홍길동 / onos

Go to a project
Toggle navigation Toggle navigation pinning
Heedo Kang
Committed by Gerrit Code Review
4a47a304 1 parent 661d4100

More APIs permission for new ONOS APIs 

Change-Id: I43fee65254adca451f77431bfbf5accdf95b81ab
Expand all
Inline Side-by-side
Showing 26 changed files with 171 additions and 19 deletions
......@@ -29,11 +29,16 @@ public class AppPermission extends BasicPermission {
public enum Type {
APP_READ,
APP_EVENT,
APP_WRITE,
CONFIG_READ,
CONFIG_WRITE,
CONFIG_EVENT,
CLUSTER_READ,
CLUSTER_WRITE,
CLUSTER_EVENT,
CODEC_READ,
CODEC_WRITE,
CLOCK_WRITE,
DEVICE_KEY_EVENT,
DEVICE_KEY_READ,
DEVICE_KEY_WRITE,
......@@ -41,6 +46,8 @@ public class AppPermission extends BasicPermission {
DEVICE_EVENT,
DRIVER_READ,
DRIVER_WRITE,
EVENT_READ,
EVENT_WRITE,
FLOWRULE_READ,
FLOWRULE_WRITE,
FLOWRULE_EVENT,
......@@ -56,16 +63,26 @@ public class AppPermission extends BasicPermission {
LINK_READ,
LINK_WRITE,
LINK_EVENT,
MUTEX_WRITE,
PACKET_READ,
PACKET_WRITE,
PACKET_EVENT,
PERSISTENCE_WRITE,
PARTITION_READ,
PARTITION_EVENT,
RESOURCE_READ,
RESOURCE_WRITE,
RESOURCE_EVENT,
REGION_READ,
STATISTIC_READ,
STORAGE_WRITE,
TOPOLOGY_READ,
TOPOLOGY_EVENT,
TUNNEL_READ,
TUNNEL_WRITE,
TUNNEL_EVENT,
STORAGE_WRITE
UI_READ,
UI_WRITE
}
protected Type type;
......
......@@ -69,6 +69,9 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
/**
* Implementation of the JSON codec brokering service.
*/
......@@ -134,22 +137,26 @@ public class CodecManager implements CodecService {
@Override
public Set<Class<?>> getCodecs() {
checkPermission(CODEC_READ);
return ImmutableSet.copyOf(codecs.keySet());
}
@Override
@SuppressWarnings("unchecked")
public <T> JsonCodec<T> getCodec(Class<T> entityClass) {
checkPermission(CODEC_READ);
return codecs.get(entityClass);
}
@Override
public <T> void registerCodec(Class<T> entityClass, JsonCodec<T> codec) {
checkPermission(CODEC_WRITE);
codecs.putIfAbsent(entityClass, codec);
}
@Override
public void unregisterCodec(Class<?> entityClass) {
checkPermission(CODEC_WRITE);
codecs.remove(entityClass);
}
......
......@@ -41,6 +41,8 @@ import org.slf4j.Logger;
import java.util.Set;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
import static org.slf4j.LoggerFactory.getLogger;
/**
......@@ -119,21 +121,25 @@ public class SimpleClusterStore
@Override
public boolean isMine(Key intentKey) {
checkPermission(INTENT_READ);
return true;
}
@Override
public NodeId getLeader(Key intentKey) {
checkPermission(INTENT_READ);
return instance.id();
}
@Override
public void addListener(IntentPartitionEventListener listener) {
checkPermission(INTENT_EVENT);
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(IntentPartitionEventListener listener) {
checkPermission(INTENT_EVENT);
listenerRegistry.removeListener(listener);
}
}
......
......@@ -15,17 +15,6 @@
*/
package org.onosproject.cluster.impl;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.slf4j.LoggerFactory.getLogger;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.URL;
import java.util.Collection;
import java.util.Enumeration;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
......@@ -47,6 +36,19 @@ import org.onosproject.net.provider.AbstractProviderService;
import org.onosproject.store.service.Versioned;
import org.slf4j.Logger;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.URL;
import java.util.Collection;
import java.util.Enumeration;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
import static org.slf4j.LoggerFactory.getLogger;
/**
* Implementation of ClusterMetadataService.
*/
......@@ -77,6 +79,7 @@ public class ClusterMetadataManager
@Override
public ClusterMetadata getClusterMetadata() {
checkPermission(CLUSTER_READ);
Versioned<ClusterMetadata> metadata = getProvider().getClusterMetadata();
return metadata.value();
}
......@@ -85,11 +88,13 @@ public class ClusterMetadataManager
@Override
protected ClusterMetadataProviderService createProviderService(
ClusterMetadataProvider provider) {
checkPermission(CLUSTER_READ);
return new InternalClusterMetadataProviderService(provider);
}
@Override
public ControllerNode getLocalNode() {
checkPermission(CLUSTER_READ);
if (localNode == null) {
establishSelfIdentity();
}
......@@ -188,4 +193,4 @@ public class ClusterMetadataManager
// TODO: notify listeners
}
}
}
\ No newline at end of file
}
......
......@@ -187,6 +187,7 @@ public class MastershipManager
@Override
public MastershipTerm getMastershipTerm(DeviceId deviceId) {
checkPermission(CLUSTER_READ);
return store.getTermFor(deviceId);
}
......
......@@ -50,8 +50,7 @@ import java.util.Set;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Strings.isNullOrEmpty;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.APP_READ;
import static org.onosproject.security.AppPermission.Type.*;
/**
......@@ -149,12 +148,14 @@ public class CoreManager implements CoreService {
@Override
public ApplicationId registerApplication(String name) {
checkPermission(APP_WRITE);
checkNotNull(name, "Application ID cannot be null");
return applicationIdStore.registerApplication(name);
}
@Override
public ApplicationId registerApplication(String name, Runnable preDeactivate) {
checkPermission(APP_WRITE);
ApplicationId id = registerApplication(name);
appService.registerDeactivateHook(id, preDeactivate);
return id;
......@@ -162,6 +163,7 @@ public class CoreManager implements CoreService {
@Override
public IdGenerator getIdGenerator(String topic) {
checkPermission(APP_READ);
IdBlockAllocator allocator = new StoreBasedIdBlockAllocator(topic, idBlockStore);
return new BlockAllocatorBasedIdGenerator(allocator);
}
......
......@@ -38,6 +38,8 @@ import static java.util.concurrent.Executors.newSingleThreadExecutor;
import static org.onlab.util.Tools.groupedThreads;
import static org.slf4j.LoggerFactory.getLogger;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
/**
* Simple implementation of an event dispatching service.
*/
......@@ -96,6 +98,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry
@Override
public void setDispatchTimeLimit(long millis) {
checkPermission(EVENT_WRITE);
checkArgument(millis >= WATCHDOG_MS,
"Time limit must be greater than %s", WATCHDOG_MS);
maxProcessMillis = millis;
......@@ -103,6 +106,7 @@ public class CoreEventDispatcher extends DefaultEventSinkRegistry
@Override
public long getDispatchTimeLimit() {
checkPermission(EVENT_READ);
return maxProcessMillis;
}
......
......@@ -42,6 +42,8 @@ import java.util.Objects;
import java.util.Set;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
/**
* Implementation of the network configuration subsystem.
......@@ -142,6 +144,7 @@ public class NetworkConfigManager
@Override
public Set<Class> getSubjectClasses() {
checkPermission(CONFIG_READ);
ImmutableSet.Builder<Class> builder = ImmutableSet.builder();
factories.forEach((k, v) -> builder.add(k.subjectClass));
return builder.build();
......@@ -149,16 +152,19 @@ public class NetworkConfigManager
@Override
public SubjectFactory getSubjectFactory(String subjectClassKey) {
checkPermission(CONFIG_READ);
return subjectClasses.get(subjectClassKey);
}
@Override
public SubjectFactory getSubjectFactory(Class subjectClass) {
checkPermission(CONFIG_READ);
return subjectClassKeys.get(subjectClass);
}
@Override
public Class<? extends Config> getConfigClass(String subjectClassKey, String configKey) {
checkPermission(CONFIG_READ);
checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
checkNotNull(configKey, NULL_CKEY_MSG);
return configClasses.get(new ConfigIdentifier(subjectClassKey, configKey));
......@@ -166,12 +172,14 @@ public class NetworkConfigManager
@Override
public <S> Set<S> getSubjects(Class<S> subjectClass) {
checkPermission(CONFIG_READ);
checkNotNull(subjectClass, NULL_SCLASS_MSG);
return store.getSubjects(subjectClass);
}
@Override
public <S, C extends Config<S>> Set<S> getSubjects(Class<S> subjectClass, Class<C> configClass) {
checkPermission(CONFIG_READ);
checkNotNull(subjectClass, NULL_SCLASS_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.getSubjects(subjectClass, configClass);
......@@ -179,6 +187,7 @@ public class NetworkConfigManager
@Override
public <S> Set<Config<S>> getConfigs(S subject) {
checkPermission(CONFIG_READ);
checkNotNull(subject, NULL_SUBJECT_MSG);
Set<Class<? extends Config<S>>> configClasses = store.getConfigClasses(subject);
ImmutableSet.Builder<Config<S>> cfg = ImmutableSet.builder();
......@@ -188,6 +197,7 @@ public class NetworkConfigManager
@Override
public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
checkPermission(CONFIG_READ);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.getConfig(subject, configClass);
......@@ -196,6 +206,7 @@ public class NetworkConfigManager
@Override
public <S, C extends Config<S>> C addConfig(S subject, Class<C> configClass) {
checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.createConfig(subject, configClass);
......@@ -203,6 +214,7 @@ public class NetworkConfigManager
@Override
public <S, C extends Config<S>> C applyConfig(S subject, Class<C> configClass, JsonNode json) {
checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
checkNotNull(json, NULL_JSON_MSG);
......@@ -213,6 +225,7 @@ public class NetworkConfigManager
@SuppressWarnings("unchecked")
public <S, C extends Config<S>> C applyConfig(String subjectClassKey, S subject,
String configKey, JsonNode json) {
checkPermission(CONFIG_WRITE);
checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configKey, NULL_CKEY_MSG);
......@@ -229,6 +242,7 @@ public class NetworkConfigManager
@Override
public <S, C extends Config<S>> void removeConfig(S subject, Class<C> configClass) {
checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
store.clearConfig(subject, configClass);
......
......@@ -56,6 +56,8 @@ import static org.onosproject.net.device.DeviceEvent.Type.*;
import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_ADDED;
import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_REMOVED;
import static org.slf4j.LoggerFactory.getLogger;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
/**
* This is an implementation of the edge net service.
......@@ -107,11 +109,13 @@ public class EdgeManager
@Override
public boolean isEdgePoint(ConnectPoint point) {
checkPermission(TOPOLOGY_READ);
return !topologyService.isInfrastructure(topologyService.currentTopology(), point);
}
@Override
public Iterable<ConnectPoint> getEdgePoints() {
checkPermission(TOPOLOGY_READ);
ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
connectionPoints.forEach((k, v) -> v.forEach(builder::add));
return builder.build();
......@@ -119,6 +123,7 @@ public class EdgeManager
@Override
public Iterable<ConnectPoint> getEdgePoints(DeviceId deviceId) {
checkPermission(TOPOLOGY_READ);
ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
Set<ConnectPoint> set = connectionPoints.get(deviceId);
if (set != null) {
......@@ -129,6 +134,7 @@ public class EdgeManager
@Override
public void emitPacket(ByteBuffer data, Optional<TrafficTreatment> treatment) {
checkPermission(PACKET_WRITE);
TrafficTreatment.Builder builder = treatment.map(DefaultTrafficTreatment::builder)
.orElse(DefaultTrafficTreatment.builder());
getEdgePoints().forEach(p -> packetService.emit(packet(builder, p, data)));
......
......@@ -272,6 +272,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
@Override
public void initPolicy(String policy) {
checkPermission(FLOWRULE_WRITE);
this.policy = policy;
deviceService.getDevices().forEach(device ->
this.deviceCompositionTreeMap.put(device.id(), FlowObjectiveCompositionUtil.parsePolicyString(policy)));
......
......@@ -282,16 +282,19 @@ public class IntentManager
@Override
public <T extends Intent> void registerCompiler(Class<T> cls, IntentCompiler<T> compiler) {
checkPermission(INTENT_WRITE);
compilerRegistry.registerCompiler(cls, compiler);
}
@Override
public <T extends Intent> void unregisterCompiler(Class<T> cls) {
checkPermission(INTENT_WRITE);
compilerRegistry.unregisterCompiler(cls);
}
@Override
public Map<Class<? extends Intent>, IntentCompiler<? extends Intent>> getCompilers() {
checkPermission(INTENT_READ);
return compilerRegistry.getCompilers();
}
......
......@@ -38,7 +38,6 @@ import java.util.Collection;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ;
import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_WRITE;
import static org.slf4j.LoggerFactory.getLogger;
/**
......@@ -72,14 +71,12 @@ public class DeviceKeyManager extends AbstractListenerManager<DeviceKeyEvent, De
@Override
public void addKey(DeviceKey deviceKey) {
checkPermission(DEVICE_KEY_WRITE);
checkNotNull(deviceKey, "Device key cannot be null");
store.createOrUpdateDeviceKey(deviceKey);
}
@Override
public void removeKey(DeviceKeyId deviceKeyId) {
checkPermission(DEVICE_KEY_WRITE);
checkNotNull(deviceKeyId, "Device key identifier cannot be null");
store.deleteDeviceKey(deviceKeyId);
}
......
......@@ -45,6 +45,9 @@ import java.util.Set;
import java.util.stream.Collectors;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.RESOURCE_WRITE;
import static org.onosproject.security.AppPermission.Type.RESOURCE_READ;
import static org.slf4j.LoggerFactory.getLogger;
/**
......@@ -82,6 +85,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public List<ResourceAllocation> allocate(ResourceConsumer consumer,
List<Resource> resources) {
checkPermission(RESOURCE_WRITE);
checkNotNull(consumer);
checkNotNull(resources);
......@@ -97,6 +101,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public boolean release(List<ResourceAllocation> allocations) {
checkPermission(RESOURCE_WRITE);
checkNotNull(allocations);
return store.release(allocations);
......@@ -112,6 +117,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public List<ResourceAllocation> getResourceAllocations(ResourceId id) {
checkPermission(RESOURCE_READ);
checkNotNull(id);
return store.getResourceAllocations(id);
......@@ -119,6 +125,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public <T> Collection<ResourceAllocation> getResourceAllocations(DiscreteResourceId parent, Class<T> cls) {
checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
......@@ -131,6 +138,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public Collection<ResourceAllocation> getResourceAllocations(ResourceConsumer consumer) {
checkPermission(RESOURCE_READ);
checkNotNull(consumer);
Collection<Resource> resources = store.getResources(consumer);
......@@ -141,6 +149,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public Set<Resource> getAvailableResources(DiscreteResourceId parent) {
checkPermission(RESOURCE_READ);
checkNotNull(parent);
Set<Resource> children = store.getChildResources(parent);
......@@ -152,6 +161,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public <T> Set<Resource> getAvailableResources(DiscreteResourceId parent, Class<T> cls) {
checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
......@@ -163,6 +173,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public <T> Set<T> getAvailableResourceValues(DiscreteResourceId parent, Class<T> cls) {
checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
......@@ -174,6 +185,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public Set<Resource> getRegisteredResources(DiscreteResourceId parent) {
checkPermission(RESOURCE_READ);
checkNotNull(parent);
return store.getChildResources(parent);
......@@ -181,6 +193,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
@Override
public boolean isAvailable(Resource resource) {
checkPermission(RESOURCE_READ);
checkNotNull(resource);
return store.isAvailable(resource);
......
......@@ -175,6 +175,7 @@ public class PacketManager
@Override
public List<PacketProcessorEntry> getProcessors() {
checkPermission(PACKET_READ);
return ImmutableList.copyOf(processors);
}
......@@ -233,6 +234,7 @@ public class PacketManager
@Override
public List<PacketRequest> getRequests() {
checkPermission(PACKET_READ);
return store.existingRequests();
}
......
......@@ -43,6 +43,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.collect.ImmutableList.of;
import static org.slf4j.LoggerFactory.getLogger;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.REGION_READ;
/**
* Provides implementation of the region service APIs.
......@@ -122,23 +124,27 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
@Override
public Set<Region> getRegions() {
checkPermission(REGION_READ);
return store.getRegions();
}
@Override
public Region getRegion(RegionId regionId) {
checkPermission(REGION_READ);
checkNotNull(regionId, REGION_ID_NULL);
return store.getRegion(regionId);
}
@Override
public Region getRegionForDevice(DeviceId deviceId) {
checkPermission(REGION_READ);
checkNotNull(deviceId, DEVICE_ID_NULL);
return store.getRegionForDevice(deviceId);
}
@Override
public Set<DeviceId> getRegionDevices(RegionId regionId) {
checkPermission(REGION_READ);
checkNotNull(regionId, REGION_ID_NULL);
return store.getRegionDevices(regionId);
}
......
......@@ -134,11 +134,13 @@ public class PathManager implements PathService {
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst) {
checkPermission(TOPOLOGY_READ);
return getDisjointPaths(src, dst, (LinkWeight) null);
}
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight) {
checkPermission(TOPOLOGY_READ);
checkNotNull(src, ELEMENT_ID_NULL);
checkNotNull(dst, ELEMENT_ID_NULL);
......@@ -173,12 +175,14 @@ public class PathManager implements PathService {
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst,
Map<Link, Object> riskProfile) {
checkPermission(TOPOLOGY_READ);
return getDisjointPaths(src, dst, null, riskProfile);
}
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight,
Map<Link, Object> riskProfile) {
checkPermission(TOPOLOGY_READ);
checkNotNull(src, ELEMENT_ID_NULL);
checkNotNull(dst, ELEMENT_ID_NULL);
......
......@@ -166,6 +166,7 @@ public class TopologyManager
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst) {
checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
......@@ -175,6 +176,7 @@ public class TopologyManager
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
DeviceId dst, LinkWeight weight) {
checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
......@@ -185,6 +187,7 @@ public class TopologyManager
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst,
Map<Link, Object> riskProfile) {
checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
......@@ -195,6 +198,7 @@ public class TopologyManager
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
DeviceId dst, LinkWeight weight,
Map<Link, Object> riskProfile) {
checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
......
......@@ -50,6 +50,8 @@ import java.util.stream.Collectors;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
@Component(immediate = true)
@Service
......@@ -94,6 +96,7 @@ public class ClusterCommunicationManager
public <M> void broadcast(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
......@@ -108,6 +111,7 @@ public class ClusterCommunicationManager
public <M> void broadcastIncludeSelf(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
......@@ -122,6 +126,7 @@ public class ClusterCommunicationManager
MessageSubject subject,
Function<M, byte[]> encoder,
NodeId toNodeId) {
checkPermission(CLUSTER_WRITE);
try {
byte[] payload = new ClusterMessage(
localNodeId,
......@@ -139,6 +144,7 @@ public class ClusterCommunicationManager
MessageSubject subject,
Function<M, byte[]> encoder,
Set<NodeId> nodes) {
checkPermission(CLUSTER_WRITE);
byte[] payload = new ClusterMessage(
localNodeId,
subject,
......@@ -153,6 +159,7 @@ public class ClusterCommunicationManager
Function<M, byte[]> encoder,
Function<byte[], R> decoder,
NodeId toNodeId) {
checkPermission(CLUSTER_WRITE);
try {
ClusterMessage envelope = new ClusterMessage(
clusterService.getLocalNode().id(),
......@@ -193,6 +200,7 @@ public class ClusterCommunicationManager
public void addSubscriber(MessageSubject subject,
ClusterMessageHandler subscriber,
ExecutorService executor) {
checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalClusterMessageHandler(subscriber),
executor);
......@@ -200,6 +208,7 @@ public class ClusterCommunicationManager
@Override
public void removeSubscriber(MessageSubject subject) {
checkPermission(CLUSTER_WRITE);
messagingService.unregisterHandler(subject.value());
}
......@@ -209,6 +218,7 @@ public class ClusterCommunicationManager
Function<M, R> handler,
Function<R, byte[]> encoder,
Executor executor) {
checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<M, R>(decoder, encoder, m -> {
CompletableFuture<R> responseFuture = new CompletableFuture<>();
......@@ -228,6 +238,7 @@ public class ClusterCommunicationManager
Function<byte[], M> decoder,
Function<M, CompletableFuture<R>> handler,
Function<R, byte[]> encoder) {
checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<>(decoder, encoder, handler));
}
......@@ -237,6 +248,7 @@ public class ClusterCommunicationManager
Function<byte[], M> decoder,
Consumer<M> handler,
Executor executor) {
checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageConsumer<>(decoder, handler),
executor);
......
......@@ -82,6 +82,9 @@ import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
/**
* Netty based MessagingService.
*/
......@@ -213,6 +216,7 @@ public class NettyMessagingManager implements MessagingService {
@Override
public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) {
checkPermission(CLUSTER_WRITE);
InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(),
localEp,
type,
......@@ -221,6 +225,7 @@ public class NettyMessagingManager implements MessagingService {
}
protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) {
checkPermission(CLUSTER_WRITE);
if (ep.equals(localEp)) {
try {
dispatchLocally(message);
......@@ -247,11 +252,13 @@ public class NettyMessagingManager implements MessagingService {
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) {
checkPermission(CLUSTER_WRITE);
return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor());
}
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) {
checkPermission(CLUSTER_WRITE);
CompletableFuture<byte[]> response = new CompletableFuture<>();
Callback callback = new Callback(response, executor);
Long messageId = messageIdGenerator.incrementAndGet();
......@@ -266,11 +273,13 @@ public class NettyMessagingManager implements MessagingService {
@Override
public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) {
checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload())));
}
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) {
checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> {
byte[] responsePayload = null;
Status status = Status.OK;
......@@ -285,6 +294,7 @@ public class NettyMessagingManager implements MessagingService {
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) {
checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> {
handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> {
Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION;
......@@ -295,6 +305,7 @@ public class NettyMessagingManager implements MessagingService {
@Override
public void unregisterHandler(String type) {
checkPermission(CLUSTER_WRITE);
handlers.remove(type);
}
......
......@@ -30,6 +30,9 @@ import org.onosproject.store.service.LogicalClockService;
import org.onosproject.store.service.StorageService;
import org.slf4j.Logger;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.CLOCK_WRITE;
/**
* LogicalClockService implementation based on a AtomicCounter.
*/
......@@ -62,6 +65,7 @@ public class LogicalClockManager implements LogicalClockService {
@Override
public Timestamp getTimestamp() {
checkPermission(CLOCK_WRITE);
return new LogicalTimestamp(atomicCounter.incrementAndGet());
}
}
\ No newline at end of file
......
......@@ -36,6 +36,8 @@ import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.PERSISTENCE_WRITE;
import static org.slf4j.LoggerFactory.getLogger;
/**
......@@ -122,10 +124,12 @@ public class PersistenceManager implements PersistenceService {
}
public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() {
checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentMapBuilder<>(localDB);
}
public <E> PersistentSetBuilder<E> persistentSetBuilder() {
checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentSetBuilder<>(localDB);
}
......
......@@ -50,7 +50,8 @@ import org.slf4j.Logger;
import com.google.common.base.MoreObjects;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.MUTEX_WRITE;
/**
* Implementation of a MutexExecutionService.
*/
......@@ -103,6 +104,7 @@ public class MutexExecutionManager implements MutexExecutionService {
@Override
public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) {
checkPermission(MUTEX_WRITE);
return lock(exclusionPath)
.thenApply(state -> activeTasks.computeIfAbsent(exclusionPath,
k -> new InnerMutexTask(exclusionPath,
......
......@@ -55,6 +55,9 @@ import org.slf4j.Logger;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.PARTITION_READ;
/**
* Implementation of {@code PartitionService} and {@code PartitionAdminService}.
*/
......@@ -116,27 +119,32 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa
@Override
public int getNumberOfPartitions() {
checkPermission(PARTITION_READ);
return partitions.size();
}
@Override
public Set<PartitionId> getAllPartitionIds() {
checkPermission(PARTITION_READ);
return partitions.keySet();
}
@Override
public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) {
checkPermission(PARTITION_READ);
return partitions.get(partitionId).client();
}
@Override
public Set<NodeId> getConfiguredMembers(PartitionId partitionId) {
checkPermission(PARTITION_READ);
StoragePartition partition = partitions.get(partitionId);
return ImmutableSet.copyOf(partition.getMembers());
}
@Override
public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) {
checkPermission(PARTITION_READ);
// TODO: This needs to query metadata to determine currently active
// members of partition
return getConfiguredMembers(partitionId);
......
......@@ -61,6 +61,9 @@ import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import com.google.common.util.concurrent.Futures;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.*;
/**
* Implementation for {@code StorageService} and {@code StorageAdminService}.
*/
......@@ -117,6 +120,7 @@ public class StorageManager implements StorageService, StorageAdminService {
@Override
public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() {
checkPermission(STORAGE_WRITE);
return new EventuallyConsistentMapBuilderImpl<>(clusterService,
clusterCommunicator,
persistenceService);
......@@ -124,27 +128,32 @@ public class StorageManager implements StorageService, StorageAdminService {
@Override
public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() {
checkPermission(STORAGE_WRITE);
return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator);
}
@Override
public <E> DistributedSetBuilder<E> setBuilder() {
checkPermission(STORAGE_WRITE);
return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder());
}
@Override
public <E> DistributedQueueBuilder<E> queueBuilder() {
checkPermission(STORAGE_WRITE);
// TODO: implement
throw new UnsupportedOperationException();
}
@Override
public AtomicCounterBuilder atomicCounterBuilder() {
checkPermission(STORAGE_WRITE);
return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator);
}
@Override
public <V> AtomicValueBuilder<V> atomicValueBuilder() {
checkPermission(STORAGE_WRITE);
Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier =
() -> this.<String, byte[]>consistentMapBuilder()
.withName("onos-atomic-values")
......@@ -154,6 +163,7 @@ public class StorageManager implements StorageService, StorageAdminService {
@Override
public TransactionContextBuilder transactionContextBuilder() {
checkPermission(STORAGE_WRITE);
return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(),
federatedPrimitiveCreator,
transactionCoordinator);
......@@ -161,6 +171,7 @@ public class StorageManager implements StorageService, StorageAdminService {
@Override
public LeaderElectorBuilder leaderElectorBuilder() {
checkPermission(STORAGE_WRITE);
return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator);
}
......
......@@ -45,6 +45,10 @@ import static java.util.stream.Collectors.toSet;
import static org.onosproject.ui.UiView.Category.NETWORK;
import static org.onosproject.ui.UiView.Category.PLATFORM;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.UI_READ;
import static org.onosproject.security.AppPermission.Type.UI_WRITE;
/**
* Manages the user interface extensions.
*/
......@@ -136,6 +140,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
@Override
public synchronized void register(UiExtension extension) {
checkPermission(UI_WRITE);
if (!extensions.contains(extension)) {
extensions.add(extension);
for (UiView view : extension.views()) {
......@@ -146,6 +151,7 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
@Override
public synchronized void unregister(UiExtension extension) {
checkPermission(UI_WRITE);
extensions.remove(extension);
extension.views().stream()
.map(UiView::id).collect(toSet()).forEach(views::remove);
......@@ -153,11 +159,13 @@ public class UiExtensionManager implements UiExtensionService, SpriteService {
@Override
public synchronized List<UiExtension> getExtensions() {
checkPermission(UI_READ);
return ImmutableList.copyOf(extensions);
}
@Override
public synchronized UiExtension getViewExtension(String viewId) {
checkPermission(UI_READ);
return views.get(viewId);
}
......