import static java.util.Objects.requireNonNull;
import com.google.common.annotations.VisibleForTesting;
-import com.google.common.collect.Iterables;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.MoreExecutors;
import java.security.SecureRandom;
import java.util.Base64;
-import java.util.Collection;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import org.apache.commons.lang3.RandomStringUtils;
import org.checkerframework.checker.lock.qual.Holding;
import org.eclipse.jdt.annotation.NonNull;
import org.eclipse.jdt.annotation.Nullable;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.common.api.CommitInfo;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.odlparent.logging.markers.Markers;
* <p>
* We primarily listen to the configuration being present. Whenever the salt is missing or the password does not match
* the required length, we generate them and persist them. This mode of operation means we potentially have a loop, i.e.
- * our touching the datastore will trigger again {@link #onDataTreeChanged(Collection)}, which will re-evaluate the
- * conditions and we try again.
+ * our touching the datastore will trigger again {@link #dataChangedTo(AaaEncryptServiceConfig)}, which will re-evaluate
+ * the conditions and we try again.
*/
@Component(service = { })
-public final class OSGiEncryptionServiceConfigurator
- implements ClusteredDataTreeChangeListener<AaaEncryptServiceConfig> {
+public final class OSGiEncryptionServiceConfigurator implements DataListener<AaaEncryptServiceConfig> {
private static final Logger LOG = LoggerFactory.getLogger(OSGiEncryptionServiceConfigurator.class);
private static final SecureRandom RANDOM = new SecureRandom();
private static final @NonNull AaaEncryptServiceConfig DEFAULT_CONFIG = new AaaEncryptServiceConfigBuilder()
final ComponentFactory<AAAEncryptionServiceImpl> factory) {
this.dataBroker = requireNonNull(dataBroker);
this.factory = requireNonNull(factory);
- reg = dataBroker.registerDataTreeChangeListener(
+ reg = dataBroker.registerDataListener(
DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION,
InstanceIdentifier.create(AaaEncryptServiceConfig.class)),
this);
}
@Override
- public void onDataTreeChanged(final Collection<DataTreeModification<AaaEncryptServiceConfig>> changes) {
+ public void dataChangedTo(final AaaEncryptServiceConfig data) {
// Acquire the last reported configuration and check if it needs to have salt/password generated.
- final var dsConfig = Iterables.getLast(changes).getRootNode().getDataAfter();
- if (dsConfig == null || needKey(dsConfig) || needSalt(dsConfig)) {
+ if (data == null || needKey(data) || needSalt(data)) {
// Generate salt/key as needed and persist it -- causing us to be re-invoked later.
- updateDatastore(dsConfig);
+ updateDatastore(data);
} else {
// Configuration is self-consistent, proceed to activate an instance based on it
- updateInstance(dsConfig);
+ updateInstance(data);
}
}
- @Override
- public void onInitialData() {
- updateDatastore(null);
- }
-
@VisibleForTesting
static @NonNull AaaEncryptServiceConfig generateConfig(final @Nullable AaaEncryptServiceConfig datastoreConfig) {
// Select template and decide which parts need to be updated
import java.util.Base64;
import java.util.Dictionary;
-import java.util.List;
import java.util.Optional;
import org.eclipse.jdt.annotation.NonNull;
import org.junit.Before;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.mdsal.binding.api.DataObjectModification;
-import org.opendaylight.mdsal.binding.api.DataTreeChangeListener;
+import org.opendaylight.mdsal.binding.api.DataListener;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.binding.api.ReadWriteTransaction;
import org.opendaylight.mdsal.common.api.CommitInfo;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.AaaEncryptServiceConfig;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.EncryptServiceConfig;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.util.concurrent.FluentFutures;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.osgi.service.component.ComponentFactory;
@Mock
private ComponentInstance<AAAEncryptionServiceImpl> instance;
@Mock
- private ListenerRegistration<?> registration;
+ private Registration registration;
@Mock
private ReadWriteTransaction transaction;
- @Mock
- private DataTreeModification<AaaEncryptServiceConfig> treeModification;
- @Mock
- private DataObjectModification<AaaEncryptServiceConfig> objectModification;
@Captor
private ArgumentCaptor<DataTreeIdentifier<AaaEncryptServiceConfig>> treeIdCaptor;
@Captor
- private ArgumentCaptor<Data
TreeChangeListener<AaaEncryptServiceConfig>> listenerCaptor;
+ private ArgumentCaptor<DataListener<AaaEncryptServiceConfig>> listenerCaptor;
@Captor
private ArgumentCaptor<AaaEncryptServiceConfig> configCaptor;
@Captor
@Before
public void before() {
- doReturn(registration).when(dataBroker).registerDataTreeChangeListener(treeIdCaptor.capture(),
- listenerCaptor.capture());
+ doReturn(registration).when(dataBroker).registerDataListener(treeIdCaptor.capture(), listenerCaptor.capture());
configurator = new OSGiEncryptionServiceConfigurator(dataBroker, factory);
doNothing().when(transaction).put(eq(LogicalDatastoreType.CONFIGURATION), eq(IID), configCaptor.capture());
doReturn(CommitInfo.emptyFluentFuture()).when(transaction).commit();
- configurator.onInitialData();
+ configurator.dataChangedTo(null);
final var config = configCaptor.getValue();
assertEquals("AES/CBC/PKCS5Padding", config.getCipherTransforms());
assertEquals(12, key.length());
// Now we circle around are report that config. We expect the factory to be called
- doReturn(config).when(objectModification).getDataAfter();
- doReturn(objectModification).when(treeModification).getRootNode();
doReturn(instance).when(factory).newInstance(propertiesCaptor.capture());
- configurator.onDataTreeChanged(List.of(treeModification));
+ configurator.dataChangedTo(config);
final var props = propertiesCaptor.getValue();
assertNotNull(props);
import static java.util.Objects.requireNonNull;
import com.google.common.annotations.Beta;
-import com.google.common.collect.Iterables;
-import java.util.Collection;
-import org.checkerframework.checker.lock.qual.Holding;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfigBuilder;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
+import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.osgi.service.component.ComponentFactory;
import org.osgi.service.component.ComponentInstance;
@Beta
@Component(service = { })
-public final class OSGiPasswordServiceConfigBootstrap
- implements ClusteredDataTreeChangeListener<PasswordServiceConfig> {
+public final class OSGiPasswordServiceConfigBootstrap implements DataListener<PasswordServiceConfig> {
private static final Logger LOG = LoggerFactory.getLogger(OSGiPasswordServiceConfigBootstrap.class);
private final ComponentFactory<OSGiPasswordServiceConfig> configFactory;
- private ListenerRegistration<?> registration;
+ private Registration registration;
private ComponentInstance<?> instance;
@Activate
@Reference(target = "(component.factory=" + OSGiPasswordServiceConfig.FACTORY_NAME + ")")
final ComponentFactory<OSGiPasswordServiceConfig> configFactory) {
this.configFactory = requireNonNull(configFactory);
- registration = dataBroker.registerDataTreeChangeListener(
+ registration = dataBroker.registerDataListener(
DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION,
InstanceIdentifier.create(PasswordServiceConfig.class)), this);
LOG.info("Listening for password service configuration");
}
@Override
- public synchronized void onInitialData() {
- updateInstance(null);
- }
-
- @Override
- public synchronized void onDataTreeChanged(final Collection<DataTreeModification<PasswordServiceConfig>> changes) {
+ public synchronized void dataChangedTo(final PasswordServiceConfig data) {
// FIXME: at this point we need to populate default values -- from the XML file
- updateInstance(Iterables.getLast(changes).getRootNode().getDataAfter());
- }
-
- @Holding("this")
- private void updateInstance(final PasswordServiceConfig config) {
if (registration != null) {
final var newInstance = configFactory.newInstance(
- OSGiPasswordServiceConfig.props(config != null ? config : new PasswordServiceConfigBuilder().build()));
+ OSGiPasswordServiceConfig.props(data != null ? data : new PasswordServiceConfigBuilder().build()));
if (instance != null) {
instance.dispose();
}
import static com.google.common.base.Verify.verifyNotNull;
import static java.util.Objects.requireNonNull;
-import com.google.common.collect.Iterables;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import java.util.ArrayList;
-import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataListener;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.binding.api.ReadTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission.Permissions;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
* <p>This mechanism will only work when put behind <code>authcBasic</code>.
*/
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
-public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter
- implements ClusteredDataTreeChangeListener<HttpAuthorization> {
-
+public class MDSALDynamicAuthorizationFilter extends AuthorizationFilter implements DataListener<HttpAuthorization> {
private static final Logger LOG = LoggerFactory.getLogger(MDSALDynamicAuthorizationFilter.class);
private static final DataTreeIdentifier<HttpAuthorization> AUTHZ_CONTAINER = DataTreeIdentifier.create(
private final DataBroker dataBroker;
- private ListenerRegistration<?> reg;
+ private Registration reg;
private volatile ListenableFuture<Optional<HttpAuthorization>> authContainer;
public MDSALDynamicAuthorizationFilter() {
try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
}
- reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+ reg = dataBroker.registerDataListener(AUTHZ_CONTAINER, this);
return super.processPathConfig(path, config);
}
}
@Override
- public void onDataTreeChanged(final Collection<DataTreeModification<HttpAuthorization>> changes) {
- final HttpAuthorization newVal = Iterables.getLast(changes).getRootNode().getDataAfter();
- LOG.debug("Updating authorization information to {}", newVal);
- authContainer = Futures.immediateFuture(Optional.ofNullable(newVal));
+ public void dataChangedTo(final HttpAuthorization data) {
+ LOG.debug("Updating authorization information to {}", data);
+ authContainer = Futures.immediateFuture(Optional.ofNullable(data));
}
@Override
LOG.debug("paths match for pattern={} and requestURI={}", resource, requestURI);
final String method = httpServletRequest.getMethod();
LOG.trace("method={}", method);
- for (Permissions permission : policy.getPermissions()) {
+ for (Permissions permission : policy.nonnullPermissions()) {
final String role = permission.getRole();
LOG.trace("role={}", role);
for (Permissions.Actions action : permission.getActions()) {
import static com.google.common.base.Verify.verifyNotNull;
import static java.util.Objects.requireNonNull;
-import com.google.common.collect.Iterables;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
-import java.util.Collection;
import java.util.HashSet;
import java.util.Optional;
-import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.opendaylight.aaa.shiro.principal.ODLPrincipalImpl;
import org.opendaylight.aaa.shiro.realm.util.TokenUtils;
import org.opendaylight.aaa.shiro.realm.util.http.header.HeaderUtils;
-import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
-import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.binding.api.ReadTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.Authentication;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.Grant;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Grants;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Roles;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.Users;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
private static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
private final PasswordHashService passwordHashService;
- private final ListenerRegistration<?> reg;
+ private final Registration reg;
private volatile ListenableFuture<Optional<Authentication>> authentication;
authentication = tx.read(AUTH_TREE_ID.getDatastoreType(), AUTH_TREE_ID.getRootIdentifier());
}
- reg = dataBroker.registerDataTreeChangeListener(AUTH_TREE_ID,
- (ClusteredDataTreeChangeListener<Authentication>) this::onAuthenticationChanged);
+ reg = dataBroker.registerDataListener(AUTH_TREE_ID, this::onAuthenticationChanged);
LOG.info("MdsalRealm created");
}
};
}
- private void onAuthenticationChanged(final Collection<DataTreeModification<Authentication>> changes) {
- final Authentication newVal = Iterables.getLast(changes).getRootNode().getDataAfter();
- LOG.debug("Updating authentication information to {}", newVal);
- authentication = Futures.immediateFuture(Optional.ofNullable(newVal));
+ private void onAuthenticationChanged(final Authentication data) {
+ LOG.debug("Updating authentication information to {}", data);
+ authentication = Futures.immediateFuture(Optional.ofNullable(data));
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principalCollection) {
// the final set or roles to return to the caller; empty to start
- final Set<String> authRoles = new HashSet<>();
- final ODLPrincipal odlPrincipal = (ODLPrincipal)principalCollection.getPrimaryPrincipal();
- final Optional<Authentication> opt = getAuthenticationContainer();
- if (opt.isPresent()) {
- final Authentication auth = opt.orElseThrow();
-
+ final var authRoles = new HashSet<String>();
+ final var odlPrincipal = (ODLPrincipal) principalCollection.getPrimaryPrincipal();
+ getAuthenticationContainer().ifPresent(auth -> {
// iterate through and determine the appropriate roles based on the programmed grants
- final Grants grants = auth.getGrants();
- for (Grant grant : grants.nonnullGrants().values()) {
+ final var grants = auth.getGrants();
+ for (var grant : grants.nonnullGrants().values()) {
if (grant.getUserid().equals(odlPrincipal.getUserId())) {
- final Roles roles = auth.getRoles();
+ final var roles = auth.getRoles();
if (roles != null) {
- for (org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
- .authentication.roles.Roles role : roles.nonnullRoles().values()) {
+ for (var role : roles.nonnullRoles().values()) {
if (role.getRoleid().equals(grant.getRoleid())) {
authRoles.add(role.getRoleid());
}
}
}
}
- }
+ });
return new SimpleAuthorizationInfo(authRoles);
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authenticationToken)
throws AuthenticationException {
-
- final String username = TokenUtils.extractUsername(authenticationToken);
- final Optional<Authentication> opt = getAuthenticationContainer();
+ final var username = TokenUtils.extractUsername(authenticationToken);
+ final var opt = getAuthenticationContainer();
if (opt.isPresent()) {
- final Authentication auth = opt.orElseThrow();
- final Users users = auth.getUsers();
- for (org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.authentication.users
- .Users u : users.nonnullUsers().values()) {
+ final var auth = opt.orElseThrow();
+ final var users = auth.getUsers();
+ for (var u : users.nonnullUsers().values()) {
final String inputUsername = HeaderUtils.extractUsername(username);
final String domainId = HeaderUtils.extractDomain(username);
final String inputUserId = String.format("%s@%s", inputUsername, domainId);
if (userEnabled && u.getUserid().equals(inputUserId)) {
final String inputPassword = TokenUtils.extractPassword(authenticationToken);
if (passwordHashService.passwordsMatch(inputPassword, u.getPassword(), u.getSalt())) {
- final ODLPrincipal odlPrincipal = ODLPrincipalImpl
- .createODLPrincipal(inputUsername, domainId, inputUserId);
- return new SimpleAuthenticationInfo(odlPrincipal, inputPassword, getName());
+ return new SimpleAuthenticationInfo(
+ ODLPrincipalImpl.createODLPrincipal(inputUsername, domainId, inputUserId), inputPassword,
+ getName());
}
}
}
.http.authorization.policies.Policies.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
+ when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions));
final Policies policies = mock(Policies.class);
when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getIndex()).thenReturn(Uint32.valueOf(5));
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(List.of(permissions));
+ when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions));
final var innerPolicies2 = mock(org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214
.http.authorization.policies.Policies.class);
when(innerPolicies2.getResource()).thenReturn(resource2);
final Permissions permissions2 = mock(Permissions.class);
when(permissions2.getRole()).thenReturn("dog");
when(permissions2.getActions()).thenReturn(actionsList);
- when(innerPolicies2.getPermissions()).thenReturn(List.of(permissions2));
+ when(innerPolicies2.nonnullPermissions()).thenReturn(List.of(permissions2));
when(innerPolicies2.getDescription()).thenReturn("Specialized Rule");
final Policies policies = mock(Policies.class);
when(policies.getPolicies()).thenReturn(List.of(innerPolicies, innerPolicies2));
.http.authorization.policies.Policies.class);
when(innerPolicies.getResource()).thenReturn(resource);
when(innerPolicies.getDescription()).thenReturn(description);
- when(innerPolicies.getPermissions()).thenReturn(List.of(permissions, permissions2));
+ when(innerPolicies.nonnullPermissions()).thenReturn(List.of(permissions, permissions2));
final Policies policies = mock(Policies.class);
when(policies.getPolicies()).thenReturn(List.of(innerPolicies));
final HttpAuthorization httpAuthorization = mock(HttpAuthorization.class);
Code Review / aaa.git / commitdiff