[AAA-180] MDSAL-Based Dynamic Authorization no longer works Created: 07/Sep/18  Updated: 15/Feb/20  Resolved: 15/Feb/20

Status: Resolved
Project: aaa
Component/s: General
Affects Version/s: Oxygen
Fix Version/s: Magnesium, Sodium SR3

Type: Bug Priority: Medium
Reporter: Richard Kosegi Assignee: Venkatrangan Govindarajan
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Following scenario used to work fine in Oxygen-SR1 according to https://docs.opendaylight.org/en/stable-oxygen/user-guide/authentication-and-authorization-services.html#mdsal-based-dynamic-authorization :

1, create 2 users (user-ro, user-full)

2, create 2 roles (role-ro, role-full)

3, assign roles accordingly to users (role-ro => user-ro, role-full => user-full)

4, configure policy:

{{{}}
  "aaa:policies": {
    "aaa:policies": [
      {
        "aaa:resource": "/restconf/config/network-topology**",
        "aaa:permissions": [
          {
            "aaa:role": "role-full",
            "aaa:actions": [
              "get",
              "post",
              "put",
              "patch",
              "delete"
            ]
          },
          {
            "aaa:role": "role-ro",
            "aaa:actions": [
              "get"
            ]
{{          }}}
        ]
{{      }}}
    ]
{{  }}}
}

5, This used to return 401 in Oxygen-SR1, now it returns 200

curl -u user-ro:123456 -v -X DELETE http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology1
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8181 (#0)
* Server auth using Basic with user 'user-ro'
> DELETE /restconf/config/network-topology:network-topology/topology/topology1 HTTP/1.1
> Host: localhost:8181
> Authorization: Basic dXNlci1ybzoxMjM0NTY=
> User-Agent: curl/7.59.0
> Accept: /
{{> }}
< HTTP/1.1 200 OK
< Set-Cookie: JSESSIONID=bqj10ho2znkj1u3qh9fgph6m8;Path=/restconf
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: rememberMe=deleteMe; Path=/restconf; Max-Age=0; Expires=Thu, 06-Sep-2018 05:30:51 GMT
< Content-Length: 0
{{< }}
* Connection #0 to host localhost left intact


Generated at Wed Feb 07 19:08:51 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.