import java.util.Set;
import java.util.concurrent.ConcurrentMap;
+import org.opendaylight.controller.containermanager.IContainerAuthorization;
import org.opendaylight.controller.sal.authorization.AppRoleLevel;
import org.opendaylight.controller.sal.authorization.IResourceAuthorization;
import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.usermanager.IUserManager;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
"Controller roles cannot be explicitely "
+ "created in App context");
}
+ if (isContainerRole(role)) {
+ return new Status(StatusCode.NOTALLOWED,
+ "Container roles cannot be explicitely "
+ + "created in App context");
+ }
if (isRoleInUse(role)) {
return new Status(StatusCode.CONFLICT, "Role already in use");
}
protected Status createRoleInternal(String role, AppRoleLevel level) {
roles.put(role, level);
groupsAuthorizations.put(role, new HashSet<ResourceGroup>());
- return new Status(StatusCode.SUCCESS, null);
+ return new Status(StatusCode.SUCCESS);
}
@Override
return new Status(StatusCode.NOTALLOWED,
"Controller roles cannot be removed");
}
-
+ if (isContainerRole(role)) {
+ return new Status(StatusCode.NOTALLOWED,
+ "Container roles cannot be removed");
+ }
return removeRoleInternal(role);
}
protected Status removeRoleInternal(String role) {
groupsAuthorizations.remove(role);
roles.remove(role);
- return new Status(StatusCode.SUCCESS, null);
+ return new Status(StatusCode.SUCCESS);
}
@Override
}
//verify group name is unique
if (resourceGroups.containsKey(groupName)) {
- return new Status(StatusCode.CONFLICT, "Group name already exists");
+ return new Status(StatusCode.CONFLICT, "Group name already exists");
}
//try adding resources, discard if not of type T
allAdded = false;
}
}
- /*if (toBeAdded.size() == 0){ // TODO andrekim - we should have the ability to create a group with no resources (so we can add and delete entries)
- return new Status(StatusCode.NOTACCEPTABLE, "Group not created. No valid resources specified");
- }*/
resourceGroups.put(groupName, toBeAdded);
return (allAdded ? new Status(StatusCode.SUCCESS, "All resources added succesfully") :
new Status(StatusCode.SUCCESS, "One or more resources couldn't be added"));
Set<T> group = resourceGroups.get(groupName);
if (group != null && resource != null) {
group.add(resource);
+ // Update cluster
+ resourceGroups.put(groupName, group);
return new Status(StatusCode.SUCCESS, "Resource added successfully");
}
public Status removeRoleResourceGroupMapping(String groupName) {
List<String> affectedRoles = new ArrayList<String>();
Status result;
- for (Entry<String, Set<ResourceGroup>> pairs : groupsAuthorizations
- .entrySet()) {
+ for (Entry<String, Set<ResourceGroup>> pairs : groupsAuthorizations.entrySet()) {
String role = pairs.getKey();
Set<ResourceGroup> groups = pairs.getValue();
for (ResourceGroup group : groups) {
- if (group.getGroupName().equals(groupName)) {
- affectedRoles.add(role);
- break;
- }
+ if (group.getGroupName().equals(groupName)) {
+ affectedRoles.add(role);
+ break;
+ }
}
}
StringBuffer msg = new StringBuffer();
for (String role : affectedRoles) {
- result = unassignResourceGroupFromRole(groupName, role);
- if (!result.isSuccess()) {
+ result = unassignResourceGroupFromRole(groupName, role);
+ if (!result.isSuccess()) {
msg.append(result.getDescription());
msg.append(' ');
- }
- }
+ }
+ }
if (msg.length() != 0) {
- return new Status(StatusCode.BADREQUEST, msg.toString());
+ return new Status(StatusCode.BADREQUEST, msg.toString());
} else {
- return new Status(StatusCode.SUCCESS);
+ return new Status(StatusCode.SUCCESS);
}
}
return new Status(StatusCode.NOTALLOWED,
"All resource group cannot be removed");
}
-
- Status result = removeRoleResourceGroupMapping(groupName);
-
resourceGroups.remove(groupName);
+ Status result = removeRoleResourceGroupMapping(groupName);
- if (!result.isSuccess()) {
- return result;
- }
-
- return new Status(StatusCode.SUCCESS, null);
+ return result.isSuccess() ? result :
+ new Status(StatusCode.SUCCESS, "Failed removing group from: " + result.getDescription());
}
Set<T> group = resourceGroups.get(groupName);
if (group != null && group.remove(resource)) {
+ // Update cluster
+ resourceGroups.put(groupName, group);
return new Status(StatusCode.SUCCESS, "Resource removed successfully");
}
return assignResourceGroupToRoleInternal(group, privilege, role);
}
- protected Status assignResourceGroupToRoleInternal(String group,
- Privilege privilege, String role) {
- groupsAuthorizations.get(role).add(new ResourceGroup(group, privilege));
- return new Status(StatusCode.SUCCESS, null);
+ protected Status assignResourceGroupToRoleInternal(String group, Privilege privilege, String role) {
+ Set<ResourceGroup> roleGroups = groupsAuthorizations.get(role);
+ roleGroups.add(new ResourceGroup(group, privilege));
+ // Update cluster
+ groupsAuthorizations.put(role, roleGroups);
+ return new Status(StatusCode.SUCCESS);
}
@Override
return unassignResourceGroupFromRoleInternal(group, role);
}
- protected Status unassignResourceGroupFromRoleInternal(String group,
- String role) {
+ protected Status unassignResourceGroupFromRoleInternal(String group, String role) {
ResourceGroup target = null;
for (ResourceGroup rGroup : groupsAuthorizations.get(role)) {
if (rGroup.getGroupName().equals(group)) {
}
}
if (target == null) {
- return new Status(StatusCode.SUCCESS, "Group " + group
- + " was not assigned to " + role);
+ return new Status(StatusCode.SUCCESS, "Group " + group + " was not assigned to " + role);
} else {
- groupsAuthorizations.get(role).remove(target);
- return new Status(StatusCode.SUCCESS);
+ Set<ResourceGroup> groups = groupsAuthorizations.get(role);
+ groups.remove(target);
+ // Update cluster
+ groupsAuthorizations.put(role, groups);
+ return new Status(StatusCode.SUCCESS);
}
}
@Override
public List<Object> getResources(String groupName) {
return (resourceGroups.containsKey(groupName)) ? new ArrayList<Object>(
- resourceGroups.get(groupName)) : new ArrayList<Object>();
+ resourceGroups.get(groupName)) : new ArrayList<Object>(0);
}
@Override
.equals(UserLevel.NETWORKOPERATOR.toString()));
}
+ private boolean isContainerRole(String role) {
+ IContainerAuthorization containerAuth = (IContainerAuthorization) ServiceHelper.getGlobalInstance(
+ IContainerAuthorization.class, this);
+ if (containerAuth == null) {
+ return false;
+ }
+ return containerAuth.isApplicationRole(role);
+ }
+
private boolean isRoleInUse(String role) {
IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);