New Property Documentation #2
Conversation
| context of the Hayha tool/files, “K” refers to its m respective CloudFormation | ||
| value, which is a reference pointer to “B”. For example, if Hayha is | ||
| configured as ‘outgoing_connection=[[“K”]]’, this would specify a connection | ||
| from resource type “A” to another resource type (“B”). This relationship can |
There was a problem hiding this comment.
This seems to imply Hayha knows which type the connection goes to, which is not the case. It will only scan for references to other resources, whatever their type, "B" or not. Maybe this would explain it better:
If Hayha is configured with outgoing_connection=[["K"]], and the infrastructure it analyzes contains a resource a of type A with property K = b, this would specify a connection from resource a to resource b.
| resource type “B” to type “A”. This relationship can send and receive. | ||
| data both ways, but only resource type “B” can initiate communication. | ||
| This Hayha property is the inverse to the ‘outgoing_connection’ property | ||
| in which, if identically configured, “A” would point to “B”. |
There was a problem hiding this comment.
sounds good, but I think you have the same confusion here, and later, between resource type and resource.
| *Still confused about what it means to “have a URL”. I thought it meant having a URL to the AWS documentation about it, but it didn’t make sense because all the resource types are in the AWS documentation. Unsure why we need this property as well* | ||
| `accessible`: | ||
| Description: This key-value property indicates the parent resource type | ||
| is publicly accessible, which means it has a URL. |
There was a problem hiding this comment.
It means that any resource of that type in the infrastructure has a public URL, meaning it can be accessed from outside the infrastructure. For instance, an API Gateway has a public address at which anyone can query the API. Then, this might call a lambda, which does not have a public URL, and thus cannot be accessed from outside the infrastructure. The accessible property is set to True if it is an entry point to the infrastructure, and false if it is only accessible from another node of the infrastructure.
| *I’m unsure about this definition and am still a little confused why we need this property.* | ||
| ‘security’: | ||
| Description: This key-value property indicates that the parent resource | ||
| type is some sort of security resource type. The parent resource type | ||
| does not necessarily need to have some protection |
There was a problem hiding this comment.
This property is currently used in the graphs, so the security resources have a red color. It's also used to set the "intrinsic security level" of the resource, meaning that whenever a query goes through it, this enforces some security level. We might want to get rid of it at some point, but we would need to change the implementation a bit.
You could say here that a security resource protects connections between resources according to its configuration and that of the nodes it protects, but there are no connection to or from them.
| ‘contained_in’: | ||
| Description: This key-value property indicates that the parent resource | ||
| is a subtype of the specified resource. | ||
|
|
||
| ‘container_of’: | ||
| Description: This key-value property indicates that the specified resource | ||
| is a subtype of the parent resource. |
There was a problem hiding this comment.
I don't like using the work "subtype" here, because again it's a confusion between a resource type and just a resource. How about instead talking about a group of resources that share some properties?
contained_in would be described as a property that indicates that the parent resource is part of a group of resources identified by the container pointed to by the key.
You also didn't document container.
Here's the new documentation. Let me know if there's anything you want me to add, delete, or expand on. I'll fix lines 30 and 145 (and any other code formatting issues) when potentially making revisions to documentation.