Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Aggregated Model #8

Merged
merged 1 commit into from
Jul 18, 2021
Merged

Adding Aggregated Model #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions examples/OPA_orchestration/AggregatedDfd-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
digraph "Aggregated DFD" {
edge [dir=forward]
color=blue rankdir=LR
node [fontname=Arial fontsize=14]
Developer
subgraph "cluster_Control Cluster" {
graph [color=red fontname=Arial fontsize=12 label="Control Cluster" line=dotted]
"Cluster Orchestrator"
}
subgraph cluster_AWS {
graph [color=red fontname=Arial fontsize=12 label=AWS line=dotted]
IAM
EKS
}
subgraph "cluster_New AWS Account" {
graph [color=red fontname=Arial fontsize=12 label="New AWS Account" line=dotted]
subgraph "cluster_New Kubernetes Cluster" {
graph [color=red fontname=Arial fontsize=12 label="New Kubernetes Cluster" line=dotted]
"k8s API"
}
}
subgraph "cluster_Cluster Orchestrator" {
graph [color=red fontname=Arial fontsize=12 label="Cluster Orchestrator" line=dotted]
"Admission Controller"
OPA
}
subgraph "cluster_Version Control" {
graph [color=red fontname=Arial fontsize=12 label="Version Control" line=dotted]
"Policy Repo"
}
Developer -> "Cluster Orchestrator"
"Cluster Orchestrator" -> "Cluster Orchestrator"
"Cluster Orchestrator" -> IAM
"Cluster Orchestrator" -> EKS
"Cluster Orchestrator" -> "k8s API"
Developer -> "k8s API"
"k8s API" -> "Admission Controller"
"Admission Controller" -> OPA
OPA -> "Policy Repo"
OPA -> "k8s API"
}
Binary file added examples/OPA_orchestration/AggregatedDfd-dfd.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
12 changes: 12 additions & 0 deletions examples/OPA_orchestration/ThreatModel.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,21 @@
background-color: #a34a4a;
color: white;
}
h2 {
color: rgb(48, 27, 23);
font-family: verdana;
font-size: 25px;
}
p {
font-family: verdana;
font-size: 15px;
}
</style>
</head>
<body>
<h2> Aggregated Model</h2>
<p>This high level diagram gathers all flows in this model to show how components interact at a high level.</p>
<img src=AggregatedDfd-dfd.png >
<hr />

<h2> Developer requests a new cluster </h2>
Expand Down
8 changes: 3 additions & 5 deletions examples/aws-iam-authenticator/API traffic-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
digraph "API traffic" {
color=blue rankdir=LR
node [fontname=Arial fontsize=14]
"AWS IAM"
subgraph "cluster_User Machine" {
graph [color=red fontname=Arial fontsize=12 label="User Machine" line=dotted]
kubectl
Expand All @@ -14,14 +15,11 @@ digraph "API traffic" {
"aws-iam-authenticator"
"aws-auth"
}
subgraph cluster_AWS {
graph [color=red fontname=Arial fontsize=12 label=AWS line=dotted]
"AWS IAM"
}
kubectl -> "k8s api" [label="(1) STS token in HTTP header"]
"k8s api" -> "aws-iam-authenticator" [label="(2) STS Request from token"]
"aws-iam-authenticator" -> "AWS IAM" [label="(3) STS Request"]
"AWS IAM" -> "aws-iam-authenticator" [label="(4) ?"]
"aws-iam-authenticator" -> "aws-auth" [label="(5) Config Map"]
"aws-iam-authenticator" -> "k8s api" [label="(6) Mapped username"]
"aws-iam-authenticator" -> "k8s api" [label="(6) Read Mapped usernames"]
"k8s api" -> "aws-iam-authenticator" [label="(7) Config Map"]
}
Binary file modified examples/aws-iam-authenticator/API traffic-dfd.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
26 changes: 26 additions & 0 deletions examples/aws-iam-authenticator/AggregatedDfd-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
digraph "Aggregated DFD" {
edge [dir=forward]
color=blue rankdir=LR
node [fontname=Arial fontsize=14]
"AWS IAM"
subgraph "cluster_User Machine" {
graph [color=red fontname=Arial fontsize=12 label="User Machine" line=dotted]
kubectl
"aws-cli"
}
subgraph "cluster_EKS Cluster" {
graph [color=red fontname=Arial fontsize=12 label="EKS Cluster" line=dotted]
"k8s api"
}
subgraph "cluster_EKS Data Plane" {
graph [color=red fontname=Arial fontsize=12 label="EKS Data Plane" line=dotted]
"aws-iam-authenticator"
"aws-auth"
}
kubectl -> "aws-cli"
"aws-cli" -> "aws-cli"
kubectl -> "k8s api"
"k8s api" -> "aws-iam-authenticator"
"aws-iam-authenticator" -> "AWS IAM"
"aws-iam-authenticator" -> "aws-auth"
}
Binary file added examples/aws-iam-authenticator/AggregatedDfd-dfd.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
37 changes: 31 additions & 6 deletions examples/aws-iam-authenticator/ThreatModel.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,21 @@
background-color: #a34a4a;
color: white;
}
h2 {
color: rgb(48, 27, 23);
font-family: verdana;
font-size: 25px;
}
p {
font-family: verdana;
font-size: 15px;
}
</style>
</head>
<body>
<h2> Aggregated Model</h2>
<p>This high level diagram gathers all flows in this model to show how components interact at a high level.</p>
<img src=AggregatedDfd-dfd.png >
<hr />

<h2> kubectl gets pre-signed URL </h2>
Expand Down Expand Up @@ -65,9 +77,9 @@ <h2> kubectl gets pre-signed URL </h2>

<td>aws-cli</td>

<td>AWS IAM</td>
<td>aws-cli</td>

<td>TLS( HTTP( SIGV4( Get STS Token ) ) )</td>
<td>Internal( Sign URL using private key )</td>

</tr>

Expand All @@ -76,11 +88,11 @@ <h2> kubectl gets pre-signed URL </h2>

<td>3</td>

<td>AWS IAM</td>

<td>aws-cli</td>

<td>TLS( HTTP( JWS( STS Token ) ) )</td>
<td>kubectl</td>

<td>Internal( STS PreSigned URL )</td>

</tr>

Expand Down Expand Up @@ -178,7 +190,20 @@ <h2> API traffic </h2>

<td>k8s api</td>

<td>Unknown( Mapped username )</td>
<td>TLS( HTTP( Read Mapped usernames ) )</td>

</tr>


<tr>

<td>7</td>

<td>k8s api</td>

<td>aws-iam-authenticator</td>

<td>TLS( HTTP( Config Map ) )</td>

</tr>

Expand Down
8 changes: 2 additions & 6 deletions examples/aws-iam-authenticator/kubectl gets pre-signed URL-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,7 @@ digraph "kubectl gets pre-signed URL" {
kubectl
"aws-cli"
}
subgraph cluster_AWS {
graph [color=red fontname=Arial fontsize=12 label=AWS line=dotted]
"AWS IAM"
}
kubectl -> "aws-cli" [label="(1) Exec aws-cli get-token"]
"aws-cli" -> "AWS IAM" [label="(2) Get STS Token"]
"AWS IAM" -> "aws-cli" [label="(3) STS Token"]
"aws-cli" -> "aws-cli" [label="(2) Sign URL using private key"]
"aws-cli" -> kubectl [label="(3) STS PreSigned URL"]
}
Binary file modified examples/aws-iam-authenticator/kubectl gets pre-signed URL-dfd.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
26 changes: 26 additions & 0 deletions examples/bookstore/AggregatedDfd-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
digraph "Aggregated DFD" {
edge [dir=forward]
color=blue rankdir=LR
node [fontname=Arial fontsize=14]
Customer
subgraph "cluster_Front End" {
graph [color=red fontname=Arial fontsize=12 label="Front End" line=dotted]
Nginx
}
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"User Database"
}
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"Stock Database"
}
subgraph "cluster_External CDN" {
graph [color=red fontname=Arial fontsize=12 label="External CDN" line=dotted]
CDN
}
Customer -> Nginx
Nginx -> "User Database"
Nginx -> "Stock Database"
Customer -> CDN
}
Binary file added examples/bookstore/AggregatedDfd-dfd.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion examples/bookstore/Customer Lists Books-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ digraph "Customer Lists Books" {
graph [color=red fontname=Arial fontsize=12 label="Front End" line=dotted]
Nginx
}
Customer -> Nginx [label="(1) GET /list, Login Cookie"]
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"Stock Database"
}
Customer -> Nginx [label="(1) GET /list, Login Cookie"]
Nginx -> "Stock Database" [label="(2) SELECT stock"]
"Stock Database" -> Nginx [label="(3) Stock Items, Pagination token"]
Nginx -> Customer [label="(4) Page listings"]
Expand Down
2 changes: 1 addition & 1 deletion examples/bookstore/Customer Login-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ digraph "Customer Login" {
graph [color=red fontname=Arial fontsize=12 label="Front End" line=dotted]
Nginx
}
Customer -> Nginx [label="(1) GET /Login credentials"]
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"User Database"
}
Customer -> Nginx [label="(1) GET /Login credentials"]
Nginx -> "User Database" [label="(2) SELECT user password"]
"User Database" -> Nginx [label="(3) password"]
Nginx -> Customer [label="(4) Login Cookie"]
Expand Down
11 changes: 5 additions & 6 deletions examples/bookstore/Customer Views Details-dfd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,22 @@ digraph "Customer Views Details" {
graph [color=red fontname=Arial fontsize=12 label="Front End" line=dotted]
Nginx
}
Customer -> Nginx [label="(1) GET /item, Login Cookie"]
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"User Database"
}
Nginx -> "User Database" [label="(2) Log viewed ID"]
subgraph "cluster_Back End" {
graph [color=red fontname=Arial fontsize=12 label="Back End" line=dotted]
"User Database"
"Stock Database"
}
Nginx -> "Stock Database" [label="(3) SELECT ID"]
"Stock Database" -> Nginx [label="(4) Stock details, CDN image links"]
Nginx -> Customer [label="(5) Page html"]
subgraph "cluster_External CDN" {
graph [color=red fontname=Arial fontsize=12 label="External CDN" line=dotted]
CDN
}
Customer -> Nginx [label="(1) GET /item, Login Cookie"]
Nginx -> "User Database" [label="(2) Log viewed ID"]
Nginx -> "Stock Database" [label="(3) SELECT ID"]
"Stock Database" -> Nginx [label="(4) Stock details, CDN image links"]
Nginx -> Customer [label="(5) Page html"]
Customer -> CDN [label="(6) GET images"]
}
Loading