import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.authorization.UserLevel;
+import org.opendaylight.controller.sal.core.Description;
import org.opendaylight.controller.sal.core.Name;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.core.NodeConnector;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.ServiceHelper;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.switchmanager.ISwitchManager;
import org.opendaylight.controller.switchmanager.Switch;
import org.opendaylight.controller.switchmanager.SwitchConfig;
-import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.DaylightWebUtil;
import org.opendaylight.controller.web.IDaylightWeb;
import org.springframework.stereotype.Controller;
public class Flows implements IDaylightWeb {
private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
private static final String WEB_NAME = "Flows";
+
private static final String WEB_ID = "flows";
private static final short WEB_ORDER = 2;
@RequestMapping(value = "/main")
@ResponseBody
- public Set<Map<String, Object>> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ public Map<String, Object> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+ if (privilege == Privilege.NONE) {
+ return null;
+ }
+
// fetch frm
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
// get static flow list
List<FlowConfig> staticFlowList = frm.getStaticFlows();
- Set<Map<String, Object>> output = new HashSet<Map<String, Object>>();
+ Set<Map<String, Object>> flowSet = new HashSet<Map<String, Object>>();
for (FlowConfig flowConfig : staticFlowList) {
Map<String, Object> entry = new HashMap<String, Object>();
entry.put("flow", flowConfig);
entry.put("name", flowConfig.getName());
Node node = flowConfig.getNode();
- String description = switchManager.getNodeDescription(node);
- entry.put("node", (description.isEmpty() || description
- .equalsIgnoreCase("none")) ? node.toString() : description);
+ entry.put("node", getNodeDesc(node, switchManager));
entry.put("nodeId", node.toString());
- output.add(entry);
+ flowSet.add(entry);
}
+ Map <String, Object> output = new HashMap<String, Object>(2);
+ output.put("flows", flowSet);
+ output.put("privilege", privilege);
return output;
}
@RequestMapping(value = "/node-ports")
@ResponseBody
public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
if (switchManager == null) {
entry.put("ports", port);
// add name
- String description = switchManager.getNodeDescription(node
- .getNode());
- entry.put("name", (description.isEmpty() || description
- .equalsIgnoreCase("none")) ? node.getNode().toString()
- : description);
+ entry.put("name", getNodeDesc(node.getNode(), switchManager));
// add to the node
nodes.put(node.getNode().toString(), entry);
@RequestMapping(value = "/node-flows")
@ResponseBody
public Map<String, Object> getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
if (switchManager == null) {
String nodeDesc = node.toString();
SwitchConfig config = switchManager.getSwitchConfig(node
.toString());
- if (config != null) {
- nodeDesc = config.getNodeDescription();
+ if ((config != null) && (config.getProperty(Description.propertyName) != null)) {
+ nodeDesc = ((Description) config.getProperty(Description.propertyName)).getValue();
}
nodes.put(nodeDesc, flows.size());
@RequestParam(required = false) String body,
@RequestParam(required = true) String nodeId,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
-
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
flow.setNode(node);
Status result = new Status(StatusCode.BADREQUEST, "Invalid request");
if (action.equals("add")) {
- result = frm.addStaticFlow(flow, false);
+ result = frm.addStaticFlow(flow);
+ DaylightWebUtil.auditlog("Flow", userName, "added", flow.getName(), containerName);
}
return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
.getDescription();
}
- @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+ @RequestMapping(value = "/flow/{nodeId}/{name:.*}", method = RequestMethod.POST)
@ResponseBody
public String removeFlow(@PathVariable("nodeId") String nodeId,
@PathVariable("name") String name,
@RequestParam(required = true) String action,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
-
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
}
if (action.equals("remove")) {
result = frm.removeStaticFlow(name, node);
+ if(result.isSuccess()) {
+ DaylightWebUtil.auditlog("Flow", userName, "removed", name, containerName);
+ }
} else if (action.equals("toggle")) {
result = frm.toggleStaticFlowStatus(name, node);
+ if(result.isSuccess()) {
+ DaylightWebUtil.auditlog("Flow", userName, "toggled", name, containerName);
+ }
} else {
result = new Status(StatusCode.BADREQUEST, "Unknown action");
}
.getDescription();
}
- /**
- * Returns whether the current user's level is same or above the required
- * authorization level.
- *
- * @param requiredLevel
- * the authorization level required
- */
- private boolean isUserAuthorized(UserLevel requiredLevel,
- HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager == null) {
- return false;
- }
-
- String username = request.getUserPrincipal().getName();
- UserLevel userLevel = userManager.getUserLevel(username);
- return (userLevel.ordinal() <= requiredLevel.ordinal());
+ private String getNodeDesc(Node node, ISwitchManager switchManager) {
+ Description desc = (Description) switchManager.getNodeProp(node, Description.propertyName);
+ String description = (desc == null) ? "" : desc.getValue();
+ return (description.isEmpty() || description.equalsIgnoreCase("none")) ? node.toString() : description;
}
}
Code Review / controller.git / blobdiff