Documentation ¶
Index ¶
- Constants
- func FindEC2InstanceID(searchText string, provider ResourceProvider) (string, error)
- func GetENIsFromVector(v reach.NetworkVector, collection *reach.ResourceCollection) (*ElasticNetworkInterface, *ElasticNetworkInterface, error)
- func IsUsedByNetworkPoint(point reach.NetworkPoint) bool
- func NewEC2InstanceSubject(id string, role reach.SubjectRole) (*reach.Subject, error)
- func NewSubject(identifier string, provider ResourceProvider) (*reach.Subject, error)
- type EC2Instance
- type ElasticNetworkInterface
- func (eni ElasticNetworkInterface) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
- func (eni ElasticNetworkInterface) Name() string
- func (eni ElasticNetworkInterface) ToResource() reach.Resource
- func (eni ElasticNetworkInterface) ToResourceReference() reach.ResourceReference
- type Explainer
- func (ex Explainer) CheckBothInAWS(v reach.NetworkVector) bool
- func (ex Explainer) CheckBothInSameSubnet(v reach.NetworkVector) bool
- func (ex Explainer) CheckBothInSameVPC(v reach.NetworkVector) bool
- func (ex *Explainer) InstanceState(factor reach.Factor) string
- func (ex *Explainer) NetworkACLRules(factor reach.Factor, p reach.Perspective) string
- func (ex *Explainer) NetworkPoint(point reach.NetworkPoint, p reach.Perspective) string
- func (ex *Explainer) SecurityGroupRules(factor reach.Factor, p reach.Perspective) string
- type NetworkACL
- type NetworkACLRule
- type NetworkACLRuleAction
- type NetworkInterfaceAttachment
- type ResourceProvider
- type RouteTable
- type RouteTableRoute
- type SecurityGroup
- type SecurityGroupReference
- type SecurityGroupRule
- type Subnet
- type VPC
- type VectorAnalyzer
- type VectorDiscoverer
Constants ¶
const FactorKindInstanceState = "InstanceState"
FactorKindInstanceState specifies the unique name for the EC2 instance state of factor.
const FactorKindNetworkACLRules = "NetworkACLRules"
FactorKindNetworkACLRules specifies the unique name for the network ACL rules kind of factor.
const FactorKindSecurityGroupRules = "SecurityGroupRules"
FactorKindSecurityGroupRules specifies the unique name for the security group rules kind of factor.
const ResourceDomainAWS = "aws"
ResourceDomainAWS is the domain that represents AWS (Amazon Web Services), such that any AWS-specific kinds of resources can be categorized and operated on as such.
const ResourceKindEC2Instance = "EC2Instance"
ResourceKindEC2Instance specifies the unique name for the EC2 instance kind of resource.
const ResourceKindElasticNetworkInterface = "ElasticNetworkInterface"
ResourceKindElasticNetworkInterface specifies the unique name for the elastic network interface kind of resource.
const ResourceKindNetworkACL = "NetworkACL"
ResourceKindNetworkACL specifies the unique name for the network ACL kind of resource.
const ResourceKindRouteTable = "RouteTable"
ResourceKindRouteTable specifies the unique name for the route table kind of resource.
const ResourceKindSecurityGroup = "SecurityGroup"
ResourceKindSecurityGroup specifies the unique name for the security group kind of resource.
const ResourceKindSecurityGroupReference = "SecurityGroupReference"
ResourceKindSecurityGroupReference specifies the unique name for the security group reference kind of resource.
const ResourceKindSubnet = "Subnet"
ResourceKindSubnet specifies the unique name for the subnet kind of resource.
const ResourceKindVPC = "VPC"
ResourceKindVPC specifies the unique name for the VPC kind of resource.
const SubjectKindEC2Instance = "EC2Instance"
SubjectKindEC2Instance specifies the unique name for the EC2 instance kind of subject.
Variables ¶
This section is empty.
Functions ¶
func FindEC2InstanceID ¶
func FindEC2InstanceID(searchText string, provider ResourceProvider) (string, error)
FindEC2InstanceID looks up the instance ID for an EC2 instance using a given resource provider (e.g. an AWS API client) based on the specified search text. The search text can match the entire value or beginning substring for an instance's ID or name tag value, as long as the text matches exactly one EC2 instance.
func GetENIsFromVector ¶
func GetENIsFromVector(v reach.NetworkVector, collection *reach.ResourceCollection) (*ElasticNetworkInterface, *ElasticNetworkInterface, error)
GetENIsFromVector returns the ElasticNetworkInterfaces from the specified network vector.
func IsUsedByNetworkPoint ¶
func IsUsedByNetworkPoint(point reach.NetworkPoint) bool
IsUsedByNetworkPoint returns a boolean indicating whether or not the specified network point contains an AWS-specific kind of resource.
func NewEC2InstanceSubject ¶
NewEC2InstanceSubject returns a new subject for the specified EC2 instance.
func NewSubject ¶
func NewSubject(identifier string, provider ResourceProvider) (*reach.Subject, error)
NewSubject looks up an AWS resource using the given provider and returns it as a new subject.
Types ¶
type EC2Instance ¶
type EC2Instance struct { ID string NameTag string `json:"NameTag,omitempty"` State string NetworkInterfaceAttachments []NetworkInterfaceAttachment }
An EC2Instance resource representation.
func GetEC2InstanceFromLineage ¶
func GetEC2InstanceFromLineage(lineage []reach.ResourceReference, collection *reach.ResourceCollection) (*EC2Instance, error)
GetEC2InstanceFromLineage returns the EC2 instance from the given lineage.
func (EC2Instance) Dependencies ¶ added in v0.2.0
func (i EC2Instance) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the EC2 instance's resource dependencies.
func (EC2Instance) Name ¶
func (i EC2Instance) Name() string
Name returns the instance's ID, and, if available, its name tag value.
func (EC2Instance) ToResource ¶
func (i EC2Instance) ToResource() reach.Resource
ToResource returns the EC2 instance converted to a generalized Reach resource.
func (EC2Instance) ToResourceReference ¶
func (i EC2Instance) ToResourceReference() reach.ResourceReference
ToResourceReference returns a resource reference to uniquely identify the EC2 instance.
type ElasticNetworkInterface ¶
type ElasticNetworkInterface struct { ID string NameTag string `json:"NameTag,omitempty"` SubnetID string VPCID string SecurityGroupIDs []string PublicIPv4Address net.IP `json:"PublicIPv4Address,omitempty"` PrivateIPv4Addresses []net.IP `json:"PrivateIPv4Addresses,omitempty"` IPv6Addresses []net.IP `json:"IPv6Addresses,omitempty"` }
An ElasticNetworkInterface resource representation.
func ElasticNetworkInterfaceFromNetworkPoint ¶
func ElasticNetworkInterfaceFromNetworkPoint(point reach.NetworkPoint, rc *reach.ResourceCollection) *ElasticNetworkInterface
ElasticNetworkInterfaceFromNetworkPoint extracts the ElasticNetworkInterface from the lineage of the specified network point.
func GetENIFromLineage ¶
func GetENIFromLineage(lineage []reach.ResourceReference, collection *reach.ResourceCollection) (*ElasticNetworkInterface, error)
GetENIFromLineage returns the ElasticNetworkInterface from the given lineage.
func (ElasticNetworkInterface) Dependencies ¶ added in v0.2.0
func (eni ElasticNetworkInterface) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the elastic network interface's resource dependencies.
func (ElasticNetworkInterface) Name ¶
func (eni ElasticNetworkInterface) Name() string
Name returns the elastic network interface's ID, and, if available, its name tag value.
func (ElasticNetworkInterface) ToResource ¶
func (eni ElasticNetworkInterface) ToResource() reach.Resource
ToResource returns the elastic network interface converted to a generalized Reach resource.
func (ElasticNetworkInterface) ToResourceReference ¶
func (eni ElasticNetworkInterface) ToResourceReference() reach.ResourceReference
ToResourceReference returns a resource reference to uniquely identify the elastic network interface.
type Explainer ¶
type Explainer struct {
// contains filtered or unexported fields
}
Explainer explains an analysis with respect to AWS.
func NewExplainer ¶
NewExplainer creates a new AWS-specific explainer.
func (Explainer) CheckBothInAWS ¶
func (ex Explainer) CheckBothInAWS(v reach.NetworkVector) bool
CheckBothInAWS returns a boolean indicating whether both network points in a network vector are AWS resources.
func (Explainer) CheckBothInSameSubnet ¶
func (ex Explainer) CheckBothInSameSubnet(v reach.NetworkVector) bool
CheckBothInSameSubnet returns a boolean indicating whether both network points in a network vector reside in the same AWS subnet.
func (Explainer) CheckBothInSameVPC ¶
func (ex Explainer) CheckBothInSameVPC(v reach.NetworkVector) bool
CheckBothInSameVPC returns a boolean indicating whether both network points in a network vector reside in the same AWS VPC.
func (*Explainer) InstanceState ¶
InstanceState explains the analysis component for the specified instance state factor.
func (*Explainer) NetworkACLRules ¶ added in v0.2.0
NetworkACLRules explains the analysis component for the specified network ACL rules factor.
func (*Explainer) NetworkPoint ¶
func (ex *Explainer) NetworkPoint(point reach.NetworkPoint, p reach.Perspective) string
NetworkPoint explains the analysis component for the specified network point.
func (*Explainer) SecurityGroupRules ¶
SecurityGroupRules explains the analysis component for the specified security group rules factor.
type NetworkACL ¶
type NetworkACL struct { ID string InboundRules []NetworkACLRule OutboundRules []NetworkACLRule }
A NetworkACL resource representation.
func (NetworkACL) ToResource ¶
func (nacl NetworkACL) ToResource() reach.Resource
ToResource returns the network ACL converted to a generalized Reach resource.
func (NetworkACL) ToResourceReference ¶ added in v0.2.0
func (nacl NetworkACL) ToResourceReference() reach.ResourceReference
ToResourceReference returns a resource reference to uniquely identify the network ACL.
type NetworkACLRule ¶
type NetworkACLRule struct { Number int64 TrafficContent reach.TrafficContent TargetIPNetwork *net.IPNet Action NetworkACLRuleAction }
An NetworkACLRule resource representation.
func (NetworkACLRule) Allows ¶ added in v0.2.0
func (r NetworkACLRule) Allows() bool
Allows returns a boolean indicating if the rule is allowing traffic.
func (NetworkACLRule) Denies ¶ added in v0.2.0
func (r NetworkACLRule) Denies() bool
Denies returns a boolean indicating if the rule is denying traffic.
type NetworkACLRuleAction ¶
type NetworkACLRuleAction int
A NetworkACLRuleAction is the action specified by a network ACL rule -- either allow or deny.
const ( NetworkACLRuleActionDeny NetworkACLRuleAction = iota NetworkACLRuleActionAllow )
The allowed actions for a network ACL rule.
func (NetworkACLRuleAction) MarshalJSON ¶ added in v0.2.0
func (action NetworkACLRuleAction) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON representation of the NetworkACLRuleAction.
func (NetworkACLRuleAction) String ¶ added in v0.2.0
func (action NetworkACLRuleAction) String() string
String returns the string representation of the NetworkACLRuleAction.
type NetworkInterfaceAttachment ¶
type NetworkInterfaceAttachment struct { ID string ElasticNetworkInterfaceID string DeviceIndex int64 // e.g. 0 for "eth0" }
A NetworkInterfaceAttachment resource representation.
func (NetworkInterfaceAttachment) Dependencies ¶ added in v0.2.0
func (attachment NetworkInterfaceAttachment) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the network interface attachment's resource dependencies.
type ResourceProvider ¶
type ResourceProvider interface { AllEC2Instances() ([]EC2Instance, error) EC2Instance(id string) (*EC2Instance, error) ElasticNetworkInterface(id string) (*ElasticNetworkInterface, error) NetworkACL(id string) (*NetworkACL, error) RouteTable(id string) (*RouteTable, error) SecurityGroup(id string) (*SecurityGroup, error) SecurityGroupReference(id, accountID string) (*SecurityGroupReference, error) Subnet(id string) (*Subnet, error) VPC(id string) (*VPC, error) }
The ResourceProvider interface wraps all of the necessary methods for accessing AWS-specific resources.
type RouteTable ¶
type RouteTable struct { ID string VPCID string Routes []RouteTableRoute }
A RouteTable resource representation.
func (RouteTable) Dependencies ¶ added in v0.2.0
func (rt RouteTable) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the route table's resource dependencies.
func (RouteTable) ToResource ¶
func (rt RouteTable) ToResource() reach.Resource
ToResource returns the route table converted to a generalized Reach resource.
type RouteTableRoute ¶
type RouteTableRoute struct { Destination *net.IPNet Target interface{} // TODO: Figure this out -- this is not the normal Reach 'target' States string Propagated bool }
A RouteTableRoute resource representation.
type SecurityGroup ¶
type SecurityGroup struct { ID string NameTag string GroupName string VPCID string InboundRules []SecurityGroupRule OutboundRules []SecurityGroupRule }
A SecurityGroup resource representation.
func (SecurityGroup) Dependencies ¶ added in v0.2.0
func (sg SecurityGroup) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the security group's resource dependencies.
func (SecurityGroup) Name ¶
func (sg SecurityGroup) Name() string
Name returns the security group's ID, and, if available, its name tag value (or group name).
func (SecurityGroup) ToResource ¶
func (sg SecurityGroup) ToResource() reach.Resource
ToResource returns the security group converted to a generalized Reach resource.
type SecurityGroupReference ¶
A SecurityGroupReference resource representation. A SecurityGroupReference is similar to a SecurityGroup, except it intentionally omits any further dependencies, so as to prevent a dependency cycle when security groups have security group rules that refer to security groups.
func (SecurityGroupReference) ToResource ¶
func (sgRef SecurityGroupReference) ToResource() reach.Resource
ToResource returns the security group reference converted to a generalized Reach resource.
type SecurityGroupRule ¶
type SecurityGroupRule struct { TrafficContent reach.TrafficContent TargetSecurityGroupReferenceID string `json:"TargetSecurityGroupReferenceID,omitempty"` TargetSecurityGroupReferenceAccountID string `json:"TargetSecurityGroupReferenceAccountID,omitempty"` TargetIPNetworks []*net.IPNet `json:"TargetIPNetworks,omitempty"` }
A SecurityGroupRule resource representation.
type Subnet ¶
A Subnet resource representation.
func (Subnet) Dependencies ¶ added in v0.2.0
func (s Subnet) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)
Dependencies returns a collection of the subnet's resource dependencies.
func (Subnet) ToResource ¶
ToResource returns the subnet converted to a generalized Reach resource.
type VPC ¶
type VPC struct { ID string IPv4CIDRs []net.IPNet `json:"IPv4CIDRs,omitempty"` IPv6CIDRs []net.IPNet `json:"IPv6CIDRs,omitempty"` }
An VPC resource representation.
func (VPC) ToResource ¶
ToResource returns the VPC converted to a generalized Reach resource.
type VectorAnalyzer ¶
type VectorAnalyzer struct {
// contains filtered or unexported fields
}
VectorAnalyzer is the AWS-specific implementation of the VectorAnalyzer interface.
func NewVectorAnalyzer ¶
func NewVectorAnalyzer(resourceCollection *reach.ResourceCollection) VectorAnalyzer
NewVectorAnalyzer creates a new AWS-specific VectorAnalyzer.
func (VectorAnalyzer) Factors ¶
func (analyzer VectorAnalyzer) Factors(v reach.NetworkVector) ([]reach.Factor, reach.NetworkVector, error)
Factors calculates the analysis factors for the given network vector.
type VectorDiscoverer ¶
type VectorDiscoverer struct {
// contains filtered or unexported fields
}
VectorDiscoverer is the AWS-specific implementation of the VectorDiscoverer interface.
func NewVectorDiscoverer ¶
func NewVectorDiscoverer(resourceCollection *reach.ResourceCollection) VectorDiscoverer
NewVectorDiscoverer creates a new AWS-specific VectorDiscoverer.
func (VectorDiscoverer) Discover ¶
func (d VectorDiscoverer) Discover(subjects []*reach.Subject) ([]reach.NetworkVector, error)
Discover identifies all of the network vectors that could exist between the given subjects.
Source Files ¶
- aws.go
- ec2_instance.go
- ec2_instance_subject.go
- elastic_network_interface.go
- explainer.go
- factors.go
- find_ec2_instance_id.go
- instance_state_factor.go
- is_used_by.go
- lineage.go
- network_acl.go
- network_acl_rule.go
- network_acl_rule_direction.go
- network_acl_rule_explanation_view_model.go
- network_acl_rule_match.go
- network_acl_rules_factor.go
- network_acl_rules_factor_component.go
- network_interface_attachment.go
- new_subject.go
- perspective.go
- resource_provider.go
- route_table.go
- route_table_route.go
- security_group.go
- security_group_reference.go
- security_group_rule.go
- security_group_rule_direction.go
- security_group_rule_explanation_view_model.go
- security_group_rule_match.go
- security_group_rule_match_basis.go
- security_group_rules_factor.go
- security_group_rules_factor_component.go
- subnet.go
- vector_analyzer.go
- vector_discoverer.go
- vpc.go