Skip to content

Commit

Permalink
Added inline protocol diagrams
Browse files Browse the repository at this point in the history 
When processing DataFlows fluetm.py creates a graphic for each flow.

This uses the "record" node in Graphviz to construct and image that's
interpretted left-to-right.

Also added buildExamples.sh, userful for rebuilding examples
  • Loading branch information
@hyakuhei
hyakuhei committed Aug 2, 2021
1 parent 4b54c70 commit 311b7c6
Show file tree
Hide file tree
Showing 183 changed files with 1,345 additions and 1,022 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,3 +130,5 @@ dmypy.json

# vim
.*.swp
private_*
private
2 changes: 2 additions & 0 deletions buildExamples.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/sh
for f in example_*.py; do python3 $f; done
4 changes: 2 additions & 2 deletions example_aws_eks_add_on_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from fluentm import Actor, Boundary, Process, DataFlow, HTTP, SIGV4, TLS, Unknown, SIGV4, JWS, Internal
from fluentm import Actor, Boundary, Process, DataFlow, HTTP, SIGV4, TLS, Unknown, SIGV4, JWS, Internal, Data
from fluentm import report


Expand All @@ -12,7 +12,7 @@
DataFlow(
Actor("User"),
Process("EKS").inBoundary("AWS SVCs"),
TLS(SIGV4("Create OIDC endpoint")),
TLS(SIGV4("Create OIDC endpoint")).addProtocolData(Data("Server x509")).addProtocolData(Data("Client x509")),
response="OIDC provider URL"
),
DataFlow(
Expand Down
270 changes: 118 additions & 152 deletions examples/OPA_orchestration/ThreatModel.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,107 +47,90 @@ <h2> Developer requests a new cluster </h2>
<img src="Developer requests a new cluster-dfd.png">
<table id="dataFlowTable">
<tr>

<th>Flow ID</th>

<th>Pitcher</th>

<th>Data Construction</th>
<th>Catcher</th>

<th>Data Flow</th>


</tr>

<tr>

<td>1</td>

<td>Developer</td>

<td>Cluster Orchestrator</td>

<td>TLS( HTTP( Create cluster request ) )</td>

<td>1</td>
<td>Developer</td>

<td>
<img src="flow-Developer requests a new cluster-1.png">
</td>
<td>Cluster Orchestrator</td>

</tr>


<tr>

<td>2</td>

<td>Cluster Orchestrator</td>

<td>Cluster Orchestrator</td>

<td>Internal( Validates user )</td>

<td>2</td>
<td>Cluster Orchestrator</td>

<td>
<img src="flow-Developer requests a new cluster-2.png">
</td>
<td>Cluster Orchestrator</td>

</tr>


<tr>

<td>3</td>

<td>Cluster Orchestrator</td>

<td>IAM</td>

<td>TLS( HTTP( Create new account ) )</td>

<td>3</td>
<td>Cluster Orchestrator</td>

<td>
<img src="flow-Developer requests a new cluster-3.png">
</td>
<td>IAM</td>

</tr>


<tr>

<td>4</td>

<td>IAM</td>

<td>Cluster Orchestrator</td>

<td>TLS( HTTP( Account Details ) )</td>

<td>4</td>
<td>IAM</td>

<td>
<img src="flow-Developer requests a new cluster-4.png">
</td>
<td>Cluster Orchestrator</td>

</tr>


<tr>

<td>5</td>

<td>Cluster Orchestrator</td>

<td>EKS</td>

<td>TLS( HTTP( Create new cluster ) )</td>

<td>5</td>
<td>Cluster Orchestrator</td>

<td>
<img src="flow-Developer requests a new cluster-5.png">
</td>
<td>EKS</td>

</tr>


<tr>

<td>6</td>

<td>EKS</td>

<td>Cluster Orchestrator</td>

<td>TLS( HTTP( Cluster Details ) )</td>

<td>6</td>
<td>EKS</td>

<td>
<img src="flow-Developer requests a new cluster-6.png">
</td>
<td>Cluster Orchestrator</td>

</tr>


<tr>

<td>7</td>

<td>Cluster Orchestrator</td>

<td>k8s API</td>

<td>TLS( HTTP( Add default admission controller ) )</td>

<td>7</td>
<td>Cluster Orchestrator</td>

<td>
<img src="flow-Developer requests a new cluster-7.png">
</td>
<td>k8s API</td>

</tr>


</table>

Expand All @@ -158,107 +141,90 @@ <h2> Developer creates a pod </h2>
<img src="Developer creates a pod-dfd.png">
<table id="dataFlowTable">
<tr>

<th>Flow ID</th>

<th>Pitcher</th>

<th>Data Construction</th>
<th>Catcher</th>

<th>Data Flow</th>


</tr>

<tr>

<td>1</td>

<td>Developer</td>

<td>k8s API</td>

<td>TLS( HTTP( Create POD ) )</td>

<td>1</td>
<td>Developer</td>

<td>
<img src="flow-Developer creates a pod-1.png">
</td>
<td>k8s API</td>

</tr>


<tr>

<td>2</td>

<td>k8s API</td>

<td>Admission Controller</td>

<td>TLS( HTTP( Validate pod creation ) )</td>

<td>2</td>
<td>k8s API</td>

<td>
<img src="flow-Developer creates a pod-2.png">
</td>
<td>Admission Controller</td>

</tr>


<tr>

<td>3</td>

<td>Admission Controller</td>

<td>OPA</td>

<td>HTTP( Validate pod creation.. )</td>

<td>3</td>
<td>Admission Controller</td>

<td>
<img src="flow-Developer creates a pod-3.png">
</td>
<td>OPA</td>

</tr>


<tr>

<td>4</td>

<td>OPA</td>

<td>Policy Repo</td>

<td>SSH( GIT( Get latest policy ) )</td>

<td>4</td>
<td>OPA</td>

<td>
<img src="flow-Developer creates a pod-4.png">
</td>
<td>Policy Repo</td>

</tr>


<tr>

<td>5</td>

<td>Policy Repo</td>

<td>OPA</td>

<td>SSH( GIT( Latest policy REGO ) )</td>

<td>5</td>
<td>Policy Repo</td>

<td>
<img src="flow-Developer creates a pod-5.png">
</td>
<td>OPA</td>

</tr>


<tr>

<td>6</td>

<td>OPA</td>

<td>k8s API</td>

<td>TLS( HTTP( Validation Decision ) )</td>

<td>6</td>
<td>OPA</td>

<td>
<img src="flow-Developer creates a pod-6.png">
</td>
<td>k8s API</td>

</tr>


<tr>

<td>7</td>

<td>k8s API</td>

<td>Developer</td>

<td>TLS( HTTP( Approve/Denied ) )</td>

<td>7</td>
<td>k8s API</td>

<td>
<img src="flow-Developer creates a pod-7.png">
</td>
<td>Developer</td>

</tr>


</table>

Expand Down
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="TLS|HTTP|{Create POD}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-1.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="TLS|HTTP|{Validate pod creation}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-3
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="HTTP|{Validate pod creation..}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-3.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-4
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="SSH|GIT|{Get latest policy}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-5
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="SSH|GIT|{Latest policy REGO}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions examples/OPA_orchestration/flow-Developer creates a pod-6
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
digraph {
graph [bgcolor=transparent fontsize=11 fontstyle=Arial]
node [fontsize=11 fontstyle=Arial shape=plaintext]
struct [label="TLS|HTTP|{Validation Decision}" shape=record]
}
Binary file added examples/OPA_orchestration/flow-Developer creates a pod-6.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 311b7c6

Please sign in to comment.