Plugin should not be responsible for existence of checking an API, this was wrong.
Throw exception boldly when checkAccess fails.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Fix method to return listApis per api name basis
- Return api response, api related cmd etc. as part of response
- Caching and processing all cmd, response classes when plugin starts, made class
list, maps static so they are shared by multiple instances in case, takes about
1306ms to do the processsing but only on load time
- Cache for first listApi() and return precached data thereon, takes 2.2ms
for first call, during runtime and 0ms thereon
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Fix StaticRoleBasedAPIAccessChecker to check api access based on roletype
- Remove properties file which is not needed now for api discovery plugin
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
In case of api discovery, it does not make sense to create a separate properties file
If this plugin is enabled in components.xml, a user should be able to discover
all the apis accessible to their role.
listApis based on role type of caller user
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Makes plugins self contained so they decide their properties file format
- PluggableService creates the contract that implementing entity will return a
properties map which is apiname:rolemask (both are strings)
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Remove usage and impl as adapter.
We have duplicate code that generates apiname:cmd class maps which is
unavoidable right now as:
- Plugin should not depend on ApiServer or any other component
- cloud-utils cannot depend on cloud-api for the APICommand annotation
- Use java reflect to create a static method in cloud-utils that does the job
would be unsafe.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
- Introduces api/discovery plugin that helps discover apis on the mgmt server
- It's a pluggable service, therefore has it's own api-discovery_commands.properties
where the discovery api, listApi can be blacklisted (by removing it), or it's
role mask can be changed
- By default its response has all the apis
- Changes in other parts of the code to make it work, viz. components.xml, pom.xml,
and in ApiServer where it is used as an adapter to get apiname, cmd mappings
The ApiDiscoveryService interface is a contract that the implementing class will
provide:
1. A means to get all the apis as a list of response, plugin is free to implement
the response class, as long as it extends on the BaseResponse:
ListResponse<? extends BaseResponse> listApis();
2. Provides a map of apiname as the key and cmd class as the value:
Map<String, Class<?>> getApiNameCmdClassMapping();
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Modify the spec file to package the agent files and the scripts
Some changes to the poms to put the java dependencies in the right place.
Move the agent script to the dedicated os dir in packaging.
Issue seen during system vm template upgrade and restoreVM command
scenarios for vmware. In these cases CS tries to recreate root disk with
same name as the existing one, in case of vmware this results in creation
of vmdk file with same name for both existing and new root volume.
This results in undesired behavior when storage cleanup thread tries to
cleanup old volume. Made the vmdk file name unique by adding the volume
id to it. This will ensure that during volume recreation in the scenarios
mentioned vmdk will get created with a new name and there will be
no undesired side effects of running the storage cleanup thread.
For LB device in inline mode, the ip deployer(the owner of public ip) is the
firewall in front of it, not itself. So check if it's inline or not, if it's
inline, return the firewall as ip deployer
Use SRX firewall filter as SRX firewall. The old security policy mechanism
cannot be used as IP based. This would enable SRX's ability to control traffic
for F5 behind it.
Change access to canHandle so it's easier to unittest.
Make a note that answers can be null if the host is down, there should
be a way to deal with this, but for now an NPE is an adequate indication
that something is wrong.
- Fix interface to return array of strings, or filenames
- Fix StaticRoleBased ACL adapter to process config files by going through all pluggable services
- Refactor interface names
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Automates name field filling using following python program which reads from
various *commands.properties.in files and populates name fields based on the
name cmd class mapping defined in them.
import os
search_pattern = "@APICommand("
pattern_len = len(search_pattern)
prop_files = [
"client/tomcatconf/cisconexusvsm_commands.properties.in",
"client/tomcatconf/f5bigip_commands.properties.in",
"client/tomcatconf/junipersrx_commands.properties.in",
"client/tomcatconf/netapp_commands.properties.in",
"client/tomcatconf/netscalerloadbalancer_commands.properties.in",
"client/tomcatconf/nicira-nvp_commands.properties.in",
"client/tomcatconf/simulator_commands.properties.in",]
file_prefixes = [
"plugins/hypervisors/vmware/src/",
"plugins/network-elements/f5/src/",
"plugins/network-elements/juniper-srx/src/",
"plugins/file-systems/netapp/src/",
"plugins/network-elements/netscaler/src/",
"plugins/network-elements/nicira-nvp/src/",
"plugins/hypervisors/simulator/src/",]
counter = 0
for prop_file in prop_files:
f = open(prop_file, 'r')
data = f.read()
f.close()
file_prefix = file_prefixes[counter]
apis = filter(lambda x: x.strip()!='' and (not x.startswith('#')), data.split('\n'))
for api in apis:
api_name = api.split('=')[0].strip()
cmd_name = file_prefix + api.split('=')[1].split(';')[0].replace('.', '/').strip() + ".java"
if not os.path.exists(cmd_name):
print cmd_name, api_name
f = open(cmd_name, 'r')
d = f.read()
f.close()
idx = d.find(search_pattern) + pattern_len
new_str = d[:idx] + "name = \"%s\", " % api_name + d[idx:]
f = open(cmd_name, 'w')
f.write(new_str)
f.close()
counter += 1
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Rohit Yadav
Min Chen
Prasanna Santhanam
Noa Resare
Hugo Trippaers
Murali Reddy
Koushik Das
Sheng Yang
Edison Su