Skip to content

olxbr/network-api

12 Branches3 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

pedrokieferpedrokiefer
refactor: use netip data structures
Sep 12, 2023
59979f6 · Sep 12, 2023

History

88 Commits
.github
.github
Sep 12, 2023
api
api
Jun 21, 2022
cmd
cmd
Sep 12, 2023
deployment
deployment
Sep 11, 2023
pkg
pkg
Sep 12, 2023
.gitignore
.gitignore
Aug 12, 2022
.goreleaser.yaml
.goreleaser.yaml
Aug 12, 2022
Dockerfile
Dockerfile
Jun 3, 2022
LICENSE
LICENSE
Jun 3, 2022
Makefile
Makefile
Sep 12, 2023
README.md
README.md
Jul 20, 2022
docker-compose.yml
docker-compose.yml
Jul 11, 2022
go.mod
go.mod
Sep 12, 2023
go.sum
go.sum
Sep 12, 2023

Repository files navigation

Network API

Actions Status

A multi cloud network API that let you automate the management of multiple VPCs in diferent cloud providers.

It works as a serverless application running primarily on AWS, using AWS SAM for orchestrating the deployment and DynamoDB for storing network metadata. Providers are pluggable by using a webhook, currently only aws-provider is available.

Subnets Layout

The API generates subnets for any given size of network, from /16 down to /24, using the following layout, example given using a 10.0.0.0/20 network.

subnet ranges type
10.0.0.0/22 10.0.0.0/23 private
10.0.2.0/24 public
10.0.3.0/28 tgw
10.0.4.0/22 10.0.4.0/23 private
10.0.6.0/24 public
10.0.7.0/28 tgw
10.0.8.0/22 10.0.8.0/23 private
10.0.10.0/24 public
10.0.11.0/28 tgw
10.0.12.0/22 spare

Providers

Providers webhook receive the following payload when called:

const (
	CreateNetwork EventType = "create_network"
	CheckNework   EventType = "check_network"
	DeleteNetwork EventType = "delete_network"
	QueryNetwork  EventType = "query_network"
)

type ProviderWebhook struct {
	Event       EventType `json:"event"`
	NetworkID   string    `json:"networkID" validate:"required"`
	Account     string    `json:"account" validate:"required"`
	Region      string    `json:"region" validate:"required"`
	Environment string    `json:"environment" validate:"required"`
	CIDR        string    `json:"cidr" validate:"required_if=Event create_network,omitempty,cidr"`
	Subnets     []*Subnet `json:"subnets,omitempty" validate:"required_if=Event create_network,omitempty"`
}

AWS

AWS Provider uses a cloudformation template for creating new VPCs, which is stored in a bucket. The lambda has a default role that allows it to assume roles in multiple accounts, for this to work you have to deploy a stackset on your master account using aws_provider_trust_role.yaml.

For security it uses a KMS key to validate the used token, to create a token use aws-provider-token command.

The cloudformation template has the following parameters:

Parameter Description
VPCName The name of the VPC being created.
Environment The VPC environment. Values: prod or qa
VPCCidr The CIDR of the VPC being created. Example: 10.0.0.0/16
PublicSubnet0Cidr The CIDR of the public subnet being created. Example: 10.0.0.0/16
PublicSubnet1Cidr
PublicSubnet2Cidr
PrivateSubnet0Cidr The CIDR of the private subnet being created. Example: 10.0.0.0/16
PrivateSubnet1Cidr
PrivateSubnet2Cidr
TGWSubnet0Cidr The CIDR of the TGW Attachment subnet being created. Example: 10.0.0.0/16
TGWSubnet1Cidr
TGWSubnet2Cidr

Running local

GOARCH=amd64 GOOS=linux go build -o deployment/network-api ./cmd/network-api
sam local start-api --template-file deployment/sam_network_api.yaml

# or:
make run

Deploy API

Fill parameters.json:

[
    {
        "ParameterKey": "VpcId",
        "ParameterValue": ""
    },
    {
        "ParameterKey": "SubnetIds",
        "ParameterValue": ""
    },
    {
        "ParameterKey": "OIDCAudience",
        "ParameterValue": ""
    },
    {
        "ParameterKey": "OIDCIssuer",
        "ParameterValue": ""
    },
    {
        "ParameterKey": "OIDCScopes",
        "ParameterValue": ""
    },
    {
        "ParameterKey": "OIDCJwksURL",
        "ParameterValue": ""
    }
]

Then:

make package
make deploy

Deploy AWS Provider

make package_provider
make deploy_provider

Configuring

export ENDPOINT="..."

# Pools
curl -H "Content-Type: application/json" -d '{"region":"us-east-1","name":"main-aws","subnetIP":"10.0.0.0","subnetMaxIP":"10.240.255.255"}' -v $ENDPOINT/api/v1/pools
curl -H "Content-Type: application/json" -d '{"region":"sa-east-1","name":"southamerica-aws","subnetIP":"10.240.0.0","subnetMask":16}' -v $ENDPOINT/api/v1/pools

# Providers
curl -H "Content-Type: application/json" -d '{"name":"aws","webhookURL":"https://something.localhost","apiToken":"1234token"}' -v $ENDPOINT/api/v1/providers

# Networks
curl -H "Content-Type: application/json" -d '{"region":"us-east-1","subnetSize":16,"account":"123","provider":"aws","environment":"prod","attachTGW":true,"privateSubnet":true,"publicSubnet":true}' -v $ENDPOINT/api/v1/networks

Network-CLI

There's a CLI tool to easily call network-api actions and help you automate some jobs.

Install:

go install ./cmd/network-cli

# or:
make install_cli

If you don't have Go installed, you can download a binary in releases

Some examples:

Configure CLI

network-cli config \
  --endpoint <api-endpoint> \
  --oidc-client-id <client-id> \
  --oidc-issuer <issuer-url> \
  --oidc-scopes "<scope01>,<scope02>"

Network

# list
network-cli network list

# add
network-cli network add --account <account_id> --provider aws --subnet-size 16 \
    --region us-east-1 --environment prod --private

# info
network-cli network info <network_id>

Pool

# list
network-cli pool list

# add
network-cli pool add my-pool --region us-east-1 --subnet-ip 10.2.0.0 --subnet-mask 16

Show available commands:

network-cli --help

About

Serverless Network API

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Aug 12, 2022

Packages

No packages published

Contributors 4

Languages