Multi-tenancy needs authentication and authorization. Keycloack serves these two features.
In order to provide multi-tenancy of A&AI, A&AI can leverage Springboot security feature to interact with Keycloak. This document explains how to set up Keycloak and A&AI to provide essential authentication and authorization services for multi-tenancy
...
You can set up a new realm through the admin console or simply import realm json file.
Here's a sample realm file
View file | ||||
---|---|---|---|---|
|
2. Create a client
The client is an entity requesting a credential from a Keycloak. Click the Clients menu
...
Once Settings page, change Access type to confidential, service account, Authorization to on, and leave the default values as they are.
click save.
3. Create a client role
Select Roles tab
Click the Add Role button and create user and admin roles
4. Create a realm role
...
Realm roles and client roles are different but there are associations.
Once you finished adding role, click app-admin role
Select a client for auth-demo-app that we just created above.
Associate realm roles to corresponding clients roles
...
Now, create a user employee and grant app-user roles
Set Temporary button off because we like to use a permanent password.
Set a password then click Set Password button
aai-resource setup
...
kubectl rollout restart deployments/dev-aai-resources -n onap
...
Test Multi-tenancy Locally
In order to test multi-tenancy locally, you need to run aai-resource as a single instance on your laptop, you need two and aai-traversal locally, along with Keycloak and Cassandra, following steps below:
Setup Keycloak and Cassandra by downloading a configuration zip file attached and run
Code Block docker-compose up
- Clone required repositories, aai-common,
...
- aai-resource and aai-traversal.
Install aai-common with
Code Block mvn clean install -DskipTests=true
...
- Modify application.properties file under
...
- resources/aai-resources/src/main/resources directory.
...
# Switch to keycloak
spring.profiles.active=production,
...
keycloak
- Modify application.properties file under traversal/aai-traversal/src/main/resources directory.
# Switch to keycloak
spring.profiles.active=production, keycloak
...
Run resources and traversal with the commands below:
Code Block cd aai-resources mvn -N -P runAjsc -Dserver.local.startpath=
...
src/main/resources/
...
cd aai-traversal mvn -N -P runAjsc -Dserver.local.startpath=src/main/resources/
...
Demo
View file | ||||
---|---|---|---|---|
|
Running test suites
The test suites has the following sequences
...