README
¶
cloudconnect
Cloud connect provides a CLI (cloud-connect) and Lambda function (autoapprover) for managing CIDR allocations and
attachments for a multi-tenant (and multi-region) setup of AWS Transit Gateway. This is done using a YAML configuration
that contains CIDR allocations (see example/allocations.yml) and using the autoapprover
to manage transit gateway attachments and routes.
CLI
Installation
Use homebrew to install the latest version on OS X and Linux: brew install telia-oss/tap/cloud-connect.
Otherwise you can install cloud-connect by downloading it from the releases.
Usage
$ cloud-connect --help
usage: cloud-connect [<flags>] <command> [<args> ...]
CLI for managing cloud connect
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...]
Show help.
format <file>...
Format config file
validate <file>...
Validate config file
next-cidr --supernet=SUPERNET [<flags>] <file>
Get the next available CIDR
list attachments --region=REGION <file>
List transit gateway attachments
list routes --region=REGION <file>
List transit gateway routes
list supernets <file>
List available supernets
plan --region=REGION <config>
Plan changes to transit gateway based on the specified config
apply --region=REGION [<flags>] <config>
Apply changes to transit gateway
Autoapprover
Installation
You can download the latest version of autoapprover from the releases,
or you can use the pre-packaged zip files available from our public S3 bucket and reference it directly in your terraform:
data "aws_region" "current" {}
module "lambda" {
source = "telia-oss/lambda/aws"
version = "3.0.0"
name_prefix = "autoapprover"
s3_bucket = "telia-oss-${data.aws_region.current.name}"
s3_key = "autoapprover/v0.2.0.zip"
handler = "autoapprover"
...
}
Usage
The autoapprover is a Lambda function, but can also be run locally for development purposes:
$ autoapprover --help
usage: autoapprover --config-bucket=CONFIG-BUCKET --config-path=CONFIG-PATH --region=REGION [<flags>]
A lambda handler for managing cloud connect
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
--config-bucket=CONFIG-BUCKET S3 bucket where the config is stored
--config-path=CONFIG-PATH Path to the config file (in the S3 bucket)
--region=REGION AWS Region to target
--local Run the handler in local mode (i.e. not inside a Lambda)
--dry-run Use the dry-run option for AWS API requests (no side-effects).
--debug Enable debug logging.
I.e. you can use --local and --dry-run to test the code locally without side effects.
Environment variables
As with the CLI, flags can be set via the environment:
# For staging
export AUTOAPPROVER_CONFIG_BUCKET=dc-stage-autoapprover
export AUTOAPPROVER_CONFIG_PATH=allocations.yml
# For production
export AUTOAPPROVER_CONFIG_BUCKET=dc-prod-autoapprover
export AUTOAPPROVER_CONFIG_PATH=allocations.yml
After setting the above, you can run the autoapprover locally like this:
./build/autoapprover --dry-run --local --debug
Documentation
¶
Index ¶
- func Apply(m Manager, change *AttachmentChange) error
- func ApplyAll(m Manager, changes []*AttachmentChange) error
- func VerifyNoOverlap(subnets []*CIDR) error
- type Allocation
- type Attachment
- type AttachmentChange
- type AttachmentID
- type CIDR
- type ChangeAction
- type Config
- func (c *Config) Allocations() (allocations []*Allocation)
- func (c *Config) ListSubnets() (subnets []*CIDR)
- func (c *Config) ListSubnetsByRegion() map[string][]*CIDR
- func (c *Config) ListSupernets() (supernets []*CIDR)
- func (c *Config) ListSupernetsByRegion() map[string][]*CIDR
- func (c *Config) Validate() error
- type EC2API
- type Gateway
- type Manager
- type Route
- type Supernet
- type Team
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyAll ¶
func ApplyAll(m Manager, changes []*AttachmentChange) error
ApplyAll performs an Apply for all the provided changes.
func VerifyNoOverlap ¶
VerifyNoOverlap takes a list of subnets and verifies that none of them are overlapping. Adapted from: https://github.com/apparentlymart/go-cidr/blob/master/cidr/cidr.go#L126
Types ¶
type Allocation ¶
type Allocation struct {
Name string `yaml:"name"`
Owner string `yaml:"id"`
CIDRs map[string][]*CIDR `yaml:"cidrs"`
}
Allocation represents a cloud connect CIDR allocation.
type Attachment ¶
type Attachment struct {
// ID is the AttachmentID for the attachment.
ID AttachmentID
// Owner is the account ID of the owning account.
Owner string
// Type of attachment, e.g. VPC or direct-connect.
Type string
// State of the attachment. E.g. pendingApproval, or available.
State string
// Created time for the attachment.
Created time.Time
// Tags contains a map of the tags for the attachment.
Tags map[string]string
}
Attachment represents an attachment in transit gateway.
type AttachmentChange ¶
type AttachmentChange struct {
// Action denotes the change that is being made.
Action ChangeAction
// Reason contains additional information about the reason for the change.
Reason string
// Allocation holds a pointer to an allocation if it exists, as such
// a nil check should be performed before using this value.
Allocation *Allocation
// Attachment is an embedded pointer to the attachment subject to change.
*Attachment
}
AttachmentChange represents a planned change for a transit gateway attachment.
func Plan ¶
func Plan(m Manager, a *Attachment, allocations []*Allocation, region string) (*AttachmentChange, error)
Plan changes for a single attachment based on the supplied allocations.
func PlanAll ¶
func PlanAll(m Manager, attachments []*Attachment, allocations []*Allocation, region string) ([]*AttachmentChange, error)
PlanAll generates a plan for all the given attachments.
type CIDR ¶
CIDR is a wrapper around net.IPNet that supports YAML (un)marshalling.
func (*CIDR) AddressCount ¶
AddressCount returns the number of IP addresses in the CIDR block.
func (*CIDR) Subnet ¶
Subnet finds the next available subnet with the desired prefix within the CIDR.
func (*CIDR) UnmarshalYAML ¶
UnmarshalYAML for CIDR...
type ChangeAction ¶
type ChangeAction string
const ( ApproveAttachment ChangeAction = "APPROVE" RejectAttachment ChangeAction = "REJECT" DeleteAttachment ChangeAction = "DELETE" TagAttachment ChangeAction = "TAG" NoOp ChangeAction = "NONE" )
type Config ¶
type Config struct {
Gateways map[string]*Gateway `yaml:"gateways"`
Supernets []*Supernet `yaml:"supernets"`
Teams []*Team `yaml:"teams"`
}
Config represents the configuration for a cloud connect environment. Including which network ranges are approved, and CIDR allocations for teams and their accounts.
func (*Config) Allocations ¶
func (c *Config) Allocations() (allocations []*Allocation)
Allocations returns the allocations as a list.
func (*Config) ListSubnets ¶
ListSubnets returns a list of the reserved subnets.
func (*Config) ListSubnetsByRegion ¶
ListSubnetsByRegion returns a map of the reserved subnets per region.
func (*Config) ListSupernets ¶
ListSupernets returns a list of the configured supernets.
func (*Config) ListSupernetsByRegion ¶
ListSupernetsByRegion returns a map of the configured supernets per region.
type EC2API ¶
type EC2API interface {
CreateTags(*ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error)
SearchTransitGatewayRoutes(*ec2.SearchTransitGatewayRoutesInput) (*ec2.SearchTransitGatewayRoutesOutput, error)
DescribeTransitGatewayAttachments(*ec2.DescribeTransitGatewayAttachmentsInput) (*ec2.DescribeTransitGatewayAttachmentsOutput, error)
AcceptTransitGatewayVpcAttachment(*ec2.AcceptTransitGatewayVpcAttachmentInput) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error)
RejectTransitGatewayVpcAttachment(*ec2.RejectTransitGatewayVpcAttachmentInput) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error)
DeleteTransitGatewayVpcAttachment(*ec2.DeleteTransitGatewayVpcAttachmentInput) (*ec2.DeleteTransitGatewayVpcAttachmentOutput, error)
}
EC2API wraps the interface for the API and provides a mocked implementation.
type Gateway ¶
type Gateway struct {
ID string `yaml:"transit_gateway_id"`
RouteTableID string `yaml:"route_table_id"`
}
Gateway ...
type Manager ¶
type Manager interface {
ListAttachments() ([]*Attachment, error)
ListAttachmentRoutes(a *Attachment) ([]*Route, error)
SetAttachmentTags(a *Attachment, tags map[string]string) error
ApprovePendingAttachment(a *Attachment) error
RejectPendingAttachment(a *Attachment) error
DeleteAttachment(a *Attachment) error
}
Manager provides an easy API for managing transit gateway.
type Route ¶
type Route struct {
// CIDR represents the destination for the route.
CIDR *CIDR
// Type of route, e.g. static or propagated.
Type string
// State of the route.
State string
// Attachment is the embedded attachment that the route points to.
*Attachment
}
Route represents a route in a transit gateway.
type Supernet ¶
type Supernet struct {
Description string `yaml:"description,omitempty"`
CIDRs map[string][]*CIDR `yaml:"cidrs"`
}
Supernet ...
type Team ¶
type Team struct {
Team string `yaml:"team"`
Accounts []*Allocation `yaml:"accounts"`
}
Team ...
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
|
cmd
|
|
|
internal
|
|
|
autoapprover/autoapproverfakes
Code generated by counterfeiter.
|
Code generated by counterfeiter. |