Versions Compared

Old Version 6

changes.mady.by.user Frank Sandoval

Saved on

compared with

New Version Current

changes.mady.by.user Frank Sandoval

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Pairwise testing is the process of validating the interconnections between OOF components and external dependencies in a lab environment. OOF supports functional testing in the form of simulations of some external dependencies, and PWT further validates the system with 'live' testing.

OOF-HAS → AAFAAF 

PWT of the Homing and Allocation Service (HAS) and the Application Authorization Service (AAF) is has been performed by executing HAS in a local environment (a Mac laptop) accessing test instance of AAF in the WindRiver lab. 

Debug statements in OOF provide the following messages during authentication

2018-10-27 09:43:08.552 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] Authenticating username:password admin1 : plan.15:
2018-10-27 09:43:08.552 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] Get permisions for user oof@oof.onap.org
2018-10-27 09:43:08.553 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] Call AAF: URL https://aaf-onap-test.osaaf.org:8100/authz/perms/user/oof@oof.onap.org
2018-10-27 09:43:11.680 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] Validate permisions: acquired permissions {"perm":[{"type":"org.onap.aai.resources","instance":"*","action":"delete"},{"type":"org.onap.aai.resources","instance":"*","action":"get"},{"type":"org.onap.aai.resources","instance":"*","action":"patch"},{"type":"org.onap.aai.resources","instance":"*","action":"post"},{"type":"org.onap.aai.resources","instance":"*","action":"put"},{"type":"org.onap.aai.traversal","instance":"*","action":"advanced"},{"type":"org.onap.oof.access","instance":"*","action":"*"}]}
2018-10-27 09:43:11.681 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] Validate permisions: allowed permissions ['{"type": "org.onap.oof.access","instance": "*","action": "*"}']
2018-10-27 09:43:51.896 706 INFO conductor.api.adapters.aaf.aaf_authentication [-] User has valid permissions

In this scenario, authentication has been invoked as the result of a request to create a plan, e.g.

    $ curl -X POST --user admin1:plan.15 -H 'Content-Type: application/json' -d @homing.json localhost:8091/v1/plans

The user admin1 has been associated with the AAF identify oof@oof.onap.org, and the permissions associated with that user as returned by AAF are compared to a set of permissions granting access to OOF resources. In this case, because of the pre-populated data in AAF, there is a match

AAF test instance

A test instance of AAF is running in the WindRiver lab. Access to the lab can be granted by contacting Stephen Gooch at stephen.gooch@windriver.com. Jonathan Gathman is a resource on the AAF team that may be of help with questions (jg1555@att.com).

...

2) HTTPS authentication with AAF is currently based on basic auth. There remain unsolved issues in connecting to AAF using certs.

3) Base AAF URL. The system is currently configured to access the test instance of AAF in the WindRiver lab. Deploying the system in OOM will presumably require a different base URL to be configuredOOM tests. OOF-AAF integration has been performed in the integration lab, see TBD