aws

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2019 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const FactorKindInstanceState = "InstanceState"

FactorKindInstanceState specifies the unique name for the EC2 instance state of factor.

View Source 
const FactorKindNetworkACLRules = "NetworkACLRules"

FactorKindNetworkACLRules specifies the unique name for the network ACL rules kind of factor.

View Source 
const FactorKindSecurityGroupRules = "SecurityGroupRules"

FactorKindSecurityGroupRules specifies the unique name for the security group rules kind of factor.

View Source 
const ResourceDomainAWS = "aws"

ResourceDomainAWS is the domain that represents AWS (Amazon Web Services), such that any AWS-specific kinds of resources can be categorized and operated on as such.

View Source 
const ResourceKindEC2Instance = "EC2Instance"

ResourceKindEC2Instance specifies the unique name for the EC2 instance kind of resource.

View Source 
const ResourceKindElasticNetworkInterface = "ElasticNetworkInterface"

ResourceKindElasticNetworkInterface specifies the unique name for the elastic network interface kind of resource.

View Source 
const ResourceKindNetworkACL = "NetworkACL"

ResourceKindNetworkACL specifies the unique name for the network ACL kind of resource.

View Source 
const ResourceKindRouteTable = "RouteTable"

ResourceKindRouteTable specifies the unique name for the route table kind of resource.

View Source 
const ResourceKindSecurityGroup = "SecurityGroup"

ResourceKindSecurityGroup specifies the unique name for the security group kind of resource.

View Source 
const ResourceKindSecurityGroupReference = "SecurityGroupReference"

ResourceKindSecurityGroupReference specifies the unique name for the security group reference kind of resource.

View Source 
const ResourceKindSubnet = "Subnet"

ResourceKindSubnet specifies the unique name for the subnet kind of resource.

View Source 
const ResourceKindVPC = "VPC"

ResourceKindVPC specifies the unique name for the VPC kind of resource.

View Source 
const SubjectKindEC2Instance = "EC2Instance"

SubjectKindEC2Instance specifies the unique name for the EC2 instance kind of subject.

Variables

This section is empty.

Functions

func FindEC2InstanceID 

func FindEC2InstanceID(searchText string, provider ResourceProvider) (string, error)

FindEC2InstanceID looks up the instance ID for an EC2 instance using a given resource provider (e.g. an AWS API client) based on the specified search text. The search text can match the entire value or beginning substring for an instance's ID or name tag value, as long as the text matches exactly one EC2 instance.

func GetENIsFromVector 

func GetENIsFromVector(v reach.NetworkVector, collection *reach.ResourceCollection) (*ElasticNetworkInterface, *ElasticNetworkInterface, error)

GetENIsFromVector returns the ElasticNetworkInterfaces from the specified network vector.

func IsUsedByNetworkPoint 

func IsUsedByNetworkPoint(point reach.NetworkPoint) bool

IsUsedByNetworkPoint returns a boolean indicating whether or not the specified network point contains an AWS-specific kind of resource.

func NewEC2InstanceSubject 

func NewEC2InstanceSubject(id string, role reach.SubjectRole) (*reach.Subject, error)

NewEC2InstanceSubject returns a new subject for the specified EC2 instance.

func NewSubject 

func NewSubject(identifier string, provider ResourceProvider) (*reach.Subject, error)

NewSubject looks up an AWS resource using the given provider and returns it as a new subject.

Types

type EC2Instance 

type EC2Instance struct {
	ID                          string
	NameTag                     string `json:"NameTag,omitempty"`
	State                       string
	NetworkInterfaceAttachments []NetworkInterfaceAttachment
}

An EC2Instance resource representation.

func GetEC2InstanceFromLineage 

func GetEC2InstanceFromLineage(lineage []reach.ResourceReference, collection *reach.ResourceCollection) (*EC2Instance, error)

GetEC2InstanceFromLineage returns the EC2 instance from the given lineage.

func (EC2Instance) Dependencies added in v0.2.0 

func (i EC2Instance) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the EC2 instance's resource dependencies.

func (EC2Instance) Name 

func (i EC2Instance) Name() string

Name returns the instance's ID, and, if available, its name tag value.

func (EC2Instance) ToResource 

func (i EC2Instance) ToResource() reach.Resource

ToResource returns the EC2 instance converted to a generalized Reach resource.

func (EC2Instance) ToResourceReference 

func (i EC2Instance) ToResourceReference() reach.ResourceReference

ToResourceReference returns a resource reference to uniquely identify the EC2 instance.

type ElasticNetworkInterface 

type ElasticNetworkInterface struct {
	ID                   string
	NameTag              string `json:"NameTag,omitempty"`
	SubnetID             string
	VPCID                string
	SecurityGroupIDs     []string
	PublicIPv4Address    net.IP   `json:"PublicIPv4Address,omitempty"`
	PrivateIPv4Addresses []net.IP `json:"PrivateIPv4Addresses,omitempty"`
	IPv6Addresses        []net.IP `json:"IPv6Addresses,omitempty"`
}

An ElasticNetworkInterface resource representation.

func ElasticNetworkInterfaceFromNetworkPoint 

func ElasticNetworkInterfaceFromNetworkPoint(point reach.NetworkPoint, rc *reach.ResourceCollection) *ElasticNetworkInterface

ElasticNetworkInterfaceFromNetworkPoint extracts the ElasticNetworkInterface from the lineage of the specified network point.

func GetENIFromLineage 

func GetENIFromLineage(lineage []reach.ResourceReference, collection *reach.ResourceCollection) (*ElasticNetworkInterface, error)

GetENIFromLineage returns the ElasticNetworkInterface from the given lineage.

func (ElasticNetworkInterface) Dependencies added in v0.2.0 

func (eni ElasticNetworkInterface) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the elastic network interface's resource dependencies.

func (ElasticNetworkInterface) Name 

func (eni ElasticNetworkInterface) Name() string

Name returns the elastic network interface's ID, and, if available, its name tag value.

func (ElasticNetworkInterface) ToResource 

func (eni ElasticNetworkInterface) ToResource() reach.Resource

ToResource returns the elastic network interface converted to a generalized Reach resource.

func (ElasticNetworkInterface) ToResourceReference 

func (eni ElasticNetworkInterface) ToResourceReference() reach.ResourceReference

ToResourceReference returns a resource reference to uniquely identify the elastic network interface.

type Explainer 

type Explainer struct {
	// contains filtered or unexported fields
}

Explainer explains an analysis with respect to AWS.

func NewExplainer 

func NewExplainer(analysis reach.Analysis) *Explainer

NewExplainer creates a new AWS-specific explainer.

func (Explainer) CheckBothInAWS 

func (ex Explainer) CheckBothInAWS(v reach.NetworkVector) bool

CheckBothInAWS returns a boolean indicating whether both network points in a network vector are AWS resources.

func (Explainer) CheckBothInSameSubnet 

func (ex Explainer) CheckBothInSameSubnet(v reach.NetworkVector) bool

CheckBothInSameSubnet returns a boolean indicating whether both network points in a network vector reside in the same AWS subnet.

func (Explainer) CheckBothInSameVPC 

func (ex Explainer) CheckBothInSameVPC(v reach.NetworkVector) bool

CheckBothInSameVPC returns a boolean indicating whether both network points in a network vector reside in the same AWS VPC.

func (*Explainer) InstanceState 

func (ex *Explainer) InstanceState(factor reach.Factor) string

InstanceState explains the analysis component for the specified instance state factor.

func (*Explainer) NetworkACLRules added in v0.2.0 

func (ex *Explainer) NetworkACLRules(factor reach.Factor, p reach.Perspective) string

NetworkACLRules explains the analysis component for the specified network ACL rules factor.

func (*Explainer) NetworkPoint 

func (ex *Explainer) NetworkPoint(point reach.NetworkPoint, p reach.Perspective) string

NetworkPoint explains the analysis component for the specified network point.

func (*Explainer) SecurityGroupRules 

func (ex *Explainer) SecurityGroupRules(factor reach.Factor, p reach.Perspective) string

SecurityGroupRules explains the analysis component for the specified security group rules factor.

type NetworkACL 

type NetworkACL struct {
	ID            string
	InboundRules  []NetworkACLRule
	OutboundRules []NetworkACLRule
}

A NetworkACL resource representation.

func (NetworkACL) ToResource 

func (nacl NetworkACL) ToResource() reach.Resource

ToResource returns the network ACL converted to a generalized Reach resource.

func (NetworkACL) ToResourceReference added in v0.2.0 

func (nacl NetworkACL) ToResourceReference() reach.ResourceReference

ToResourceReference returns a resource reference to uniquely identify the network ACL.

type NetworkACLRule 

type NetworkACLRule struct {
	Number          int64
	TrafficContent  reach.TrafficContent
	TargetIPNetwork *net.IPNet
	Action          NetworkACLRuleAction
}

An NetworkACLRule resource representation.

func (NetworkACLRule) Allows added in v0.2.0 

func (r NetworkACLRule) Allows() bool

Allows returns a boolean indicating if the rule is allowing traffic.

func (NetworkACLRule) Denies added in v0.2.0 

func (r NetworkACLRule) Denies() bool

Denies returns a boolean indicating if the rule is denying traffic.

type NetworkACLRuleAction 

type NetworkACLRuleAction int

A NetworkACLRuleAction is the action specified by a network ACL rule -- either allow or deny. 

const (
	NetworkACLRuleActionDeny NetworkACLRuleAction = iota
	NetworkACLRuleActionAllow
)

The allowed actions for a network ACL rule.

func (NetworkACLRuleAction) MarshalJSON added in v0.2.0 

func (action NetworkACLRuleAction) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON representation of the NetworkACLRuleAction.

func (NetworkACLRuleAction) String added in v0.2.0 

func (action NetworkACLRuleAction) String() string

String returns the string representation of the NetworkACLRuleAction.

type NetworkInterfaceAttachment 

type NetworkInterfaceAttachment struct {
	ID                        string
	ElasticNetworkInterfaceID string
	DeviceIndex               int64 // e.g. 0 for "eth0"
}

A NetworkInterfaceAttachment resource representation.

func (NetworkInterfaceAttachment) Dependencies added in v0.2.0 

func (attachment NetworkInterfaceAttachment) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the network interface attachment's resource dependencies.

type ResourceProvider 

type ResourceProvider interface {
	AllEC2Instances() ([]EC2Instance, error)
	EC2Instance(id string) (*EC2Instance, error)
	ElasticNetworkInterface(id string) (*ElasticNetworkInterface, error)
	NetworkACL(id string) (*NetworkACL, error)
	RouteTable(id string) (*RouteTable, error)
	SecurityGroup(id string) (*SecurityGroup, error)
	SecurityGroupReference(id, accountID string) (*SecurityGroupReference, error)
	Subnet(id string) (*Subnet, error)
	VPC(id string) (*VPC, error)
}

The ResourceProvider interface wraps all of the necessary methods for accessing AWS-specific resources.

type RouteTable 

type RouteTable struct {
	ID     string
	VPCID  string
	Routes []RouteTableRoute
}

A RouteTable resource representation.

func (RouteTable) Dependencies added in v0.2.0 

func (rt RouteTable) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the route table's resource dependencies.

func (RouteTable) ToResource 

func (rt RouteTable) ToResource() reach.Resource

ToResource returns the route table converted to a generalized Reach resource.

type RouteTableRoute 

type RouteTableRoute struct {
	Destination *net.IPNet
	Target      interface{} // TODO: Figure this out -- this is not the normal Reach 'target'
	States      string
	Propagated  bool
}

A RouteTableRoute resource representation.

type SecurityGroup 

type SecurityGroup struct {
	ID            string
	NameTag       string
	GroupName     string
	VPCID         string
	InboundRules  []SecurityGroupRule
	OutboundRules []SecurityGroupRule
}

A SecurityGroup resource representation.

func (SecurityGroup) Dependencies added in v0.2.0 

func (sg SecurityGroup) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the security group's resource dependencies.

func (SecurityGroup) Name 

func (sg SecurityGroup) Name() string

Name returns the security group's ID, and, if available, its name tag value (or group name).

func (SecurityGroup) ToResource 

func (sg SecurityGroup) ToResource() reach.Resource

ToResource returns the security group converted to a generalized Reach resource.

type SecurityGroupReference 

type SecurityGroupReference struct {
	ID        string
	AccountID string
	NameTag   string
	GroupName string
}

A SecurityGroupReference resource representation. A SecurityGroupReference is similar to a SecurityGroup, except it intentionally omits any further dependencies, so as to prevent a dependency cycle when security groups have security group rules that refer to security groups.

func (SecurityGroupReference) ToResource 

func (sgRef SecurityGroupReference) ToResource() reach.Resource

ToResource returns the security group reference converted to a generalized Reach resource.

type SecurityGroupRule 

type SecurityGroupRule struct {
	TrafficContent                        reach.TrafficContent
	TargetSecurityGroupReferenceID        string       `json:"TargetSecurityGroupReferenceID,omitempty"`
	TargetSecurityGroupReferenceAccountID string       `json:"TargetSecurityGroupReferenceAccountID,omitempty"`
	TargetIPNetworks                      []*net.IPNet `json:"TargetIPNetworks,omitempty"`
}

A SecurityGroupRule resource representation.

type Subnet 

type Subnet struct {
	ID           string
	NetworkACLID string
	VPCID        string
}

A Subnet resource representation.

func (Subnet) Dependencies added in v0.2.0 

func (s Subnet) Dependencies(provider ResourceProvider) (*reach.ResourceCollection, error)

Dependencies returns a collection of the subnet's resource dependencies.

func (Subnet) ToResource 

func (s Subnet) ToResource() reach.Resource

ToResource returns the subnet converted to a generalized Reach resource.

type VPC 

type VPC struct {
	ID        string
	IPv4CIDRs []net.IPNet `json:"IPv4CIDRs,omitempty"`
	IPv6CIDRs []net.IPNet `json:"IPv6CIDRs,omitempty"`
}

An VPC resource representation.

func (VPC) ToResource 

func (vpc VPC) ToResource() reach.Resource

ToResource returns the VPC converted to a generalized Reach resource.

type VectorAnalyzer 

type VectorAnalyzer struct {
	// contains filtered or unexported fields
}

VectorAnalyzer is the AWS-specific implementation of the VectorAnalyzer interface.

func NewVectorAnalyzer 

func NewVectorAnalyzer(resourceCollection *reach.ResourceCollection) VectorAnalyzer

NewVectorAnalyzer creates a new AWS-specific VectorAnalyzer.

func (VectorAnalyzer) Factors 

func (analyzer VectorAnalyzer) Factors(v reach.NetworkVector) ([]reach.Factor, reach.NetworkVector, error)

Factors calculates the analysis factors for the given network vector.

type VectorDiscoverer 

type VectorDiscoverer struct {
	// contains filtered or unexported fields
}

VectorDiscoverer is the AWS-specific implementation of the VectorDiscoverer interface.

func NewVectorDiscoverer 

func NewVectorDiscoverer(resourceCollection *reach.ResourceCollection) VectorDiscoverer

NewVectorDiscoverer creates a new AWS-specific VectorDiscoverer.

func (VectorDiscoverer) Discover 

func (d VectorDiscoverer) Discover(subjects []*reach.Subject) ([]reach.NetworkVector, error)

Discover identifies all of the network vectors that could exist between the given subjects.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.