ONOS-1896 Modify Application Subsystem to support Security-Mode ONOS
Change-Id: Ie3686e0d5071f9f6e946bc48ed7562bb2f5ec413
diff --git a/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java b/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
index 64f04a6..b3fab01 100644
--- a/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
+++ b/core/api/src/main/java/org/onosproject/app/ApplicationDescription.java
@@ -15,6 +15,7 @@
*/
package org.onosproject.app;
+import org.onosproject.core.ApplicationRole;
import org.onosproject.core.Permission;
import org.onosproject.core.Version;
@@ -57,6 +58,13 @@
String origin();
/**
+ * Returns the role of the application.
+ *
+ * @return application role
+ */
+ ApplicationRole role();
+
+ /**
* Returns the permissions requested by the application.
*
* @return requested permissions
diff --git a/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java b/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
index 78b902b..d24bace 100644
--- a/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
+++ b/core/api/src/main/java/org/onosproject/app/DefaultApplicationDescription.java
@@ -15,6 +15,7 @@
*/
package org.onosproject.app;
+import org.onosproject.core.ApplicationRole;
import org.onosproject.core.Permission;
import org.onosproject.core.Version;
@@ -36,6 +37,7 @@
private final Version version;
private final String description;
private final String origin;
+ private final ApplicationRole role;
private final Set<Permission> permissions;
private final Optional<URI> featuresRepo;
private final List<String> features;
@@ -47,18 +49,20 @@
* @param version application version
* @param description application description
* @param origin origin company
+ * @param role application role
* @param permissions requested permissions
* @param featuresRepo optional features repo URI
* @param features application features
*/
public DefaultApplicationDescription(String name, Version version,
String description, String origin,
- Set<Permission> permissions,
+ ApplicationRole role, Set<Permission> permissions,
URI featuresRepo, List<String> features) {
this.name = checkNotNull(name, "Name cannot be null");
this.version = checkNotNull(version, "Version cannot be null");
this.description = checkNotNull(description, "Description cannot be null");
this.origin = checkNotNull(origin, "Origin cannot be null");
+ this.role = checkNotNull(role, "Role cannot be null");
this.permissions = checkNotNull(permissions, "Permissions cannot be null");
this.featuresRepo = Optional.ofNullable(featuresRepo);
this.features = checkNotNull(features, "Features cannot be null");
@@ -86,6 +90,11 @@
}
@Override
+ public ApplicationRole role() {
+ return role;
+ }
+
+ @Override
public Set<Permission> permissions() {
return permissions;
}
@@ -107,6 +116,7 @@
.add("version", version)
.add("description", description)
.add("origin", origin)
+ .add("role", role)
.add("permissions", permissions)
.add("featuresRepo", featuresRepo)
.add("features", features)
diff --git a/core/api/src/main/java/org/onosproject/core/Application.java b/core/api/src/main/java/org/onosproject/core/Application.java
index da2be13..8cd063a 100644
--- a/core/api/src/main/java/org/onosproject/core/Application.java
+++ b/core/api/src/main/java/org/onosproject/core/Application.java
@@ -54,6 +54,13 @@
String origin();
/**
+ * Returns the role of the application.
+ *
+ * @return application role
+ */
+ ApplicationRole role();
+
+ /**
* Returns the permissions requested by the application.
*
* @return requested permissions
diff --git a/core/api/src/main/java/org/onosproject/core/ApplicationRole.java b/core/api/src/main/java/org/onosproject/core/ApplicationRole.java
new file mode 100644
index 0000000..71ae1e3
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/core/ApplicationRole.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.core;
+
+public enum ApplicationRole {
+ /**
+ * Indicates that an application has an ADMIN role.
+ */
+ ADMIN,
+
+ /**
+ * Indicates that an application has a REGULAR role.
+ */
+ REGULAR,
+
+ /**
+ * Indicates that an application role has not been specified.
+ */
+ UNSPECIFIED,
+
+ /**
+ * More useful roles may be defined.
+ */
+}
diff --git a/core/api/src/main/java/org/onosproject/core/DefaultApplication.java b/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
index b765e70..ab72c6f 100644
--- a/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
+++ b/core/api/src/main/java/org/onosproject/core/DefaultApplication.java
@@ -16,10 +16,10 @@
package org.onosproject.core;
import java.net.URI;
+import java.util.Set;
+import java.util.Optional;
import java.util.List;
import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
import static com.google.common.base.MoreObjects.toStringHelper;
import static com.google.common.base.Preconditions.checkArgument;
@@ -34,6 +34,7 @@
private final Version version;
private final String description;
private final String origin;
+ private final ApplicationRole role;
private final Set<Permission> permissions;
private final Optional<URI> featuresRepo;
private final List<String> features;
@@ -45,18 +46,20 @@
* @param version application version
* @param description application description
* @param origin origin company
+ * @param role application role
* @param permissions requested permissions
* @param featuresRepo optional features repo URI
* @param features application features
*/
public DefaultApplication(ApplicationId appId, Version version,
String description, String origin,
- Set<Permission> permissions,
+ ApplicationRole role, Set<Permission> permissions,
Optional<URI> featuresRepo, List<String> features) {
this.appId = checkNotNull(appId, "ID cannot be null");
this.version = checkNotNull(version, "Version cannot be null");
this.description = checkNotNull(description, "Description cannot be null");
this.origin = checkNotNull(origin, "Origin cannot be null");
+ this.role = checkNotNull(role, "Role cannot be null");
this.permissions = checkNotNull(permissions, "Permissions cannot be null");
this.featuresRepo = checkNotNull(featuresRepo, "Features repo cannot be null");
this.features = checkNotNull(features, "Features cannot be null");
@@ -84,6 +87,11 @@
}
@Override
+ public ApplicationRole role() {
+ return role;
+ }
+
+ @Override
public Set<Permission> permissions() {
return permissions;
}
@@ -100,7 +108,7 @@
@Override
public int hashCode() {
- return Objects.hash(appId, version, description, origin, permissions,
+ return Objects.hash(appId, version, description, origin, role, permissions,
featuresRepo, features);
}
@@ -117,6 +125,7 @@
Objects.equals(this.version, other.version) &&
Objects.equals(this.description, other.description) &&
Objects.equals(this.origin, other.origin) &&
+ Objects.equals(this.role, other.role) &&
Objects.equals(this.permissions, other.permissions) &&
Objects.equals(this.featuresRepo, other.featuresRepo) &&
Objects.equals(this.features, other.features);
@@ -129,6 +138,7 @@
.add("version", version)
.add("description", description)
.add("origin", origin)
+ .add("role", role)
.add("permissions", permissions)
.add("featuresRepo", featuresRepo)
.add("features", features)
diff --git a/core/api/src/main/java/org/onosproject/core/DefaultPermission.java b/core/api/src/main/java/org/onosproject/core/DefaultPermission.java
new file mode 100644
index 0000000..512aca3
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/core/DefaultPermission.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.core;
+
+import java.security.BasicPermission;
+
+/**
+ * Default implementation of ONOS application permissions for API-level access control.
+ */
+public class DefaultPermission extends BasicPermission implements Permission {
+
+ public enum Type {
+ APP_READ,
+ APP_EVENT,
+ CONFIG_READ,
+ CONFIG_WRITE,
+ CLUSTER_READ,
+ CLUSTER_WRITE,
+ CLUSTER_EVENT,
+ DEVICE_READ,
+ DEVICE_EVENT,
+ DRIVER_READ,
+ DRIVER_WRITE,
+ FLOWRULE_READ,
+ FLOWRULE_WRITE,
+ FLOWRULE_EVENT,
+ GROUP_READ,
+ GROUP_WRITE,
+ GROUP_EVENT,
+ HOST_READ,
+ HOST_WRITE,
+ HOST_EVENT,
+ INTENT_READ,
+ INTENT_WRITE,
+ INTENT_EVENT,
+ LINK_READ,
+ LINK_WRITE,
+ LINK_EVENT,
+ PACKET_READ,
+ PACKET_WRITE,
+ PACKET_EVENT,
+ STATISTIC_READ,
+ TOPOLOGY_READ,
+ TOPOLOGY_EVENT,
+ TUNNEL_READ,
+ TUNNEL_WRITE,
+ TUNNEL_EVENT,
+ STORAGE_WRITE
+ }
+
+ /**
+ * Creates a new DefaultPermission.
+ * @param name name of the permission
+ * @param actions optional action field
+ */
+ public DefaultPermission(String name, String actions) {
+ super(name, actions);
+ }
+
+ /**
+ * Creates a new DefaultPermission.
+ * @param name name of the permission
+ */
+ public DefaultPermission(String name) {
+ super(name, "");
+ }
+
+ public DefaultPermission(Type permtype) {
+ super(permtype.name(), "");
+ }
+
+ @Override
+ public String name() {
+ return super.getName();
+ }
+
+ @Override
+ public String actions() {
+ return super.getActions();
+ }
+}
diff --git a/core/api/src/main/java/org/onosproject/core/Permission.java b/core/api/src/main/java/org/onosproject/core/Permission.java
index d32d059..98ec6c7 100644
--- a/core/api/src/main/java/org/onosproject/core/Permission.java
+++ b/core/api/src/main/java/org/onosproject/core/Permission.java
@@ -19,5 +19,16 @@
* Representation of an application permission.
*/
public interface Permission {
- // TODO: to be fleshed out
+
+ /**
+ * Returns the name of the permission.
+ * @return a string value
+ */
+ String name();
+
+ /**
+ * Returns the actions string of the permission if specified.
+ * @return a string value
+ */
+ String actions();
}