...
namespace:
org.onap.oof
users:
roles:
org.onap.admin
org.onap.oof.owner
...
Once VPN access is established, the following curl command will provide the associated response:
$ curl -u aaf_admin@people.osaaf.org:demo123456! --cacert AAF_RootCA.cer <username>:<password> --header "Accept: application/Perms+json;q=1.0;charset=utf-8;version=2.1,application/json;q=1.0;version=2.1,*/*;q=1.0" https://aaf-onap-test.osaaf.org:8100/authz/perms/org.onap.oof.accessorg
{"perm" : [
{
"typeaction" : "org.onap.oof.access*",
"instance" : "*",
"actiontype" : "* ","roles":["org.onap.oof|admin.access"
}],"description":"AAF Namespace Write Access"},{"type":"}
TBD:
1) This framework allows us to define multiple users (identities), each with separate sets of permissions, such that different HAS clients could be granted different access to HAS API resources. At this point, only one user, identified by conductor_api username and password and associated with AAF user org.onap.oof.access","instance":"*","action":"read","roles":["org.onap.oof|owner"],"description":"AAF Namespace Read Access"}]}
TBD:
...
org, is supported. Authentication logic could be extended to support additional users, but a model for mapping credentials to users must be defined.
2) HTTPS authentication with AAF is currently based on basic auth. There remain unsolved issues in connecting to AAF using certs.
3) Base AAF URL. The system is currently configured to access the test instance of AAF in the WindRiver lab. Deploying the system in OOM will presumably require a different base URL to be configured
...