nlap

command module

v2.0.0-...-a1bc813 Latest Latest Go to latest Published: May 31, 2023 License: BSD-2-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/groovy-sky/nlap

Links

Open Source Insights

README ¶

Network Limiter for Azure PaaS

Overview

Network Limiter for Azure PaaS (aka nlap) is CLI tool, written on Golang, that limits network access to Azure PaaS (Platform-as-a-Service) instances. Under the hood it uses Azure Go SDK.

Quick start

Installation

To build from scratch you'll need Go >= 1.19. Open the terminal and execute the following command:

export GOPATH="$HOME/go"
PATH="$GOPATH/bin:$PATH"
go install github.com/groovy-sky/nlap/v2@latest

Another way how you can get this tool - check the latest version under releases section

Examples

To check available commands run the tool with -h flag:

./nlap -h

By default, CLI does not overwrite existing rules (if there are any), but append them. As a source, for whitelisting, could be used list of IPs (separated by semicolon) from CLI or/and external URLs with allowed IPs(supports 'https' only).

Add to allowed IPs a list stored in URL (appends only):

./nlap set -u "https://raw.githubusercontent.com/groovy-sky/azure-ip-ranges/main/ip/ApiManagement.WestEurope.txt" -s "/subscriptions/<sub-id>/resourceGroups/<res-grp>/Microsoft.Storage/storageAccounts/<res-name>"

Allow to access storage accounts from certain IPs only (existing rules will be removed):

./nlap set -i "1.1.1.1;2.2.2.2" -s "/subscriptions/<sub-id-1>/resourceGroups/<res-grp-1>/Microsoft.Storage/storageAccounts/<res-name-1>;/subscriptions/<sub-id-2>/resourceGroups/<res-grp-2>/Microsoft.Storage/storageAccounts/<res-name-2>" -f

Append access with current environment public IP (using external service for showing IP) and enable enhanced security (setup Minimum TLS version to 1.2, no anonymous access to blob containers will be allowed, HTTPS access accepted only):

./nlap set -u "https://api.ipify.org" -s "/subscriptions/<sub-id>/resourceGroups/<res-grp>/Microsoft.Storage/storageAccounts/<res-name>" -e

Fully disable access (if you planning to use Private Endpoints only):

./nlap set -s "/subscriptions/<sub-id>/resourceGroups/<res-grp>/Microsoft.Storage/storageAccounts/<res-name>" -f

ToDo

Check how it works for V1 Storage
Add the possibility to get inputs from the web
[] Develop Azure Function, which would trigger by timer and blob modification
Implement goroutine for parallel exec
Implement force
Implement secure mode - force use https only, denies public access etc.
Change CLI lib
[] Add Windows OS for build
[] Add disable public access option with existing rules cleanup
[] Add another PaaS service support
[] Add get command

https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity

https://learn.microsoft.com/en-us/rest/api/

https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/storage/azblob/examples_test.go

https://github.com/Azure-Samples/azure-sdk-for-go-samples/blob/main/sdk/resourcemanager/resource/resources/main.go

https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/get-properties?tabs=Go#storageaccountgetproperties

https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage#section-readme

https://learn.microsoft.com/en-us/rest/api/resources/tenants/list?tabs=HTTP

https://google.github.io/styleguide/go/

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
netmerge

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL