aboutsummaryrefslogtreecommitdiffstats
path: root/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main')
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java150
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java46
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java129
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java100
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java47
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java69
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java121
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java103
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java76
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java53
-rw-r--r--upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang115
11 files changed, 0 insertions, 1009 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java
deleted file mode 100644
index d4ac79af..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzBrokerImpl.java
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import java.util.Collection;
-
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
-import org.opendaylight.controller.sal.core.api.Broker;
-import org.opendaylight.controller.sal.core.api.Consumer;
-import org.opendaylight.controller.sal.core.api.Provider;
-import org.osgi.framework.BundleContext;
-
-/**
- * Created by wdec on 26/08/2014.
- */
-public class AuthzBrokerImpl implements Broker, AutoCloseable, Provider {
-
- private Broker broker;
- private ProviderSession providerSession;
- private AuthenticationService authenticationService;
-
- public void setBroker(Broker broker) {
- this.broker = broker;
- }
-
- @Override
- public void close() throws Exception {
-
- }
-
- // Implements AuthzBroker handling of registering consumers or providers.
- @Override
- public ConsumerSession registerConsumer(Consumer consumer) {
-
- ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer));
- AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession,
- this);
- consumer.onSessionInitiated(authzConsumerContext);
- return authzConsumerContext;
- }
-
- @Override
- public ConsumerSession registerConsumer(Consumer consumer, BundleContext bundleContext) {
-
- ConsumerSession realSession = broker.registerConsumer(new ConsumerWrapper(consumer),
- bundleContext);
- AuthzConsumerContextImpl authzConsumerContext = new AuthzConsumerContextImpl(realSession,
- this);
- consumer.onSessionInitiated(authzConsumerContext);
- return authzConsumerContext;
- }
-
- @Override
- public ProviderSession registerProvider(Provider provider) {
-
- ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider));
- AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession,
- this);
- provider.onSessionInitiated(authzProviderContext);
- return authzProviderContext;
- }
-
- @Override
- public ProviderSession registerProvider(Provider provider, BundleContext bundleContext) {
-
- // Allow the real broker to do its thing, while providing a wrapped
- // callback
- ProviderSession realSession = broker.registerProvider(new ProviderWrapper(provider),
- bundleContext);
-
- // Create Authz ProviderContext
- AuthzProviderContextImpl authzProviderContext = new AuthzProviderContextImpl(realSession,
- this);
-
- // Run onsessionInitiated on injected provider with the AuthZ provider
- // context.
- provider.onSessionInitiated(authzProviderContext);
- return authzProviderContext;
-
- }
-
- // Handle the AuthZBroker registration with the real broker
- @Override
- public void onSessionInitiated(ProviderSession providerSession) {
-
- // Get now the real DOMDataBroker and register it with the
- // AuthzDOMBroker together with the provider session
- final DOMDataBroker domDataBroker = providerSession.getService(DOMDataBroker.class);
- AuthzDomDataBroker.getInstance().setProviderSession(providerSession);
- AuthzDomDataBroker.getInstance().setDomDataBroker(domDataBroker);
- AuthzDomDataBroker.getInstance().setAuthService(this.authenticationService);
- }
-
- @Override
- public Collection<ProviderFunctionality> getProviderFunctionality() {
- return null;
- }
-
- public void setAuthenticationService(AuthenticationService authenticationService) {
- this.authenticationService = authenticationService;
- }
-
- // Wrapper for Provider
-
- public static class ProviderWrapper implements Provider {
- private final Provider provider;
-
- public ProviderWrapper(Provider provider) {
- this.provider = provider;
- }
-
- @Override
- public void onSessionInitiated(ProviderSession providerSession) {
- // Do a Noop when the real broker calls back
- }
-
- @Override
- public Collection<ProviderFunctionality> getProviderFunctionality() {
- // Allow the RestconfImpl to respond to this
- return provider.getProviderFunctionality();
- }
- }
-
- // Wrapper for Consumer
- public static class ConsumerWrapper implements Consumer {
-
- private final Consumer consumer;
-
- public ConsumerWrapper(Consumer consumer) {
- this.consumer = consumer;
- }
-
- @Override
- public void onSessionInitiated(ConsumerSession consumerSession) {
- // Do a Noop when the real broker calls back
- }
-
- @Override
- public Collection<ConsumerFunctionality> getConsumerFunctionality() {
- return consumer.getConsumerFunctionality();
- }
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java
deleted file mode 100644
index 07ba51cd..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzConsumerContextImpl.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
-import org.opendaylight.controller.sal.core.api.Broker;
-import org.opendaylight.controller.sal.core.api.Broker.ConsumerSession;
-import org.opendaylight.controller.sal.core.api.BrokerService;
-import org.opendaylight.controller.sal.core.spi.ForwardingConsumerSession;
-
-/**
- * Created by wdec on 28/08/2014.
- */
-public class AuthzConsumerContextImpl extends ForwardingConsumerSession {
-
- private final Broker.ConsumerSession realSession;
-
- public AuthzConsumerContextImpl(Broker.ConsumerSession realSession, AuthzBrokerImpl authzBroker) {
- this.realSession = realSession;
- }
-
- @Override
- protected ConsumerSession delegate() {
- return realSession;
- }
-
- @Override
- public <T extends BrokerService> T getService(Class<T> tClass) {
- T t;
- // Check for class and return Authz broker only for DOMBroker
- if (tClass == DOMDataBroker.class) {
- t = (T) AuthzDomDataBroker.getInstance();
- } else {
- t = realSession.getService(tClass);
- }
- // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t);
- return t;
- }
-
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java
deleted file mode 100644
index 4cc232bc..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDataReadWriteTransaction.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import com.google.common.base.Optional;
-import com.google.common.util.concurrent.CheckedFuture;
-import com.google.common.util.concurrent.Futures;
-import com.google.common.util.concurrent.ListenableFuture;
-
-import org.opendaylight.controller.md.sal.common.api.TransactionStatus;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
-import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction;
-import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType;
-import org.opendaylight.yangtools.yang.common.RpcResult;
-import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
-import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
-
-/**
- * Created by wdec on 26/08/2014.
- */
-public class AuthzDataReadWriteTransaction implements DOMDataReadWriteTransaction {
-
- private final DOMDataReadWriteTransaction domDataReadWriteTransaction;
-
- public AuthzDataReadWriteTransaction(DOMDataReadWriteTransaction domDataReadWriteTransaction) {
- this.domDataReadWriteTransaction = domDataReadWriteTransaction;
- }
-
- @Override
- public boolean cancel() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) {
- return domDataReadWriteTransaction.cancel();
- }
- return false;
- }
-
- @Override
- public void delete(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Delete)) {
- domDataReadWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier);
- }
- }
-
- @Override
- public CheckedFuture<Void, TransactionCommitFailedException> submit() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) {
- return domDataReadWriteTransaction.submit();
- }
- TransactionCommitFailedException e = new TransactionCommitFailedException(
- "Unauthorized User");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Deprecated
- @Override
- public ListenableFuture<RpcResult<TransactionStatus>> commit() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) {
- return domDataReadWriteTransaction.commit();
- }
- TransactionCommitFailedException e = new TransactionCommitFailedException(
- "Unauthorized User");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read(
- LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Read)) {
- return domDataReadWriteTransaction.read(logicalDatastoreType, yangInstanceIdentifier);
- }
- ReadFailedException e = new ReadFailedException("Authorization Failed");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public CheckedFuture<Boolean, ReadFailedException> exists(
- LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Exists)) {
- return domDataReadWriteTransaction.exists(logicalDatastoreType, yangInstanceIdentifier);
- }
- ReadFailedException e = new ReadFailedException("Authorization Failed");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public void put(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Put)) {
- domDataReadWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier,
- normalizedNode);
- }
- }
-
- @Override
- public void merge(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Merge)) {
- domDataReadWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier,
- normalizedNode);
- }
- }
-
- @Override
- public Object getIdentifier() {
- if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) {
- return domDataReadWriteTransaction.getIdentifier();
- }
- return null;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java
deleted file mode 100644
index 911f5a48..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzDomDataBroker.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import java.util.Map;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.TransactionChainListener;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataBrokerExtension;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataChangeListener;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataReadWriteTransaction;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction;
-import org.opendaylight.controller.md.sal.dom.api.DOMTransactionChain;
-import org.opendaylight.controller.sal.core.api.Broker;
-import org.opendaylight.controller.sal.core.api.BrokerService;
-import org.opendaylight.yangtools.concepts.ListenerRegistration;
-import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
-
-/**
- * Created by wdec on 26/08/2014.
- */
-public class AuthzDomDataBroker implements BrokerService, DOMDataBroker {
-
- private DOMDataBroker domDataBroker;
- private Broker.ProviderSession providerSession;
-
- private volatile AuthenticationService authService;
-
- final static AuthzDomDataBroker INSTANCE = new AuthzDomDataBroker();
-
- public static AuthzDomDataBroker getInstance() {
- return INSTANCE;
- }
-
- public void setDomDataBroker(DOMDataBroker domDataBroker) {
- this.domDataBroker = domDataBroker;
- }
-
- public void setProviderSession(Broker.ProviderSession providerSession) {
- this.providerSession = providerSession;
- }
-
- public void setAuthService(AuthenticationService authService) {
- this.authService = authService;
- }
-
- public AuthenticationService getAuthService() {
- return this.authService;
- }
-
- @Override
- public DOMDataReadOnlyTransaction newReadOnlyTransaction() {
- // new Authz transaction + inject real DOM Transaction
- DOMDataReadOnlyTransaction ro = domDataBroker.newReadOnlyTransaction();
-
- // return domDataBroker.newReadOnlyTransaction(); //Return original
- return new AuthzReadOnlyTransaction(ro);
- }
-
- @Override
- public Map<Class<? extends DOMDataBrokerExtension>, DOMDataBrokerExtension> getSupportedExtensions() {
- return domDataBroker.getSupportedExtensions();
- }
-
- @Override
- public DOMDataReadWriteTransaction newReadWriteTransaction() {
- // return new Authz transaction + inject real DOM Transaction
- DOMDataReadWriteTransaction rw = domDataBroker.newReadWriteTransaction();
- return new AuthzDataReadWriteTransaction(rw);
- }
-
- @Override
- public DOMDataWriteTransaction newWriteOnlyTransaction() {
- DOMDataWriteTransaction wo = domDataBroker.newWriteOnlyTransaction();
- return new AuthzWriteOnlyTransaction(wo);
- }
-
- @Override
- public ListenerRegistration<DOMDataChangeListener> registerDataChangeListener(
- LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier,
- DOMDataChangeListener domDataChangeListener, DataChangeScope dataChangeScope) {
- return domDataBroker.registerDataChangeListener(logicalDatastoreType,
- yangInstanceIdentifier, domDataChangeListener, dataChangeScope);
- }
-
- @Override
- public DOMTransactionChain createTransactionChain(
- TransactionChainListener transactionChainListener) {
- return domDataBroker.createTransactionChain(transactionChainListener);
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java
deleted file mode 100644
index dbfea6ed..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzProviderContextImpl.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import org.opendaylight.controller.md.sal.dom.api.DOMDataBroker;
-import org.opendaylight.controller.sal.core.api.Broker;
-import org.opendaylight.controller.sal.core.api.Broker.ProviderSession;
-import org.opendaylight.controller.sal.core.api.BrokerService;
-import org.opendaylight.controller.sal.core.spi.ForwardingProviderSession;
-
-/**
- * Created by wdec on 28/08/2014.
- */
-public class AuthzProviderContextImpl extends ForwardingProviderSession {
-
- private final Broker.ProviderSession realSession;
-
- public AuthzProviderContextImpl(Broker.ProviderSession providerSession,
- AuthzBrokerImpl authzBroker) {
- this.realSession = providerSession;
- }
-
- @Override
- protected ProviderSession delegate() {
- // TODO Auto-generated method stub
- return realSession;
- }
-
- @Override
- public <T extends BrokerService> T getService(Class<T> tClass) {
- T t;
- // Check for class and return Authz broker only for DOMBroker
- if (tClass == DOMDataBroker.class) {
- t = (T) AuthzDomDataBroker.getInstance();
- } else {
- t = realSession.getService(tClass);
- }
- // AuthzDomDataBroker.getInstance().setDomDataBroker((DOMDataBroker)t);
- return t;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java
deleted file mode 100644
index c46ffe7c..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzReadOnlyTransaction.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import com.google.common.base.Optional;
-import com.google.common.util.concurrent.CheckedFuture;
-import com.google.common.util.concurrent.Futures;
-
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.ReadFailedException;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataReadOnlyTransaction;
-import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType;
-import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
-import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
-
-/**
- * Created by wdec on 28/08/2014.
- */
-
-public class AuthzReadOnlyTransaction implements DOMDataReadOnlyTransaction {
-
- private final DOMDataReadOnlyTransaction ro;
-
- public AuthzReadOnlyTransaction(DOMDataReadOnlyTransaction ro) {
- this.ro = ro;
- }
-
- @Override
- public void close() {
- ro.close();
- }
-
- @Override
- public CheckedFuture<Optional<NormalizedNode<?, ?>>, ReadFailedException> read(
- LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Read)) {
- return ro.read(logicalDatastoreType, yangInstanceIdentifier);
- }
- ReadFailedException e = new ReadFailedException("Authorization Failed");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public CheckedFuture<Boolean, ReadFailedException> exists(
- LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(ActionType.Exists)) {
- return ro.exists(logicalDatastoreType, yangInstanceIdentifier);
- }
- ReadFailedException e = new ReadFailedException("Authorization Failed");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public Object getIdentifier() {
- if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) {
- return ro.getIdentifier();
- }
- return null;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java
deleted file mode 100644
index fb344812..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzServiceImpl.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import java.util.List;
-import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.controller.config.yang.config.aaa_authz.srv.Policies;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType;
-import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.AuthorizationResponseType;
-import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
-
-/**
- * @author lmukkama Date: 9/2/14
- */
-public class AuthzServiceImpl {
-
- private static List<Policies> listPolicies;
-
- private static final String WILDCARD_TOKEN = "*";
-
- public static boolean isAuthorized(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier, ActionType actionType) {
-
- AuthorizationResponseType authorizationResponseType = AuthzServiceImpl.reqAuthorization(
- actionType, logicalDatastoreType, yangInstanceIdentifier);
- return authorizationResponseType.equals(AuthorizationResponseType.Authorized);
- }
-
- public static boolean isAuthorized(ActionType actionType) {
- AuthorizationResponseType authorizationResponseType = AuthzServiceImpl
- .reqAuthorization(actionType);
- return authorizationResponseType.equals(AuthorizationResponseType.Authorized);
- }
-
- public static void setPolicies(List<Policies> policies) {
-
- AuthzServiceImpl.listPolicies = policies;
- }
-
- public static AuthorizationResponseType reqAuthorization(ActionType actionType) {
-
- AuthenticationService authenticationService = AuthzDomDataBroker.getInstance()
- .getAuthService();
- if (authenticationService != null && AuthzServiceImpl.listPolicies != null
- && AuthzServiceImpl.listPolicies.size() > 0) {
- Authentication authentication = authenticationService.get();
- if (authentication != null && authentication.roles() != null
- && authentication.roles().size() > 0) {
- return checkAuthorization(actionType, authentication);
- }
- }
- return AuthorizationResponseType.NotAuthorized;
- }
-
- public static AuthorizationResponseType reqAuthorization(ActionType actionType,
- LogicalDatastoreType logicalDatastoreType, YangInstanceIdentifier yangInstanceIdentifier) {
-
- AuthenticationService authenticationService = AuthzDomDataBroker.getInstance()
- .getAuthService();
-
- if (authenticationService != null && AuthzServiceImpl.listPolicies != null
- && AuthzServiceImpl.listPolicies.size() > 0) {
- // Authentication Service exists. Can do authorization checks
- Authentication authentication = authenticationService.get();
-
- if (authentication != null && authentication.roles() != null
- && authentication.roles().size() > 0) {
- // Authentication claim object exists with atleast one role
- return checkAuthorization(actionType, authentication, logicalDatastoreType,
- yangInstanceIdentifier);
- }
- }
-
- return AuthorizationResponseType.Authorized;
- }
-
- private static AuthorizationResponseType checkAuthorization(ActionType actionType,
- Authentication authentication, LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier) {
-
- for (Policies policy : AuthzServiceImpl.listPolicies) {
-
- // Action type is compared as string, since its type is string in
- // the config yang. Comparison is case insensitive
- if (authentication.roles().contains(policy.getRole().getValue())
- && (policy.getResource().getValue().equals(WILDCARD_TOKEN) || policy
- .getResource().getValue().equals(yangInstanceIdentifier.toString()))
- && (policy.getAction().toLowerCase()
- .equals(ActionType.Any.name().toLowerCase()) || actionType.name()
- .toLowerCase().equals(policy.getAction().toLowerCase()))) {
-
- return AuthorizationResponseType.Authorized;
- }
-
- }
-
- // For helium release we unauthorize other requests.
- return AuthorizationResponseType.NotAuthorized;
- }
-
- private static AuthorizationResponseType checkAuthorization(ActionType actionType,
- Authentication authentication) {
-
- for (Policies policy : AuthzServiceImpl.listPolicies) {
- if (authentication.roles().contains(policy.getRole().getValue())
- && (policy.getAction().equalsIgnoreCase(ActionType.Any.name()) || policy
- .getAction().equalsIgnoreCase(actionType.name()))) {
- return AuthorizationResponseType.Authorized;
- }
- }
- return AuthorizationResponseType.NotAuthorized;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java
deleted file mode 100644
index 1123b928..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/aaa/authz/srv/AuthzWriteOnlyTransaction.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.aaa.authz.srv;
-
-import com.google.common.util.concurrent.CheckedFuture;
-import com.google.common.util.concurrent.Futures;
-import com.google.common.util.concurrent.ListenableFuture;
-
-import org.opendaylight.controller.md.sal.common.api.TransactionStatus;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
-import org.opendaylight.controller.md.sal.dom.api.DOMDataWriteTransaction;
-import org.opendaylight.yang.gen.v1.urn.aaa.yang.authz.ds.rev140722.ActionType;
-import org.opendaylight.yangtools.yang.common.RpcResult;
-import org.opendaylight.yangtools.yang.data.api.YangInstanceIdentifier;
-import org.opendaylight.yangtools.yang.data.api.schema.NormalizedNode;
-
-/**
- * Created by wdec on 02/09/2014.
- */
-public class AuthzWriteOnlyTransaction implements DOMDataWriteTransaction {
-
- private final DOMDataWriteTransaction domDataWriteTransaction;
-
- public AuthzWriteOnlyTransaction(DOMDataWriteTransaction wo) {
- this.domDataWriteTransaction = wo;
- }
-
- @Override
- public void put(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Put)) {
- domDataWriteTransaction.put(logicalDatastoreType, yangInstanceIdentifier,
- normalizedNode);
- }
- }
-
- @Override
- public void merge(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier, NormalizedNode<?, ?> normalizedNode) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Merge)) {
- domDataWriteTransaction.merge(logicalDatastoreType, yangInstanceIdentifier,
- normalizedNode);
- }
- }
-
- @Override
- public boolean cancel() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Cancel)) {
- return domDataWriteTransaction.cancel();
- }
- return false;
- }
-
- @Override
- public void delete(LogicalDatastoreType logicalDatastoreType,
- YangInstanceIdentifier yangInstanceIdentifier) {
-
- if (AuthzServiceImpl.isAuthorized(logicalDatastoreType, yangInstanceIdentifier,
- ActionType.Delete)) {
- domDataWriteTransaction.delete(logicalDatastoreType, yangInstanceIdentifier);
- }
- }
-
- @Override
- public CheckedFuture<Void, TransactionCommitFailedException> submit() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Submit)) {
- return domDataWriteTransaction.submit();
- }
- TransactionCommitFailedException e = new TransactionCommitFailedException(
- "Unauthorized User");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Deprecated
- @Override
- public ListenableFuture<RpcResult<TransactionStatus>> commit() {
- if (AuthzServiceImpl.isAuthorized(ActionType.Commit)) {
- return domDataWriteTransaction.commit();
- }
- TransactionCommitFailedException e = new TransactionCommitFailedException(
- "Unauthorized User");
- return Futures.immediateFailedCheckedFuture(e);
- }
-
- @Override
- public Object getIdentifier() {
- if (AuthzServiceImpl.isAuthorized(ActionType.GetIdentifier)) {
- return domDataWriteTransaction.getIdentifier();
- }
- return null;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java
deleted file mode 100644
index a590b982..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModule.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.controller.config.yang.config.aaa_authz.srv;
-
-import org.opendaylight.aaa.api.AuthenticationService;
-import org.opendaylight.aaa.authz.srv.AuthzBrokerImpl;
-import org.opendaylight.aaa.authz.srv.AuthzServiceImpl;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceReference;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class AuthzSrvModule extends
- org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModule {
- private static final Logger LOG = LoggerFactory.getLogger(AuthzSrvModule.class);
- private static boolean simple_config_switch;
- private BundleContext bundleContext;
-
- public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier,
- org.opendaylight.controller.config.api.DependencyResolver dependencyResolver) {
- super(identifier, dependencyResolver);
- }
-
- public AuthzSrvModule(org.opendaylight.controller.config.api.ModuleIdentifier identifier,
- org.opendaylight.controller.config.api.DependencyResolver dependencyResolver,
- org.opendaylight.controller.config.yang.config.aaa_authz.srv.AuthzSrvModule oldModule,
- java.lang.AutoCloseable oldInstance) {
- super(identifier, dependencyResolver, oldModule, oldInstance);
- }
-
- @Override
- public void customValidation() {
- // checkNotNull(getDomBroker(), domBrokerJmxAttribute);
- }
-
- @Override
- public java.lang.AutoCloseable createInstance() {
-
- // Get new AuthZ Broker
- final AuthzBrokerImpl authzBrokerImpl = new AuthzBrokerImpl();
-
- // Provide real broker to the new Authz broker
- authzBrokerImpl.setBroker(getDomBrokerDependency());
-
- // Get AuthN service reference and register it with the authzBroker
- ServiceReference<AuthenticationService> authServiceReference = bundleContext
- .getServiceReference(AuthenticationService.class);
- AuthenticationService as = bundleContext.getService(authServiceReference);
- authzBrokerImpl.setAuthenticationService(as);
-
- // Set the policies list to authz serviceimpl
- AuthzServiceImpl.setPolicies(getPolicies());
-
- // Register AuthZ broker with the real Broker as a provider; triggers
- // "onSessionInitiated" in AuthzBrokerImpl
- getDomBrokerDependency().registerProvider(authzBrokerImpl);
- // TODO ActionType is of type string, not ENUM due to improper
- // serialization of ENUMs by config/netconf subsystem. This needs to be
- // fixed as soon as config/netconf fixes the problem.
- getAction();
-
- LOG.info("AuthZ Service Initialized from Config subsystem");
- return authzBrokerImpl;
-
- }
-
- public void setBundleContext(BundleContext bundleContext) {
- this.bundleContext = bundleContext;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java
deleted file mode 100644
index 3ff67f54..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/java/org/opendaylight/controller/config/yang/config/aaa_authz/srv/AuthzSrvModuleFactory.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-/*
- * Generated file
- *
- * Generated from: yang module name: aaa-authz-service-impl yang module local name: aaa-authz-service
- * Generated by: org.opendaylight.controller.config.yangjmxgenerator.plugin.JMXGenerator
- * Generated at: Thu Jul 24 11:19:40 CEST 2014
- *
- * Do not modify this file unless it is present under src/main directory
- */
-package org.opendaylight.controller.config.yang.config.aaa_authz.srv;
-
-import org.opendaylight.controller.config.api.DependencyResolver;
-import org.opendaylight.controller.config.api.DynamicMBeanWithInstance;
-import org.opendaylight.controller.config.spi.Module;
-import org.osgi.framework.BundleContext;
-
-public class AuthzSrvModuleFactory extends
- org.opendaylight.controller.config.yang.config.aaa_authz.srv.AbstractAuthzSrvModuleFactory {
-
- @Override
- public org.opendaylight.controller.config.spi.Module createModule(String instanceName,
- org.opendaylight.controller.config.api.DependencyResolver dependencyResolver,
- org.osgi.framework.BundleContext bundleContext) {
-
- final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName,
- dependencyResolver, bundleContext);
-
- module.setBundleContext(bundleContext);
-
- return module;
-
- }
-
- @Override
- public Module createModule(final String instanceName,
- final DependencyResolver dependencyResolver, final DynamicMBeanWithInstance old,
- final BundleContext bundleContext) throws Exception {
- final AuthzSrvModule module = (AuthzSrvModule) super.createModule(instanceName,
- dependencyResolver, old, bundleContext);
-
- module.setBundleContext(bundleContext);
-
- return module;
- }
-}
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang b/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang
deleted file mode 100644
index 954d0480..00000000
--- a/upstream/odl-aaa-moon/aaa/aaa-authz/aaa-authz-service/src/main/yang/aaa-authz-service-impl.yang
+++ /dev/null
@@ -1,115 +0,0 @@
-module aaa-authz-service-impl {
-
- yang-version 1;
- namespace "urn:opendaylight:params:xml:ns:yang:controller:config:aaa-authz:srv";
- prefix "aaa-authz-srv-impl";
-
- import config { prefix config; revision-date 2013-04-05; }
- import rpc-context { prefix rpcx; revision-date 2013-06-17; }
- import opendaylight-md-sal-binding { prefix mdsal; revision-date 2013-10-28; }
- import opendaylight-md-sal-dom {prefix dom;}
- import authorization-schema { prefix authzs; revision-date 2014-07-22; }
- import ietf-inet-types {prefix inet; revision-date 2010-09-24;}
-
- description
- "This module contains the base YANG definitions for
- AuthZ implementation.";
-
- revision "2014-07-01" {
- description
- "Initial revision.";
- }
-
-
- // This is the definition of the service implementation as a module identity.
- identity aaa-authz-service {
- base config:module-type;
- // Specifies the prefix for generated java classes.
- config:java-name-prefix AuthzSrv;
- config:provided-service dom:dom-broker-osgi-registry;
- }
-
- // Augments the 'configuration' choice node under modules/module.
-
- augment "/config:modules/config:module/config:configuration" {
- case aaa-authz-service {
- when "/config:modules/config:module/config:type = 'aaa-authz-service'";
-
-//Defines reference to the intended broker under the AuthZ broker
-
- container dom-broker {
- uses config:service-ref {
- refine type {
- mandatory true;
- config:required-identity dom:dom-broker-osgi-registry;
- }
- }
- }
-
- container data-broker {
- uses config:service-ref {
- refine type {
- mandatory true;
- config:required-identity mdsal:binding-data-broker;
-
- }
- }
- }
-
-//Simple Authz data leafs:
-
- leaf authz-role {
- type string;
- }
- leaf service {
- type authzs:service-type;
- }
-
- // ENUMs cannot be used right now (config subsystem + netconf cannot properly serialize enums), using strings instead
- // In the generated module use Enum.valueOf from that string.
- // Expected values are following strnigs: create, read, update, delete, execute, subscribe, any;
- leaf action {
- type string;
- description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
- //type authzs:action-type;
-
- }
- leaf resource {
- type authzs:resource-type;
-
- }
- leaf role {
- type authzs:role-type;
- }
-
-
-
- //TODO: Check why uses below doesn't make the outer list be part of the source name-space in yang code generator.
- //uses authzs:authorization-grp;
- list policies {
- key "service";
- leaf service {
- type authzs:service-type;
- }
- // Grouping uses ENUMs and enums are not correctly serialized in Config + Netconf
- // Same as with action one level ip
- leaf action {
- type string;
- description "String representation of enum authzs:action-type expecting following values create, read, update, delete, execute, subscribe, any";
- //type authzs:action-type;
- }
- leaf resource {
- type authzs:resource-type;
-
- }
- leaf role {
- type authzs:role-type;
-
- }
- }
-
-
- }
- }
-
-}