Ryan Goulding [Mon, 21 Nov 2016 21:53:57 +0000 (21:53 +0000)]
Merge "De-static-ify H2Store's IdmLightConfig and intro. proper design"
Ryan Goulding [Mon, 21 Nov 2016 21:53:35 +0000 (21:53 +0000)]
Merge "Move StoreBuilder from idmlight to api"
Michael Vorburger [Mon, 21 Nov 2016 15:51:09 +0000 (16:51 +0100)]
Move StoreBuilder from idmlight to api
This makes it easier to re-use this code from other places, such as the
planned new CLI utility (in which I'd like to avoid a dependency to
idmlight, which is full of OSGi and REST related code).
Change-Id: If46ebb5929208ddd2583426df88200edf61b0b53
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 21 Nov 2016 16:30:29 +0000 (17:30 +0100)]
IdmLightConfig use File.separatorChar instead of '/'
This was always already a '/' in the original code before my recent
refactorings (and, presumably, never caused issues on Windows), but as
requested by Ryan in
https://git.opendaylight.org/gerrit/#/c/48372/8/aaa-h2-store/src/main/java/org/opendaylight/aaa/h2/config/IdmLightConfig.java@121
Change-Id: Ibe08409a71d58fd099c4c653c6053627e35229ec
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 19:54:01 +0000 (20:54 +0100)]
De-static-ify H2Store's IdmLightConfig and intro. proper design
This is required to be able to configure a H2Store with an
IdmLightConfig, e.g. from the upcoming new CLI tool.
The intention then is to use this to subsequently introduce a real JDBC
Connection Pool on top of this new API. As a first step, the changes
introduced here (should, hopefully) functionally still make it behave
exactly as the current implementation.
Change-Id: Ia28f5eb9c154c5c74fcef7ad285eee8b6be32ffb
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 18:18:42 +0000 (19:18 +0100)]
H2Store IdmLightConfig made configurable (immutable)
Change-Id: I13a93fa6bd8e72617ba7831fbc408580145c0807
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 11 Nov 2016 22:20:47 +0000 (22:20 +0000)]
Merge "Revert "Fix the unit Test""
Ryan Goulding [Fri, 11 Nov 2016 21:14:34 +0000 (21:14 +0000)]
Revert "Fix the unit Test"
This reverts commit
359f27de1b5ba0c75bd488f84e797a24122172a1.
Change-Id: Ia8ca62266513ddd58e8518bd88f71b39b094c495
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 11 Nov 2016 14:21:48 +0000 (14:21 +0000)]
Merge "Add change ODL user password command"
Ryan Goulding [Fri, 11 Nov 2016 14:20:58 +0000 (14:20 +0000)]
Merge "Fix the unit Test"
Mohamed El-Serngawy [Wed, 9 Nov 2016 21:56:40 +0000 (16:56 -0500)]
Add change ODL user password command
Change-Id: I2303a70e1edb38f30a7e02a6c68a3844e1fad8a9
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 10 Nov 2016 17:08:23 +0000 (17:08 +0000)]
Merge "Update the rpc description with the right names"
Ryan Goulding [Thu, 10 Nov 2016 16:56:06 +0000 (16:56 +0000)]
Merge "Add get-cipher-suites command"
Mohamed El-Serngawy [Wed, 9 Nov 2016 18:43:25 +0000 (13:43 -0500)]
Update the rpc description with the right names
Change-Id: I4d7d98c27e5d8200e1b1bdaf5c459860cf9c76b2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 9 Nov 2016 19:09:38 +0000 (14:09 -0500)]
Add get-cipher-suites command
Change-Id: Ib5e0f75ef38a9885b3007165eb8fe8092576644e
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Michael Vorburger [Thu, 10 Nov 2016 14:39:15 +0000 (15:39 +0100)]
Checkstyle configuration clean-up, removing what is now in odlparent
This is more consistent with how other projects do it now, and more
importantly makes Checkstlye work under Eclipse for AAA (kinda, see
below), to correctly ignore generated code (which without this change it
doesn't, and you get lots of red). It also helps avoid a major
confusion at least I just had when debugging this problem.. ;-)
It's actually not EXACTLY the same configuration as the one in
odlparent; in aaa someone had come up with a "trick" using
<sourceDirectory>${project.basedir}, presumable to scan not just src/**
but even root and other directories; this technically looses that, but I
think in the short term for consistency that's better. In the medium
term, maybe I'll try to see if that approach could be generally applied
to odlparent.
This change does not touch AAA's use of yangtools' checkstyle-logging,
which is currently discouraged because it breaks Eclipse; more about
that perhaps in a separate future Gerrit.
Change-Id: I94acce1111004a287c1566f058fa1a010829266f
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 9 Nov 2016 14:54:28 +0000 (15:54 +0100)]
target-ide/ on .gitignore
Change-Id: I918c5b51810973f0d91ad935578e54b5243281b7
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Wed, 2 Nov 2016 19:13:05 +0000 (15:13 -0400)]
Fix the unit Test
update the old unit test classes with the new refactored classes
Change-Id: I43438fcb0a6724c1bbbe6956d169f6b7f93a4b6c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 1 Nov 2016 14:52:28 +0000 (14:52 +0000)]
Merge "Refactor the aaa-cert bundle"
melserngawy [Fri, 21 Oct 2016 21:27:36 +0000 (17:27 -0400)]
Refactor the aaa-cert bundle
Refactoring the aaa-cert bundle to have one service managing
the certificates and keystores in ODL.
Change-Id: Ie17a1c868fb9d2a22772ffe4dc4237e594b9e87b
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 26 Oct 2016 21:37:57 +0000 (17:37 -0400)]
Remove the encryption Tag
As the cipher is appended with the encryption tag, if the tag value
modified or changed the encryption service refuse to decrypt the cipher
and actually it is useless.
Change-Id: Iff49bc7a43547d258eccddb695781105af24b3b6
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 20 Oct 2016 20:34:13 +0000 (16:34 -0400)]
Remove stale AAA IDM REST information
The curl commands documented have fallen out of sync with the data model.
The updated documentation is located in the proper docs now. idmtool
is also suggested as a means to manipulate AAA IDM data.
Change-Id: If403f176f6f49b04be6cba92c90dca057e04ea5e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 20 Oct 2016 18:59:37 +0000 (18:59 +0000)]
Merge "Fix branding in idmtool script"
Mohamed El-Serngawy [Thu, 20 Oct 2016 18:59:00 +0000 (18:59 +0000)]
Merge "Fix AaaCertMdsalProvider service and AaaCert RPC service"
Mohamed El-Serngawy [Wed, 12 Oct 2016 18:30:35 +0000 (14:30 -0400)]
Fix AaaCertMdsalProvider service and AaaCert RPC service
The aaa-cert blueprint was missing the dependancy service of AaaCertMdsalProvider
(Databroker and EncryptionService) adding them to blueprint.
Adding the AaaCertRPCService to the blueprint and seperate the implementation from
AaaCertProvider
Change-Id: Ic9708e09a0d55eb839c29a6c07d1995cef499be1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 20 Oct 2016 15:39:46 +0000 (11:39 -0400)]
Fix branding in idmtool script
Change-Id: I5a6a0cee359dde3b273ecba5bcacadc1fc439e30
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Alexis de Talhouët [Tue, 18 Oct 2016 21:20:34 +0000 (17:20 -0400)]
Bug 6956 - Do not wrap Guava as a bundle in the feature definition
Guava should only be provided as a dependency, and don't need to be
provided within the feature definition as a bundle.
Doing so could potentially have bad effect: e.g. DLUX feature pulls in Guava
the same way, which will trigger the Guava bundle to be refresh, thus
the AAA bundles tied to the feature pulling it in will be refreshed as
well, and this is corrupting functionalities as per as the reported
BUG.
Change-Id: If519c51c4a47a5b7e9e76f793ee81bba565d0d16
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Thu, 13 Oct 2016 21:21:51 +0000 (17:21 -0400)]
Moon authentication url should specify http protocol
Since moon communicates using HTTP, specify the protocol as part of
the URL. This change simply changes the template to include the
protocol in the URL since parsing will fail otherwise.
Change-Id: I04677a3d18cfcd1d082892780bd26c31c5b8d930
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 6 Oct 2016 17:31:36 +0000 (17:31 +0000)]
Merge "AAA Moon Authentication Module support"
Alioune [Thu, 15 Sep 2016 21:21:31 +0000 (23:21 +0200)]
AAA Moon Authentication Module support
Adds support for authentication w/ OpenStack through the OPNFV Moon
module. This functionality is optional and turned off by default.
To enable this functionality, reference notes in the shiro.ini file
surrounding moon fundamentals.
Change-Id: Ieae82e7a7f07fe6fc49dd5bd8c29d037eadadf4e
Changea-Id: If8933c66540ecc862ffc6c4d7f9496089664a5e9
Signed-off-by: Alioune BA <alioune.ba@orange.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 5 Oct 2016 21:39:13 +0000 (17:39 -0400)]
Move aaa-cert to blueprint
Change-Id: I14642474cbf7b8e7e5a34d10f782a376ee038f5c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Tue, 4 Oct 2016 21:01:31 +0000 (21:01 +0000)]
Merge "Auto-detect secure HTTP in the idmtool script"
Ryan Goulding [Tue, 4 Oct 2016 03:29:01 +0000 (23:29 -0400)]
Auto-detect secure HTTP in the idmtool script
This enables auto-detection of secure HTTP (SSL, TLS) through taking a peek
into org.ops4j.pax.web.cfg. If HTTPS is enabled, then it is preferred over
HTTP. This behavior can still be overridden through the use of the
"--target-host" option during idmtool script invocation. The script attempts
to use the specified HTTPS port from the pax web config. If no such port is
specified (perfectly valid), then the default port, 8443, is utilized. If
HTTPS is not enabled, then HTTP is used.
The value in this is that controllers should run HTTPS on Northbound RESTCONF,
and currently to make this script work with an HTTPS controller the
--target-host option needs to be specified. This makes administering a
controller with HTTPS harder and there are more steps to remember. If anything,
a product should aim to make security easier so it is actually utilized.
Again, if a more advanced configuration is needed, the "--target-host" will
override the default behavior. This simply enforces best security practices
as default, falling back on insecure options if needed.
Change-Id: I544a23d0266cef90cab01f28c8bb970ffcc9ddb6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Mon, 26 Sep 2016 20:57:42 +0000 (13:57 -0700)]
Use config-parent
This patch switches the relevant POMs to use config-parent instead of
re-specifying the appropriate Maven plugins. It also drops
yang-gen-{config,sal} from .gitignore since they are now in target.
Change-Id: I5d27111d7061cf02d55bad3173e299f289671df1
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Fri, 23 Sep 2016 15:49:19 +0000 (15:49 +0000)]
Merge "move aaa-encrypiotn service to blueprint"
Mohamed El-Serngawy [Thu, 15 Sep 2016 22:00:18 +0000 (18:00 -0400)]
move aaa-encrypiotn service to blueprint
Change-Id: If17c833f11175c16940d9d2e70a8770d90ae8852
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Stephen Kitt [Thu, 11 Aug 2016 12:58:50 +0000 (14:58 +0200)]
BUG-6341: use common Cassandra and Coda Hale Metrics
This depends on https://git.opendaylight.org/gerrit/43717
This patch pulls in the odlparent-defined version of Netty; this is
currently compatible with the Cassandra driver, and future upgrades
will have to bear this in mind.
Change-Id: I4401553b2e529045bf6f9e19ea8c763834f43210
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mohamed El-Serngawy [Tue, 13 Sep 2016 21:58:04 +0000 (17:58 -0400)]
Re-organize the features module
Combine the aaa-cert and aaa-cli feature modules with the authn feature module
Change-Id: I31b2169bc83b35898f9d23a823e51948274cbd1d
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
melserngawy [Fri, 9 Sep 2016 20:52:41 +0000 (16:52 -0400)]
Re-organize the features module
Combine the api and authz feature modules with the authn feature module
Change-Id: Iafe456adb52dbecedaa56f38c829383b7d3817f2
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Mon, 29 Aug 2016 19:31:42 +0000 (15:31 -0400)]
Bug 6574: Empty groupRolesMap for ODLJndiLdapRealm should map groups directly to roles
If groupRolesMap is not provided in shiro.ini, then the groups extracted
from LDAP are used directly. This is needed for backwards compatability with
Beryllium based behavior.
Change-Id: I39ad01eed55b7e346ff34fa13d93c595c2795739
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 24 Aug 2016 14:22:53 +0000 (10:22 -0400)]
Bug 6525: Restrict access to AAA-Certificate REST APIs to
Opendaylight Admin role only.
Change-Id: I1b8344f4e8ba64def6f791c68fca0715f176df0d
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 10 Aug 2016 21:56:32 +0000 (17:56 -0400)]
Bug 6425: Move aaa-mdsal-store bundle to use blueprint
Change-Id: I3aad96123f70260c12419f956a2ca76fdcb98f25
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
melserngawy [Fri, 5 Aug 2016 15:13:56 +0000 (17:13 +0200)]
Bug 6424: move aaa-idmlight to use blueprint
Change-Id: I7c84ea21204b40e11135bba5a3c52a2901f4a78c
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 9 Aug 2016 15:39:08 +0000 (15:39 +0000)]
Merge "Move aaa-h2-store bundle to use blueprint"
Thanh Ha [Mon, 8 Aug 2016 21:50:11 +0000 (17:50 -0400)]
Bump versions by 0.1.0 for next dev cycle
Change-Id: I3af7fbc22b54e10bf4497b344c2137cc59102b30
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Mon, 8 Aug 2016 03:17:23 +0000 (23:17 -0400)]
Remove stale code from aaa-idmlight bundle
There is a bunch of bash scripts and json included in the aaa-idmlight bundle
that are there for historic reasons only. These scripts do not reflect the
new data models that have been used for AAA since Beryllium, and thus are confusing
at best. This change removes this dated code to avoid confusion and clean
up the code base.
Change-Id: Ib698c9823227d9648b65881993276c9c187e3443
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Fri, 5 Aug 2016 14:58:22 +0000 (14:58 +0000)]
Merge "Add groupRolesMap configuration option for ODLJndiLdapRealm"
Ryan Goulding [Thu, 4 Aug 2016 08:45:30 +0000 (04:45 -0400)]
Add groupRolesMap configuration option for ODLJndiLdapRealm
Shiro provides a nice configuration option called groupRolesMap for
ActiveDirectoryRealm. Since JndiLdapRealm provides a default
getAuthorizationInfo() that just returns null, it does not perform
any authorization. ODLJndiLdapRealm was designed to add a useful
getAuthorizationInfo() implementation, which performs LDAP queries
to determine LDAP membership information.
This patch adds the groupRolesMap functionality to ODLJndiLdapRealm
so that raw LDAP results can be mapped to ODL roles. This essentially
allows existing systems to be utilized without either recreating the
group structure in LDAP or role structure in ODL in order to map
correctly.
Change-Id: Id9f3bf5ca8f171e3c51e0c39867e70341eda1901
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
melserngawy [Thu, 4 Aug 2016 14:36:55 +0000 (16:36 +0200)]
Move aaa-h2-store bundle to use blueprint
Change-Id: I1a5ab1fbca359ba081add9da26be4710179488d7
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 4 Aug 2016 13:59:40 +0000 (13:59 +0000)]
Merge "Store the opendaylight's certificate and network Node's certificates to mdsal"
Mohamed El-Serngawy [Mon, 21 Mar 2016 20:48:23 +0000 (16:48 -0400)]
Store the opendaylight's certificate and network Node's certificates to mdsal
Opendaylight uses java keystore to store certificates. The keystore is used to establish a secure
SSL communication between Opendaylight and different protocols such as openflow and netconf. aaa-cert provides Opendaylight with
the ability to create different keytstores for each protocol and store these keystores into mdsal. As mdsal has its shard
data process across Opendaylight cluster nodes, the keystores will be syncronized across the cluster nodes.
Change-Id: I29ea84e4f2be9d66f7da74727baaf9ba343d1f9f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 28 Jul 2016 04:08:51 +0000 (00:08 -0400)]
Bug 6278: Switch to use odlparent's karaf-parent
karaf-parent was moved from controller to odlparent in the following:
https://git.opendaylight.org/gerrit/#/42650/
This change switches karaf to inherit from odlparent's karaf-parent
added in the above commit.
Change-Id: If083aed05dd3b6dffb738180f34f409fde1302fb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 18 Jul 2016 23:19:10 +0000 (19:19 -0400)]
Remove stale documentation from aaa-filterchain javadocs
Documentation stated that Filter bundles may need to be dynamically imported;
since aaa-filterchain dynamically imports bundles anyway, this step is not
necessary.
Change-Id: If4317c8b72a395a22247259286d29c055cb1a72f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Colin Dixon [Wed, 13 Jul 2016 23:34:52 +0000 (19:34 -0400)]
Remove old sssd documentation
It looks like it hasn't been updated since 2014, which means it's unlikely
to be correct and it is causing WARNINGs when we build the docs now that
aaa is included as a submodule of docs.
Change-Id: I0231057683b26de12144e38b974f8b8dcb7eecad
Signed-off-by: Colin Dixon <colin@colindixon.com>
Mohamed El-Serngawy [Tue, 5 Jul 2016 13:45:17 +0000 (13:45 +0000)]
Merge "Upgrade ietf-{inet,yang}-types to 2013-07-15"
Lorand Jakab [Wed, 29 Jun 2016 20:52:35 +0000 (15:52 -0500)]
Upgrade ietf-{inet,yang}-types to 2013-07-15
Change-Id: I7152164eb35516bc78671cb04d378ad98957065e
Signed-off-by: Lorand Jakab <lojakab@cisco.com>
Ryan Goulding [Wed, 29 Jun 2016 19:46:25 +0000 (15:46 -0400)]
Modify Activator output to more accurately define loading state
Change the Activator output to reflect that a service is in the process of being
injected rather than claiming it is missing. This is more accurate since it
reflects that the service is in the process of being resolved.
Change-Id: I6e126f2a3f2c43afc60e52fdf4b5e585afcda34b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
melserngawy [Wed, 29 Jun 2016 04:38:35 +0000 (00:38 -0400)]
update openflowplugin dependency for aaa-cert feature
Change-Id: I025615f2a000da37db153028e5de9785bad98313
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 21 Jun 2016 14:22:08 +0000 (14:22 +0000)]
Merge "Fix for Bug 6082 - idpmapping will failed for the case sensitivity"
Vratko Polak [Tue, 21 Jun 2016 11:12:56 +0000 (13:12 +0200)]
Add config POM modules back
Otherwise Boron autorelease fails on this:
[WARNING] The POM for org.opendaylight.aaa:aaa-authn-mdsal-config:xml:config:0.4.0-Boron is missing, no dependency information available
Change-Id: I59d01c3811f318b980eddaaa6a0478f411aee2b7
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Suvitha Balu [Tue, 21 Jun 2016 07:57:36 +0000 (13:27 +0530)]
Fix for Bug 6082 - idpmapping will failed for the case sensitivity
Change-Id: Iec3f09e32e0ce0daa15314ae63088e8ac3024861
Signed-off-by: Suvitha Balu <suvitha.balu@tcs.com>
Alexis de Talhouët [Thu, 5 May 2016 22:45:45 +0000 (18:45 -0400)]
Use odlparent-lite for aggregator
Change-Id: I33cfd551dcd28f0a9261e83887e0dc9520099a34
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Mon, 23 May 2016 13:53:21 +0000 (09:53 -0400)]
Modify idmtool insecure option to work with older versions of requests
The idmtool script utilizes the requests library to interact with the AAA
REST endpoints. Older versions of the requests library are not setup to
utilize certain urllib3 packages, which results in the following error
message when the script is run with --insecure mode enabled:
Traceback (most recent call last):
File "idmtool", line 236, in <module>
requests.packages.urllib3.disable_warnings()
AttributeError: 'module' object has no attribute 'packages'
This change utilizes standard system libraries (warnings) to disable SSL
Error output. The attempt is made at "best-effort"; that is, if the attempt
to disable fails, the script will still work, but some verbose output will be
rendered to stdout. This is a much more robust way of implementing the
verbosity control logic within the idmtool script context.
Change-Id: Ia32736d27a6f351170bae895832c056f7d8f84a5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Sharon Aicler [Wed, 27 Apr 2016 00:38:13 +0000 (17:38 -0700)]
Encryption Service For AAA that uses a unified key to encryp and decrypt string for usage in ODL
Change-Id: Ic2d576c3c8ed42f3f7fc42afeac3af78a847febd
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Ryan Goulding [Fri, 20 May 2016 00:57:04 +0000 (00:57 +0000)]
Merge "Cassandra Store for AAA"
Ryan Goulding [Tue, 17 May 2016 19:42:14 +0000 (15:42 -0400)]
Enhance idmtool to allow disabling https certificate verification
Adds the capability to disable https certificate verification through
the "-k" or "--insecure" flag. This vernacular was chosen to closely
mimic curl's interface. If this mode is enabled, then an appropriate
warning message is printed to make it painfully obvious that HTTPS
certificates are not verified. This behavior is completely optional,
and is not enabled by default.
Additionally, exception reporting was improved to isolate SSLError(s);
if an SSLError is encountered then it is reported as a possible SSL
issue instead of with the standard "Are you sure the controller is up?"
message.
Change-Id: Ibc138d073d170d76164e928eb0d0cc99f704514c
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
(cherry picked from commit
77d2cba2257e306c2c00eb151d69692e2da7a296)
Sharon Aicler [Sun, 29 Nov 2015 17:22:15 +0000 (09:22 -0800)]
Cassandra Store for AAA
Change-Id: I01a500594c55c5cac163642653164b5390f57b76
Signed-off-by: Sharon Aicler <saichler@cisco.com>
Ryan Goulding [Tue, 17 May 2016 17:26:51 +0000 (13:26 -0400)]
Bug 5901 Add in explicit version for aaa-authz-model
https://git.opendaylight.org/gerrit/#/c/38481/4/aaa-authz/aaa-authz-model/pom.xml
broke the build by not overriding the parent version in favor
of the AAA version.
Change-Id: Ic4886a3958fbbdf96cbf97b734605a8af669a63b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Fri, 13 May 2016 13:52:17 +0000 (15:52 +0200)]
Bump Checkstyle version from 6.2 to 6.16
Java 8 lamda / closure intendentation rule changed in Checkstyle!
Change-Id: I00e7e506f320833b6c8b3f450ab3d372bdc2725d
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 13 May 2016 14:30:54 +0000 (10:30 -0400)]
Remove unused geronimo dependencies
Just removes the geronimo JTA dependencies as they aren't used.
Change-Id: Ib1fbad93d25a908a2102ac2428e0b07b44ff602f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Thu, 12 May 2016 11:37:49 +0000 (13:37 +0200)]
Git ignore .checkstyle file create by Eclipse Checkstyle plugin
Change-Id: Ia85e023fb839abdb813eca00a5bbb33f85bc2c92
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 6 May 2016 19:23:54 +0000 (19:23 +0000)]
Merge "Use binding-parent for api"
Ryan Goulding [Fri, 6 May 2016 19:20:32 +0000 (19:20 +0000)]
Merge "Remove useless version in dependencies"
Ryan Goulding [Fri, 6 May 2016 17:31:01 +0000 (17:31 +0000)]
Merge "Fix the compilation error"
Alexis de Talhouët [Thu, 5 May 2016 22:46:01 +0000 (18:46 -0400)]
Remove useless version in dependencies
Change-Id: Iae0c325dc411a9c46476f1bf8c5c2cefc4472192
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Alexis de Talhouët [Thu, 5 May 2016 22:45:00 +0000 (18:45 -0400)]
Use binding-parent for api
Change-Id: Ic2489d93ae46db1aaa1004fb56790fb167585d96
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Mohamed El-Serngawy [Fri, 6 May 2016 16:18:43 +0000 (12:18 -0400)]
Fix the compilation error
fix jetty-servlet-tester dependancy with org.mortbay.jetty to avoid
conflict with org.eclipse.jetty dependancy and ignore aaa-authn-federation
for now
Change-Id: I2d7bb080e625c10016a5d66d43ac40846bde36a3
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Alexis de Talhouët [Fri, 6 May 2016 15:56:32 +0000 (11:56 -0400)]
Ignore failing tests due to jetty
Change-Id: I591a0ea079f80fd8499fec58872fbc470f5c050d
Signed-off-by: Alexis de Talhouët <adetalhouet@inocybe.com>
Ryan Goulding [Mon, 25 Apr 2016 20:15:43 +0000 (20:15 +0000)]
Merge "Remove the odl-aaa-keystone-plugin feature"
Ryan Goulding [Mon, 25 Apr 2016 16:57:37 +0000 (12:57 -0400)]
Remove the odl-aaa-keystone-plugin feature
Since this feature doesn't do anything, the AAA team has chosen to directly
remove it. Since the feature never did anything, there is no need to wait
the extra release cycle. The advantage to removing this earlier is less
queries surrounding a feature which doesn't work. Prior to this commit,
the inclusion of this non-functional feature was misleading.
Change-Id: I24136b81dda6a45b13e6edccfb9ffac4468f83bb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 14:42:41 +0000 (10:42 -0400)]
Bug 5801 aaa distribution-karaf should inherit from karaf-parent, not aaa-parent
This changes the parent for AAA karaf distribution from aaa-parent
to karaf-parent. distribution-karaf was renamed "karaf" which is
more consistent with how other projects name their local karaf
distributions.
Change-Id: I478fa4b7da710351c871ee792611934576e30635
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 19:38:46 +0000 (19:38 +0000)]
Merge "Inherit nexusproxy property from odlparent"
Ryan Goulding [Mon, 25 Apr 2016 19:22:46 +0000 (19:22 +0000)]
Revert "Bug 5801 aaa distribution-karaf should inherit from karaf-parent, not aaa-parent"
This will be redone with inclusion of correct groupId
This reverts commit
190996d1d2fc7e941edede025b27b40bb59a21aa.
Change-Id: Icfc3b16066dab510a8cc661c07ee905fe48347de
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 18:40:55 +0000 (14:40 -0400)]
Inherit nexusproxy property from odlparent
Inherit the "nexusproxy" property from odlparent instead of overriding
with our own, which is prone to becoming out of date.
Change-Id: I11e17bcccfa6f7c51e7a8233162f3434a9930ae4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 25 Apr 2016 14:42:41 +0000 (10:42 -0400)]
Bug 5801 aaa distribution-karaf should inherit from karaf-parent, not aaa-parent
This changes the parent for AAA karaf distribution from aaa-parent
to karaf-parent. distribution-karaf was renamed "karaf" which is
more consistent with how other projects name their local karaf
distributions.
Change-Id: Ib3a7bebcc68da7326745a591a0479b0f1924b6a4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 21 Apr 2016 21:21:57 +0000 (21:21 +0000)]
Merge "Revert "Revert "Inherit metatype dependency version from odlparent"""
Ryan Goulding [Wed, 20 Apr 2016 15:59:54 +0000 (15:59 +0000)]
Revert "Revert "Inherit metatype dependency version from odlparent""
This reverts commit
30e384b2eb6b53b887d7b69c09a1a0235de1caff.
Change-Id: I1c72ff78d47da399cd00201e611e302fad8f59c8
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 19 Apr 2016 21:44:53 +0000 (17:44 -0400)]
Depend on odlparent version of logback
Downstream dependencies should centralize dependency management
in odlparent. This change technically temporarily downgrades
logback to 1.1.3, which is the one included with odlparent. This
way, when logback is upgraded in odlparent, we get it for free.
Change-Id: Ibce99e34bc65db678390d37169c5cd924113f389
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 19 Apr 2016 16:37:51 +0000 (16:37 +0000)]
Merge "Revert "Inherit metatype dependency version from odlparent""
Ryan Goulding [Tue, 19 Apr 2016 15:58:26 +0000 (15:58 +0000)]
Revert "Inherit metatype dependency version from odlparent"
This reverts commit
c4a0cb5bd32f59076749affffb98906c860ea22b.
Change-Id: Ib0ef4e7298f6afd88d441b411bf79a343ef21a84
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 19 Apr 2016 15:35:13 +0000 (15:35 +0000)]
Merge "Add a generic ShiroFilter for use with non-RESTCONF servlets"
Ryan Goulding [Tue, 19 Apr 2016 14:03:56 +0000 (10:03 -0400)]
Add a generic ShiroFilter for use with non-RESTCONF servlets
AAAFilter is geared towards supporting RESTCONF and its noauth
functionality. AAAShiroFilter differs in that it cannot be
disabled outside of AAA. AAAFilter should only be used with
RESTCONF, while AAAShiroFilter should be used for all other
Servlet endpoints in ODL.
Change-Id: I000ba808eebed5a16d8449188eeca4ef9a9289e7
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 19 Apr 2016 13:45:33 +0000 (09:45 -0400)]
Inherit metatype dependency version from odlparent
Instead of maintaining a separate metatype version in AAA, depend on
the common one from odlparent.
Change-Id: Iabc64bdd00bfe864ae44cdc28cd2f64d60d43736
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 14 Apr 2016 16:42:15 +0000 (16:42 +0000)]
Merge "Add unit test for aaa-idmlight using jersey test framework"
Mohamed El-Serngawy [Tue, 12 Apr 2016 21:14:01 +0000 (17:14 -0400)]
Add unit test for aaa-idmlight using jersey test framework
Change-Id: I8a15afb6d17daea406086139c5c4c6ddd78a136d
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Fri, 8 Apr 2016 23:41:16 +0000 (19:41 -0400)]
Lower log level for unsuccessful OAuth2 Requests to debug
Sometimes, this somewhat harmful sounding error message is triggered
based on the fact that not all AAA bundles have initialized. The
message is somewhat useful, so its level was lowered, but now it
shouldn't appear by default.
To re-enable this audit message, please issue the following command
on the karaf shell:
> log:set DEBUG org.opendaylight.aaa.shiro.realm.TokenAuthRealm
Change-Id: I6739ae073dac7d75c293d4172bd4c1e014a5c9af
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 8 Apr 2016 23:06:18 +0000 (23:06 +0000)]
Merge "Fix ant paths so that subpaths are represented"
Ryan Goulding [Fri, 8 Apr 2016 21:32:45 +0000 (17:32 -0400)]
Fix ant paths so that subpaths are represented
Shiro urls use ant-style paths. Prior to this change, extensions
off the default urls were not supported. For example, auth/users
was protected but auth/users/1 (admin user) was not protected.
Change-Id: I0b540008501c037ee8c50e21ea518a6eec7df960
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 7 Apr 2016 15:17:40 +0000 (11:17 -0400)]
Add support for generic JDBC for AAA
Just wraps the default Shiro implementation. This allows for enhanced logging
as well as aggregation of all realm implementations to a single package,
making it easier for importing Servlets.
Instructions on how to set up and configure the realm are included right in the
shiro initialization file, shiro.ini.
This abstraction is particularly useful for systems integrators who wish to
leverage an existing JDBC-supporting system for ODL AAA.
Change-Id: I58257a4704e9c302689ef46155972c5ce06dd155
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 6 Apr 2016 23:24:22 +0000 (19:24 -0400)]
Add support for Active Directory to AAA
Just wraps the default Shiro implementation. One of the many added benefits
from moving to Shiro is being able to utilize built in realm support.
AAA has taken the approach of wrapping Shiro abstracations in order to add
logging and to centralize realm implementations in one package, making it
so consuming servlets only need to import one package to get all the
available realm implementations.
Change-Id: I1e4fbcb97463e9b05ed38754ab62d0beb0f8e61a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>