k9securityio
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cmd/debug_env.go‎
Lines changed: 27 additions & 3 deletions b/‎cmd/debug_env.go‎
Lines changed: 27 additions & 3 deletions
diff --git a/‎cmd/diff.go‎
Lines changed: 9 additions & 2 deletions b/‎cmd/diff.go‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎cmd/diff_principals.go‎
Lines changed: 152 additions & 0 deletions b/‎cmd/diff_principals.go‎
Lines changed: 152 additions & 0 deletions
diff --git a/‎cmd/diff_resources.go‎
Lines changed: 153 additions & 0 deletions b/‎cmd/diff_resources.go‎
Lines changed: 153 additions & 0 deletions
@@ -4,3 +4,4 @@ resources/
 vendor/
 secrets/
 *.swp
+customers/
@@ -22,26 +22,50 @@ import (
 	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	"github.com/k9securityio/k9-cli/core"
 	"github.com/spf13/cobra"
 )
 
 // debugEnvCmd represents the debugEnv command
 var debugEnvCmd = &cobra.Command{
 	Hidden: true,
 	Run: func(cmd *cobra.Command, args []string) {
+		// fmt.Println("debug-env called")
 		cfg, err := config.LoadDefaultConfig(context.TODO())
 		if err != nil {
 			fmt.Printf("Error retrieving AWS configuration: %+v\n", err)
 		} else {
-			fmt.Printf("AWS Configuration: %+v\n", cfg)
-			fmt.Printf("AWS Credentials: %+v\n", cfg.Credentials)
+			//			fmt.Printf("AWS Configuration: %+v\n", cfg)
+			//			fmt.Printf("AWS Credentials: %+v\n", cfg.Credentials)
+		}
+
+		bucket, _ := cmd.Flags().GetString(`bucket`)
+		if len(bucket) > 0 {
+			client := s3.NewFromConfig(cfg)
+			s3db, err := core.LoadS3DB(client, bucket)
+			if err != nil {
+				fmt.Fprintf(cmd.ErrOrStderr(), "Unable to load s3 database, %v\n", err)
+			} else {
+				fmt.Fprintln(cmd.OutOrStdout(), `Bucket database summary:`)
+				s3db.Dump(cmd.OutOrStdout(), true)
+			}
+		} else {
+			db, err := core.LoadLocalDB(cmd.Flags().Lookup(`report-home`).Value.String())
+			if err != nil {
+				fmt.Fprintf(cmd.ErrOrStderr(), "Unable to load local database, %v\n", err)
+			} else {
+				fmt.Fprintln(cmd.OutOrStdout(), `Local database summary:`)
+				db.Dump(cmd.OutOrStdout(), true)
+			}
 		}
-		fmt.Println("debug-env called")
 	},
 	Use:   "debug-env",
 	Short: "Display debugEnv information about the environment",
 }
 
 func init() {
 	rootCmd.AddCommand(debugEnvCmd)
+	debugEnvCmd.Flags().String(`bucket`, ``, `S3 bucket location of your K9 secure inbox`)
+
 }
@@ -36,6 +36,13 @@ var diffCmd = &cobra.Command{
 // init defines and wires flags
 func init() {
 	rootCmd.AddCommand(diffCmd)
-	diffCmd.Flags().String(`format`, `csv`, `Output format: [csv]`)
-	viper.BindPFlag(`diff_format`, diffCmd.Flags().Lookup(`format`))
+	diffCmd.PersistentFlags().String(`format`, `csv`, `Output format: [csv]`)
+	viper.BindPFlag(`diff_format`, diffCmd.PersistentFlags().Lookup(`format`))
+
+	diffCmd.PersistentFlags().String(`analysis-date`, ``, `Use snapshot from the specified date in YYYY-MM-DD (required)`)
+	diffCmd.MarkFlagRequired(`analysis-date`)
+	diffCmd.PersistentFlags().String(`customer_id`, ``, `K9 customer ID for analysis (required)`)
+	diffCmd.MarkFlagRequired(`customer_id`)
+	diffCmd.PersistentFlags().String(`account`, ``, `AWS account ID for analysis (required)`)
+	diffCmd.MarkFlagRequired(`account`)
 }
@@ -0,0 +1,152 @@
+/*
+Copyright © 2022 The K9CLI Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package cmd contains all cobra commands
+package cmd
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"github.com/k9securityio/k9-cli/core"
+	"github.com/k9securityio/k9-cli/views"
+	"github.com/spf13/cobra"
+)
+
+// diffPrincipalsCmd represents the principals subcommand of diff
+var diffPrincipalsCmd = &cobra.Command{
+	Use:   "principals",
+	Short: `Calculate the difference between a principals snapshot and last scan`,
+	Run: func(cmd *cobra.Command, args []string) {
+		verbose, _ := cmd.Flags().GetBool(`verbose`)
+		customerID, _ := cmd.Flags().GetString(`customer_id`)
+		accountID, _ := cmd.Flags().GetString(`account`)
+		analysisDate, _ := cmd.Flags().GetString(`analysis-date`)
+		reportHome, _ := cmd.Flags().GetString(`report-home`)
+		stdout := cmd.OutOrStdout()
+		stderr := cmd.ErrOrStderr()
+		DoDiffPrincipals(stdout, stderr, reportHome, customerID, accountID, analysisDate, verbose)
+	},
+}
+
+// init defines and wires flags
+func init() {
+	diffCmd.AddCommand(diffPrincipalsCmd)
+}
+
+func DoDiffPrincipals(stdout, stderr io.Writer, reportHome, customerID, accountID, analysisDate string, verbose bool) {
+	// load the local report database
+	db, err := core.LoadLocalDB(reportHome)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to load local database, %v\n", err)
+	}
+
+	// get the latest analysis
+	var latestReportPath, targetReportPath string
+
+	if qr := db.GetPathForCustomerAccountLatestKind(
+		customerID, accountID, core.REPORT_TYPE_PREFIX_PRINCIPALS); qr != nil {
+		latestReportPath = *qr
+	} else {
+		fmt.Fprintf(stderr,
+			"No such latest report: %v, %v, total records: %v\n",
+			customerID, accountID, db.Size())
+		os.Exit(1)
+		return
+	}
+
+	// get the target analysis
+	// determine the file name for the desired report
+	reportDateTime, err := time.Parse(core.FILENAME_TIMESTAMP_ANALYSIS_DATE_LAYOUT, analysisDate)
+	if err != nil {
+		fmt.Fprintf(stderr, "Invalid analysis-date: %v\n", analysisDate)
+		os.Exit(1)
+		return
+	}
+	if qr := db.GetPathForCustomerAccountTimeKind(
+		customerID, accountID, reportDateTime,
+		core.REPORT_TYPE_PREFIX_PRINCIPALS); qr != nil {
+		targetReportPath = *qr
+	} else {
+		fmt.Fprintf(stderr,
+			"No such target report: %v, %v, %v, total records: %v\n",
+			customerID, accountID,
+			reportDateTime.Format(core.FILENAME_TIMESTAMP_ANALYSIS_DATE_LAYOUT),
+			db.Size())
+		os.Exit(1)
+		return
+	}
+
+	// open and load the reports
+	lf, err := os.Open(latestReportPath)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the latest report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+	tf, err := os.Open(targetReportPath)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the target report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+
+	latest, err := core.LoadPrincipalsReport(lf)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the latest report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+	target, err := core.LoadPrincipalsReport(tf)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the target report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+
+	if verbose {
+		fmt.Fprintf(stderr, "Target Analysis: %v, records: %v\nLatest Analysis: %v, records: %v\n", reportDateTime, len(latest), latest[0].AnalysisTime, len(target))
+	}
+
+	// index on principal ARN for each ReportItem
+	targetByARN := map[string]core.PrincipalsReportItem{}
+	for _, ri := range target {
+		targetByARN[ri.PrincipalARN] = ri
+	}
+
+	// This loop marks the ARNs that it sees in the latest report
+	// and subsequently verifies that the target report does not
+	// contain records that have yet to be seen.
+	seen := map[string]struct{}{}
+	mark := struct{}{}
+	diffs := []core.PrincipalsReportItemDifference{}
+	for _, ri := range latest {
+		seen[ri.PrincipalARN] = mark
+		if ti, ok := targetByARN[ri.PrincipalARN]; !ok {
+			diffs = append(diffs, ri.AddedDiff())
+		} else if !ri.Equivallent(ti) {
+			diffs = append(diffs, ri.Diff(ti))
+		}
+	}
+	for _, ri := range target {
+		if _, ok := seen[ri.PrincipalARN]; !ok {
+			diffs = append(diffs, ri.DeletedDiff())
+		}
+	}
+	views.WriteCSVTo(stdout, stderr, diffs)
+}
@@ -0,0 +1,153 @@
+/*
+Copyright © 2022 The K9CLI Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package cmd contains all cobra commands
+package cmd
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"github.com/k9securityio/k9-cli/core"
+	"github.com/k9securityio/k9-cli/views"
+	"github.com/spf13/cobra"
+)
+
+// diffResourcesCmd represents the resources subcommand of diff
+var diffResourcesCmd = &cobra.Command{
+	Use:   "resources",
+	Short: `Calculate the difference between a resources snapshot and last scan`,
+	Run: func(cmd *cobra.Command, args []string) {
+		verbose, _ := cmd.Flags().GetBool(`verbose`)
+		customerID, _ := cmd.Flags().GetString(`customer_id`)
+		accountID, _ := cmd.Flags().GetString(`account`)
+		analysisDate, _ := cmd.Flags().GetString(`analysis-date`)
+		reportHome, _ := cmd.Flags().GetString(`report-home`)
+		stdout := cmd.OutOrStdout()
+		stderr := cmd.ErrOrStderr()
+		DoDiffResources(stdout, stderr, reportHome, customerID, accountID, analysisDate, verbose)
+	},
+}
+
+// init defines and wires flags
+func init() {
+	diffCmd.AddCommand(diffResourcesCmd)
+}
+
+// DoDiffResources
+func DoDiffResources(stdout, stderr io.Writer, reportHome, customerID, accountID, analysisDate string, verbose bool) {
+	// load the local report database
+	db, err := core.LoadLocalDB(reportHome)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to load local database, %v\n", err)
+	}
+
+	// get the latest analysis
+	var latestReportPath, targetReportPath string
+
+	if qr := db.GetPathForCustomerAccountLatestKind(
+		customerID, accountID, core.REPORT_TYPE_PREFIX_RESOURCES); qr != nil {
+		latestReportPath = *qr
+	} else {
+		fmt.Fprintf(stderr,
+			"No such latest report: %v, %v, total records: %v\n",
+			customerID, accountID, db.Size())
+		os.Exit(1)
+		return
+	}
+
+	// get the target analysis
+	// determine the file name for the desired report
+	reportDateTime, err := time.Parse(core.FILENAME_TIMESTAMP_ANALYSIS_DATE_LAYOUT, analysisDate)
+	if err != nil {
+		fmt.Fprintf(stderr, "Invalid analysis-date: %v\n", analysisDate)
+		os.Exit(1)
+		return
+	}
+	if qr := db.GetPathForCustomerAccountTimeKind(
+		customerID, accountID, reportDateTime,
+		core.REPORT_TYPE_PREFIX_RESOURCES); qr != nil {
+		targetReportPath = *qr
+	} else {
+		fmt.Fprintf(stderr,
+			"No such target report: %v, %v, %v, total records: %v\n",
+			customerID, accountID,
+			reportDateTime.Format(core.FILENAME_TIMESTAMP_ANALYSIS_DATE_LAYOUT),
+			db.Size())
+		os.Exit(1)
+		return
+	}
+
+	// open and load the reports
+	lf, err := os.Open(latestReportPath)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the latest report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+	tf, err := os.Open(targetReportPath)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the target report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+
+	latest, err := core.LoadResourcesReport(lf)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the latest report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+	target, err := core.LoadResourcesReport(tf)
+	if err != nil {
+		fmt.Fprintf(stderr, "Unable to open the target report: %v\n", err)
+		os.Exit(1)
+		return
+	}
+
+	if verbose {
+		fmt.Fprintf(stderr, "Target Analysis: %v, records: %v\nLatest Analysis: %v, records: %v\n", reportDateTime, len(latest), latest[0].AnalysisTime, len(target))
+	}
+
+	// index on principal ARN for each ReportItem
+	targetByARN := map[string]core.ResourcesReportItem{}
+	for _, ri := range target {
+		targetByARN[ri.ResourceARN] = ri
+	}
+
+	// This loop marks the ARNs that it sees in the latest report
+	// and subsequently verifies that the target report does not
+	// contain records that have yet to be seen.
+	seen := map[string]struct{}{}
+	mark := struct{}{}
+	diffs := []core.ResourcesReportItemDifference{}
+	for _, ri := range latest {
+		seen[ri.ResourceARN] = mark
+		if ti, ok := targetByARN[ri.ResourceARN]; !ok {
+			diffs = append(diffs, ri.AddedDiff())
+		} else if !ri.Equivallent(ti) {
+			diffs = append(diffs, ri.Diff(ti))
+		}
+	}
+	for _, ri := range target {
+		if _, ok := seen[ri.ResourceARN]; !ok {
+			diffs = append(diffs, ri.DeletedDiff())
+		}
+	}
+	views.WriteCSVTo(stdout, stderr, diffs)
+}