Adding ACLs for requiring admin or viewer role to different ONOS CLI commands.
Change-Id: Iba1744b7a76449eab54406cc89f65c1c0d48e393
diff --git a/tools/package/etc/org.apache.karaf.command.acl.onos.cfg b/tools/package/etc/org.apache.karaf.command.acl.onos.cfg
new file mode 100644
index 0000000..a35b13a
--- /dev/null
+++ b/tools/package/etc/org.apache.karaf.command.acl.onos.cfg
@@ -0,0 +1,383 @@
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+add-domain-tunnel = admin
+add-host-intent = admin
+add-multi-to-single-intent = admin
+add-node = admin
+add-optical-connectivity = admin
+add-optical-intent = admin
+add-point-intent = admin
+add-protected-transport = admin
+add-single-to-multi-intent = admin
+add-test-flows = admin
+add-vnet-intent = admin
+alarms = viewer
+alarms-counts = viewer
+allocations = viewer
+annotate-device = admin
+annotate-link = admin
+annotate-port = admin
+app = admin
+app-ids = viewer
+apps = viewer
+balance-masters = admin
+bgp = admin
+bgp-exception = admin
+bgp-neighbors = viewer
+bgp-peer-add = admin
+bgp-peer-remove = admin
+bgp-rib = viewer
+bgp-routes = viewer
+bgp-speaker-add = admin
+bgp-speaker-remove = admin
+bgp-speakers = viewer
+cfg = admin
+cfm-ma-add = admin
+cfm-ma-delete = admin
+cfm-md-add = admin
+cfm-md-delete = admin
+cfm-md-list = admin
+compile-model = admin
+config-link = admin
+config-link-discovery = admin
+counter = admin
+counter-test = admin
+counter-test-increment = admin
+counters = viewer
+cpman-stats-list = admin
+cycle-intents = admin
+device-add-interface = admin
+device-configuration = admin
+device-controllers = viewer
+device-interfaces = viewer
+device-key-add = admin
+device-key-remove = admin
+device-keys = viewer
+device-ports = viewer
+device-remove = admin
+device-remove-interface = admin
+device-role = admin
+device-setconfiguration = admin
+device-setcontrollers = admin
+devices = viewer
+dhcp-fpm-add = admin
+dhcp-fpm-delete = admin
+dhcp-fpm-routes = admin
+dhcp-lease = admin
+dhcp-list = viewer
+dhcp-relay = admin
+dhcp-relay-agg-counters = admin
+dhcp-remove-static-mapping = admin
+dhcp-set-static-mapping = admin
+domains = admin
+dpis = admin
+driver-providers = viewer
+drivers = viewer
+ec-map-test = admin
+edge-ports = viewer
+election-test-leader = admin
+election-test-run = admin
+election-test-withdraw = admin
+events = viewer
+evpn-instance-list = viewer
+evpn-port-list = viewer
+evpn-private-routes = viewer
+evpn-public-routes = viewer
+externalgateway-update = admin
+externalportname-set = admin
+floatingip-create = admin
+floatingip-remove = admin
+floatingip-update = admin
+floatingips = viewer
+flow-analysis = viewer
+flows = viewer
+fpm-connections = admin
+fpm-push-routes = admin
+gateway-add = admin
+gateway-delete = admin
+gateways = viewer
+get-flow-stats = viewer
+get-stats = viewer
+global-label-apply = admin
+global-label-pool = admin
+global-label-pool-create = admin
+global-label-pool-destroy = admin
+global-label-release = admin
+gluon = admin
+gluon-server-list = admin
+groups = viewer
+host-remove = admin
+hosts = viewer
+intent-compilers = viewer
+intent-details = viewer
+intent-installers = viewer
+intent-perf = admin
+intent-perf-start = admin
+intent-perf-stop = admin
+intents = viewer
+intents-events = admin
+intents-events-metrics = admin
+interface-add = admin
+interface-remove = admin
+interfaces = viewer
+isis = admin
+issu = admin
+label-apply = admin
+label-pool = admin
+label-pool-create = admin
+label-pool-destroy = admin
+label-release = admin
+layout-add = admin
+layouts = viewer
+leader-test = admin
+leaders = viewer
+links = viewer
+list-optical-connectivity = viewer
+lock-test = admin
+map-test = admin
+mappings = viewer
+maps = viewer
+mark = admin
+masters = viewer
+mcast-delete = admin
+mcast-host-delete = admin
+mcast-host-join = admin
+mcast-host-routes = admin
+mcast-host-show = viewer
+mcast-join = admin
+mcast-routes = viewer
+mcast-show = viewer
+mcast-source-delete = admin
+memberships = viewer
+meter-add = admin
+meter-remove = admin
+meters = viewer
+metrics = admin
+models = viewer
+neighbour-handlers = admin
+netcfg = admin
+netcfg-registry = admin
+netconf-get-config = admin
+netconf-rpc-test = admin
+netconf-subscription-test = admin
+nodes = viewer
+null-create-device = admin
+null-create-host = admin
+null-create-hosts = admin
+null-create-link = admin
+null-device = admin
+null-link = admin
+null-simulation = admin
+obj-clear-queues = admin
+obj-next-ids = viewer
+obj-pending-nexts = viewer
+obj-queues = viewer
+ofagent-controller-add = admin
+ofagent-controller-delete = admin
+ofagent-create = admin
+ofagent-remove = admin
+ofagent-start = admin
+ofagent-stop = admin
+ofagent-switches = admin
+ofagents = viewer
+openstack-floatingips = admin
+openstack-networks = admin
+openstack-node-check = admin
+openstack-node-init = admin
+openstack-nodes = admin
+openstack-ports = admin
+openstack-purge-rules = admin
+openstack-purge-states = admin
+openstack-routers = admin
+openstack-security-groups = admin
+openstack-sync-rules = admin
+openstack-sync-states = admin
+openstacknetworking-ui-get-restserver-auth = admin
+openstacknetworking-ui-get-restserver-url = admin
+openstacknetworking-ui-set-restserver-auth = admin
+openstacknetworking-ui-set-restserver-ip = admin
+optical-ports = admin
+ospf = admin
+packet-processors = viewer
+packet-requests = viewer
+partitions = admin
+paths = viewer
+pce-delete-load-balancing-path = admin
+pce-delete-path = admin
+pce-query-load-balancing-path = admin
+pce-query-path = admin
+pce-setup-path = admin
+pce-update-path = admin
+pcep = admin
+pim-interfaces = admin
+pim-neighbors = admin
+policy = admin
+port-query-vlans = admin
+ports = admin
+portstate = admin
+portstats = viewer
+pp = viewer
+ppxml = viewer
+primitive-perf = admin
+primitive-perf-start = admin
+primitive-perf-stop = admin
+purge-intents = admin
+push-random-intents = admin
+push-test-intents = admin
+queues = viewer
+ra-global-prefixes = admin
+reactive-fwd-metrics = viewer
+region-add = admin
+region-add-devices = admin
+region-add-peer-loc = admin
+region-remove = admin
+region-remove-devices = admin
+region-update = admin
+regions = viewer
+remove-intent = admin
+remove-node = admin
+remove-optical-connectivity = admin
+remove-vnet-intent = admin
+resources = viewer
+review = viewer
+roles = viewer
+route-add = admin
+route-remove = admin
+route-store = admin
+router-create = admin
+router-remove = admin
+router-update = admin
+routerinterface-create = admin
+routerinterface-remove = admin
+routerinterfaces = admin
+routers = viewer
+routes = viewer
+scale-create-flows = admin
+scale-create-routes = admin
+sdnip = admin
+sdnip-set-primary = admin
+set-test-add = admin
+set-test-get = admin
+set-test-remove = admin
+sr-device-subnets = admin
+sr-ecmp-spg = admin
+sr-link-state = admin
+sr-mcast-leader = admin
+sr-mcast-next = admin
+sr-mcast-tree = admin
+sr-next-hops = admin
+sr-policy-add = admin
+sr-policy-list = admin
+sr-policy-remove = admin
+sr-pw-add = admin
+sr-pw-list = admin
+sr-pw-remove = admin
+sr-reroute-network = admin
+sr-should-program = admin
+sr-tunnel-add = admin
+sr-tunnel-list = admin
+sr-tunnel-remove = admin
+sr-verify-groups = admin
+subnet-create = admin
+subnet-remove = admin
+subnet-update = admin
+subnets = viewer
+summary = viewer
+t3-troubleshoot = admin
+t3-troubleshoot-mcast = admin
+t3-troubleshoot-pingall = admin
+t3-troubleshoot-simple = admin
+tablestats = viewer
+tenantnetwork-create = admin
+tenantnetwork-remove = admin
+tenantnetwork-update = admin
+tenantnetworks = admin
+test-add-protection-endpoint = admin
+test-allocate-resources = admin
+topo-cluster-devices = viewer
+topo-cluster-links = viewer
+topo-clusters = viewer
+topo-layout = admin
+topology = viewer
+topology-events = admin
+topology-events-metrics = admin
+transactional-map-test-get = admin
+transactional-map-test-put = admin
+transactions = admin
+ts-all-anomalies = admin
+ts-check-loops = admin
+tunnel-borrow = admin
+tunnel-create = admin
+tunnel-remove = admin
+tunnel-return = admin
+tunnel-subscriptions = admin
+tunnel-update = admin
+tunnels = viewer
+ui-cache-devices = viewer
+ui-cache-hosts = viewer
+ui-cache-links = viewer
+ui-cache-members = viewer
+ui-cache-regions = viewer
+ui-clear-meta = admin
+ui-geo-map-list = viewer
+ui-prefs = viewer
+ui-views = viewer
+value-test = admin
+vbngs = viewer
+virtualport-create = admin
+virtualport-remove = admin
+virtualport-update = admin
+virtualports = admin
+vnet-add-tenant = admin
+vnet-balance-masters = admin
+vnet-bind-port = admin
+vnet-create = admin
+vnet-create-device = admin
+vnet-create-host = admin
+vnet-create-link = admin
+vnet-create-port = admin
+vnet-devices = admin
+vnet-flows = admin
+vnet-hosts = admin
+vnet-links = admin
+vnet-packet = admin
+vnet-port-state = admin
+vnet-ports = admin
+vnet-remove = admin
+vnet-remove-device = admin
+vnet-remove-host = admin
+vnet-remove-link = admin
+vnet-remove-port = admin
+vnet-remove-tenant = admin
+vnet-tenants = viewer
+vnets = viewer
+volt-all = admin
+volt-ethloopback = admin
+volt-nnilinks = admin
+volt-notification-alertfilter = admin
+volt-notification-setalertfilter = admin
+volt-notification-subscribe = admin
+volt-ondemandfwdl = admin
+volt-onus = admin
+volt-onustats = admin
+volt-ponlinks = admin
+volt-rebootonu = admin
+volt-setnnilink = admin
+volt-setonu = admin
+volt-setponlink = admin
+vpls = admin
+wipe-out = admin
+work-queue-test = admin
diff --git a/tools/package/etc/users.properties b/tools/package/etc/users.properties
index c7bdb2d..95a97bc 100644
--- a/tools/package/etc/users.properties
+++ b/tools/package/etc/users.properties
@@ -31,4 +31,7 @@
#
karaf = karaf,_g_:admingroup
onos = rocks,_g_:admingroup
+guest = guest,_g_:guestgroup
_g_\:admingroup = group,admin,manager,viewer,webconsole
+_g_\:guestgroup = group,viewer
+