You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »


Pairwise testing is the process of validating the interconnections between OOF components and external dependencies in a lab environment. OOF supports functional testing in the form of simulations of some external dependencies, and PWT further validates the system with 'live' testing.

OOF-HAS → AAF

PWT of the Homing and Allocation Service (HAS) and the Application Authorization Service is has been performed by executing HAS in a local environment (a Mac laptop) accessing test instance of AAF in the WindRiver lab. 

AAF test instance

A test instance of AAF is running in the WindRiver lab. Access to the lab can be granted by contacting Stephen Gooch at stephen.gooch@windriver.com. Jonathan Gathman is a resource on the AAF team that may be of help with questions (jg1555@att.com).

See here Integration / Developer Lab Access for more detail

The AAF instance is populated with a number of objects. Those relevant for HAS PWT are:

namespace:

    org.onap.oof

users:

    oof@oof.onap.org

roles:

    org.onap.admin

    org.onap.oof.owner

    org.onap.oof.service

permissions:

    org.onap.oof.access|*|*

    org.onap.oof.access|*|read

    org.onap.oof.certman|local|request, ignoreIPs, showpass

Once VPN access is established, the following curl command will provide the associated response:

$ curl -u <username>:<password> --header "Accept: application/Perms+json;q=1.0;charset=utf-8;version=2.1,application/json;q=1.0;version=2.1,*/*;q=1.0" https://aaf-onap-test.osaaf.org:8100/authz/perms/org.onap.oof.org

{"perm" : [
{
    "action" : "*",
    "instance" : "*",
    "type" : "org.onap.oof.access"
}]}

TBD:

1) This framework allows us to define multiple users (identities), each with separate sets of permissions, such that different HAS clients could be granted different access to HAS API resources. At this point, only one user, identified by conductor_api username and password and associated with AAF user org.onap.oof.org, is supported. Authentication logic could be extended to support additional users, but a model for mapping credentials to users must be defined.

2) HTTPS authentication with AAF is currently based on basic auth. There remain unsolved issues in connecting to AAF using certs.

3) Base AAF URL. The system is currently configured to access the test instance of AAF in the WindRiver lab. Deploying the system in OOM will presumably require a different base URL to be configured



  • No labels