Blame - cli/src/main/java/org/onosproject/cli/security/ReviewCommand.java - onos

blob: 00c54240b0ca99ebf1549260058b84ae70d81e2a [file] [log] [blame]

Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	1	/*
Brian O'Connor	a09fe5b	2017-08-03 21:12:30 -0700	[diff] [blame]	2	* Copyright 2015-present Open Networking Foundation
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	package org.onosproject.cli.security;
				18
Ray Milkey	d84f89b	2018-08-17 14:54:17 -0700	[diff] [blame]	19	import org.apache.karaf.shell.api.action.Argument;
				20	import org.apache.karaf.shell.api.action.Command;
Ray Milkey	0068fd0	2018-10-11 15:45:39 -0700	[diff] [blame^]	21	import org.apache.karaf.shell.api.action.Completion;
Ray Milkey	d84f89b	2018-08-17 14:54:17 -0700	[diff] [blame]	22	import org.apache.karaf.shell.api.action.lifecycle.Service;
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	23	import org.onosproject.app.ApplicationAdminService;
				24	import org.onosproject.cli.AbstractShellCommand;
				25	import org.onosproject.core.Application;
				26	import org.onosproject.core.ApplicationId;
				27	import org.onosproject.security.SecurityAdminService;
				28	import org.onosproject.security.SecurityUtil;
				29
				30	import java.security.Permission;
				31	import java.util.List;
				32	import java.util.Map;
				33
				34
				35	/**
				36	* Application security policy review commands.
				37	*/
Ray Milkey	d84f89b	2018-08-17 14:54:17 -0700	[diff] [blame]	38	@Service
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	39	@Command(scope = "onos", name = "review",
				40	description = "Application security policy review interface")
				41	public class ReviewCommand extends AbstractShellCommand {
				42
				43	@Argument(index = 0, name = "name", description = "Application name",
				44	required = true, multiValued = false)
Ray Milkey	0068fd0	2018-10-11 15:45:39 -0700	[diff] [blame^]	45	@Completion(ReviewApplicationNameCompleter.class)
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	46	String name = null;
				47
				48	@Argument(index = 1, name = "accept", description = "Option to accept policy",
				49	required = false, multiValued = false)
				50	String accept = null;
				51
				52	@Override
Ray Milkey	d84f89b	2018-08-17 14:54:17 -0700	[diff] [blame]	53	protected void doExecute() {
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	54	ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
				55	ApplicationId appId = applicationAdminService.getId(name);
				56	if (appId == null) {
				57	print("No such application: %s", name);
				58	return;
				59	}
				60	Application app = applicationAdminService.getApplication(appId);
				61	SecurityAdminService smService = SecurityUtil.getSecurityService();
				62	if (smService == null) {
				63	print("Security Mode is disabled");
				64	return;
				65	}
				66	if (accept == null) {
				67	smService.review(appId);
				68	printPolicy(smService, app);
Jon Hall	a3fcf67	2017-03-28 16:53:22 -0700	[diff] [blame]	69	} else if ("accept".equals(accept.trim())) {
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	70	smService.acceptPolicy(appId);
				71	printPolicy(smService, app);
				72	} else {
				73	print("Unknown command");
				74	}
				75	}
				76
				77	private void printPolicy(SecurityAdminService smService, Application app) {
				78	print("\n*******************************");
				79	print(" SM-ONOS APP REVIEW ");
				80	print("*******************************");
				81
				82	print("Application name: %s ", app.id().name());
				83	print("Application role: " + app.role());
				84	print("\nDeveloper specified permissions: ");
				85	printMap(smService.getPrintableSpecifiedPermissions(app.id()));
				86	print("\nPermissions granted: ");
				87	printMap(smService.getPrintableGrantedPermissions(app.id()));
				88	print("\nAdditional permissions requested on runtime (POLICY VIOLATIONS): ");
				89	printMap(smService.getPrintableRequestedPermissions(app.id()));
				90	print("");
				91
				92	}
				93	private void printMap(Map<Integer, List<Permission>> assortedMap) {
				94	for (Integer type : assortedMap.keySet()) {
				95	switch (type) {
				96	case 0:
				97	for (Permission perm: assortedMap.get(0)) {
				98	print("\t[APP PERMISSION] " + perm.getName());
				99	}
				100	break;
				101	case 1:
				102	for (Permission perm: assortedMap.get(1)) {
				103	print("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
				104	}
				105	break;
				106	case 2:
				107	for (Permission perm: assortedMap.get(2)) {
				108	print("\t[NB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
				109	}
				110	break;
				111	case 3:
				112	for (Permission perm: assortedMap.get(3)) {
				113	print("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
				114	}
				115	break;
				116	case 4:
				117	for (Permission perm: assortedMap.get(4)) {
				118	print("\t[Other] " + perm.getClass().getSimpleName() +
				119	" " + perm.getName() + " (" + perm.getActions() + ")");
				120	}
Ray Milkey	4fd3ceb	2015-12-10 14:43:08 -0800	[diff] [blame]	121	break;
Changhoon Yoon	b856b81	2015-08-10 03:47:19 +0900	[diff] [blame]	122	default:
				123	break;
				124	}
				125	}
				126	}
				127	}