More APIs permission for new ONOS APIs
Change-Id: I43fee65254adca451f77431bfbf5accdf95b81ab
diff --git a/core/api/src/main/java/org/onosproject/security/AppPermission.java b/core/api/src/main/java/org/onosproject/security/AppPermission.java
index 2eafb7c..4e4a3b0 100644
--- a/core/api/src/main/java/org/onosproject/security/AppPermission.java
+++ b/core/api/src/main/java/org/onosproject/security/AppPermission.java
@@ -29,11 +29,16 @@
public enum Type {
APP_READ,
APP_EVENT,
+ APP_WRITE,
CONFIG_READ,
CONFIG_WRITE,
+ CONFIG_EVENT,
CLUSTER_READ,
CLUSTER_WRITE,
CLUSTER_EVENT,
+ CODEC_READ,
+ CODEC_WRITE,
+ CLOCK_WRITE,
DEVICE_KEY_EVENT,
DEVICE_KEY_READ,
DEVICE_KEY_WRITE,
@@ -41,6 +46,8 @@
DEVICE_EVENT,
DRIVER_READ,
DRIVER_WRITE,
+ EVENT_READ,
+ EVENT_WRITE,
FLOWRULE_READ,
FLOWRULE_WRITE,
FLOWRULE_EVENT,
@@ -56,16 +63,26 @@
LINK_READ,
LINK_WRITE,
LINK_EVENT,
+ MUTEX_WRITE,
PACKET_READ,
PACKET_WRITE,
PACKET_EVENT,
+ PERSISTENCE_WRITE,
+ PARTITION_READ,
+ PARTITION_EVENT,
+ RESOURCE_READ,
+ RESOURCE_WRITE,
+ RESOURCE_EVENT,
+ REGION_READ,
STATISTIC_READ,
+ STORAGE_WRITE,
TOPOLOGY_READ,
TOPOLOGY_EVENT,
TUNNEL_READ,
TUNNEL_WRITE,
TUNNEL_EVENT,
- STORAGE_WRITE
+ UI_READ,
+ UI_WRITE
}
protected Type type;
diff --git a/core/common/src/main/java/org/onosproject/codec/impl/CodecManager.java b/core/common/src/main/java/org/onosproject/codec/impl/CodecManager.java
index 5bea2d3..2223970 100644
--- a/core/common/src/main/java/org/onosproject/codec/impl/CodecManager.java
+++ b/core/common/src/main/java/org/onosproject/codec/impl/CodecManager.java
@@ -69,6 +69,9 @@
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
+
/**
* Implementation of the JSON codec brokering service.
*/
@@ -134,22 +137,26 @@
@Override
public Set<Class<?>> getCodecs() {
+ checkPermission(CODEC_READ);
return ImmutableSet.copyOf(codecs.keySet());
}
@Override
@SuppressWarnings("unchecked")
public <T> JsonCodec<T> getCodec(Class<T> entityClass) {
+ checkPermission(CODEC_READ);
return codecs.get(entityClass);
}
@Override
public <T> void registerCodec(Class<T> entityClass, JsonCodec<T> codec) {
+ checkPermission(CODEC_WRITE);
codecs.putIfAbsent(entityClass, codec);
}
@Override
public void unregisterCodec(Class<?> entityClass) {
+ checkPermission(CODEC_WRITE);
codecs.remove(entityClass);
}
diff --git a/core/common/src/test/java/org/onosproject/store/trivial/SimpleClusterStore.java b/core/common/src/test/java/org/onosproject/store/trivial/SimpleClusterStore.java
index 256abb7..1a2799e 100644
--- a/core/common/src/test/java/org/onosproject/store/trivial/SimpleClusterStore.java
+++ b/core/common/src/test/java/org/onosproject/store/trivial/SimpleClusterStore.java
@@ -41,6 +41,8 @@
import java.util.Set;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -119,21 +121,25 @@
@Override
public boolean isMine(Key intentKey) {
+ checkPermission(INTENT_READ);
return true;
}
@Override
public NodeId getLeader(Key intentKey) {
+ checkPermission(INTENT_READ);
return instance.id();
}
@Override
public void addListener(IntentPartitionEventListener listener) {
+ checkPermission(INTENT_EVENT);
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(IntentPartitionEventListener listener) {
+ checkPermission(INTENT_EVENT);
listenerRegistry.removeListener(listener);
}
}
diff --git a/core/net/src/main/java/org/onosproject/cluster/impl/ClusterMetadataManager.java b/core/net/src/main/java/org/onosproject/cluster/impl/ClusterMetadataManager.java
index f655fcc..2ec9ff3 100644
--- a/core/net/src/main/java/org/onosproject/cluster/impl/ClusterMetadataManager.java
+++ b/core/net/src/main/java/org/onosproject/cluster/impl/ClusterMetadataManager.java
@@ -15,17 +15,6 @@
*/
package org.onosproject.cluster.impl;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static org.slf4j.LoggerFactory.getLogger;
-
-import java.net.InetAddress;
-import java.net.MalformedURLException;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.net.URL;
-import java.util.Collection;
-import java.util.Enumeration;
-
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
@@ -47,6 +36,19 @@
import org.onosproject.store.service.Versioned;
import org.slf4j.Logger;
+import java.net.InetAddress;
+import java.net.MalformedURLException;
+import java.net.NetworkInterface;
+import java.net.SocketException;
+import java.net.URL;
+import java.util.Collection;
+import java.util.Enumeration;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
+import static org.slf4j.LoggerFactory.getLogger;
+
/**
* Implementation of ClusterMetadataService.
*/
@@ -77,6 +79,7 @@
@Override
public ClusterMetadata getClusterMetadata() {
+ checkPermission(CLUSTER_READ);
Versioned<ClusterMetadata> metadata = getProvider().getClusterMetadata();
return metadata.value();
}
@@ -85,11 +88,13 @@
@Override
protected ClusterMetadataProviderService createProviderService(
ClusterMetadataProvider provider) {
+ checkPermission(CLUSTER_READ);
return new InternalClusterMetadataProviderService(provider);
}
@Override
public ControllerNode getLocalNode() {
+ checkPermission(CLUSTER_READ);
if (localNode == null) {
establishSelfIdentity();
}
@@ -188,4 +193,4 @@
// TODO: notify listeners
}
}
-}
\ No newline at end of file
+}
diff --git a/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java b/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
index 56d369f..50a3350 100644
--- a/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
+++ b/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
@@ -187,6 +187,7 @@
@Override
public MastershipTerm getMastershipTerm(DeviceId deviceId) {
+ checkPermission(CLUSTER_READ);
return store.getTermFor(deviceId);
}
diff --git a/core/net/src/main/java/org/onosproject/core/impl/CoreManager.java b/core/net/src/main/java/org/onosproject/core/impl/CoreManager.java
index eae8cf6..6b4f76e 100644
--- a/core/net/src/main/java/org/onosproject/core/impl/CoreManager.java
+++ b/core/net/src/main/java/org/onosproject/core/impl/CoreManager.java
@@ -50,8 +50,7 @@
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Strings.isNullOrEmpty;
import static org.onosproject.security.AppGuard.checkPermission;
-import static org.onosproject.security.AppPermission.Type.APP_READ;
-
+import static org.onosproject.security.AppPermission.Type.*;
/**
@@ -149,12 +148,14 @@
@Override
public ApplicationId registerApplication(String name) {
+ checkPermission(APP_WRITE);
checkNotNull(name, "Application ID cannot be null");
return applicationIdStore.registerApplication(name);
}
@Override
public ApplicationId registerApplication(String name, Runnable preDeactivate) {
+ checkPermission(APP_WRITE);
ApplicationId id = registerApplication(name);
appService.registerDeactivateHook(id, preDeactivate);
return id;
@@ -162,6 +163,7 @@
@Override
public IdGenerator getIdGenerator(String topic) {
+ checkPermission(APP_READ);
IdBlockAllocator allocator = new StoreBasedIdBlockAllocator(topic, idBlockStore);
return new BlockAllocatorBasedIdGenerator(allocator);
}
diff --git a/core/net/src/main/java/org/onosproject/event/impl/CoreEventDispatcher.java b/core/net/src/main/java/org/onosproject/event/impl/CoreEventDispatcher.java
index e63ecdf..3d9df6b 100644
--- a/core/net/src/main/java/org/onosproject/event/impl/CoreEventDispatcher.java
+++ b/core/net/src/main/java/org/onosproject/event/impl/CoreEventDispatcher.java
@@ -38,6 +38,8 @@
import static org.onlab.util.Tools.groupedThreads;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
/**
* Simple implementation of an event dispatching service.
*/
@@ -96,6 +98,7 @@
@Override
public void setDispatchTimeLimit(long millis) {
+ checkPermission(EVENT_WRITE);
checkArgument(millis >= WATCHDOG_MS,
"Time limit must be greater than %s", WATCHDOG_MS);
maxProcessMillis = millis;
@@ -103,6 +106,7 @@
@Override
public long getDispatchTimeLimit() {
+ checkPermission(EVENT_READ);
return maxProcessMillis;
}
diff --git a/core/net/src/main/java/org/onosproject/net/config/impl/NetworkConfigManager.java b/core/net/src/main/java/org/onosproject/net/config/impl/NetworkConfigManager.java
index 9f041e6..2353c1e 100644
--- a/core/net/src/main/java/org/onosproject/net/config/impl/NetworkConfigManager.java
+++ b/core/net/src/main/java/org/onosproject/net/config/impl/NetworkConfigManager.java
@@ -42,6 +42,8 @@
import java.util.Set;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
/**
* Implementation of the network configuration subsystem.
@@ -142,6 +144,7 @@
@Override
public Set<Class> getSubjectClasses() {
+ checkPermission(CONFIG_READ);
ImmutableSet.Builder<Class> builder = ImmutableSet.builder();
factories.forEach((k, v) -> builder.add(k.subjectClass));
return builder.build();
@@ -149,16 +152,19 @@
@Override
public SubjectFactory getSubjectFactory(String subjectClassKey) {
+ checkPermission(CONFIG_READ);
return subjectClasses.get(subjectClassKey);
}
@Override
public SubjectFactory getSubjectFactory(Class subjectClass) {
+ checkPermission(CONFIG_READ);
return subjectClassKeys.get(subjectClass);
}
@Override
public Class<? extends Config> getConfigClass(String subjectClassKey, String configKey) {
+ checkPermission(CONFIG_READ);
checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
checkNotNull(configKey, NULL_CKEY_MSG);
return configClasses.get(new ConfigIdentifier(subjectClassKey, configKey));
@@ -166,12 +172,14 @@
@Override
public <S> Set<S> getSubjects(Class<S> subjectClass) {
+ checkPermission(CONFIG_READ);
checkNotNull(subjectClass, NULL_SCLASS_MSG);
return store.getSubjects(subjectClass);
}
@Override
public <S, C extends Config<S>> Set<S> getSubjects(Class<S> subjectClass, Class<C> configClass) {
+ checkPermission(CONFIG_READ);
checkNotNull(subjectClass, NULL_SCLASS_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.getSubjects(subjectClass, configClass);
@@ -179,6 +187,7 @@
@Override
public <S> Set<Config<S>> getConfigs(S subject) {
+ checkPermission(CONFIG_READ);
checkNotNull(subject, NULL_SUBJECT_MSG);
Set<Class<? extends Config<S>>> configClasses = store.getConfigClasses(subject);
ImmutableSet.Builder<Config<S>> cfg = ImmutableSet.builder();
@@ -188,6 +197,7 @@
@Override
public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
+ checkPermission(CONFIG_READ);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.getConfig(subject, configClass);
@@ -196,6 +206,7 @@
@Override
public <S, C extends Config<S>> C addConfig(S subject, Class<C> configClass) {
+ checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
return store.createConfig(subject, configClass);
@@ -203,6 +214,7 @@
@Override
public <S, C extends Config<S>> C applyConfig(S subject, Class<C> configClass, JsonNode json) {
+ checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
checkNotNull(json, NULL_JSON_MSG);
@@ -213,6 +225,7 @@
@SuppressWarnings("unchecked")
public <S, C extends Config<S>> C applyConfig(String subjectClassKey, S subject,
String configKey, JsonNode json) {
+ checkPermission(CONFIG_WRITE);
checkNotNull(subjectClassKey, NULL_SCKEY_MSG);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configKey, NULL_CKEY_MSG);
@@ -229,6 +242,7 @@
@Override
public <S, C extends Config<S>> void removeConfig(S subject, Class<C> configClass) {
+ checkPermission(CONFIG_WRITE);
checkNotNull(subject, NULL_SUBJECT_MSG);
checkNotNull(configClass, NULL_CCLASS_MSG);
store.clearConfig(subject, configClass);
diff --git a/core/net/src/main/java/org/onosproject/net/edgeservice/impl/EdgeManager.java b/core/net/src/main/java/org/onosproject/net/edgeservice/impl/EdgeManager.java
index 7340fc5..314d10f 100644
--- a/core/net/src/main/java/org/onosproject/net/edgeservice/impl/EdgeManager.java
+++ b/core/net/src/main/java/org/onosproject/net/edgeservice/impl/EdgeManager.java
@@ -56,6 +56,8 @@
import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_ADDED;
import static org.onosproject.net.edge.EdgePortEvent.Type.EDGE_PORT_REMOVED;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
/**
* This is an implementation of the edge net service.
@@ -107,11 +109,13 @@
@Override
public boolean isEdgePoint(ConnectPoint point) {
+ checkPermission(TOPOLOGY_READ);
return !topologyService.isInfrastructure(topologyService.currentTopology(), point);
}
@Override
public Iterable<ConnectPoint> getEdgePoints() {
+ checkPermission(TOPOLOGY_READ);
ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
connectionPoints.forEach((k, v) -> v.forEach(builder::add));
return builder.build();
@@ -119,6 +123,7 @@
@Override
public Iterable<ConnectPoint> getEdgePoints(DeviceId deviceId) {
+ checkPermission(TOPOLOGY_READ);
ImmutableSet.Builder<ConnectPoint> builder = ImmutableSet.builder();
Set<ConnectPoint> set = connectionPoints.get(deviceId);
if (set != null) {
@@ -129,6 +134,7 @@
@Override
public void emitPacket(ByteBuffer data, Optional<TrafficTreatment> treatment) {
+ checkPermission(PACKET_WRITE);
TrafficTreatment.Builder builder = treatment.map(DefaultTrafficTreatment::builder)
.orElse(DefaultTrafficTreatment.builder());
getEdgePoints().forEach(p -> packetService.emit(packet(builder, p, data)));
diff --git a/core/net/src/main/java/org/onosproject/net/flowobjective/impl/composition/FlowObjectiveCompositionManager.java b/core/net/src/main/java/org/onosproject/net/flowobjective/impl/composition/FlowObjectiveCompositionManager.java
index a64b976..2041b5b 100644
--- a/core/net/src/main/java/org/onosproject/net/flowobjective/impl/composition/FlowObjectiveCompositionManager.java
+++ b/core/net/src/main/java/org/onosproject/net/flowobjective/impl/composition/FlowObjectiveCompositionManager.java
@@ -272,6 +272,7 @@
@Override
public void initPolicy(String policy) {
+ checkPermission(FLOWRULE_WRITE);
this.policy = policy;
deviceService.getDevices().forEach(device ->
this.deviceCompositionTreeMap.put(device.id(), FlowObjectiveCompositionUtil.parsePolicyString(policy)));
diff --git a/core/net/src/main/java/org/onosproject/net/intent/impl/IntentManager.java b/core/net/src/main/java/org/onosproject/net/intent/impl/IntentManager.java
index 60b279f..61fc0df 100644
--- a/core/net/src/main/java/org/onosproject/net/intent/impl/IntentManager.java
+++ b/core/net/src/main/java/org/onosproject/net/intent/impl/IntentManager.java
@@ -282,16 +282,19 @@
@Override
public <T extends Intent> void registerCompiler(Class<T> cls, IntentCompiler<T> compiler) {
+ checkPermission(INTENT_WRITE);
compilerRegistry.registerCompiler(cls, compiler);
}
@Override
public <T extends Intent> void unregisterCompiler(Class<T> cls) {
+ checkPermission(INTENT_WRITE);
compilerRegistry.unregisterCompiler(cls);
}
@Override
public Map<Class<? extends Intent>, IntentCompiler<? extends Intent>> getCompilers() {
+ checkPermission(INTENT_READ);
return compilerRegistry.getCompilers();
}
diff --git a/core/net/src/main/java/org/onosproject/net/key/impl/DeviceKeyManager.java b/core/net/src/main/java/org/onosproject/net/key/impl/DeviceKeyManager.java
index 3bff95f..8d0841a 100644
--- a/core/net/src/main/java/org/onosproject/net/key/impl/DeviceKeyManager.java
+++ b/core/net/src/main/java/org/onosproject/net/key/impl/DeviceKeyManager.java
@@ -38,7 +38,6 @@
import static com.google.common.base.Preconditions.checkNotNull;
import static org.onosproject.security.AppGuard.checkPermission;
import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ;
-import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_WRITE;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -72,14 +71,12 @@
@Override
public void addKey(DeviceKey deviceKey) {
- checkPermission(DEVICE_KEY_WRITE);
checkNotNull(deviceKey, "Device key cannot be null");
store.createOrUpdateDeviceKey(deviceKey);
}
@Override
public void removeKey(DeviceKeyId deviceKeyId) {
- checkPermission(DEVICE_KEY_WRITE);
checkNotNull(deviceKeyId, "Device key identifier cannot be null");
store.deleteDeviceKey(deviceKeyId);
}
diff --git a/core/net/src/main/java/org/onosproject/net/newresource/impl/ResourceManager.java b/core/net/src/main/java/org/onosproject/net/newresource/impl/ResourceManager.java
index 88c3ab6..5b29401 100644
--- a/core/net/src/main/java/org/onosproject/net/newresource/impl/ResourceManager.java
+++ b/core/net/src/main/java/org/onosproject/net/newresource/impl/ResourceManager.java
@@ -45,6 +45,9 @@
import java.util.stream.Collectors;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.RESOURCE_WRITE;
+import static org.onosproject.security.AppPermission.Type.RESOURCE_READ;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -82,6 +85,7 @@
@Override
public List<ResourceAllocation> allocate(ResourceConsumer consumer,
List<Resource> resources) {
+ checkPermission(RESOURCE_WRITE);
checkNotNull(consumer);
checkNotNull(resources);
@@ -97,6 +101,7 @@
@Override
public boolean release(List<ResourceAllocation> allocations) {
+ checkPermission(RESOURCE_WRITE);
checkNotNull(allocations);
return store.release(allocations);
@@ -112,6 +117,7 @@
@Override
public List<ResourceAllocation> getResourceAllocations(ResourceId id) {
+ checkPermission(RESOURCE_READ);
checkNotNull(id);
return store.getResourceAllocations(id);
@@ -119,6 +125,7 @@
@Override
public <T> Collection<ResourceAllocation> getResourceAllocations(DiscreteResourceId parent, Class<T> cls) {
+ checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
@@ -131,6 +138,7 @@
@Override
public Collection<ResourceAllocation> getResourceAllocations(ResourceConsumer consumer) {
+ checkPermission(RESOURCE_READ);
checkNotNull(consumer);
Collection<Resource> resources = store.getResources(consumer);
@@ -141,6 +149,7 @@
@Override
public Set<Resource> getAvailableResources(DiscreteResourceId parent) {
+ checkPermission(RESOURCE_READ);
checkNotNull(parent);
Set<Resource> children = store.getChildResources(parent);
@@ -152,6 +161,7 @@
@Override
public <T> Set<Resource> getAvailableResources(DiscreteResourceId parent, Class<T> cls) {
+ checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
@@ -163,6 +173,7 @@
@Override
public <T> Set<T> getAvailableResourceValues(DiscreteResourceId parent, Class<T> cls) {
+ checkPermission(RESOURCE_READ);
checkNotNull(parent);
checkNotNull(cls);
@@ -174,6 +185,7 @@
@Override
public Set<Resource> getRegisteredResources(DiscreteResourceId parent) {
+ checkPermission(RESOURCE_READ);
checkNotNull(parent);
return store.getChildResources(parent);
@@ -181,6 +193,7 @@
@Override
public boolean isAvailable(Resource resource) {
+ checkPermission(RESOURCE_READ);
checkNotNull(resource);
return store.isAvailable(resource);
diff --git a/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java b/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java
index ba16d13..5f6014d 100644
--- a/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java
+++ b/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java
@@ -175,6 +175,7 @@
@Override
public List<PacketProcessorEntry> getProcessors() {
+ checkPermission(PACKET_READ);
return ImmutableList.copyOf(processors);
}
@@ -233,6 +234,7 @@
@Override
public List<PacketRequest> getRequests() {
+ checkPermission(PACKET_READ);
return store.existingRequests();
}
diff --git a/core/net/src/main/java/org/onosproject/net/region/impl/RegionManager.java b/core/net/src/main/java/org/onosproject/net/region/impl/RegionManager.java
index 52634ea..f0580bd 100644
--- a/core/net/src/main/java/org/onosproject/net/region/impl/RegionManager.java
+++ b/core/net/src/main/java/org/onosproject/net/region/impl/RegionManager.java
@@ -43,6 +43,8 @@
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.collect.ImmutableList.of;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.REGION_READ;
/**
* Provides implementation of the region service APIs.
@@ -122,23 +124,27 @@
@Override
public Set<Region> getRegions() {
+ checkPermission(REGION_READ);
return store.getRegions();
}
@Override
public Region getRegion(RegionId regionId) {
+ checkPermission(REGION_READ);
checkNotNull(regionId, REGION_ID_NULL);
return store.getRegion(regionId);
}
@Override
public Region getRegionForDevice(DeviceId deviceId) {
+ checkPermission(REGION_READ);
checkNotNull(deviceId, DEVICE_ID_NULL);
return store.getRegionForDevice(deviceId);
}
@Override
public Set<DeviceId> getRegionDevices(RegionId regionId) {
+ checkPermission(REGION_READ);
checkNotNull(regionId, REGION_ID_NULL);
return store.getRegionDevices(regionId);
}
diff --git a/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java b/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
index 08071ec..dc289e2 100644
--- a/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
+++ b/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
@@ -134,11 +134,13 @@
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst) {
+ checkPermission(TOPOLOGY_READ);
return getDisjointPaths(src, dst, (LinkWeight) null);
}
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(src, ELEMENT_ID_NULL);
checkNotNull(dst, ELEMENT_ID_NULL);
@@ -173,12 +175,14 @@
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst,
Map<Link, Object> riskProfile) {
+ checkPermission(TOPOLOGY_READ);
return getDisjointPaths(src, dst, null, riskProfile);
}
@Override
public Set<DisjointPath> getDisjointPaths(ElementId src, ElementId dst, LinkWeight weight,
Map<Link, Object> riskProfile) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(src, ELEMENT_ID_NULL);
checkNotNull(dst, ELEMENT_ID_NULL);
diff --git a/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java b/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
index 4425e1c..8c21730 100644
--- a/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
+++ b/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
@@ -166,6 +166,7 @@
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
@@ -175,6 +176,7 @@
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
DeviceId dst, LinkWeight weight) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
@@ -185,6 +187,7 @@
@Override
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src, DeviceId dst,
Map<Link, Object> riskProfile) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
@@ -195,6 +198,7 @@
public Set<DisjointPath> getDisjointPaths(Topology topology, DeviceId src,
DeviceId dst, LinkWeight weight,
Map<Link, Object> riskProfile) {
+ checkPermission(TOPOLOGY_READ);
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
diff --git a/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
index 59273b1..033952f 100644
--- a/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
+++ b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
@@ -19,14 +19,31 @@
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
+import org.onosproject.cluster.ClusterAdminService;
+import org.onosproject.cluster.ClusterMetadataService;
+import org.onosproject.cluster.ClusterService;
+import org.onosproject.cluster.ClusterMetadataAdminService;
+import org.onosproject.cluster.LeadershipService;
+import org.onosproject.cluster.LeadershipAdminService;
+import org.onosproject.codec.CodecService;
+import org.onosproject.event.EventDeliveryService;
+import org.onosproject.mastership.MastershipTermService;
+import org.onosproject.net.config.BasicNetworkConfigService;
+import org.onosproject.net.config.NetworkConfigService;
+import org.onosproject.net.edge.EdgePortService;
+import org.onosproject.net.key.DeviceKeyAdminService;
+import org.onosproject.net.key.DeviceKeyService;
+import org.onosproject.net.newresource.ResourceAdminService;
+import org.onosproject.net.newresource.ResourceService;
+import org.onosproject.net.region.RegionAdminService;
+import org.onosproject.net.region.RegionService;
+import org.onosproject.net.statistic.FlowStatisticService;
+import org.onosproject.persistence.PersistenceService;
import org.onosproject.security.AppPermission;
import org.onosproject.app.ApplicationAdminService;
import org.onosproject.app.ApplicationService;
import org.onosproject.cfg.ComponentConfigService;
-import org.onosproject.cluster.ClusterAdminService;
-import org.onosproject.cluster.ClusterService;
import org.onosproject.core.CoreService;
-import org.onosproject.cluster.LeadershipService;
import org.onosproject.mastership.MastershipAdminService;
import org.onosproject.mastership.MastershipService;
import org.onosproject.net.device.DeviceAdminService;
@@ -47,13 +64,19 @@
import org.onosproject.net.link.LinkService;
import org.onosproject.net.packet.PacketService;
import org.onosproject.net.proxyarp.ProxyArpService;
-import org.onosproject.net.resource.link.LinkResourceService;
import org.onosproject.net.statistic.StatisticService;
import org.onosproject.net.topology.PathService;
import org.onosproject.net.topology.TopologyService;
import org.onosproject.security.SecurityAdminService;
+import org.onosproject.store.cluster.messaging.ClusterCommunicationService;
+import org.onosproject.store.cluster.messaging.MessagingService;
+import org.onosproject.store.primitives.PartitionAdminService;
+import org.onosproject.store.primitives.PartitionService;
+import org.onosproject.store.service.LogicalClockService;
+import org.onosproject.store.service.MutexExecutionService;
import org.onosproject.store.service.StorageAdminService;
import org.onosproject.store.service.StorageService;
+import org.onosproject.ui.UiExtensionService;
import org.osgi.framework.ServicePermission;
import org.osgi.framework.AdminPermission;
import org.osgi.framework.AdaptPermission;
@@ -169,23 +192,35 @@
List<Permission> permSet = Lists.newArrayList();
permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(LeadershipAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(ClusterMetadataAdminService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(MastershipAdminService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(DeviceAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(DriverAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(DeviceKeyAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(ResourceAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(RegionAdminService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(PartitionAdminService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(LabelResourceAdminService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(TunnelAdminService.class.getName(), ServicePermission.GET));
+
permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(ClusterMetadataService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(ClusterService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(LeadershipService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(CodecService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(EventDeliveryService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(MastershipService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(MastershipTermService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(BasicNetworkConfigService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(NetworkConfigService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(DeviceService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(DeviceClockService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(DriverService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(EdgePortService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(FlowRuleService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(FlowObjectiveService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(GroupService.class.getName(), ServicePermission.GET));
@@ -194,16 +229,29 @@
permSet.add(new ServicePermission(IntentClockService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(IntentExtensionService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(IntentPartitionService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(DeviceKeyService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(LinkService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(LabelResourceService.class.getName(), ServicePermission.GET));
+// permSet.add(new ServicePermission(MulticastRouteService.class.getName(), ServicePermission.GET));
+// permSet.add(new ServicePermission(MeterService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(ResourceService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(PacketService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(ProxyArpService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(RegionService.class.getName(), ServicePermission.GET));
+// permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(FlowStatisticService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(StatisticService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(PathService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(TopologyService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(TunnelService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(PersistenceService.class.getName(), ServicePermission.GET));
+// permSet.add(new ServicePermission(ApiDocService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(ClusterCommunicationService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(MessagingService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(LogicalClockService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(MutexExecutionService.class.getName(), ServicePermission.GET));
permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET));
+ permSet.add(new ServicePermission(UiExtensionService.class.getName(), ServicePermission.GET));
+
return permSet;
}
@@ -223,15 +271,21 @@
ApplicationService.class.getName(), CoreService.class.getName()));
serviceDirectory.put(APP_EVENT, ImmutableSet.of(
ApplicationService.class.getName(), CoreService.class.getName()));
+ serviceDirectory.put(APP_WRITE, ImmutableSet.of(
+ CoreService.class.getName()));
serviceDirectory.put(CONFIG_READ, ImmutableSet.of(
- ComponentConfigService.class.getName()));
+ ComponentConfigService.class.getName(), NetworkConfigService.class.getName()));
serviceDirectory.put(CONFIG_WRITE, ImmutableSet.of(
- ComponentConfigService.class.getName()));
+ ComponentConfigService.class.getName(), NetworkConfigService.class.getName()));
+ serviceDirectory.put(CONFIG_EVENT, ImmutableSet.of(
+ NetworkConfigService.class.getName()));
serviceDirectory.put(CLUSTER_READ, ImmutableSet.of(
ClusterService.class.getName(), LeadershipService.class.getName(),
- MastershipService.class.getName()));
+ MastershipService.class.getName(), ClusterMetadataService.class.getName(),
+ MastershipTermService.class.getName()));
serviceDirectory.put(CLUSTER_WRITE, ImmutableSet.of(
- LeadershipService.class.getName(), MastershipService.class.getName()));
+ LeadershipService.class.getName(), MastershipService.class.getName(),
+ ClusterCommunicationService.class.getName(), MessagingService.class.getName()));
serviceDirectory.put(CLUSTER_EVENT, ImmutableSet.of(
ClusterService.class.getName(), LeadershipService.class.getName(),
MastershipService.class.getName()));
@@ -263,11 +317,11 @@
HostService.class.getName()));
serviceDirectory.put(INTENT_READ, ImmutableSet.of(
IntentService.class.getName(), IntentPartitionService.class.getName(),
- IntentClockService.class.getName()));
+ IntentClockService.class.getName(), IntentExtensionService.class.getName()));
serviceDirectory.put(INTENT_WRITE, ImmutableSet.of(
- IntentService.class.getName()));
+ IntentService.class.getName(), IntentExtensionService.class.getName()));
serviceDirectory.put(INTENT_EVENT, ImmutableSet.of(
- IntentService.class.getName()));
+ IntentService.class.getName(), IntentPartitionService.class.getName()));
// serviceDirectory.put(LINK_READ, ImmutableSet.of(
// LinkService.class.getName(), LinkResourceService.class.getName(),
// LabelResourceService.class.getName()));
@@ -279,13 +333,15 @@
serviceDirectory.put(PACKET_READ, ImmutableSet.of(
PacketService.class.getName(), ProxyArpService.class.getName()));
serviceDirectory.put(PACKET_WRITE, ImmutableSet.of(
- PacketService.class.getName(), ProxyArpService.class.getName()));
+ PacketService.class.getName(), ProxyArpService.class.getName(),
+ EdgePortService.class.getName()));
serviceDirectory.put(PACKET_EVENT, ImmutableSet.of(
PacketService.class.getName()));
serviceDirectory.put(STATISTIC_READ, ImmutableSet.of(
- StatisticService.class.getName()));
+ StatisticService.class.getName(), FlowStatisticService.class.getName()));
serviceDirectory.put(TOPOLOGY_READ, ImmutableSet.of(
- TopologyService.class.getName(), PathService.class.getName()));
+ TopologyService.class.getName(), PathService.class.getName(),
+ EdgePortService.class.getName()));
serviceDirectory.put(TOPOLOGY_EVENT, ImmutableSet.of(
TopologyService.class.getName()));
// serviceDirectory.put(TUNNEL_READ, ImmutableSet.of(
@@ -296,6 +352,32 @@
// TunnelService.class.getName()));
serviceDirectory.put(STORAGE_WRITE, ImmutableSet.of(
StorageService.class.getName()));
+ serviceDirectory.put(CODEC_READ, ImmutableSet.of(
+ CodecService.class.getName()));
+ serviceDirectory.put(CODEC_WRITE, ImmutableSet.of(
+ CodecService.class.getName()));
+ serviceDirectory.put(EVENT_READ, ImmutableSet.of(
+ EventDeliveryService.class.getName()));
+ serviceDirectory.put(EVENT_WRITE, ImmutableSet.of(
+ EventDeliveryService.class.getName()));
+ serviceDirectory.put(RESOURCE_READ, ImmutableSet.of(
+ ResourceService.class.getName()));
+ serviceDirectory.put(RESOURCE_WRITE, ImmutableSet.of(
+ ResourceService.class.getName()));
+ serviceDirectory.put(RESOURCE_EVENT, ImmutableSet.of(
+ ResourceService.class.getName()));
+ serviceDirectory.put(REGION_READ, ImmutableSet.of(
+ RegionService.class.getName()));
+ serviceDirectory.put(PERSISTENCE_WRITE, ImmutableSet.of(
+ PersistenceService.class.getName()));
+ serviceDirectory.put(PARTITION_READ, ImmutableSet.of(
+ PartitionService.class.getName()));
+ serviceDirectory.put(PARTITION_EVENT, ImmutableSet.of(
+ PartitionService.class.getName()));
+ serviceDirectory.put(CLOCK_WRITE, ImmutableSet.of(
+ LogicalClockService.class.getName()));
+ serviceDirectory.put(MUTEX_WRITE, ImmutableSet.of(
+ MutexExecutionService.class.getName()));
return serviceDirectory;
}
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
index 1d962d0..6ce41b3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
@@ -50,6 +50,8 @@
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
@Component(immediate = true)
@Service
@@ -94,6 +96,7 @@
public <M> void broadcast(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
@@ -108,6 +111,7 @@
public <M> void broadcastIncludeSelf(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
@@ -122,6 +126,7 @@
MessageSubject subject,
Function<M, byte[]> encoder,
NodeId toNodeId) {
+ checkPermission(CLUSTER_WRITE);
try {
byte[] payload = new ClusterMessage(
localNodeId,
@@ -139,6 +144,7 @@
MessageSubject subject,
Function<M, byte[]> encoder,
Set<NodeId> nodes) {
+ checkPermission(CLUSTER_WRITE);
byte[] payload = new ClusterMessage(
localNodeId,
subject,
@@ -153,6 +159,7 @@
Function<M, byte[]> encoder,
Function<byte[], R> decoder,
NodeId toNodeId) {
+ checkPermission(CLUSTER_WRITE);
try {
ClusterMessage envelope = new ClusterMessage(
clusterService.getLocalNode().id(),
@@ -193,6 +200,7 @@
public void addSubscriber(MessageSubject subject,
ClusterMessageHandler subscriber,
ExecutorService executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalClusterMessageHandler(subscriber),
executor);
@@ -200,6 +208,7 @@
@Override
public void removeSubscriber(MessageSubject subject) {
+ checkPermission(CLUSTER_WRITE);
messagingService.unregisterHandler(subject.value());
}
@@ -209,6 +218,7 @@
Function<M, R> handler,
Function<R, byte[]> encoder,
Executor executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<M, R>(decoder, encoder, m -> {
CompletableFuture<R> responseFuture = new CompletableFuture<>();
@@ -228,6 +238,7 @@
Function<byte[], M> decoder,
Function<M, CompletableFuture<R>> handler,
Function<R, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<>(decoder, encoder, handler));
}
@@ -237,6 +248,7 @@
Function<byte[], M> decoder,
Consumer<M> handler,
Executor executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageConsumer<>(decoder, handler),
executor);
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
index 2f883e1..53611f3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
@@ -82,6 +82,9 @@
import java.util.function.BiFunction;
import java.util.function.Consumer;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
+
/**
* Netty based MessagingService.
*/
@@ -213,6 +216,7 @@
@Override
public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) {
+ checkPermission(CLUSTER_WRITE);
InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(),
localEp,
type,
@@ -221,6 +225,7 @@
}
protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) {
+ checkPermission(CLUSTER_WRITE);
if (ep.equals(localEp)) {
try {
dispatchLocally(message);
@@ -247,11 +252,13 @@
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) {
+ checkPermission(CLUSTER_WRITE);
return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor());
}
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
CompletableFuture<byte[]> response = new CompletableFuture<>();
Callback callback = new Callback(response, executor);
Long messageId = messageIdGenerator.incrementAndGet();
@@ -266,11 +273,13 @@
@Override
public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload())));
}
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> {
byte[] responsePayload = null;
Status status = Status.OK;
@@ -285,6 +294,7 @@
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> {
handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> {
Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION;
@@ -295,6 +305,7 @@
@Override
public void unregisterHandler(String type) {
+ checkPermission(CLUSTER_WRITE);
handlers.remove(type);
}
diff --git a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
index 4b2f780..c094425 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
@@ -30,6 +30,9 @@
import org.onosproject.store.service.StorageService;
import org.slf4j.Logger;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLOCK_WRITE;
+
/**
* LogicalClockService implementation based on a AtomicCounter.
*/
@@ -62,6 +65,7 @@
@Override
public Timestamp getTimestamp() {
+ checkPermission(CLOCK_WRITE);
return new LogicalTimestamp(atomicCounter.incrementAndGet());
}
}
\ No newline at end of file
diff --git a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
index 05c577c..b7dc6ab 100644
--- a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
+++ b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
@@ -36,6 +36,8 @@
import java.util.Timer;
import java.util.TimerTask;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PERSISTENCE_WRITE;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -122,10 +124,12 @@
}
public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() {
+ checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentMapBuilder<>(localDB);
}
public <E> PersistentSetBuilder<E> persistentSetBuilder() {
+ checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentSetBuilder<>(localDB);
}
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
index 5946fdb..431a240 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
@@ -50,7 +50,8 @@
import com.google.common.base.MoreObjects;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
-
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.MUTEX_WRITE;
/**
* Implementation of a MutexExecutionService.
*/
@@ -103,6 +104,7 @@
@Override
public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) {
+ checkPermission(MUTEX_WRITE);
return lock(exclusionPath)
.thenApply(state -> activeTasks.computeIfAbsent(exclusionPath,
k -> new InnerMutexTask(exclusionPath,
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
index a083a8b..d4699a2 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
@@ -55,6 +55,9 @@
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PARTITION_READ;
+
/**
* Implementation of {@code PartitionService} and {@code PartitionAdminService}.
*/
@@ -116,27 +119,32 @@
@Override
public int getNumberOfPartitions() {
+ checkPermission(PARTITION_READ);
return partitions.size();
}
@Override
public Set<PartitionId> getAllPartitionIds() {
+ checkPermission(PARTITION_READ);
return partitions.keySet();
}
@Override
public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
return partitions.get(partitionId).client();
}
@Override
public Set<NodeId> getConfiguredMembers(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
StoragePartition partition = partitions.get(partitionId);
return ImmutableSet.copyOf(partition.getMembers());
}
@Override
public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
// TODO: This needs to query metadata to determine currently active
// members of partition
return getConfiguredMembers(partitionId);
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
index 6410a40..6ba2667 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
@@ -61,6 +61,9 @@
import com.google.common.collect.Maps;
import com.google.common.util.concurrent.Futures;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
+
/**
* Implementation for {@code StorageService} and {@code StorageAdminService}.
*/
@@ -117,6 +120,7 @@
@Override
public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() {
+ checkPermission(STORAGE_WRITE);
return new EventuallyConsistentMapBuilderImpl<>(clusterService,
clusterCommunicator,
persistenceService);
@@ -124,27 +128,32 @@
@Override
public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator);
}
@Override
public <E> DistributedSetBuilder<E> setBuilder() {
+ checkPermission(STORAGE_WRITE);
return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder());
}
@Override
public <E> DistributedQueueBuilder<E> queueBuilder() {
+ checkPermission(STORAGE_WRITE);
// TODO: implement
throw new UnsupportedOperationException();
}
@Override
public AtomicCounterBuilder atomicCounterBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator);
}
@Override
public <V> AtomicValueBuilder<V> atomicValueBuilder() {
+ checkPermission(STORAGE_WRITE);
Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier =
() -> this.<String, byte[]>consistentMapBuilder()
.withName("onos-atomic-values")
@@ -154,6 +163,7 @@
@Override
public TransactionContextBuilder transactionContextBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(),
federatedPrimitiveCreator,
transactionCoordinator);
@@ -161,6 +171,7 @@
@Override
public LeaderElectorBuilder leaderElectorBuilder() {
+ checkPermission(STORAGE_WRITE);
return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator);
}
diff --git a/web/gui/src/main/java/org/onosproject/ui/impl/UiExtensionManager.java b/web/gui/src/main/java/org/onosproject/ui/impl/UiExtensionManager.java
index c29ebe1..9bfa3e3 100644
--- a/web/gui/src/main/java/org/onosproject/ui/impl/UiExtensionManager.java
+++ b/web/gui/src/main/java/org/onosproject/ui/impl/UiExtensionManager.java
@@ -45,6 +45,10 @@
import static org.onosproject.ui.UiView.Category.NETWORK;
import static org.onosproject.ui.UiView.Category.PLATFORM;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.UI_READ;
+import static org.onosproject.security.AppPermission.Type.UI_WRITE;
+
/**
* Manages the user interface extensions.
*/
@@ -136,6 +140,7 @@
@Override
public synchronized void register(UiExtension extension) {
+ checkPermission(UI_WRITE);
if (!extensions.contains(extension)) {
extensions.add(extension);
for (UiView view : extension.views()) {
@@ -146,6 +151,7 @@
@Override
public synchronized void unregister(UiExtension extension) {
+ checkPermission(UI_WRITE);
extensions.remove(extension);
extension.views().stream()
.map(UiView::id).collect(toSet()).forEach(views::remove);
@@ -153,11 +159,13 @@
@Override
public synchronized List<UiExtension> getExtensions() {
+ checkPermission(UI_READ);
return ImmutableList.copyOf(extensions);
}
@Override
public synchronized UiExtension getViewExtension(String viewId) {
+ checkPermission(UI_READ);
return views.get(viewId);
}