import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.Collection;
import org.apache.karaf.shell.api.action.Action;
+import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.opendaylight.aaa.api.IIDMStore;
import org.opendaylight.aaa.api.model.User;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@SuppressFBWarnings("ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD")
@SuppressWarnings("checkstyle:RegexpSingleLineJava")
public abstract class AaaCliAbstractCommand implements Action {
+ public static final String LOGIN_FAILED_MESS = "User does not exist OR user name and passsword are not correct";
- private static volatile String authUser = null;
+ @Option(name = "-aaaAdmin",
+ description = "AAA admin username",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String userName;
+
+ @Option(name = "-aaaAdminPass",
+ description = "AAA Admin password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String passwd;
@Reference protected IIDMStore identityStore;
@Reference private PasswordHashService passwordService;
@Override
public Object execute() throws Exception {
- final User currentUser = SessionsManager.getInstance().getCurrentUser(authUser);
- if (currentUser == null) {
- final String userName = CliUtils.readPassword("Enter Username:");
- final String passwd = CliUtils.readPassword("Enter Password:");
- final User usr = DataStoreUtils.isAdminUser(identityStore, passwordService, userName, passwd);
- if (usr != null) {
- authUser = userName;
- SessionsManager.getInstance().addUserSession(userName, usr);
- }
- return usr;
- }
- return currentUser;
+ final User usr = DataStoreUtils.isAdminUser(identityStore, passwordService, userName, passwd);
+ return usr;
}
protected void list(String name, Collection<?> items) {
+++ /dev/null
-/*
- * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-package org.opendaylight.aaa.cli;
-
-import net.sf.ehcache.Cache;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Element;
-import net.sf.ehcache.config.CacheConfiguration;
-import net.sf.ehcache.config.Configuration;
-import net.sf.ehcache.config.ConfigurationFactory;
-import org.eclipse.jdt.annotation.Nullable;
-import org.opendaylight.aaa.api.model.User;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The SessionsManager class will keep the admin user credential vaild at the
- * cache for certain time instead of required the admin user to enter the
- * username and pwd with each aaa-cli command.
- *
- * @author mserngawy
- *
- */
-public final class SessionsManager implements AutoCloseable {
-
- private static final Logger LOG = LoggerFactory.getLogger(SessionsManager.class);
-
- private static SessionsManager sessionMgr = new SessionsManager();
- private final Cache authUsers;
- private static final int MAX_CACHED_USERS_IN_MEMORY = 1;
- private static final int MAX_CACHED_USERS_ON_DISK = 1;
- private static final long SECONDS_TO_LIVE = 120;
- private static final long SECONDS_TO_IDLE = 60;
- private static final String CLI_CACHE_MANAGER = "org.opendaylight.aaa.cli";
- private static final String CLI_CACHE = "users";
-
- private SessionsManager() {
- // When we restart, the cache manager and CLI cache are already there
- CacheManager cm = CacheManager.getCacheManager(CLI_CACHE_MANAGER);
- if (cm == null) {
- Configuration configuration = ConfigurationFactory.parseConfiguration();
- configuration.setName(CLI_CACHE_MANAGER);
- cm = CacheManager.newInstance();
- }
- Cache existingCache = cm.getCache(CLI_CACHE);
- if (existingCache != null) {
- authUsers = existingCache;
- } else {
- authUsers = new Cache(new CacheConfiguration(CLI_CACHE, MAX_CACHED_USERS_IN_MEMORY)
- .maxEntriesLocalDisk(MAX_CACHED_USERS_ON_DISK).timeToLiveSeconds(SECONDS_TO_LIVE)
- .timeToIdleSeconds(SECONDS_TO_IDLE));
- cm.addCache(authUsers);
- }
- LOG.info("Initialized cli authorized users cache manager");
- }
-
- public static SessionsManager getInstance() {
- return sessionMgr;
- }
-
- @Override
- public void close() {
- LOG.info("Shutting down cli authorized users cache manager");
- CacheManager.getInstance().shutdown();
- }
-
- public void addUserSession(final String userName, final User usr) {
- authUsers.put(new Element(userName, usr));
- }
-
- /**
- * Attempt to find the {@link User} associated with the given user name in the cache.
- *
- * @param userName The string to use for cache lookup
- * @return The {@link User} associated with the given user name, if not cached return null.
- */
- public @Nullable User getCurrentUser(final String userName) {
- Element elem = authUsers.get(userName);
- if (elem != null) {
- return (User) elem.getObjectValue();
- }
- return null;
- }
-}
import org.apache.karaf.shell.api.action.Action;
import org.apache.karaf.shell.api.action.Command;
+import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cert.api.ICertificateManager;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* GenerateCertReq from the ODL key store to be signed by the Certificate
public class GenerateCertReq implements Action {
@Reference private ICertificateManager certProvider;
+ @Option(name = "-keyStorePass",
+ description = "Keystore Password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String pwd;
@Override
public Object execute() throws Exception {
- final String pwd = CliUtils.readPassword("Enter Keystore Password:");
return certProvider.genODLKeyStoreCertificateReq(pwd, true);
}
}
import org.apache.karaf.shell.api.action.Action;
import org.apache.karaf.shell.api.action.Command;
+import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cert.api.ICertificateManager;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* GetODLSelfSignCert get the ODL key store self sign certificate.
public class GetODLSelfSignCert implements Action {
@Reference private ICertificateManager certProvider;
+ @Option(name = "-keyStorePass",
+ description = "Keystore Password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String pwd;
@Override
public Object execute() throws Exception {
- final String pwd = CliUtils.readPassword("Enter Keystore Password:");
return certProvider.getODLKeyStoreCertificate(pwd, true);
}
}
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cert.api.ICertificateManager;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* GetTrustStoreCert get a certain certificate stored in the trust key store
@Reference private ICertificateManager certProvider;
- @Option(name = "-alias", aliases = {"--alias" },
+ @Option(name = "-alias",
+ aliases = {"--alias" },
description = "The alias.\n-alias / --should be the node certificate alias",
- required = true, multiValued = false)
+ required = true,
+ multiValued = false)
private String alias;
+ @Option(name = "-keyStorePass",
+ description = "Keystore Password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String pwd;
+
@Override
public Object execute() throws Exception {
- final String pwd = CliUtils.readPassword("Enter Keystore Password:");
return certProvider.getCertificateTrustStore(pwd, alias, true);
}
}
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.api.model.Domain;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* Adds a domain.
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
Domain domain = new Domain();
domain.setDescription(domainDesc);
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.api.model.Grant;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String domainId = DataStoreUtils.getDomainId(identityStore, domainName);
if (domainId == null) {
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.api.model.Role;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
Role role = new Role();
role.setDescription(roleDesc);
import org.opendaylight.aaa.api.model.Grant;
import org.opendaylight.aaa.api.model.User;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
multiValued = false)
private String userName;
+ @Option(name = "-pass",
+ description = "Password for new User",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String passWord;
+
@Option(name = "-dname",
aliases = { "--domainName" },
description = "The domain name",
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String domainId = DataStoreUtils.getDomainId(identityStore, domainName);
if (domainId == null) {
usr.setDomainid(domainId);
usr.setEnabled(true);
usr.setEmail(userEmail);
- final String pwd = CliUtils.readPassword("Enter new user password: ");
- if (pwd == null || pwd.isEmpty() || pwd.length() < 6) {
+ if (passWord.isEmpty() || passWord.length() < 6) {
return "Password should be at least 6 characters";
}
- usr.setPassword(pwd);
+ usr.setPassword(passWord);
usr.setName(userName);
usr = identityStore.writeUser(usr);
if (usr != null) {
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
-import org.opendaylight.aaa.api.ClaimCache;
import org.opendaylight.aaa.api.IIDMStore;
import org.opendaylight.aaa.api.model.User;
import org.opendaylight.aaa.api.model.Users;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* ChangeUserPassword change the user password.
@Command(name = "change-user-pwd", scope = "aaa", description = "Change the user password.")
public class ChangeUserPassword implements Action {
+ public static final String CHANGE_PASSWORD_FAIL = "Wrong username or current password";
@Reference private IIDMStore identityStore;
- @Reference private ClaimCache claimCache;
@Option(name = "-user", aliases = {
"--userName" }, description = "The user name", required = true, multiValued = false)
private String userName;
+ @Option(name = "-pass",
+ description = "User's Current Password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String currentPwd;
+
+ @Option(name = "-newPass",
+ description = "New Password",
+ required = true,
+ censor = true,
+ multiValued = false)
+ private String newPwd;
+
@Reference private PasswordHashService passwordService;
@Override
if (identityStore == null) {
return "Failed to access the users data store";
}
- final String currentPwd = CliUtils.readPassword("Enter current password:");
- final String newPwd = CliUtils.readPassword("Enter new password:");
final Users users = identityStore.getUsers();
for (User usr : users.getUsers()) {
if (usr.getName().equals(userName)
&& passwordService.passwordsMatch(currentPwd, usr.getPassword(), usr.getSalt())) {
- claimCache.clear();
usr.setPassword(newPwd);
identityStore.updateUser(usr);
return userName + "'s password has been changed";
}
}
- return CliUtils.LOGIN_FAILED_MESS;
+ return CHANGE_PASSWORD_FAIL;
}
}
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* ListODLDomains list the available domains at ODL aaa data store.
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
list("Domains: ", identityStore.getDomains().getDomains());
return null;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* ListODLDomains list the available roles at ODL aaa data store.
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
list("Roles: ", identityStore.getRoles().getRoles());
return null;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
/**
* ListODLDomains list the available users at ODL aaa data store.
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
list("Users: ", identityStore.getUsers().getUsers());
return null;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Option;
-import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
-import org.opendaylight.aaa.api.ClaimCache;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Command(name = "remove-domain", scope = "aaa", description = "Remove domain.")
public class RemoveDomain extends AaaCliAbstractCommand {
- @Reference private ClaimCache claimCache;
@Option(name = "-name", aliases = {
"--domainName" }, description = "The domain name", required = true, multiValued = false)
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String domainId = DataStoreUtils.getDomainId(identityStore, domainName);
if (domainId == null) {
if (identityStore.deleteDomain(domainId) == null) {
return "Failed to delete domain " + domainName;
}
- claimCache.clear();
return "Domain " + domainName + "has been deleted.";
}
}
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Option;
-import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
-import org.opendaylight.aaa.api.ClaimCache;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Command(name = "remove-grant", scope = "aaa", description = "Remove grant.")
public class RemoveGrant extends AaaCliAbstractCommand {
- @Reference private ClaimCache claimCache;
@Option(name = "-uname", aliases = {
"--userName" }, description = "The user name", required = true, multiValued = false)
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String grantid = DataStoreUtils.getGrantId(identityStore, domainName, roleName, userName);
if (grantid == null) {
if (identityStore.deleteGrant(grantid) == null) {
return "Failed to delete grant " + userName + " " + roleName + " " + domainName;
}
- claimCache.clear();
return "Grant has been deleted.";
}
}
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Option;
-import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
-import org.opendaylight.aaa.api.ClaimCache;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Command(name = "remove-role", scope = "aaa", description = "Remove role.")
public class RemoveRole extends AaaCliAbstractCommand {
- @Reference private ClaimCache claimCache;
@Option(name = "-name", aliases = {
"--roleName" }, description = "The role name", required = true, multiValued = false)
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String roleId = DataStoreUtils.getRoleId(identityStore, roleName);
if (roleId == null) {
if (identityStore.deleteRole(roleId) == null) {
return "Failed to delete role " + roleName;
}
- claimCache.clear();
return "Role " + roleName + "has been deleted.";
}
}
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Option;
-import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
-import org.opendaylight.aaa.api.ClaimCache;
import org.opendaylight.aaa.cli.AaaCliAbstractCommand;
-import org.opendaylight.aaa.cli.utils.CliUtils;
import org.opendaylight.aaa.cli.utils.DataStoreUtils;
/**
@Command(name = "remove-user", scope = "aaa", description = "Remove user.")
public class RemoveUser extends AaaCliAbstractCommand {
- @Reference private ClaimCache claimCache;
@Option(name = "-name", aliases = {
"--userName" }, description = "The user name", required = true, multiValued = false)
@Override
public Object execute() throws Exception {
if (super.execute() == null) {
- return CliUtils.LOGIN_FAILED_MESS;
+ return LOGIN_FAILED_MESS;
}
final String usrId = DataStoreUtils.getUserId(identityStore, userName);
if (usrId == null) {
if (identityStore.deleteUser(usrId) == null) {
return "Failed to delete user " + userName;
}
- claimCache.clear();
return "User " + userName + "has been deleted.";
}
}
+++ /dev/null
-/*
- * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-package org.opendaylight.aaa.cli.utils;
-
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
-
-/**
- * CliUtils has helper methods for CLI bundle.
- *
- * @author mserngawy
- *
- */
-@SuppressWarnings("checkstyle:RegexpSingleLineJava")
-public final class CliUtils {
-
- public static final String LOGIN_FAILED_MESS = "User does not exist OR user name and passsword are not correct";
-
- private CliUtils() {
-
- }
-
- /**
- * Retrieve the password from the user.
- *
- * @param pwdPrintStr
- * label for enter password
- * @return the new written password
- * @throws Exception
- * exception reading the password
- */
- public static String readPassword(final String pwdPrintStr) throws Exception {
- System.out.println(pwdPrintStr);
- try (BufferedReader bReader = new BufferedReader(new InputStreamReader(System.in, StandardCharsets.UTF_8))) {
- return bReader.readLine();
- }
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2016, 2017 Inocybe Technologies. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.cli.test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import org.junit.Test;
-import org.opendaylight.aaa.api.model.User;
-import org.opendaylight.aaa.cli.SessionsManager;
-
-/**
- * Test for Session Manager.
- *
- * @author mserngawy
- *
- */
-public class SessionsManagerTest {
-
- @Test
- public void testSessionManager() {
- SessionsManager sessionMngr = SessionsManager.getInstance();
- assertNotNull(sessionMngr);
- final String usrName = "foo";
- final User usr = new User();
- usr.setName(usrName);
- usr.setDomainid("fooDomain");
- usr.setPassword("fooPwd");
- sessionMngr.addUserSession(usrName, usr);
- final User authUsr = sessionMngr.getCurrentUser(usrName);
- assertNotNull(authUsr);
- assertEquals(usr, authUsr);
- }
-}