...
Repeat steps 2 and 3 as needed for different clients. Note that many Identities can be added to a Role, and an Identity can be added to different Roles. This allows us to design topic access granularity as needed.
AAF CLI Example:
> role create org.onap.dcae.pnfPublisher
Created Role> role user add org.onap.dcae.pnfPublisher dcae@dcae.onap.org
Added User [dcae@dcae.onap.org] to Role [org.onap.dcae.pnfPublisher]> role create org.onap.dcae.pnfSubscriber
Created Role> role user add org.onap.dcae.pnfSubscriber dcae@dcae.onap.org
Added User [dcae@dcae.onap.org] to Role [org.onap.dcae.pnfSubscriber]> perm list user dcae@dcae.onap.org
List Permissions by User[dcae@dcae.onap.org]--------------------------------------------------------------------------------PERM Type Instance Action--------------------------------------------------------------------------------org.onap.aai.resources * deleteorg.onap.aai.resources * getorg.onap.aai.resources * patchorg.onap.aai.resources * postorg.onap.aai.resources * putorg.onap.aai.traversal * advancedorg.onap.dcae.certman local request,ignoreIPs,showpass
Topic Provisioning
The Buscontroller API often refers to an attribute "dcaeLocation". This is used to identity which Message Router instance is to be used by a particular client. In ONAP Casablanca, there is only one Message Router instance, and in the AAF integration environment it has the value "san-francisco". This field and value is included in any topic provisioning request.
...
- the message body contains JSON. A simple example to add a topic with 1 publisher (action:pub), and 1 subscriber (action:sub). However, note that the Role of the publisher and subscriber are different in this example to show that it is normal for Message Router clients to have different heritage and function.:
{
"topicName": "aSimpleTopicaPnfTopic-1540492548","topicDescription": "A simple topic to demonstrate provisioning",
"owner": "OnapDev",
"txenabled": false,
"clients": [{
"dcaeLocationName": "san-francisco",
"clientRole": "org.onap.anappdcae.mrclientpnfPublisher",
"action": [
"pub",
"view"
]
},{
"dcaeLocationName": "san-francisco",
"clientRole": "org.onap.app2dcae.mrclientpnfSubscriber",
"action": [
"sub",
"view"
]
}]
} - POST to <Buscontroller HTTP Node Port>/webapi/topics
- Headers:
Content-Type: application/json
- Headers:
...
Confirm that Buscontroller provisioning was actually successful:
- Verify that the FQTN exists on Message Router. Retrieve the list of topics on Message Router and confirm your topic is there.
curl http://10.12.7.22:30227/topics- Use the AAF GUI to confirm that the Application Identity to be used by your client has the proper permissions.
perm list user anapp@anapp.onap.org
AAF CLI example:> perm list user dcae@dcae.onap.org
List Permissions by User[dcae@dcae.onap.org]--------------------------------------------------------------------------------PERM Type Instance Action--------------------------------------------------------------------------------org.onap.aai.resources * deleteorg.onap.aai.resources * getorg.onap.aai.resources * patchorg.onap.aai.resources * postorg.onap.aai.resources * putorg.onap.aai.traversal * advancedorg.onap.dcae.certman local request,ignoreIPs,showpassorg.onap.dmaap.mr.topic :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 puborg.onap.dmaap.mr.topic :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 suborg.onap.dmaap.mr.topic :topic.org.onap.dmaap.mr.aPnfTopic-1540492548 view
Once the Topic is properly provisioned, Buscontroller is no longer needed - it is not part of the message delivery flow.
...
Note: If an application uses Kafka API, instead of the Message Router to interact with Kafka, add the following additional properties while creating a Producer or Consumer.
| Key | Value |
|---|---|
| sasl.jaas.config | org.apache.kafka.common.security.plain.PlainLoginModule required username='<<AAF app/user id>>' password='<<AAF password>>; |
| security.protocol | SASL_PLAINTEXT |
| sasl.mechanism | PLAIN |
...