diff options
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-idmlight/src/main')
13 files changed, 0 insertions, 2173 deletions
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java deleted file mode 100644 index 6fcba5d6..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import javax.ws.rs.core.Application; - -import org.opendaylight.aaa.idm.rest.DomainHandler; -import org.opendaylight.aaa.idm.rest.RoleHandler; -import org.opendaylight.aaa.idm.rest.UserHandler; -import org.opendaylight.aaa.idm.rest.VersionHandler; - -/** - * A JAX-RS application for IdmLight. The REST endpoints delivered by this - * application are in the form: - * <code>http://{HOST}:{PORT}/auth/v1/</code> - * - * For example, the users REST endpoint is: - * <code>http://{HOST}:{PORT}/auth/v1/users</code> - * - * This application is responsible for interaction with the backing h2 - * database store. - * - * @author liemmn - * @author Ryan Goulding (ryandgoulding@gmail.com) - * @see <code>org.opendaylight.aaa.idm.rest.DomainHandler</code> - * @see <code>org.opendaylight.aaa.idm.rest.UserHandler</code> - * @see <code>org.opendaylight.aaa.idm.rest.RoleHandler</code> - */ -public class IdmLightApplication extends Application { - - //TODO create a bug to address the fact that the implementation assumes 128 - // as the max length, even though this claims 256. - /** - * The maximum field length for identity fields. - */ - public static final int MAX_FIELD_LEN = 256; - public IdmLightApplication() { - } - - @Override - public Set<Class<?>> getClasses() { - return new HashSet<Class<?>>(Arrays.asList(VersionHandler.class, - DomainHandler.class, - RoleHandler.class, - UserHandler.class)); - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java deleted file mode 100644 index d17d2b13..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import com.google.common.base.Preconditions; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; -import org.opendaylight.aaa.ClaimBuilder; -import org.opendaylight.aaa.api.AuthenticationException; -import org.opendaylight.aaa.api.Claim; -import org.opendaylight.aaa.api.CredentialAuth; -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.IIDMStore; -import org.opendaylight.aaa.api.IdMService; -import org.opendaylight.aaa.api.PasswordCredentials; -import org.opendaylight.aaa.api.SHA256Calculator; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Grants; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * An OSGi proxy for the IdmLight server. - * - */ -public class IdmLightProxy implements CredentialAuth<PasswordCredentials>, IdMService { - - private static final Logger LOG = LoggerFactory.getLogger(IdmLightProxy.class); - - /** - * claimCache is responsible for storing the active claims per domain. The - * outer map is keyed by domain, and the inner map is keyed by - * <code>PasswordCredentials</code>. - */ - private static Map<String, Map<PasswordCredentials, Claim>> claimCache = new ConcurrentHashMap<>(); - - // adds a store for the default "sdn" domain - static { - claimCache.put(IIDMStore.DEFAULT_DOMAIN, - new ConcurrentHashMap<PasswordCredentials, Claim>()); - } - - @Override - public Claim authenticate(PasswordCredentials creds) { - Preconditions.checkNotNull(creds); - Preconditions.checkNotNull(creds.username()); - Preconditions.checkNotNull(creds.password()); - String domain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain(); - // FIXME: Add cache invalidation - Map<PasswordCredentials, Claim> cache = claimCache.get(domain); - if (cache == null) { - cache = new ConcurrentHashMap<PasswordCredentials, Claim>(); - claimCache.put(domain, cache); - } - Claim claim = cache.get(creds); - if (claim == null) { - synchronized (claimCache) { - claim = cache.get(creds); - if (claim == null) { - claim = dbAuthenticate(creds); - if (claim != null) { - cache.put(creds, claim); - } - } - } - } - return claim; - } - - /** - * Clears the cache of any active claims. - */ - public static synchronized void clearClaimCache() { - LOG.info("Clearing the claim cache"); - for (Map<PasswordCredentials, Claim> cache : claimCache.values()) { - cache.clear(); - } - } - - private static Claim dbAuthenticate(PasswordCredentials creds) { - Domain domain = null; - User user = null; - String credsDomain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain(); - // check to see domain exists - // TODO: ensure domain names are unique change to 'getDomain' - LOG.debug("get domain"); - try { - domain = AAAIDMLightModule.getStore().readDomain(credsDomain); - if (domain == null) { - throw new AuthenticationException("Domain :" + credsDomain + " does not exist"); - } - } catch (IDMStoreException e) { - throw new AuthenticationException("Error while fetching domain", e); - } - - // check to see user exists and passes cred check - try { - LOG.debug("check user / pwd"); - Users users = AAAIDMLightModule.getStore().getUsers(creds.username(), credsDomain); - List<User> userList = users.getUsers(); - if (userList.size() == 0) { - throw new AuthenticationException("User :" + creds.username() - + " does not exist in domain " + credsDomain); - } - user = userList.get(0); - if (!SHA256Calculator.getSHA256(creds.password(), user.getSalt()).equals( - user.getPassword())) { - throw new AuthenticationException("UserName / Password not found"); - } - - // get all grants & roles for this domain and user - LOG.debug("get grants"); - List<String> roles = new ArrayList<String>(); - Grants grants = AAAIDMLightModule.getStore().getGrants(domain.getDomainid(), - user.getUserid()); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - if (role != null) { - roles.add(role.getName()); - } - } - - // build up the claim - LOG.debug("build a claim"); - ClaimBuilder claim = new ClaimBuilder(); - claim.setUserId(user.getUserid().toString()); - claim.setUser(creds.username()); - claim.setDomain(credsDomain); - for (int z = 0; z < roles.size(); z++) { - claim.addRole(roles.get(z)); - } - return claim.build(); - } catch (IDMStoreException se) { - throw new AuthenticationException("idm data store exception :" + se.toString() + se); - } - } - - @Override - public List<String> listDomains(String userId) { - LOG.debug("list Domains for userId: {}", userId); - List<String> domains = new ArrayList<String>(); - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(userId); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Domain domain = AAAIDMLightModule.getStore().readDomain(grant.getDomainid()); - domains.add(domain.getName()); - } - return domains; - } catch (IDMStoreException se) { - LOG.warn("error getting domains ", se.toString(), se); - return domains; - } - - } - - @Override - public List<String> listRoles(String userId, String domainName) { - LOG.debug("listRoles"); - List<String> roles = new ArrayList<String>(); - - try { - // find domain name for specied domain name - String did = null; - try { - Domain domain = AAAIDMLightModule.getStore().readDomain(domainName); - if (domain == null) { - LOG.debug("DomainName: {}", domainName + " Not found!"); - return roles; - } - did = domain.getDomainid(); - } catch (IDMStoreException e) { - return roles; - } - - // find all grants for uid and did - Grants grants = AAAIDMLightModule.getStore().getGrants(did, userId); - List<Grant> grantList = grants.getGrants(); - for (int z = 0; z < grantList.size(); z++) { - Grant grant = grantList.get(z); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roles.add(role.getName()); - } - - return roles; - } catch (IDMStoreException se) { - LOG.warn("error getting roles ", se.toString(), se); - return roles; - } - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java deleted file mode 100644 index 111665c6..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.IIDMStore; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.User; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * StoreBuilder is triggered during feature installation by - * <code>AAAIDMLightModule.createInstance()</code>. StoreBuilder is responsible - * for initializing the H2 database with initial default user account - * information. By default, the following users are created: - * <ol> - * <li>admin</li> - * <li>user</li> - * </ol> - * - * By default, the following domain is created: - * <ol> - * <li>sdn</li> - * </ol> - * - * By default, the following grants are created: - * <ol> - * <li>admin with admin role on sdn</li> - * <li>admin with user role on sdn</li> - * <li>user with user role on sdn</li> - * </ol> - * - * @author peter.mellquist@hp.com - * @author saichler@cisco.com - */ -public class StoreBuilder { - - private static final Logger LOG = LoggerFactory.getLogger(StoreBuilder.class); - - public static void init(IIDMStore store) throws IDMStoreException { - LOG.info("creating idmlight schema in store"); - - // Check whether the default domain exists. If it exists, then do not - // create default data in the store. - // TODO Address the fact that someone may delete the sdn domain, or make - // sdn mandatory. - Domain defaultDomain = store.readDomain(IIDMStore.DEFAULT_DOMAIN); - if (defaultDomain != null) { - LOG.info("Found default domain in Store, skipping insertion of default data"); - return; - } - - // make domain - Domain domain = new Domain(); - User adminUser = new User(); - User userUser = new User(); - Role adminRole = new Role(); - Role userRole = new Role(); - domain.setEnabled(true); - domain.setName(IIDMStore.DEFAULT_DOMAIN); - domain.setDescription("default odl sdn domain"); - domain = store.writeDomain(domain); - - // Create default users - // "admin" user - adminUser.setEnabled(true); - adminUser.setName("admin"); - adminUser.setDomainid(domain.getDomainid()); - adminUser.setDescription("admin user"); - adminUser.setEmail(""); - adminUser.setPassword("admin"); - adminUser = store.writeUser(adminUser); - // "user" user - userUser.setEnabled(true); - userUser.setName("user"); - userUser.setDomainid(domain.getDomainid()); - userUser.setDescription("user user"); - userUser.setEmail(""); - userUser.setPassword("user"); - userUser = store.writeUser(userUser); - - // Create default Roles ("admin" and "user") - adminRole.setName("admin"); - adminRole.setDomainid(domain.getDomainid()); - adminRole.setDescription("a role for admins"); - adminRole = store.writeRole(adminRole); - userRole.setName("user"); - userRole.setDomainid(domain.getDomainid()); - userRole.setDescription("a role for users"); - userRole = store.writeRole(userRole); - - // Create default grants - Grant grant = new Grant(); - grant.setDomainid(domain.getDomainid()); - grant.setUserid(userUser.getUserid()); - grant.setRoleid(userRole.getRoleid()); - grant = store.writeGrant(grant); - - grant.setDomainid(domain.getDomainid()); - grant.setUserid(adminUser.getUserid()); - grant.setRoleid(userRole.getRoleid()); - grant = store.writeGrant(grant); - - grant.setDomainid(domain.getDomainid()); - grant.setUserid(adminUser.getUserid()); - grant.setRoleid(adminRole.getRoleid()); - grant = store.writeGrant(grant); - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java deleted file mode 100644 index 7ddc0748..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java +++ /dev/null @@ -1,591 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import java.util.ArrayList; -import java.util.List; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.Claim; -import org.opendaylight.aaa.api.model.Domain; -import org.opendaylight.aaa.api.model.Domains; -import org.opendaylight.aaa.api.model.Grant; -import org.opendaylight.aaa.api.model.Grants; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.Roles; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.UserPwd; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database domains table. The REST - * endpoint is <code>/auth/v1/domains</code>. - * - * The following provides examples of curl commands and payloads to utilize the - * domains REST endpoint: - * - * <b>Get All Domains</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains</code> - * - * <b>Get A Specific Domain</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains/{id}</code> - * - * <b>Create A Domain</b> - * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code> - * Example domain.json <code>{ - * "description": "new domain", - * "enabled", "true", - * "name", "not sdn" - * }</code> - * - * <b>Update A Domain</b> - * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code> - * Example domain.json <code>{ - * "description": "new domain description", - * "enabled", "true", - * "name", "not sdn" - * }</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/domains") -public class DomainHandler { - - private static final Logger LOG = LoggerFactory.getLogger(DomainHandler.class); - - /** - * Extracts all domains. - * - * @return a response with all domains stored in the H2 database - */ - @GET - @Produces("application/json") - public Response getDomains() { - LOG.info("Get /domains"); - Domains domains = null; - try { - domains = AAAIDMLightModule.getStore().getDomains(); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domains"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - return Response.ok(domains).build(); - } - - /** - * Extracts the domain represented by <code>domainId</code>. - * - * @param domainId the string domain (i.e., "sdn") - * @return a response with the specified domain - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getDomain(@PathParam("id") String domainId) { - LOG.info("Get /domains/{}", domainId); - Domain domain = null; - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - return Response.ok(domain).build(); - } - - /** - * Creates a domain. The name attribute is required for domain creation. - * Enabled and description fields are optional. Optional fields default - * in the following manner: - * <code>enabled</code>: <code>false</code> - * <code>description</code>: An empty string (<code>""</code>). - * - * @param info passed from Jersey - * @param domain designated by the REST payload - * @return A response stating success or failure of domain creation. - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createDomain(@Context UriInfo info, Domain domain) { - LOG.info("Post /domains"); - try { - if (domain.isEnabled() == null) { - domain.setEnabled(false); - } - if (domain.getName() == null) { - domain.setName(""); - } - if (domain.getDescription() == null) { - domain.setDescription(""); - } - domain = AAAIDMLightModule.getStore().writeDomain(domain); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - return Response.status(201).entity(domain).build(); - } - - /** - * Updates a domain. - * - * @param info passed from Jersey - * @param domain the REST payload - * @param domainId the last part of the path, containing the specified domain id - * @return A response stating success or failure of domain update. - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putDomain(@Context UriInfo info, Domain domain, @PathParam("id") String domainId) { - LOG.info("Put /domains/{}", domainId); - try { - domain.setDomainid(domainId); - domain = AAAIDMLightModule.getStore().updateDomain(domain); - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(200).entity(domain).build(); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error putting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - } - - /** - * Deletes a domain. - * - * @param info passed from Jersey - * @param domainId the last part of the path, containing the specified domain id - * @return A response stating success or failure of domain deletion. - */ - @DELETE - @Path("/{id}") - public Response deleteDomain(@Context UriInfo info, @PathParam("id") String domainId) { - LOG.info("Delete /domains/{}", domainId); - - try { - Domain domain = AAAIDMLightModule.getStore().deleteDomain(domainId); - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error deleting Domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - - /** - * Creates a grant. A grant defines the role a particular user is given on - * a particular domain. For example, by default, AAA installs a grant for - * the "admin" user, granting permission to act with "admin" role on the - * "sdn" domain. - * - * @param info passed from Jersey - * @param domainId the domain the user is allowed to access - * @param userId the user that is allowed to access the domain - * @param grant the payload containing role access controls - * @return A response stating success or failure of grant creation. - */ - @POST - @Path("/{did}/users/{uid}/roles") - @Consumes("application/json") - @Produces("application/json") - public Response createGrant(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId, Grant grant) { - LOG.info("Post /domains/{}/users/{}/roles", domainId, userId); - Domain domain = null; - User user = null; - Role role = null; - String roleId = null; - - // validate domain id - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - grant.setDomainid(domainId); - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - grant.setUserid(userId); - - // validate role id - try { - roleId = grant.getRoleid(); - LOG.info("roleid = {}", roleId); - } catch (NumberFormatException nfe) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Invalid Role id :" + grant.getRoleid()); - return Response.status(404).entity(idmerror).build(); - } - try { - role = AAAIDMLightModule.getStore().readRole(roleId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting role"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (role == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! role :" + grant.getRoleid()); - return Response.status(404).entity(idmerror).build(); - } - - // see if grant already exists for this - try { - Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId); - if (existingGrant != null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Grant already exists for did:" + domainId + " uid:" + userId - + " rid:" + roleId); - return Response.status(403).entity(idmerror).build(); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - // create grant - try { - grant = AAAIDMLightModule.getStore().writeGrant(grant); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - IdmLightProxy.clearClaimCache(); - return Response.status(201).entity(grant).build(); - } - - /** - * Used to validate user access. - * - * @param info passed from Jersey - * @param domainId the domain in question - * @param userpwd the password attempt - * @return A response stating success or failure of user validation. - */ - @POST - @Path("/{did}/users/roles") - @Consumes("application/json") - @Produces("application/json") - public Response validateUser(@Context UriInfo info, @PathParam("did") String domainId, - UserPwd userpwd) { - - LOG.info("GET /domains/{}/users", domainId); - Domain domain = null; - Claim claim = new Claim(); - List<Role> roleList = new ArrayList<Role>(); - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - // check request body for username and pwd - String username = userpwd.getUsername(); - if (username == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("username not specfied in request body"); - return Response.status(400).entity(idmerror).build(); - } - String pwd = userpwd.getUserpwd(); - if (pwd == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("userpwd not specfied in request body"); - return Response.status(400).entity(idmerror).build(); - } - - // find userid for user - try { - Users users = AAAIDMLightModule.getStore().getUsers(username, domainId); - List<User> userList = users.getUsers(); - if (userList.size() == 0) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("did not find username: " + username); - return Response.status(404).entity(idmerror).build(); - } - User user = userList.get(0); - String userPwd = user.getPassword(); - String reqPwd = userpwd.getUserpwd(); - if (!userPwd.equals(reqPwd)) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("password does not match for username: " + username); - return Response.status(401).entity(idmerror).build(); - } - claim.setDomainid(domainId); - claim.setUsername(username); - claim.setUserid(user.getUserid()); - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, user.getUserid()); - List<Grant> grantsList = grants.getGrants(); - for (int i = 0; i < grantsList.size(); i++) { - Grant grant = grantsList.get(i); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roleList.add(role); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Roles"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - claim.setRoles(roleList); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - return Response.ok(claim).build(); - } - - /** - * Get the grants for a user on a domain. - * - * @param info passed from Jersey - * @param domainId the domain in question - * @param userId the user in question - * @return A response containing the grants for a user on a domain. - */ - @GET - @Path("/{did}/users/{uid}/roles") - @Produces("application/json") - public Response getRoles(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId) { - LOG.info("GET /domains/{}/users/{}/roles", domainId, userId); - Domain domain = null; - User user = null; - Roles roles = new Roles(); - List<Role> roleList = new ArrayList<Role>(); - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - - try { - Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, userId); - List<Grant> grantsList = grants.getGrants(); - for (int i = 0; i < grantsList.size(); i++) { - Grant grant = grantsList.get(i); - Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid()); - roleList.add(role); - } - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Roles"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - - roles.setRoles(roleList); - return Response.ok(roles).build(); - } - - /** - * Delete a grant. - * - * @param info passed from Jersey - * @param domainId the domain for the grant - * @param userId the user for the grant - * @param roleId the role for the grant - * @return A response stating success or failure of the grant deletion. - */ - @DELETE - @Path("/{did}/users/{uid}/roles/{rid}") - public Response deleteGrant(@Context UriInfo info, @PathParam("did") String domainId, - @PathParam("uid") String userId, @PathParam("rid") String roleId) { - Domain domain = null; - User user = null; - Role role = null; - - try { - domain = AAAIDMLightModule.getStore().readDomain(domainId); - } catch (IDMStoreException se) { - LOG.error("Error deleting Grant : ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting domain"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (domain == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Domain id :" + domainId); - return Response.status(404).entity(idmerror).build(); - } - - try { - user = AAAIDMLightModule.getStore().readUser(userId); - } catch (IDMStoreException se) { - LOG.error("StoreException : ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting user"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (user == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! User id :" + userId); - return Response.status(404).entity(idmerror).build(); - } - - try { - role = AAAIDMLightModule.getStore().readRole(roleId); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error getting Role"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - if (role == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Not found! Role id :" + roleId); - return Response.status(404).entity(idmerror).build(); - } - - // see if grant already exists - try { - Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId); - if (existingGrant == null) { - IDMError idmerror = new IDMError(); - idmerror.setMessage("Grant does not exist for did:" + domainId + " uid:" + userId - + " rid:" + roleId); - return Response.status(404).entity(idmerror).build(); - } - existingGrant = AAAIDMLightModule.getStore().deleteGrant(existingGrant.getGrantid()); - } catch (IDMStoreException se) { - LOG.error("StoreException: ", se); - IDMError idmerror = new IDMError(); - idmerror.setMessage("Internal error creating grant"); - idmerror.setDetails(se.getMessage()); - return Response.status(500).entity(idmerror).build(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java deleted file mode 100644 index 34a60c0c..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.Role; -import org.opendaylight.aaa.api.model.Roles; -import org.opendaylight.aaa.idm.IdmLightApplication; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database roles table. The REST - * endpoint is <code>/auth/v1/roles</code>. - * - * The following provides examples of curl commands and payloads to utilize the - * roles REST endpoint: - * - * <b>Get All Roles</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles</code> - * - * <b>Get A Specific Role</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles/{id}</code> - * - * <b>Create A Role</b> - * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles</code> - * An example of role.json: - * <code>{ - * "name":"IT Administrator", - * "description":"A user role for IT admins" - * }</code> - * - * <b>Update A Role</b> - * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles/{id}</code> - * An example of role.json: - * <code>{ - * "name":"IT Administrator Limited", - * "description":"A user role for IT admins who can only do one thing" - * }</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/roles") -public class RoleHandler { - private static final Logger LOG = LoggerFactory.getLogger(RoleHandler.class); - - /** - * Extracts all roles. - * - * @return A response with all roles in the H2 database, or internal error if one is encountered - */ - @GET - @Produces("application/json") - public Response getRoles() { - LOG.info("get /roles"); - Roles roles = null; - try { - roles = AAAIDMLightModule.getStore().getRoles(); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error getting roles", se.getMessage()).response(); - } - return Response.ok(roles).build(); - } - - /** - * Extract a specific role identified by <code>id</code> - * - * @param id the String id for the role - * @return A response with the role identified by <code>id</code>, or internal error if one is encountered - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getRole(@PathParam("id") String id) { - LOG.info("get /roles/{}", id); - Role role = null; - - try { - role = AAAIDMLightModule.getStore().readRole(id); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error getting roles", se.getMessage()).response(); - } - - if (role == null) { - return new IDMError(404, "role not found id :" + id, "").response(); - } - return Response.ok(role).build(); - } - - /** - * Creates a role. - * - * @param info passed from Jersey - * @param role the role JSON payload - * @return A response stating success or failure of role creation, or internal error if one is encountered - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createRole(@Context UriInfo info, Role role) { - LOG.info("Post /roles"); - try { - // TODO: role names should be unique! - // name - if (role.getName() == null) { - return new IDMError(404, "name must be defined on role create", "").response(); - } else if (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role name max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // domain - if (role.getDomainid() == null) { - return new IDMError(404, - "The role's domain must be defined on role when creating a role.", "") - .response(); - } else if (role.getDomainid().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role domain max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // description - if (role.getDescription() == null) { - role.setDescription(""); - } else if (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN) { - return new IDMError(400, "role description max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - role = AAAIDMLightModule.getStore().writeRole(role); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error creating role", se.getMessage()).response(); - } - - return Response.status(201).entity(role).build(); - } - - /** - * Updates a specific role identified by <code>id</code>. - * - * @param info passed from Jersey - * @param role the role JSON payload - * @param id the String id for the role - * @return A response stating success or failure of role update, or internal error if one occurs - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putRole(@Context UriInfo info, Role role, @PathParam("id") String id) { - LOG.info("put /roles/{}", id); - - try { - role.setRoleid(id); - - // name - // TODO: names should be unique - if ((role.getName() != null) - && (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN)) { - return new IDMError(400, "role name max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - // description - if ((role.getDescription() != null) - && (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN)) { - return new IDMError(400, "role description max length is :" - + IdmLightApplication.MAX_FIELD_LEN, "").response(); - } - - role = AAAIDMLightModule.getStore().updateRole(role); - if (role == null) { - return new IDMError(404, "role id not found :" + id, "").response(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(200).entity(role).build(); - } catch (IDMStoreException se) { - return new IDMError(500, "internal error putting role", se.getMessage()).response(); - } - } - - /** - * Delete a role. - * - * @param info passed from Jersey - * @param id the String id for the role - * @return A response stating success or failure of user deletion, or internal error if one occurs - */ - @DELETE - @Path("/{id}") - public Response deleteRole(@Context UriInfo info, @PathParam("id") String id) { - LOG.info("Delete /roles/{}", id); - - try { - Role role = AAAIDMLightModule.getStore().deleteRole(id); - if (role == null) { - return new IDMError(404, "role id not found :" + id, "").response(); - } - } catch (IDMStoreException se) { - return new IDMError(500, "internal error deleting role", se.getMessage()).response(); - } - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java deleted file mode 100644 index 1649faa2..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import java.util.Collection; - -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import javax.ws.rs.core.UriInfo; - -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.model.IDMError; -import org.opendaylight.aaa.api.model.User; -import org.opendaylight.aaa.api.model.Users; -import org.opendaylight.aaa.idm.IdmLightApplication; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * REST application used to manipulate the H2 database users table. The REST - * endpoint is <code>/auth/v1/users</code>. - * - * The following provides examples of how curl commands and payloads to utilize - * the users REST endpoint: - * - * <b>Get All Users</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users</code> - * - * <b>Get A Specific User</b> - * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * - * <b>Create A User</b> - * <code>curl -u admin:admin -X POST -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users</code> - * An example of user.json file is: - * <code>{ - * "name": "admin2", - * "password", "admin2", - * "domain": "sdn" - * }</code> - * - * <b>Update A User</b> - * <code>curl -u admin:admin -X PUT -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * An example of user.json file is: - * <code>{ - * "name": "admin2", - * "password", "admin2", - * "domain": "sdn", - * "description", "Simple description." - * }</code> - * - * <b>Delete A User</b> - * <code>curl -u admin:admin -X DELETE http://{HOST}:{PORT}/auth/v1/users/{id}</code> - * - * @author peter.mellquist@hp.com - * @author Ryan Goulding (ryandgoulding@gmail.com) - */ -@Path("/v1/users") -public class UserHandler { - - private static final Logger LOG = LoggerFactory.getLogger(UserHandler.class); - - /** - * If a user is created through the <code>/auth/v1/users</code> rest - * endpoint without a password, the default password is assigned to the - * user. - */ - private final static String DEFAULT_PWD = "changeme"; - - /** - * When an HTTP GET is performed on <code>/auth/v1/users</code>, the - * password field is replaced with <code>REDACTED_PASSWORD</code> for - * security reasons. - */ - private static final String REDACTED_PASSWORD = "**********"; - - /** - * When an HTTP GET is performed on <code>/auth/v1/users</code>, the salt - * field is replaced with <code>REDACTED_SALT</code> for security reasons. - */ - private static final String REDACTED_SALT = "**********"; - - /** - * When creating a user, the description is optional and defaults to an - * empty string. - */ - private static final String DEFAULT_DESCRIPTION = ""; - - /** - * When creating a user, the email is optional and defaults to an empty - * string. - */ - private static final String DEFAULT_EMAIL = ""; - - /** - * Extracts all users. The password and salt fields are redacted for - * security reasons. - * - * @return A response containing the users, or internal error if one occurs - */ - @GET - @Produces("application/json") - public Response getUsers() { - LOG.info("GET /auth/v1/users (extracts all users)"); - - try { - final Users users = AAAIDMLightModule.getStore().getUsers(); - - // Redact the password and salt for security purposes. - final Collection<User> usersList = users.getUsers(); - for (User user : usersList) { - redactUserPasswordInfo(user); - } - - return Response.ok(users).build(); - } catch (IDMStoreException se) { - return internalError("getting", se); - } - } - - /** - * Extracts the user represented by <code>id</code>. The password and salt - * fields are redacted for security reasons. - * - * @param id the unique id of representing the user account - * @return A response with the user information, or internal error if one occurs - */ - @GET - @Path("/{id}") - @Produces("application/json") - public Response getUser(@PathParam("id") String id) { - LOG.info("GET auth/v1/users/ {} (extract user with specified id)", id); - - try { - final User user = AAAIDMLightModule.getStore().readUser(id); - - if (user == null) { - final String error = "user not found! id: " + id; - return new IDMError(404, error, "").response(); - } - - // Redact the password and salt for security purposes. - redactUserPasswordInfo(user); - - return Response.ok(user).build(); - } catch (IDMStoreException se) { - return internalError("getting", se); - } - } - - /** - * REST endpoint to create a user. Name and domain are required attributes, - * and all other fields (description, email, password, enabled) are - * optional. Optional fields default in the following manner: - * <code>description</code>: An empty string (<code>""</code>). - * <code>email</code>: An empty string (<code>""</code>). - * <code>password</code>: <code>changeme</code> <code>enabled</code>: - * <code>true</code> - * - * If a password is not provided, please ensure you change the default - * password ASAP for security reasons! - * - * @param info passed from Jersey - * @param user the user defined in the JSON payload - * @return A response stating success or failure of user creation - */ - @POST - @Consumes("application/json") - @Produces("application/json") - public Response createUser(@Context UriInfo info, User user) { - LOG.info("POST /auth/v1/users (create a user with the specified payload"); - - // The "enabled" field is optional, and defaults to true. - if (user.isEnabled() == null) { - user.setEnabled(true); - } - - // The "name" field is required. - final String userName = user.getName(); - if (userName == null) { - return missingRequiredField("name"); - } - // The "name" field has a maximum length. - if (userName.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "domain field is required. - final String domainId = user.getDomainid(); - if (domainId == null) { - return missingRequiredField("domain"); - } - // The "domain" field has a maximum length. - if (domainId.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "description" field is optional and defaults to "". - final String userDescription = user.getDescription(); - if (userDescription == null) { - user.setDescription(DEFAULT_DESCRIPTION); - } - // The "description" field has a maximum length. - if (userDescription.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN); - } - - // The "email" field is optional and defaults to "". - final String userEmail = user.getEmail(); - if (userEmail == null) { - user.setEmail(DEFAULT_EMAIL); - } - if (userEmail.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN); - } - // TODO add a check on email format here. - - // The "password" field is optional and defautls to "changeme". - final String userPassword = user.getPassword(); - if (userPassword == null) { - user.setPassword(DEFAULT_PWD); - } else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) { - return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN); - } - - try { - // At this point, fields have been properly verified. Create the - // user account - final User createdUser = AAAIDMLightModule.getStore().writeUser(user); - user.setUserid(createdUser.getUserid()); - } catch (IDMStoreException se) { - return internalError("creating", se); - } - - // Redact the password and salt for security reasons. - redactUserPasswordInfo(user); - // TODO report back to the client a warning message to change the - // default password if none was specified. - return Response.status(201).entity(user).build(); - } - - /** - * REST endpoint to update a user account. - * - * @param info passed from Jersey - * @param user the user defined in the JSON payload - * @param id the unique id for the user that will be updated - * @return A response stating success or failure of the user update - */ - @PUT - @Path("/{id}") - @Consumes("application/json") - @Produces("application/json") - public Response putUser(@Context UriInfo info, User user, @PathParam("id") String id) { - - LOG.info("PUT /auth/v1/users/{} (Updates a user account)", id); - - try { - user.setUserid(id); - - if (checkInputFieldLength(user.getPassword())) { - return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getName())) { - return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getDescription())) { - return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getEmail())) { - return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN); - } - - if (checkInputFieldLength(user.getDomainid())) { - return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN); - } - - user = AAAIDMLightModule.getStore().updateUser(user); - if (user == null) { - return new IDMError(404, String.format("User not found for id %s", id), "").response(); - } - - IdmLightProxy.clearClaimCache(); - - // Redact the password and salt for security reasons. - redactUserPasswordInfo(user); - return Response.status(200).entity(user).build(); - } catch (IDMStoreException se) { - return internalError("updating", se); - } - } - - /** - * REST endpoint to delete a user account. - * - * @param info passed from Jersey - * @param id the unique id of the user which is being deleted - * @return A response stating success or failure of user deletion - */ - @DELETE - @Path("/{id}") - public Response deleteUser(@Context UriInfo info, @PathParam("id") String id) { - LOG.info("DELETE /auth/v1/users/{} (Delete a user account)", id); - - try { - final User user = AAAIDMLightModule.getStore().deleteUser(id); - - if (user == null) { - return new IDMError(404, - String.format("Error deleting user. " + - "Couldn't find user with id %s", id), - "").response(); - } - } catch (IDMStoreException se) { - return internalError("deleting", se); - } - - // Successfully deleted the user; report success to the client. - IdmLightProxy.clearClaimCache(); - return Response.status(204).build(); - } - - /** - * Creates a <code>Response</code> related to an internal server error. - * - * @param verbal such as "creating", "deleting", "updating" - * @param e The exception, which is propagated in the response - * @return A response containing internal error with specific reasoning - */ - private Response internalError(final String verbal, final Exception e) { - LOG.error("There was an internal error {} the user", verbal, e); - return new IDMError(500, - String.format("There was an internal error %s the user", verbal), - e.getMessage()).response(); - } - - /** - * Creates a <code>Response</code> related to the user not providing a - * required field. - * - * @param fieldName the name of the field which is missing - * @return A response explaining that the request is missing a field - */ - private Response missingRequiredField(final String fieldName) { - - return new IDMError(400, - String.format("%s is required to create the user account. " + - "Please provide a %s in your payload.", fieldName, fieldName), - "").response(); - } - - /** - * Creates a <code>Response</code> related to the user providing a field - * that is too long. - * - * @param fieldName the name of the field that is too long - * @param maxFieldLength the maximum length of <code>fieldName</code> - * @return A response containing the bad field and the maximum field length - */ - private Response providedFieldTooLong(final String fieldName, final int maxFieldLength) { - - return new IDMError(400, - getProvidedFieldTooLongMessage(fieldName, maxFieldLength), - "").response(); - } - - /** - * Creates the client-facing message related to the user providing a field - * that is too long. - * - * @param fieldName the name of the field that is too long - * @param maxFieldLength the maximum length of <code>fieldName</code> - * @return - */ - private static String getProvidedFieldTooLongMessage(final String fieldName, - final int maxFieldLength) { - - return String.format("The provided {} field is too long. " + - "The max length is {}.", fieldName, maxFieldLength); - } - - /** - * Prepares a user account for output by redacting the appropriate fields. - * This method side-effects the <code>user</code> parameter. - * - * @param user the user account which will have fields redacted - */ - private static void redactUserPasswordInfo(final User user) { - user.setPassword(REDACTED_PASSWORD); - user.setSalt(REDACTED_SALT); - } - - /** - * Validate the input field length - * - * @param inputField - * @return true if input field bigger than the MAX_FIELD_LEN - */ - private boolean checkInputFieldLength(final String inputField) { - return inputField != null && (inputField.length() > IdmLightApplication.MAX_FIELD_LEN); - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java deleted file mode 100644 index f865162a..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v1.0 which accompanies this distribution, - * and is available at http://www.eclipse.org/legal/epl-v10.html - */ - -package org.opendaylight.aaa.idm.rest; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; - -import org.opendaylight.aaa.api.model.Version; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * - * @author peter.mellquist@hp.com - * - */ -@Deprecated -@Path("/") -public class VersionHandler { - private static final Logger LOG = LoggerFactory.getLogger(VersionHandler.class);; - - protected static String CURRENT_VERSION = "v1"; - protected static String LAST_UPDATED = "2014-04-18T18:30:02.25Z"; - protected static String CURRENT_STATUS = "CURRENT"; - - @GET - @Produces("application/json") - public Version getVersion(@Context HttpServletRequest request) { - LOG.info("Get /"); - Version version = new Version(); - version.setId(CURRENT_VERSION); - version.setUpdated(LAST_UPDATED); - version.setStatus(CURRENT_STATUS); - return version; - } - -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java deleted file mode 100644 index d6872635..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204; - -import org.opendaylight.aaa.api.CredentialAuth; -import org.opendaylight.aaa.api.IDMStoreException; -import org.opendaylight.aaa.api.IIDMStore; -import org.opendaylight.aaa.api.IdMService; -import org.opendaylight.aaa.idm.IdmLightProxy; -import org.opendaylight.aaa.idm.StoreBuilder; -import org.osgi.framework.BundleContext; -import org.osgi.framework.ServiceReference; -import org.osgi.framework.ServiceRegistration; -import org.osgi.util.tracker.ServiceTracker; -import org.osgi.util.tracker.ServiceTrackerCustomizer; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AAAIDMLightModule extends org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AbstractAAAIDMLightModule { - - private static final Logger LOG = LoggerFactory.getLogger(AAAIDMLightModule.class); - private BundleContext bundleContext = null; - private static volatile IIDMStore store = null; - - public AAAIDMLightModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) { - super(identifier, dependencyResolver); - } - - public AAAIDMLightModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule oldModule, java.lang.AutoCloseable oldInstance) { - super(identifier, dependencyResolver, oldModule, oldInstance); - } - - @Override - public void customValidation() { - // add custom validation form module attributes here. - } - - @Override - public java.lang.AutoCloseable createInstance() { - final IdmLightProxy proxy = new IdmLightProxy(); - final ServiceRegistration<?> idmService = bundleContext.registerService(IdMService.class.getName(), proxy, null); - final ServiceRegistration<?> clientAuthService = bundleContext.registerService(CredentialAuth.class.getName(), proxy, null); - - final ServiceTracker<IIDMStore, IIDMStore> storeServiceTracker = new ServiceTracker<>(bundleContext, IIDMStore.class, - new ServiceTrackerCustomizer<IIDMStore, IIDMStore>() { - @Override - public IIDMStore addingService(ServiceReference<IIDMStore> reference) { - store = reference.getBundle().getBundleContext().getService(reference); - LOG.info("IIDMStore service {} was found", store.getClass()); - try { - StoreBuilder.init(store); - } catch (IDMStoreException e) { - LOG.error("Failed to initialize data in store", e); - } - - return store; - } - - @Override - public void modifiedService(ServiceReference<IIDMStore> reference, IIDMStore service) { - } - - @Override - public void removedService(ServiceReference<IIDMStore> reference, IIDMStore service) { - } - }); - - storeServiceTracker.open(); - - LOG.info("AAA IDM Light Module Initialized"); - return new AutoCloseable() { - @Override - public void close() throws Exception { - idmService.unregister(); - clientAuthService.unregister(); - storeServiceTracker.close(); - } - }; - } - - public void setBundleContext(BundleContext b){ - this.bundleContext = b; - } - - public static final IIDMStore getStore(){ - return store; - } - - public static final void setStore(IIDMStore s){ - store = s; - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java deleted file mode 100644 index de277da8..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java +++ /dev/null @@ -1,29 +0,0 @@ -/* -* Generated file -* -* Generated from: yang module name: aaa-idmlight yang module local name: aaa-idmlight -* Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator -* Generated at: Fri Dec 04 11:37:37 PST 2015 -* -* Do not modify this file unless it is present under src/main directory -*/ -package org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204; - -import org.opendaylight.controller.config.api.DependencyResolver; -import org.osgi.framework.BundleContext; - -public class AAAIDMLightModuleFactory extends org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AbstractAAAIDMLightModuleFactory { - @Override - public AAAIDMLightModule instantiateModule(String instanceName, DependencyResolver dependencyResolver, AAAIDMLightModule oldModule, AutoCloseable oldInstance, BundleContext bundleContext) { - AAAIDMLightModule module = super.instantiateModule(instanceName, dependencyResolver, oldModule, oldInstance, bundleContext); - module.setBundleContext(bundleContext); - return module; - } - - @Override - public AAAIDMLightModule instantiateModule(String instanceName, DependencyResolver dependencyResolver, BundleContext bundleContext) { - AAAIDMLightModule module = super.instantiateModule(instanceName, dependencyResolver, bundleContext); - module.setBundleContext(bundleContext); - return module; - } -} diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml deleted file mode 100644 index facba131..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml +++ /dev/null @@ -1,77 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> - - <servlet> - <servlet-name>IdmLight</servlet-name> - <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> - <init-param> - <param-name>javax.ws.rs.Application</param-name> - <param-value>org.opendaylight.aaa.idm.IdmLightApplication</param-value> - </init-param> - <init-param> - <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name><param-value>true</param-value> - </init-param> - <load-on-startup>1</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>IdmLight</servlet-name> - <url-pattern>/*</url-pattern> - </servlet-mapping> - - <context-param> - <param-name>shiroEnvironmentClass</param-name> - <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value> - </context-param> - - <listener> - <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> - </listener> - - <filter> - <filter-name>ShiroFilter</filter-name> - <filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class> - </filter> - - <filter-mapping> - <filter-name>ShiroFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <filter> - <filter-name>cross-origin-restconf</filter-name> - <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class> - <init-param> - <param-name>allowedOrigins</param-name> - <param-value>*</param-value> - </init-param> - <init-param> - <param-name>allowedMethods</param-name> - <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value> - </init-param> - <init-param> - <param-name>allowedHeaders</param-name> - <param-value>origin, content-type, accept, authorization, Authorization</param-value> - </init-param> - </filter> - - <filter-mapping> - <filter-name>cross-origin-restconf</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <security-constraint> - <web-resource-collection> - <web-resource-name>NB api</web-resource-name> - <url-pattern>/*</url-pattern> - <http-method>POST</http-method> - <http-method>GET</http-method> - <http-method>PUT</http-method> - <http-method>PATCH</http-method> - <http-method>DELETE</http-method> - <http-method>HEAD</http-method> - </web-resource-collection> - </security-constraint> - -</web-app> diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py deleted file mode 100755 index b14a8758..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py +++ /dev/null @@ -1,255 +0,0 @@ -#!/usr/bin/env python - -# -# Copyright (c) 2016 Brocade Communications Systems and others. All rights reserved. -# -# This program and the accompanying materials are made available under the -# terms of the Eclipse Public License v1.0 which accompanies this distribution, -# and is available at http://www.eclipse.org/legal/epl-v10.html -# - -''' -idmtool - -Used to manipulate ODL AAA idm on a node-per-node basis. Assumes only one domain (sdn) -since current support in ODL is limited. -''' - -__author__ = "Ryan Goulding" -__copyright__ = "Copyright (c) 2016 Brocade Communications Systems and others" -__credits__ = "Ryan Goulding" -__license__ = "EPL" -__version__ = "1.0" -__maintainer__ = "Ryan Goulding" -__email__ = "ryandgoulding@gmail.com" -__status__ = "Production" - -import argparse, getpass, json, requests, sys - -parser = argparse.ArgumentParser('idmtool') - -user='' -hostname='localhost' -protocol='http' -port='8181' -target_host='{}://{}:{}/'.format(protocol, hostname, port) - -# main program arguments -parser.add_argument('user',help='username for BSC node', nargs=1) -parser.add_argument('--target-host', help="target host node", nargs=1) - -subparsers = parser.add_subparsers(help='sub-command help') - -# users table related -list_users = subparsers.add_parser('list-users', help='list all users') -list_users.set_defaults(func=list_users) -add_user = subparsers.add_parser('add-user', help='add a user') -add_user.set_defaults(func=add_user) -add_user.add_argument('newUser', help='new user name', nargs=1) -change_password = subparsers.add_parser('change-password', help='change a password') -change_password.set_defaults(func=change_password) -change_password.add_argument('userid', help='change the password for a particular userid', nargs=1) -delete_user = subparsers.add_parser('delete-user', help='delete a user') -delete_user.add_argument('userid', help='name@sdn', nargs=1) -delete_user.set_defaults(func=delete_user) - -# domains table related -# only read is defined; this was done on purpose since the "domain" concept -# is mostly unsupported in ODL. -list_domains = subparsers.add_parser('list-domains', help='list all domains') -list_domains.set_defaults(func=list_domains) - -# roles table related -list_roles = subparsers.add_parser('list-roles', help='list all roles') -list_roles.set_defaults(func=list_roles) -add_role = subparsers.add_parser('add-role', help='add a role') -add_role.add_argument('role', help='role name', nargs=1) -add_role.set_defaults(func=add_role) -delete_role = subparsers.add_parser('delete-role', help='delete a role') -delete_role.add_argument('roleid', help='rolename@sdn', nargs=1) -delete_role.set_defaults(func=delete_role) -add_grant = subparsers.add_parser('add-grant', help='add a grant') -add_grant.set_defaults(func=add_grant) -add_grant.add_argument('userid', help="username@sdn", nargs=1) -add_grant.add_argument('roleid', help="role@sdn", nargs=1) -get_grants = subparsers.add_parser('get-grants', help='get grants for userid on sdn') -get_grants.set_defaults(func=get_grants) -get_grants.add_argument('userid', help="username@sdn", nargs=1) -delete_grant = subparsers.add_parser('delete-grant', help='delete a grant') -delete_grant.add_argument('userid', help='username@sdn', nargs=1) -delete_grant.add_argument('roleid', help='role@sdn', nargs=1) -delete_grant.set_defaults(func=delete_grant) - -def process_result(r): - ''' Generic method to print result of a REST call ''' - print '' - sc = r.status_code - if sc >= 200 and sc < 300: - print "command succeeded!" - try: - res = r.json() - if res is not None: - print '\njson:\n', json.dumps(res, indent=4, sort_keys=True) - except(ValueError): - pass - elif sc == 401: - print "Incorrect Credentials Provided" - elif sc == 404: - print "RESTconf is either not installed or not initialized yet" - elif sc >= 500 and sc < 600: - print "Internal Server Error Ocurred" - else: - print "Unknown error; HTTP status code: {}".format(sc) - -def get_request(user, password, url, description, outputResult=True): - if outputResult: - print description - try: - r = requests.get(url, auth=(user,password)) - if outputResult: - process_result(r) - return r - except(requests.exceptions.ConnectionError): - if outputResult: - print "Unable to connect; are you sure the controller is up?" - sys.exit(1) - -def post_request(user, password, url, description, payload, params): - print description - try: - r = requests.post(url, auth=(user,password), data=payload, headers=params) - process_result(r) - except(requests.exceptions.ConnectionError): - print "Unable to connect; are you sure the controller is up?" - sys.exit(1) - -def put_request(user, password, url, description, payload, params): - print description - try: - r = requests.put(url, auth=(user,password), data=payload, headers=params) - process_result(r) - except(requests.exceptions.ConnectionError): - print "Unable to connect; are you sure the controller is up?" - sys.exit(1) - -def delete_request(user, password, url, description, payload='', params={'Content-Type':'application/json'}): - print description - try: - r = requests.delete(url, auth=(user,password), data=payload, headers=params) - process_result(r) - except(requests.exceptions.ConnectionError): - print "Unable to connect; are you sure the controller is up?" - sys.exit(1) - -def poll_new_password(): - new_password = getpass.getpass(prompt="Enter new password: ") - new_password_repeated = getpass.getpass(prompt="Re-enter password: ") - if new_password != new_password_repeated: - print "Passwords did not match; cancelling the add_user request" - sys.exit(1) - return new_password - -def list_users(user, password): - get_request(user, password, target_host + 'auth/v1/users', 'list_users') - -def add_user(user, password, newUser): - new_password = poll_new_password() - description = 'add_user({})'.format(user) - url = target_host + 'auth/v1/users' - payload = {'name':newUser, 'password':new_password, 'description':'', "domainid":"sdn", 'userid':'{}@sdn'.format(newUser), 'email':''} - jsonpayload = json.dumps(payload) - headers={'Content-Type':'application/json'} - post_request(user, password, url, description, jsonpayload, headers) - -def delete_user(user, password, userid): - url = target_host + 'auth/v1/users/{}'.format(userid) - description = 'delete_user({})'.format(userid) - delete_request(user, password, url, description) - -def change_password(user, password, existingUserId): - url = target_host + 'auth/v1/users/{}'.format(existingUserId) - r = get_request(user, password, target_host + 'auth/v1/users/{}'.format(existingUserId), 'list_users', outputResult=False) - try: - existing = r.json() - del existing['salt'] - del existing['password'] - new_password = poll_new_password() - existing['password'] = new_password - description='change_password({})'.format(existingUserId) - headers={'Content-Type':'application/json'} - url = target_host + 'auth/v1/users/{}'.format(existingUserId) - put_request(user, password, url, 'change_password({})'.format(user), json.dumps(existing), headers) - except(AttributeError): - print "Unable to connect; are you sure the controller is up?" - sys.exit(1) - -def list_domains(user, password): - get_request(user, password, target_host + 'auth/v1/domains', 'list_domains') - -def list_roles(user, password): - get_request(user, password, target_host + 'auth/v1/roles', 'list_roles') - -def add_role(user, password, role): - url = target_host + 'auth/v1/roles' - description = 'add_role({})'.format(role) - payload = {"roleid":'{}@sdn'.format(role), 'name':role, 'description':'', 'domainid':'sdn'} - data = json.dumps(payload) - headers={'Content-Type':'application/json'} - post_request(user, password, url, description, data, headers) - -def delete_role(user, password, roleid): - url = target_host + 'auth/v1/roles/{}'.format(roleid) - description = 'delete_role({})'.format(roleid) - delete_request(user, password, url, description) - -def add_grant(user, password, userid, roleid): - description = 'add_grant(userid={},roleid={})'.format(userid, roleid) - payload = {"roleid":roleid, "userid":userid, "grantid":'{}@{}@{}'.format(userid, roleid, "sdn"), "domainid":"sdn"} - url = target_host + 'auth/v1/domains/sdn/users/{}/roles'.format(userid) - data=json.dumps(payload) - headers={'Content-Type':'application/json'} - post_request(user, password, url, description, data, headers) - -def get_grants(user, password, userid): - get_request(user, password, target_host + 'auth/v1/domains/sdn/users/{}/roles'.format(userid), 'get_grants({})'.format(userid)) - -def delete_grant(user, password, userid, roleid): - url = target_host + 'auth/v1/domains/sdn/users/{}/roles/{}'.format(userid, roleid) - print url - description = 'delete_grant(userid={},roleid={})'.format(userid, roleid) - delete_request(user, password, url, description) - -args = parser.parse_args() -command = args.func.prog.split()[1:] -user = args.user[0] -password = getpass.getpass() -temp_host_arr = args.target_host -if temp_host_arr is not None: - temp_host_val = temp_host_arr[0] - if temp_host_val is not None: - target_host = temp_host_val - if not target_host.endswith("/"): - target_host += "/" -if "list-users" in command: - list_users(user,password) -if "list-domains" in command: - list_domains(user,password) -if "list-roles" in command: - list_roles(user,password) -if "add-user" in command: - add_user(user,password, args.newUser[0]) -if "add-grant" in command: - add_grant(user,password, args.userid[0], args.roleid[0]) -if "get-grants" in command: - get_grants(user,password, args.userid[0]) -if "change-password" in command: - change_password(user, password, args.userid[0]) -if "delete-user" in command: - delete_user(user, password, args.userid[0]) -if "delete-role" in command: - delete_role(user, password, args.roleid[0]) -if "add-role" in command: - add_role(user, password, args.role[0]) -if "delete-grant" in command: - delete_grant(user, password, args.userid[0], args.roleid[0]) - diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml deleted file mode 100644 index 695ce762..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml +++ /dev/null @@ -1,26 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- vi: set et smarttab sw=4 tabstop=4: --> -<!-- - Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved. - - This program and the accompanying materials are made available under the - terms of the Eclipse Public License v1.0 which accompanies this distribution, - and is available at http://www.eclipse.org/legal/epl-v10.html ---> -<snapshot> - <configuration> - <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> - <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config"> - <module> - <type xmlns:authn="config:aaa:authn:idmlight">authn:aaa-idmlight</type> - <name>aaa-idmlight</name> - </module> - </modules> - </data> - </configuration> - <required-capabilities> - <capability>config:aaa:authn:idmlight?module=aaa-idmlight&revision=2015-12-04</capability> - </required-capabilities> - -</snapshot> - diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang b/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang deleted file mode 100644 index 4f28d755..00000000 --- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang +++ /dev/null @@ -1,28 +0,0 @@ -module aaa-idmlight { - yang-version 1; - namespace "config:aaa:authn:idmlight"; - prefix "aaa-idmlight"; - organization "OpenDayLight"; - - import config { prefix config; revision-date 2013-04-05; } - import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; } - - contact "saichler@gmail.com"; - - revision 2015-12-04 { - description - "Initial revision."; - } - - identity aaa-idmlight { - base config:module-type; - config:java-name-prefix AAAIDMLight; - } - - augment "/config:modules/config:module/config:configuration" { - case aaa-idmlight { - when "/config:modules/config:module/config:type = 'aaa-idmlight'"; - } - } - -} |