As noted before, ONAP runs a AAF Test instance in WindRiver. This allows ONAP groups to create and test entities within their own Namespace while running on their own Development boxes.
Data Scope:
The data in this Environment should be treated as "initialization" data, as it is intended to be the essential set of Info for starting up an out-of-the-box ONAP Environment with AAF Identities and coordinated Roles, Permissions, etc.
The issue is, of course, that AAF's Permissions, Roles and Identities are intended to cross many boundaries. It is, however, not possible for any central team (at least without resources, funding, and large knowledge scope) to maintain full permission information about Apps and people. This is why AAF needs Data setup FOR the Organization in mind to be of any use.
ONAP's data is about the individual apps, which can change, but not much about the reality of who is actually running at the beginning. For example, NO ONAP developers or current ONAP leadership, developers or other are included, for instance, in the Identity Data. To emphasize that this is Data that is to be modified, it is named "Sample".
Sample Data:
All the Sample Data is found in the core AAF repository, called "authz". To obtain this Repo locally, see ONAP Git documentation, or simply, just pull locally with
git clone "https://gerrit.onap.org/r/aaf/authz"
NOTE: ALL DIRECTORIES REFERENCED IN THIS DOC WILL START FROM THE AUTHZ ROOT.
Identities:
Identities in any Organization will be hierarchical, and they are their own. AAF was designed in ways to allow companies to utilize their own way to dealing with Identities. Please start here (Philosophy of Identity).
ONAP Initial identities fictitiously a euphemistic hierarchy. Obviously, a real company would want to replace this with their own.
identity.dat
This file is store in the Repository (starting from authz, see above clone)
auth/sample/data/sample.identities.dat
When deployed, you will find the file "identities.dat" in docker directories "/opt/app/osaaf/data", and a configured Docker Volume of "config". (The Docker Volume keeps this file up persistently, whether Apps exist or not).
Before each AAF Docker component is launched, it is preceded by "aaf-config" init-container. The aaf-config init-container, among other things:
checks to see if the "identities.dat" file exists.
If not, it copies it from "/opt/app/aaf_config/data/sample.identities.dat" in the aaf-config Docker Image, and places it at /opt/app/osaaf/data/identities.dat, which is on the Persistent Docker Volume "config", as noted.
This ensures that identities.dat only starts new when it doesn't exist, and DOESN'T overwrite work that Companies may be doing.
* This "identities.dat" file is utilized exclusively by the "DefaultOrganization". Companies are welcome and encouraged, if they wish, to create their own "Plugin that implements the 'Organization' interface", and connects to their own data how they please.
** If this is too much work, they are free to update the "identities.dat" file from their own Organization information on a timely basis.
*** Companies should note that this mechanism was written for an ONAP member company with a nightly feed that included more than 1.3 million records. It does so very efficiently, without synchronizing data.
Relationship to various ONAP Test environments:
ONAP Test Environment typically start off from scratch. In some cases, every day. This validates that all ONAP could start, as a System, from scratch.