More APIs permission for new ONOS APIs
Change-Id: I43fee65254adca451f77431bfbf5accdf95b81ab
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
index 1d962d0..6ce41b3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
@@ -50,6 +50,8 @@
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
@Component(immediate = true)
@Service
@@ -94,6 +96,7 @@
public <M> void broadcast(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
@@ -108,6 +111,7 @@
public <M> void broadcastIncludeSelf(M message,
MessageSubject subject,
Function<M, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
multicast(message,
subject,
encoder,
@@ -122,6 +126,7 @@
MessageSubject subject,
Function<M, byte[]> encoder,
NodeId toNodeId) {
+ checkPermission(CLUSTER_WRITE);
try {
byte[] payload = new ClusterMessage(
localNodeId,
@@ -139,6 +144,7 @@
MessageSubject subject,
Function<M, byte[]> encoder,
Set<NodeId> nodes) {
+ checkPermission(CLUSTER_WRITE);
byte[] payload = new ClusterMessage(
localNodeId,
subject,
@@ -153,6 +159,7 @@
Function<M, byte[]> encoder,
Function<byte[], R> decoder,
NodeId toNodeId) {
+ checkPermission(CLUSTER_WRITE);
try {
ClusterMessage envelope = new ClusterMessage(
clusterService.getLocalNode().id(),
@@ -193,6 +200,7 @@
public void addSubscriber(MessageSubject subject,
ClusterMessageHandler subscriber,
ExecutorService executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalClusterMessageHandler(subscriber),
executor);
@@ -200,6 +208,7 @@
@Override
public void removeSubscriber(MessageSubject subject) {
+ checkPermission(CLUSTER_WRITE);
messagingService.unregisterHandler(subject.value());
}
@@ -209,6 +218,7 @@
Function<M, R> handler,
Function<R, byte[]> encoder,
Executor executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<M, R>(decoder, encoder, m -> {
CompletableFuture<R> responseFuture = new CompletableFuture<>();
@@ -228,6 +238,7 @@
Function<byte[], M> decoder,
Function<M, CompletableFuture<R>> handler,
Function<R, byte[]> encoder) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageResponder<>(decoder, encoder, handler));
}
@@ -237,6 +248,7 @@
Function<byte[], M> decoder,
Consumer<M> handler,
Executor executor) {
+ checkPermission(CLUSTER_WRITE);
messagingService.registerHandler(subject.value(),
new InternalMessageConsumer<>(decoder, handler),
executor);
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
index 2f883e1..53611f3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
@@ -82,6 +82,9 @@
import java.util.function.BiFunction;
import java.util.function.Consumer;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
+
/**
* Netty based MessagingService.
*/
@@ -213,6 +216,7 @@
@Override
public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) {
+ checkPermission(CLUSTER_WRITE);
InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(),
localEp,
type,
@@ -221,6 +225,7 @@
}
protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) {
+ checkPermission(CLUSTER_WRITE);
if (ep.equals(localEp)) {
try {
dispatchLocally(message);
@@ -247,11 +252,13 @@
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) {
+ checkPermission(CLUSTER_WRITE);
return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor());
}
@Override
public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
CompletableFuture<byte[]> response = new CompletableFuture<>();
Callback callback = new Callback(response, executor);
Long messageId = messageIdGenerator.incrementAndGet();
@@ -266,11 +273,13 @@
@Override
public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload())));
}
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> executor.execute(() -> {
byte[] responsePayload = null;
Status status = Status.OK;
@@ -285,6 +294,7 @@
@Override
public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) {
+ checkPermission(CLUSTER_WRITE);
handlers.put(type, message -> {
handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> {
Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION;
@@ -295,6 +305,7 @@
@Override
public void unregisterHandler(String type) {
+ checkPermission(CLUSTER_WRITE);
handlers.remove(type);
}
diff --git a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
index 4b2f780..c094425 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
@@ -30,6 +30,9 @@
import org.onosproject.store.service.StorageService;
import org.slf4j.Logger;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLOCK_WRITE;
+
/**
* LogicalClockService implementation based on a AtomicCounter.
*/
@@ -62,6 +65,7 @@
@Override
public Timestamp getTimestamp() {
+ checkPermission(CLOCK_WRITE);
return new LogicalTimestamp(atomicCounter.incrementAndGet());
}
}
\ No newline at end of file
diff --git a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
index 05c577c..b7dc6ab 100644
--- a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
+++ b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
@@ -36,6 +36,8 @@
import java.util.Timer;
import java.util.TimerTask;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PERSISTENCE_WRITE;
import static org.slf4j.LoggerFactory.getLogger;
/**
@@ -122,10 +124,12 @@
}
public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() {
+ checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentMapBuilder<>(localDB);
}
public <E> PersistentSetBuilder<E> persistentSetBuilder() {
+ checkPermission(PERSISTENCE_WRITE);
return new DefaultPersistentSetBuilder<>(localDB);
}
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
index 5946fdb..431a240 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
@@ -50,7 +50,8 @@
import com.google.common.base.MoreObjects;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
-
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.MUTEX_WRITE;
/**
* Implementation of a MutexExecutionService.
*/
@@ -103,6 +104,7 @@
@Override
public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) {
+ checkPermission(MUTEX_WRITE);
return lock(exclusionPath)
.thenApply(state -> activeTasks.computeIfAbsent(exclusionPath,
k -> new InnerMutexTask(exclusionPath,
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
index a083a8b..d4699a2 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
@@ -55,6 +55,9 @@
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PARTITION_READ;
+
/**
* Implementation of {@code PartitionService} and {@code PartitionAdminService}.
*/
@@ -116,27 +119,32 @@
@Override
public int getNumberOfPartitions() {
+ checkPermission(PARTITION_READ);
return partitions.size();
}
@Override
public Set<PartitionId> getAllPartitionIds() {
+ checkPermission(PARTITION_READ);
return partitions.keySet();
}
@Override
public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
return partitions.get(partitionId).client();
}
@Override
public Set<NodeId> getConfiguredMembers(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
StoragePartition partition = partitions.get(partitionId);
return ImmutableSet.copyOf(partition.getMembers());
}
@Override
public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) {
+ checkPermission(PARTITION_READ);
// TODO: This needs to query metadata to determine currently active
// members of partition
return getConfiguredMembers(partitionId);
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
index 6410a40..6ba2667 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
@@ -61,6 +61,9 @@
import com.google.common.collect.Maps;
import com.google.common.util.concurrent.Futures;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
+
/**
* Implementation for {@code StorageService} and {@code StorageAdminService}.
*/
@@ -117,6 +120,7 @@
@Override
public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() {
+ checkPermission(STORAGE_WRITE);
return new EventuallyConsistentMapBuilderImpl<>(clusterService,
clusterCommunicator,
persistenceService);
@@ -124,27 +128,32 @@
@Override
public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator);
}
@Override
public <E> DistributedSetBuilder<E> setBuilder() {
+ checkPermission(STORAGE_WRITE);
return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder());
}
@Override
public <E> DistributedQueueBuilder<E> queueBuilder() {
+ checkPermission(STORAGE_WRITE);
// TODO: implement
throw new UnsupportedOperationException();
}
@Override
public AtomicCounterBuilder atomicCounterBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator);
}
@Override
public <V> AtomicValueBuilder<V> atomicValueBuilder() {
+ checkPermission(STORAGE_WRITE);
Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier =
() -> this.<String, byte[]>consistentMapBuilder()
.withName("onos-atomic-values")
@@ -154,6 +163,7 @@
@Override
public TransactionContextBuilder transactionContextBuilder() {
+ checkPermission(STORAGE_WRITE);
return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(),
federatedPrimitiveCreator,
transactionCoordinator);
@@ -161,6 +171,7 @@
@Override
public LeaderElectorBuilder leaderElectorBuilder() {
+ checkPermission(STORAGE_WRITE);
return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator);
}