...
Provisioning for Message Router Clients
The provisioning of Authenticated Topics and the subsequent publish/subscribe actions on that Authenticated Topic rely on the proper AAF Permissions to be granted to various Identities.
The following Identities are referenced:
- IdentityMR - the AAF Identity used by Message Router to access AAF and perform authorization checks.
- IdentityTopicMgr - the AAF Identity used by Bus Controller to access AAF and create Permissions and Roles, and grant those Permissions to Roles and Identities.
- IdentityPub - the AAF Identity used by the publisher of the Topic when accessing the MR API. The fully qualified Identity typically belongs to a namespace related to the application. i.e. IdentityPub@NamespacePub
- IdentitySub - the AAF Identity used by the subscriber of the Topic when accessing the MR API. The fully qualified Identity typically belongs to a namespace related to the application. i.e. IdentitySub@NamespaceSub
Pre-requisites:
- Identities created in AAF
- Credentials for Identities available in kubernetes values (probably as Secrets)
- IdentityTopicMgr has access permission granted for all Application Namespaces
| Gliffy Diagram | ||||
|---|---|---|---|---|
|
Provisioning for Data Router Clients
...