https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/AAA-205 aaa <p>aaa-shiro is a monolithic block of a container. It should be split up into multiple OSGi DS components.</p> AAA-205

Eliminate blueprint from aaa-shiro

Task Medium Confirmed Unresolved Unassigned Robert Varga Tue, 3 Nov 2020 21:31:02 +0000 Sun, 28 Jan 2024 12:07:37 +0000 0.20.0 0.19.2 General 0 3 <p>There are two remaining components here:</p> <ol> <li>aaa-datastore-config.xml things, which specify how the datastore should be set up. There are two parts to this: <ol> <li>The fact we should use H2Datastore. This feels like we should just use whatever advertizes itself as IIDMStore, though.</li> <li>The lifecycle policy, time-to-live and time-to-wait, which feels like something common to all uses of IIDMStore</li> </ol> </li> <li>aaa-app-config.xml things, which relate to the actual policy. There are mutliple parts to this: <ol> <li>ldapRealm configuration, commented out by default</li> <li><font color="#000000">ODLActiveDirectoryRealm, commented out</font></li> <li><font color="#000000">jdbcRealm, commented out</font></li> <li><font color="#000000">mdsalRealm, commented out</font></li> <li><font color="#000000">moonAuthRealm, commented out</font></li> <li><font color="#000000">keystoneAuthRelam, commented out</font></li> <li><font color="#000000">tokenAuthRealm, active by default, and the only one referenced</font></li> <li><font color="#000000">url policy, which has four parts:</font> <ol> <li><font color="#000000">global policy, as expressed by /**</font></li> <li><font color="#000000">(what I suspect is) neutron access policy, as expressed by /**<b>/v1/</b>**</font></li> <li><font color="#000000">AAA configuration policy, as expressed by /**<b>/config/aaa/</b>**. This I suspect is meant to cover RESTCONF modification of AAA configuration – and that is broken by RFC8040 URL format <img class="emoticon" src="https://jira.opendaylight.org/images/icons/emoticons/warning.png" height="16" width="16" align="absmiddle" alt="" border="0"/> for a looooong time</font></li> <li><font color="#000000">Access to controller's sal-cluster-admin, as expressed by /**<b>/operations/cluster-admin</b>**. This also is tightly bound to how RESTCONF URLs work</font></li> </ol> </li> </ol> </li> </ol> <p><font color="#000000">This points out at least 10 more subtasks to deal with the individual cases.</font></p> <p><font color="#000000">The 1.* cases seem like an easy first pick.</font></p> <p><font color="#000000">The 2.* cases really feel like a missing modeling indirection. While the versatility of aaa-app-config:string-pair is awesome for expressing any Shiro configuration the tie-in to what the OpenDaylight components provide/require is lackluster at best. The realms seam to be easy (pending further analysis), but the URL policy part should really follow <a href="https://enroute.osgi.org/FAQ/400-patterns.html#whiteboard-pattern" class="external-link" target="_blank" rel="nofollow noopener">the whiteboard pattern</a>, which needs to be reflect in code – they clearly are things that plug into AAA.</font></p> Relates AAA-206 AAA-207 AAA-209 AAA-210 AAA-251 Development Epic Link AAA-202 Rank 0|i03vw7: