Ryan Goulding [Thu, 22 Dec 2016 18:20:23 +0000 (13:20 -0500)]
Deprecate the authz model
The authz model causes confusion in the community; several people want to use
authorization functionality but it was never implemented correctly. The original
contributor has since stopped participating in upstream AAA. The model does not
work correctly.
The AAA team does want to add authz other than shiro based, but this will have to
be handled by severely changing the existing model, such that keeping it around is
quite silly since it never worked properly in the first place.
Change-Id: Id3035ca71ec483e8d8c887179a635439898b7e64
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 21 Dec 2016 22:41:45 +0000 (22:41 +0000)]
Merge "Add MD-SAL authn model to shiro.ini"
Robert Varga [Tue, 20 Dec 2016 13:02:37 +0000 (14:02 +0100)]
Eliminate dependencies on slf4j-{api,simple}
These are already present in odlparent, no need to repeat
them here.
Change-Id: I367c78b1f8548aa5b5c8d0a590783b073beca27f
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:42:42 +0000 (13:42 +0100)]
Eliminate use of bundle.plugin.version
The plugin has a managed version, remove the dependency
on its version being defined in a property.
Change-Id: I9c3fe7ee9ce11f81edad244c66050eab870af3d5
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:43:20 +0000 (13:43 +0100)]
Remove duplicate dependencies
Cleanup features/shiro/pom.xml to not include
multiple dependency declarations.
Change-Id: I5bdb88523460da2e616ca82a0029db73531199fd
Signed-off-by: Robert Varga <rovarga@cisco.com>
Ryan Goulding [Wed, 14 Dec 2016 22:40:13 +0000 (22:40 +0000)]
Merge "Fix the Password option at cert commands"
Mohamed El-Serngawy [Wed, 7 Dec 2016 21:17:20 +0000 (16:17 -0500)]
Fix the Password option at cert commands
Use the stream input to hide the password characters and use
printstream to print label at the console instead of system.out
Change-Id: Id970d50265f48ebca44732173feb0b27c6ab955f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 13 Dec 2016 17:59:06 +0000 (17:59 +0000)]
Merge "aaa-h2-store file size reduced by 1.7 MB"
Michael Vorburger [Mon, 12 Dec 2016 22:50:25 +0000 (23:50 +0100)]
aaa-cli-jar file size significantly reduced from 12 MB to 2.5 MB
it's now simply called aaa-cli-jar-*.jar instead of
aaa-cli-jar-*-jar-with-dependencies.jar
instead of the current 12 MB JAR file size, by assembling it using
maven-shade-plugin instead of the maven-assembly-plugin, which even
without minimizeJar leads to a 5.7, and with some clever minimizeJar
tweaking lets us make this just 2.5 MB.
Change-Id: I687605b62101d4136e02350efba0af4ddbfbbfa7
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 12 Dec 2016 23:02:31 +0000 (00:02 +0100)]
aaa-h2-store file size reduced by 1.7 MB
by avoid to include H2 JAR in this bundle JAR; this should be not
required, because the class files of the H2 JAR are already in this
bundle JAR ("inlined"); they don't have to be there twice...
read also
http://felix.apache.org/documentation/subprojects/apache-felix-maven-bundle-plugin-bnd.html#embed-dependency-and-export-package
for more background about this
Change-Id: I660a8edf26ba793af1a859aae24bd6b5778d3cc8
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
melserngawy [Fri, 2 Dec 2016 21:19:59 +0000 (16:19 -0500)]
Add MD-SAL authn model to shiro.ini
Set the MD-SAL authn-model REST url at shiro.in
to be accessible by admin role only
Change-Id: I84d6cd7adb3054dbb9673868d2c14cb5d84bd7cd
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 10 Aug 2016 15:31:25 +0000 (11:31 -0400)]
Clean the aaa features
- Remove odl-aaa-authn-no-cluster feature same as odl-aaa-authn feature
- Remove odl-aaa-authn-sssd-no-cluster feature as it was depend on
odl-aaa-authn-no-cluster
Change-Id: Ie70b968530e4dba2c5b41262e1447918fa15f532
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 29 Nov 2016 18:54:37 +0000 (18:54 +0000)]
Merge "New AAA CLI standalone JAR to create users and set passwords"
Michael Vorburger [Mon, 21 Nov 2016 15:43:45 +0000 (16:43 +0100)]
Introduce IdMServiceImpl, refactoring IdmLightProxy
This would make it easier to re-use this code from other places, such as
the planned new CLI utility.
Change-Id: I3c2c5d210d6c34602ecf41a7e84a3a1fb4d9d6aa
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 18:04:37 +0000 (19:04 +0100)]
New AAA CLI standalone JAR to create users and set passwords
This creates a (new) "executable fat JAR", which is NOT an OSGi bundle,
allowing installation tools such as the one used by Tim Rozet for OPNFV,
to create users and set passwords, without requiring ODL REST API to
run, and (more importantly) without knowing the current password.
As discussed and agreed with Ryan Goulding and others during the weekly
"Kernel call" on Tuesday Nov 15th this is still secure, as it's based on
physical access to the database file.
https://wiki.opendaylight.org/view/AAA:Changing_Account_Passwords has
end-user facing documentation (which may be updated as this gets
merged, perhaps later packaged, etc.)
Change-Id: I0f9f991520128b53460b3ee80dbbe0b4b824ca5b
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 22 Nov 2016 12:49:45 +0000 (13:49 +0100)]
StoreBuilder improvements for re-use from Main CLI, and security
Change-Id: Ic10b8dce469a279ac6bb98e6313ee3b82932e299
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Mon, 21 Nov 2016 21:53:57 +0000 (21:53 +0000)]
Merge "De-static-ify H2Store's IdmLightConfig and intro. proper design"
Ryan Goulding [Mon, 21 Nov 2016 21:53:35 +0000 (21:53 +0000)]
Merge "Move StoreBuilder from idmlight to api"
Michael Vorburger [Mon, 21 Nov 2016 15:51:09 +0000 (16:51 +0100)]
Move StoreBuilder from idmlight to api
This makes it easier to re-use this code from other places, such as the
planned new CLI utility (in which I'd like to avoid a dependency to
idmlight, which is full of OSGi and REST related code).
Change-Id: If46ebb5929208ddd2583426df88200edf61b0b53
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 21 Nov 2016 16:30:29 +0000 (17:30 +0100)]
IdmLightConfig use File.separatorChar instead of '/'
This was always already a '/' in the original code before my recent
refactorings (and, presumably, never caused issues on Windows), but as
requested by Ryan in
https://git.opendaylight.org/gerrit/#/c/48372/8/aaa-h2-store/src/main/java/org/opendaylight/aaa/h2/config/IdmLightConfig.java@121
Change-Id: Ibe08409a71d58fd099c4c653c6053627e35229ec
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 19:54:01 +0000 (20:54 +0100)]
De-static-ify H2Store's IdmLightConfig and intro. proper design
This is required to be able to configure a H2Store with an
IdmLightConfig, e.g. from the upcoming new CLI tool.
The intention then is to use this to subsequently introduce a real JDBC
Connection Pool on top of this new API. As a first step, the changes
introduced here (should, hopefully) functionally still make it behave
exactly as the current implementation.
Change-Id: Ia28f5eb9c154c5c74fcef7ad285eee8b6be32ffb
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 18:18:42 +0000 (19:18 +0100)]
H2Store IdmLightConfig made configurable (immutable)
Change-Id: I13a93fa6bd8e72617ba7831fbc408580145c0807
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 11 Nov 2016 22:20:47 +0000 (22:20 +0000)]
Merge "Revert "Fix the unit Test""
Ryan Goulding [Fri, 11 Nov 2016 21:14:34 +0000 (21:14 +0000)]
Revert "Fix the unit Test"
This reverts commit
359f27de1b5ba0c75bd488f84e797a24122172a1.
Change-Id: Ia8ca62266513ddd58e8518bd88f71b39b094c495
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 11 Nov 2016 14:21:48 +0000 (14:21 +0000)]
Merge "Add change ODL user password command"
Ryan Goulding [Fri, 11 Nov 2016 14:20:58 +0000 (14:20 +0000)]
Merge "Fix the unit Test"
Mohamed El-Serngawy [Wed, 9 Nov 2016 21:56:40 +0000 (16:56 -0500)]
Add change ODL user password command
Change-Id: I2303a70e1edb38f30a7e02a6c68a3844e1fad8a9
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 10 Nov 2016 17:08:23 +0000 (17:08 +0000)]
Merge "Update the rpc description with the right names"
Ryan Goulding [Thu, 10 Nov 2016 16:56:06 +0000 (16:56 +0000)]
Merge "Add get-cipher-suites command"
Mohamed El-Serngawy [Wed, 9 Nov 2016 18:43:25 +0000 (13:43 -0500)]
Update the rpc description with the right names
Change-Id: I4d7d98c27e5d8200e1b1bdaf5c459860cf9c76b2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 9 Nov 2016 19:09:38 +0000 (14:09 -0500)]
Add get-cipher-suites command
Change-Id: Ib5e0f75ef38a9885b3007165eb8fe8092576644e
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Michael Vorburger [Thu, 10 Nov 2016 14:39:15 +0000 (15:39 +0100)]
Checkstyle configuration clean-up, removing what is now in odlparent
This is more consistent with how other projects do it now, and more
importantly makes Checkstlye work under Eclipse for AAA (kinda, see
below), to correctly ignore generated code (which without this change it
doesn't, and you get lots of red). It also helps avoid a major
confusion at least I just had when debugging this problem.. ;-)
It's actually not EXACTLY the same configuration as the one in
odlparent; in aaa someone had come up with a "trick" using
<sourceDirectory>${project.basedir}, presumable to scan not just src/**
but even root and other directories; this technically looses that, but I
think in the short term for consistency that's better. In the medium
term, maybe I'll try to see if that approach could be generally applied
to odlparent.
This change does not touch AAA's use of yangtools' checkstyle-logging,
which is currently discouraged because it breaks Eclipse; more about
that perhaps in a separate future Gerrit.
Change-Id: I94acce1111004a287c1566f058fa1a010829266f
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 9 Nov 2016 14:54:28 +0000 (15:54 +0100)]
target-ide/ on .gitignore
Change-Id: I918c5b51810973f0d91ad935578e54b5243281b7
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Wed, 2 Nov 2016 19:13:05 +0000 (15:13 -0400)]
Fix the unit Test
update the old unit test classes with the new refactored classes
Change-Id: I43438fcb0a6724c1bbbe6956d169f6b7f93a4b6c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 1 Nov 2016 14:52:28 +0000 (14:52 +0000)]
Merge "Refactor the aaa-cert bundle"
melserngawy [Fri, 21 Oct 2016 21:27:36 +0000 (17:27 -0400)]
Refactor the aaa-cert bundle
Refactoring the aaa-cert bundle to have one service managing
the certificates and keystores in ODL.
Change-Id: Ie17a1c868fb9d2a22772ffe4dc4237e594b9e87b
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 26 Oct 2016 21:37:57 +0000 (17:37 -0400)]
Remove the encryption Tag
As the cipher is appended with the encryption tag, if the tag value
modified or changed the encryption service refuse to decrypt the cipher
and actually it is useless.
Change-Id: Iff49bc7a43547d258eccddb695781105af24b3b6
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 20 Oct 2016 20:34:13 +0000 (16:34 -0400)]
Remove stale AAA IDM REST information
The curl commands documented have fallen out of sync with the data model.
The updated documentation is located in the proper docs now. idmtool
is also suggested as a means to manipulate AAA IDM data.
Change-Id: If403f176f6f49b04be6cba92c90dca057e04ea5e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 20 Oct 2016 18:59:37 +0000 (18:59 +0000)]
Merge "Fix branding in idmtool script"
Mohamed El-Serngawy [Thu, 20 Oct 2016 18:59:00 +0000 (18:59 +0000)]
Merge "Fix AaaCertMdsalProvider service and AaaCert RPC service"
Mohamed El-Serngawy [Wed, 12 Oct 2016 18:30:35 +0000 (14:30 -0400)]
Fix AaaCertMdsalProvider service and AaaCert RPC service
The aaa-cert blueprint was missing the dependancy service of AaaCertMdsalProvider
(Databroker and EncryptionService) adding them to blueprint.
Adding the AaaCertRPCService to the blueprint and seperate the implementation from
AaaCertProvider
Change-Id: Ic9708e09a0d55eb839c29a6c07d1995cef499be1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 20 Oct 2016 15:39:46 +0000 (11:39 -0400)]
Fix branding in idmtool script
Change-Id: I5a6a0cee359dde3b273ecba5bcacadc1fc439e30
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Alexis de Talhouët [Tue, 18 Oct 2016 21:20:34 +0000 (17:20 -0400)]
Bug 6956 - Do not wrap Guava as a bundle in the feature definition
Guava should only be provided as a dependency, and don't need to be
provided within the feature definition as a bundle.
Doing so could potentially have bad effect: e.g. DLUX feature pulls in Guava
the same way, which will trigger the Guava bundle to be refresh, thus
the AAA bundles tied to the feature pulling it in will be refreshed as
well, and this is corrupting functionalities as per as the reported
BUG.
Change-Id: If519c51c4a47a5b7e9e76f793ee81bba565d0d16
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Thu, 13 Oct 2016 21:21:51 +0000 (17:21 -0400)]
Moon authentication url should specify http protocol
Since moon communicates using HTTP, specify the protocol as part of
the URL. This change simply changes the template to include the
protocol in the URL since parsing will fail otherwise.
Change-Id: I04677a3d18cfcd1d082892780bd26c31c5b8d930
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 6 Oct 2016 17:31:36 +0000 (17:31 +0000)]
Merge "AAA Moon Authentication Module support"
Alioune [Thu, 15 Sep 2016 21:21:31 +0000 (23:21 +0200)]
AAA Moon Authentication Module support
Adds support for authentication w/ OpenStack through the OPNFV Moon
module. This functionality is optional and turned off by default.
To enable this functionality, reference notes in the shiro.ini file
surrounding moon fundamentals.
Change-Id: Ieae82e7a7f07fe6fc49dd5bd8c29d037eadadf4e
Changea-Id: If8933c66540ecc862ffc6c4d7f9496089664a5e9
Signed-off-by: Alioune BA <alioune.ba@orange.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 5 Oct 2016 21:39:13 +0000 (17:39 -0400)]
Move aaa-cert to blueprint
Change-Id: I14642474cbf7b8e7e5a34d10f782a376ee038f5c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Tue, 4 Oct 2016 21:01:31 +0000 (21:01 +0000)]
Merge "Auto-detect secure HTTP in the idmtool script"
Ryan Goulding [Tue, 4 Oct 2016 03:29:01 +0000 (23:29 -0400)]
Auto-detect secure HTTP in the idmtool script
This enables auto-detection of secure HTTP (SSL, TLS) through taking a peek
into org.ops4j.pax.web.cfg. If HTTPS is enabled, then it is preferred over
HTTP. This behavior can still be overridden through the use of the
"--target-host" option during idmtool script invocation. The script attempts
to use the specified HTTPS port from the pax web config. If no such port is
specified (perfectly valid), then the default port, 8443, is utilized. If
HTTPS is not enabled, then HTTP is used.
The value in this is that controllers should run HTTPS on Northbound RESTCONF,
and currently to make this script work with an HTTPS controller the
--target-host option needs to be specified. This makes administering a
controller with HTTPS harder and there are more steps to remember. If anything,
a product should aim to make security easier so it is actually utilized.
Again, if a more advanced configuration is needed, the "--target-host" will
override the default behavior. This simply enforces best security practices
as default, falling back on insecure options if needed.
Change-Id: I544a23d0266cef90cab01f28c8bb970ffcc9ddb6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Mon, 26 Sep 2016 20:57:42 +0000 (13:57 -0700)]
Use config-parent
This patch switches the relevant POMs to use config-parent instead of
re-specifying the appropriate Maven plugins. It also drops
yang-gen-{config,sal} from .gitignore since they are now in target.
Change-Id: I5d27111d7061cf02d55bad3173e299f289671df1
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Fri, 23 Sep 2016 15:49:19 +0000 (15:49 +0000)]
Merge "move aaa-encrypiotn service to blueprint"
Mohamed El-Serngawy [Thu, 15 Sep 2016 22:00:18 +0000 (18:00 -0400)]
move aaa-encrypiotn service to blueprint
Change-Id: If17c833f11175c16940d9d2e70a8770d90ae8852
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Stephen Kitt [Thu, 11 Aug 2016 12:58:50 +0000 (14:58 +0200)]
BUG-6341: use common Cassandra and Coda Hale Metrics
This depends on https://git.opendaylight.org/gerrit/43717
This patch pulls in the odlparent-defined version of Netty; this is
currently compatible with the Cassandra driver, and future upgrades
will have to bear this in mind.
Change-Id: I4401553b2e529045bf6f9e19ea8c763834f43210
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mohamed El-Serngawy [Tue, 13 Sep 2016 21:58:04 +0000 (17:58 -0400)]
Re-organize the features module
Combine the aaa-cert and aaa-cli feature modules with the authn feature module
Change-Id: I31b2169bc83b35898f9d23a823e51948274cbd1d
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
melserngawy [Fri, 9 Sep 2016 20:52:41 +0000 (16:52 -0400)]
Re-organize the features module
Combine the api and authz feature modules with the authn feature module
Change-Id: Iafe456adb52dbecedaa56f38c829383b7d3817f2
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Mon, 29 Aug 2016 19:31:42 +0000 (15:31 -0400)]
Bug 6574: Empty groupRolesMap for ODLJndiLdapRealm should map groups directly to roles
If groupRolesMap is not provided in shiro.ini, then the groups extracted
from LDAP are used directly. This is needed for backwards compatability with
Beryllium based behavior.
Change-Id: I39ad01eed55b7e346ff34fa13d93c595c2795739
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 24 Aug 2016 14:22:53 +0000 (10:22 -0400)]
Bug 6525: Restrict access to AAA-Certificate REST APIs to
Opendaylight Admin role only.
Change-Id: I1b8344f4e8ba64def6f791c68fca0715f176df0d
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 10 Aug 2016 21:56:32 +0000 (17:56 -0400)]
Bug 6425: Move aaa-mdsal-store bundle to use blueprint
Change-Id: I3aad96123f70260c12419f956a2ca76fdcb98f25
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
melserngawy [Fri, 5 Aug 2016 15:13:56 +0000 (17:13 +0200)]
Bug 6424: move aaa-idmlight to use blueprint
Change-Id: I7c84ea21204b40e11135bba5a3c52a2901f4a78c
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 9 Aug 2016 15:39:08 +0000 (15:39 +0000)]
Merge "Move aaa-h2-store bundle to use blueprint"
Thanh Ha [Mon, 8 Aug 2016 21:50:11 +0000 (17:50 -0400)]
Bump versions by 0.1.0 for next dev cycle
Change-Id: I3af7fbc22b54e10bf4497b344c2137cc59102b30
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Mon, 8 Aug 2016 03:17:23 +0000 (23:17 -0400)]
Remove stale code from aaa-idmlight bundle
There is a bunch of bash scripts and json included in the aaa-idmlight bundle
that are there for historic reasons only. These scripts do not reflect the
new data models that have been used for AAA since Beryllium, and thus are confusing
at best. This change removes this dated code to avoid confusion and clean
up the code base.
Change-Id: Ib698c9823227d9648b65881993276c9c187e3443
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Fri, 5 Aug 2016 14:58:22 +0000 (14:58 +0000)]
Merge "Add groupRolesMap configuration option for ODLJndiLdapRealm"
Ryan Goulding [Thu, 4 Aug 2016 08:45:30 +0000 (04:45 -0400)]
Add groupRolesMap configuration option for ODLJndiLdapRealm
Shiro provides a nice configuration option called groupRolesMap for
ActiveDirectoryRealm. Since JndiLdapRealm provides a default
getAuthorizationInfo() that just returns null, it does not perform
any authorization. ODLJndiLdapRealm was designed to add a useful
getAuthorizationInfo() implementation, which performs LDAP queries
to determine LDAP membership information.
This patch adds the groupRolesMap functionality to ODLJndiLdapRealm
so that raw LDAP results can be mapped to ODL roles. This essentially
allows existing systems to be utilized without either recreating the
group structure in LDAP or role structure in ODL in order to map
correctly.
Change-Id: Id9f3bf5ca8f171e3c51e0c39867e70341eda1901
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
melserngawy [Thu, 4 Aug 2016 14:36:55 +0000 (16:36 +0200)]
Move aaa-h2-store bundle to use blueprint
Change-Id: I1a5ab1fbca359ba081add9da26be4710179488d7
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 4 Aug 2016 13:59:40 +0000 (13:59 +0000)]
Merge "Store the opendaylight's certificate and network Node's certificates to mdsal"
Mohamed El-Serngawy [Mon, 21 Mar 2016 20:48:23 +0000 (16:48 -0400)]
Store the opendaylight's certificate and network Node's certificates to mdsal
Opendaylight uses java keystore to store certificates. The keystore is used to establish a secure
SSL communication between Opendaylight and different protocols such as openflow and netconf. aaa-cert provides Opendaylight with
the ability to create different keytstores for each protocol and store these keystores into mdsal. As mdsal has its shard
data process across Opendaylight cluster nodes, the keystores will be syncronized across the cluster nodes.
Change-Id: I29ea84e4f2be9d66f7da74727baaf9ba343d1f9f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 28 Jul 2016 04:08:51 +0000 (00:08 -0400)]
Bug 6278: Switch to use odlparent's karaf-parent
karaf-parent was moved from controller to odlparent in the following:
https://git.opendaylight.org/gerrit/#/42650/
This change switches karaf to inherit from odlparent's karaf-parent
added in the above commit.
Change-Id: If083aed05dd3b6dffb738180f34f409fde1302fb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 18 Jul 2016 23:19:10 +0000 (19:19 -0400)]
Remove stale documentation from aaa-filterchain javadocs
Documentation stated that Filter bundles may need to be dynamically imported;
since aaa-filterchain dynamically imports bundles anyway, this step is not
necessary.
Change-Id: If4317c8b72a395a22247259286d29c055cb1a72f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Colin Dixon [Wed, 13 Jul 2016 23:34:52 +0000 (19:34 -0400)]
Remove old sssd documentation
It looks like it hasn't been updated since 2014, which means it's unlikely
to be correct and it is causing WARNINGs when we build the docs now that
aaa is included as a submodule of docs.
Change-Id: I0231057683b26de12144e38b974f8b8dcb7eecad
Signed-off-by: Colin Dixon <colin@colindixon.com>
Mohamed El-Serngawy [Tue, 5 Jul 2016 13:45:17 +0000 (13:45 +0000)]
Merge "Upgrade ietf-{inet,yang}-types to 2013-07-15"
Lorand Jakab [Wed, 29 Jun 2016 20:52:35 +0000 (15:52 -0500)]
Upgrade ietf-{inet,yang}-types to 2013-07-15
Change-Id: I7152164eb35516bc78671cb04d378ad98957065e
Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Ryan Goulding [Wed, 29 Jun 2016 19:46:25 +0000 (15:46 -0400)]
Modify Activator output to more accurately define loading state
Change the Activator output to reflect that a service is in the process of being
injected rather than claiming it is missing. This is more accurate since it
reflects that the service is in the process of being resolved.
Change-Id: I6e126f2a3f2c43afc60e52fdf4b5e585afcda34b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
melserngawy [Wed, 29 Jun 2016 04:38:35 +0000 (00:38 -0400)]
update openflowplugin dependency for aaa-cert feature
Change-Id: I025615f2a000da37db153028e5de9785bad98313
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 21 Jun 2016 14:22:08 +0000 (14:22 +0000)]
Merge "Fix for Bug 6082 - idpmapping will failed for the case sensitivity"
Vratko Polak [Tue, 21 Jun 2016 11:12:56 +0000 (13:12 +0200)]
Add config POM modules back
Otherwise Boron autorelease fails on this:
[WARNING] The POM for org.opendaylight.aaa:aaa-authn-mdsal-config:xml:config:0.4.0-Boron is missing, no dependency information available
Change-Id: I59d01c3811f318b980eddaaa6a0478f411aee2b7
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Suvitha Balu [Tue, 21 Jun 2016 07:57:36 +0000 (13:27 +0530)]
Fix for Bug 6082 - idpmapping will failed for the case sensitivity
Change-Id: Iec3f09e32e0ce0daa15314ae63088e8ac3024861
Signed-off-by: Suvitha Balu <suvitha.balu@tcs.com>
Alexis de Talhouët [Thu, 5 May 2016 22:45:45 +0000 (18:45 -0400)]
Use odlparent-lite for aggregator
Change-Id: I33cfd551dcd28f0a9261e83887e0dc9520099a34
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Mon, 23 May 2016 13:53:21 +0000 (09:53 -0400)]
Modify idmtool insecure option to work with older versions of requests
The idmtool script utilizes the requests library to interact with the AAA
REST endpoints. Older versions of the requests library are not setup to
utilize certain urllib3 packages, which results in the following error
message when the script is run with --insecure mode enabled:
Traceback (most recent call last):
File "idmtool", line 236, in <module>
requests.packages.urllib3.disable_warnings()
AttributeError: 'module' object has no attribute 'packages'
This change utilizes standard system libraries (warnings) to disable SSL
Error output. The attempt is made at "best-effort"; that is, if the attempt
to disable fails, the script will still work, but some verbose output will be
rendered to stdout. This is a much more robust way of implementing the
verbosity control logic within the idmtool script context.
Change-Id: Ia32736d27a6f351170bae895832c056f7d8f84a5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Wed, 27 Apr 2016 00:38:13 +0000 (17:38 -0700)]
Encryption Service For AAA that uses a unified key to encryp and decrypt string for usage in ODL
Change-Id: Ic2d576c3c8ed42f3f7fc42afeac3af78a847febd
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Ryan Goulding [Fri, 20 May 2016 00:57:04 +0000 (00:57 +0000)]
Merge "Cassandra Store for AAA"
Ryan Goulding [Tue, 17 May 2016 19:42:14 +0000 (15:42 -0400)]
Enhance idmtool to allow disabling https certificate verification
Adds the capability to disable https certificate verification through
the "-k" or "--insecure" flag. This vernacular was chosen to closely
mimic curl's interface. If this mode is enabled, then an appropriate
warning message is printed to make it painfully obvious that HTTPS
certificates are not verified. This behavior is completely optional,
and is not enabled by default.
Additionally, exception reporting was improved to isolate SSLError(s);
if an SSLError is encountered then it is reported as a possible SSL
issue instead of with the standard "Are you sure the controller is up?"
message.
Change-Id: Ibc138d073d170d76164e928eb0d0cc99f704514c
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
77d2cba2257e306c2c00eb151d69692e2da7a296)
Sharon Aicler [Sun, 29 Nov 2015 17:22:15 +0000 (09:22 -0800)]
Cassandra Store for AAA
Change-Id: I01a500594c55c5cac163642653164b5390f57b76
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Ryan Goulding [Tue, 17 May 2016 17:26:51 +0000 (13:26 -0400)]
Bug 5901 Add in explicit version for aaa-authz-model
https://git.opendaylight.org/gerrit/#/c/38481/4/aaa-authz/aaa-authz-model/pom.xml
broke the build by not overriding the parent version in favor
of the AAA version.
Change-Id: Ic4886a3958fbbdf96cbf97b734605a8af669a63b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Fri, 13 May 2016 13:52:17 +0000 (15:52 +0200)]
Bump Checkstyle version from 6.2 to 6.16
Java 8 lamda / closure intendentation rule changed in Checkstyle!
Change-Id: I00e7e506f320833b6c8b3f450ab3d372bdc2725d
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 13 May 2016 14:30:54 +0000 (10:30 -0400)]
Remove unused geronimo dependencies
Just removes the geronimo JTA dependencies as they aren't used.
Change-Id: Ib1fbad93d25a908a2102ac2428e0b07b44ff602f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Thu, 12 May 2016 11:37:49 +0000 (13:37 +0200)]
Git ignore .checkstyle file create by Eclipse Checkstyle plugin
Change-Id: Ia85e023fb839abdb813eca00a5bbb33f85bc2c92
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 6 May 2016 19:23:54 +0000 (19:23 +0000)]
Merge "Use binding-parent for api"
Ryan Goulding [Fri, 6 May 2016 19:20:32 +0000 (19:20 +0000)]
Merge "Remove useless version in dependencies"
Ryan Goulding [Fri, 6 May 2016 17:31:01 +0000 (17:31 +0000)]
Merge "Fix the compilation error"
Alexis de Talhouët [Thu, 5 May 2016 22:46:01 +0000 (18:46 -0400)]
Remove useless version in dependencies
Change-Id: Iae0c325dc411a9c46476f1bf8c5c2cefc4472192
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Alexis de Talhouët [Thu, 5 May 2016 22:45:00 +0000 (18:45 -0400)]
Use binding-parent for api
Change-Id: Ic2489d93ae46db1aaa1004fb56790fb167585d96
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Mohamed El-Serngawy [Fri, 6 May 2016 16:18:43 +0000 (12:18 -0400)]
Fix the compilation error
fix jetty-servlet-tester dependancy with org.mortbay.jetty to avoid
conflict with org.eclipse.jetty dependancy and ignore aaa-authn-federation
for now
Change-Id: I2d7bb080e625c10016a5d66d43ac40846bde36a3
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Alexis de Talhouët [Fri, 6 May 2016 15:56:32 +0000 (11:56 -0400)]
Ignore failing tests due to jetty
Change-Id: I591a0ea079f80fd8499fec58872fbc470f5c050d
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Mon, 25 Apr 2016 20:15:43 +0000 (20:15 +0000)]
Merge "Remove the odl-aaa-keystone-plugin feature"
Ryan Goulding [Mon, 25 Apr 2016 16:57:37 +0000 (12:57 -0400)]
Remove the odl-aaa-keystone-plugin feature
Since this feature doesn't do anything, the AAA team has chosen to directly
remove it. Since the feature never did anything, there is no need to wait
the extra release cycle. The advantage to removing this earlier is less
queries surrounding a feature which doesn't work. Prior to this commit,
the inclusion of this non-functional feature was misleading.
Change-Id: I24136b81dda6a45b13e6edccfb9ffac4468f83bb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 14:42:41 +0000 (10:42 -0400)]
Bug 5801 aaa distribution-karaf should inherit from karaf-parent, not aaa-parent
This changes the parent for AAA karaf distribution from aaa-parent
to karaf-parent. distribution-karaf was renamed "karaf" which is
more consistent with how other projects name their local karaf
distributions.
Change-Id: I478fa4b7da710351c871ee792611934576e30635
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 19:38:46 +0000 (19:38 +0000)]
Merge "Inherit nexusproxy property from odlparent"
Ryan Goulding [Mon, 25 Apr 2016 19:22:46 +0000 (19:22 +0000)]
Revert "Bug 5801 aaa distribution-karaf should inherit from karaf-parent, not aaa-parent"
This will be redone with inclusion of correct groupId
This reverts commit
190996d1d2fc7e941edede025b27b40bb59a21aa.
Change-Id: Icfc3b16066dab510a8cc661c07ee905fe48347de
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 18:40:55 +0000 (14:40 -0400)]
Inherit nexusproxy property from odlparent
Inherit the "nexusproxy" property from odlparent instead of overriding
with our own, which is prone to becoming out of date.
Change-Id: I11e17bcccfa6f7c51e7a8233162f3434a9930ae4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Code Review / aaa.git / log