AAA-198 Provide Index for Policies

author gvrangan <vgovindarajan@luminanetworks.com>

Sat, 23 May 2020 19:59:29 +0000 (01:29 +0530)

committer gvrangan <vgovindarajan@luminanetworks.com>

Tue, 26 May 2020 05:30:27 +0000 (11:00 +0530)
author gvrangan <vgovindarajan@luminanetworks.com>
Sat, 23 May 2020 19:59:29 +0000 (01:29 +0530)
committer gvrangan <vgovindarajan@luminanetworks.com>
Tue, 26 May 2020 05:30:27 +0000 (11:00 +0530)
diff --git a/aaa-shiro/api/src/main/yang/aaa.yang b/aaa-shiro/api/src/main/yang/aaa.yang

index 04b74dc7670d07a5e2914ed230245f8cff968314..659b03d135d57633d1b3f8cbe559e159ad5fdca6 100644 (file)
--- a/aaa-shiro/api/src/main/yang/aaa.yang
+++ b/aaa-shiro/api/src/main/yang/aaa.yang
@@ -136,6 +136,10 @@ module aaa {
              type string;
              default "*";
          }
+        leaf index {
+            type uint32;
+            mandatory true;
+        }
          list permissions {
              leaf-list actions {
                  type enumeration {
@@ -161,6 +165,7 @@ module aaa {
          container policies {
              list policies {
                  key "resource";
+                unique "index";
                  uses http-permission;
                  ordered-by user;
              }
diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java

index 9b4e9653bd0fb19a0317400e23777b660f7bb679..d681bb6cca3bcb7329058505cf4fbc292c76547e 100644 (file)
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java
@@ -14,6 +14,7 @@ import com.google.common.collect.Iterables;
  import com.google.common.util.concurrent.Futures;
  import com.google.common.util.concurrent.ListenableFuture;
  import java.util.Collection;
+import java.util.Comparator;
  import java.util.List;
  import java.util.Optional;
  import java.util.concurrent.ExecutionException;
@@ -126,6 +127,11 @@ public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter
              return true;
          }
  
+        // Sort the Policies list based on index
+        policiesList.sort(Comparator.comparing(org.opendaylight.yang.gen.v1.urn
+                          .opendaylight.params.xml.ns.yang.aaa.rev161214.http
+                          .authorization.policies.Policies::getIndex));
+
          for (org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
                  .policies.Policies policy : policiesList) {
              final String resource = policy.getResource();
diff --git a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java

index 278e558c3d2238662226b10314dff178a0ac37f1..0573f15a672788f48a7a15ae033e2c59d5b07edd 100644 (file)
--- a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java
+++ b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java
@@ -35,6 +35,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev1
  import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.Policies;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission.Permissions;
  import org.opendaylight.yangtools.yang.binding.DataObject;
+import org.opendaylight.yangtools.yang.common.Uint32;
  
  /**
   * Tests the Dynamic Authorization Filter.
@@ -239,6 +240,7 @@ public class MDSALDynamicAuthorizationFilterTest {
                  org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
                          .policies.Policies.class);
          when(innerPolicies.getResource()).thenReturn(resource);
+        when(innerPolicies.getIndex()).thenReturn(Uint32.valueOf(5));
          when(innerPolicies.getDescription()).thenReturn(description);
          when(innerPolicies.getPermissions()).thenReturn(permissionsList);
          final org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
@@ -247,6 +249,7 @@ public class MDSALDynamicAuthorizationFilterTest {
                  org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization
                          .policies.Policies.class);
          when(innerPolicies2.getResource()).thenReturn(resource2);
+        when(innerPolicies2.getIndex()).thenReturn(Uint32.valueOf(10));
          final Permissions permissions2 = mock(Permissions.class);
          when(permissions2.getRole()).thenReturn("dog");
          when(permissions2.getActions()).thenReturn(actionsList);
@@ -294,6 +297,9 @@ public class MDSALDynamicAuthorizationFilterTest {
          // because the Subject making the request is not granted the "dog" role.
          policiesList = Lists.newArrayList(innerPolicies2, innerPolicies);
          when(policies.getPolicies()).thenReturn(policiesList);
+        // Modify Index to ensure the innerPolicies2 actually gets
+        // used instead of innerPolicies
+        when(innerPolicies2.getIndex()).thenReturn(Uint32.valueOf(4));
          when(request.getRequestURI()).thenReturn("/abc");
          assertTrue(filter.isAccessAllowed(request, null, null));
          when(request.getRequestURI()).thenReturn("/specialendpoint");
author	gvrangan <vgovindarajan@luminanetworks.com>
	Sat, 23 May 2020 19:59:29 +0000 (01:29 +0530)
committer	gvrangan <vgovindarajan@luminanetworks.com>
	Tue, 26 May 2020 05:30:27 +0000 (11:00 +0530)
aaa-shiro/api/src/main/yang/aaa.yang		patch \| blob \| history
aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilter.java		patch \| blob \| history
aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/realm/MDSALDynamicAuthorizationFilterTest.java		patch \| blob \| history