Mohamed El-Serngawy [Fri, 17 Nov 2017 14:15:56 +0000 (14:15 +0000)]
Merge "AAA-149: migrate ServiceProxy to the correct package name"
Mohamed El-Serngawy [Fri, 17 Nov 2017 14:15:28 +0000 (14:15 +0000)]
Merge "Rid AAA source of binary images"
Ryan Goulding [Thu, 16 Nov 2017 19:46:22 +0000 (14:46 -0500)]
Collapse aaa feature repositories
AAA advertises two feature repositories. Historically, this was done based
on the fact that it was hoped to pull out a ton of the stuff surrounding
non-shiro implementation in downstream distributions by just discluding the
non-shiro feature repository. However, it appears that this has limited use,
and primarily serves as a distraction. Furthermore, there are more
intelligent ways to perform such an operation.
The first part of this change renames the "authn" module to "aaa", because
the contained features repository is "features-aaa" and is not specific
to authentication.
The second part moves odl-aaa-shiro to the aaa module. This is done in
preparation to remove features-aaa-shiro, which will no longer be offered.
features-aaa-shiro still contains the odl-aaa-shiro feature for now.
After all downstreams are migrated to utilize features-aaa instead, it
will be completely removed as a module. This is a multistep process and
should not affect downstream consumers.
Change-Id: Ie084b622b1e58c661fee910e85a204436bf23f3e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 16 Nov 2017 14:26:59 +0000 (09:26 -0500)]
AAA-149: migrate ServiceProxy to the correct package name
This migrates ServiceProxy to the correct package. AAA-149 is
being done in several small steps in order to ensure that the
changes do not affect downstream consumers. This change was
tested against NETCONF to ensure there was no downstream
breakages (which makes sense since NETCONF does not directly
manipulate ServiceProxy and actually only affects it through
AAA code).
Change-Id: If142f4fe1ddc91cf844fb8d0ca3a6496f0828efd
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 16 Nov 2017 18:22:39 +0000 (13:22 -0500)]
Rid AAA source of binary images
From long ago we referenced some images in our README.md and directly
stored them in source. Thats a bad idea for a number of reasons. This
simply gets rid of the references to the one remaining image and the
source/output graphics that were stored in source. If we want them back,
we can figure out a way to upload them to somewhere more appropriate.
The one existing accurate diagram, direct_authn.png, was really simple
to understand anyway. If we want, we can restore it somewhere new,
put it in ascii-art, or just describe it better. Also, it is probably
better to consolidate that sort of information in the docs project.
Change-Id: I104c32eb844cf4031f26f6108aeb8b98d13b9401
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:30:25 +0000 (15:30 +0000)]
Merge "AAA-149 migrate Handler classes to correct package"
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:26:59 +0000 (15:26 +0000)]
Merge "Remove unused graphics"
Mohamed El-Serngawy [Thu, 16 Nov 2017 15:26:20 +0000 (15:26 +0000)]
Merge "Fix compile time warnings in aaa-shiro-act"
Ryan Goulding [Thu, 16 Nov 2017 13:32:34 +0000 (08:32 -0500)]
AAA-149 migrate Handler classes to correct package
Migrate the *Handler classes to the right package, along with
the corresponding tests.
Change-Id: I1e01f4bfec298fb81376a8ea9f8bc8927c44f4b1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:56:49 +0000 (10:56 -0500)]
Fix compile time warnings in aaa-shiro-act
The init/close methods in the Provider for aaa-shiro-act are called via
blueprint, but IntelliJ and other IDEs do not recognize our custom blueprint
path (src/main/resources/org/opendaylight/blueprint). Thus, we get a ton
of annoying warnings about unused init/close methods. This fixes the issue
for aaa-shiro-act.
Change-Id: Iefd1aa44bf85c9e073d080c9293c325da82b3c33
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:52:46 +0000 (10:52 -0500)]
Fix weird formatting in blueprint.xml file
aaa-shiro-act had an empty bean definition so I fixed the notation to use
self-enclosed xml. This is just cleaner and was really bothering me :).
Change-Id: I8a08ffbb338f935e6db0800a05bc8867b789f090
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 15 Nov 2017 15:47:21 +0000 (10:47 -0500)]
Remove unused graphics
Previously referenced in the README, but now are no longer applicable.
These graphics depicted sssd plugin which was removed many releases ago.
Furthermore, graphics really don't belong in source (i.e., git).
Change-Id: If78bc55f6ee6b42e6abb28df356baa9aeda122f6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed ElSerngawy [Sun, 1 Oct 2017 20:17:37 +0000 (16:17 -0400)]
Refactor AAA datastore & add datastore change functionality
Moving h2 store bundle to aaa-shiro bundle and
add the option to switch between data stores
Change-Id: I4a3ce831eecae4c1382852fc004149da3abe6d57
Signed-off-by: Mohamed ElSerngawy <m.elserngawy@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:33:25 +0000 (15:33 -0500)]
Remove stale documentation
README.md contained some references to installing the filter as
a ContainerRequestFilter. Now, we actually use a regular
javax.servlet.Filter, so this documentation is out of date.
This patch just removes the stale documentation.
Change-Id: I7a5183f7db0c77e2012c03e754e7428ebab69098
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:17:03 +0000 (20:17 +0000)]
Merge "Revert "Remove felix.dm usage in aaa-filterchain""
Ryan Goulding [Mon, 6 Nov 2017 20:16:53 +0000 (20:16 +0000)]
Merge "Revert "Remove felix.dependencymanager from Shiro POM""
Ryan Goulding [Mon, 6 Nov 2017 20:16:43 +0000 (20:16 +0000)]
Merge "Revert "Remove un-used felix.dm usage from aaa-encrypt-service""
Ryan Goulding [Mon, 6 Nov 2017 20:16:32 +0000 (20:16 +0000)]
Merge "Revert "Remove felix.dm from odl-aaa-shiro feature""
Ryan Goulding [Mon, 6 Nov 2017 20:16:11 +0000 (20:16 +0000)]
Revert "Remove felix.dm usage in aaa-filterchain"
This reverts commit
822554dcc7cfd59034622a0f41df5b25a2ae2520.
Change-Id: I0ea057fa13784849849020906c81add04cebad01
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:16:01 +0000 (20:16 +0000)]
Revert "Remove felix.dependencymanager from Shiro POM"
This reverts commit
8efc8bc00d2cfbd0d983bf36eec578cfddc60c9e.
Change-Id: I1ff4fef8f5c2fb3d1cf5d1e64a944c5c0f5a2f20
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:15:47 +0000 (20:15 +0000)]
Revert "Remove un-used felix.dm usage from aaa-encrypt-service"
This reverts commit
38887453198b93327e7d298ad33dd697c4070b28.
Change-Id: Ic419b0e6f1913da2078799002e9df46b38e67b55
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 20:09:42 +0000 (20:09 +0000)]
Revert "Remove felix.dm from odl-aaa-shiro feature"
This reverts commit
fb462f2322b4156bb617ac041061612e50420020.
Change-Id: Id236b1ff1c8083e40700518b3255734c60ea4bab
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 6 Nov 2017 19:37:00 +0000 (19:37 +0000)]
Merge "Remove un-used felix.dm usage from aaa-encrypt-service"
Ryan Goulding [Mon, 6 Nov 2017 19:36:47 +0000 (19:36 +0000)]
Merge "Remove felix.dm usage in aaa-filterchain"
Ryan Goulding [Mon, 6 Nov 2017 19:36:40 +0000 (19:36 +0000)]
Merge "Remove felix.dm from odl-aaa-shiro feature"
Michael Vorburger [Mon, 6 Nov 2017 14:18:53 +0000 (15:18 +0100)]
Remove felix.dm from odl-aaa-shiro feature
Change-Id: Ie0024c763af881287770b06fe2e6bf67ed56afad
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 14:16:06 +0000 (15:16 +0100)]
Remove un-used felix.dm usage from aaa-encrypt-service
Change-Id: Ida4af1202ae0c46a07169e7fe0a10ce181c139c3
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 13:44:54 +0000 (14:44 +0100)]
Remove felix.dm usage in aaa-filterchain
Change-Id: Ia25aa964992378fac014273db3f9596d2c28a693
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 6 Nov 2017 13:06:08 +0000 (14:06 +0100)]
Remove felix.dependencymanager from Shiro POM
and remove duplicate artifacts to remove Maven warnings
Change-Id: Ibe5cdb7a6d15365e8fe684d6b77f819f15fa8ba2
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 3 Nov 2017 20:23:20 +0000 (20:23 +0000)]
Merge "remove odl-aaa-authn in favor of odl-aaa-shiro"
Ryan Goulding [Fri, 3 Nov 2017 18:40:12 +0000 (14:40 -0400)]
remove odl-aaa-authn in favor of odl-aaa-shiro
Nothing uses odl-aaa-authn. Remove it since it is just a wrapper
for odl-aaa-shiro since Nitrogen.
Change-Id: I143b036d79da92e02d3bd979a6284971275e7479
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 18:05:46 +0000 (14:05 -0400)]
Bug 8717 Remove the existing non-functional mdsal impl
This implementation was designed by someone who has long since
left the project and has not been maintained since Lithium release
minus minor fixes to service activation and AAA API changes.
It was deprecated last release with:
https://git.opendaylight.org/gerrit/#/c/59189/
This removes the implementation so it cannot be used. We
plan on adding a revamped version of the MDSAL store in
Oxygen timeframe.
Change-Id: I705924aac88ea317e1378fbeee4117f52d5e3904
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 17:58:26 +0000 (13:58 -0400)]
Remove unused concepts from aaa-authn-api
There are several areas of the original aaa-authn-api
that were superfluous and never used. This removes them
to minimize unused LOC, and hopefully improve SONAR scores.
Change-Id: I7eb3c31f8ee0d733f057f587319b2239c55c83ad
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 17:46:52 +0000 (17:46 +0000)]
Merge "Cleanup existing README content"
Ryan Goulding [Fri, 3 Nov 2017 17:46:35 +0000 (17:46 +0000)]
Merge "Remove ClientService implementation"
Ryan Goulding [Fri, 3 Nov 2017 17:13:19 +0000 (13:13 -0400)]
Cleanup existing README content
More content will be added later, this just fixes
what is there now.
Change-Id: Id9ee61aecc79685986ec26d1e6a38219e16de980
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 16:38:55 +0000 (12:38 -0400)]
Remove innacurate information in README
The README contained outdated information referencing
SSSD implementation, which was removed several releases
ago. This removes corresponding advertisement to remain
truthful and accurate to our users.
Change-Id: I80845c738ca1291707b8b1fffd32f6765da676a0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 16:34:43 +0000 (12:34 -0400)]
Remove ClientService implementation
ClientService was added a long time ago by contributors no
longer on the project, and has no known upstream users. Instead,
operators should create a service user using the idm endpoints.
This removes the default ClientService implementation since
it is unused.
Change-Id: Ic7fc5fc9aece532d7cdd754e9aa8f37f9ed1fc35
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 15:11:12 +0000 (11:11 -0400)]
cleanup shiro features formatting
Cleanup the shiro features prior to jersey2 migration.
The actual dependency logic will be resolved in the upgrade.
Change-Id: Iee9f23ae8def0d080ae8086749573c71a5400186
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 3 Nov 2017 15:07:08 +0000 (11:07 -0400)]
Cleanup aaa-shiro/impl pom
Prior to the jersey2 upgrade, clean up the pom from a
formatting perspective. Dependencies will be cleaned
up during the migration to jersey2.
Change-Id: I5c7d024f7c815c8860af6eb116ad4b9d4232c03b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Tomas Cere [Tue, 24 Oct 2017 12:26:50 +0000 (14:26 +0200)]
BUG-9261: add PKIUtil decrypt overloads for StringReader
Change-Id: If22b57e300873211887deb9b0eb718b5482b764c
Signed-off-by: Tomas Cere <tcere@cisco.com>
Ryan Goulding [Thu, 12 Oct 2017 16:21:32 +0000 (12:21 -0400)]
Remove unused pom properties
Change-Id: Ia05f780948dcedbbc9958a16fdd567264dfb8028
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Wed, 27 Sep 2017 13:35:01 +0000 (15:35 +0200)]
Bump odlparent 2.0.4 to 2.0.5
Change-Id: Ice0bf02276a15a30fd98338f91591eb1f203aaa2
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Anil Belur [Thu, 28 Sep 2017 03:11:41 +0000 (13:11 +1000)]
Bump aaa to use yangtools 1.2.0
Jira: releng-485
Change-Id: Icbb236dbce466a396ffd8960437116db3935a544
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Wed, 27 Sep 2017 13:07:38 +0000 (13:07 +0000)]
Merge "Move idmlight bundle to aaa-shiro bundle"
Mohamed ElSerngawy [Fri, 28 Jul 2017 20:52:02 +0000 (16:52 -0400)]
Move idmlight bundle to aaa-shiro bundle
Moving idmlight to shiro bundle and adjust
odl-aaa-shiro feature dependenies.
Change-Id: I1d750a1012aa2e8d29e489e03994672c871dd784
Signed-off-by: Mohamed ElSerngawy <m.elserngawy@gmail.com>
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David Suarez [Mon, 18 Sep 2017 12:24:20 +0000 (14:24 +0200)]
Fix checkstyle issues to enforce it
Change-Id: I467509334fb6c9c0d2be24a08b2d2f6eba0f3f4d
Signed-off-by: David Suarez <david.suarez.fuentes@gmail.com>
David Suarez [Thu, 14 Sep 2017 15:29:44 +0000 (17:29 +0200)]
Fix checkstyle issues to enforce it
- Add an entry to .gitignore.
Change-Id: I03757a605211497210e7b7aa7b635ca65b69bb84
Signed-off-by: David Suarez <david.suarez.fuentes@gmail.com>
Atul Gosain [Wed, 7 Jun 2017 22:10:02 +0000 (15:10 -0700)]
Utility service to encode/decode public/private keys of type RSA, DSA and ECDSA.
Placing it here to make a common place to access this service.
Change-Id: I614a49fb7adc8fe569fc2959a79ce4a74fe6b548
Signed-off-by: Atul Gosain <agosain@brocade.com>
Thanh Ha [Wed, 16 Aug 2017 14:59:36 +0000 (10:59 -0400)]
Update odlparent to 2.0.4
Also remove unused property karaf.resources.version.
Change-Id: I0eecbcd3f20cf0844a400151ede817064defc285
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Evan Zeller [Wed, 23 Aug 2017 22:24:40 +0000 (15:24 -0700)]
Bug 9040: avoid using dynamicAuthorization for cluster-admin operations
In some scenarios such as unexpected loss of voting members in a
geo-distributed cluster the cluster-admin RPC
change-member-voting-states-for-all-shards should be executed to convert
the member to voting. This RPC needs to execute regardless of if there
is a leader so we should avoid using the dynamicAuthorization via MD-SAL
Change-Id: I1c992d0da7a99171e131c7979ff4f22d740aaaed
Signed-off-by: Evan Zeller <evanrzeller@gmail.com>
Stephen Kitt [Wed, 16 Aug 2017 11:48:23 +0000 (13:48 +0200)]
Bump commons dependencies, clean up POM
Explicitly pull in beanutils 1.9.3 in aaa-shiro, and clean up the
dependencies to pull in dependencies transitively. The generated
feature ends up being identical, apart from beanutils and
commons-logging (upgraded to 1.2, which is now an OSGi bundle).
beanutils’ release notes are available at
https://commons.apache.org/proper/commons-beanutils/changes-report.html
Change-Id: I4fe725c6d4b443e0c3be3cbdd662a27a7ca7c719
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Thanh Ha [Mon, 14 Aug 2017 17:14:34 +0000 (13:14 -0400)]
Bump versions by x.(y+1).z for next dev cycle
Change-Id: I244639b1a978de38bf88ef25f72a7c24f46da13c
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Stephen Kitt [Tue, 8 Aug 2017 16:21:02 +0000 (18:21 +0200)]
Bump odlparent 2.0.2 to 2.0.4
Change-Id: Iaddd898e2c40e284dd61b435a95064831ad88529
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Vratko Polak [Tue, 1 Aug 2017 12:21:03 +0000 (14:21 +0200)]
Use current Odlparent version
Two properties were using 2.0.1, bumping to 2.0.2:
- karaf.resources.version
- features.test.version
Change-Id: I2a1cc9f102c78c73947acec2c31bc1a7bb8cfb95
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Ryan Goulding [Mon, 31 Jul 2017 18:06:30 +0000 (14:06 -0400)]
Bug 8915: Clean up context-path registration in AAA
It was discovered that both aaa-shiro and dlux were trying to
take ownership of the root servlet context ("/"). Really, neither
probably should! However, in order to maintain backwards compatibility,
AAA team registered the contexts individually through HttpService and
avoids taking ownership of root servlet context. The long term solution
should involve migrating dlux off the "http://localhost:8181/index.html"
to something like "http://localhost:8181/dlux/index.html" since no single
bundle should probably own the root servlet context IMO.
Change-Id: I42b310fc54e5f7f7fe0d18e395bd3ee768fece18
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 28 Jun 2017 16:46:25 +0000 (12:46 -0400)]
Realign idmlight endpoints to use AAAShiroFilter
Due to moving around servlet contexts and repurposing Servlet Filters,
it is time to realign idmlight to utilize AAAShiroFilter instead of
AAAFilter. This designates that idmlight endpoints aaa control is
toggled independently of odl-restconf's.
Change-Id: I26402b6b5b9c482dd5eae8fefb4e6a63f7dae8c4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Tom Pantelis [Sat, 22 Jul 2017 17:46:30 +0000 (13:46 -0400)]
Remove derivation from controller config-parent
aaa does not use the config subsystem so does not need to
derive from controller config-parent.
Change-Id: Ieab26416badc9c4a8b3871ab2edc8276f8cc7847
Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
Mohamed ElSerngawy [Wed, 19 Jul 2017 19:31:30 +0000 (15:31 -0400)]
Clean odl-aaa-authn feature
Move all the dependencies from odl-aaa-authn feature
to odl-aaa-shiro feature in order to have one feature
file to maintaine and update.
Change-Id: I6e7781a24b9a071483456f97bbb9cde6ea267305
Signed-off-by: Mohamed ElSerngawy <m.elserngawy@gmail.com>
Ryan Goulding [Sat, 15 Jul 2017 13:07:50 +0000 (09:07 -0400)]
Deprecate SHA256Calculator
Shiro provides a much more robust encryption API that we should be using.
Deprecate this custom code in favor of that.
Change-Id: I2e506f0e9d4b29b23933730a45d08ddec0c53425
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Thu, 6 Jul 2017 11:23:29 +0000 (13:23 +0200)]
Bug 8721: CLI (standalone) with new "check password" feature
Change-Id: I19ba495df60ebe08c71ce3c9c6cc24717b0f3856
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 14 Jul 2017 16:02:44 +0000 (16:02 +0000)]
Merge "Export aaa-cli-jar in the artifacts"
Tom Pantelis [Thu, 13 Jul 2017 20:49:17 +0000 (16:49 -0400)]
Fix hang in KarafIniWebEnvironment#init
It's possible the call to getInstance races with the BP container startup
in which case the INSTANCE will be created with all nulls and thus the
shiroConfiguration will forever be null. To get a valid INSTANCE, it must
be created via BP which injects a non-null ShiroConfiguration.
So getInstance now just returns INSTANCE and KarafIniWebEnvironment#init
busy waits on it.
Change-Id: I9c22d0dbec580c15830ece10c7dfa27f68ab8acf
Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
Stephen Kitt [Thu, 13 Jul 2017 14:51:59 +0000 (16:51 +0200)]
Export aaa-cli-jar in the artifacts
aaa-cli-jar is used by dependent projects, add it to the artifacts.
Change-Id: I36da018c2c51aadf8422bb575f95f9c466ded30f
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Stephen Kitt [Fri, 7 Jul 2017 15:46:16 +0000 (17:46 +0200)]
Upgrade to odlparent 2.0.2
Change-Id: I667f30ce948774ab6f6c734e7072f48a16229616
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Robert Varga [Mon, 3 Jul 2017 09:02:05 +0000 (11:02 +0200)]
Bump odlparent dependency to 2.0.1
Bumps odlparent to latest release.
Change-Id: I52cd3772ee14f2bd3c2cb0fd4708ad1f23dde339
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Mohamed El-Serngawy [Thu, 29 Jun 2017 13:46:26 +0000 (13:46 +0000)]
Merge "Clean aaa features"
Ryan Goulding [Tue, 27 Jun 2017 19:54:48 +0000 (15:54 -0400)]
Bug 7793: provide a script to convert shiro.ini to rest payload
Since most people have relied on shiro.ini functionality, it
is fitting that the AAA team supplies a script to help with
the transition to the clustered-app-config.
This script works as follows:
> python bin/upgrade/convert-shiro-ini-to-rest-payload <filename>
The resulting XML is output to stdout.
Change-Id: Ia2454a757eba4024290417588ca5e79b454ab072
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 28 Jun 2017 13:49:19 +0000 (13:49 +0000)]
Merge "Bug 7793: shiro.ini needs to die"
Ryan Goulding [Sat, 24 Jun 2017 17:03:44 +0000 (13:03 -0400)]
Clean aaa features
Change-Id: Ic18a415e803ee8435b44f4f44aabbba20ee7db78
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 20 Jun 2017 15:36:03 +0000 (11:36 -0400)]
Bug 7793: shiro.ini needs to die
shiro.ini is a poor means for configuration in our configuration-rich
ODL context. Some primary concerns involve the fact that shiro.ini
is not replicated nor consistent across a cluster of ODL nodes.
Prior to this change, lack of proper SOA means that services couldn't
be dynamically decided at runtime (i.e., swap out backing
implementation).
Simply put, shiro.ini sucks. This was a known limitation when shiro
was first integrated, but was swallowed hook line and sinker for the
other advantages that the integration provided. It is time for us to
change this so that shiro is configured using a more mature and robust
mechanism (i.e., clustered-app-config).
Some known limitations in this patch include the fact that, because we
utilize jersey 1.X with its static configuration through web.xml, there
is a race between when the configuration is available, and when the
web service is instantiated. To overcome this limitation, a basic
waiting mechanism was added to KarafIniWebEnvironment to wait until
the configuration is available prior to initializing Shiro.
The name "aaa-app-config" was chosen on purpose-- this is due to the
fact that most AAA related properties should eventually be configured
through this single pane solution. This will reduce complexity and
reliance on running disparate ManagedService instances.
Change-Id: Ie87886dd57958957dfd0a642fec434862903b509
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 19 Jun 2017 18:53:42 +0000 (14:53 -0400)]
Bug 8717 Deprecate the existing non-functional mdsal impl
The mdsal based backing datastore impl is broken, and utilizes
many unsavory practices including reflection left and right.
Deprecate it because it isn't currently used, so it can be
removed in Oxygen and replaced with a proper implementation
utilizing greatly simplified code.
Change-Id: I0a1fc0f6ff69c6d5d54b809740b558e46eb793b9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Robert Varga [Wed, 21 Jun 2017 15:19:44 +0000 (17:19 +0200)]
Bump odlparent version
Fixes the fallout from migration.
Change-Id: I5d10f0a8bb84638059a083617b7853362e669269
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ryan Goulding [Tue, 20 Jun 2017 16:55:12 +0000 (12:55 -0400)]
Bug 8661: Remove references to servicemix beanutils
This was originally done in haste to get shiro in. It was
silly and stupid, and is now removed :).
servicemix has a repackaged version of beanutils that isn't
needed; we have the original one. No need to push this in.
Sorry for the confusion.
Change-Id: Ief897e099c8fdded4e1cdd14c24865d1f95698cb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 19 Jun 2017 15:07:57 +0000 (11:07 -0400)]
Bug 7265: Fix idmtool paths to reflect the path setup in Nitrogen
In Nitrogen, idmtool was moved from etc to bin. The paths for
related file access, however, were never updated. This fixes
this oversight in two critical areas:
1) disabling SSL for idmtool
2) changing the jolokia password
Change-Id: I39554f866494a725638d5b9357d766d1b160695f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Stephen Kitt [Wed, 14 Jun 2017 16:29:41 +0000 (18:29 +0200)]
Bump OLTU 1.0.0 → 1.0.2
Change-Id: I72780529787438b67e8d2393f631b194c60f56fd
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Thu, 15 Jun 2017 19:11:06 +0000 (15:11 -0400)]
Final removal of Activators in shiro and shiro-act
aaa-shiro and aaa-shiro-act are now completely wired using
blueprint instead of Activators or the configuration subsystem.
This patch fixes documentation and does the final removal of
the Activator.
Change-Id: Ib0679e24bfda764adfca58d5e666bab0366b926f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 17 Jan 2017 23:50:50 +0000 (18:50 -0500)]
Convert aaa-shiro-act to blueprint
Change-Id: I11cc228b7b584fa7220212d20e98c9ae3ae32fec
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 5 Jun 2017 16:26:32 +0000 (12:26 -0400)]
Bug 8437: Collapse Services and transition to blueprint
One of the major focuses of the Nitrogen release surrounds service stability
in Karaf. Hitherto, AAA has made use of a wide variety of service wiring
techniques, some effective, some not so great. The service wiring really
was composed of three forms:
1) blueprint (good)
2) CSS (removed in previous patches and replaced by #1)
3) felix dependency management, which is really old and required long waits
to properly wire various components
Since #2 was already removed, this patch removes #3, which is the wiring of
services through ServiceTrackerCustomizers and the singleton ServiceLocator.
ServiceLocator still exists in this patch; to remove it here would make the
patch much too large, but it will be refactored in a followup patch.
For now, what is done is the following:
1) removal of aaa-authn bundle. This bundle contained Builders and utility
classes common to aaa-idmlight and aaa-mdsal-store bundles. They are
implementation details, and thus not candidates for odl-aaa-api. They were
put in odl-aaa-shiro, as eventually odl-aaa-mdsal-cluster will eventually be
removed and replaced with functionality built directly into odl-aaa-shiro
(see https://git.opendaylight.org/gerrit/#/c/56744/)
2) removal of aaa-authn-basic. This bundle really didn't provide much
more than HttpAuthBasic, which is really the only common impl of TokenAuth
used in AAA. This bundle's functionality was relocated to odl-aaa-shiro.
3) removal of aaa-authn-sts. STS stands for "single token store". This
bundle also provided limited functionality, and really didn't make sense as
a completely separate service.
This patch focuses on the consolidation of several aaa bundles and services
into something more manageable directly in aaa-shiro.
Future work will:
1) remove the existing mdsal store in favor of the MDSAL based
AuthorizingRealm. Basically, the old mdsal store utilizes a lot of hacky
code, reflection, etc. which can be cleaned and redefined to be more
managable. This will be removed in Oxygen, as we forgot to deprecate
it in Nitrogen. Messaging will be delivered to ensure that people use
the new Realm approach once it is available. This is again, not going
to be the default store anyway in Nitrogen.
2) further refactoring of Services so that the aaa-idmlight and aaa-h2-store
bundles are included directly in aaa-shiro. Basically, it is really
against OSGi architecture to have this many services providing such
limited functionality. Instead, we ought to provide them as part of a
single service, and make configuration through clustered-app-config,
cfg files, or some other more sane way than service injection. The
fact remains that we really want a more statically wired configuration
that is consistent and easy to understand.
This is just part of many patches to clean the existing AAA implementation.
Change-Id: I740a667278f2ff64daff5e3602ddc5586fe23733
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David Suarez [Wed, 14 Jun 2017 23:12:20 +0000 (01:12 +0200)]
Fix Remove Role command
The Remove Role command was actually removing the user with roleId
instead of the role.
Change-Id: I8564c35d658a6367dbf3e16eab23f46803119721
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Wed, 31 May 2017 19:11:18 +0000 (15:11 -0400)]
Move local karaf distribution to karaf4
Move the local karaf distribution to karaf4. Also adds a
missing artifact to the artifacts pom.
Change-Id: I881794d3d3cdc22ed9776f87480b8c9437434e71
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 14 Jun 2017 12:56:54 +0000 (12:56 +0000)]
Merge "Remove executable bit from XML files"
Thanh Ha [Wed, 14 Jun 2017 03:50:04 +0000 (03:50 +0000)]
Merge "Migrate to odlparent 1.9.0"
Thanh Ha [Tue, 13 Jun 2017 20:38:44 +0000 (16:38 -0400)]
Remove executable bit from XML files
XML files are not executable so do not need the bit set.
Change-Id: I84cacd5ce2cdc9905df928a4d453e5cfe503db23
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Tue, 13 Jun 2017 15:48:07 +0000 (11:48 -0400)]
Add functionality to change jolokia password
Jolokia authentication is still unfortunately limited to
authMode=basic. In the meantime, functionality is added
to allow easy change of this password through the exposed
jolokia config file org.jolokia.osgi.cfg.
In the future this password will be tied to AAA directly.
For now, just expose an easy utility to change it.
Change-Id: I53b7f67326dcc6dbd09a6e42b0f055ff8d1766d8
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Thanh Ha [Tue, 13 Jun 2017 18:42:05 +0000 (14:42 -0400)]
Migrate to odlparent 1.9.0
Change-Id: I735d0de85bd282603c45caf95484ad1868c7eab4
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Ryan Goulding [Tue, 13 Jun 2017 15:25:08 +0000 (15:25 +0000)]
Merge "Revert "Refactoring AAA datastore bundles""
Ryan Goulding [Tue, 13 Jun 2017 13:04:33 +0000 (13:04 +0000)]
Revert "Refactoring AAA datastore bundles"
This reverts commit
d00348582c23379e0f5baca555f378314d9bf560.
Change-Id: I574ab168e53b853b2a99737129dc3ddeb3025a6a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 12 Jun 2017 20:11:07 +0000 (20:11 +0000)]
Merge "Add gitignore to aaa-cert"
Ryan Goulding [Mon, 12 Jun 2017 19:23:25 +0000 (19:23 +0000)]
Merge "Refactoring AAA datastore bundles"
Ryan Goulding [Mon, 12 Jun 2017 17:20:59 +0000 (13:20 -0400)]
Add gitignore to aaa-cert
Avoid some files that are laid down during compilation.
Change-Id: I4903e1f7ea56d235a834ba5caaffec6d8504c9fb
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 17 May 2017 20:57:18 +0000 (16:57 -0400)]
Refactoring AAA datastore bundles
The two datastore bundles aaa-mdsal and aaa-h2 are
combiend in the aaa-idmlight bundle. Also the aaa-features
bundle has been updated to match the new changes
Change-Id: Ic0413a1deb7704ed4f93c948d887dca92779b4e7
Signed-off-by: Mohamed El-Serngawy <serngawy@gmail.com>
Ryan Goulding [Fri, 9 Jun 2017 14:44:18 +0000 (10:44 -0400)]
Remove idmlight.db.mv.db from source
Remove from source. Accidental add.
Change-Id: I6831e3ac020980ca799082e771a44697221dbdd0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Thanh Ha [Tue, 6 Jun 2017 01:42:26 +0000 (21:42 -0400)]
Migrate to odlparent 1.8.0-Carbon
Per request of odlparent project we are downgrading all Nitrogen
projects to use the released odlparent 1.8.0-Carbon to allow for the
odlparent project to start performing semver style releases.
Jira: RELENG-159
RT: 41406
Change-Id: Ia00b3a90aa68d66a05570be8eca13b6144ca70c2
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
David Suarez [Sun, 14 May 2017 17:13:32 +0000 (19:13 +0200)]
Fix issues in checkstyle enforcement for module aaa-h2-store
- Copyright section
- Order imports
- Line lengths
- Remove IllegalCatch
- Improve exception handling
- Declare some static constants properly
- JavaDocs
- Move overloaded methods closer to each other
- Change variables and methods names
- Enforcement in pom.xml
Change-Id: If9ce15fdfcacaa7d94e56368cdf8c74b1b140ece
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Mon, 5 Jun 2017 13:21:21 +0000 (13:21 +0000)]
Merge "Fix issues in checkstyle enforcement for module aaa-cert"
Ryan Goulding [Mon, 5 Jun 2017 13:20:55 +0000 (13:20 +0000)]
Merge "Bug 8437: remove deprecated aaa-authn-store bundle"
David Suarez [Sat, 13 May 2017 20:14:39 +0000 (22:14 +0200)]
Fix issues in checkstyle enforcement for module aaa-cert
- Copyright section
- Line lengths
- JavaDocs
- Order imports
- Declare some static constants properly
- Move overloaded methods closer to each other
- Returning variables directly
- Change variables and methods names
- Enforcement in pom.xml
Change-Id: I15fffbeb9de5f08e10aebd640437ddbbc97cf94b
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
David Suarez [Sun, 14 May 2017 18:55:44 +0000 (20:55 +0200)]
Fix issues in checkstyle enforcement for module aaa-idmlight
- Copyright section
- Order imports
- Line lengths
- JavaDocs
- Improve exception handling
- Change variables and methods names
- Move variables closer to their use
- Move overloaded methods closer to each other
- Declare some static constants properly
- Enforcement in pom.xml
Change-Id: Ic673b8239c3abd7ba0c23a242293fe32cc48b103
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Mohamed El-Serngawy [Fri, 2 Jun 2017 16:00:08 +0000 (16:00 +0000)]
Merge "Fix issues in checkstyle enforcement for module aaa-cli"
Code Review / aaa.git / log