539 explain subnet name (#858)

add option of providing subnet name/crn as source or destination

Author: ShiriMoran

cmd/analyzer/expected_out/acl_testing3_detailed_explain.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.10.4 to vsi2-ky within test-vpc1-ky
-Interpreted source: vsi1-ky[10.240.10.4]
-Interpreted destination: vsi2-ky[10.240.20.4]
+Interpreted source(s): vsi1-ky[10.240.10.4]
+Interpreted destination(s): vsi2-ky[10.240.20.4]
 =======================================================================
 
 Connections from vsi1-ky[10.240.10.4] to vsi2-ky[10.240.20.4]: protocol: TCP,UDP

cmd/analyzer/subcmds/explain.go

@@ -27,8 +27,8 @@ const (
 	dstMaxPortFlag = "dst-max-port"
 	detailFlag     = "detail"
 
-	srcDstUsage = "endpoint; can be specified as a VSI name/CRN or an internal/external IP-address/CIDR;\n" +
-		"VSI name can be specified as <vsi-name> or  <vpc-name>/<vsi-name>"
+	srcDstUsage = "endpoint; can be specified as a VSI/subnet name/CRN or an internal/external IP-address/CIDR;\n" +
+		"VSI/subnet name can be specified as <vsi-name/subnet-name> or as <vpc-name>/<vsi-name/subnet-name>"
 )
 
 func NewExplainCommand(args *inArgs) *cobra.Command {

docs/vpcanalyzer_explain.md

@@ -20,10 +20,10 @@ vpcanalyzer explain [flags]
 ### Options
 
 ```
-      --src string         source endpoint for explanation; can be specified as a VSI name/CRN or an internal/external IP-address/CIDR;
-                           VSI name can be specified as <vsi-name> or  <vpc-name>/<vsi-name>
-      --dst string         destination endpoint for explanation; can be specified as a VSI name/CRN or an internal/external IP-address/CIDR;
-                           VSI name can be specified as <vsi-name> or  <vpc-name>/<vsi-name>
+      --src string         source endpoint for explanation; can be specified as a VSI/subnet name/CRN or as an internal/external IP-address/CIDR;
+                           VSI/subnet name can be specified as <vsi-name/subnet-name> or as <vpc-name>/<vsi-name/subnet-name>
+      --dst string         destination endpoint for explanation; can be specified as a VSI/subnet name/CRN or as an internal/external IP-address/CIDR;
+                           VSI/subnet name can be specified as <vsi-name/subnet-name> or as <vpc-name>/<vsi-name/subnet-name>
       --protocol string    protocol for connection description
       --src-min-port int   minimum source port for connection description (default 1)
       --src-max-port int   maximum source port for connection description (default 65535)

pkg/awsvpc/examples/out/explain_out/from_external_public_subnet_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 147.235.0.0/16 to 10.240.0.96 within mixed
-Interpreted source: 147.235.0.0/16 (external)
-Interpreted destination: p3[10.240.0.96]
+Interpreted source(s): 147.235.0.0/16 (external)
+Interpreted destination(s): p3[10.240.0.96]
 =======================================================================
 
 Connections from Public Internet 147.235.0.0/16 to p3[10.240.0.96]: protocol: TCP dst-ports: 9080

pkg/awsvpc/examples/out/explain_out/ip_to_ip_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.40.217 to 10.240.20.43 within vpc0
-Interpreted source: dashboard[10.240.40.217]
-Interpreted destination: app2[10.240.20.43]
+Interpreted source(s): dashboard[10.240.40.217]
+Interpreted destination(s): app2[10.240.20.43]
 ======================================================================
 
 Connections from dashboard[10.240.40.217] to app2[10.240.20.43]: All Connections

pkg/awsvpc/examples/out/explain_out/nacl_blocking_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.2.28 to 10.240.32.122 within mixed
-Interpreted source: p2[10.240.2.28]
-Interpreted destination: q2[10.240.32.122]
+Interpreted source(s): p2[10.240.2.28]
+Interpreted destination(s): q2[10.240.32.122]
 ======================================================================
 
 No connections from p2[10.240.2.28] to q2[10.240.32.122];

pkg/awsvpc/examples/out/explain_out/same_subnet_partial_connection_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.32.122 to 10.240.32.91 within mixed
-Interpreted source: q2[10.240.32.122]
-Interpreted destination: q1[10.240.32.91]
+Interpreted source(s): q2[10.240.32.122]
+Interpreted destination(s): q1[10.240.32.91]
 =======================================================================
 
 Connections from q2[10.240.32.122] to q1[10.240.32.91]: protocol: UDP

pkg/awsvpc/examples/out/explain_out/subnet_to_subnet_all_vpcs_explain_detail.txt

@@ -0,0 +1,62 @@
+Explaining connectivity from private2 to private1 within mixed
+Interpreted source(s): r1[10.240.48.198]
+Interpreted destination(s): q2[10.240.32.122], q1[10.240.32.91]
+==============================================================
+
+Connections from r1[10.240.48.198] to q1[10.240.32.91]: No Connections
+
+Path:
+	r1[10.240.48.198] -> security group GroupId:22 -> network ACL acl1 -> subnet private2 -> 
+	subnet private1 -> network ACL acl1 -> security group GroupId:15 -> q1[10.240.32.91]
+
+
+Details:
+~~~~~~~~
+Path is disabled; The relevant rules are:
+	Egress:
+		security group GroupId:22 allows connection with the following allow rules
+			Outbound index: 0, direction: outbound, target: 0.0.0.0/0, protocol: tcp, dstPorts: 9080-9080
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: outbound, cidr: 10.240.32.0/19, protocol: all
+
+	Ingress:
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: inbound, cidr: 10.240.32.0/19, protocol: all
+		security group GroupId:15 allows connection with the following allow rules
+			Inbound index: 0, direction: inbound, target: 0.0.0.0/0, protocol: udp, dstPorts: 0-65535
+
+------------------------------------------------------------------------------------------------------------------------
+
+Connections from r1[10.240.48.198] to q2[10.240.32.122]: protocol: TCP dst-ports: 9080
+
+Path:
+	r1[10.240.48.198] -> security group GroupId:22 -> network ACL acl1 -> subnet private2 -> 
+	subnet private1 -> network ACL acl1 -> security group GroupId:9 -> q2[10.240.32.122]
+
+
+Details:
+~~~~~~~~
+Path is enabled; The relevant rules are:
+	Egress:
+		security group GroupId:22 allows connection with the following allow rules
+			Outbound index: 0, direction: outbound, target: 0.0.0.0/0, protocol: tcp, dstPorts: 9080-9080
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: outbound, cidr: 10.240.32.0/19, protocol: all
+
+	Ingress:
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: inbound, cidr: 10.240.32.0/19, protocol: all
+		security group GroupId:9 allows connection with the following allow rules
+			Inbound index: 0, direction: inbound, target: 10.240.0.0/18, protocol: all
+
+TCP response is enabled; The relevant rules are:
+	Egress:
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: outbound, cidr: 10.240.32.0/19, protocol: all
+
+	Ingress:
+		network ACL acl1 allows connection with the following allow rules
+			ruleNumber: 20, action: allow, direction: inbound, cidr: 10.240.32.0/19, protocol: all
+
+------------------------------------------------------------------------------------------------------------------------
+

pkg/awsvpc/examples/out/explain_out/to_external_blocked_only_private_subnet_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.20.245 to 161.26.0.0 within vpc0
-Interpreted source: app1[10.240.20.245]
-Interpreted destination: 161.26.0.0 (external)
+Interpreted source(s): app1[10.240.20.245]
+Interpreted destination(s): 161.26.0.0 (external)
 ====================================================================
 
 No connections from app1[10.240.20.245] to Public Internet 161.26.0.0/32;

pkg/awsvpc/examples/out/explain_out/to_external_private_subnet_all_vpcs_explain_detail.txt

@@ -1,6 +1,6 @@
 Explaining connectivity from 10.240.20.245 to 161.26.0.0 within vpc0
-Interpreted source: app1[10.240.20.245]
-Interpreted destination: 161.26.0.0 (external)
+Interpreted source(s): app1[10.240.20.245]
+Interpreted destination(s): 161.26.0.0 (external)
 ====================================================================
 
 No connections from app1[10.240.20.245] to Public Internet 161.26.0.0/32;