[NETCONF-941] Separate root resource discovery Created: 08/Jan/23  Updated: 29/May/23

Status: Confirmed
Project: netconf
Component/s: restconf-nb
Affects Version/s: None
Fix Version/s: 7.0.0

Type: Improvement Priority: Medium
Reporter: Robert Varga Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Our current implementation takes over the entire /.well-known namespace. This leads bad interaction with other HTTP endpoints discovery, as we end up leaking auth requirement. This is evidenced by:

opendaylight-user@root>web:context-list

Bundle ID │ Symbolic Name                                 │ Context Path │ Context Name      │ Rank │ Service ID │ Type        │ Scope     │ Registration Properties
──────────┼───────────────────────────────────────────────┼──────────────┼───────────────────┼──────┼────────────┼─────────────┼───────────┼───────────────────────────────────────────────────────────
164       │ org.jolokia.osgi                              │ /            │ context:534196305 │ MAX  │ 0          │ HttpService │ static*   │ httpContext.id=context:534196305
          │                                               │              │                   │      │            │             │           │ httpContext.path=/
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.httpservice=context:534196305
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.path=/
312       │ org.ops4j.pax.web.pax-web-extender-whiteboard │ /            │ default           │ 0    │ 0          │ Whiteboard  │ static*   │ osgi.http.whiteboard.context.name=default
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.path=/
256       │ org.opendaylight.netconf.restconf-nb          │ /.well-known │ /.well-known.id   │ 0    │ 286        │ Whiteboard  │ singleton │ osgi.http.whiteboard.context.name=/.well-known.id
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.path=/.well-known
342       │ org.opendaylight.netconf.sal-rest-docgen      │ /apidoc      │ /apidoc.id        │ 0    │ 291        │ Whiteboard  │ singleton │ osgi.http.whiteboard.context.name=/apidoc.id
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.path=/apidoc
174       │ org.opendaylight.aaa.shiro                    │ /auth        │ /auth.id          │ 0    │ 270        │ Whiteboard  │ singleton │ osgi.http.whiteboard.context.name=/auth.id
          │                                               │              │                   │      │            │             │           │ osgi.http.whiteboard.context.path=/auth
256       │ org.opendaylight.netconf.restconf-nb          │ /rests       │ /rests.id         │ 0    │ 279        │ Whiteboard  │ singleton │ osgi.http.whiteboard.context.name=/rests.id

This has interplay with other protocols, for example OpenAPI. As such we should only be contributing to resource discovery resources and not place auth requirements – those should be set by default handler policy, really.

Separate out the two resources we provide (/.well-known/host-meta and /.well-known/host-meta.json) and disable authentication on them.

 Comments   
Comment by Robert Varga [ 11/Jan/23 ]

This needs a bit more thought, as we perhaps want to create a complete framework for plugging these in.

Generated at Wed Feb 07 20:16:17 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.