def pyload():
payload = request.json
send_log(
tenant, host,
f"Received messge from tenant {payload['source_tenant']} host {payload['source']}"
)
return jsonify({'host': host, 'your_message': payload['message']})
def session_authorization():
payload = request.json
authorized, method = rulebase_lookup(request.json)
send_log(tenant, "pep", f"Authorization request from tenant {payload['source_tenant']} host {payload['source']} to tenant {payload['destination_tenant']} host {payload['destination']} - result {authorized}")
# Default to unauthorized
return jsonify({'authorized': authorized, 'method': method})
def send_random_logs(arduino_monitor='localhost:8080', sleep_time=2):
for i in range(10):
random_value = random.uniform(0, 100)
mock_data = create_log(random_value, random_value, random_value,
random_value)
print('Sending mock data to {}... {}'.format(arduino_monitor,
(10 - i)))
send_log('http://{}/logs'.format(arduino_monitor), mock_data)
time.sleep(sleep_time)
def session_authorization():
payload = request.json
authorized = False
# Read rule base
with open('rulebase.json', 'r') as f:
rulebase = json.load(f)
# Loop over all rules
for rule in rulebase:
# check rule match
if match(payload, rule):
authorized = True
send_log(
"global", "pep",
f"Authorization request from tenant {payload['source_tenant']} to tenant {payload['destination_tenant']} - result {authorized}"
)
# Default to unauthorized
return jsonify({'authorized': authorized})
def main(source_tenant, source, destination_tenant, destination, message):
send_log(source_tenant, source, "-" * 75)
send_log(
source_tenant, source,
f"Starting transmission to tenant {destination_tenant} host {destination} with message {message}"
)
headers = {
"content-type": "application/json",
"accept": "application/json"
}
host = router['tenants'][source_tenant]["pep"]['host']
port = router['tenants'][source_tenant]["pep"]['port']
payload = {
"source_tenant": source_tenant,
"source": source,
"destination_tenant": destination_tenant,
"destination": destination,
"message": message
}
send_log(source_tenant, source,
"Making session authorization request to PEP")
response = requests.post(f"http://{host}:{port}/session-authorization",
headers=headers,
json=payload)
data = response.json()
if not data['authorized']:
send_log(
source_tenant, source,
f"Not authorized to connect to tenant {destination_tenant} host {destination}"
)
elif data['method'] == 'direct':
send_log(source_tenant, source, "Authorized via direct connection")
send_log(source_tenant, source,
f"Opening session to host {destination}")
host = router['tenants'][destination_tenant]["hosts"][destination][
'host']
port = router['tenants'][destination_tenant]["hosts"][destination][
'port']
# make direct request
response = requests.post(f"http://{host}:{port}/payload",
headers=headers,
json=payload)
if response.json().get('your_message'):
send_log(source_tenant, source,
f"Received successful response from host {destination}")
else:
send_log(source_tenant, source, f"Transmission failed!")
elif data['method'] == 'route':
send_log(source_tenant, source, "Authorized via external route")
send_log(source_tenant, source, "Opening session to router")
# make proxied request through the pep
response = requests.post(f"http://{host}:{port}/proxy",
headers=headers,
json=payload)
if response.json().get('your_message'):
send_log(
source_tenant, source,
f"Received successful response from tenant {destination_tenant} host {destination}"
)
else:
send_log(source_tenant, source, f"Transmission failed!")
elif data['method'] == 'nfv':
send_log(source_tenant, source, "Authorized via NFV inspection")
send_log(source_tenant, source, "Opening session to NFV service chain")
host = router['tenants'][destination_tenant]["nfv"]['host']
port = router['tenants'][destination_tenant]["nfv"]['port']
# make proxied request through the nfv
response = requests.post(f"http://{host}:{port}/nfv",
headers=headers,
json=payload)
if response.json().get('your_message'):
send_log(
source_tenant, source,
f"Received successful response from tenant {destination_tenant} host {destination}"
)
else:
send_log(source_tenant, source, f"Transmission failed!")
send_log(source_tenant, source, "Transmission complete")
send_log(source_tenant, source, "-" * 75)
def proxy():
payload = request.json
headers = {
"content-type": "application/json",
"accept": "application/json"
}
if payload['destination_tenant'] == tenant:
# inbound to the tenant, make the direct connection after rule match
authorized, method = rulebase_lookup(request.json)
if not authorized:
return jsonify({'authorized': False})
if method == 'nfv':
send_log(tenant, "router", "Authorized via NFV inspection")
send_log(tenant, "router", "Opening session to NFV service chain")
host = router['tenants'][payload['destination_tenant']]["nfv"]['host']
port = router['tenants'][payload['destination_tenant']]["nfv"]['port']
# make proxied request through the nfv
response = requests.post(
f"http://{host}:{port}/nfv",
headers=headers,
json=payload
)
else:
send_log(tenant, "router", f"Authorized, forwarding to host {payload['destination']}")
host = router['tenants'][payload['destination_tenant']]["hosts"][payload['destination']]['host']
port = router['tenants'][payload['destination_tenant']]["hosts"][payload['destination']]['port']
response = requests.post(
f"http://{host}:{port}/payload",
headers=headers,
json=payload
)
return response.json()
else:
# outbound from the tenant, query the global pep and make the request to the other pep
send_log(tenant, 'router', "Making session authorization request to global PEP")
host = router['global_pep']['host']
port = router['global_pep']['port']
# query the global pep
response = requests.post(
f"http://{host}:{port}/session-authorization",
headers=headers,
json={
"source_tenant": payload['source_tenant'],
"destination_tenant": payload['destination_tenant'],
}
)
if not response.json()['authorized']:
return jsonify({'authorized': False})
send_log(tenant, "router", f"Authorized, forwarding to tenant {payload['destination_tenant']} router")
# send request to other pep
host = router['tenants'][payload['destination_tenant']]["pep"]['host']
port = router['tenants'][payload['destination_tenant']]["pep"]['port']
response = requests.post(
f"http://{host}:{port}/proxy",
headers=headers,
json=payload
)
return response.json()