aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa/aaa-idmlight/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-idmlight/src/main')
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java57
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java208
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java118
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java591
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java228
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java420
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java46
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java90
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java29
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml77
-rwxr-xr-xodl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py255
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml26
-rw-r--r--odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang28
13 files changed, 0 insertions, 2173 deletions
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java
deleted file mode 100644
index 6fcba5d6..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightApplication.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.ws.rs.core.Application;
-
-import org.opendaylight.aaa.idm.rest.DomainHandler;
-import org.opendaylight.aaa.idm.rest.RoleHandler;
-import org.opendaylight.aaa.idm.rest.UserHandler;
-import org.opendaylight.aaa.idm.rest.VersionHandler;
-
-/**
- * A JAX-RS application for IdmLight. The REST endpoints delivered by this
- * application are in the form:
- * <code>http://{HOST}:{PORT}/auth/v1/</code>
- *
- * For example, the users REST endpoint is:
- * <code>http://{HOST}:{PORT}/auth/v1/users</code>
- *
- * This application is responsible for interaction with the backing h2
- * database store.
- *
- * @author liemmn
- * @author Ryan Goulding (ryandgoulding@gmail.com)
- * @see <code>org.opendaylight.aaa.idm.rest.DomainHandler</code>
- * @see <code>org.opendaylight.aaa.idm.rest.UserHandler</code>
- * @see <code>org.opendaylight.aaa.idm.rest.RoleHandler</code>
- */
-public class IdmLightApplication extends Application {
-
- //TODO create a bug to address the fact that the implementation assumes 128
- // as the max length, even though this claims 256.
- /**
- * The maximum field length for identity fields.
- */
- public static final int MAX_FIELD_LEN = 256;
- public IdmLightApplication() {
- }
-
- @Override
- public Set<Class<?>> getClasses() {
- return new HashSet<Class<?>>(Arrays.asList(VersionHandler.class,
- DomainHandler.class,
- RoleHandler.class,
- UserHandler.class));
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java
deleted file mode 100644
index d17d2b13..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/IdmLightProxy.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm;
-
-import com.google.common.base.Preconditions;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import org.opendaylight.aaa.ClaimBuilder;
-import org.opendaylight.aaa.api.AuthenticationException;
-import org.opendaylight.aaa.api.Claim;
-import org.opendaylight.aaa.api.CredentialAuth;
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.IIDMStore;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.aaa.api.PasswordCredentials;
-import org.opendaylight.aaa.api.SHA256Calculator;
-import org.opendaylight.aaa.api.model.Domain;
-import org.opendaylight.aaa.api.model.Grant;
-import org.opendaylight.aaa.api.model.Grants;
-import org.opendaylight.aaa.api.model.Role;
-import org.opendaylight.aaa.api.model.User;
-import org.opendaylight.aaa.api.model.Users;
-import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * An OSGi proxy for the IdmLight server.
- *
- */
-public class IdmLightProxy implements CredentialAuth<PasswordCredentials>, IdMService {
-
- private static final Logger LOG = LoggerFactory.getLogger(IdmLightProxy.class);
-
- /**
- * claimCache is responsible for storing the active claims per domain. The
- * outer map is keyed by domain, and the inner map is keyed by
- * <code>PasswordCredentials</code>.
- */
- private static Map<String, Map<PasswordCredentials, Claim>> claimCache = new ConcurrentHashMap<>();
-
- // adds a store for the default "sdn" domain
- static {
- claimCache.put(IIDMStore.DEFAULT_DOMAIN,
- new ConcurrentHashMap<PasswordCredentials, Claim>());
- }
-
- @Override
- public Claim authenticate(PasswordCredentials creds) {
- Preconditions.checkNotNull(creds);
- Preconditions.checkNotNull(creds.username());
- Preconditions.checkNotNull(creds.password());
- String domain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain();
- // FIXME: Add cache invalidation
- Map<PasswordCredentials, Claim> cache = claimCache.get(domain);
- if (cache == null) {
- cache = new ConcurrentHashMap<PasswordCredentials, Claim>();
- claimCache.put(domain, cache);
- }
- Claim claim = cache.get(creds);
- if (claim == null) {
- synchronized (claimCache) {
- claim = cache.get(creds);
- if (claim == null) {
- claim = dbAuthenticate(creds);
- if (claim != null) {
- cache.put(creds, claim);
- }
- }
- }
- }
- return claim;
- }
-
- /**
- * Clears the cache of any active claims.
- */
- public static synchronized void clearClaimCache() {
- LOG.info("Clearing the claim cache");
- for (Map<PasswordCredentials, Claim> cache : claimCache.values()) {
- cache.clear();
- }
- }
-
- private static Claim dbAuthenticate(PasswordCredentials creds) {
- Domain domain = null;
- User user = null;
- String credsDomain = creds.domain() == null ? IIDMStore.DEFAULT_DOMAIN : creds.domain();
- // check to see domain exists
- // TODO: ensure domain names are unique change to 'getDomain'
- LOG.debug("get domain");
- try {
- domain = AAAIDMLightModule.getStore().readDomain(credsDomain);
- if (domain == null) {
- throw new AuthenticationException("Domain :" + credsDomain + " does not exist");
- }
- } catch (IDMStoreException e) {
- throw new AuthenticationException("Error while fetching domain", e);
- }
-
- // check to see user exists and passes cred check
- try {
- LOG.debug("check user / pwd");
- Users users = AAAIDMLightModule.getStore().getUsers(creds.username(), credsDomain);
- List<User> userList = users.getUsers();
- if (userList.size() == 0) {
- throw new AuthenticationException("User :" + creds.username()
- + " does not exist in domain " + credsDomain);
- }
- user = userList.get(0);
- if (!SHA256Calculator.getSHA256(creds.password(), user.getSalt()).equals(
- user.getPassword())) {
- throw new AuthenticationException("UserName / Password not found");
- }
-
- // get all grants & roles for this domain and user
- LOG.debug("get grants");
- List<String> roles = new ArrayList<String>();
- Grants grants = AAAIDMLightModule.getStore().getGrants(domain.getDomainid(),
- user.getUserid());
- List<Grant> grantList = grants.getGrants();
- for (int z = 0; z < grantList.size(); z++) {
- Grant grant = grantList.get(z);
- Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid());
- if (role != null) {
- roles.add(role.getName());
- }
- }
-
- // build up the claim
- LOG.debug("build a claim");
- ClaimBuilder claim = new ClaimBuilder();
- claim.setUserId(user.getUserid().toString());
- claim.setUser(creds.username());
- claim.setDomain(credsDomain);
- for (int z = 0; z < roles.size(); z++) {
- claim.addRole(roles.get(z));
- }
- return claim.build();
- } catch (IDMStoreException se) {
- throw new AuthenticationException("idm data store exception :" + se.toString() + se);
- }
- }
-
- @Override
- public List<String> listDomains(String userId) {
- LOG.debug("list Domains for userId: {}", userId);
- List<String> domains = new ArrayList<String>();
- try {
- Grants grants = AAAIDMLightModule.getStore().getGrants(userId);
- List<Grant> grantList = grants.getGrants();
- for (int z = 0; z < grantList.size(); z++) {
- Grant grant = grantList.get(z);
- Domain domain = AAAIDMLightModule.getStore().readDomain(grant.getDomainid());
- domains.add(domain.getName());
- }
- return domains;
- } catch (IDMStoreException se) {
- LOG.warn("error getting domains ", se.toString(), se);
- return domains;
- }
-
- }
-
- @Override
- public List<String> listRoles(String userId, String domainName) {
- LOG.debug("listRoles");
- List<String> roles = new ArrayList<String>();
-
- try {
- // find domain name for specied domain name
- String did = null;
- try {
- Domain domain = AAAIDMLightModule.getStore().readDomain(domainName);
- if (domain == null) {
- LOG.debug("DomainName: {}", domainName + " Not found!");
- return roles;
- }
- did = domain.getDomainid();
- } catch (IDMStoreException e) {
- return roles;
- }
-
- // find all grants for uid and did
- Grants grants = AAAIDMLightModule.getStore().getGrants(did, userId);
- List<Grant> grantList = grants.getGrants();
- for (int z = 0; z < grantList.size(); z++) {
- Grant grant = grantList.get(z);
- Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid());
- roles.add(role.getName());
- }
-
- return roles;
- } catch (IDMStoreException se) {
- LOG.warn("error getting roles ", se.toString(), se);
- return roles;
- }
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java
deleted file mode 100644
index 111665c6..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/StoreBuilder.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm;
-
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.IIDMStore;
-import org.opendaylight.aaa.api.model.Domain;
-import org.opendaylight.aaa.api.model.Grant;
-import org.opendaylight.aaa.api.model.Role;
-import org.opendaylight.aaa.api.model.User;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * StoreBuilder is triggered during feature installation by
- * <code>AAAIDMLightModule.createInstance()</code>. StoreBuilder is responsible
- * for initializing the H2 database with initial default user account
- * information. By default, the following users are created:
- * <ol>
- * <li>admin</li>
- * <li>user</li>
- * </ol>
- *
- * By default, the following domain is created:
- * <ol>
- * <li>sdn</li>
- * </ol>
- *
- * By default, the following grants are created:
- * <ol>
- * <li>admin with admin role on sdn</li>
- * <li>admin with user role on sdn</li>
- * <li>user with user role on sdn</li>
- * </ol>
- *
- * @author peter.mellquist@hp.com
- * @author saichler@cisco.com
- */
-public class StoreBuilder {
-
- private static final Logger LOG = LoggerFactory.getLogger(StoreBuilder.class);
-
- public static void init(IIDMStore store) throws IDMStoreException {
- LOG.info("creating idmlight schema in store");
-
- // Check whether the default domain exists. If it exists, then do not
- // create default data in the store.
- // TODO Address the fact that someone may delete the sdn domain, or make
- // sdn mandatory.
- Domain defaultDomain = store.readDomain(IIDMStore.DEFAULT_DOMAIN);
- if (defaultDomain != null) {
- LOG.info("Found default domain in Store, skipping insertion of default data");
- return;
- }
-
- // make domain
- Domain domain = new Domain();
- User adminUser = new User();
- User userUser = new User();
- Role adminRole = new Role();
- Role userRole = new Role();
- domain.setEnabled(true);
- domain.setName(IIDMStore.DEFAULT_DOMAIN);
- domain.setDescription("default odl sdn domain");
- domain = store.writeDomain(domain);
-
- // Create default users
- // "admin" user
- adminUser.setEnabled(true);
- adminUser.setName("admin");
- adminUser.setDomainid(domain.getDomainid());
- adminUser.setDescription("admin user");
- adminUser.setEmail("");
- adminUser.setPassword("admin");
- adminUser = store.writeUser(adminUser);
- // "user" user
- userUser.setEnabled(true);
- userUser.setName("user");
- userUser.setDomainid(domain.getDomainid());
- userUser.setDescription("user user");
- userUser.setEmail("");
- userUser.setPassword("user");
- userUser = store.writeUser(userUser);
-
- // Create default Roles ("admin" and "user")
- adminRole.setName("admin");
- adminRole.setDomainid(domain.getDomainid());
- adminRole.setDescription("a role for admins");
- adminRole = store.writeRole(adminRole);
- userRole.setName("user");
- userRole.setDomainid(domain.getDomainid());
- userRole.setDescription("a role for users");
- userRole = store.writeRole(userRole);
-
- // Create default grants
- Grant grant = new Grant();
- grant.setDomainid(domain.getDomainid());
- grant.setUserid(userUser.getUserid());
- grant.setRoleid(userRole.getRoleid());
- grant = store.writeGrant(grant);
-
- grant.setDomainid(domain.getDomainid());
- grant.setUserid(adminUser.getUserid());
- grant.setRoleid(userRole.getRoleid());
- grant = store.writeGrant(grant);
-
- grant.setDomainid(domain.getDomainid());
- grant.setUserid(adminUser.getUserid());
- grant.setRoleid(adminRole.getRoleid());
- grant = store.writeGrant(grant);
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java
deleted file mode 100644
index 7ddc0748..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/DomainHandler.java
+++ /dev/null
@@ -1,591 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm.rest;
-
-import java.util.ArrayList;
-import java.util.List;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.model.Claim;
-import org.opendaylight.aaa.api.model.Domain;
-import org.opendaylight.aaa.api.model.Domains;
-import org.opendaylight.aaa.api.model.Grant;
-import org.opendaylight.aaa.api.model.Grants;
-import org.opendaylight.aaa.api.model.IDMError;
-import org.opendaylight.aaa.api.model.Role;
-import org.opendaylight.aaa.api.model.Roles;
-import org.opendaylight.aaa.api.model.User;
-import org.opendaylight.aaa.api.model.UserPwd;
-import org.opendaylight.aaa.api.model.Users;
-import org.opendaylight.aaa.idm.IdmLightProxy;
-import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * REST application used to manipulate the H2 database domains table. The REST
- * endpoint is <code>/auth/v1/domains</code>.
- *
- * The following provides examples of curl commands and payloads to utilize the
- * domains REST endpoint:
- *
- * <b>Get All Domains</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains</code>
- *
- * <b>Get A Specific Domain</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/domains/{id}</code>
- *
- * <b>Create A Domain</b>
- * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code>
- * Example domain.json <code>{
- * "description": "new domain",
- * "enabled", "true",
- * "name", "not sdn"
- * }</code>
- *
- * <b>Update A Domain</b>
- * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}domain.json http://{HOST}:{PORT}/auth/v1/domains</code>
- * Example domain.json <code>{
- * "description": "new domain description",
- * "enabled", "true",
- * "name", "not sdn"
- * }</code>
- *
- * @author peter.mellquist@hp.com
- * @author Ryan Goulding (ryandgoulding@gmail.com)
- */
-@Path("/v1/domains")
-public class DomainHandler {
-
- private static final Logger LOG = LoggerFactory.getLogger(DomainHandler.class);
-
- /**
- * Extracts all domains.
- *
- * @return a response with all domains stored in the H2 database
- */
- @GET
- @Produces("application/json")
- public Response getDomains() {
- LOG.info("Get /domains");
- Domains domains = null;
- try {
- domains = AAAIDMLightModule.getStore().getDomains();
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domains");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- return Response.ok(domains).build();
- }
-
- /**
- * Extracts the domain represented by <code>domainId</code>.
- *
- * @param domainId the string domain (i.e., "sdn")
- * @return a response with the specified domain
- */
- @GET
- @Path("/{id}")
- @Produces("application/json")
- public Response getDomain(@PathParam("id") String domainId) {
- LOG.info("Get /domains/{}", domainId);
- Domain domain = null;
- try {
- domain = AAAIDMLightModule.getStore().readDomain(domainId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
-
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
- return Response.ok(domain).build();
- }
-
- /**
- * Creates a domain. The name attribute is required for domain creation.
- * Enabled and description fields are optional. Optional fields default
- * in the following manner:
- * <code>enabled</code>: <code>false</code>
- * <code>description</code>: An empty string (<code>""</code>).
- *
- * @param info passed from Jersey
- * @param domain designated by the REST payload
- * @return A response stating success or failure of domain creation.
- */
- @POST
- @Consumes("application/json")
- @Produces("application/json")
- public Response createDomain(@Context UriInfo info, Domain domain) {
- LOG.info("Post /domains");
- try {
- if (domain.isEnabled() == null) {
- domain.setEnabled(false);
- }
- if (domain.getName() == null) {
- domain.setName("");
- }
- if (domain.getDescription() == null) {
- domain.setDescription("");
- }
- domain = AAAIDMLightModule.getStore().writeDomain(domain);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error creating domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- return Response.status(201).entity(domain).build();
- }
-
- /**
- * Updates a domain.
- *
- * @param info passed from Jersey
- * @param domain the REST payload
- * @param domainId the last part of the path, containing the specified domain id
- * @return A response stating success or failure of domain update.
- */
- @PUT
- @Path("/{id}")
- @Consumes("application/json")
- @Produces("application/json")
- public Response putDomain(@Context UriInfo info, Domain domain, @PathParam("id") String domainId) {
- LOG.info("Put /domains/{}", domainId);
- try {
- domain.setDomainid(domainId);
- domain = AAAIDMLightModule.getStore().updateDomain(domain);
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
- IdmLightProxy.clearClaimCache();
- return Response.status(200).entity(domain).build();
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error putting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- }
-
- /**
- * Deletes a domain.
- *
- * @param info passed from Jersey
- * @param domainId the last part of the path, containing the specified domain id
- * @return A response stating success or failure of domain deletion.
- */
- @DELETE
- @Path("/{id}")
- public Response deleteDomain(@Context UriInfo info, @PathParam("id") String domainId) {
- LOG.info("Delete /domains/{}", domainId);
-
- try {
- Domain domain = AAAIDMLightModule.getStore().deleteDomain(domainId);
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error deleting Domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- IdmLightProxy.clearClaimCache();
- return Response.status(204).build();
- }
-
- /**
- * Creates a grant. A grant defines the role a particular user is given on
- * a particular domain. For example, by default, AAA installs a grant for
- * the "admin" user, granting permission to act with "admin" role on the
- * "sdn" domain.
- *
- * @param info passed from Jersey
- * @param domainId the domain the user is allowed to access
- * @param userId the user that is allowed to access the domain
- * @param grant the payload containing role access controls
- * @return A response stating success or failure of grant creation.
- */
- @POST
- @Path("/{did}/users/{uid}/roles")
- @Consumes("application/json")
- @Produces("application/json")
- public Response createGrant(@Context UriInfo info, @PathParam("did") String domainId,
- @PathParam("uid") String userId, Grant grant) {
- LOG.info("Post /domains/{}/users/{}/roles", domainId, userId);
- Domain domain = null;
- User user = null;
- Role role = null;
- String roleId = null;
-
- // validate domain id
- try {
- domain = AAAIDMLightModule.getStore().readDomain(domainId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
- grant.setDomainid(domainId);
-
- try {
- user = AAAIDMLightModule.getStore().readUser(userId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting user");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (user == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! User id :" + userId);
- return Response.status(404).entity(idmerror).build();
- }
- grant.setUserid(userId);
-
- // validate role id
- try {
- roleId = grant.getRoleid();
- LOG.info("roleid = {}", roleId);
- } catch (NumberFormatException nfe) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Invalid Role id :" + grant.getRoleid());
- return Response.status(404).entity(idmerror).build();
- }
- try {
- role = AAAIDMLightModule.getStore().readRole(roleId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting role");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (role == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! role :" + grant.getRoleid());
- return Response.status(404).entity(idmerror).build();
- }
-
- // see if grant already exists for this
- try {
- Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId);
- if (existingGrant != null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Grant already exists for did:" + domainId + " uid:" + userId
- + " rid:" + roleId);
- return Response.status(403).entity(idmerror).build();
- }
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error creating grant");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
-
- // create grant
- try {
- grant = AAAIDMLightModule.getStore().writeGrant(grant);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error creating grant");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
-
- IdmLightProxy.clearClaimCache();
- return Response.status(201).entity(grant).build();
- }
-
- /**
- * Used to validate user access.
- *
- * @param info passed from Jersey
- * @param domainId the domain in question
- * @param userpwd the password attempt
- * @return A response stating success or failure of user validation.
- */
- @POST
- @Path("/{did}/users/roles")
- @Consumes("application/json")
- @Produces("application/json")
- public Response validateUser(@Context UriInfo info, @PathParam("did") String domainId,
- UserPwd userpwd) {
-
- LOG.info("GET /domains/{}/users", domainId);
- Domain domain = null;
- Claim claim = new Claim();
- List<Role> roleList = new ArrayList<Role>();
-
- try {
- domain = AAAIDMLightModule.getStore().readDomain(domainId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
-
- // check request body for username and pwd
- String username = userpwd.getUsername();
- if (username == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("username not specfied in request body");
- return Response.status(400).entity(idmerror).build();
- }
- String pwd = userpwd.getUserpwd();
- if (pwd == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("userpwd not specfied in request body");
- return Response.status(400).entity(idmerror).build();
- }
-
- // find userid for user
- try {
- Users users = AAAIDMLightModule.getStore().getUsers(username, domainId);
- List<User> userList = users.getUsers();
- if (userList.size() == 0) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("did not find username: " + username);
- return Response.status(404).entity(idmerror).build();
- }
- User user = userList.get(0);
- String userPwd = user.getPassword();
- String reqPwd = userpwd.getUserpwd();
- if (!userPwd.equals(reqPwd)) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("password does not match for username: " + username);
- return Response.status(401).entity(idmerror).build();
- }
- claim.setDomainid(domainId);
- claim.setUsername(username);
- claim.setUserid(user.getUserid());
- try {
- Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, user.getUserid());
- List<Grant> grantsList = grants.getGrants();
- for (int i = 0; i < grantsList.size(); i++) {
- Grant grant = grantsList.get(i);
- Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid());
- roleList.add(role);
- }
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting Roles");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- claim.setRoles(roleList);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting user");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
-
- return Response.ok(claim).build();
- }
-
- /**
- * Get the grants for a user on a domain.
- *
- * @param info passed from Jersey
- * @param domainId the domain in question
- * @param userId the user in question
- * @return A response containing the grants for a user on a domain.
- */
- @GET
- @Path("/{did}/users/{uid}/roles")
- @Produces("application/json")
- public Response getRoles(@Context UriInfo info, @PathParam("did") String domainId,
- @PathParam("uid") String userId) {
- LOG.info("GET /domains/{}/users/{}/roles", domainId, userId);
- Domain domain = null;
- User user = null;
- Roles roles = new Roles();
- List<Role> roleList = new ArrayList<Role>();
-
- try {
- domain = AAAIDMLightModule.getStore().readDomain(domainId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
-
- try {
- user = AAAIDMLightModule.getStore().readUser(userId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting user");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (user == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! User id :" + userId);
- return Response.status(404).entity(idmerror).build();
- }
-
- try {
- Grants grants = AAAIDMLightModule.getStore().getGrants(domainId, userId);
- List<Grant> grantsList = grants.getGrants();
- for (int i = 0; i < grantsList.size(); i++) {
- Grant grant = grantsList.get(i);
- Role role = AAAIDMLightModule.getStore().readRole(grant.getRoleid());
- roleList.add(role);
- }
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting Roles");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
-
- roles.setRoles(roleList);
- return Response.ok(roles).build();
- }
-
- /**
- * Delete a grant.
- *
- * @param info passed from Jersey
- * @param domainId the domain for the grant
- * @param userId the user for the grant
- * @param roleId the role for the grant
- * @return A response stating success or failure of the grant deletion.
- */
- @DELETE
- @Path("/{did}/users/{uid}/roles/{rid}")
- public Response deleteGrant(@Context UriInfo info, @PathParam("did") String domainId,
- @PathParam("uid") String userId, @PathParam("rid") String roleId) {
- Domain domain = null;
- User user = null;
- Role role = null;
-
- try {
- domain = AAAIDMLightModule.getStore().readDomain(domainId);
- } catch (IDMStoreException se) {
- LOG.error("Error deleting Grant : ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting domain");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (domain == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Domain id :" + domainId);
- return Response.status(404).entity(idmerror).build();
- }
-
- try {
- user = AAAIDMLightModule.getStore().readUser(userId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException : ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting user");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (user == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! User id :" + userId);
- return Response.status(404).entity(idmerror).build();
- }
-
- try {
- role = AAAIDMLightModule.getStore().readRole(roleId);
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error getting Role");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- if (role == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Not found! Role id :" + roleId);
- return Response.status(404).entity(idmerror).build();
- }
-
- // see if grant already exists
- try {
- Grant existingGrant = AAAIDMLightModule.getStore().readGrant(domainId, userId, roleId);
- if (existingGrant == null) {
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Grant does not exist for did:" + domainId + " uid:" + userId
- + " rid:" + roleId);
- return Response.status(404).entity(idmerror).build();
- }
- existingGrant = AAAIDMLightModule.getStore().deleteGrant(existingGrant.getGrantid());
- } catch (IDMStoreException se) {
- LOG.error("StoreException: ", se);
- IDMError idmerror = new IDMError();
- idmerror.setMessage("Internal error creating grant");
- idmerror.setDetails(se.getMessage());
- return Response.status(500).entity(idmerror).build();
- }
- IdmLightProxy.clearClaimCache();
- return Response.status(204).build();
- }
-
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java
deleted file mode 100644
index 34a60c0c..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/RoleHandler.java
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm.rest;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.model.IDMError;
-import org.opendaylight.aaa.api.model.Role;
-import org.opendaylight.aaa.api.model.Roles;
-import org.opendaylight.aaa.idm.IdmLightApplication;
-import org.opendaylight.aaa.idm.IdmLightProxy;
-import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * REST application used to manipulate the H2 database roles table. The REST
- * endpoint is <code>/auth/v1/roles</code>.
- *
- * The following provides examples of curl commands and payloads to utilize the
- * roles REST endpoint:
- *
- * <b>Get All Roles</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles</code>
- *
- * <b>Get A Specific Role</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles/{id}</code>
- *
- * <b>Create A Role</b>
- * <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles</code>
- * An example of role.json:
- * <code>{
- * "name":"IT Administrator",
- * "description":"A user role for IT admins"
- * }</code>
- *
- * <b>Update A Role</b>
- * <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles/{id}</code>
- * An example of role.json:
- * <code>{
- * "name":"IT Administrator Limited",
- * "description":"A user role for IT admins who can only do one thing"
- * }</code>
- *
- * @author peter.mellquist@hp.com
- * @author Ryan Goulding (ryandgoulding@gmail.com)
- */
-@Path("/v1/roles")
-public class RoleHandler {
- private static final Logger LOG = LoggerFactory.getLogger(RoleHandler.class);
-
- /**
- * Extracts all roles.
- *
- * @return A response with all roles in the H2 database, or internal error if one is encountered
- */
- @GET
- @Produces("application/json")
- public Response getRoles() {
- LOG.info("get /roles");
- Roles roles = null;
- try {
- roles = AAAIDMLightModule.getStore().getRoles();
- } catch (IDMStoreException se) {
- return new IDMError(500, "internal error getting roles", se.getMessage()).response();
- }
- return Response.ok(roles).build();
- }
-
- /**
- * Extract a specific role identified by <code>id</code>
- *
- * @param id the String id for the role
- * @return A response with the role identified by <code>id</code>, or internal error if one is encountered
- */
- @GET
- @Path("/{id}")
- @Produces("application/json")
- public Response getRole(@PathParam("id") String id) {
- LOG.info("get /roles/{}", id);
- Role role = null;
-
- try {
- role = AAAIDMLightModule.getStore().readRole(id);
- } catch (IDMStoreException se) {
- return new IDMError(500, "internal error getting roles", se.getMessage()).response();
- }
-
- if (role == null) {
- return new IDMError(404, "role not found id :" + id, "").response();
- }
- return Response.ok(role).build();
- }
-
- /**
- * Creates a role.
- *
- * @param info passed from Jersey
- * @param role the role JSON payload
- * @return A response stating success or failure of role creation, or internal error if one is encountered
- */
- @POST
- @Consumes("application/json")
- @Produces("application/json")
- public Response createRole(@Context UriInfo info, Role role) {
- LOG.info("Post /roles");
- try {
- // TODO: role names should be unique!
- // name
- if (role.getName() == null) {
- return new IDMError(404, "name must be defined on role create", "").response();
- } else if (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN) {
- return new IDMError(400, "role name max length is :"
- + IdmLightApplication.MAX_FIELD_LEN, "").response();
- }
-
- // domain
- if (role.getDomainid() == null) {
- return new IDMError(404,
- "The role's domain must be defined on role when creating a role.", "")
- .response();
- } else if (role.getDomainid().length() > IdmLightApplication.MAX_FIELD_LEN) {
- return new IDMError(400, "role domain max length is :"
- + IdmLightApplication.MAX_FIELD_LEN, "").response();
- }
-
- // description
- if (role.getDescription() == null) {
- role.setDescription("");
- } else if (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN) {
- return new IDMError(400, "role description max length is :"
- + IdmLightApplication.MAX_FIELD_LEN, "").response();
- }
-
- role = AAAIDMLightModule.getStore().writeRole(role);
- } catch (IDMStoreException se) {
- return new IDMError(500, "internal error creating role", se.getMessage()).response();
- }
-
- return Response.status(201).entity(role).build();
- }
-
- /**
- * Updates a specific role identified by <code>id</code>.
- *
- * @param info passed from Jersey
- * @param role the role JSON payload
- * @param id the String id for the role
- * @return A response stating success or failure of role update, or internal error if one occurs
- */
- @PUT
- @Path("/{id}")
- @Consumes("application/json")
- @Produces("application/json")
- public Response putRole(@Context UriInfo info, Role role, @PathParam("id") String id) {
- LOG.info("put /roles/{}", id);
-
- try {
- role.setRoleid(id);
-
- // name
- // TODO: names should be unique
- if ((role.getName() != null)
- && (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN)) {
- return new IDMError(400, "role name max length is :"
- + IdmLightApplication.MAX_FIELD_LEN, "").response();
- }
-
- // description
- if ((role.getDescription() != null)
- && (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN)) {
- return new IDMError(400, "role description max length is :"
- + IdmLightApplication.MAX_FIELD_LEN, "").response();
- }
-
- role = AAAIDMLightModule.getStore().updateRole(role);
- if (role == null) {
- return new IDMError(404, "role id not found :" + id, "").response();
- }
- IdmLightProxy.clearClaimCache();
- return Response.status(200).entity(role).build();
- } catch (IDMStoreException se) {
- return new IDMError(500, "internal error putting role", se.getMessage()).response();
- }
- }
-
- /**
- * Delete a role.
- *
- * @param info passed from Jersey
- * @param id the String id for the role
- * @return A response stating success or failure of user deletion, or internal error if one occurs
- */
- @DELETE
- @Path("/{id}")
- public Response deleteRole(@Context UriInfo info, @PathParam("id") String id) {
- LOG.info("Delete /roles/{}", id);
-
- try {
- Role role = AAAIDMLightModule.getStore().deleteRole(id);
- if (role == null) {
- return new IDMError(404, "role id not found :" + id, "").response();
- }
- } catch (IDMStoreException se) {
- return new IDMError(500, "internal error deleting role", se.getMessage()).response();
- }
- IdmLightProxy.clearClaimCache();
- return Response.status(204).build();
- }
-
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java
deleted file mode 100644
index 1649faa2..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/UserHandler.java
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm.rest;
-
-import java.util.Collection;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.model.IDMError;
-import org.opendaylight.aaa.api.model.User;
-import org.opendaylight.aaa.api.model.Users;
-import org.opendaylight.aaa.idm.IdmLightApplication;
-import org.opendaylight.aaa.idm.IdmLightProxy;
-import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * REST application used to manipulate the H2 database users table. The REST
- * endpoint is <code>/auth/v1/users</code>.
- *
- * The following provides examples of how curl commands and payloads to utilize
- * the users REST endpoint:
- *
- * <b>Get All Users</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users</code>
- *
- * <b>Get A Specific User</b>
- * <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/users/{id}</code>
- *
- * <b>Create A User</b>
- * <code>curl -u admin:admin -X POST -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users</code>
- * An example of user.json file is:
- * <code>{
- * "name": "admin2",
- * "password", "admin2",
- * "domain": "sdn"
- * }</code>
- *
- * <b>Update A User</b>
- * <code>curl -u admin:admin -X PUT -H "Content-type: application/json" --data-binary {@literal @}user.json http://{HOST}:{PORT}/auth/v1/users/{id}</code>
- * An example of user.json file is:
- * <code>{
- * "name": "admin2",
- * "password", "admin2",
- * "domain": "sdn",
- * "description", "Simple description."
- * }</code>
- *
- * <b>Delete A User</b>
- * <code>curl -u admin:admin -X DELETE http://{HOST}:{PORT}/auth/v1/users/{id}</code>
- *
- * @author peter.mellquist@hp.com
- * @author Ryan Goulding (ryandgoulding@gmail.com)
- */
-@Path("/v1/users")
-public class UserHandler {
-
- private static final Logger LOG = LoggerFactory.getLogger(UserHandler.class);
-
- /**
- * If a user is created through the <code>/auth/v1/users</code> rest
- * endpoint without a password, the default password is assigned to the
- * user.
- */
- private final static String DEFAULT_PWD = "changeme";
-
- /**
- * When an HTTP GET is performed on <code>/auth/v1/users</code>, the
- * password field is replaced with <code>REDACTED_PASSWORD</code> for
- * security reasons.
- */
- private static final String REDACTED_PASSWORD = "**********";
-
- /**
- * When an HTTP GET is performed on <code>/auth/v1/users</code>, the salt
- * field is replaced with <code>REDACTED_SALT</code> for security reasons.
- */
- private static final String REDACTED_SALT = "**********";
-
- /**
- * When creating a user, the description is optional and defaults to an
- * empty string.
- */
- private static final String DEFAULT_DESCRIPTION = "";
-
- /**
- * When creating a user, the email is optional and defaults to an empty
- * string.
- */
- private static final String DEFAULT_EMAIL = "";
-
- /**
- * Extracts all users. The password and salt fields are redacted for
- * security reasons.
- *
- * @return A response containing the users, or internal error if one occurs
- */
- @GET
- @Produces("application/json")
- public Response getUsers() {
- LOG.info("GET /auth/v1/users (extracts all users)");
-
- try {
- final Users users = AAAIDMLightModule.getStore().getUsers();
-
- // Redact the password and salt for security purposes.
- final Collection<User> usersList = users.getUsers();
- for (User user : usersList) {
- redactUserPasswordInfo(user);
- }
-
- return Response.ok(users).build();
- } catch (IDMStoreException se) {
- return internalError("getting", se);
- }
- }
-
- /**
- * Extracts the user represented by <code>id</code>. The password and salt
- * fields are redacted for security reasons.
- *
- * @param id the unique id of representing the user account
- * @return A response with the user information, or internal error if one occurs
- */
- @GET
- @Path("/{id}")
- @Produces("application/json")
- public Response getUser(@PathParam("id") String id) {
- LOG.info("GET auth/v1/users/ {} (extract user with specified id)", id);
-
- try {
- final User user = AAAIDMLightModule.getStore().readUser(id);
-
- if (user == null) {
- final String error = "user not found! id: " + id;
- return new IDMError(404, error, "").response();
- }
-
- // Redact the password and salt for security purposes.
- redactUserPasswordInfo(user);
-
- return Response.ok(user).build();
- } catch (IDMStoreException se) {
- return internalError("getting", se);
- }
- }
-
- /**
- * REST endpoint to create a user. Name and domain are required attributes,
- * and all other fields (description, email, password, enabled) are
- * optional. Optional fields default in the following manner:
- * <code>description</code>: An empty string (<code>""</code>).
- * <code>email</code>: An empty string (<code>""</code>).
- * <code>password</code>: <code>changeme</code> <code>enabled</code>:
- * <code>true</code>
- *
- * If a password is not provided, please ensure you change the default
- * password ASAP for security reasons!
- *
- * @param info passed from Jersey
- * @param user the user defined in the JSON payload
- * @return A response stating success or failure of user creation
- */
- @POST
- @Consumes("application/json")
- @Produces("application/json")
- public Response createUser(@Context UriInfo info, User user) {
- LOG.info("POST /auth/v1/users (create a user with the specified payload");
-
- // The "enabled" field is optional, and defaults to true.
- if (user.isEnabled() == null) {
- user.setEnabled(true);
- }
-
- // The "name" field is required.
- final String userName = user.getName();
- if (userName == null) {
- return missingRequiredField("name");
- }
- // The "name" field has a maximum length.
- if (userName.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- // The "domain field is required.
- final String domainId = user.getDomainid();
- if (domainId == null) {
- return missingRequiredField("domain");
- }
- // The "domain" field has a maximum length.
- if (domainId.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- // The "description" field is optional and defaults to "".
- final String userDescription = user.getDescription();
- if (userDescription == null) {
- user.setDescription(DEFAULT_DESCRIPTION);
- }
- // The "description" field has a maximum length.
- if (userDescription.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- // The "email" field is optional and defaults to "".
- final String userEmail = user.getEmail();
- if (userEmail == null) {
- user.setEmail(DEFAULT_EMAIL);
- }
- if (userEmail.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN);
- }
- // TODO add a check on email format here.
-
- // The "password" field is optional and defautls to "changeme".
- final String userPassword = user.getPassword();
- if (userPassword == null) {
- user.setPassword(DEFAULT_PWD);
- } else if (userPassword.length() > IdmLightApplication.MAX_FIELD_LEN) {
- return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- try {
- // At this point, fields have been properly verified. Create the
- // user account
- final User createdUser = AAAIDMLightModule.getStore().writeUser(user);
- user.setUserid(createdUser.getUserid());
- } catch (IDMStoreException se) {
- return internalError("creating", se);
- }
-
- // Redact the password and salt for security reasons.
- redactUserPasswordInfo(user);
- // TODO report back to the client a warning message to change the
- // default password if none was specified.
- return Response.status(201).entity(user).build();
- }
-
- /**
- * REST endpoint to update a user account.
- *
- * @param info passed from Jersey
- * @param user the user defined in the JSON payload
- * @param id the unique id for the user that will be updated
- * @return A response stating success or failure of the user update
- */
- @PUT
- @Path("/{id}")
- @Consumes("application/json")
- @Produces("application/json")
- public Response putUser(@Context UriInfo info, User user, @PathParam("id") String id) {
-
- LOG.info("PUT /auth/v1/users/{} (Updates a user account)", id);
-
- try {
- user.setUserid(id);
-
- if (checkInputFieldLength(user.getPassword())) {
- return providedFieldTooLong("password", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- if (checkInputFieldLength(user.getName())) {
- return providedFieldTooLong("name", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- if (checkInputFieldLength(user.getDescription())) {
- return providedFieldTooLong("description", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- if (checkInputFieldLength(user.getEmail())) {
- return providedFieldTooLong("email", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- if (checkInputFieldLength(user.getDomainid())) {
- return providedFieldTooLong("domain", IdmLightApplication.MAX_FIELD_LEN);
- }
-
- user = AAAIDMLightModule.getStore().updateUser(user);
- if (user == null) {
- return new IDMError(404, String.format("User not found for id %s", id), "").response();
- }
-
- IdmLightProxy.clearClaimCache();
-
- // Redact the password and salt for security reasons.
- redactUserPasswordInfo(user);
- return Response.status(200).entity(user).build();
- } catch (IDMStoreException se) {
- return internalError("updating", se);
- }
- }
-
- /**
- * REST endpoint to delete a user account.
- *
- * @param info passed from Jersey
- * @param id the unique id of the user which is being deleted
- * @return A response stating success or failure of user deletion
- */
- @DELETE
- @Path("/{id}")
- public Response deleteUser(@Context UriInfo info, @PathParam("id") String id) {
- LOG.info("DELETE /auth/v1/users/{} (Delete a user account)", id);
-
- try {
- final User user = AAAIDMLightModule.getStore().deleteUser(id);
-
- if (user == null) {
- return new IDMError(404,
- String.format("Error deleting user. " +
- "Couldn't find user with id %s", id),
- "").response();
- }
- } catch (IDMStoreException se) {
- return internalError("deleting", se);
- }
-
- // Successfully deleted the user; report success to the client.
- IdmLightProxy.clearClaimCache();
- return Response.status(204).build();
- }
-
- /**
- * Creates a <code>Response</code> related to an internal server error.
- *
- * @param verbal such as "creating", "deleting", "updating"
- * @param e The exception, which is propagated in the response
- * @return A response containing internal error with specific reasoning
- */
- private Response internalError(final String verbal, final Exception e) {
- LOG.error("There was an internal error {} the user", verbal, e);
- return new IDMError(500,
- String.format("There was an internal error %s the user", verbal),
- e.getMessage()).response();
- }
-
- /**
- * Creates a <code>Response</code> related to the user not providing a
- * required field.
- *
- * @param fieldName the name of the field which is missing
- * @return A response explaining that the request is missing a field
- */
- private Response missingRequiredField(final String fieldName) {
-
- return new IDMError(400,
- String.format("%s is required to create the user account. " +
- "Please provide a %s in your payload.", fieldName, fieldName),
- "").response();
- }
-
- /**
- * Creates a <code>Response</code> related to the user providing a field
- * that is too long.
- *
- * @param fieldName the name of the field that is too long
- * @param maxFieldLength the maximum length of <code>fieldName</code>
- * @return A response containing the bad field and the maximum field length
- */
- private Response providedFieldTooLong(final String fieldName, final int maxFieldLength) {
-
- return new IDMError(400,
- getProvidedFieldTooLongMessage(fieldName, maxFieldLength),
- "").response();
- }
-
- /**
- * Creates the client-facing message related to the user providing a field
- * that is too long.
- *
- * @param fieldName the name of the field that is too long
- * @param maxFieldLength the maximum length of <code>fieldName</code>
- * @return
- */
- private static String getProvidedFieldTooLongMessage(final String fieldName,
- final int maxFieldLength) {
-
- return String.format("The provided {} field is too long. " +
- "The max length is {}.", fieldName, maxFieldLength);
- }
-
- /**
- * Prepares a user account for output by redacting the appropriate fields.
- * This method side-effects the <code>user</code> parameter.
- *
- * @param user the user account which will have fields redacted
- */
- private static void redactUserPasswordInfo(final User user) {
- user.setPassword(REDACTED_PASSWORD);
- user.setSalt(REDACTED_SALT);
- }
-
- /**
- * Validate the input field length
- *
- * @param inputField
- * @return true if input field bigger than the MAX_FIELD_LEN
- */
- private boolean checkInputFieldLength(final String inputField) {
- return inputField != null && (inputField.length() > IdmLightApplication.MAX_FIELD_LEN);
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java
deleted file mode 100644
index f865162a..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/aaa/idm/rest/VersionHandler.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.idm.rest;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-
-import org.opendaylight.aaa.api.model.Version;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- * @author peter.mellquist@hp.com
- *
- */
-@Deprecated
-@Path("/")
-public class VersionHandler {
- private static final Logger LOG = LoggerFactory.getLogger(VersionHandler.class);;
-
- protected static String CURRENT_VERSION = "v1";
- protected static String LAST_UPDATED = "2014-04-18T18:30:02.25Z";
- protected static String CURRENT_STATUS = "CURRENT";
-
- @GET
- @Produces("application/json")
- public Version getVersion(@Context HttpServletRequest request) {
- LOG.info("Get /");
- Version version = new Version();
- version.setId(CURRENT_VERSION);
- version.setUpdated(LAST_UPDATED);
- version.setStatus(CURRENT_STATUS);
- return version;
- }
-
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java
deleted file mode 100644
index d6872635..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModule.java
+++ /dev/null
@@ -1,90 +0,0 @@
-package org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204;
-
-import org.opendaylight.aaa.api.CredentialAuth;
-import org.opendaylight.aaa.api.IDMStoreException;
-import org.opendaylight.aaa.api.IIDMStore;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.aaa.idm.IdmLightProxy;
-import org.opendaylight.aaa.idm.StoreBuilder;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceReference;
-import org.osgi.framework.ServiceRegistration;
-import org.osgi.util.tracker.ServiceTracker;
-import org.osgi.util.tracker.ServiceTrackerCustomizer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class AAAIDMLightModule extends org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AbstractAAAIDMLightModule {
-
- private static final Logger LOG = LoggerFactory.getLogger(AAAIDMLightModule.class);
- private BundleContext bundleContext = null;
- private static volatile IIDMStore store = null;
-
- public AAAIDMLightModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) {
- super(identifier, dependencyResolver);
- }
-
- public AAAIDMLightModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier, org.opendaylight.controller.config.api.DependencyResolver dependencyResolver, org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule oldModule, java.lang.AutoCloseable oldInstance) {
- super(identifier, dependencyResolver, oldModule, oldInstance);
- }
-
- @Override
- public void customValidation() {
- // add custom validation form module attributes here.
- }
-
- @Override
- public java.lang.AutoCloseable createInstance() {
- final IdmLightProxy proxy = new IdmLightProxy();
- final ServiceRegistration<?> idmService = bundleContext.registerService(IdMService.class.getName(), proxy, null);
- final ServiceRegistration<?> clientAuthService = bundleContext.registerService(CredentialAuth.class.getName(), proxy, null);
-
- final ServiceTracker<IIDMStore, IIDMStore> storeServiceTracker = new ServiceTracker<>(bundleContext, IIDMStore.class,
- new ServiceTrackerCustomizer<IIDMStore, IIDMStore>() {
- @Override
- public IIDMStore addingService(ServiceReference<IIDMStore> reference) {
- store = reference.getBundle().getBundleContext().getService(reference);
- LOG.info("IIDMStore service {} was found", store.getClass());
- try {
- StoreBuilder.init(store);
- } catch (IDMStoreException e) {
- LOG.error("Failed to initialize data in store", e);
- }
-
- return store;
- }
-
- @Override
- public void modifiedService(ServiceReference<IIDMStore> reference, IIDMStore service) {
- }
-
- @Override
- public void removedService(ServiceReference<IIDMStore> reference, IIDMStore service) {
- }
- });
-
- storeServiceTracker.open();
-
- LOG.info("AAA IDM Light Module Initialized");
- return new AutoCloseable() {
- @Override
- public void close() throws Exception {
- idmService.unregister();
- clientAuthService.unregister();
- storeServiceTracker.close();
- }
- };
- }
-
- public void setBundleContext(BundleContext b){
- this.bundleContext = b;
- }
-
- public static final IIDMStore getStore(){
- return store;
- }
-
- public static final void setStore(IIDMStore s){
- store = s;
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java b/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java
deleted file mode 100644
index de277da8..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/java/org/opendaylight/yang/gen/v1/config/aaa/authn/idmlight/rev151204/AAAIDMLightModuleFactory.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-* Generated file
-*
-* Generated from: yang module name: aaa-idmlight yang module local name: aaa-idmlight
-* Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
-* Generated at: Fri Dec 04 11:37:37 PST 2015
-*
-* Do not modify this file unless it is present under src/main directory
-*/
-package org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204;
-
-import org.opendaylight.controller.config.api.DependencyResolver;
-import org.osgi.framework.BundleContext;
-
-public class AAAIDMLightModuleFactory extends org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AbstractAAAIDMLightModuleFactory {
- @Override
- public AAAIDMLightModule instantiateModule(String instanceName, DependencyResolver dependencyResolver, AAAIDMLightModule oldModule, AutoCloseable oldInstance, BundleContext bundleContext) {
- AAAIDMLightModule module = super.instantiateModule(instanceName, dependencyResolver, oldModule, oldInstance, bundleContext);
- module.setBundleContext(bundleContext);
- return module;
- }
-
- @Override
- public AAAIDMLightModule instantiateModule(String instanceName, DependencyResolver dependencyResolver, BundleContext bundleContext) {
- AAAIDMLightModule module = super.instantiateModule(instanceName, dependencyResolver, bundleContext);
- module.setBundleContext(bundleContext);
- return module;
- }
-}
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml
deleted file mode 100644
index facba131..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/WEB-INF/web.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
-
- <servlet>
- <servlet-name>IdmLight</servlet-name>
- <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
- <init-param>
- <param-name>javax.ws.rs.Application</param-name>
- <param-value>org.opendaylight.aaa.idm.IdmLightApplication</param-value>
- </init-param>
- <init-param>
- <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name><param-value>true</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>IdmLight</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-
- <context-param>
- <param-name>shiroEnvironmentClass</param-name>
- <param-value>org.opendaylight.aaa.shiro.web.env.KarafIniWebEnvironment</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
- </listener>
-
- <filter>
- <filter-name>ShiroFilter</filter-name>
- <filter-class>org.opendaylight.aaa.shiro.filters.AAAFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>ShiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>cross-origin-restconf</filter-name>
- <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
- <init-param>
- <param-name>allowedOrigins</param-name>
- <param-value>*</param-value>
- </init-param>
- <init-param>
- <param-name>allowedMethods</param-name>
- <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
- </init-param>
- <init-param>
- <param-name>allowedHeaders</param-name>
- <param-value>origin, content-type, accept, authorization, Authorization</param-value>
- </init-param>
- </filter>
-
- <filter-mapping>
- <filter-name>cross-origin-restconf</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>NB api</web-resource-name>
- <url-pattern>/*</url-pattern>
- <http-method>POST</http-method>
- <http-method>GET</http-method>
- <http-method>PUT</http-method>
- <http-method>PATCH</http-method>
- <http-method>DELETE</http-method>
- <http-method>HEAD</http-method>
- </web-resource-collection>
- </security-constraint>
-
-</web-app>
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py
deleted file mode 100755
index b14a8758..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/idmtool.py
+++ /dev/null
@@ -1,255 +0,0 @@
-#!/usr/bin/env python
-
-#
-# Copyright (c) 2016 Brocade Communications Systems and others. All rights reserved.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License v1.0 which accompanies this distribution,
-# and is available at http://www.eclipse.org/legal/epl-v10.html
-#
-
-'''
-idmtool
-
-Used to manipulate ODL AAA idm on a node-per-node basis. Assumes only one domain (sdn)
-since current support in ODL is limited.
-'''
-
-__author__ = "Ryan Goulding"
-__copyright__ = "Copyright (c) 2016 Brocade Communications Systems and others"
-__credits__ = "Ryan Goulding"
-__license__ = "EPL"
-__version__ = "1.0"
-__maintainer__ = "Ryan Goulding"
-__email__ = "ryandgoulding@gmail.com"
-__status__ = "Production"
-
-import argparse, getpass, json, requests, sys
-
-parser = argparse.ArgumentParser('idmtool')
-
-user=''
-hostname='localhost'
-protocol='http'
-port='8181'
-target_host='{}://{}:{}/'.format(protocol, hostname, port)
-
-# main program arguments
-parser.add_argument('user',help='username for BSC node', nargs=1)
-parser.add_argument('--target-host', help="target host node", nargs=1)
-
-subparsers = parser.add_subparsers(help='sub-command help')
-
-# users table related
-list_users = subparsers.add_parser('list-users', help='list all users')
-list_users.set_defaults(func=list_users)
-add_user = subparsers.add_parser('add-user', help='add a user')
-add_user.set_defaults(func=add_user)
-add_user.add_argument('newUser', help='new user name', nargs=1)
-change_password = subparsers.add_parser('change-password', help='change a password')
-change_password.set_defaults(func=change_password)
-change_password.add_argument('userid', help='change the password for a particular userid', nargs=1)
-delete_user = subparsers.add_parser('delete-user', help='delete a user')
-delete_user.add_argument('userid', help='name@sdn', nargs=1)
-delete_user.set_defaults(func=delete_user)
-
-# domains table related
-# only read is defined; this was done on purpose since the "domain" concept
-# is mostly unsupported in ODL.
-list_domains = subparsers.add_parser('list-domains', help='list all domains')
-list_domains.set_defaults(func=list_domains)
-
-# roles table related
-list_roles = subparsers.add_parser('list-roles', help='list all roles')
-list_roles.set_defaults(func=list_roles)
-add_role = subparsers.add_parser('add-role', help='add a role')
-add_role.add_argument('role', help='role name', nargs=1)
-add_role.set_defaults(func=add_role)
-delete_role = subparsers.add_parser('delete-role', help='delete a role')
-delete_role.add_argument('roleid', help='rolename@sdn', nargs=1)
-delete_role.set_defaults(func=delete_role)
-add_grant = subparsers.add_parser('add-grant', help='add a grant')
-add_grant.set_defaults(func=add_grant)
-add_grant.add_argument('userid', help="username@sdn", nargs=1)
-add_grant.add_argument('roleid', help="role@sdn", nargs=1)
-get_grants = subparsers.add_parser('get-grants', help='get grants for userid on sdn')
-get_grants.set_defaults(func=get_grants)
-get_grants.add_argument('userid', help="username@sdn", nargs=1)
-delete_grant = subparsers.add_parser('delete-grant', help='delete a grant')
-delete_grant.add_argument('userid', help='username@sdn', nargs=1)
-delete_grant.add_argument('roleid', help='role@sdn', nargs=1)
-delete_grant.set_defaults(func=delete_grant)
-
-def process_result(r):
- ''' Generic method to print result of a REST call '''
- print ''
- sc = r.status_code
- if sc >= 200 and sc < 300:
- print "command succeeded!"
- try:
- res = r.json()
- if res is not None:
- print '\njson:\n', json.dumps(res, indent=4, sort_keys=True)
- except(ValueError):
- pass
- elif sc == 401:
- print "Incorrect Credentials Provided"
- elif sc == 404:
- print "RESTconf is either not installed or not initialized yet"
- elif sc >= 500 and sc < 600:
- print "Internal Server Error Ocurred"
- else:
- print "Unknown error; HTTP status code: {}".format(sc)
-
-def get_request(user, password, url, description, outputResult=True):
- if outputResult:
- print description
- try:
- r = requests.get(url, auth=(user,password))
- if outputResult:
- process_result(r)
- return r
- except(requests.exceptions.ConnectionError):
- if outputResult:
- print "Unable to connect; are you sure the controller is up?"
- sys.exit(1)
-
-def post_request(user, password, url, description, payload, params):
- print description
- try:
- r = requests.post(url, auth=(user,password), data=payload, headers=params)
- process_result(r)
- except(requests.exceptions.ConnectionError):
- print "Unable to connect; are you sure the controller is up?"
- sys.exit(1)
-
-def put_request(user, password, url, description, payload, params):
- print description
- try:
- r = requests.put(url, auth=(user,password), data=payload, headers=params)
- process_result(r)
- except(requests.exceptions.ConnectionError):
- print "Unable to connect; are you sure the controller is up?"
- sys.exit(1)
-
-def delete_request(user, password, url, description, payload='', params={'Content-Type':'application/json'}):
- print description
- try:
- r = requests.delete(url, auth=(user,password), data=payload, headers=params)
- process_result(r)
- except(requests.exceptions.ConnectionError):
- print "Unable to connect; are you sure the controller is up?"
- sys.exit(1)
-
-def poll_new_password():
- new_password = getpass.getpass(prompt="Enter new password: ")
- new_password_repeated = getpass.getpass(prompt="Re-enter password: ")
- if new_password != new_password_repeated:
- print "Passwords did not match; cancelling the add_user request"
- sys.exit(1)
- return new_password
-
-def list_users(user, password):
- get_request(user, password, target_host + 'auth/v1/users', 'list_users')
-
-def add_user(user, password, newUser):
- new_password = poll_new_password()
- description = 'add_user({})'.format(user)
- url = target_host + 'auth/v1/users'
- payload = {'name':newUser, 'password':new_password, 'description':'', "domainid":"sdn", 'userid':'{}@sdn'.format(newUser), 'email':''}
- jsonpayload = json.dumps(payload)
- headers={'Content-Type':'application/json'}
- post_request(user, password, url, description, jsonpayload, headers)
-
-def delete_user(user, password, userid):
- url = target_host + 'auth/v1/users/{}'.format(userid)
- description = 'delete_user({})'.format(userid)
- delete_request(user, password, url, description)
-
-def change_password(user, password, existingUserId):
- url = target_host + 'auth/v1/users/{}'.format(existingUserId)
- r = get_request(user, password, target_host + 'auth/v1/users/{}'.format(existingUserId), 'list_users', outputResult=False)
- try:
- existing = r.json()
- del existing['salt']
- del existing['password']
- new_password = poll_new_password()
- existing['password'] = new_password
- description='change_password({})'.format(existingUserId)
- headers={'Content-Type':'application/json'}
- url = target_host + 'auth/v1/users/{}'.format(existingUserId)
- put_request(user, password, url, 'change_password({})'.format(user), json.dumps(existing), headers)
- except(AttributeError):
- print "Unable to connect; are you sure the controller is up?"
- sys.exit(1)
-
-def list_domains(user, password):
- get_request(user, password, target_host + 'auth/v1/domains', 'list_domains')
-
-def list_roles(user, password):
- get_request(user, password, target_host + 'auth/v1/roles', 'list_roles')
-
-def add_role(user, password, role):
- url = target_host + 'auth/v1/roles'
- description = 'add_role({})'.format(role)
- payload = {"roleid":'{}@sdn'.format(role), 'name':role, 'description':'', 'domainid':'sdn'}
- data = json.dumps(payload)
- headers={'Content-Type':'application/json'}
- post_request(user, password, url, description, data, headers)
-
-def delete_role(user, password, roleid):
- url = target_host + 'auth/v1/roles/{}'.format(roleid)
- description = 'delete_role({})'.format(roleid)
- delete_request(user, password, url, description)
-
-def add_grant(user, password, userid, roleid):
- description = 'add_grant(userid={},roleid={})'.format(userid, roleid)
- payload = {"roleid":roleid, "userid":userid, "grantid":'{}@{}@{}'.format(userid, roleid, "sdn"), "domainid":"sdn"}
- url = target_host + 'auth/v1/domains/sdn/users/{}/roles'.format(userid)
- data=json.dumps(payload)
- headers={'Content-Type':'application/json'}
- post_request(user, password, url, description, data, headers)
-
-def get_grants(user, password, userid):
- get_request(user, password, target_host + 'auth/v1/domains/sdn/users/{}/roles'.format(userid), 'get_grants({})'.format(userid))
-
-def delete_grant(user, password, userid, roleid):
- url = target_host + 'auth/v1/domains/sdn/users/{}/roles/{}'.format(userid, roleid)
- print url
- description = 'delete_grant(userid={},roleid={})'.format(userid, roleid)
- delete_request(user, password, url, description)
-
-args = parser.parse_args()
-command = args.func.prog.split()[1:]
-user = args.user[0]
-password = getpass.getpass()
-temp_host_arr = args.target_host
-if temp_host_arr is not None:
- temp_host_val = temp_host_arr[0]
- if temp_host_val is not None:
- target_host = temp_host_val
- if not target_host.endswith("/"):
- target_host += "/"
-if "list-users" in command:
- list_users(user,password)
-if "list-domains" in command:
- list_domains(user,password)
-if "list-roles" in command:
- list_roles(user,password)
-if "add-user" in command:
- add_user(user,password, args.newUser[0])
-if "add-grant" in command:
- add_grant(user,password, args.userid[0], args.roleid[0])
-if "get-grants" in command:
- get_grants(user,password, args.userid[0])
-if "change-password" in command:
- change_password(user, password, args.userid[0])
-if "delete-user" in command:
- delete_user(user, password, args.userid[0])
-if "delete-role" in command:
- delete_role(user, password, args.roleid[0])
-if "add-role" in command:
- add_role(user, password, args.role[0])
-if "delete-grant" in command:
- delete_grant(user, password, args.userid[0], args.roleid[0])
-
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml b/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml
deleted file mode 100644
index 695ce762..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/resources/initial/08-aaa-idmlight-config.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- vi: set et smarttab sw=4 tabstop=4: -->
-<!--
- Copyright (c) 2015 Cisco Systems, Inc. and others. All rights reserved.
-
- This program and the accompanying materials are made available under the
- terms of the Eclipse Public License v1.0 which accompanies this distribution,
- and is available at http://www.eclipse.org/legal/epl-v10.html
--->
-<snapshot>
- <configuration>
- <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
- <modules xmlns="urn:opendaylight:params:xml:ns:yang:controller:config">
- <module>
- <type xmlns:authn="config:aaa:authn:idmlight">authn:aaa-idmlight</type>
- <name>aaa-idmlight</name>
- </module>
- </modules>
- </data>
- </configuration>
- <required-capabilities>
- <capability>config:aaa:authn:idmlight?module=aaa-idmlight&amp;revision=2015-12-04</capability>
- </required-capabilities>
-
-</snapshot>
-
diff --git a/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang b/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang
deleted file mode 100644
index 4f28d755..00000000
--- a/odl-aaa-moon/aaa/aaa-idmlight/src/main/yang/aaa-idmlight.yang
+++ /dev/null
@@ -1,28 +0,0 @@
-module aaa-idmlight {
- yang-version 1;
- namespace "config:aaa:authn:idmlight";
- prefix "aaa-idmlight";
- organization "OpenDayLight";
-
- import config { prefix config; revision-date 2013-04-05; }
- import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; }
-
- contact "saichler@gmail.com";
-
- revision 2015-12-04 {
- description
- "Initial revision.";
- }
-
- identity aaa-idmlight {
- base config:module-type;
- config:java-name-prefix AAAIDMLight;
- }
-
- augment "/config:modules/config:module/config:configuration" {
- case aaa-idmlight {
- when "/config:modules/config:module/config:type = 'aaa-idmlight'";
- }
- }
-
-}