carbo

package module

v0.0.0-...-4dfa437 Latest Latest Go to latest Published: Oct 11, 2021 License: MIT Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jonhadfield/carbo

README ¶

about

Carbo is an app for managing Azure WAF policies, currently supporting those used by Azure Front Door (Global).

Note: With these early releases, please take a backup of any policies being updated, and report any issues encountered.

latest updates

0.0.1 released 2021-09-16 Initial release

Supported OSes

Tested on MacOS, but should also work on builds for: Linux (amd64, 386, arm386 and arm64), FreeBSD, NetBSD, and OpenBSD.

installation

tbc

usage

tbc

$ carbo ...

authenticating

tbc

Documentation ¶

Index ¶

Constants
func ApplyIPChanges(input ApplyIPsInput) (err error)
func BackupPolicies(i BackupPoliciesInput) error
func CopyRules(i CopyRulesInput) error
func CustomRuleHasDefaultDeny(c frontdoor.CustomRule) (defaultDeny bool, err error)
func DeleteCustomRules(dcri DeleteCustomRulesInput) (err error)
func ListFrontDoors(subID string) error
func ListPolicies(subID, appVersion string, max int) error
func MatchConditionHasDefaultUnknown(mc frontdoor.MatchCondition) (result bool, err error)
func MatchValuesHasMatchAll(mvs *[]string, matchVariable frontdoor.MatchVariable, ...) (res bool, err error)
func PadToWidth(input, char string, inputLengthOverride int, trimToWidth bool) (output string)
func PolicyHasDefaultDeny(p frontdoor.WebApplicationFirewallPolicy) (defaultDeny bool, err error)
func PrintPolicy(id string) error
func PrintPolicyCustomRule(id string) error
func RestorePolicies(i RestorePoliciesInput) (err error)
func RunActions(i RunActionsInput) error
func ShowPolicy(policyID string, showFull bool) error
func ValidateResourceID(rawID string, extended bool) error
func ValidateResourceIDs(ids []string) error
type Action
type ApplyIPsInput
type BackupPoliciesInput
type BlockIPsInput
type CopyRulesInput
type DeleteCustomRulesInput
type FrontDoor
type FrontDoorEndpoint
type FrontDoors
type IPNets
type LogIPsInput
type ResourceID
- func ParseResourceID(rawID string) ResourceID
- func ParseResourceIDs(rawIDs []string) (res []ResourceID)
type RestorePoliciesInput
type RunActionsInput
type WrappedPolicy

Constants ¶

View Source

const (
	PushPolicyTimeout       = 120
	PushPolicyPollFrequency = 10
)

View Source

const (

	// MaxPoliciesToFetch is the maximum number to attempt to retrieve (not an Azure limit)
	MaxPoliciesToFetch = 200
	// MaxFrontDoorsToFetch is the maximum number to attempt to retrieve (not an Azure limit)
	MaxFrontDoorsToFetch = 100
	// MaxCustomRules is the hard limit on the number of allowed custom rules
	MaxCustomRules = 90
	// MaxLogNetsRules is the maximum number of custom rules to create from Azure's hard limit of 90 per Policy
	MaxLogNetsRules = 10
	// MaxBlockNetsRules is the maximum number of custom rules to create from Azure's hard limit of 90 per Policy
	MaxBlockNetsRules = 40
	// MaxAllowNetsRules is the maximum number of custom rules to create from Azure's hard limit of 90 per Policy
	MaxAllowNetsRules = 10
	// MaxIPMatchValues is Azure's hard limit on IPMatch values per rule
	MaxIPMatchValues = 600

	// LogNetsPrefix is the prefix for Custom Rules used for logging IP networks
	LogNetsPrefix = "LogNets"
	// LogNetsPriorityStart is the first custom rule priority number
	// Manual log rules should be numbered below 1000
	LogNetsPriorityStart = 1000

	// AllowNetsPrefix is the prefix for Custom Rules used for allowing IP networks
	AllowNetsPrefix = "AllowNets"
	// AllowNetsPriorityStart is the first custom rule priority number
	// Manual allow rules should be numbered 2000-2999
	AllowNetsPriorityStart = 3000

	// BlockNetsPrefix is the prefix for Custom Rules used for blocking IP networks
	BlockNetsPrefix = "BlockNets"
	// BlockNetsPriorityStart is the first custom rule priority number
	// Manual block rules should be numbered 4000-4999
	BlockNetsPriorityStart = 5000

	// MaxMatchValuesPerColumn is the number of match values to output per column when showing policies and rules
	MaxMatchValuesPerColumn = 3
	// MaxMatchValuesOutput is the maximum number of match values to output when showing policies and rules
	MaxMatchValuesOutput = 9
)

Variables ¶

This section is empty.

Functions ¶

func ApplyIPChanges ¶

func ApplyIPChanges(input ApplyIPsInput) (err error)

ApplyIPChanges accepts user input specifying IPs, or filepath containing IPs, and then adds them to custom rules matching the specified action

func BackupPolicies ¶

func BackupPolicies(i BackupPoliciesInput) error

BackupPolicies retrieves policies within a subscription and writes them, with meta-data, to individual json files

func CopyRules ¶

func CopyRules(i CopyRulesInput) error

CopyRules copies managed and custom rules between policies

func CustomRuleHasDefaultDeny ¶

func CustomRuleHasDefaultDeny(c frontdoor.CustomRule) (defaultDeny bool, err error)

func DeleteCustomRules ¶

func DeleteCustomRules(dcri DeleteCustomRulesInput) (err error)

func ListFrontDoors ¶

func ListFrontDoors(subID string) error

func ListPolicies ¶

func ListPolicies(subID, appVersion string, max int) error

func MatchConditionHasDefaultUnknown ¶

func MatchConditionHasDefaultUnknown(mc frontdoor.MatchCondition) (result bool, err error)

func MatchValuesHasMatchAll ¶

func MatchValuesHasMatchAll(mvs *[]string, matchVariable frontdoor.MatchVariable, operator frontdoor.Operator) (res bool, err error)

func PadToWidth ¶

func PadToWidth(input, char string, inputLengthOverride int, trimToWidth bool) (output string)

func PolicyHasDefaultDeny ¶

func PolicyHasDefaultDeny(p frontdoor.WebApplicationFirewallPolicy) (defaultDeny bool, err error)

func PrintPolicy ¶

func PrintPolicy(id string) error

PrintPolicy outputs the raw json policy with the provided resource id.

func PrintPolicyCustomRule ¶

func PrintPolicyCustomRule(id string) error

PrintPolicyCustomRule outputs the custom rule for a given resource. the id is an extended resource id: <policy>|<custom rule name>.

func RestorePolicies ¶

func RestorePolicies(i RestorePoliciesInput) (err error)

RestorePolicies loads existing backup(s) from files and then adds/overwrites based on user's choices

func RunActions ¶

func RunActions(i RunActionsInput) error

func ShowPolicy ¶

func ShowPolicy(policyID string, showFull bool) error

func ValidateResourceID ¶

func ValidateResourceID(rawID string, extended bool) error

ValidateResourceID will tokenise and check the format is valid 'extended' parameter is used to indicate if pipe separated value follows id

func ValidateResourceIDs ¶

func ValidateResourceIDs(ids []string) error

Types ¶

type Action ¶

type Action struct {
	ActionType string `yaml:"action"`
	Policy     string
	Paths      []string `yaml:"paths"`
	MaxRules   int      `yaml:"max-rules"`
	Nets       IPNets
}

type ApplyIPsInput ¶

type ApplyIPsInput struct {
	RID      ResourceID
	Action   string
	Output   bool
	DryRun   bool
	Filepath string
	Nets     IPNets
	MaxRules int
}

type BackupPoliciesInput ¶

type BackupPoliciesInput struct {
	SubscriptionID           string
	Path                     string
	AppVersion               string
	RIDs                     []string
	StorageAccountResourceID string
	ContainerURL             string
	FailFast                 bool
	Quiet                    bool
	Debug                    bool
}

BackupPoliciesInput are the arguments provided to the BackupPolicies function.

type BlockIPsInput ¶

type BlockIPsInput struct {
	RID      ResourceID
	Output   bool
	DryRun   bool
	Filepath string
	Nets     IPNets
	MaxRules int
	Debug    bool
}

type CopyRulesInput ¶

type CopyRulesInput struct {
	SubscriptionID   string
	Source           string
	Target           string
	CustomRulesOnly  bool
	ManagedRulesOnly bool
	Async            bool
	Quiet            bool
}

CopyRulesInput are the arguments provided to the CopyRules function.

type DeleteCustomRulesInput ¶

type DeleteCustomRulesInput struct {
	RID      ResourceID
	Prefix   string
	MaxRules int
	Debug    bool
}

type FrontDoor ¶

type FrontDoor struct {
	// contains filtered or unexported fields
}

type FrontDoorEndpoint ¶

type FrontDoorEndpoint struct {
	// contains filtered or unexported fields
}

type FrontDoors ¶

type FrontDoors []FrontDoor

type IPNets ¶

type IPNets []net.IPNet

type LogIPsInput ¶

type LogIPsInput struct {
	RID      ResourceID
	Output   bool
	DryRun   bool
	Filepath string
	Nets     IPNets
	MaxRules int
	Debug    bool
}

type ResourceID ¶

type ResourceID struct {
	SubscriptionID string
	ResourceGroup  string
	Provider       string
	Name           string
	Raw            string
}

func ParseResourceID ¶

func ParseResourceID(rawID string) ResourceID

ParseResourceID accepts an azure resource ID as a string and returns a struct instance containing the components.

func ParseResourceIDs ¶

func ParseResourceIDs(rawIDs []string) (res []ResourceID)

type RestorePoliciesInput ¶

type RestorePoliciesInput struct {
	SubscriptionID   string
	BackupsPaths     []string
	CustomRulesOnly  bool
	ManagedRulesOnly bool
	TargetPolicy     string
	ResourceGroup    string
	RIDs             []ResourceID
	Force            bool
	FailFast         bool
	Quiet            bool
	Debug            bool
}

type RunActionsInput ¶

type RunActionsInput struct {
	Path   string
	DryRun bool
	Debug  bool
}

type WrappedPolicy ¶

type WrappedPolicy struct {
	Date           time.Time
	SubscriptionID string
	ResourceGroup  string
	Name           string
	Policy         frontdoor.WebApplicationFirewallPolicy
	PolicyID       string
	AppVersion     string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
carbo

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL