ONOS-1896 Modify Application Subsystem to support Security-Mode ONOS
Change-Id: Ie3686e0d5071f9f6e946bc48ed7562bb2f5ec413
diff --git a/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java b/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
index 64f04a6..b3fab01 100644
--- a/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
+++ b/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
@@ -15,6 +15,7 @@
*/
package org.onosproject.app;
+import org.onosproject.core.ApplicationRole;
import org.onosproject.core.Permission;
import org.onosproject.core.Version;
@@ -57,6 +58,13 @@
String origin();
/**
+ * Returns the role of the application.
+ *
+ * @return application role
+ */
+ ApplicationRole role();
+
+ /**
* Returns the permissions requested by the application.
*
* @return requested permissions
diff --git a/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java b/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
index 78b902b..d24bace 100644
--- a/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
+++ b/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
@@ -15,6 +15,7 @@
*/
package org.onosproject.app;
+import org.onosproject.core.ApplicationRole;
import org.onosproject.core.Permission;
import org.onosproject.core.Version;
@@ -36,6 +37,7 @@
private final Version version;
private final String description;
private final String origin;
+ private final ApplicationRole role;
private final Set<Permission> permissions;
private final Optional<URI> featuresRepo;
private final List<String> features;
@@ -47,18 +49,20 @@
* @param version application version
* @param description application description
* @param origin origin company
+ * @param role application role
* @param permissions requested permissions
* @param featuresRepo optional features repo URI
* @param features application features
*/
public DefaultApplicationDescription(String name, Version version,
String description, String origin,
- Set<Permission> permissions,
+ ApplicationRole role, Set<Permission> permissions,
URI featuresRepo, List<String> features) {
this.name = checkNotNull(name, "Name cannot be null");
this.version = checkNotNull(version, "Version cannot be null");
this.description = checkNotNull(description, "Description cannot be null");
this.origin = checkNotNull(origin, "Origin cannot be null");
+ this.role = checkNotNull(role, "Role cannot be null");
this.permissions = checkNotNull(permissions, "Permissions cannot be null");
this.featuresRepo = Optional.ofNullable(featuresRepo);
this.features = checkNotNull(features, "Features cannot be null");
@@ -86,6 +90,11 @@
}
@Override
+ public ApplicationRole role() {
+ return role;
+ }
+
+ @Override
public Set<Permission> permissions() {
return permissions;
}
@@ -107,6 +116,7 @@
.add("version", version)
.add("description", description)
.add("origin", origin)
+ .add("role", role)
.add("permissions", permissions)
.add("featuresRepo", featuresRepo)
.add("features", features)
diff --git a/core/api/src/main/java/org/onosproject/core/Application.java b/core/api/src/main/java/org/onosproject/core/Application.java
index da2be13..8cd063a 100644
--- a/core/api/src/main/java/org/onosproject/core/Application.java
+++ b/core/api/src/main/java/org/onosproject/core/Application.java
@@ -54,6 +54,13 @@
String origin();
/**
+ * Returns the role of the application.
+ *
+ * @return application role
+ */
+ ApplicationRole role();
+
+ /**
* Returns the permissions requested by the application.
*
* @return requested permissions
diff --git a/core/api/src/main/java/org/onosproject/core/ApplicationRole.java b/core/api/src/main/java/org/onosproject/core/ApplicationRole.java
new file mode 100644
index 0000000..71ae1e3
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/core/ApplicationRole.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.core;
+
+public enum ApplicationRole {
+ /**
+ * Indicates that an application has an ADMIN role.
+ */
+ ADMIN,
+
+ /**
+ * Indicates that an application has a REGULAR role.
+ */
+ REGULAR,
+
+ /**
+ * Indicates that an application role has not been specified.
+ */
+ UNSPECIFIED,
+
+ /**
+ * More useful roles may be defined.
+ */
+}
diff --git a/core/api/src/main/java/org/onosproject/core/DefaultApplication.java b/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
index b765e70..ab72c6f 100644
--- a/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
+++ b/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
@@ -16,10 +16,10 @@
package org.onosproject.core;
import java.net.URI;
+import java.util.Set;
+import java.util.Optional;
import java.util.List;
import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
import static com.google.common.base.MoreObjects.toStringHelper;
import static com.google.common.base.Preconditions.checkArgument;
@@ -34,6 +34,7 @@
private final Version version;
private final String description;
private final String origin;
+ private final ApplicationRole role;
private final Set<Permission> permissions;
private final Optional<URI> featuresRepo;
private final List<String> features;
@@ -45,18 +46,20 @@
* @param version application version
* @param description application description
* @param origin origin company
+ * @param role application role
* @param permissions requested permissions
* @param featuresRepo optional features repo URI
* @param features application features
*/
public DefaultApplication(ApplicationId appId, Version version,
String description, String origin,
- Set<Permission> permissions,
+ ApplicationRole role, Set<Permission> permissions,
Optional<URI> featuresRepo, List<String> features) {
this.appId = checkNotNull(appId, "ID cannot be null");
this.version = checkNotNull(version, "Version cannot be null");
this.description = checkNotNull(description, "Description cannot be null");
this.origin = checkNotNull(origin, "Origin cannot be null");
+ this.role = checkNotNull(role, "Role cannot be null");
this.permissions = checkNotNull(permissions, "Permissions cannot be null");
this.featuresRepo = checkNotNull(featuresRepo, "Features repo cannot be null");
this.features = checkNotNull(features, "Features cannot be null");
@@ -84,6 +87,11 @@
}
@Override
+ public ApplicationRole role() {
+ return role;
+ }
+
+ @Override
public Set<Permission> permissions() {
return permissions;
}
@@ -100,7 +108,7 @@
@Override
public int hashCode() {
- return Objects.hash(appId, version, description, origin, permissions,
+ return Objects.hash(appId, version, description, origin, role, permissions,
featuresRepo, features);
}
@@ -117,6 +125,7 @@
Objects.equals(this.version, other.version) &&
Objects.equals(this.description, other.description) &&
Objects.equals(this.origin, other.origin) &&
+ Objects.equals(this.role, other.role) &&
Objects.equals(this.permissions, other.permissions) &&
Objects.equals(this.featuresRepo, other.featuresRepo) &&
Objects.equals(this.features, other.features);
@@ -129,6 +138,7 @@
.add("version", version)
.add("description", description)
.add("origin", origin)
+ .add("role", role)
.add("permissions", permissions)
.add("featuresRepo", featuresRepo)
.add("features", features)
diff --git a/core/api/src/main/java/org/onosproject/core/DefaultPermission.java b/core/api/src/main/java/org/onosproject/core/DefaultPermission.java
new file mode 100644
index 0000000..512aca3
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/core/DefaultPermission.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.core;
+
+import java.security.BasicPermission;
+
+/**
+ * Default implementation of ONOS application permissions for API-level access control.
+ */
+public class DefaultPermission extends BasicPermission implements Permission {
+
+ public enum Type {
+ APP_READ,
+ APP_EVENT,
+ CONFIG_READ,
+ CONFIG_WRITE,
+ CLUSTER_READ,
+ CLUSTER_WRITE,
+ CLUSTER_EVENT,
+ DEVICE_READ,
+ DEVICE_EVENT,
+ DRIVER_READ,
+ DRIVER_WRITE,
+ FLOWRULE_READ,
+ FLOWRULE_WRITE,
+ FLOWRULE_EVENT,
+ GROUP_READ,
+ GROUP_WRITE,
+ GROUP_EVENT,
+ HOST_READ,
+ HOST_WRITE,
+ HOST_EVENT,
+ INTENT_READ,
+ INTENT_WRITE,
+ INTENT_EVENT,
+ LINK_READ,
+ LINK_WRITE,
+ LINK_EVENT,
+ PACKET_READ,
+ PACKET_WRITE,
+ PACKET_EVENT,
+ STATISTIC_READ,
+ TOPOLOGY_READ,
+ TOPOLOGY_EVENT,
+ TUNNEL_READ,
+ TUNNEL_WRITE,
+ TUNNEL_EVENT,
+ STORAGE_WRITE
+ }
+
+ /**
+ * Creates a new DefaultPermission.
+ * @param name name of the permission
+ * @param actions optional action field
+ */
+ public DefaultPermission(String name, String actions) {
+ super(name, actions);
+ }
+
+ /**
+ * Creates a new DefaultPermission.
+ * @param name name of the permission
+ */
+ public DefaultPermission(String name) {
+ super(name, "");
+ }
+
+ public DefaultPermission(Type permtype) {
+ super(permtype.name(), "");
+ }
+
+ @Override
+ public String name() {
+ return super.getName();
+ }
+
+ @Override
+ public String actions() {
+ return super.getActions();
+ }
+}
diff --git a/core/api/src/main/java/org/onosproject/core/Permission.java b/core/api/src/main/java/org/onosproject/core/Permission.java
index d32d059..98ec6c7 100644
--- a/core/api/src/main/java/org/onosproject/core/Permission.java
+++ b/core/api/src/main/java/org/onosproject/core/Permission.java
@@ -19,5 +19,16 @@
* Representation of an application permission.
*/
public interface Permission {
- // TODO: to be fleshed out
+
+ /**
+ * Returns the name of the permission.
+ * @return a string value
+ */
+ String name();
+
+ /**
+ * Returns the actions string of the permission if specified.
+ * @return a string value
+ */
+ String actions();
}
diff --git a/core/api/src/test/java/org/onosproject/app/ApplicationEventTest.java b/core/api/src/test/java/org/onosproject/app/ApplicationEventTest.java
index 4a882c3..d31cc26 100644
--- a/core/api/src/test/java/org/onosproject/app/ApplicationEventTest.java
+++ b/core/api/src/test/java/org/onosproject/app/ApplicationEventTest.java
@@ -32,7 +32,7 @@
public class ApplicationEventTest extends AbstractEventTest {
private Application createApp() {
- return new DefaultApplication(APP_ID, VER, DESC, ORIGIN,
+ return new DefaultApplication(APP_ID, VER, DESC, ORIGIN, ROLE,
PERMS, Optional.of(FURL), FEATURES);
}
diff --git a/core/api/src/test/java/org/onosproject/app/DefaultApplicationDescriptionTest.java b/core/api/src/test/java/org/onosproject/app/DefaultApplicationDescriptionTest.java
index 3c33a7f..6325395 100644
--- a/core/api/src/test/java/org/onosproject/app/DefaultApplicationDescriptionTest.java
+++ b/core/api/src/test/java/org/onosproject/app/DefaultApplicationDescriptionTest.java
@@ -18,6 +18,8 @@
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import org.junit.Test;
+import org.onosproject.core.ApplicationRole;
+import org.onosproject.core.DefaultPermission;
import org.onosproject.core.Permission;
import org.onosproject.core.Version;
@@ -27,6 +29,9 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
+import static org.onosproject.core.DefaultPermission.Type.FLOWRULE_WRITE;
+import static org.onosproject.core.DefaultPermission.Type.FLOWRULE_READ;
+
/**
* Basic tests of the default app description.
@@ -37,7 +42,9 @@
public static final Version VER = Version.version(1, 2, "a", null);
public static final String DESC = "Awesome application from Circus";
public static final String ORIGIN = "Circus";
- public static final Set<Permission> PERMS = ImmutableSet.of();
+ public static final ApplicationRole ROLE = ApplicationRole.ADMIN;
+ public static final Set<Permission> PERMS = ImmutableSet.of(new DefaultPermission(FLOWRULE_WRITE),
+ new DefaultPermission(FLOWRULE_READ));
public static final URI FURL = URI.create("mvn:org.foo-features/1.2a/xml/features");
public static final List<String> FEATURES = ImmutableList.of("foo", "bar");
@@ -45,11 +52,12 @@
public void basics() {
ApplicationDescription app =
new DefaultApplicationDescription(APP_NAME, VER, DESC, ORIGIN,
- PERMS, FURL, FEATURES);
+ ROLE, PERMS, FURL, FEATURES);
assertEquals("incorrect id", APP_NAME, app.name());
assertEquals("incorrect version", VER, app.version());
assertEquals("incorrect description", DESC, app.description());
assertEquals("incorrect origin", ORIGIN, app.origin());
+ assertEquals("incorect role", ROLE, app.role());
assertEquals("incorrect permissions", PERMS, app.permissions());
assertEquals("incorrect features repo", FURL, app.featuresRepo().get());
assertEquals("incorrect features", FEATURES, app.features());
diff --git a/core/api/src/test/java/org/onosproject/core/DefaultApplicationTest.java b/core/api/src/test/java/org/onosproject/core/DefaultApplicationTest.java
index ed0fe6d..cbedb79 100644
--- a/core/api/src/test/java/org/onosproject/core/DefaultApplicationTest.java
+++ b/core/api/src/test/java/org/onosproject/core/DefaultApplicationTest.java
@@ -33,12 +33,13 @@
@Test
public void basics() {
- Application app = new DefaultApplication(APP_ID, VER, DESC, ORIGIN,
+ Application app = new DefaultApplication(APP_ID, VER, DESC, ORIGIN, ROLE,
PERMS, Optional.of(FURL), FEATURES);
assertEquals("incorrect id", APP_ID, app.id());
assertEquals("incorrect version", VER, app.version());
assertEquals("incorrect description", DESC, app.description());
assertEquals("incorrect origin", ORIGIN, app.origin());
+ assertEquals("incorrect role", ROLE, app.role());
assertEquals("incorrect permissions", PERMS, app.permissions());
assertEquals("incorrect features repo", FURL, app.featuresRepo().get());
assertEquals("incorrect features", FEATURES, app.features());
@@ -47,13 +48,13 @@
@Test
public void testEquality() {
- Application a1 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN,
+ Application a1 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN, ROLE,
PERMS, Optional.of(FURL), FEATURES);
- Application a2 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN,
+ Application a2 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN, ROLE,
PERMS, Optional.of(FURL), FEATURES);
- Application a3 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN,
+ Application a3 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN, ROLE,
PERMS, Optional.empty(), FEATURES);
- Application a4 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN + "asd",
+ Application a4 = new DefaultApplication(APP_ID, VER, DESC, ORIGIN + "asd", ROLE,
PERMS, Optional.of(FURL), FEATURES);
new EqualsTester().addEqualityGroup(a1, a2)
.addEqualityGroup(a3).addEqualityGroup(a4).testEquals();