def pyload(): payload = request.json send_log( tenant, host, f"Received messge from tenant {payload['source_tenant']} host {payload['source']}" ) return jsonify({'host': host, 'your_message': payload['message']})
def session_authorization(): payload = request.json authorized, method = rulebase_lookup(request.json) send_log(tenant, "pep", f"Authorization request from tenant {payload['source_tenant']} host {payload['source']} to tenant {payload['destination_tenant']} host {payload['destination']} - result {authorized}") # Default to unauthorized return jsonify({'authorized': authorized, 'method': method})
def send_random_logs(arduino_monitor='localhost:8080', sleep_time=2): for i in range(10): random_value = random.uniform(0, 100) mock_data = create_log(random_value, random_value, random_value, random_value) print('Sending mock data to {}... {}'.format(arduino_monitor, (10 - i))) send_log('http://{}/logs'.format(arduino_monitor), mock_data) time.sleep(sleep_time)
def session_authorization(): payload = request.json authorized = False # Read rule base with open('rulebase.json', 'r') as f: rulebase = json.load(f) # Loop over all rules for rule in rulebase: # check rule match if match(payload, rule): authorized = True send_log( "global", "pep", f"Authorization request from tenant {payload['source_tenant']} to tenant {payload['destination_tenant']} - result {authorized}" ) # Default to unauthorized return jsonify({'authorized': authorized})
def main(source_tenant, source, destination_tenant, destination, message): send_log(source_tenant, source, "-" * 75) send_log( source_tenant, source, f"Starting transmission to tenant {destination_tenant} host {destination} with message {message}" ) headers = { "content-type": "application/json", "accept": "application/json" } host = router['tenants'][source_tenant]["pep"]['host'] port = router['tenants'][source_tenant]["pep"]['port'] payload = { "source_tenant": source_tenant, "source": source, "destination_tenant": destination_tenant, "destination": destination, "message": message } send_log(source_tenant, source, "Making session authorization request to PEP") response = requests.post(f"http://{host}:{port}/session-authorization", headers=headers, json=payload) data = response.json() if not data['authorized']: send_log( source_tenant, source, f"Not authorized to connect to tenant {destination_tenant} host {destination}" ) elif data['method'] == 'direct': send_log(source_tenant, source, "Authorized via direct connection") send_log(source_tenant, source, f"Opening session to host {destination}") host = router['tenants'][destination_tenant]["hosts"][destination][ 'host'] port = router['tenants'][destination_tenant]["hosts"][destination][ 'port'] # make direct request response = requests.post(f"http://{host}:{port}/payload", headers=headers, json=payload) if response.json().get('your_message'): send_log(source_tenant, source, f"Received successful response from host {destination}") else: send_log(source_tenant, source, f"Transmission failed!") elif data['method'] == 'route': send_log(source_tenant, source, "Authorized via external route") send_log(source_tenant, source, "Opening session to router") # make proxied request through the pep response = requests.post(f"http://{host}:{port}/proxy", headers=headers, json=payload) if response.json().get('your_message'): send_log( source_tenant, source, f"Received successful response from tenant {destination_tenant} host {destination}" ) else: send_log(source_tenant, source, f"Transmission failed!") elif data['method'] == 'nfv': send_log(source_tenant, source, "Authorized via NFV inspection") send_log(source_tenant, source, "Opening session to NFV service chain") host = router['tenants'][destination_tenant]["nfv"]['host'] port = router['tenants'][destination_tenant]["nfv"]['port'] # make proxied request through the nfv response = requests.post(f"http://{host}:{port}/nfv", headers=headers, json=payload) if response.json().get('your_message'): send_log( source_tenant, source, f"Received successful response from tenant {destination_tenant} host {destination}" ) else: send_log(source_tenant, source, f"Transmission failed!") send_log(source_tenant, source, "Transmission complete") send_log(source_tenant, source, "-" * 75)
def proxy(): payload = request.json headers = { "content-type": "application/json", "accept": "application/json" } if payload['destination_tenant'] == tenant: # inbound to the tenant, make the direct connection after rule match authorized, method = rulebase_lookup(request.json) if not authorized: return jsonify({'authorized': False}) if method == 'nfv': send_log(tenant, "router", "Authorized via NFV inspection") send_log(tenant, "router", "Opening session to NFV service chain") host = router['tenants'][payload['destination_tenant']]["nfv"]['host'] port = router['tenants'][payload['destination_tenant']]["nfv"]['port'] # make proxied request through the nfv response = requests.post( f"http://{host}:{port}/nfv", headers=headers, json=payload ) else: send_log(tenant, "router", f"Authorized, forwarding to host {payload['destination']}") host = router['tenants'][payload['destination_tenant']]["hosts"][payload['destination']]['host'] port = router['tenants'][payload['destination_tenant']]["hosts"][payload['destination']]['port'] response = requests.post( f"http://{host}:{port}/payload", headers=headers, json=payload ) return response.json() else: # outbound from the tenant, query the global pep and make the request to the other pep send_log(tenant, 'router', "Making session authorization request to global PEP") host = router['global_pep']['host'] port = router['global_pep']['port'] # query the global pep response = requests.post( f"http://{host}:{port}/session-authorization", headers=headers, json={ "source_tenant": payload['source_tenant'], "destination_tenant": payload['destination_tenant'], } ) if not response.json()['authorized']: return jsonify({'authorized': False}) send_log(tenant, "router", f"Authorized, forwarding to tenant {payload['destination_tenant']} router") # send request to other pep host = router['tenants'][payload['destination_tenant']]["pep"]['host'] port = router['tenants'][payload['destination_tenant']]["pep"]['port'] response = requests.post( f"http://{host}:{port}/proxy", headers=headers, json=payload ) return response.json()