-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathapp1.py
More file actions
executable file
·260 lines (226 loc) · 9.91 KB
/
app1.py
File metadata and controls
executable file
·260 lines (226 loc) · 9.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
#!/usr/bin/env python
"""
DESCRIPTION:
This is an extremely simple Python application that demonstrates how to use Elbrys SDN Developer Lab (dev.elbrys.com) to
control endpoint user sessions access to the network.
This application will connect to one of the switches that you have connected in the SDN Developer Lab (sdn-developer.elbrys.com)
and demonstrate blocking and unblocking of network traffic for any device connected to the switch.
PRE-REQUISITES:
1. Python 2.x
2. Install python-requests:
a. sudo easy_install requests
3. Go to dev.elbrys.com and follow the directions there
Mail bug reports and suggestion to : support@elbrys.com
"""
import sys, os, errno
import requests
import json
import time
import argparse
from requests.auth import HTTPBasicAuth
def GetAuthToken(user, password, parser):
global odlsBaseUrl
# This calls the api to create an authorization token to make other calls
# RETURNS: authorization token
url = odlsBaseUrl + '/auth/token'
headers = {'content-type': 'application/json'}
user = "name="+user
appId = requests.get(url, headers=headers, auth=HTTPBasicAuth(user,password))
result = appId.text
status = appId.status_code
if ((status >= 200) & (status <=299)):
authToken = appId.json()
authToken = authToken['token']
else:
print " "
print "!! Error !!"
print " Unable to create authorization token. Double check that the username and password you entered."
print " See usage below:"
parser.print_help()
sys.exit()
return authToken;
def GetApps(authToken):
global odlsBaseUrl
url = odlsBaseUrl + '/applications'
headers = {'content-type': 'application/json',
'Authorization': 'bearer ' + authToken}
r = requests.get(url, headers=headers)
if ((r.status_code < 200) | (r.status_code > 299)):
print "Error getting applications list: " + r.text
sys.exit()
else:
return r
def GetAppInfo(authToken, appId):
global odlsBaseUrl
url = odlsBaseUrl + '/applications/' + appId
headers = {'content-type': 'application/json',
'Authorization': 'bearer ' + authToken}
r = requests.get(url, headers=headers)
if ((r.status_code < 200) | (r.status_code > 299)):
print "Error getting application info: " + r.text
sys.exit()
else:
return r
def RemoveZombieApps(authToken, switch):
# Removes any old applications currently connected to the target switch. Only
# one application may be connected to a switch.
apps = GetApps(authToken)
for a in apps.json():
appInfo = GetAppInfo(authToken, a['id'])
appInfo = appInfo.json()
appScope = appInfo['scope']
appVnets = appScope['vnets']
for v in appVnets:
if (v == switch):
print "Deleting a zombie application: " + a['id'] + ", " + a['name']
DeleteApp(authToken,a['id'])
break
def CreateApp(authToken, switch, parser):
global odlsBaseUrl
# This calls the api to create an application
# RETURNS: app identifier
RemoveZombieApps(authToken, switch)
url = odlsBaseUrl + '/applications'
payload = {'name': 'FirstSdnApp/App1 - Example OpenNAC App for switch: ' + switch,
'scope': {'vnets':[switch]}}
headers = {'content-type': 'application/json',
'Authorization': 'bearer ' + authToken}
appId = requests.post(url, data=json.dumps(payload), headers=headers)
result = appId.text
status = appId.status_code
if ((status >= 200) & (status <=299)):
appId = appId.json()
appId = appId['id']
else:
print " "
print "!! Error !!"
print " Unable to create application. Double check your switch identifier."
print " See usage below:"
parser.print_help()
sys.exit()
return appId;
def CreateUnblockPolicy(authToken, appId):
global odlsBaseUrl
# This calls the api to create an authenticated
# policy for the application.
# This is the policy that a new endpoint will
# be given.
# This policy will:
# - allow any packet to pass
# RETURNS: app identifier
# Now create authenticated policy using network resource
url = odlsBaseUrl + '/applications/' + appId + '/policies'
payload = {
'name': 'unblocked',
'default': True,
'rules': [
{
'actions': [
{'type': 'pass'}
]
}
]
}
headers = {'content-type': 'application/json',
'Authorization': 'bearer ' + authToken}
r = requests.post(url, data=json.dumps(payload), headers=headers)
# print "here 5" + r.status_code
status = r.status_code
if ((status >= 200) & (status <=299)):
policyId = r.json()
policyId = policyId['id']
else:
print " "
print "!! Error !!"
print " Unable to create unblock policy."
sys.exit()
return policyId;
def DeleteApp(authToken, appId):
global odlsBaseUrl
# This calls the api to delete an application
# RETURNS: app identifier
url = odlsBaseUrl + '/applications/' + appId
headers = {'content-type': 'application/json',
'Authorization': 'bearer ' + authToken}
r = requests.delete(url, headers=headers)
def GetCommandLineParser():
# This method will process the command line parameters
parser = argparse.ArgumentParser(description='Simple SDN Application to block/unblock devices connected to switch.')
parser.add_argument('--id',required=True,
help='your Application id. Go to sdn-developer.elbrys.com, logon, SDN Applications table for SDN App ID.')
parser.add_argument('--secret',required=True,
help='your Application secret. Go to sdn-developer.elbrys.com, logon, look at SDN Applications table for SDN App Secret and select the "eyeball" icon.')
parser.add_argument('--switch',required=True,
help='the Datapath Id (DPID) for the switch connected without ":" e.g. ccfa00b07b95 Go to sdn-developer.elbrys.com, logon, look in "Devices" table')
parser.add_argument('--server',required=True,
help='The IP address of controller. Go to sdn-developer.elbrys.com, logon, look at "Controller" table for IP Address.')
parser.add_argument('--port',required=True,
help='The TCP port number for REST API . Go to sdn-developer.elbrys.com, logon, look at "Controller" table for REST API Port.')
return parser
def main():
global odlsBaseUrl
# The version of the application
# 1.0 - initial version
# 1.1 - added code to remove apps for selected vnet before creating new app
version="1.1"
print "App1 (FirstSdnApp)"
print "Version: " + version
print "A very simple 'hello world' application that uses SDN Developer Lab."
print __doc__
# --------------------------------
# Command Line Processing
parser=GetCommandLineParser()
args = parser.parse_args()
odlsBaseUrl = "http://"+args.server+":"+args.port+"/ape/v1"
print "REST API is at: " + odlsBaseUrl
# --------------------------------
# Main application
print " "
print "Obtaining authorization token..."
authToken = GetAuthToken(args.id,args.secret,parser)
if (authToken):
print "...authorization token obtained:" + authToken
print " "
print 'Creating application...'
appId = CreateApp(authToken, args.switch,parser)
if (appId):
try:
print "...application created with id:" + appId
print " "
print "Now that an application is connected to your "
print " switch any traffic to/from connected user devices will be blocked until a policy is defined."
print " Also, you can go to sdn-developer.elbrys.com and refresh the screen "
print " you will see this application listed in the applications table."
print " "
print "Connect a user device (laptop, tablet, phone) to a port on your network device."
print " "
raw_input("Press Enter when you have connected a user device.")
print " "
print "From your user device prove to yourself you do NOT have connectivity. Ping something."
print " "
raw_input("Press Enter when you have proven your user device is blocked.")
print " "
print "Creating unblock policy as default for any device detected..."
unblockPolicyId = CreateUnblockPolicy(authToken, appId)
print "...unblock policy created with id:" + unblockPolicyId
print " "
print "From your user device prove to yourself you now DO have connectivity. Try to ping something."
print " "
raw_input("Press Enter to end this application.")
except Exception as inst:
print " Exception detected..."
print type(inst) # the exception instance
print inst.args # arguments stored in .args
print inst # __str__ allows args to be printed directly
finally:
print "Deleting application..."
DeleteApp(authToken, appId)
print "...application deleted."
print ""
print "Now that the application is deleted you will continue to have connectivity."
print "If you go to your sdn-developer.elbrys.com and refresh the screen you will "
print " no longer see this application listed."
# The BASE url where the RESTful api listens
odlsBaseUrl = "http://placeholder.for.rest.api.com";
if __name__ == "__main__":
main()