David [Thu, 9 Mar 2017 16:35:47 +0000 (17:35 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-idpmapping
- Copyright sections
- Line lengths
- Formatting
- Order of modifiers
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- Enforcement in pom.xml
Change-Id: I606be4addc6474c965d4e88aa9ef48605973a83c
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
David [Thu, 9 Mar 2017 00:18:36 +0000 (01:18 +0100)]
Fix issues related to checkstyle enforcement for module aaa-authn-basic
- Line lengths
- Rename method
- Formatting
- Enforcement in pom.xml
Change-Id: I0bd8e27d2abeb1315b1c5fc2925c8e0db2f726fa
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
David [Wed, 8 Mar 2017 23:19:54 +0000 (00:19 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn-api
- Copyright sections
- Line lengths
- Remove public modifier from interface methods
- Exception catching
- Rename paramaters and variables
- Group overloaded methods
- Enforcement in pom.xml
Change-Id: I6860af7d863e84bf317c7d261294b03527d29e32
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Thu, 9 Mar 2017 00:14:58 +0000 (00:14 +0000)]
Merge "Fix issues related to checkstyle enforcement for module aaa-authn"
Ryan Goulding [Wed, 8 Mar 2017 03:36:58 +0000 (03:36 +0000)]
Merge "Better error message if null encryptSalt"
Michael Vorburger [Tue, 7 Mar 2017 23:32:47 +0000 (00:32 +0100)]
Better error message if null encryptSalt
If hit this in a (Karaf 4...) SFT:
[Blueprint Extender: 1] ERROR
org.apache.aries.blueprint.container.ServiceRecipe - Error retrieving
service from ServiceRecipe[name='.component-1']
org.osgi.service.blueprint.container.ComponentDefinitionException: Error
when instantiating bean encryptService of class
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl
at
org.apache.aries.blueprint.container.BeanRecipe.wrapAsCompDefEx(BeanRecipe.java:361)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstanceFromType(BeanRecipe.java:351)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:282)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:830)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:811)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:62)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:285)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:252)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.internalCreate(ServiceRecipe.java:149)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:255)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:186)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:724)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:411)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:276)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_121]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.container.ExecutorServiceWrapper.run(ExecutorServiceWrapper.java:106)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.utils.threading.impl.DiscardableRunnable.run(DiscardableRunnable.java:48)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_121]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)[:1.8.0_121]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)[:1.8.0_121]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
Caused by: java.lang.NullPointerException
at
java.util.StringTokenizer.<init>(StringTokenizer.java:199)[:1.8.0_121]
at
java.util.StringTokenizer.<init>(StringTokenizer.java:221)[:1.8.0_121]
at
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl.getEncryptionKeySalt(AAAEncryptionServiceImpl.java:152)[131:org.opendaylight.aaa.encrypt-service:0.5.0.SNAPSHOT]
at
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl.<init>(AAAEncryptionServiceImpl.java:49)[131:org.opendaylight.aaa.encrypt-service:0.5.0.SNAPSHOT]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)[:1.8.0_121]
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)[:1.8.0_121]
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)[:1.8.0_121]
at
java.lang.reflect.Constructor.newInstance(Constructor.java:423)[:1.8.0_121]
at
org.apache.aries.blueprint.utils.ReflectionUtils.newInstance(ReflectionUtils.java:331)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.newInstance(BeanRecipe.java:984)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstanceFromType(BeanRecipe.java:349)[14:org.apache.aries.blueprint.core:1.6.2]
... 30 more
Change-Id: I37ddaa7a9f9883f7106e68dd7725f7dce50d55d5
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
David [Wed, 8 Mar 2017 00:29:36 +0000 (01:29 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn
Many changes, but all minor:
- Line lengths
- Lexicographic order for imports
- Declaration of constants: name, modifiers
- Formatting
- JavaDoc format
- Rename variables
- Move declaration of variables closer to their use
- Exception catching
- Enforcement in pom.xml
Change-Id: I6c8ec4da77874a5c0eb54d0849677c770b6580a0
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Michael Vorburger [Tue, 7 Mar 2017 23:19:53 +0000 (00:19 +0100)]
Fix NPE in H2TokenStore updateConfigParameter
seen in SingleFeatureTest (SFT) running under Karaf 4
maybe under Karaf 3 this was never called with null, but under 4 it is
Change-Id: Ie773ee79c4ffa6b7ca1a08d9ea42c0cf014315a9
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Tue, 7 Mar 2017 22:44:42 +0000 (22:44 +0000)]
Merge "Replace project-specific checkstyle by odlparent's"
matthieu cauffiez [Fri, 3 Mar 2017 21:32:05 +0000 (16:32 -0500)]
Fix null pointer Exception during unit tests
Put all aaaProcider tests function into one test function
Change-Id: I3cf85c4e3dcc14643b5700f6e38f0c86c5ea854c
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
matthieu cauffiez [Fri, 3 Mar 2017 18:20:58 +0000 (13:20 -0500)]
Fix aaa-cert unit tests
Base on patch https://git.opendaylight.org/gerrit/#/c/47855/
Reorganize tests of AaaCertProviderTest.
Update the certificate due to the expiry date.
Change-Id: I48d20180a4c808fc3c434f441a413c42c11ece75
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
David [Fri, 3 Mar 2017 14:21:49 +0000 (15:21 +0100)]
Replace project-specific checkstyle by odlparent's
This change replace the project-specific checkstyle rules by the common
ones defined in odlparent's pom.xml as other projects have already done
(Netvirt, Genius, etc.). The actual enforcement of the checkstyle rules
are applied on a per-module-basis in their own pom.xml by adding the
following section to the maven-checkstyle-plugin:
<configuration>
<propertyExpansion>checkstyle.violationSeverity=error</ropertyExpansion>
</configuration>
I have commented the checkstyle enforcement of some current modules to
do this enforcement process in a progressive way by solving the
checkstyle issues module by module. I'll rise separate commits for
those modules soon.
Change-Id: I7fcb069c6abd6814a5a2d7269d178c85e97c01c2
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Jaime Caamaño Ruiz [Tue, 7 Feb 2017 18:14:50 +0000 (19:14 +0100)]
Enable keystone authentication
Add Keystone authentication support through a new Shiro realm:
KeystoneAuthRealm.
At this point only Basic Authentication is supported. The user
credentials support the format user@domain to specify a domain.
The authentication is 'unscoped'.
For SSL verification in the https handshake with keystone
endpoint, SSL context provided by odl-aaa certificate manager
is used. Jersey v1 is used as HTTP client and Jackson v2 for the
serialization.
The following parameters are configurable through shiro.ini for this
realm:
- url: The endpoint url for Keystone instance (API v3), can be http
or https.
- sslVerification: if url is https, whether to perform ssl
verification.
- defaultDomain: if no domain is available through the provided
credentials, this default domain will be used. Defaults to 'Default'.
Change-Id: Ifcf5e6252fb8884adbe4127c63b04a28f263d02b
Signed-off-by: Jaime Caamaño Ruiz <jaime.caamano.ruiz@ericsson.com>
Mohamed El-Serngawy [Wed, 1 Mar 2017 22:00:00 +0000 (22:00 +0000)]
Merge "Minor changes"
Thanh Ha [Wed, 1 Mar 2017 20:14:45 +0000 (15:14 -0500)]
Add missing <name> fields for pom.xml files
This is used by autorelease scripts to automatically parse which project
is failing a build and report to the mailing list automatically. We need
names in the format:
ODL :: <groupId> :: <artifactId>
This patch formats in the same format as found in the startup archetypes
patch found here: https://git.opendaylight.org/52522
Change-Id: I5208b32cc45c96d85d27a477fc7b289d8cb4b06b
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
David [Tue, 28 Feb 2017 23:25:08 +0000 (00:25 +0100)]
Minor changes
- Reorder modifiers
- Private constructor to avoid instantiation
Change-Id: I201648759962387c40e8f62960db16e530612e70
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Fri, 17 Feb 2017 13:44:25 +0000 (13:44 +0000)]
Merge "Add get TLS protocols command"
Robert Varga [Fri, 17 Feb 2017 08:27:27 +0000 (09:27 +0100)]
BUG-7767: Enlarge jetty.servlets import range
This import is used by web.xml only, hence it can serve both
8.1 and 9.2 versions of jetty.
Change-Id: Ic28b6114c4dd5cb356376238002d84086afe7c8f
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Thu, 16 Feb 2017 12:48:04 +0000 (13:48 +0100)]
Do not pull in both jetty and war features
Confusion over versioning means that we should not pull the
war feature now, only jetty.
Change-Id: Ib098a465e1281bb7e21772f0a21bb9b1b8072453
Signed-off-by: Robert Varga <rovarga@cisco.com>
Vratko Polak [Wed, 15 Feb 2017 17:37:24 +0000 (18:37 +0100)]
Compile-time dependencies matter
Not sure whether this is a proper fix,
but right now distribution karaf4 patch
fails while SFT on odl-restconf due to not seeing aaa-idmlight:py:config
See [0] when it is downloaded only after SFT failures happen.
[0] https://logs.opendaylight.org/releng/jenkins092/distribution-verify-carbon/21/console.log.gz
Change-Id: I8ea38ee5c011aba7de7e0afcb63b85cfc453e3e8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
melserngawy [Fri, 3 Feb 2017 22:28:16 +0000 (17:28 -0500)]
Add get TLS protocols command
Get TLS protocol command will show the allowd
tls protocols at aaa-cert bundle configuration
Change-Id: Ib10c9f72b2826ad404fbe29da29da85e68604245
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Stephen Kitt [Mon, 13 Feb 2017 17:25:07 +0000 (18:25 +0100)]
Jetty 9.2: pull in h2 using odlparent DM
odlparent's dependency management now handles h2, delegate to that.
Change-Id: Iad7a7bd6c94529ff4c3c3a916c1c9ba9ed32a548
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Robert Varga [Thu, 9 Feb 2017 16:25:31 +0000 (17:25 +0100)]
Switch to using jetty proxy feature
This switches to odlparent-provided jetty feature,
allowing us to have a centralized version.
Change-Id: I3f1206b78c3d7243dc03a1e5f61545517e088708
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Thu, 9 Feb 2017 14:45:10 +0000 (15:45 +0100)]
Use jdbc/war features
Now that we have proxies to depend on for bringing in core
karaf features, use them to not pull in org.osgi.enterprise.
Change-Id: I18d9135a40ab670668826094162c0041184a4298
Signed-off-by: Robert Varga <rovarga@cisco.com>
Ryan Goulding [Thu, 9 Feb 2017 14:43:50 +0000 (14:43 +0000)]
Merge "Revert "Fix the package name""
Ryan Goulding [Thu, 9 Feb 2017 14:42:58 +0000 (14:42 +0000)]
Revert "Fix the package name"
This reverts commit
4e55dcea3727f6027a021c332fe831d9556bf322.
Change-Id: I122f866ac6b7ab73f065b857085c364c9f72f148
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 9 Feb 2017 14:09:15 +0000 (14:09 +0000)]
Merge "Bug 7663: Replace FindBugs :jsr305 by full :annotation in features-aaa-shiro"
Ryan Goulding [Thu, 9 Feb 2017 14:08:56 +0000 (14:08 +0000)]
Merge "Fix the package name"
Ryan Goulding [Thu, 9 Feb 2017 02:54:23 +0000 (02:54 +0000)]
Merge "Remove felix.dependencymanager from aaa-shiro & aaa-shiro-act"
Michael Vorburger [Wed, 8 Feb 2017 23:39:33 +0000 (00:39 +0100)]
Remove felix.dependencymanager from aaa-shiro & aaa-shiro-act
This fixes the following bug raised on #opendaylight today:
(06:13:17 CET) ***rovarga gets a rash whenever felix DM surfaces
Change-Id: I4278d32cd32320bdabd44a650db4c7c36bb96a0e
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 8 Feb 2017 18:29:20 +0000 (19:29 +0100)]
Remove felix.dependencymanager from aaa-h2-store
This makes life easier for my friends working hard on the Karaf 4 mig.
The switch of Import-Package from explicit list to exclusion list is
indirectly related; I may also have been possible to leave that as is
and just remove "org.apache.felix.*" from that list, but flipping this
around like this seems much better, to me.
Change-Id: I0ee3d3765db9d4ec466939b4862a38d957cdb451
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 8 Feb 2017 21:10:40 +0000 (22:10 +0100)]
Bug 7663: Replace FindBugs :jsr305 by full :annotation in features-aaa-shiro
I suspect (but don't have prove yet) that this may be the reason
why SFT failed on use following the merge of the odlparent change
replacing :jsr305 by :annotation; this is the *ONLY* place in
ALL of autorelease where I could still find a reference left..
see also https://git.opendaylight.org/gerrit/#/c/50904/
Change-Id: I09aaa0d57634ef632f65634f1f283b09075dd9fb
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Stephen Kitt [Tue, 7 Feb 2017 09:50:51 +0000 (10:50 +0100)]
Bump org.osgi.enterprise dependency to 5.0.0
This appears to fix some LinkageErrors we're seeing now.
Also rely on transitive dependency analysis to pull in Felix OSGi
dependencies.
Change-Id: Icb1f16c77a3a2fc5c6b026ced5111d4784d01386
Signed-off-by: Stephen Kitt <skitt@redhat.com>
David Suarez [Fri, 3 Feb 2017 17:33:35 +0000 (18:33 +0100)]
Fix the package name
These files are declared in package org.opendaylight.aaa.shiro.*
instead but they are actually in org.opendaylight.aaa.impl.shiro, so I
moved to their proper package.
This leads to some reorganization in imports, which I think it is good
for checkstyle if we finally enforce it.
Change-Id: I49486fed6862b600810a475cb9847a49cf4e007d
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Stephen Kitt [Fri, 3 Feb 2017 09:09:30 +0000 (10:09 +0100)]
Karaf 4: remove aaa-cli4
aaa-cli can be easily fixed to work with both Karaf 3 and 4; doing
this means we can drop the duplicated aaa-cli4 entirely.
Change-Id: I73fb4de50c9d5a71502e2125cf9f45a526474ca6
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Stephen Kitt [Wed, 11 Jan 2017 15:46:42 +0000 (16:46 +0100)]
BUG-7527: provide Karaf 4 features
Some oddities in this patch:
* aaa-shiro pulls in commons-beanutils, which has an optional
dependency on commons-collections; this doesn't cause any problems
with Karaf 3, but fails on Karaf 4 (so I've added an explicit
dependency on commons-collections)
* aaa-idmlight's "provided" jetty-servlets causes containing features
to fail to load, so I've added a dependency on Karaf's jetty feature
aaa-cli is duplicated as aaa-cli4 for Karaf 4, otherwise we end up
with a failure loading odl-aaa-cli since the bundle has a strong
dependency on Karaf 3. This is temporary, we'll remove aaa-cli4 once
the Karaf 4 migration is done.
Change-Id: Ic5bd817075f55dc3ccc7779b35e9d329e14de088
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Thu, 26 Jan 2017 17:51:03 +0000 (12:51 -0500)]
Updates to the README based on the newly added authorization engine
In a separate commit, the MDSALDynamicAuthorizationFilter was debuted
to allow dynamic creation of http authorization rules. This is the
corresponding documentation changes which briefly explain the new
mechanism and how it is used.
Change-Id: I7d8d5bc7691bc19ed0943d8ac1b85aa6f16b57b9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 19 Jan 2017 01:18:58 +0000 (20:18 -0500)]
Addition of dynamic http authorization based on particular http operations
In the past, shiro.ini has been used to configure URL based authorization
through the RolesAuthorizationFilter. This is a bit messy for two main
reasons:
1) The urls are expected to be relative to the servlet context. This sucks,
since if you are using the same Filter over multiple contexts, the servlet
context part of the URL is chopped off. Thus, there are chances for
ambiguity through configuring through shiro.ini
2) The rules can only be recognized on system startup-- they are not dynamic.
This adds a model to add in rules for protecting REST urls. Future
revisions of the model will provide black/white lists etc. For now, this
just provides Role Based Access Control (RBAC).
Change-Id: I1f1ce957a43eb7f7eba69cab74a65ed653ab1832
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Tue, 31 Jan 2017 13:09:48 +0000 (14:09 +0100)]
Remove bad manifestLocation from maven-bundle-plugin
Change-Id: I70dba19090471c7748e292888ab179b63d7c8518
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 27 Jan 2017 02:34:21 +0000 (02:34 +0000)]
Merge "Check for empty cipher suites"
Ryan Goulding [Thu, 26 Jan 2017 18:49:13 +0000 (18:49 +0000)]
Merge "Replace FindBugs :jsr305 by full :annotation (Bug 7663)"
melserngawy [Wed, 25 Jan 2017 21:57:21 +0000 (16:57 -0500)]
Check for empty cipher suites
Check for empty cipher suites name
Change-Id: Ibb27d0cd713cbfb89d998d5e27c275aae9c77037
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:13:29 +0000 (15:13 -0500)]
Remove the aaa-authn-idpmapping bundle from AAA features
Remove the aaa-authn-idpmapping bundle as it will be deprecated
Change-Id: Ie4d2ba06be63764c2a46d9280bfe2293e481409a
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Michael Vorburger [Mon, 23 Jan 2017 20:05:31 +0000 (21:05 +0100)]
Replace FindBugs :jsr305 by full :annotation (Bug 7663)
Change-Id: Ia516435ad9a3c516c43a994bed21e4cca4f22e36
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Mon, 23 Jan 2017 20:12:09 +0000 (20:12 +0000)]
Merge "Replace mockito-all by mockito-core (see Bug 7662)"
Michael Vorburger [Mon, 23 Jan 2017 18:48:47 +0000 (19:48 +0100)]
Replace mockito-all by mockito-core (see Bug 7662)
Change-Id: I17d21518f12305c63eae0b901546fc4e4c851368
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Mon, 23 Jan 2017 18:44:34 +0000 (18:44 +0000)]
Merge "Add ODLPrincipal to API so it is exposed for outside use"
Ryan Goulding [Mon, 23 Jan 2017 18:40:33 +0000 (18:40 +0000)]
Merge "Add list users, roles and domains CLI"
Ryan Goulding [Thu, 19 Jan 2017 21:02:03 +0000 (16:02 -0500)]
Add ODLPrincipal to API so it is exposed for outside use
A recent request in the mailing list was to expose ODLPrincipal
for use from other contexts. This will also be useful for when
the MDSALRealm is added, which will also utilize ODLPrincipal
constructs.
Change-Id: Ic2b4bc9646f50a6fb2e2e1d43b814d2bc4e8c1f1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 14 Dec 2016 18:47:17 +0000 (13:47 -0500)]
Add list users, roles and domains CLI
Add list users, roles and domains CLI
It will help to manage the ODL aaa data model.
Change-Id: I5ceac9a118d7519ca500e84f5e212486cb3e30d2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:05:03 +0000 (14:05 -0500)]
Remove the odl-aaa-sssd-plugin feature
Remove the odl-aaa-sssd-plugin feature as the bundle
will be deprecated and we moving to use shiro framework
Change-Id: Ie0965e3228ffe1d02251418ce4852c9538666c6c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Stephen Kitt [Thu, 19 Jan 2017 14:02:32 +0000 (15:02 +0100)]
Use Java 8's Base64 instead of Jersey's or Apache Commons'
Java 8 includes a Base64 decoder and encoder; using that allows us to
drop dependencies on Jersey and Apache Commons Codec.
Change-Id: Ibc1cea40c67e349b285d457974e20506cbad3af4
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:15:01 +0000 (14:15 -0500)]
Add aaa-authn-mdsal-store-impl config artifact to feature dependancy
The aaa-authn-mdsal-store-impl/config/xml artifact was missing in
authn-feature dependancy.adding it and clean up the POM file.
Refer to the comment at https://git.opendaylight.org/gerrit/#/c/49163/
Change-Id: I98ad643ae72c621500d59f897a6ccea326126cf5
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:33:16 +0000 (19:33 +0000)]
Merge "Remove the broken aaa-authz module and corresponding models"
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:29:13 +0000 (19:29 +0000)]
Merge "Remove dead Activator code"
Ryan Goulding [Fri, 13 Jan 2017 20:14:41 +0000 (15:14 -0500)]
Remove the broken aaa-authz module and corresponding models
aaa-authz no longer works. The service was originally designed as a DataBrokerFacade
to aid in MD-SAL based authorization. This should be considered again in the future,
but for now we are removing this functionality since it is broken and could cause
confusion. Since the mechanism currently doesn't work, we feel it is better to
completely remove the feature rather than deprecate something that doesn't do anything.
To get HTTP based authorization, Shiro integration is recommended. This is explained
in etc/shiro.ini, as well as upstream in Shiro documentation.
Change-Id: I6c822860e9b28a9577eb88c87c7c10120e4c9a97
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 18 Jan 2017 00:30:33 +0000 (00:30 +0000)]
Merge "Remove unused Realms"
Ryan Goulding [Wed, 18 Jan 2017 00:30:20 +0000 (00:30 +0000)]
Merge "Just clean up some log messages and remove unnecessary code"
Ryan Goulding [Wed, 18 Jan 2017 00:02:42 +0000 (19:02 -0500)]
Remove unused Realms
These were never implemented, and the person interested in implementing them
has left the project. These can easily be re-added in the future.
Change-Id: I89709c633cbe0af809db7a31e5acb0e6f5ff95bf
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 18 Jan 2017 00:00:50 +0000 (19:00 -0500)]
Just clean up some log messages and remove unnecessary code
Change-Id: If67440d7bdd9993614cc9923060512edbc667c85
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 17 Jan 2017 22:55:04 +0000 (17:55 -0500)]
Remove dead Activator code
aaa-shiro is now activated by Aries Blueprint as of:
https://git.opendaylight.org/gerrit/#/c/50077/
This change removes the dead Activator code that was associated with loading
this bundle via standard felix conventions. The Activator essentially only
provided logging messages, which are now propagated by the AAAShiroProvider.
Change-Id: Ie840736b8ee1268456b84353d6add574ac92e130
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 17 Jan 2017 22:50:55 +0000 (17:50 -0500)]
Remove an unused public constant
Change-Id: I5793fe8a3ddf2f7adab08bdae04c89118c589b9f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 17 Jan 2017 20:21:49 +0000 (20:21 +0000)]
Merge "Update README.md to current status of AAA project"
Mohamed El-Serngawy [Tue, 17 Jan 2017 20:20:43 +0000 (20:20 +0000)]
Merge "Migrate aaa-shiro to utilize archetype setup"
Ryan Goulding [Tue, 17 Jan 2017 19:50:07 +0000 (19:50 +0000)]
Merge "Fix Md-SAL store configuration"
Ryan Goulding [Tue, 17 Jan 2017 19:49:25 +0000 (19:49 +0000)]
Merge "Add CLI for managing aaa data model"
Ryan Goulding [Thu, 5 Jan 2017 20:52:47 +0000 (15:52 -0500)]
Migrate aaa-shiro to utilize archetype setup
This change addresses the fact that the archetype was not used to
create the aaa-shiro module. This is due to the fact that it was
much heavier weight than what was needed at the time. However,
utilization of the archetype does allow for many advantages including:
1) Explicit separation of api and impl into two separate locations.
Since prior to this change mostly Apache Shiro abstractions were used
instead of homegrown ones, this wasn't particularly useful. However,
with aaa-shiro growing, this is becoming increasingly necessary.
2) Dependence on config-parent for bundles. This gets us a lot for
free, including genericizising on best practices.
3) The possibility to create aaa-shiro features/karaf/IT/commands more
easily. For now, this patch comments out the features & karaf
section as they are pretty much duplicates of the existing top-level
odl-aaa-shiro feature which is already defined. In the future, it
would be nice to enumerate some of the archetype-oriented features:
- ui
- rest
- api
This change is mostly cleaning up and preparing for expansion of the
aaa-shiro bundle. Existing functionality was stuck in the aaa-shiro module,
but the package names were not updated to utilize impl. Likewise, the module
is called "aaa-shiro" and not "aaa-shiro-impl" since other projects already depend
on the former name. The package names were not updated to utilize impl
as the names are used in configuration of the module itself, and
changing them would cause forwards/backwards compatibility issues. In the future,
we may want to move them but provide existing classes that extend the impl ones.
Change-Id: I16f1efed8b83e764362ae6d19b0a69d1b1c6cbec
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 17 Jan 2017 18:36:46 +0000 (18:36 +0000)]
Merge "Add TLS protocol configuration"
Mohamed El-Serngawy [Mon, 16 Jan 2017 21:57:35 +0000 (16:57 -0500)]
Add TLS protocol configuration
Add the the supported TLS protocols as configuration
to the certificate manager service to be same across
all the tls communications
Change-Id: Ie42344e20ff43dba21b42e58fb141e2871a925f1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 17 Jan 2017 15:58:11 +0000 (10:58 -0500)]
Update README.md to current status of AAA project
A much needed cleaning of the AAA README.md file. This is not
perfect, but it is much more accurate than the existing file.
This can be enhanced more in the future, although the proper docs
are also a great resource.
Change-Id: I3e657b963c2617ae92094ae8943a904fbd395e61
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 14 Dec 2016 22:29:20 +0000 (17:29 -0500)]
Add CLI for managing aaa data model
Add CLI commands to add and remove aaa data model
users,roles, domain and grants. It also authorize
the admin users only to be able to manage aaa.
Change-Id: Ia34901dcced7603bbdcfd6fa5afcfa9a283e8ed2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 8 Dec 2016 21:19:23 +0000 (16:19 -0500)]
Fix Md-SAL store configuration
add aaa-mdsal-config.xml file to make the md-sal datastore
configuration editable by the end user.
Change-Id: I0861046a1b5644f8c3ecaa3aa9bb5b6432ec9ca5
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Fri, 13 Jan 2017 20:45:58 +0000 (15:45 -0500)]
Update README surrounding accounting
Accounting has been greatly improved since the Beryllium release with
the AuthenticationListener implementation. This updates the README
for accounting only. Further updates will be submitted surrounding
Authentication and Authorization prior to release.
This patch is a canddate for master, Boron and Beryllium, and will
add valuable information for users of each of these releases.
Change-Id: I6f7bc6ce6a4d178eb7c00810102795d8c8b9c987
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 13 Jan 2017 20:20:48 +0000 (15:20 -0500)]
Remove cassandra based store
This is dead code, since there appears to be no way to configure cassandra as
the default backing data store. Thus, the code exists, but is never instantiated.
Even the feature "odl-aaa-cassandra*" does not properly load the cassandra based
backing data store.
Since the feature doesn't appear to work or add anything extra, it is being removed.
We are providing an alternative dropin backed by mdsal instead, which should
be used instead.
Change-Id: I30c5231753544b170fb05bb461734cbc34efec8a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Hideyuki Tai [Fri, 13 Jan 2017 02:22:24 +0000 (02:22 +0000)]
Added aaa-h2-store bundle.
The artifact "aaa-h2-store:cfg:config" is needed by the feature
odl-aaa-authn-cassandra-cluster. However, the dependency information for
that was mistakenly removed.
Change-Id: Ia6aab62dcc30fc9eb525626b389e6a5097e25342
Signed-off-by: Hideyuki Tai <Hideyuki.Tai@necam.com>
Ryan Goulding [Thu, 12 Jan 2017 16:33:27 +0000 (16:33 +0000)]
Merge "Remove the aaa-authn-federation bundle"
Ryan Goulding [Thu, 12 Jan 2017 16:29:53 +0000 (16:29 +0000)]
Merge "Deprecate aaa-cassandra-store bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:49:24 +0000 (14:49 -0500)]
Remove the aaa-authn-federation bundle
As we deprecate aaa-authn-federation bundle remove it from
aaa feature
Change-Id: I48bf775a23c8a1a1d52013300b662a4becf7e77c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Wed, 11 Jan 2017 18:46:42 +0000 (13:46 -0500)]
Remove RBAC rule implementation
RBAC rules were a concept that existed to automatically restrict some endpoints. However,
they were not terrible useful and not mutable. The point was to just restrict a
certain subset of endpoints for security purposes (i.e., the IdM endpoints).
This change removes unused concepts and makes a few minor fixes to existing code:
* make local vars final when appropriate
* better logging
* utilize File.separator instead of hardcoding "/"
Change-Id: If3a1f100e8a2b265be71cfb4722b64c76aacad34
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 10 Jan 2017 18:57:49 +0000 (13:57 -0500)]
Deprecate aaa-cassandra-store bundle
Deprecate aaa-cassandra-store bundle classes
as we are cleaning up aaa project
Change-Id: Ic4ef01600d73c4e9adac0052edd802f70532c325
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 3 Jan 2017 16:42:55 +0000 (16:42 +0000)]
Merge "Deprecat aaa-authn-idpmapping bundle"
Tom Pantelis [Fri, 23 Dec 2016 15:05:00 +0000 (10:05 -0500)]
Fix missing aaa-h2-store:cfg in dist builds
Added the cfg file as a dependency in he fearures pom.
Change-Id: Ie1726b1ac01acb4c142292c6b4223c5ea23dabd4
Signed-off-by: Tom Pantelis <tpanteli@brocade.com>
Ryan Goulding [Thu, 22 Dec 2016 20:20:33 +0000 (20:20 +0000)]
Merge "Deprecate aaa-authn-store bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:20:16 +0000 (20:20 +0000)]
Merge "Deprecate the authz model"
Ryan Goulding [Thu, 22 Dec 2016 20:20:11 +0000 (20:20 +0000)]
Merge "Move the default tokenStore service to aaa-h2 bundle"
Ryan Goulding [Thu, 22 Dec 2016 20:19:16 +0000 (20:19 +0000)]
Merge "Deprecate aaa-authn-federation bundle"
Ryan Goulding [Thu, 22 Dec 2016 20:19:05 +0000 (20:19 +0000)]
Merge "Deprecate aaa-authn-sssd bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:08:57 +0000 (15:08 -0500)]
Deprecat aaa-authn-idpmapping bundle
Deprecat aaa-authn-idpmapping bundle as we are using shiro
for federation
Change-Id: I1c7e88cbc72f92562aa2092c49957e0268fae14f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:37:54 +0000 (14:37 -0500)]
Deprecate aaa-authn-federation bundle
Deprecate aaa-authn-federation bundle as we are using
shiro for federation.
Change-Id: I07016fd9e185da4f60f5aef260a14bad540f48ed
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:59:30 +0000 (13:59 -0500)]
Deprecate aaa-authn-sssd bundle
Deprecate aaa-authn-sssd bundle as we will move to use
shiro for federation
Change-Id: Icb01dcee936b35a1e0e95621ff333b424481b279
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:50:50 +0000 (13:50 -0500)]
Deprecate aaa-authn-store bundle
The aaa-authn-store bundle implementation has been
moved to aaa-h2-store bundle to be in consist with
other datastores.
https://git.opendaylight.org/gerrit/#/c/49271/
Change-Id: Ia96b9650e20c4647753c7f9ca26d53c1ad9dd611
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:42:49 +0000 (13:42 -0500)]
Deprecate aaa-credential-store-api bundle
The aaa-credential-store-api bundle only has the yang model
and has no implementation.
Change-Id: I5ad4776ac96bfa3d537321105f4858e8fcacc4aa
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 22 Dec 2016 18:20:23 +0000 (13:20 -0500)]
Deprecate the authz model
The authz model causes confusion in the community; several people want to use
authorization functionality but it was never implemented correctly. The original
contributor has since stopped participating in upstream AAA. The model does not
work correctly.
The AAA team does want to add authz other than shiro based, but this will have to
be handled by severely changing the existing model, such that keeping it around is
quite silly since it never worked properly in the first place.
Change-Id: Id3035ca71ec483e8d8c887179a635439898b7e64
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 21 Dec 2016 22:41:45 +0000 (22:41 +0000)]
Merge "Add MD-SAL authn model to shiro.ini"
Mohamed El-Serngawy [Mon, 12 Dec 2016 20:27:34 +0000 (15:27 -0500)]
Move the default tokenStore service to aaa-h2 bundle
The default tokenStore service exist outside
of the default dataStore bundle aaa-h2. As each
data store has its own tokenStore service, I moved
the default tokenStore to the aaa-h2 bundle to prevent
conflicts with other data stores.
Change-Id: I1cb241a479c5f8d86dcfc032bff4eb955c0561a1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Robert Varga [Tue, 20 Dec 2016 13:02:37 +0000 (14:02 +0100)]
Eliminate dependencies on slf4j-{api,simple}
These are already present in odlparent, no need to repeat
them here.
Change-Id: I367c78b1f8548aa5b5c8d0a590783b073beca27f
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:42:42 +0000 (13:42 +0100)]
Eliminate use of bundle.plugin.version
The plugin has a managed version, remove the dependency
on its version being defined in a property.
Change-Id: I9c3fe7ee9ce11f81edad244c66050eab870af3d5
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:43:20 +0000 (13:43 +0100)]
Remove duplicate dependencies
Cleanup features/shiro/pom.xml to not include
multiple dependency declarations.
Change-Id: I5bdb88523460da2e616ca82a0029db73531199fd
Signed-off-by: Robert Varga <rovarga@cisco.com>
Ryan Goulding [Wed, 14 Dec 2016 22:40:13 +0000 (22:40 +0000)]
Merge "Fix the Password option at cert commands"
Mohamed El-Serngawy [Wed, 7 Dec 2016 21:17:20 +0000 (16:17 -0500)]
Fix the Password option at cert commands
Use the stream input to hide the password characters and use
printstream to print label at the console instead of system.out
Change-Id: Id970d50265f48ebca44732173feb0b27c6ab955f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>