Versions Compared

Old Version 2

changes.mady.by.user Dominic Lunanuova

Saved on

compared with

New Version Current

changes.mady.by.user Dominic Lunanuova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Provisioning for Message Router Clients

Topic Provisioning Sequence

The provisioning of Authenticated Topics and the subsequent publish/subscribe actions on that Authenticated Topic rely on the proper AAF Permissions to be granted to various Identities.

The following Identities are referenced:

  • IdentityMR - the AAF Identity used by Message Router to access AAF and perform authorization checks.
  • IdentityTopicMgr - the AAF Identity used by Bus Controller to access AAF and create Permissions and Roles, and grant those Permissions to Roles and Identities.
  • IdentityPub - the AAF Identity used by the publisher of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentityPub@NamespacePub
  • IdentitySub - the AAF Identity used by the subscriber of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentitySub@NamespaceSub

Pre-requisites:

  • Identities created in AAF
  • Credentials for Identities available in kubernetes values  (probably as Secrets)
  • IdentityTopicMgr has access permission granted for all Application Namespaces


Gliffy Diagram
namedgl2
pagePin3
https://wiki.onap.org/rest/gliffy/1.0/embeddedDiagrams/64ee086f-69ba-4400-be80-2e2de4543530.png?utm_medium=live&utm_source=confluence

Provisioning for Data Router Clients

...