-
Story
-
Resolution: Done
-
Medium
-
None
-
None
-
None
Description:
Allow fine-grained control over which users can access which elements of the Inventory. Restrict access to AAI APIs for visibility and control over inventory data by groups who 'own' this data.
Create a minimal level of related information to enforce RBAC, to understand who should be allowed to change/update/delete the services instances or PNF objects.
e.g.
- PNF objects 'owned' by an infrastructure team (owning-entity : datacenter-team)
- 'Infrastructure' type services (i.e. underlay networking), designed and deployed by that same team, on those PNFs (owning-entity : datacenter-team)
- Services deployed by tenants of the data center, which requires configuration on those PNFs to be deployed (owning-entity : wireless-core-team)
- Updates of PNF objects, such as when doing OS upgrades, hardware replacements (Serial number updates), etc. should only be allowed by those which own those PNFs
Resource committed :
Neil (YoppWorks)
Integration Owner :
Olivier(Bell)
1.
|
[AAI-RESOURCES] - Add keycloak integration |
|
Closed | rodrig0-lima |
2.
|
Add application.properties to helm chart for resources |
|
Closed | yoonsoonjahng |
3.
|
[AAI-COMMON] - Add side effect to check owning entity |
|
Closed | rodrig0-lima |
4.
|
Pass roles to HttpEntry |
|
Closed | neil.derraugh |
5.
|
[AAI-COMMON] - Add ownercheck side effect to enrichData method in dbserializer |
|
Closed | rodrig0-lima |
6.
|
[AAI-RESOURCES] - use data-owner attribute instead of Owning entity for owner check |
|
Closed | mhosnidokht |
7.
|
[AAI-SCHEMA] Add ownerCheck property in v22 schema |
|
Closed | ericsantos |
8.
|
Unit test for ownerCheck |
|
Closed | ericsantos |
9.
|
[AAI-RESOURCES] - Release 1.8 |
|
Closed | ericsantos |
10.
|
[AAI-OOM] add multi.tenancy.enabled flag to keycloak properties file |
|
Closed | ericsantos |
11.
|
[AAI-RESOURCES] Pass roles at delete method |
|
Closed | ericsantos |
12.
|
Multi-tenancy documentation |
|
Closed | sam.huang |