Ryan Goulding [Thu, 9 Feb 2017 14:42:58 +0000 (14:42 +0000)]
Revert "Fix the package name"
This reverts commit
4e55dcea3727f6027a021c332fe831d9556bf322.
Change-Id: I122f866ac6b7ab73f065b857085c364c9f72f148
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
David Suarez [Fri, 3 Feb 2017 17:33:35 +0000 (18:33 +0100)]
Fix the package name
These files are declared in package org.opendaylight.aaa.shiro.*
instead but they are actually in org.opendaylight.aaa.impl.shiro, so I
moved to their proper package.
This leads to some reorganization in imports, which I think it is good
for checkstyle if we finally enforce it.
Change-Id: I49486fed6862b600810a475cb9847a49cf4e007d
Signed-off-by: David Suarez <david.suarez.fuentes@ericsson.com>
Stephen Kitt [Fri, 3 Feb 2017 09:09:30 +0000 (10:09 +0100)]
Karaf 4: remove aaa-cli4
aaa-cli can be easily fixed to work with both Karaf 3 and 4; doing
this means we can drop the duplicated aaa-cli4 entirely.
Change-Id: I73fb4de50c9d5a71502e2125cf9f45a526474ca6
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Stephen Kitt [Wed, 11 Jan 2017 15:46:42 +0000 (16:46 +0100)]
BUG-7527: provide Karaf 4 features
Some oddities in this patch:
* aaa-shiro pulls in commons-beanutils, which has an optional
dependency on commons-collections; this doesn't cause any problems
with Karaf 3, but fails on Karaf 4 (so I've added an explicit
dependency on commons-collections)
* aaa-idmlight's "provided" jetty-servlets causes containing features
to fail to load, so I've added a dependency on Karaf's jetty feature
aaa-cli is duplicated as aaa-cli4 for Karaf 4, otherwise we end up
with a failure loading odl-aaa-cli since the bundle has a strong
dependency on Karaf 3. This is temporary, we'll remove aaa-cli4 once
the Karaf 4 migration is done.
Change-Id: Ic5bd817075f55dc3ccc7779b35e9d329e14de088
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Ryan Goulding [Thu, 26 Jan 2017 17:51:03 +0000 (12:51 -0500)]
Updates to the README based on the newly added authorization engine
In a separate commit, the MDSALDynamicAuthorizationFilter was debuted
to allow dynamic creation of http authorization rules. This is the
corresponding documentation changes which briefly explain the new
mechanism and how it is used.
Change-Id: I7d8d5bc7691bc19ed0943d8ac1b85aa6f16b57b9
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Thu, 19 Jan 2017 01:18:58 +0000 (20:18 -0500)]
Addition of dynamic http authorization based on particular http operations
In the past, shiro.ini has been used to configure URL based authorization
through the RolesAuthorizationFilter. This is a bit messy for two main
reasons:
1) The urls are expected to be relative to the servlet context. This sucks,
since if you are using the same Filter over multiple contexts, the servlet
context part of the URL is chopped off. Thus, there are chances for
ambiguity through configuring through shiro.ini
2) The rules can only be recognized on system startup-- they are not dynamic.
This adds a model to add in rules for protecting REST urls. Future
revisions of the model will provide black/white lists etc. For now, this
just provides Role Based Access Control (RBAC).
Change-Id: I1f1ce957a43eb7f7eba69cab74a65ed653ab1832
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Michael Vorburger [Tue, 31 Jan 2017 13:09:48 +0000 (14:09 +0100)]
Remove bad manifestLocation from maven-bundle-plugin
Change-Id: I70dba19090471c7748e292888ab179b63d7c8518
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 27 Jan 2017 02:34:21 +0000 (02:34 +0000)]
Merge "Check for empty cipher suites"
Ryan Goulding [Thu, 26 Jan 2017 18:49:13 +0000 (18:49 +0000)]
Merge "Replace FindBugs :jsr305 by full :annotation (Bug 7663)"
melserngawy [Wed, 25 Jan 2017 21:57:21 +0000 (16:57 -0500)]
Check for empty cipher suites
Check for empty cipher suites name
Change-Id: Ibb27d0cd713cbfb89d998d5e27c275aae9c77037
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:13:29 +0000 (15:13 -0500)]
Remove the aaa-authn-idpmapping bundle from AAA features
Remove the aaa-authn-idpmapping bundle as it will be deprecated
Change-Id: Ie4d2ba06be63764c2a46d9280bfe2293e481409a
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Michael Vorburger [Mon, 23 Jan 2017 20:05:31 +0000 (21:05 +0100)]
Replace FindBugs :jsr305 by full :annotation (Bug 7663)
Change-Id: Ia516435ad9a3c516c43a994bed21e4cca4f22e36
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Mon, 23 Jan 2017 20:12:09 +0000 (20:12 +0000)]
Merge "Replace mockito-all by mockito-core (see Bug 7662)"
Michael Vorburger [Mon, 23 Jan 2017 18:48:47 +0000 (19:48 +0100)]
Replace mockito-all by mockito-core (see Bug 7662)
Change-Id: I17d21518f12305c63eae0b901546fc4e4c851368
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Mon, 23 Jan 2017 18:44:34 +0000 (18:44 +0000)]
Merge "Add ODLPrincipal to API so it is exposed for outside use"
Ryan Goulding [Mon, 23 Jan 2017 18:40:33 +0000 (18:40 +0000)]
Merge "Add list users, roles and domains CLI"
Ryan Goulding [Thu, 19 Jan 2017 21:02:03 +0000 (16:02 -0500)]
Add ODLPrincipal to API so it is exposed for outside use
A recent request in the mailing list was to expose ODLPrincipal
for use from other contexts. This will also be useful for when
the MDSALRealm is added, which will also utilize ODLPrincipal
constructs.
Change-Id: Ic2b4bc9646f50a6fb2e2e1d43b814d2bc4e8c1f1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 14 Dec 2016 18:47:17 +0000 (13:47 -0500)]
Add list users, roles and domains CLI
Add list users, roles and domains CLI
It will help to manage the ODL aaa data model.
Change-Id: I5ceac9a118d7519ca500e84f5e212486cb3e30d2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:05:03 +0000 (14:05 -0500)]
Remove the odl-aaa-sssd-plugin feature
Remove the odl-aaa-sssd-plugin feature as the bundle
will be deprecated and we moving to use shiro framework
Change-Id: Ie0965e3228ffe1d02251418ce4852c9538666c6c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Stephen Kitt [Thu, 19 Jan 2017 14:02:32 +0000 (15:02 +0100)]
Use Java 8's Base64 instead of Jersey's or Apache Commons'
Java 8 includes a Base64 decoder and encoder; using that allows us to
drop dependencies on Jersey and Apache Commons Codec.
Change-Id: Ibc1cea40c67e349b285d457974e20506cbad3af4
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:15:01 +0000 (14:15 -0500)]
Add aaa-authn-mdsal-store-impl config artifact to feature dependancy
The aaa-authn-mdsal-store-impl/config/xml artifact was missing in
authn-feature dependancy.adding it and clean up the POM file.
Refer to the comment at https://git.opendaylight.org/gerrit/#/c/49163/
Change-Id: I98ad643ae72c621500d59f897a6ccea326126cf5
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:33:16 +0000 (19:33 +0000)]
Merge "Remove the broken aaa-authz module and corresponding models"
Mohamed El-Serngawy [Wed, 18 Jan 2017 19:29:13 +0000 (19:29 +0000)]
Merge "Remove dead Activator code"
Ryan Goulding [Fri, 13 Jan 2017 20:14:41 +0000 (15:14 -0500)]
Remove the broken aaa-authz module and corresponding models
aaa-authz no longer works. The service was originally designed as a DataBrokerFacade
to aid in MD-SAL based authorization. This should be considered again in the future,
but for now we are removing this functionality since it is broken and could cause
confusion. Since the mechanism currently doesn't work, we feel it is better to
completely remove the feature rather than deprecate something that doesn't do anything.
To get HTTP based authorization, Shiro integration is recommended. This is explained
in etc/shiro.ini, as well as upstream in Shiro documentation.
Change-Id: I6c822860e9b28a9577eb88c87c7c10120e4c9a97
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 18 Jan 2017 00:30:33 +0000 (00:30 +0000)]
Merge "Remove unused Realms"
Ryan Goulding [Wed, 18 Jan 2017 00:30:20 +0000 (00:30 +0000)]
Merge "Just clean up some log messages and remove unnecessary code"
Ryan Goulding [Wed, 18 Jan 2017 00:02:42 +0000 (19:02 -0500)]
Remove unused Realms
These were never implemented, and the person interested in implementing them
has left the project. These can easily be re-added in the future.
Change-Id: I89709c633cbe0af809db7a31e5acb0e6f5ff95bf
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Wed, 18 Jan 2017 00:00:50 +0000 (19:00 -0500)]
Just clean up some log messages and remove unnecessary code
Change-Id: If67440d7bdd9993614cc9923060512edbc667c85
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 17 Jan 2017 22:55:04 +0000 (17:55 -0500)]
Remove dead Activator code
aaa-shiro is now activated by Aries Blueprint as of:
https://git.opendaylight.org/gerrit/#/c/50077/
This change removes the dead Activator code that was associated with loading
this bundle via standard felix conventions. The Activator essentially only
provided logging messages, which are now propagated by the AAAShiroProvider.
Change-Id: Ie840736b8ee1268456b84353d6add574ac92e130
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Tue, 17 Jan 2017 22:50:55 +0000 (17:50 -0500)]
Remove an unused public constant
Change-Id: I5793fe8a3ddf2f7adab08bdae04c89118c589b9f
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 17 Jan 2017 20:21:49 +0000 (20:21 +0000)]
Merge "Update README.md to current status of AAA project"
Mohamed El-Serngawy [Tue, 17 Jan 2017 20:20:43 +0000 (20:20 +0000)]
Merge "Migrate aaa-shiro to utilize archetype setup"
Ryan Goulding [Tue, 17 Jan 2017 19:50:07 +0000 (19:50 +0000)]
Merge "Fix Md-SAL store configuration"
Ryan Goulding [Tue, 17 Jan 2017 19:49:25 +0000 (19:49 +0000)]
Merge "Add CLI for managing aaa data model"
Ryan Goulding [Thu, 5 Jan 2017 20:52:47 +0000 (15:52 -0500)]
Migrate aaa-shiro to utilize archetype setup
This change addresses the fact that the archetype was not used to
create the aaa-shiro module. This is due to the fact that it was
much heavier weight than what was needed at the time. However,
utilization of the archetype does allow for many advantages including:
1) Explicit separation of api and impl into two separate locations.
Since prior to this change mostly Apache Shiro abstractions were used
instead of homegrown ones, this wasn't particularly useful. However,
with aaa-shiro growing, this is becoming increasingly necessary.
2) Dependence on config-parent for bundles. This gets us a lot for
free, including genericizising on best practices.
3) The possibility to create aaa-shiro features/karaf/IT/commands more
easily. For now, this patch comments out the features & karaf
section as they are pretty much duplicates of the existing top-level
odl-aaa-shiro feature which is already defined. In the future, it
would be nice to enumerate some of the archetype-oriented features:
- ui
- rest
- api
This change is mostly cleaning up and preparing for expansion of the
aaa-shiro bundle. Existing functionality was stuck in the aaa-shiro module,
but the package names were not updated to utilize impl. Likewise, the module
is called "aaa-shiro" and not "aaa-shiro-impl" since other projects already depend
on the former name. The package names were not updated to utilize impl
as the names are used in configuration of the module itself, and
changing them would cause forwards/backwards compatibility issues. In the future,
we may want to move them but provide existing classes that extend the impl ones.
Change-Id: I16f1efed8b83e764362ae6d19b0a69d1b1c6cbec
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 17 Jan 2017 18:36:46 +0000 (18:36 +0000)]
Merge "Add TLS protocol configuration"
Mohamed El-Serngawy [Mon, 16 Jan 2017 21:57:35 +0000 (16:57 -0500)]
Add TLS protocol configuration
Add the the supported TLS protocols as configuration
to the certificate manager service to be same across
all the tls communications
Change-Id: Ie42344e20ff43dba21b42e58fb141e2871a925f1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 17 Jan 2017 15:58:11 +0000 (10:58 -0500)]
Update README.md to current status of AAA project
A much needed cleaning of the AAA README.md file. This is not
perfect, but it is much more accurate than the existing file.
This can be enhanced more in the future, although the proper docs
are also a great resource.
Change-Id: I3e657b963c2617ae92094ae8943a904fbd395e61
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 14 Dec 2016 22:29:20 +0000 (17:29 -0500)]
Add CLI for managing aaa data model
Add CLI commands to add and remove aaa data model
users,roles, domain and grants. It also authorize
the admin users only to be able to manage aaa.
Change-Id: Ia34901dcced7603bbdcfd6fa5afcfa9a283e8ed2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 8 Dec 2016 21:19:23 +0000 (16:19 -0500)]
Fix Md-SAL store configuration
add aaa-mdsal-config.xml file to make the md-sal datastore
configuration editable by the end user.
Change-Id: I0861046a1b5644f8c3ecaa3aa9bb5b6432ec9ca5
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Fri, 13 Jan 2017 20:45:58 +0000 (15:45 -0500)]
Update README surrounding accounting
Accounting has been greatly improved since the Beryllium release with
the AuthenticationListener implementation. This updates the README
for accounting only. Further updates will be submitted surrounding
Authentication and Authorization prior to release.
This patch is a canddate for master, Boron and Beryllium, and will
add valuable information for users of each of these releases.
Change-Id: I6f7bc6ce6a4d178eb7c00810102795d8c8b9c987
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 13 Jan 2017 20:20:48 +0000 (15:20 -0500)]
Remove cassandra based store
This is dead code, since there appears to be no way to configure cassandra as
the default backing data store. Thus, the code exists, but is never instantiated.
Even the feature "odl-aaa-cassandra*" does not properly load the cassandra based
backing data store.
Since the feature doesn't appear to work or add anything extra, it is being removed.
We are providing an alternative dropin backed by mdsal instead, which should
be used instead.
Change-Id: I30c5231753544b170fb05bb461734cbc34efec8a
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Hideyuki Tai [Fri, 13 Jan 2017 02:22:24 +0000 (02:22 +0000)]
Added aaa-h2-store bundle.
The artifact "aaa-h2-store:cfg:config" is needed by the feature
odl-aaa-authn-cassandra-cluster. However, the dependency information for
that was mistakenly removed.
Change-Id: Ia6aab62dcc30fc9eb525626b389e6a5097e25342
Signed-off-by: Hideyuki Tai <Hideyuki.Tai@necam.com>
Ryan Goulding [Thu, 12 Jan 2017 16:33:27 +0000 (16:33 +0000)]
Merge "Remove the aaa-authn-federation bundle"
Ryan Goulding [Thu, 12 Jan 2017 16:29:53 +0000 (16:29 +0000)]
Merge "Deprecate aaa-cassandra-store bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:49:24 +0000 (14:49 -0500)]
Remove the aaa-authn-federation bundle
As we deprecate aaa-authn-federation bundle remove it from
aaa feature
Change-Id: I48bf775a23c8a1a1d52013300b662a4becf7e77c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Wed, 11 Jan 2017 18:46:42 +0000 (13:46 -0500)]
Remove RBAC rule implementation
RBAC rules were a concept that existed to automatically restrict some endpoints. However,
they were not terrible useful and not mutable. The point was to just restrict a
certain subset of endpoints for security purposes (i.e., the IdM endpoints).
This change removes unused concepts and makes a few minor fixes to existing code:
* make local vars final when appropriate
* better logging
* utilize File.separator instead of hardcoding "/"
Change-Id: If3a1f100e8a2b265be71cfb4722b64c76aacad34
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Tue, 10 Jan 2017 18:57:49 +0000 (13:57 -0500)]
Deprecate aaa-cassandra-store bundle
Deprecate aaa-cassandra-store bundle classes
as we are cleaning up aaa project
Change-Id: Ic4ef01600d73c4e9adac0052edd802f70532c325
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 3 Jan 2017 16:42:55 +0000 (16:42 +0000)]
Merge "Deprecat aaa-authn-idpmapping bundle"
Tom Pantelis [Fri, 23 Dec 2016 15:05:00 +0000 (10:05 -0500)]
Fix missing aaa-h2-store:cfg in dist builds
Added the cfg file as a dependency in he fearures pom.
Change-Id: Ie1726b1ac01acb4c142292c6b4223c5ea23dabd4
Signed-off-by: Tom Pantelis <tpanteli@brocade.com>
Ryan Goulding [Thu, 22 Dec 2016 20:20:33 +0000 (20:20 +0000)]
Merge "Deprecate aaa-authn-store bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:20:16 +0000 (20:20 +0000)]
Merge "Deprecate the authz model"
Ryan Goulding [Thu, 22 Dec 2016 20:20:11 +0000 (20:20 +0000)]
Merge "Move the default tokenStore service to aaa-h2 bundle"
Ryan Goulding [Thu, 22 Dec 2016 20:19:16 +0000 (20:19 +0000)]
Merge "Deprecate aaa-authn-federation bundle"
Ryan Goulding [Thu, 22 Dec 2016 20:19:05 +0000 (20:19 +0000)]
Merge "Deprecate aaa-authn-sssd bundle"
Mohamed El-Serngawy [Thu, 22 Dec 2016 20:08:57 +0000 (15:08 -0500)]
Deprecat aaa-authn-idpmapping bundle
Deprecat aaa-authn-idpmapping bundle as we are using shiro
for federation
Change-Id: I1c7e88cbc72f92562aa2092c49957e0268fae14f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 19:37:54 +0000 (14:37 -0500)]
Deprecate aaa-authn-federation bundle
Deprecate aaa-authn-federation bundle as we are using
shiro for federation.
Change-Id: I07016fd9e185da4f60f5aef260a14bad540f48ed
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:59:30 +0000 (13:59 -0500)]
Deprecate aaa-authn-sssd bundle
Deprecate aaa-authn-sssd bundle as we will move to use
shiro for federation
Change-Id: Icb01dcee936b35a1e0e95621ff333b424481b279
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:50:50 +0000 (13:50 -0500)]
Deprecate aaa-authn-store bundle
The aaa-authn-store bundle implementation has been
moved to aaa-h2-store bundle to be in consist with
other datastores.
https://git.opendaylight.org/gerrit/#/c/49271/
Change-Id: Ia96b9650e20c4647753c7f9ca26d53c1ad9dd611
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Thu, 22 Dec 2016 18:42:49 +0000 (13:42 -0500)]
Deprecate aaa-credential-store-api bundle
The aaa-credential-store-api bundle only has the yang model
and has no implementation.
Change-Id: I5ad4776ac96bfa3d537321105f4858e8fcacc4aa
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 22 Dec 2016 18:20:23 +0000 (13:20 -0500)]
Deprecate the authz model
The authz model causes confusion in the community; several people want to use
authorization functionality but it was never implemented correctly. The original
contributor has since stopped participating in upstream AAA. The model does not
work correctly.
The AAA team does want to add authz other than shiro based, but this will have to
be handled by severely changing the existing model, such that keeping it around is
quite silly since it never worked properly in the first place.
Change-Id: Id3035ca71ec483e8d8c887179a635439898b7e64
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Wed, 21 Dec 2016 22:41:45 +0000 (22:41 +0000)]
Merge "Add MD-SAL authn model to shiro.ini"
Mohamed El-Serngawy [Mon, 12 Dec 2016 20:27:34 +0000 (15:27 -0500)]
Move the default tokenStore service to aaa-h2 bundle
The default tokenStore service exist outside
of the default dataStore bundle aaa-h2. As each
data store has its own tokenStore service, I moved
the default tokenStore to the aaa-h2 bundle to prevent
conflicts with other data stores.
Change-Id: I1cb241a479c5f8d86dcfc032bff4eb955c0561a1
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Robert Varga [Tue, 20 Dec 2016 13:02:37 +0000 (14:02 +0100)]
Eliminate dependencies on slf4j-{api,simple}
These are already present in odlparent, no need to repeat
them here.
Change-Id: I367c78b1f8548aa5b5c8d0a590783b073beca27f
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:42:42 +0000 (13:42 +0100)]
Eliminate use of bundle.plugin.version
The plugin has a managed version, remove the dependency
on its version being defined in a property.
Change-Id: I9c3fe7ee9ce11f81edad244c66050eab870af3d5
Signed-off-by: Robert Varga <rovarga@cisco.com>
Robert Varga [Tue, 20 Dec 2016 12:43:20 +0000 (13:43 +0100)]
Remove duplicate dependencies
Cleanup features/shiro/pom.xml to not include
multiple dependency declarations.
Change-Id: I5bdb88523460da2e616ca82a0029db73531199fd
Signed-off-by: Robert Varga <rovarga@cisco.com>
Ryan Goulding [Wed, 14 Dec 2016 22:40:13 +0000 (22:40 +0000)]
Merge "Fix the Password option at cert commands"
Mohamed El-Serngawy [Wed, 7 Dec 2016 21:17:20 +0000 (16:17 -0500)]
Fix the Password option at cert commands
Use the stream input to hide the password characters and use
printstream to print label at the console instead of system.out
Change-Id: Id970d50265f48ebca44732173feb0b27c6ab955f
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 13 Dec 2016 17:59:06 +0000 (17:59 +0000)]
Merge "aaa-h2-store file size reduced by 1.7 MB"
Michael Vorburger [Mon, 12 Dec 2016 22:50:25 +0000 (23:50 +0100)]
aaa-cli-jar file size significantly reduced from 12 MB to 2.5 MB
it's now simply called aaa-cli-jar-*.jar instead of
aaa-cli-jar-*-jar-with-dependencies.jar
instead of the current 12 MB JAR file size, by assembling it using
maven-shade-plugin instead of the maven-assembly-plugin, which even
without minimizeJar leads to a 5.7, and with some clever minimizeJar
tweaking lets us make this just 2.5 MB.
Change-Id: I687605b62101d4136e02350efba0af4ddbfbbfa7
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 12 Dec 2016 23:02:31 +0000 (00:02 +0100)]
aaa-h2-store file size reduced by 1.7 MB
by avoid to include H2 JAR in this bundle JAR; this should be not
required, because the class files of the H2 JAR are already in this
bundle JAR ("inlined"); they don't have to be there twice...
read also
http://felix.apache.org/documentation/subprojects/apache-felix-maven-bundle-plugin-bnd.html#embed-dependency-and-export-package
for more background about this
Change-Id: I660a8edf26ba793af1a859aae24bd6b5778d3cc8
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
melserngawy [Fri, 2 Dec 2016 21:19:59 +0000 (16:19 -0500)]
Add MD-SAL authn model to shiro.ini
Set the MD-SAL authn-model REST url at shiro.in
to be accessible by admin role only
Change-Id: I84d6cd7adb3054dbb9673868d2c14cb5d84bd7cd
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 10 Aug 2016 15:31:25 +0000 (11:31 -0400)]
Clean the aaa features
- Remove odl-aaa-authn-no-cluster feature same as odl-aaa-authn feature
- Remove odl-aaa-authn-sssd-no-cluster feature as it was depend on
odl-aaa-authn-no-cluster
Change-Id: Ie70b968530e4dba2c5b41262e1447918fa15f532
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 29 Nov 2016 18:54:37 +0000 (18:54 +0000)]
Merge "New AAA CLI standalone JAR to create users and set passwords"
Michael Vorburger [Mon, 21 Nov 2016 15:43:45 +0000 (16:43 +0100)]
Introduce IdMServiceImpl, refactoring IdmLightProxy
This would make it easier to re-use this code from other places, such as
the planned new CLI utility.
Change-Id: I3c2c5d210d6c34602ecf41a7e84a3a1fb4d9d6aa
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 18:04:37 +0000 (19:04 +0100)]
New AAA CLI standalone JAR to create users and set passwords
This creates a (new) "executable fat JAR", which is NOT an OSGi bundle,
allowing installation tools such as the one used by Tim Rozet for OPNFV,
to create users and set passwords, without requiring ODL REST API to
run, and (more importantly) without knowing the current password.
As discussed and agreed with Ryan Goulding and others during the weekly
"Kernel call" on Tuesday Nov 15th this is still secure, as it's based on
physical access to the database file.
https://wiki.opendaylight.org/view/AAA:Changing_Account_Passwords has
end-user facing documentation (which may be updated as this gets
merged, perhaps later packaged, etc.)
Change-Id: I0f9f991520128b53460b3ee80dbbe0b4b824ca5b
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 22 Nov 2016 12:49:45 +0000 (13:49 +0100)]
StoreBuilder improvements for re-use from Main CLI, and security
Change-Id: Ic10b8dce469a279ac6bb98e6313ee3b82932e299
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Mon, 21 Nov 2016 21:53:57 +0000 (21:53 +0000)]
Merge "De-static-ify H2Store's IdmLightConfig and intro. proper design"
Ryan Goulding [Mon, 21 Nov 2016 21:53:35 +0000 (21:53 +0000)]
Merge "Move StoreBuilder from idmlight to api"
Michael Vorburger [Mon, 21 Nov 2016 15:51:09 +0000 (16:51 +0100)]
Move StoreBuilder from idmlight to api
This makes it easier to re-use this code from other places, such as the
planned new CLI utility (in which I'd like to avoid a dependency to
idmlight, which is full of OSGi and REST related code).
Change-Id: If46ebb5929208ddd2583426df88200edf61b0b53
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Mon, 21 Nov 2016 16:30:29 +0000 (17:30 +0100)]
IdmLightConfig use File.separatorChar instead of '/'
This was always already a '/' in the original code before my recent
refactorings (and, presumably, never caused issues on Windows), but as
requested by Ryan in
https://git.opendaylight.org/gerrit/#/c/48372/8/aaa-h2-store/src/main/java/org/opendaylight/aaa/h2/config/IdmLightConfig.java@121
Change-Id: Ibe08409a71d58fd099c4c653c6053627e35229ec
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 19:54:01 +0000 (20:54 +0100)]
De-static-ify H2Store's IdmLightConfig and intro. proper design
This is required to be able to configure a H2Store with an
IdmLightConfig, e.g. from the upcoming new CLI tool.
The intention then is to use this to subsequently introduce a real JDBC
Connection Pool on top of this new API. As a first step, the changes
introduced here (should, hopefully) functionally still make it behave
exactly as the current implementation.
Change-Id: Ia28f5eb9c154c5c74fcef7ad285eee8b6be32ffb
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Tue, 15 Nov 2016 18:18:42 +0000 (19:18 +0100)]
H2Store IdmLightConfig made configurable (immutable)
Change-Id: I13a93fa6bd8e72617ba7831fbc408580145c0807
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Ryan Goulding [Fri, 11 Nov 2016 22:20:47 +0000 (22:20 +0000)]
Merge "Revert "Fix the unit Test""
Ryan Goulding [Fri, 11 Nov 2016 21:14:34 +0000 (21:14 +0000)]
Revert "Fix the unit Test"
This reverts commit
359f27de1b5ba0c75bd488f84e797a24122172a1.
Change-Id: Ia8ca62266513ddd58e8518bd88f71b39b094c495
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Ryan Goulding [Fri, 11 Nov 2016 14:21:48 +0000 (14:21 +0000)]
Merge "Add change ODL user password command"
Ryan Goulding [Fri, 11 Nov 2016 14:20:58 +0000 (14:20 +0000)]
Merge "Fix the unit Test"
Mohamed El-Serngawy [Wed, 9 Nov 2016 21:56:40 +0000 (16:56 -0500)]
Add change ODL user password command
Change-Id: I2303a70e1edb38f30a7e02a6c68a3844e1fad8a9
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 10 Nov 2016 17:08:23 +0000 (17:08 +0000)]
Merge "Update the rpc description with the right names"
Ryan Goulding [Thu, 10 Nov 2016 16:56:06 +0000 (16:56 +0000)]
Merge "Add get-cipher-suites command"
Mohamed El-Serngawy [Wed, 9 Nov 2016 18:43:25 +0000 (13:43 -0500)]
Update the rpc description with the right names
Change-Id: I4d7d98c27e5d8200e1b1bdaf5c459860cf9c76b2
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 9 Nov 2016 19:09:38 +0000 (14:09 -0500)]
Add get-cipher-suites command
Change-Id: Ib5e0f75ef38a9885b3007165eb8fe8092576644e
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Michael Vorburger [Thu, 10 Nov 2016 14:39:15 +0000 (15:39 +0100)]
Checkstyle configuration clean-up, removing what is now in odlparent
This is more consistent with how other projects do it now, and more
importantly makes Checkstlye work under Eclipse for AAA (kinda, see
below), to correctly ignore generated code (which without this change it
doesn't, and you get lots of red). It also helps avoid a major
confusion at least I just had when debugging this problem.. ;-)
It's actually not EXACTLY the same configuration as the one in
odlparent; in aaa someone had come up with a "trick" using
<sourceDirectory>${project.basedir}, presumable to scan not just src/**
but even root and other directories; this technically looses that, but I
think in the short term for consistency that's better. In the medium
term, maybe I'll try to see if that approach could be generally applied
to odlparent.
This change does not touch AAA's use of yangtools' checkstyle-logging,
which is currently discouraged because it breaks Eclipse; more about
that perhaps in a separate future Gerrit.
Change-Id: I94acce1111004a287c1566f058fa1a010829266f
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Michael Vorburger [Wed, 9 Nov 2016 14:54:28 +0000 (15:54 +0100)]
target-ide/ on .gitignore
Change-Id: I918c5b51810973f0d91ad935578e54b5243281b7
Signed-off-by: Michael Vorburger <vorburger@redhat.com>
Mohamed El-Serngawy [Wed, 2 Nov 2016 19:13:05 +0000 (15:13 -0400)]
Fix the unit Test
update the old unit test classes with the new refactored classes
Change-Id: I43438fcb0a6724c1bbbe6956d169f6b7f93a4b6c
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Tue, 1 Nov 2016 14:52:28 +0000 (14:52 +0000)]
Merge "Refactor the aaa-cert bundle"
melserngawy [Fri, 21 Oct 2016 21:27:36 +0000 (17:27 -0400)]
Refactor the aaa-cert bundle
Refactoring the aaa-cert bundle to have one service managing
the certificates and keystores in ODL.
Change-Id: Ie17a1c868fb9d2a22772ffe4dc4237e594b9e87b
Signed-off-by: melserngawy <melserngawy@inocybe.com>
Mohamed El-Serngawy [Wed, 26 Oct 2016 21:37:57 +0000 (17:37 -0400)]
Remove the encryption Tag
As the cipher is appended with the encryption tag, if the tag value
modified or changed the encryption service refuse to decrypt the cipher
and actually it is useless.
Change-Id: Iff49bc7a43547d258eccddb695781105af24b3b6
Signed-off-by: Mohamed El-Serngawy <melserngawy@inocybe.com>
Ryan Goulding [Thu, 20 Oct 2016 20:34:13 +0000 (16:34 -0400)]
Remove stale AAA IDM REST information
The curl commands documented have fallen out of sync with the data model.
The updated documentation is located in the proper docs now. idmtool
is also suggested as a means to manipulate AAA IDM data.
Change-Id: If403f176f6f49b04be6cba92c90dca057e04ea5e
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
Mohamed El-Serngawy [Thu, 20 Oct 2016 18:59:37 +0000 (18:59 +0000)]
Merge "Fix branding in idmtool script"