feat: introduce Go CLI health check, trust verification, and per-environment variants#63
Merged
Conversation
…ariants, and config docs **Added:** - Introduced `health-check` CLI command for SSM-based instance health and service verification (`cli/cmd/health_check.go`) - Added `verify-trusts` CLI command to validate domain trust relationships and cross-domain queries (`cli/cmd/verify_trusts.go`) - Documented configuration, per-environment settings, and variant support in `docs/configuration.md` - Implemented `RunQuickChecks` method for fast validation of critical vulns in the validator **Changed:** - Updated default environment to `staging` across CLI flags, config, and defaults for safer operations - Enhanced `dreadgoad provision` to auto-generate randomized GOAD variants if environment specifies `variant: true` - Improved `variant generate` to use environment config as defaults if CLI flags are not set - Extended config to support per-environment settings, including variant parameters (`cli/internal/config/config.go`) - Modified `validate` command to support `--quick` flag for quick validation mode - Refreshed README to document new CLI workflows, replacing Taskfile usage with `dreadgoad` commands and updated feature summary **Removed:** - Removed `Taskfile.yaml` and all Taskfile-based orchestration in favor of Go CLI commands for orchestration and validation
dreadnode-renovate-bot
Bot
added
area/taskfiles
build: add minimal Taskfile with remote include for pre-commit tasks **Added:** - Introduced a minimal Taskfile.yaml to support CI pre-commit tasks via remote include, delegating most operations to the Go CLI (dreadgoad)
**Added:** - Introduced `nonEmptyEval` helper to generalize checks for non-empty output - Added `replEval`, `dc01TrustsEval`, `forestTrustEval`, and `dcLocatorEval` functions to encapsulate specific health check evaluations **Changed:** - Refactored health check definitions to use new eval helpers instead of inline anonymous functions, improving readability and maintainability **Removed:** - Removed repetitive anonymous eval functions for domain controller, DNS, trust, and domain membership checks in favor of shared helpers
**Added:** - Introduced `infra.go` providing `requireInfra`, which validates AWS credentials, discovers GOAD instances, and checks SSM agent status, returning a unified infrastructure context for commands. - Added `preflight.go` in `internal/aws` implementing `VerifyCredentials` to validate AWS credentials and `CheckSSMStatus` to check SSM agent status for instances. **Changed:** - Refactored `health_check.go`, `validate.go`, and `verify_trusts.go` to use `requireInfra` for infrastructure validation and host discovery, removing duplicate logic and direct AWS client instantiation. - Updated command output to reflect new infra context usage, including environment and region display. - Modified AWS `Client` struct to include an STS client for credential verification. - Updated `go.mod` to move `github.com/aws/aws-sdk-go-v2/service/sts` from indirect to direct dependency. **Removed:** - Eliminated redundant per-command code for AWS credential, region, and host discovery logic, consolidating these concerns into shared infra utilities.
**Changed:** - Replaced fmt.Sprintf with direct string assignment for title formatting in health check and trust verification commands to streamline code and improve readability
**Added:** - Appended logic to add a trailing newline to generated SVG files to prevent end-of-file fixer warnings or unnecessary changes **Changed:** - Updated `render_svg` in the diagram generation script to always write a trailing newline to the SVG output for consistent file formatting - Ensured `architecture.svg` ends with a newline character for compliance with formatting tools and improved diff clarity
dreadnode-renovate-bot
Bot
added
the
area/pre-commit
chore: remove Taskfile to defer task management to Go CLI **Removed:** - Removed `Taskfile.yaml` to consolidate task management within the Go CLI (`dreadgoad`) and rely on it for operations previously handled by Taskfile
docs: update validation docs to focus on CLI usage, remove taskfile references **Added:** - Renamed `configuration.md` to `cli.md` to serve as the central reference for CLI usage and configuration **Changed:** - Rewrote validation instructions to use the `dreadgoad` CLI instead of Taskfile commands, simplifying usage examples and reflecting current best practices - Updated troubleshooting, advanced usage, and CI/CD integration examples to use `dreadgoad` CLI flags and commands rather than shell scripts or Taskfile calls - Replaced references to `taskfile.md` with `cli.md` in related documentation links to align with documentation renaming **Removed:** - Deleted Taskfile usage documentation (`docs/taskfile.md`) as CLI is now the preferred interface for managing and validating GOAD environments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
health-checkandverify-trustscommands to the Go CLI for lab validationstagingfor safer operationAdded:
health-checkfor automated instance and service validation across AD lab, verifying DCs, replication, trusts, DNS, membership, and critical servicesverify-trustsfor comprehensive domain trust verification, including cross-domain authentication checksvariant,variant_source,variant_target,variant_name) in CLI config, with auto-generation of variants onprovision--quick) forvalidatecommand to rapidly check critical vulnerabilitiesdocs/configuration.mdChanged:
staging(wasdev) in CLI flags, config defaults, and config generationprovisioncommand) now auto-generates a randomized GOAD variant if required by the active environmentenvironmentssection for per-env overrides and variant controlvalidatecommand supports a--quickflag for fast checks of core vulnerabilitiesREADME.mdnow point to the Go CLI (dreadgoad) instead of TaskfileRemoved:
Taskfile.yamland Taskfile-based orchestration, replaced by the Go CLI as the primary interface for provisioning, validation, and health checks