Ryan Goulding [Fri, 12 May 2017 17:30:25 +0000 (13:30 -0400)]
Remove aaa-credential-store-api
This was deprecated long ago. It is time to remove it.
Change-Id: Iaa3ca9ca8eb4fc806f5aa2b93d10c1bb9bcddb0e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David Suarez [Wed, 10 May 2017 23:01:39 +0000 (01:01 +0200)]
Remove <prerequisites><maven> from pom.xml to avoid WARNING
[WARNING] The project ... uses prerequisites which is only intended for
maven-plugin projects but not for non maven-plugin projects. For such
purposes you should use the maven-enforcer-plugin. See
https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html
This is already done in odlparent.
Change-Id: Iedfaeb92fba3bf392554ece1f20358060c398a00
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Mon, 1 May 2017 20:02:10 +0000 (16:02 -0400)]
Remove aaa-idp-mapping bundle
Was deprecated in Boron, dissuaded in Carbon, now
removed in nitrogen.
Change-Id: I0f564d4b2806259eb00695dd194dc65bf394f99d
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Sat, 6 May 2017 16:16:47 +0000 (12:16 -0400)]
Remove sssd feature
Change-Id: Ie96dee58d75a6ede910cd37494672032415c3086
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Fri, 5 May 2017 18:10:42 +0000 (18:10 +0000)]
Merge "sssd functionality removal"
Mohamed El-Serngawy [Fri, 5 May 2017 18:09:52 +0000 (18:09 +0000)]
Merge "Bug 7090: Move idmlight.db to the data directory"
Mohamed El-Serngawy [Fri, 5 May 2017 18:09:12 +0000 (18:09 +0000)]
Merge "Bug 8383: no email in user creation results in NPE"
Ryan Goulding [Fri, 5 May 2017 16:27:52 +0000 (12:27 -0400)]
Bug 8382: disallow client specified ids
ids are an implementation specific internal detail. Thus,
AAA should endpoints should prevent users from specifying
such values.
This change fixes the behavior by returning 400 when ids
are specified. Appropriate test cases are added.
Change-Id: I15cc66f9881347334b919dbeb6bc686694367bd6
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 4 May 2017 20:43:11 +0000 (20:43 +0000)]
Merge "Remove the aaa-authn-federation bundle artifacts"
Ryan Goulding [Thu, 4 May 2017 20:32:20 +0000 (16:32 -0400)]
Bug 8383: no email in user creation results in NPE
Change-Id: I1eac566bcbfa0da44e09d7062e174fd597ccd0f4
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 4 May 2017 20:25:30 +0000 (20:25 +0000)]
Merge "Bug 8379: Remove deprecated TokenAuthFilter"
Ryan Goulding [Mon, 1 May 2017 20:15:06 +0000 (16:15 -0400)]
Bug 7090: Move idmlight.db to the data directory
Simply change the default behavior to plant idmlight.db
in the data directory
Change-Id: Ic766d0306b92cbe87533af6c885ff08ca8e6c78c
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 4 May 2017 19:18:10 +0000 (15:18 -0400)]
Remove the aaa-authn-federation bundle artifacts
Change-Id: I55792e209755adf98f7190884404d253e8b23012
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 4 May 2017 19:12:40 +0000 (15:12 -0400)]
sssd functionality removal
odl-authn-sssd was deprecated in Boron. The feature was removed
in Carbon, but the underlying bundles were kept just in case
(i.e., one could install manually but it wasn't a present
feature). This completes the removal since adequate time has
been given for consumers to move on to the new method, Shiro.
Change-Id: Idb95c0f41a3db0300fd8fbd7272ec3ab842f9c45
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Robert Varga [Thu, 4 May 2017 18:21:58 +0000 (20:21 +0200)]
Do not override versions defined in odlparent
This fixes commons-codec version duplication, cutting ~250kB
from distribution package.
Change-Id: I7812e5ac8ae02de25d9359eda12e78642cf33f41
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
(cherry picked from commit
457bafe812c6330ae314dd048e3e64ddd4165a68)
Ryan Goulding [Thu, 4 May 2017 17:41:09 +0000 (13:41 -0400)]
Bug 8379: Remove deprecated TokenAuthFilter
TokenAuthFilter was deprecated in either Beryllium or Boron.
It has been kept around for compatibility reasons, but it
is no longer needed. This patch removes the Filter class,
moves the inner UnauthorizedException to its own class
(better anyway), and removes some dead tests that were
testing the old filter functionality. It is clear that
the tests were testing the old Filter mechanism instead
of AAAShiroFilter, since AUTH_FILTERS was set to
TokenAuthFilter.class.getName(). Thus, the test is no
longer appropriate.
Change-Id: I08295daccc13bd9ac9113a8cf55e779ca1001775
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 4 May 2017 18:40:38 +0000 (18:40 +0000)]
Merge "Bug 8214: Avoid throwing NPE when DataBroker is null"
Andrej Mak [Thu, 4 May 2017 16:53:43 +0000 (18:53 +0200)]
Bug 8373: Set destroy method for aaa h2 store
Change-Id: I3eeec2f11240c10cc70ebb7f52560cc12da19880
Signed-off-by: Andrej Mak <andrej.mak@pantheon.tech>
Ryan Goulding [Thu, 4 May 2017 16:05:54 +0000 (12:05 -0400)]
Bug 8214: Avoid throwing NPE when DataBroker is null
MDSALDynamicAuthorizationFilter is instantiated by shiro when
the web container is brought up. shiro has no knowledge of
the DataBroker, so the dependency cannot be injected in shiro.ini.
shiro.ini needs to die, and is tracked by Bug 7793. For now,
to avoid throwing the NPE (in the case that the DataBroker hasn't
been brought up yet), just fail-close until the dataBroker is
made available (i.e., AAAShiroProvider.newInstance(DataBroker)
is called).
Change-Id: I28e2eb0780f4f7761a5e2f81d167afc5a4b10cba
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 2 May 2017 18:49:52 +0000 (18:49 +0000)]
Merge "Remove the aaa-authn-federation bundle"
Ryan Goulding [Mon, 1 May 2017 20:08:35 +0000 (16:08 -0400)]
Remove the aaa-authn-federation bundle
It was deprecated in Boron, dissuaded in Carbon,
now removed in Nitrogen.
Change-Id: Id316c1e37b57369ad8b9791f83a30eb6e59db9ac
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 1 May 2017 19:39:59 +0000 (15:39 -0400)]
Bug 7265 Move idmtool to the bin directory
Simply changes idmtool destination from etc to bin.
Change-Id: Ic3a0e1ccf484822b2cfe8ca9d6335f0ad2c0b58e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Mon, 1 May 2017 18:27:49 +0000 (18:27 +0000)]
Merge "Bug 8214 Prevent NPE in isolation scenario"
Ryan Goulding [Mon, 1 May 2017 17:09:27 +0000 (13:09 -0400)]
Bug 8214 Prevent NPE in isolation scenario
If the datastore is not readable, then fail out gracefully.
Deny access to prevent unauthorized requests from
succeeding, and report a warning to karaf.log.
Change-Id: I0b40d27b3346d8a0357f41e8c68464057d4ec1c0
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 27 Apr 2017 23:06:02 +0000 (23:06 +0000)]
Merge "Cleanup prerequisite in karaf pom"
Robert Varga [Thu, 27 Apr 2017 19:26:29 +0000 (21:26 +0200)]
Do not override shiro-core version
This is a duplicate dependency, with managed version being 1.3.2.
Remove the duplicate declaration.
Change-Id: I4bd5f6121e2a03a0f7e72bb9d1d9566ba0d3df23
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Robert Varga [Thu, 27 Apr 2017 19:26:01 +0000 (21:26 +0200)]
Fix NPE in TokenAuthRealm
If the TokenStore is not available, do not throw a NPE.
Change-Id: Ie346e89dd1dc29c705f51712e58859065b81a787
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
Ryan Goulding [Thu, 27 Apr 2017 09:19:48 +0000 (05:19 -0400)]
Cleanup prerequisite in karaf pom
An outdated prerequisite in the karaf pom for maven version
was removed.
Change-Id: I585ab08ba127164b76068dd523d6a93cdbfbe0cc
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 26 Apr 2017 21:31:57 +0000 (17:31 -0400)]
Include jetty-servlets as dep for use with filter framework
jetty-servlets is super useful to do things like DoS and QoS filtering
in the context of a J2EE servlet. This patch adds a dependency on
jetty-servlets (whatever version is in odlparent) to allow easy
configuration and specification of DoS/QoSFilter. To enable DoSFilter
for example, write the following to
etc/org.opendaylight.aaa.filterchain.cfg:
customFilterList=org.eclipse.jetty.servlets.DoSFilter
org.eclipse.jetty.servlets.DoSFilter.maxRequestsPerSec=1
org.eclipse.jetty.servlets.DoSFilter.delayMs=10000
By simply adding the dependency, it allows us to use filter(s) from
jetty-servlets without manually installing the bundle. It also
allows us to avoid version skew as we are just grabbing whatever
upstream odlparent offers.
Change-Id: I63f135872c447e9be75dde0547f81d7876afe761
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David [Wed, 19 Apr 2017 12:00:00 +0000 (14:00 +0200)]
Update shiro.ini for KeystoneRealm configuration section
- Update to better explain the configuration section of the
KeystoneRealm
in the shiro.ini file.
- Update section for available realms.
Change-Id: I6db4b9ccb1d3549c044957ab31ef64bcb93c77ba
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Jaime Caamaño Ruiz [Wed, 1 Mar 2017 19:05:08 +0000 (20:05 +0100)]
KeystoneAuthRealm: reuse http client
Jersey documentation advises against building multiple clients of the
same characteristics and advertises that is perfectly safe to use the
same client over multiple threads.
Moreover, each time the SSL context is obtained, it may synchronize the
keystores from the filesystem or the database. KeystoneAuthRealm
assumes a dynamic certificate handling.
The purpose of this commit is to reuse the http client to some degree
while refreshing it rather frequently due to the dynamic certificate
handling.
Change-Id: Ifa188ad6f2a99e64c5d560d58057428aab37df26
Signed-off-by: Jaime Caamaño Ruiz <jaime.caamano.ruiz@ericsson.com>
Robert Varga [Tue, 25 Apr 2017 09:48:13 +0000 (11:48 +0200)]
Clean read-only transactions
Read-only transactions are documented to be a resource and should
be closed as soon as they are not needed. Failing to do so
triggers warnings in tell-based protocol in CDS, as they trigger
inefficient GC-triggered cleanup.
Change-Id: Ia8468704a75fd42c105f3fba49f817d5c2e0ec30
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
(cherry picked from commit
3a2b698c58ab6cee9f75e84f307298cf75ab5553)
Ryan Goulding [Wed, 26 Apr 2017 16:05:08 +0000 (12:05 -0400)]
Bug 8313 hard code encry serv config
Updating the config seems to be causing issues in loading.
Change-Id: Iec467c589d56eb44a87f8e68b9f45ee2263b929b
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Mon, 24 Apr 2017 21:29:02 +0000 (21:29 +0000)]
Merge "Bug 8214: Expose Service Interface for AAA"
Ryan Goulding [Wed, 19 Apr 2017 14:41:47 +0000 (10:41 -0400)]
Bug 8214: Expose Service Interface for AAA
Hitherto, the tie between AAA and its downstream consumers has been
nebulous. The instantiation of javax servlets requires runtime
dependencies to be resolved. Bug 8214 exposes a race condition
in which RESTCONF attempts to resolve AAAFilter, but the AAA
service is not yet instantiated. To resolve this, the solution
is to:
1) expose a AAAService interface. In this case, that is quite
easy since we already have the necessary implementation,
AAAFilter. Thus, all that is done is the extraction of the
service interface.
2) Advertise the service to the OSGI registry via blueprint.
This is a quick 3 liner.
A corresponding change will be submitted to the downstream
consumer (RESTCONF) to depend on AAAService.
Change-Id: I5d8208ddbe817963ce596ecc34ad38ff0f760410
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 19 Apr 2017 22:19:38 +0000 (22:19 +0000)]
Merge "Fix issues related to checkstyle enforcement for module aaa-authn-mdsal-store-impl"
melserngawy [Mon, 17 Apr 2017 20:19:17 +0000 (16:19 -0400)]
Bug 8062: Fix sharing the encryption service config
across the cluster nodes
Change-Id: Ie53cbde91c4388cb45459424283ef7a90f3ae25a
Signed-off-by: melserngawy <melserngawy@inocybe.com>
David [Sun, 2 Apr 2017 16:35:59 +0000 (18:35 +0200)]
Fix issues related to checkstyle enforcement for module
aaa-authn-mdsal-store-impl
- Copyright sections
- Line lengths
- Formatting
- Remove redundant modifiers
- Move variable declaration closer to its use
- Group overloaded methods
- Change variable names
- Enforcement in pom.xml
Note: I'll fix exception catching in a separate change.
Change-Id: If1065f78d6f7ef737bb64deb70feaf7992856d35
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Anil Belur [Tue, 11 Apr 2017 01:45:25 +0000 (11:45 +1000)]
Bump versions by x.(y+1).z for next dev cycle
Change-Id: I3e3561122e5f69a982cf69e6e07b7fcaaba5b6ca
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Michael Vorburger [Wed, 5 Apr 2017 11:12:51 +0000 (13:12 +0200)]
Bug 8157 Fixed deleting a user and recreating it fails with aaa-cli-jar
Change-Id: I3894185412922fbe5a30aa899d801ed115bf8c9c
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Claudio D. Gasparini [Fri, 31 Mar 2017 15:21:16 +0000 (17:21 +0200)]
BUG-7527: Karaf 4 Migration
Add missing karaf 4 features to artifacts.
Change-Id: Ic287bde110b35b3c9e76ab285a2f1a2b1afb1b44
Signed-off-by: Claudio D. Gasparini <claudio.gasparini@pantheon.tech>
Ryan Goulding [Sat, 1 Apr 2017 17:58:18 +0000 (17:58 +0000)]
Merge "Fix some compilation warnings for JavaDocs"
David [Fri, 10 Mar 2017 10:22:44 +0000 (11:22 +0100)]
Fix some compilation warnings for JavaDocs
Remove some meaningless and malformed JavaDocs to avoid compilation
warnings.
Change-Id: I0a4d25546f0c515ce0ccc3295add0313841f49b8
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Michael Vorburger [Wed, 29 Mar 2017 21:06:29 +0000 (23:06 +0200)]
aaa-cli-jar Checkstyle clean up and enforcement enabled
Change-Id: Ic7a8b70a4189700e4a12c5b3f8490c4f9e7a9a23
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 29 Mar 2017 21:04:16 +0000 (23:04 +0200)]
aaa-cli-jar with new --deleteUser <UID> option
Change-Id: I0b343d00133895b87217b39ad54dc1267cfb9c4b
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Thu, 23 Mar 2017 17:34:09 +0000 (17:34 +0000)]
Merge "Revert "Migrate to karaf4 for the local karaf distribution""
Ryan Goulding [Thu, 23 Mar 2017 11:12:01 +0000 (11:12 +0000)]
Revert "Migrate to karaf4 for the local karaf distribution"
This reverts commit
fbfe065aa9fdbcd67eb71e913421db4c749683e4.
Change-Id: I69bd0d37a98066dfe4dbbe29a2145b9d138bc3ff
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 22 Mar 2017 11:33:33 +0000 (11:33 +0000)]
Merge "Migrate to karaf4 for the local karaf distribution"
Ryan Goulding [Wed, 22 Mar 2017 00:19:13 +0000 (20:19 -0400)]
Migrate to karaf4 for the local karaf distribution
Several folks have put in incredible effort to make karaf4 a reality in ODL.
Kudos to those folks for this great effort. This patch officially converts
AAA's local karaf distribution to use odlparent's karaf4-parent artifact.
What this means is that now when AAA is built locally, the aaa-karaf artifact
will produce a karaf4 implementation. I am opting to move to karaf4 sooner
rather than later in hopes that we may catch any lingering bugs before debuting
karaf4 as the standard for Carbon distributions.
The karaf4 implementation will still be accessible at the following well-known
path:
> karaf/target/assembly
Change-Id: Ifda98dbf470555b4d35cad058c5a2762a7cf21bf
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David [Mon, 20 Mar 2017 22:21:15 +0000 (23:21 +0100)]
Fix format strings for String.format
String.format() uses C-style format strings, not SLF4J-style.
Change-Id: I09926eccd4c42a8869d641944386e3232358b91b
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
melserngawy [Fri, 17 Feb 2017 22:21:12 +0000 (17:21 -0500)]
Add import and export keystore commands
Add the cli commands import and export keystore
to allow better keystore deployment.
Change-Id: I16ba6ff3b37af0462cd87c9a415f2711507cc79c
Signed-off-by: melserngawy <melserngawy@inocybe.com>
David [Sat, 11 Mar 2017 18:21:49 +0000 (19:21 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn-sts
- Copyright sections
- Line lengths
- Formatting
- Remove redundant modifiers
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- Enforcement in pom.xml
Change-Id: I7590067d0952424e30c3c91983a0d5a517519129
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
David [Thu, 9 Mar 2017 22:17:26 +0000 (23:17 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn-sssd
- Copyright sections
- Line lengths
- Formatting
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- JavaDoc
- Enforcement in pom.xml
Change-Id: I4082eced4907409b20be18cf2cd348e3f59096f6
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Wed, 22 Mar 2017 00:17:33 +0000 (00:17 +0000)]
Merge "Fix issues related to checkstyle enforcement for module aaa-authn-store"
David [Sun, 12 Mar 2017 10:08:00 +0000 (11:08 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-filterchain
- Copyright sections
- Line lengths
- Formatting
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- JavaDoc
- Enforcement in pom.xml
Change-Id: Ib13d281a4fe88fed098a00d49438d0aa3fb3c654
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Mon, 20 Mar 2017 16:43:41 +0000 (16:43 +0000)]
Merge "Make IDMStoreUtil a final class"
David [Thu, 9 Mar 2017 22:59:38 +0000 (23:59 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn-store
- Copyright sections
- Line lengths
- Formatting
- Order of modifiers
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- Enforcement in pom.xml
Change-Id: Ice2db2271c441175d2789656a3da7efffc97108c
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
matthieu cauffiez [Tue, 14 Mar 2017 15:09:35 +0000 (11:09 -0400)]
Add AaaCertRpcServiceImpl unit tests
Change-Id: I912a8a9dfaa21061731e3abe088a6075a350e3f6
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
matthieu [Mon, 13 Mar 2017 14:45:53 +0000 (10:45 -0400)]
Add Unit Test for aaa cert provider mdsal
Add unit test for aaa cert provider mdsal and
add testutil for the certificate
Change-Id: I77838c8c97b572490fdb9e853ce3ffa62e43484f
Signed-off-by: matthieu <mcauffiez@inocybe.com>
Mohamed El-Serngawy [Thu, 16 Mar 2017 17:10:14 +0000 (17:10 +0000)]
Merge "Generate Random password for encryption service"
melserngawy [Thu, 23 Feb 2017 20:24:03 +0000 (15:24 -0500)]
Generate Random password for the keystores
Generate random password for the keystores
at the installation time to enhance and secure
Opendaylight deployment.
Change-Id: I93dc2cc292f2c3dfac9cff87b6222a994936125b
Signed-off-by: melserngawy <melserngawy@inocybe.com>
David [Wed, 15 Mar 2017 09:13:57 +0000 (10:13 +0100)]
Make IDMStoreUtil a final class
Make IDMStoreUtil a final class since it declares a private
constructor.
Change-Id: I318a8d5f72de47636f3eecc5837ea199c9a4c5b5
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Miguel Duarte [Tue, 21 Feb 2017 10:11:36 +0000 (11:11 +0100)]
Shiro authz RBAC roles read from keystone.
The user roles within a domain are extracted from the auth token, which
is granted by keystone. Local authorization then takes place, depending
on shiro's configuration.
The authentication request to Keystone was changed, turning the auth
mechanism into 'scoped' authentication. The scope used is to the domain
in which the user is authenticating.
By using this scoped authentication, Keystone replies in the token with
the list of roles of that particular user in the specified domain.
Change-Id: I511aa2f49c40fc7b1ac7ce7abd495f38a68d7581
Signed-off-by: Miguel Duarte <miguel.duarte.de.mora.barroso@ericsson.com>
Mohamed El-Serngawy [Mon, 13 Mar 2017 14:20:09 +0000 (14:20 +0000)]
Merge "Add MdsalUtils unit tests"
matthieu cauffiez [Fri, 10 Mar 2017 19:47:11 +0000 (14:47 -0500)]
Add MdsalUtils unit tests
Add unit tests of MdsalUtils static methods
Change-Id: If64763b8715b7ad44aa8b63c08024b80c4a2a03f
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
Mohamed El-Serngawy [Wed, 22 Feb 2017 22:15:36 +0000 (17:15 -0500)]
Generate Random password for encryption service
Generate random password for the encryption service
at the installation time to enhance and secure
Opendaylight deployment.
Change-Id: I2efe9ee4294ad4bb9976a46612020d91cfc50c90
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
matthieu [Wed, 8 Mar 2017 21:53:44 +0000 (16:53 -0500)]
Add KeyStoresDataUtils unit test
Create all unit tests for all functions of KeyStoresDataUtils
Change-Id: I03c451cba0dabcb1a2b5215e9aaa5f9f06edad48
Signed-off-by: matthieu <mcauffiez@inocybe.com>
David [Thu, 9 Mar 2017 16:35:47 +0000 (17:35 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-idpmapping
- Copyright sections
- Line lengths
- Formatting
- Order of modifiers
- Move variable declaration closer to its use
- Change variable names
- Exception catching
- Enforcement in pom.xml
Change-Id: I606be4addc6474c965d4e88aa9ef48605973a83c
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
David [Thu, 9 Mar 2017 00:18:36 +0000 (01:18 +0100)]
Fix issues related to checkstyle enforcement for module aaa-authn-basic
- Line lengths
- Rename method
- Formatting
- Enforcement in pom.xml
Change-Id: I0bd8e27d2abeb1315b1c5fc2925c8e0db2f726fa
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
David [Wed, 8 Mar 2017 23:19:54 +0000 (00:19 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn-api
- Copyright sections
- Line lengths
- Remove public modifier from interface methods
- Exception catching
- Rename paramaters and variables
- Group overloaded methods
- Enforcement in pom.xml
Change-Id: I6860af7d863e84bf317c7d261294b03527d29e32
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Thu, 9 Mar 2017 00:14:58 +0000 (00:14 +0000)]
Merge "Fix issues related to checkstyle enforcement for module aaa-authn"
Ryan Goulding [Wed, 8 Mar 2017 03:36:58 +0000 (03:36 +0000)]
Merge "Better error message if null encryptSalt"
Michael Vorburger [Tue, 7 Mar 2017 23:32:47 +0000 (00:32 +0100)]
Better error message if null encryptSalt
If hit this in a (Karaf 4...) SFT:
[Blueprint Extender: 1] ERROR
org.apache.aries.blueprint.container.ServiceRecipe - Error retrieving
service from ServiceRecipe[name='.component-1']
org.osgi.service.blueprint.container.ComponentDefinitionException: Error
when instantiating bean encryptService of class
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl
at
org.apache.aries.blueprint.container.BeanRecipe.wrapAsCompDefEx(BeanRecipe.java:361)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstanceFromType(BeanRecipe.java:351)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstance(BeanRecipe.java:282)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:830)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:811)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.RefRecipe.internalCreate(RefRecipe.java:62)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:106)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.createService(ServiceRecipe.java:285)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.internalGetService(ServiceRecipe.java:252)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.ServiceRecipe.internalCreate(ServiceRecipe.java:149)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:255)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:186)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:724)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:411)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:276)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_121]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
org.apache.aries.blueprint.container.ExecutorServiceWrapper.run(ExecutorServiceWrapper.java:106)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.utils.threading.impl.DiscardableRunnable.run(DiscardableRunnable.java:48)[14:org.apache.aries.blueprint.core:1.6.2]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_121]
at
java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_121]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)[:1.8.0_121]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)[:1.8.0_121]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_121]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_121]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_121]
Caused by: java.lang.NullPointerException
at
java.util.StringTokenizer.<init>(StringTokenizer.java:199)[:1.8.0_121]
at
java.util.StringTokenizer.<init>(StringTokenizer.java:221)[:1.8.0_121]
at
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl.getEncryptionKeySalt(AAAEncryptionServiceImpl.java:152)[131:org.opendaylight.aaa.encrypt-service:0.5.0.SNAPSHOT]
at
org.opendaylight.aaa.encrypt.AAAEncryptionServiceImpl.<init>(AAAEncryptionServiceImpl.java:49)[131:org.opendaylight.aaa.encrypt-service:0.5.0.SNAPSHOT]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)[:1.8.0_121]
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)[:1.8.0_121]
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)[:1.8.0_121]
at
java.lang.reflect.Constructor.newInstance(Constructor.java:423)[:1.8.0_121]
at
org.apache.aries.blueprint.utils.ReflectionUtils.newInstance(ReflectionUtils.java:331)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.newInstance(BeanRecipe.java:984)[14:org.apache.aries.blueprint.core:1.6.2]
at
org.apache.aries.blueprint.container.BeanRecipe.getInstanceFromType(BeanRecipe.java:349)[14:org.apache.aries.blueprint.core:1.6.2]
... 30 more
Change-Id: I37ddaa7a9f9883f7106e68dd7725f7dce50d55d5
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
David [Wed, 8 Mar 2017 00:29:36 +0000 (01:29 +0100)]
Fix issues related to checkstyle enforcement for module
aaa-authn
Many changes, but all minor:
- Line lengths
- Lexicographic order for imports
- Declaration of constants: name, modifiers
- Formatting
- JavaDoc format
- Rename variables
- Move declaration of variables closer to their use
- Exception catching
- Enforcement in pom.xml
Change-Id: I6c8ec4da77874a5c0eb54d0849677c770b6580a0
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Michael Vorburger [Tue, 7 Mar 2017 23:19:53 +0000 (00:19 +0100)]
Fix NPE in H2TokenStore updateConfigParameter
seen in SingleFeatureTest (SFT) running under Karaf 4
maybe under Karaf 3 this was never called with null, but under 4 it is
Change-Id: Ie773ee79c4ffa6b7ca1a08d9ea42c0cf014315a9
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Tue, 7 Mar 2017 22:44:42 +0000 (22:44 +0000)]
Merge "Replace project-specific checkstyle by odlparent's"
matthieu cauffiez [Fri, 3 Mar 2017 21:32:05 +0000 (16:32 -0500)]
Fix null pointer Exception during unit tests
Put all aaaProcider tests function into one test function
Change-Id: I3cf85c4e3dcc14643b5700f6e38f0c86c5ea854c
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
matthieu cauffiez [Fri, 3 Mar 2017 18:20:58 +0000 (13:20 -0500)]
Fix aaa-cert unit tests
Base on patch https://git.opendaylight.org/gerrit/#/c/47855/
Reorganize tests of AaaCertProviderTest.
Update the certificate due to the expiry date.
Change-Id: I48d20180a4c808fc3c434f441a413c42c11ece75
Signed-off-by: matthieu cauffiez <mcauffiez@inocybe.com>
David [Fri, 3 Mar 2017 14:21:49 +0000 (15:21 +0100)]
Replace project-specific checkstyle by odlparent's
This change replace the project-specific checkstyle rules by the common
ones defined in odlparent's pom.xml as other projects have already done
(Netvirt, Genius, etc.). The actual enforcement of the checkstyle rules
are applied on a per-module-basis in their own pom.xml by adding the
following section to the maven-checkstyle-plugin:
<configuration>
<propertyExpansion>checkstyle.violationSeverity=error</ropertyExpansion>
</configuration>
I have commented the checkstyle enforcement of some current modules to
do this enforcement process in a progressive way by solving the
checkstyle issues module by module. I'll rise separate commits for
those modules soon.
Change-Id: I7fcb069c6abd6814a5a2d7269d178c85e97c01c2
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Jaime Caamaño Ruiz [Tue, 7 Feb 2017 18:14:50 +0000 (19:14 +0100)]
Enable keystone authentication
Add Keystone authentication support through a new Shiro realm:
KeystoneAuthRealm.
At this point only Basic Authentication is supported. The user
credentials support the format user@domain to specify a domain.
The authentication is 'unscoped'.
For SSL verification in the https handshake with keystone
endpoint, SSL context provided by odl-aaa certificate manager
is used. Jersey v1 is used as HTTP client and Jackson v2 for the
serialization.
The following parameters are configurable through shiro.ini for this
realm:
- url: The endpoint url for Keystone instance (API v3), can be http
or https.
- sslVerification: if url is https, whether to perform ssl
verification.
- defaultDomain: if no domain is available through the provided
credentials, this default domain will be used. Defaults to 'Default'.
Change-Id: Ifcf5e6252fb8884adbe4127c63b04a28f263d02b
Signed-off-by: Jaime Caamaño Ruiz <jaime.caamano.ruiz@ericsson.com>
Mohamed El-Serngawy [Wed, 1 Mar 2017 22:00:00 +0000 (22:00 +0000)]
Merge "Minor changes"
Thanh Ha [Wed, 1 Mar 2017 20:14:45 +0000 (15:14 -0500)]
Add missing <name> fields for pom.xml files
This is used by autorelease scripts to automatically parse which project
is failing a build and report to the mailing list automatically. We need
names in the format:
ODL :: <groupId> :: <artifactId>
This patch formats in the same format as found in the startup archetypes
patch found here: https://git.opendaylight.org/52522
Change-Id: I5208b32cc45c96d85d27a477fc7b289d8cb4b06b
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
David [Tue, 28 Feb 2017 23:25:08 +0000 (00:25 +0100)]
Minor changes
- Reorder modifiers
- Private constructor to avoid instantiation
Change-Id: I201648759962387c40e8f62960db16e530612e70
Signed-off-by: David <david.suarez.fuentes@ericsson.com>
Ryan Goulding [Fri, 17 Feb 2017 13:44:25 +0000 (13:44 +0000)]
Merge "Add get TLS protocols command"
Robert Varga [Fri, 17 Feb 2017 08:27:27 +0000 (09:27 +0100)]
BUG-7767: Enlarge jetty.servlets import range
This import is used by web.xml only, hence it can serve both
8.1 and 9.2 versions of jetty.
Change-Id: Ic28b6114c4dd5cb356376238002d84086afe7c8f
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Thu, 16 Feb 2017 12:48:04 +0000 (13:48 +0100)]
Do not pull in both jetty and war features
Confusion over versioning means that we should not pull the
war feature now, only jetty.
Change-Id: Ib098a465e1281bb7e21772f0a21bb9b1b8072453
Signed-off-by: Robert Varga <rovarga@cisco.com>
Vratko Polak [Wed, 15 Feb 2017 17:37:24 +0000 (18:37 +0100)]
Compile-time dependencies matter
Not sure whether this is a proper fix,
but right now distribution karaf4 patch
fails while SFT on odl-restconf due to not seeing aaa-idmlight:py:config
See [0] when it is downloaded only after SFT failures happen.
[0] https://logs.opendaylight.org/releng/jenkins092/distribution-verify-carbon/21/console.log.gz
Change-Id: I8ea38ee5c011aba7de7e0afcb63b85cfc453e3e8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
melserngawy [Fri, 3 Feb 2017 22:28:16 +0000 (17:28 -0500)]
Add get TLS protocols command
Get TLS protocol command will show the allowd
tls protocols at aaa-cert bundle configuration
Change-Id: Ib10c9f72b2826ad404fbe29da29da85e68604245
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Stephen Kitt [Mon, 13 Feb 2017 17:25:07 +0000 (18:25 +0100)]
Jetty 9.2: pull in h2 using odlparent DM
odlparent's dependency management now handles h2, delegate to that.
Change-Id: Iad7a7bd6c94529ff4c3c3a916c1c9ba9ed32a548
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Robert Varga [Thu, 9 Feb 2017 16:25:31 +0000 (17:25 +0100)]
Switch to using jetty proxy feature
This switches to odlparent-provided jetty feature,
allowing us to have a centralized version.
Change-Id: I3f1206b78c3d7243dc03a1e5f61545517e088708
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Thu, 9 Feb 2017 14:45:10 +0000 (15:45 +0100)]
Use jdbc/war features
Now that we have proxies to depend on for bringing in core
karaf features, use them to not pull in org.osgi.enterprise.
Change-Id: I18d9135a40ab670668826094162c0041184a4298
Signed-off-by: Robert Varga <rovarga@cisco.com>
Ryan Goulding [Thu, 9 Feb 2017 14:43:50 +0000 (14:43 +0000)]
Merge "Revert "Fix the package name""
Ryan Goulding [Thu, 9 Feb 2017 14:42:58 +0000 (14:42 +0000)]
Revert "Fix the package name"
This reverts commit
4e55dcea3727f6027a021c332fe831d9556bf322.
Change-Id: I122f866ac6b7ab73f065b857085c364c9f72f148
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 9 Feb 2017 14:09:15 +0000 (14:09 +0000)]
Merge "Bug 7663: Replace FindBugs :jsr305 by full :annotation in features-aaa-shiro"
Ryan Goulding [Thu, 9 Feb 2017 14:08:56 +0000 (14:08 +0000)]
Merge "Fix the package name"
Ryan Goulding [Thu, 9 Feb 2017 02:54:23 +0000 (02:54 +0000)]
Merge "Remove felix.dependencymanager from aaa-shiro & aaa-shiro-act"
Michael Vorburger [Wed, 8 Feb 2017 23:39:33 +0000 (00:39 +0100)]
Remove felix.dependencymanager from aaa-shiro & aaa-shiro-act
This fixes the following bug raised on #opendaylight today:
(06:13:17 CET) ***rovarga gets a rash whenever felix DM surfaces
Change-Id: I4278d32cd32320bdabd44a650db4c7c36bb96a0e
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 8 Feb 2017 18:29:20 +0000 (19:29 +0100)]
Remove felix.dependencymanager from aaa-h2-store
This makes life easier for my friends working hard on the Karaf 4 mig.
The switch of Import-Package from explicit list to exclusion list is
indirectly related; I may also have been possible to leave that as is
and just remove "org.apache.felix.*" from that list, but flipping this
around like this seems much better, to me.
Change-Id: I0ee3d3765db9d4ec466939b4862a38d957cdb451
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 8 Feb 2017 21:10:40 +0000 (22:10 +0100)]
Bug 7663: Replace FindBugs :jsr305 by full :annotation in features-aaa-shiro
I suspect (but don't have prove yet) that this may be the reason
why SFT failed on use following the merge of the odlparent change
replacing :jsr305 by :annotation; this is the *ONLY* place in
ALL of autorelease where I could still find a reference left..
see also https://git.opendaylight.org/gerrit/#/c/50904/
Change-Id: I09aaa0d57634ef632f65634f1f283b09075dd9fb
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Stephen Kitt [Tue, 7 Feb 2017 09:50:51 +0000 (10:50 +0100)]
Bump org.osgi.enterprise dependency to 5.0.0
This appears to fix some LinkageErrors we're seeing now.
Also rely on transitive dependency analysis to pull in Felix OSGi
dependencies.
Change-Id: Icb1f16c77a3a2fc5c6b026ced5111d4784d01386
Signed-off-by: Stephen Kitt <skitt@redhat.com>