Versions Compared

Old Version 3

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version Current

changes.mady.by.user Stephen Terrill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

PAGE STATUS: UNDER CONSTRUCTION

STATUS: Project Approved (next step is Architecture ApprovalDraft (seeking PTL approval)

AAF (Application Authorization Framework):

...

draw.io Diagram
bordertrue
viewerToolbartrue
fitWindowfalse
diagramNameCLAMP AAF System Context View
simpleViewerfalse
width
diagramWidth624754
revision13


AAF (Application Authentication Framework) provides the services for authentication, authorization and certificate management for the ONAP componentsThe CLAMP functional entity provides the capability to manage runtime control loops.  It provides the services to the capability to

  • Create control loop from DCAE blueprint sent by SDC
  • Create configuration policy from the policy Tosca sent by SDC
  •  Configure DCAE applications of the control loop
  • Associate µService configuration policies to the DCAE application
  • Configure the operations to be taken by the control loop (by creating/updating/deleting operational policies)
  • Deploy/un-deploy control loop flow (blueprints) to DCAE
  • Control loop visualization. 

...

ONAP components to manage the lifecycle of authentication and authorization elements such as Permissions, Roles and Credentials.  It supports:

  • Manage authentication and authorization elements such as: Perminssions, Roles, Credentials
  • Access to organizational entities
  • Manage the lifecycle of passwords and certificates
  • Access to external credential authoriites (e.g. CA)
  • Autogenerate ONAP certificates

2. API definitions

CLAMP provides AAF provides the following interfaces:

Interface NameInterface Definition Interface Capabilities
CLAMPE
VersionStatusConsumed Models
AAFE-1
Control Loop Lifecycle
Application Authorization Framework Management Interface
  A user interface for:
  • Selecting the control loop flow
  • Entering configuration policy parameters
  • Entering operational policy parameters
  • Managing life cycle of DCAE control flow blueprint 
    • to be filled in



    AAFE-2Application Authorization Framework Authentication and Authorization Interface

     An interface for the ONAP components to:

    • to be filled in
    CLAMPE-2Control loop dashboard.  User interface to show the overall status of the control loop through DMAAP events

     Display and update:

    Events received and actions taken on the control loop
    • .



    Note:   xxxI interface is a Component internal interface.  xxxxE interface is a component external interface

    The current API documents can be found at:

    CLAMP consumes the following AAF Consumes no Interfaces:

    Interface NamePurpose Reason For Use
    SDCE-6To receive the Control Loop Blueprint from SDCTo receive
    PolicyE-2To create and configure the closed Loop Operational Policies and Configuration policies(DCAE Aps. Config.)
    DCAEE-x Retrieve DCAE appplication status
    DCAEE-y Deploy/remove DCAE application. 
    AAFE-3: AAF External Credential InterfaceAn interface to retrieve and authenticate using credentials from a credential supplier external to ONAP.

    The current API documents can be found at:

    • AAFE-1 (to be added)

    • AAFE2 (to be added)
    • AAFE3 (to be added)

    3. Component Description:

    A more detailed figure and description of the component.

    << For later inclusion >>Link to read the docs



    4. known system limitations: (IN PROGRESS)

    Runtime: None

    Clamp data redundancy is dependent on Kubernetes and the persistent volume.

    Clamp application redundancy HA relies on Kubernetes


    5. Used Models

    ...

    :

    ...

    • Service model (received from SDC)
    • VNF model (received from SDC)
    • Policy Model.

    (N/A)


    6. System Deployment Architecture

    ...

    AAF consists of x containers:

    • CLAMP container
    • MariaDB container
    • Kibana container
    • E_Search container
    • LogStash container 

    :

    FFS draw.io DiagrambordertrueviewerToolbartruefitWindowfalsediagramNameCLAMP runtime architectruesimpleViewerfalsediagramWidth821revision1


    7. New Capabilities in this Release

    This release, AAF adds the following Capabilities:

    • AAF Locator differentiates public Fully Qualified Domain Name (FQDN) from Kubernetes FQDN

      • Internal Kubernetes FQDN generated when client declares its Container Namespace
      • Public FQDN are accessible for both:
        • GUIs/Management outside Cluster
        • Non-ONAP entities outside the Cluster
        • Other Clusters
    • Improved documentation and enhanced configuration
      • Example "Helm" init containers to setup Volumes
    • Refactored maintenance processes online for Open Source (meaning non company specific), including
      • Analysis of expiring Creds and Roles
      • Generation of Approval records
      • Notification of Approvals, Creds and Roles in an external company configurable way.


    8. References

    1.  AAF Overview & User Guide: https://onap.readthedocs.io/en/latest/submodules/clampaaf/authz.git/docs/index.html AAF internal interfaces:  https://onap.readthedocs.io/en/latest/_downloads/d3c9f924c6586fe411d40a05ad9b1bb7/swagger.pdf