Contents
Features
Fourth simultaneous release of AAA.
- Shiro Integration
- LDAP Integration
- RBAC Integration
- idmtool integration for AAA Identity Management Manipulation
- Experimental MD-SAL implementation
New Features
- odl-aaa-shiro
- odl-aaa-authn-mdsal-cluster [EXPERIMENTAL]
Non-Code Aspects (user docs, examples, tutorials, articles)
Added a "Tutorials & Examples" section to the wiki. New and updated content:
- How to disable AAA
- Connecting to IdmLight with psql
- Change account passwords
- Authorization Hello World Example
- WIP Apache Shiro Migration
- Source IP Based Authorization
- Getting Started
Also, completely reworked the user facing documentation which is under review: https://git.opendaylight.org/gerrit/#/c/34264/
Architectural Issues
odl-aaa-mdsal-cluster and odl-aaa-authz are purely experimental. They are not turned on by default!
Security Considerations
Security was greatly improved in 4 respects:
- Shiro code was used to replace a lot of untested home-grown code
- LDAP support was added to completely externalize IdM if desired
- passwords are encrypted with SHA256 + salt
- Enhanced and improved logging of user requests was added
AAA still isn't perfect, but made HUGE strides forward.
Quality Assurance (test coverage, etc)
- The code is covered by unit tests
Beryllium release marks 34% of unit tests Coverage, up from 21% in Lithium.
- Currently failing integration tests should be fixed soon; schema change caused many things to fail.
End-of-life (API/Features EOLed in Release)
All deprecated classes and methods have been marked with @Deprecated annotation. These include:
- VersionHandler.java
Bugzilla (summary of bug situation)
[1] Only major or greater bug is really a known enhancement request targeted at Boron.
Standards
N/A
Schedule (initial schedule and changes over the release cycle)
Issues came up with loading MD-SAL based cluster store through the configuration subsystem, which caused us to mark this as an experimental feature. Those issues are well known, and a workaround may exist but wasn't tried due to drained resources. Fixing this functionality is targeted for the Boron release.
AAA had some changes in contriubtorship; we dealt with losing 4 contributors and a PTL change mid release. I believe the remaining members made up for this, and did a great job delivering on the release. This was all possible by great teamwork and community sponsorship.