ONOS-1993 Implement API-level permission checking + security util code location replacement
Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/net/src/main/java/org/onosproject/cluster/impl/ClusterManager.java b/core/net/src/main/java/org/onosproject/cluster/impl/ClusterManager.java
index 980d40f..273738b 100644
--- a/core/net/src/main/java/org/onosproject/cluster/impl/ClusterManager.java
+++ b/core/net/src/main/java/org/onosproject/cluster/impl/ClusterManager.java
@@ -33,6 +33,7 @@
import org.onosproject.cluster.ClusterStoreDelegate;
import org.onosproject.cluster.ControllerNode;
import org.onosproject.cluster.NodeId;
+import org.onosproject.core.Permission;
import org.onosproject.event.ListenerRegistry;
import org.onosproject.event.EventDeliveryService;
import org.slf4j.Logger;
@@ -42,6 +43,8 @@
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
/**
* Implementation of the cluster service.
@@ -88,22 +91,30 @@
@Override
public ControllerNode getLocalNode() {
+ checkPermission(Permission.CLUSTER_READ);
+
return store.getLocalNode();
}
@Override
public Set<ControllerNode> getNodes() {
+ checkPermission(Permission.CLUSTER_READ);
+
return store.getNodes();
}
@Override
public ControllerNode getNode(NodeId nodeId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(nodeId, INSTANCE_ID_NULL);
return store.getNode(nodeId);
}
@Override
public ControllerNode.State getState(NodeId nodeId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(nodeId, INSTANCE_ID_NULL);
return store.getState(nodeId);
}
@@ -111,6 +122,8 @@
@Override
public DateTime getLastUpdated(NodeId nodeId) {
+ checkPermission(Permission.CLUSTER_READ);
+
return store.getLastUpdated(nodeId);
}
@@ -144,11 +157,15 @@
@Override
public void addListener(ClusterEventListener listener) {
+ checkPermission(Permission.CLUSTER_EVENT);
+
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(ClusterEventListener listener) {
+ checkPermission(Permission.CLUSTER_EVENT);
+
listenerRegistry.removeListener(listener);
}
diff --git a/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java b/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
index ee60cc7..cc33d56 100644
--- a/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
+++ b/core/net/src/main/java/org/onosproject/cluster/impl/MastershipManager.java
@@ -32,6 +32,7 @@
import org.onosproject.cluster.NodeId;
import org.onosproject.cluster.RoleInfo;
import org.onosproject.core.MetricsHelper;
+import org.onosproject.core.Permission;
import org.onosproject.event.ListenerRegistry;
import org.onosproject.event.EventDeliveryService;
import org.onosproject.mastership.MastershipAdminService;
@@ -62,6 +63,8 @@
import static org.onosproject.cluster.ControllerNode.State.ACTIVE;
import static org.onosproject.net.MastershipRole.MASTER;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
@Component(immediate = true)
@Service
@@ -142,12 +145,16 @@
@Override
public MastershipRole getLocalRole(DeviceId deviceId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(deviceId, DEVICE_ID_NULL);
return store.getRole(clusterService.getLocalNode().id(), deviceId);
}
@Override
public void relinquishMastership(DeviceId deviceId) {
+ checkPermission(Permission.CLUSTER_WRITE);
+
store.relinquishRole(clusterService.getLocalNode().id(), deviceId)
.whenComplete((event, error) -> {
if (event != null) {
@@ -158,6 +165,8 @@
@Override
public CompletableFuture<MastershipRole> requestRoleFor(DeviceId deviceId) {
+ checkPermission(Permission.CLUSTER_WRITE);
+
checkNotNull(deviceId, DEVICE_ID_NULL);
final Context timer = startTimer(requestRoleTimer);
return store.requestRole(deviceId).whenComplete((result, error) -> stopTimer(timer));
@@ -166,18 +175,24 @@
@Override
public NodeId getMasterFor(DeviceId deviceId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(deviceId, DEVICE_ID_NULL);
return store.getMaster(deviceId);
}
@Override
public Set<DeviceId> getDevicesOf(NodeId nodeId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(nodeId, NODE_ID_NULL);
return store.getDevices(nodeId);
}
@Override
public RoleInfo getNodesFor(DeviceId deviceId) {
+ checkPermission(Permission.CLUSTER_READ);
+
checkNotNull(deviceId, DEVICE_ID_NULL);
return store.getNodes(deviceId);
}
@@ -189,12 +204,16 @@
@Override
public void addListener(MastershipListener listener) {
+ checkPermission(Permission.CLUSTER_EVENT);
+
checkNotNull(listener);
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(MastershipListener listener) {
+ checkPermission(Permission.CLUSTER_EVENT);
+
checkNotNull(listener);
listenerRegistry.removeListener(listener);
}