X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fappauth%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fappauth%2Fauthorization%2FAuthorization.java;h=b872f49130205d239f9ee9bfac647b09eb7a241e;hp=acfc7252ef2158deeaebae0210584b75179cf4fd;hb=9293aee68cd3cf39a39d13b448e16b5c9872e9ca;hpb=d059b1faef43031951d426048974fa9b32dceba3 diff --git a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java index acfc7252ef..b872f49130 100644 --- a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java +++ b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java @@ -16,6 +16,7 @@ import java.util.Map.Entry; import java.util.Set; import java.util.concurrent.ConcurrentMap; +import org.opendaylight.controller.containermanager.IContainerAuthorization; import org.opendaylight.controller.sal.authorization.AppRoleLevel; import org.opendaylight.controller.sal.authorization.IResourceAuthorization; import org.opendaylight.controller.sal.authorization.Privilege; @@ -26,7 +27,6 @@ import org.opendaylight.controller.sal.utils.ServiceHelper; import org.opendaylight.controller.sal.utils.Status; import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.usermanager.IUserManager; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -67,6 +67,11 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class "Controller roles cannot be explicitely " + "created in App context"); } + if (isContainerRole(role)) { + return new Status(StatusCode.NOTALLOWED, + "Container roles cannot be explicitely " + + "created in App context"); + } if (isRoleInUse(role)) { return new Status(StatusCode.CONFLICT, "Role already in use"); } @@ -85,7 +90,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class protected Status createRoleInternal(String role, AppRoleLevel level) { roles.put(role, level); groupsAuthorizations.put(role, new HashSet()); - return new Status(StatusCode.SUCCESS, null); + return new Status(StatusCode.SUCCESS); } @Override @@ -97,14 +102,17 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class return new Status(StatusCode.NOTALLOWED, "Controller roles cannot be removed"); } - + if (isContainerRole(role)) { + return new Status(StatusCode.NOTALLOWED, + "Container roles cannot be removed"); + } return removeRoleInternal(role); } protected Status removeRoleInternal(String role) { groupsAuthorizations.remove(role); roles.remove(role); - return new Status(StatusCode.SUCCESS, null); + return new Status(StatusCode.SUCCESS); } @Override @@ -126,7 +134,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class } //verify group name is unique if (resourceGroups.containsKey(groupName)) { - return new Status(StatusCode.CONFLICT, "Group name already exists"); + return new Status(StatusCode.CONFLICT, "Group name already exists"); } //try adding resources, discard if not of type T @@ -139,9 +147,6 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class allAdded = false; } } - /*if (toBeAdded.size() == 0){ // TODO andrekim - we should have the ability to create a group with no resources (so we can add and delete entries) - return new Status(StatusCode.NOTACCEPTABLE, "Group not created. No valid resources specified"); - }*/ resourceGroups.put(groupName, toBeAdded); return (allAdded ? new Status(StatusCode.SUCCESS, "All resources added succesfully") : new Status(StatusCode.SUCCESS, "One or more resources couldn't be added")); @@ -155,6 +160,8 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class Set group = resourceGroups.get(groupName); if (group != null && resource != null) { group.add(resource); + // Update cluster + resourceGroups.put(groupName, group); return new Status(StatusCode.SUCCESS, "Resource added successfully"); } @@ -164,30 +171,29 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class public Status removeRoleResourceGroupMapping(String groupName) { List affectedRoles = new ArrayList(); Status result; - for (Entry> pairs : groupsAuthorizations - .entrySet()) { + for (Entry> pairs : groupsAuthorizations.entrySet()) { String role = pairs.getKey(); Set groups = pairs.getValue(); for (ResourceGroup group : groups) { - if (group.getGroupName().equals(groupName)) { - affectedRoles.add(role); - break; - } + if (group.getGroupName().equals(groupName)) { + affectedRoles.add(role); + break; + } } } StringBuffer msg = new StringBuffer(); for (String role : affectedRoles) { - result = unassignResourceGroupFromRole(groupName, role); - if (!result.isSuccess()) { + result = unassignResourceGroupFromRole(groupName, role); + if (!result.isSuccess()) { msg.append(result.getDescription()); msg.append(' '); - } - } + } + } if (msg.length() != 0) { - return new Status(StatusCode.BADREQUEST, msg.toString()); + return new Status(StatusCode.BADREQUEST, msg.toString()); } else { - return new Status(StatusCode.SUCCESS); + return new Status(StatusCode.SUCCESS); } } @@ -201,16 +207,11 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class return new Status(StatusCode.NOTALLOWED, "All resource group cannot be removed"); } - - Status result = removeRoleResourceGroupMapping(groupName); - resourceGroups.remove(groupName); + Status result = removeRoleResourceGroupMapping(groupName); - if (!result.isSuccess()) { - return result; - } - - return new Status(StatusCode.SUCCESS, null); + return result.isSuccess() ? result : + new Status(StatusCode.SUCCESS, "Failed removing group from: " + result.getDescription()); } @@ -221,6 +222,8 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class Set group = resourceGroups.get(groupName); if (group != null && group.remove(resource)) { + // Update cluster + resourceGroups.put(groupName, group); return new Status(StatusCode.SUCCESS, "Resource removed successfully"); } @@ -440,10 +443,12 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class return assignResourceGroupToRoleInternal(group, privilege, role); } - protected Status assignResourceGroupToRoleInternal(String group, - Privilege privilege, String role) { - groupsAuthorizations.get(role).add(new ResourceGroup(group, privilege)); - return new Status(StatusCode.SUCCESS, null); + protected Status assignResourceGroupToRoleInternal(String group, Privilege privilege, String role) { + Set roleGroups = groupsAuthorizations.get(role); + roleGroups.add(new ResourceGroup(group, privilege)); + // Update cluster + groupsAuthorizations.put(role, roleGroups); + return new Status(StatusCode.SUCCESS); } @Override @@ -489,8 +494,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class return unassignResourceGroupFromRoleInternal(group, role); } - protected Status unassignResourceGroupFromRoleInternal(String group, - String role) { + protected Status unassignResourceGroupFromRoleInternal(String group, String role) { ResourceGroup target = null; for (ResourceGroup rGroup : groupsAuthorizations.get(role)) { if (rGroup.getGroupName().equals(group)) { @@ -499,11 +503,13 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class } } if (target == null) { - return new Status(StatusCode.SUCCESS, "Group " + group - + " was not assigned to " + role); + return new Status(StatusCode.SUCCESS, "Group " + group + " was not assigned to " + role); } else { - groupsAuthorizations.get(role).remove(target); - return new Status(StatusCode.SUCCESS); + Set groups = groupsAuthorizations.get(role); + groups.remove(target); + // Update cluster + groupsAuthorizations.put(role, groups); + return new Status(StatusCode.SUCCESS); } } @@ -518,7 +524,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class @Override public List getResources(String groupName) { return (resourceGroups.containsKey(groupName)) ? new ArrayList( - resourceGroups.get(groupName)) : new ArrayList(); + resourceGroups.get(groupName)) : new ArrayList(0); } @Override @@ -602,6 +608,15 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class .equals(UserLevel.NETWORKOPERATOR.toString())); } + private boolean isContainerRole(String role) { + IContainerAuthorization containerAuth = (IContainerAuthorization) ServiceHelper.getGlobalInstance( + IContainerAuthorization.class, this); + if (containerAuth == null) { + return false; + } + return containerAuth.isApplicationRole(role); + } + private boolean isRoleInUse(String role) { IUserManager userManager = (IUserManager) ServiceHelper .getGlobalInstance(IUserManager.class, this);