...
Provisioning for Message Router Clients
The provisioning of Authenticated Topics and the subsequent publish/subscribe actions on that Authenticated Topic rely on the proper AAF Permissions to be granted to various Identities.
The following Identities are referenced:
IdentityMR - the AAF Identity used by Message Router to access AAF and perform authorization checks.
IdentityTopicMgr - the AAF Identity used by Bus Controller to access AAF and create Permissions and Roles, and grant those Permissions to Roles and Identities.
IdentityPub - the AAF Identity used by the publisher of the Topic when accessing the MR API. The fully qualified Identity typically belongs to a namespace related to the application. i.e. IdentityPub@NamespacePub
IdentitySub - the AAF Identity used by the subscriber of the Topic when accessing the MR API. The fully qualified Identity typically belongs to a namespace related to the application. i.e. IdentitySub@NamespaceSub
Pre-requisites:
- Identities created in AAF
- Credentials for Identities available in kubernetes values (probably as Secrets)
- IdentityTopicMgr has access permission granted for all Application Namespaces
Gliffy | ||||
---|---|---|---|---|
|
Provisioning for Data Router Clients
...