Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Multi-tenancy needs authentication and authorization. Keycloack serves these two features.
In order to provide multi-tenancy of A&AI, A&AI can leverage Springboot security feature to interact with Keycloak. This document explains how to set up Keycloak and A&AI to provide essential authentication and authorization services for multi-tenancy

...

You can set up a new realm through the admin console or simply import realm json file.
Here's a sample realm file


View file
nameaai-resources-realm.json
height150

Image Added

2. Create a client

The client is an entity requesting a credential from a Keycloak. Click the Clients menu

...

Once Settings page, change Access type to confidential, service account, Authorization to on, and leave the default values as they are.

click save.

Image Added

Image Added

3. Create a client role

Select Roles tab

Image Added

Click the Add Role button and create user and admin roles

Image Added

4. Create a realm role

...

Realm roles and client roles are different but there are associations.

Image Added

Once you finished adding role, click app-admin role

Image Added

Select a client for auth-demo-app that we just created above.

Image Added

Associate realm roles to corresponding clients roles

...

Now, create a user employee and grant app-user roles

Image Added

Set Temporary button off because we like to use a permanent password.

Set a password then click Set Password button

Image Added

aai-resource setup

...

kubectl rollout restart deployments/dev-aai-resources -n onap

...


Test Multi-tenancy Locally

In order to test multi-tenancy locally, you need to run aai-resource as a single instance on your laptop, you need two and aai-traversal locally, along with Keycloak and Cassandra, following steps below:

...

...


  • Modify application.properties file under

...

  • resources/aai-resources/src/main/resources directory.

...

  • # Switch to keycloak
    spring.profiles.active=production,

...

  •  keycloak

  • Modify application.properties file under traversal/aai-traversal/src/main/resources directory.
    # Switch to keycloak
    spring.profiles.active=production, keycloak

...

  • Run resources and traversal with the commands below:  

    Code Block
    cd aai-resources 
    mvn -N -P runAjsc -Dserver.local.startpath=

...

  • src/main/resources/

...

  •  
    
    
    cd aai-traversal 
    mvn -N -P runAjsc -Dserver.local.startpath=src/main/resources/

...



Demo

View file
namedemo-locally.mp4
height250

Running test suites

The test suites has the following sequences

...