents the run command
+var runCmd = &cobra.Command{
+	Use:   "run",
+	Short: "Run an experiment",
+	Long:  "Run an experiment",
+	Run: func(cmd *cobra.Command, args []string) {
+		// Read the flags
+		namespace, err := cmd.Flags().GetString("namespace")
+		if err != nil {
+			output.WriteError("Error reading namespace flag: %v", err)
+		}
+		allNamespaces, err := cmd.Flags().GetBool("all")
+		if err != nil {
+			output.WriteError("Error reading all flag: %v", err)
+		}
+		files, err := cmd.Flags().GetStringSlice("file")
+		if err != nil {
+			output.WriteError("Error reading file flag: %v", err)
+		}
+
+		// Run the experiment
+		ctx := cmd.Context()
+		er := experiments.NewRunner(ctx, namespace, allNamespaces, files)
+		er.Run()
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(runCmd)
+
+	// Define the path of the experiment file to run
+	runCmd.Flags().StringSliceP("file", "f", []string{}, "Experiment file(s) to run")
+	runCmd.MarkFlagRequired("file")
+
+	// Define the namespace(s) to run the experiment in
+	runCmd.Flags().StringP("namespace", "n", "", "Namespace to run experiment in")
+	runCmd.Flags().BoolP("all", "a", false, "Run experiment in all namespaces")
+	runCmd.MarkFlagsMutuallyExclusive("namespace", "all")
+}

cmd/cli/cmd/verify.go

@@ -0,0 +1,57 @@
+/*
+Copyright 2023 Operant AI
+*/
+package cmd
+
+import (
+	"github.com/operantai/secops-chaos/internal/experiments"
+	"github.com/operantai/secops-chaos/internal/output"
+	"github.com/spf13/cobra"
+)
+
+// verifyCmd represents the verify command
+var verifyCmd = &cobra.Command{
+	Use:   "verify",
+	Short: "Verify the outcome of an experiment",
+	Long:  "Verify the outcome of an experiment",
+	Run: func(cmd *cobra.Command, args []string) {
+		// Read the flags
+		namespace, err := cmd.Flags().GetString("namespace")
+		if err != nil {
+			output.WriteError("Error reading namespace flag: %v", err)
+		}
+		allNamespaces, err := cmd.Flags().GetBool("all")
+		if err != nil {
+			output.WriteError("Error reading all flag: %v", err)
+		}
+		files, err := cmd.Flags().GetStringSlice("file")
+		if err != nil {
+			output.WriteError("Error reading file flag: %v", err)
+		}
+		outputJSON, err := cmd.Flags().GetBool("json")
+		if err != nil {
+			output.WriteError("Error reading json output flag: %v", err)
+		}
+
+		// Run the verifiers
+		ctx := cmd.Context()
+		er := experiments.NewRunner(ctx, namespace, allNamespaces, files)
+		er.RunVerifiers(outputJSON)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(verifyCmd)
+
+	// Define the path of the experiment file to run
+	verifyCmd.Flags().StringSliceP("file", "f", []string{}, "Experiment file(s) to run")
+	verifyCmd.MarkFlagRequired("file")
+
+	// Output the results in JSON format
+	verifyCmd.Flags().BoolP("json", "j", false, "Output results in JSON format")
+
+	// Define the namespace(s) to run the experiment in
+	verifyCmd.Flags().StringP("namespace", "n", "", "Namespace to run experiment in")
+	verifyCmd.Flags().BoolP("all", "a", false, "Run experiment in all namespaces")
+	verifyCmd.MarkFlagsMutuallyExclusive("namespace", "all")
+}

main.go → cmd/cli/main.go

@@ -3,7 +3,7 @@ Copyright 2023 Operant AI
 */
 package main
 
-import "github.com/operantai/experiments-runtime-tool/cmd"
+import "github.com/operantai/secops-chaos/cmd/cli/cmd"
 
 func main() {
 	cmd.Execute()

cmd/secops-chaos/main.go

@@ -0,0 +1,10 @@
+/*
+Copyright 2023 Operant AI
+*/
+package main
+
+import "github.com/operantai/secops-chaos/cmd/cli/cmd"
+
+func main() {
+	cmd.Execute()
+}

experiments/run_privileged_container.yaml

@@ -0,0 +1,9 @@
+experiments:
+  - name: run-privileged-container
+    type: privileged_container
+    namespace: default
+    parameters:
+      privileged: true
+      host_pid: true
+      host_network: true
+      run_as_root: true