Jamo Luhrsen [Sat, 10 Feb 2018 04:30:49 +0000 (20:30 -0800)]
AAA-165: Add explicit import apache.commons.text
- added a simple UT for domain delete, but even that UT
would not fail for AAA-165
- moved from commons-lang3 to commons-text as I noticed
StringEscapeUtils is deprecated in lang3 and text was
what should be used
Change-Id: I0e8a5067666d062e2f119ddaa7511f0cc3a2dda1
Signed-off-by: Jamo Luhrsen <jluhrsen@redhat.com>
Ryan Goulding [Thu, 8 Feb 2018 15:00:40 +0000 (10:00 -0500)]
AAA-134: Cannot update domain name
Modified the update SQL statement to include name.
Change-Id: I8fce9cbbf403fcc627b927e5750750de4d04403c
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 9 Feb 2018 13:43:58 +0000 (13:43 +0000)]
Merge "AAA-147: Jolokia Credentials are backed by AAA"
Ryan Goulding [Fri, 9 Feb 2018 13:43:16 +0000 (13:43 +0000)]
Merge "Move AAAShiroProvider class in act into separate package"
Ryan Goulding [Thu, 8 Feb 2018 19:02:59 +0000 (14:02 -0500)]
AAA-147: Jolokia Credentials are backed by AAA
Inject an Authenticator implementation into the service registry
for use with odl-jolokia from controller. Corresponding patch:
https://git.opendaylight.org/gerrit/68069
W/o this Authenticator installed, jolokia authentication fails.
Change-Id: I8141336453f04052b617f322c94d6add8a37fcf5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Thu, 8 Feb 2018 17:16:14 +0000 (18:16 +0100)]
Move AAAShiroProvider class in act into separate package
There are two classes named AAAShiroProvider both in package
org.opendaylight.aaa; one in artifact (and OSGi bundle) aaa-shiro and
another one in aaa-shiro-act.
As far as I understand the AAA code, this does not seem to be done
intentionally for any particular reason, probably just historical
copy/paste.
Under OSGi, this doesn't really cause any major issues (other than it
being "really not nice", possibly confusing, and theoretically causing
issues if one were to use package import), as the two AAAShiroProvider
are loaded into separate ClassLoaders in their respective bundles.
When attempting to use AAA in a (non-OSGi) flat classpath environment
however, then the present situation, leads to this error:
[main] ERROR org.apache.shiro.web.env.EnvironmentLoader - Shiro
environment initialization failed
java.lang.NoSuchMethodError:
org.opendaylight.aaa.AAAShiroProvider.getInstance()Lorg/opendaylight/aaa/AAAShiroProvider;
at org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment.init(KarafIniWebEnvironment.java:67)
This change fixes above, for non-OSGi test envs, but seems a reasonable
clean up if for the standard deployment model of running ODL in OSGi.
Change-Id: Ia5d34e6f3ecf9d6539bdac9537b8628dcde59049
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Stephen Kitt [Tue, 30 Jan 2018 12:32:40 +0000 (13:32 +0100)]
Clean up artifacts
This removes a number of obsolete artifacts from aaa-artifacts, adds
some new ones, and adds a new module to verify that listed artifacts
are actually available.
Change-Id: I2ab9600a5ffb1b99c1dee00b0b6ac456cae49f57
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Wed, 7 Feb 2018 19:11:37 +0000 (14:11 -0500)]
AAA-158: remove exception output in HTTP response
Change-Id: Icb3c2cfcf1d546bb365fb61d558cd3be428e5a15
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 7 Feb 2018 18:31:16 +0000 (13:31 -0500)]
Fix README refactor
During the refactor that eliminated "impl" from the packaging
structure, this README was not correctly updated.
Change-Id: Ib367cb3410513a3477a4dbe75fa1a8468ffa0d76
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
serngawy [Fri, 26 Jan 2018 18:24:42 +0000 (13:24 -0500)]
AAA-160: Fix aaa-cli commands
Adding final to the command line variable make the variable
finally initalized and not re-assign value at runtime.
Access the datastore using AaaShiroProvider and delete the
old datastore service.
Change-Id: I8c2f7d39bd5e9be5349a2b922bb8afdbbb0b15a3
Signed-off-by: serngawy <m.elserngawy@gmail.com>
Ryan Goulding [Tue, 6 Feb 2018 21:44:35 +0000 (21:44 +0000)]
Merge "AAA-159: Switch to using gson for JSON serialization"
Ryan Goulding [Thu, 25 Jan 2018 21:45:16 +0000 (21:45 +0000)]
AAA-159: Switch to using gson for JSON serialization
Due to jackson incompatibility issues with other web env
elements (namely jax-rs), this change switches the serdes
for AAA endpoints to gson. The motivation is two fold:
1) fix the immediate issue with the rest endpoints
2) align on a common JSON serdes framework in ODL
Since yangtools and others already utilize gson, and gson
seems to be a lot more friendly from a provider stand-
point, this change is the best solution to the given bug.
This patch does not completely remove jackson, since RESTCONF
depends on us bringing it in. This will be another multi-
step process:
1) this patch
2) convert restconf to GSON or just add the jackson deps
there (features/odl-aaa-shiro/pom.xml changes in last
patch)
3) remove jackson dependencies from AAA
Change-Id: Id969ab11282513fc314b98cd2a3487327250113f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Tue, 6 Feb 2018 15:46:51 +0000 (16:46 +0100)]
ODLPARENT-139: re-use caches when restarting
When the Shiro bundles restart, for whatever reason, they always
attempt to re-create their caches; that fails because the caches are
still present. This patch re-uses existing cache managers and caches
when possible.
This doesn’t entirely resolve the SSH issues reported in
ODLPARENT-139, but it helps the SSH connection survive longer (which
makes it easier to debug).
Change-Id: I27944a87cfbd78b385274dee0c7c17b9aac4dd58
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Mon, 29 Jan 2018 20:38:41 +0000 (15:38 -0500)]
NETCONF-502: Provide GsonProvider for JSON serdes
Just provide the GsonProvider for downstream consumption.
Transitioning AAA to this provider will happen in a later
patch in order to avoid breaking downstreams in the
meantime.
Change-Id: I1b129bae712446678546daaf77ea23cccd1bdd1e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 25 Jan 2018 14:50:23 +0000 (09:50 -0500)]
Fix packaging for shiro bundle
Align packages to keep IDEs from barfing.
Change-Id: Ifdaa0a25dbf3d56860ca35f630554cc9a5285fd7
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 25 Jan 2018 19:52:03 +0000 (14:52 -0500)]
Revert "Switch to using gson for JSON serialization"
Temporary revert to unblock the broken distribution until the NETCONF
team responds to the actual fix.
Change-Id: Ic8a446c33b3ee2cc1a994bcb8fab77bd486a8c15
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 25 Jan 2018 17:33:23 +0000 (12:33 -0500)]
Move AAAShiroProvider back
Caused some strange blueprint issues in dist-check.
Change-Id: I9d66e7e8ecbc87b549823fce852aac29a305bf8f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Robert Varga [Wed, 29 Nov 2017 11:42:50 +0000 (12:42 +0100)]
Switch to using gson for JSON serialization
This patch changes JSON provider to GSON, skipping jackson
packaging completely. GSON is used by many upstream ODL
projects and is the desired single JSON library for the
future.
Some unit tests surrounding Handlers needed to be ignored
temporarily due to classpath issues; some of the overlapping
technology is tested in integration-test so the AAA team
feels it is okay to temporarily disable for now.
For now, this change exposes a provider package for the
GsonProvider so that other projects running into the same
issue can utilize it without copying and pasting code.
Later, it will be moved somewhere more intelligent.
Change-Id: I6033980d0fdaa31be32e2e77a0b9f869a755246b
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 25 Jan 2018 14:50:23 +0000 (09:50 -0500)]
Fix packaging for shiro bundle
Align packages to keep IDEs from barfing.
Change-Id: Ie037a1b2f1768840861bdc43a466b65aa8f014d7
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Fri, 19 Jan 2018 16:36:43 +0000 (17:36 +0100)]
Drop explicit jetty-servlets dependency
odl-feat-karaf-jetty ends up pulling in jetty-servlets, so there’s no
need to depend on it explicitly here. Getting it via the odlparent
feature ensures that our runtime is consistent.
Change-Id: I6c11f0eb9cafb0db815760fed0ae6c6a976d171a
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Tom Pantelis [Fri, 19 Jan 2018 13:56:13 +0000 (08:56 -0500)]
Eliminate unnecessary explicit yangtools dependencies
Changed the parent pom to derive from bindng-parent so
yangtools version and dependencies comes from mdsal.
Change-Id: Id10a9d47abdda3a586af3707d7553f74382c566b
Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
Robert Varga [Wed, 17 Jan 2018 23:38:16 +0000 (00:38 +0100)]
Bump to yangtools-2.0.1
Adopt latest release for corrected SchemaContext behavior, forcing
downstreams to use those.
Change-Id: Ibe596ef486d11da4c06e1f250005e6f4ea995573
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ryan Goulding [Thu, 18 Jan 2018 13:40:34 +0000 (13:40 +0000)]
Merge "Rely on mdsal for yangtools features"
Robert Varga [Wed, 17 Jan 2018 23:37:01 +0000 (00:37 +0100)]
Eliminate yangtools.version
Versions should be pushed via artifact imports, not via properties.
Change-Id: I9b59e4ef5a56a46939d3254327cd43baf16dba8a
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Stephen Kitt [Wed, 17 Jan 2018 15:27:57 +0000 (16:27 +0100)]
Rely on mdsal for yangtools features
Instead of explicitly listing yangtools features, rely on mdsal
providing them for us. This simplifies yangtools version bumps.
Change-Id: I4e9fd3b0a593d96e41dcd3fac22392db77dd633f
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Robert Varga [Thu, 12 Oct 2017 11:33:08 +0000 (13:33 +0200)]
Bump to yangtools-2.0.0 and odlparent-3.0.2
Adopt yangtools-2.0.0 and odlparent-3.0.2, adjusting feature
references. Since we are bumping to karaf-4.1.x, we also need
to bump sshd references.
Change-Id: I31aed1ebb96ad7cf3f0cdd131a25515dc77e3dbe
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 11 Jan 2018 15:01:00 +0000 (15:01 +0000)]
Merge "Revert "Moon Authorization Driver for ODL/AAA""
Ryan Goulding [Thu, 11 Jan 2018 14:20:46 +0000 (14:20 +0000)]
Revert "Moon Authorization Driver for ODL/AAA"
This reverts commit
6ccfaeb9fcaacdf0edc94a7383ccc2e71a32738f.
Change-Id: I88ba0e0f3862cb751105569aa81c8d88e71fcf8a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 8 Jan 2018 21:08:17 +0000 (21:08 +0000)]
Merge "Temp. Remove MDSAL from aaa-app-config"
Ryan Goulding [Mon, 8 Jan 2018 20:02:11 +0000 (15:02 -0500)]
Temp. Remove MDSAL from aaa-app-config
Per AAA meeting discussions, it is probably better to delegate
Token Processing to the MdsalRealm or a corresponding pre-filter.
This has been done in the past for things like OAuth2 Token
processing. This change purely removes the option for MDSAL
backed store from the aaa-app-config, since the existing impl is
provided separately through MdsalRealm. Right now, choosing
MDSAL as an option actually only instantiates skeleton code, so it
is better to leave this option out in this release for
security purposes.
Change-Id: Ia32809f02865af8f96e0bdacbd20d064055114fe
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Evan Zeller [Fri, 5 Jan 2018 23:19:17 +0000 (15:19 -0800)]
AAA-155: don't force non-null input on currentUser cache lookup
On the first CLI command issued no auth users are cached in either the
SessionsManager cache nor AaaCliAbstractCommand's static authUser. We
must take input from the user and do the lookup in the identity store.
Subsequent commands will use the now cached user until the entry is
evicted. getCurrentUser should handle the null input and be explicit
about the nullability of its return value.
Change-Id: I18291e25723f428d2e27f79184d957f7715357f8
Signed-off-by: Evan Zeller <evanrzeller@gmail.com>
Ryan Goulding [Mon, 8 Jan 2018 17:18:17 +0000 (12:18 -0500)]
Remove shiro.ini conversion script
shiro.ini was done away with many releases ago. As part
of its removal, the AAA team added a conversion script to
convert the shiro.ini file into a format that could be
recognized by the aaa clustered-app-config. Since the
shiro.ini based approach has been gone for over a release,
this patch removes the conversion script since it should
no longer be needed.
Change-Id: I6866ae1faea0362251ff26fabc8f6df360acde08
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
YuchenWang [Tue, 19 Dec 2017 14:05:45 +0000 (22:05 +0800)]
Moon Authorization Driver for ODL/AAA
https://github.com/WangYuchenSJTU/ODL-Moon-Authz
Change-Id: I7cc569561c7dd3cee26985b11c27ba9dbf913642
Signed-off-by: YuchenWang <lucassjtu@gmail.com>
Ryan Goulding [Fri, 1 Dec 2017 19:44:10 +0000 (19:44 +0000)]
Merge "AAA-154 Make H2 database credentials configurable"
Ryan Goulding [Tue, 28 Nov 2017 17:59:59 +0000 (12:59 -0500)]
Collapse features into features-aaa repository
Instead of providing two of essentially the same repository,
instead just provide one called features-aaa.
Change-Id: Ic60fca3a2b3129fe424e353ea1a1e074927f0a98
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 29 Nov 2017 14:02:31 +0000 (14:02 +0000)]
Merge "Clear claim cache when grants/roles/domains change"
Ryan Goulding [Wed, 29 Nov 2017 13:57:21 +0000 (13:57 +0000)]
Merge "Use gson to parse JSON output"
Robert Varga [Wed, 29 Nov 2017 11:01:33 +0000 (12:01 +0100)]
Use gson to parse JSON output
org.json is poorly maintained and licensed piece of software,
which is causing us headaches whenever encountered. Remove its use
and use GSON to parse JSON payloads.
Change-Id: I07a7cc486b88e949b23b1d8714163eabea116b92
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ryan Goulding [Tue, 28 Nov 2017 22:00:19 +0000 (17:00 -0500)]
Clear claim cache when grants/roles/domains change
The claim cache should be cleared whenever a change
occurs to these entitites.
Change-Id: Iadfc71e219847609147b64394fd3b549c7979342
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 28 Nov 2017 21:33:04 +0000 (16:33 -0500)]
AAA-154 Make H2 database credentials configurable
Makes the credentials for H2 file-oriented database
configurable. These aren't AAA credentials, but rather
the credentials to the underlying data store.
Change-Id: I5e511a172155e355e3f88f2145f7ef95b4896eb7
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 28 Nov 2017 19:41:31 +0000 (19:41 +0000)]
Merge "Fix stale javadoc in StoreBuilder"
Ryan Goulding [Tue, 28 Nov 2017 18:51:34 +0000 (13:51 -0500)]
Fix stale javadoc in StoreBuilder
Probably a rebase issue, but the javadoc has two @return
annotations. This deletes the stale/irrelevant one.
Change-Id: I302dbc5b601ad52897b03c3b15583b0ebe8caf6f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 28 Nov 2017 18:40:58 +0000 (13:40 -0500)]
AAA-153 remove "user" OOB account
Limit exposure by just providing "admin" account OOB.
Change-Id: I451d84e06a208e5b9701fe461b5b46ef47fcbcdd
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 28 Nov 2017 17:20:31 +0000 (17:20 +0000)]
Merge "AAA-151: Invalidate claim cache for CLI initiated changes"
Ryan Goulding [Tue, 28 Nov 2017 16:38:19 +0000 (16:38 +0000)]
Merge "MdsalRealm enable/disable user"
Ryan Goulding [Tue, 21 Nov 2017 18:46:34 +0000 (13:46 -0500)]
AAA-151: Invalidate claim cache for CLI initiated changes
The AAA IDM REST handlers already invoke the clearing of the
IdmLightProxy claimCache upon user update, but the CLI Handler did
not handle this properly. This change manually invokes the claim
invalidation.
Access to AAA CLI commands requires access to the karaf console via
client or SSH. Thus, system level access is needed to some degree
to invoke such commands. The major threat involves the action of
an administrator changing a user password via CLI, and then still
being able to invoke the old password because the claimCache is not
purged. This is why a reboot of karaf solves this issue; the
claimCache is flushed. We should not expect our users/administrators
to assume this in the future; this change explicitly invokes
the claimCache flush.
AAA-151 affects Carbon, Nitrogen, and master.
Change-Id: Ie3101d4dc2bbb6d0db91ddad4d567a41d041150d
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 17 Nov 2017 19:38:21 +0000 (14:38 -0500)]
MdsalRealm enable/disable user
This was built into the original IdM data model for the H2 store,
and thus was cascaded to the Mdsal model for backwards compatibility
purposes mostly. The original model didn't do anything with this
field; this one now properly honors the "enabled" field.
Change-Id: I4f15c45a336008c66423ef438c141cf6df132583
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 21 Nov 2017 15:29:05 +0000 (15:29 +0000)]
Merge "Dissuade use of author name in source"
Ryan Goulding [Tue, 21 Nov 2017 14:50:30 +0000 (14:50 +0000)]
Merge "Add MdsalRealm information to README.md"
Ryan Goulding [Fri, 3 Nov 2017 17:34:40 +0000 (13:34 -0400)]
Dissuade use of author name in source
This is just an attempt to make the code more community centric.
I don't care if other contributors want to keep their "@author"
annotation tags-- but I do want to spread the love in terms of
support queries etc :).
This removes my name/email anywhere possible in an effort to
make the aaa codebase more community centric. I still plan to
be active, I just would rather people email the aaa reflector:
aaa-dev@lists.opendaylight.org
rather than unicast my email address.
Whenever I saw trivial changes like unused import or whatnot,
I just removed them to make the code cleaner.
Change-Id: I56573bf618deac22c41a2276233ed9d6c00c07de
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Robert Varga [Mon, 20 Nov 2017 18:30:34 +0000 (19:30 +0100)]
Fix odlparent-3.0.0 checkstyle violations
There are new violations reported:
- hidden fields
- utility classes with public constructor
Change-Id: Iced411566cc5e1d8c5d69554222db0d53bedee3f
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Mon, 20 Nov 2017 18:34:39 +0000 (19:34 +0100)]
Remove duplicate dependency declarations
This fixes maven warnings related to duplicates being declared.
Change-Id: I9b2c905b893de73466bd7f2012b1e53fb0ba236f
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ryan Goulding [Fri, 17 Nov 2017 19:27:34 +0000 (14:27 -0500)]
Add MdsalRealm information to README.md
Add caveats about the new MdsalRealm to the AAA README. Point
out the current state and the future work involved to get
MdsalRealm in production shape.
Change-Id: I55016467e37f00c14d4ade2b8c113032c6c9a6a8
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 14 Nov 2017 16:49:17 +0000 (11:49 -0500)]
mdsalrealm based on shiro
Adds basic support for MdsalRealm, a realm which authenticates
using information from the "authentication" container in the
"aaa.yang" model. MdsalRealm still isn't enabled OOB.
aaa endpoints are protected by allowing access to admin role only.
Change-Id: I3a6423e28c0e14764d172698aa4d67d0ec472379
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Fri, 17 Nov 2017 14:15:56 +0000 (14:15 +0000)]
Merge "AAA-149: migrate ServiceProxy to the correct package name"
Mohamed El-Serngawy [Fri, 17 Nov 2017 14:15:28 +0000 (14:15 +0000)]
Merge "Rid AAA source of binary images"
Ryan Goulding [Thu, 16 Nov 2017 19:46:22 +0000 (14:46 -0500)]
Collapse aaa feature repositories
AAA advertises two feature repositories. Historically, this was done based
on the fact that it was hoped to pull out a ton of the stuff surrounding
non-shiro implementation in downstream distributions by just discluding the
non-shiro feature repository. However, it appears that this has limited use,
and primarily serves as a distraction. Furthermore, there are more
intelligent ways to perform such an operation.
The first part of this change renames the "authn" module to "aaa", because
the contained features repository is "features-aaa" and is not specific
to authentication.
The second part moves odl-aaa-shiro to the aaa module. This is done in
preparation to remove features-aaa-shiro, which will no longer be offered.
features-aaa-shiro still contains the odl-aaa-shiro feature for now.
After all downstreams are migrated to utilize features-aaa instead, it
will be completely removed as a module. This is a multistep process and
should not affect downstream consumers.
Change-Id: Ie084b622b1e58c661fee910e85a204436bf23f3e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 16 Nov 2017 14:26:59 +0000 (09:26 -0500)]
AAA-149: migrate ServiceProxy to the correct package name
This migrates ServiceProxy to the correct package. AAA-149 is
being done in several small steps in order to ensure that the
changes do not affect downstream consumers. This change was
tested against NETCONF to ensure there was no downstream
breakages (which makes sense since NETCONF does not directly
manipulate ServiceProxy and actually only affects it through
AAA code).
Change-Id: If142f4fe1ddc91cf844fb8d0ca3a6496f0828efd
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 16 Nov 2017 18:22:39 +0000 (13:22 -0500)]
Rid AAA source of binary images
From long ago we referenced some images in our README.md and directly
stored them in source. Thats a bad idea for a number of reasons. This
simply gets rid of the references to the one remaining image and the
source/output graphics that were stored in source. If we want them back,
we can figure out a way to upload them to somewhere more appropriate.
The one existing accurate diagram, direct_authn.png, was really simple
to understand anyway. If we want, we can restore it somewhere new,
put it in ascii-art, or just describe it better. Also, it is probably
better to consolidate that sort of information in the docs project.
Change-Id: I104c32eb844cf4031f26f6108aeb8b98d13b9401
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:30:25 +0000 (15:30 +0000)]
Merge "AAA-149 migrate Handler classes to correct package"
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:26:59 +0000 (15:26 +0000)]
Merge "Remove unused graphics"
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:26:20 +0000 (15:26 +0000)]
Merge "Fix compile time warnings in aaa-shiro-act"
Ryan Goulding [Thu, 16 Nov 2017 13:32:34 +0000 (08:32 -0500)]
AAA-149 migrate Handler classes to correct package
Migrate the *Handler classes to the right package, along with
the corresponding tests.
Change-Id: I1e01f4bfec298fb81376a8ea9f8bc8927c44f4b1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:56:49 +0000 (10:56 -0500)]
Fix compile time warnings in aaa-shiro-act
The init/close methods in the Provider for aaa-shiro-act are called via
blueprint, but IntelliJ and other IDEs do not recognize our custom blueprint
path (src/main/resources/org/opendaylight/blueprint). Thus, we get a ton
of annoying warnings about unused init/close methods. This fixes the issue
for aaa-shiro-act.
Change-Id: Iefd1aa44bf85c9e073d080c9293c325da82b3c33
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:52:46 +0000 (10:52 -0500)]
Fix weird formatting in blueprint.xml file
aaa-shiro-act had an empty bean definition so I fixed the notation to use
self-enclosed xml. This is just cleaner and was really bothering me :).
Change-Id: I8a08ffbb338f935e6db0800a05bc8867b789f090
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:47:21 +0000 (10:47 -0500)]
Remove unused graphics
Previously referenced in the README, but now are no longer applicable.
These graphics depicted sssd plugin which was removed many releases ago.
Furthermore, graphics really don't belong in source (i.e., git).
Change-Id: If78bc55f6ee6b42e6abb28df356baa9aeda122f6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed ElSerngawy [Sun, 1 Oct 2017 20:17:37 +0000 (16:17 -0400)]
Refactor AAA datastore & add datastore change functionality
Moving h2 store bundle to aaa-shiro bundle and
add the option to switch between data stores
Change-Id: I4a3ce831eecae4c1382852fc004149da3abe6d57
Signed-off-by: Mohamed ElSerngawy <m.elserngawy@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:33:25 +0000 (15:33 -0500)]
Remove stale documentation
README.md contained some references to installing the filter as
a ContainerRequestFilter. Now, we actually use a regular
javax.servlet.Filter, so this documentation is out of date.
This patch just removes the stale documentation.
Change-Id: I7a5183f7db0c77e2012c03e754e7428ebab69098
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:17:03 +0000 (20:17 +0000)]
Merge "Revert "Remove felix.dm usage in aaa-filterchain""
Ryan Goulding [Mon, 6 Nov 2017 20:16:53 +0000 (20:16 +0000)]
Merge "Revert "Remove felix.dependencymanager from Shiro POM""
Ryan Goulding [Mon, 6 Nov 2017 20:16:43 +0000 (20:16 +0000)]
Merge "Revert "Remove un-used felix.dm usage from aaa-encrypt-service""
Ryan Goulding [Mon, 6 Nov 2017 20:16:32 +0000 (20:16 +0000)]
Merge "Revert "Remove felix.dm from odl-aaa-shiro feature""
Ryan Goulding [Mon, 6 Nov 2017 20:16:11 +0000 (20:16 +0000)]
Revert "Remove felix.dm usage in aaa-filterchain"
This reverts commit
822554dcc7cfd59034622a0f41df5b25a2ae2520.
Change-Id: I0ea057fa13784849849020906c81add04cebad01
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:16:01 +0000 (20:16 +0000)]
Revert "Remove felix.dependencymanager from Shiro POM"
This reverts commit
8efc8bc00d2cfbd0d983bf36eec578cfddc60c9e.
Change-Id: I1ff4fef8f5c2fb3d1cf5d1e64a944c5c0f5a2f20
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:15:47 +0000 (20:15 +0000)]
Revert "Remove un-used felix.dm usage from aaa-encrypt-service"
This reverts commit
38887453198b93327e7d298ad33dd697c4070b28.
Change-Id: Ic419b0e6f1913da2078799002e9df46b38e67b55
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:09:42 +0000 (20:09 +0000)]
Revert "Remove felix.dm from odl-aaa-shiro feature"
This reverts commit
fb462f2322b4156bb617ac041061612e50420020.
Change-Id: Id236b1ff1c8083e40700518b3255734c60ea4bab
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 19:37:00 +0000 (19:37 +0000)]
Merge "Remove un-used felix.dm usage from aaa-encrypt-service"
Ryan Goulding [Mon, 6 Nov 2017 19:36:47 +0000 (19:36 +0000)]
Merge "Remove felix.dm usage in aaa-filterchain"
Ryan Goulding [Mon, 6 Nov 2017 19:36:40 +0000 (19:36 +0000)]
Merge "Remove felix.dm from odl-aaa-shiro feature"
Michael Vorburger [Mon, 6 Nov 2017 14:18:53 +0000 (15:18 +0100)]
Remove felix.dm from odl-aaa-shiro feature
Change-Id: Ie0024c763af881287770b06fe2e6bf67ed56afad
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 14:16:06 +0000 (15:16 +0100)]
Remove un-used felix.dm usage from aaa-encrypt-service
Change-Id: Ida4af1202ae0c46a07169e7fe0a10ce181c139c3
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 13:44:54 +0000 (14:44 +0100)]
Remove felix.dm usage in aaa-filterchain
Change-Id: Ia25aa964992378fac014273db3f9596d2c28a693
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 13:06:08 +0000 (14:06 +0100)]
Remove felix.dependencymanager from Shiro POM
and remove duplicate artifacts to remove Maven warnings
Change-Id: Ibe5cdb7a6d15365e8fe684d6b77f819f15fa8ba2
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 3 Nov 2017 20:23:20 +0000 (20:23 +0000)]
Merge "remove odl-aaa-authn in favor of odl-aaa-shiro"
Ryan Goulding [Fri, 3 Nov 2017 18:40:12 +0000 (14:40 -0400)]
remove odl-aaa-authn in favor of odl-aaa-shiro
Nothing uses odl-aaa-authn. Remove it since it is just a wrapper
for odl-aaa-shiro since Nitrogen.
Change-Id: I143b036d79da92e02d3bd979a6284971275e7479
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 18:05:46 +0000 (14:05 -0400)]
Bug 8717 Remove the existing non-functional mdsal impl
This implementation was designed by someone who has long since
left the project and has not been maintained since Lithium release
minus minor fixes to service activation and AAA API changes.
It was deprecated last release with:
https://git.opendaylight.org/gerrit/#/c/59189/
This removes the implementation so it cannot be used. We
plan on adding a revamped version of the MDSAL store in
Oxygen timeframe.
Change-Id: I705924aac88ea317e1378fbeee4117f52d5e3904
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 17:58:26 +0000 (13:58 -0400)]
Remove unused concepts from aaa-authn-api
There are several areas of the original aaa-authn-api
that were superfluous and never used. This removes them
to minimize unused LOC, and hopefully improve SONAR scores.
Change-Id: I7eb3c31f8ee0d733f057f587319b2239c55c83ad
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 17:46:52 +0000 (17:46 +0000)]
Merge "Cleanup existing README content"
Ryan Goulding [Fri, 3 Nov 2017 17:46:35 +0000 (17:46 +0000)]
Merge "Remove ClientService implementation"
Ryan Goulding [Fri, 3 Nov 2017 17:13:19 +0000 (13:13 -0400)]
Cleanup existing README content
More content will be added later, this just fixes
what is there now.
Change-Id: Id9ee61aecc79685986ec26d1e6a38219e16de980
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 16:38:55 +0000 (12:38 -0400)]
Remove innacurate information in README
The README contained outdated information referencing
SSSD implementation, which was removed several releases
ago. This removes corresponding advertisement to remain
truthful and accurate to our users.
Change-Id: I80845c738ca1291707b8b1fffd32f6765da676a0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 16:34:43 +0000 (12:34 -0400)]
Remove ClientService implementation
ClientService was added a long time ago by contributors no
longer on the project, and has no known upstream users. Instead,
operators should create a service user using the idm endpoints.
This removes the default ClientService implementation since
it is unused.
Change-Id: Ic7fc5fc9aece532d7cdd754e9aa8f37f9ed1fc35
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 15:11:12 +0000 (11:11 -0400)]
cleanup shiro features formatting
Cleanup the shiro features prior to jersey2 migration.
The actual dependency logic will be resolved in the upgrade.
Change-Id: Iee9f23ae8def0d080ae8086749573c71a5400186
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 15:07:08 +0000 (11:07 -0400)]
Cleanup aaa-shiro/impl pom
Prior to the jersey2 upgrade, clean up the pom from a
formatting perspective. Dependencies will be cleaned
up during the migration to jersey2.
Change-Id: I5c7d024f7c815c8860af6eb116ad4b9d4232c03b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Tomas Cere [Tue, 24 Oct 2017 12:26:50 +0000 (14:26 +0200)]
BUG-9261: add PKIUtil decrypt overloads for StringReader
Change-Id: If22b57e300873211887deb9b0eb718b5482b764c
Signed-off-by: Tomas Cere <tcere@cisco.com>
Ryan Goulding [Thu, 12 Oct 2017 16:21:32 +0000 (12:21 -0400)]
Remove unused pom properties
Change-Id: Ia05f780948dcedbbc9958a16fdd567264dfb8028
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Wed, 27 Sep 2017 13:35:01 +0000 (15:35 +0200)]
Bump odlparent 2.0.4 to 2.0.5
Change-Id: Ice0bf02276a15a30fd98338f91591eb1f203aaa2
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Anil Belur [Thu, 28 Sep 2017 03:11:41 +0000 (13:11 +1000)]
Bump aaa to use yangtools 1.2.0
Jira: releng-485
Change-Id: Icbb236dbce466a396ffd8960437116db3935a544
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Wed, 27 Sep 2017 13:07:38 +0000 (13:07 +0000)]
Merge "Move idmlight bundle to aaa-shiro bundle"
Mohamed ElSerngawy [Fri, 28 Jul 2017 20:52:02 +0000 (16:52 -0400)]
Move idmlight bundle to aaa-shiro bundle
Moving idmlight to shiro bundle and adjust
odl-aaa-shiro feature dependenies.
Change-Id: I1d750a1012aa2e8d29e489e03994672c871dd784
Signed-off-by: Mohamed ElSerngawy <m.elserngawy@gmail.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Code Review / aaa.git / log