1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
/*
* Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
package org.opendaylight.aaa.idm.rest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.opendaylight.aaa.api.IDMStoreException;
import org.opendaylight.aaa.api.model.IDMError;
import org.opendaylight.aaa.api.model.Role;
import org.opendaylight.aaa.api.model.Roles;
import org.opendaylight.aaa.idm.IdmLightApplication;
import org.opendaylight.aaa.idm.IdmLightProxy;
import org.opendaylight.yang.gen.v1.config.aaa.authn.idmlight.rev151204.AAAIDMLightModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* REST application used to manipulate the H2 database roles table. The REST
* endpoint is <code>/auth/v1/roles</code>.
*
* The following provides examples of curl commands and payloads to utilize the
* roles REST endpoint:
*
* <b>Get All Roles</b>
* <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles</code>
*
* <b>Get A Specific Role</b>
* <code>curl -u admin:admin http://{HOST}:{PORT}/auth/v1/roles/{id}</code>
*
* <b>Create A Role</b>
* <code>curl -u admin:admin -X POST -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles</code>
* An example of role.json:
* <code>{
* "name":"IT Administrator",
* "description":"A user role for IT admins"
* }</code>
*
* <b>Update A Role</b>
* <code>curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary {@literal @}role.json http://{HOST}:{PORT}/auth/v1/roles/{id}</code>
* An example of role.json:
* <code>{
* "name":"IT Administrator Limited",
* "description":"A user role for IT admins who can only do one thing"
* }</code>
*
* @author peter.mellquist@hp.com
* @author Ryan Goulding (ryandgoulding@gmail.com)
*/
@Path("/v1/roles")
public class RoleHandler {
private static final Logger LOG = LoggerFactory.getLogger(RoleHandler.class);
/**
* Extracts all roles.
*
* @return A response with all roles in the H2 database, or internal error if one is encountered
*/
@GET
@Produces("application/json")
public Response getRoles() {
LOG.info("get /roles");
Roles roles = null;
try {
roles = AAAIDMLightModule.getStore().getRoles();
} catch (IDMStoreException se) {
return new IDMError(500, "internal error getting roles", se.getMessage()).response();
}
return Response.ok(roles).build();
}
/**
* Extract a specific role identified by <code>id</code>
*
* @param id the String id for the role
* @return A response with the role identified by <code>id</code>, or internal error if one is encountered
*/
@GET
@Path("/{id}")
@Produces("application/json")
public Response getRole(@PathParam("id") String id) {
LOG.info("get /roles/{}", id);
Role role = null;
try {
role = AAAIDMLightModule.getStore().readRole(id);
} catch (IDMStoreException se) {
return new IDMError(500, "internal error getting roles", se.getMessage()).response();
}
if (role == null) {
return new IDMError(404, "role not found id :" + id, "").response();
}
return Response.ok(role).build();
}
/**
* Creates a role.
*
* @param info passed from Jersey
* @param role the role JSON payload
* @return A response stating success or failure of role creation, or internal error if one is encountered
*/
@POST
@Consumes("application/json")
@Produces("application/json")
public Response createRole(@Context UriInfo info, Role role) {
LOG.info("Post /roles");
try {
// TODO: role names should be unique!
// name
if (role.getName() == null) {
return new IDMError(404, "name must be defined on role create", "").response();
} else if (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN) {
return new IDMError(400, "role name max length is :"
+ IdmLightApplication.MAX_FIELD_LEN, "").response();
}
// domain
if (role.getDomainid() == null) {
return new IDMError(404,
"The role's domain must be defined on role when creating a role.", "")
.response();
} else if (role.getDomainid().length() > IdmLightApplication.MAX_FIELD_LEN) {
return new IDMError(400, "role domain max length is :"
+ IdmLightApplication.MAX_FIELD_LEN, "").response();
}
// description
if (role.getDescription() == null) {
role.setDescription("");
} else if (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN) {
return new IDMError(400, "role description max length is :"
+ IdmLightApplication.MAX_FIELD_LEN, "").response();
}
role = AAAIDMLightModule.getStore().writeRole(role);
} catch (IDMStoreException se) {
return new IDMError(500, "internal error creating role", se.getMessage()).response();
}
return Response.status(201).entity(role).build();
}
/**
* Updates a specific role identified by <code>id</code>.
*
* @param info passed from Jersey
* @param role the role JSON payload
* @param id the String id for the role
* @return A response stating success or failure of role update, or internal error if one occurs
*/
@PUT
@Path("/{id}")
@Consumes("application/json")
@Produces("application/json")
public Response putRole(@Context UriInfo info, Role role, @PathParam("id") String id) {
LOG.info("put /roles/{}", id);
try {
role.setRoleid(id);
// name
// TODO: names should be unique
if ((role.getName() != null)
&& (role.getName().length() > IdmLightApplication.MAX_FIELD_LEN)) {
return new IDMError(400, "role name max length is :"
+ IdmLightApplication.MAX_FIELD_LEN, "").response();
}
// description
if ((role.getDescription() != null)
&& (role.getDescription().length() > IdmLightApplication.MAX_FIELD_LEN)) {
return new IDMError(400, "role description max length is :"
+ IdmLightApplication.MAX_FIELD_LEN, "").response();
}
role = AAAIDMLightModule.getStore().updateRole(role);
if (role == null) {
return new IDMError(404, "role id not found :" + id, "").response();
}
IdmLightProxy.clearClaimCache();
return Response.status(200).entity(role).build();
} catch (IDMStoreException se) {
return new IDMError(500, "internal error putting role", se.getMessage()).response();
}
}
/**
* Delete a role.
*
* @param info passed from Jersey
* @param id the String id for the role
* @return A response stating success or failure of user deletion, or internal error if one occurs
*/
@DELETE
@Path("/{id}")
public Response deleteRole(@Context UriInfo info, @PathParam("id") String id) {
LOG.info("Delete /roles/{}", id);
try {
Role role = AAAIDMLightModule.getStore().deleteRole(id);
if (role == null) {
return new IDMError(404, "role id not found :" + id, "").response();
}
} catch (IDMStoreException se) {
return new IDMError(500, "internal error deleting role", se.getMessage()).response();
}
IdmLightProxy.clearClaimCache();
return Response.status(204).build();
}
}
|
