Versions Compared

Version Old Version 4 New Version Current
Changes made by

sunil unnava

Dominic Lunanuova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Repeat steps 2 and 3 as needed for different clients.  Note that many Identities can be added to a Role, and an Identity can be added to different Roles.  This allows us to design topic access granularity as needed.


AAF CLI Example:

> role create org.onap.dcae.pnfPublisher

Created Role

> role user add org.onap.dcae.pnfPublisher dcae@dcae.onap.org

Added User [dcae@dcae.onap.org] to Role [org.onap.dcae.pnfPublisher]

> role create org.onap.dcae.pnfSubscriber

Created Role

> role user add org.onap.dcae.pnfSubscriber dcae@dcae.onap.org

Added User [dcae@dcae.onap.org] to Role [org.onap.dcae.pnfSubscriber]

> perm list user dcae@dcae.onap.org

List Permissions by User[dcae@dcae.onap.org]
--------------------------------------------------------------------------------
PERM Type                      Instance                       Action    
--------------------------------------------------------------------------------
org.onap.aai.resources         *                              delete    
org.onap.aai.resources         *                              get       
org.onap.aai.resources         *                              patch     
org.onap.aai.resources         *                              post      
org.onap.aai.resources         *                              put       
org.onap.aai.traversal         *                              advanced  
org.onap.dcae.certman          local                          request,ignoreIPs,showpass 
   

Topic Provisioning

The Buscontroller API often refers to an attribute "dcaeLocation".   This is used to identity which Message Router instance is to be used by a particular client.  In ONAP Casablanca, there is only one Message Router instance, and in the AAF integration environment  it has the value "san-francisco".   This field and value is included in any topic provisioning request.

...

  1. the message body contains JSON.  A simple example to add a topic with 1 publisher (action:pub), and 1 subscriber (action:sub).  However, note that the Role of the publisher and subscriber are different in this example to show that it is normal for Message Router clients to have different heritage and function.:
    { 
     "topicName": "aSimpleTopicaPnfTopic-1540492548", 
     "topicDescription": "A simple topic to demonstrate provisioning", 
     "owner": "OnapDev", 
     "txenabled": false, 
     "clients": [{ 
                 "dcaeLocationName": "san-francisco", 
                 "clientRole": "org.onap.anappdcae.mrclientpnfPublisher", 
                 "action": [ 
                           "pub", 
                           "view" 
                           ] 
     
                 }, 
                 { 
                 "dcaeLocationName": "san-francisco", 
                 "clientRole": "org.onap.app2dcae.mrclientpnfSubscriber", 
                 "action": [ 
                           "sub", 
                           "view" 
                           ] 
                 }] 
    }
  2. POST to <Buscontroller HTTP Node Port>/webapi/topics
    1. Headers:
      Content-Type: application/json

...

  1. the FQTN to be referenced on Message Router.  Note that this value incorporates the topic namespace used in this deployment. 
    example: 
                  "fqtn": "org.onap.dmaap.mr.aSimpleTopicaPnfTopic-1540492548"
  2. the topicURL to be used by each client.  Again, except for the FQTN portion of the URL, these will look identical in this test environment, but would not necessarily be the same in an environment with multiple MR instances.
    example: 
                  "topicURL": "http://10.12.7.22:30227/events/org.onap.dmaap.mr.aSimpleTopicaPnfTopic-1540492548"

Confirm that Buscontroller provisioning was actually successful:

  1. Verify that the FQTN exists on Message Router.  Retrieve the list of topics on Message Router and confirm your topic is there.
    curl http://10.12.7.22:30227/topics  
  2. Use the AAF GUI to confirm that the Application Identity to be used by your client has the proper permissions.
    perm list user anapp@anapp.onap.org

    AAF CLI example:

    > perm list user dcae@dcae.onap.org

    List Permissions by User[dcae@dcae.onap.org]
    --------------------------------------------------------------------------------
    PERM Type                      Instance                       Action    
    --------------------------------------------------------------------------------
    org.onap.aai.resources         *                              delete    
    org.onap.aai.resources         *                              get       
    org.onap.aai.resources         *                              patch     
    org.onap.aai.resources         *                              post      
    org.onap.aai.resources         *                              put       
    org.onap.aai.traversal         *                              advanced  
    org.onap.dcae.certman          local                          request,ignoreIPs,showpass 
    org.onap.dmaap.mr.topic        :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 pub       
    org.onap.dmaap.mr.topic        :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 sub       
    org.onap.dmaap.mr.topic        :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 view     


Once the Topic is properly provisioned, Buscontroller is no longer needed - it is not part of the message delivery flow.

...

Note: If an application uses Kafka API, instead of the Message Router to interact with Kafka, add the following additional properties while creating a Producer or Consumer.

KeyValue
sasl.jaas.config org.apache.kafka.common.security.plain.PlainLoginModule required username='<<AAF app/user id>>' password='<<AAF password>>;
security.protocolSASL_PLAINTEXT
sasl.mechanismPLAIN

...