-
Epic
-
Resolution: Won't Do
-
Medium
-
None
-
POMBA refactor to use new AAI enablement of AAF
Jimmy,
In regards to the our PTL meet this morning and the mails to all the PTLs where their pods do calls to AAI – could you add
POMBA/Logging to the private email list around pomba@pomba.onap.org roles and forward us the mail. We can then implement or be ready for the changes you detailed this morning.
Code for AAI calls from POMBA are in https://git.onap.org/logging-analytics/pomba/pomba-aai-context-builder/tree/
Specifically https://git.onap.org/logging-analytics/pomba/pomba-aai-context-builder/tree/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java#n87
Calls like https://git.onap.org/logging-analytics/pomba/pomba-aai-context-builder/tree/src/main/java/org/onap/pomba/contextbuilder/aai/util/RestUtil.java#n209
“I have reached out directly to the PTLs of the major clients of AAI about this upcoming change in usernames and passwords, so they should be covered (robot, so, sdnc, dcae, policy, sdc, vid, appc, and oof). “ – add portal
We have the onap-discuss mail mentioned at 25:20
https://lists.onap.org/g/onap-discuss/message/12466?p=,,,20,0,0,0::relevance,,new+authentication,20,2,0,25742174
From the PTL meet…..from Jimmy and Pamela….
“Credentials are stored in AAI now.
Convert prior to AAF enablement – ETA not sure yet – depending on how teams convert until this Friday.
Leaving old style creds – the logins won’t work after the AAF cutover”
Roles like: pomba@pomba.onap.org
Thank you
/michael
Team,
I forgot there is also a recording you can reference – the discussion is around – 21:44 to 24:30
Onap-discuss mail at 25:20
https://wiki.onap.org/display/DW/PTL+2018-09-24
zoom
https://wiki.onap.org/download/attachments/38115536/ptl-2018-09-24.mp4?api=v2
thank you
/michael
Here is the proposed agenda wiki for the Monday 6am PDT PTL meeting:
Feel free to add any other items you may have at https://wiki.onap.org/display/DW/PTL+2018-09-24
From: onap-discuss@lists.onap.org onap-discuss@lists.onap.org
On Behalf Of Jimmy Forsyth
Sent: Tuesday, September 18, 2018 10:44 AM
To: onap-discuss@lists.onap.org
Subject: [onap-discuss] New authentication and authorization in Casablanca for #aai
Dear AAI Clients,
AAI is still using HTTPS basic authentication in Casablanca but since we are integrating with AAF we cannot continue to use the existing usernames and passwords since all the ones we created in the demo in Amsterdam are against AAF standards – therefore, I cannot port into AAF the existing credentials that have been used to talk to AAI.
I have reached out directly to the PTLs of the major clients of AAI about this upcoming change in usernames and passwords, so they should be covered (robot, so, sdnc, dcae, policy, sdc, vid, appc, and oof).
I have two open commits for both HEAT and OOM environments so that your teams will be able to transition to the new usernames/passwords before we move to AAF, which will allow us to turn on the AAF enforcement without a flash cut and hopefully without any interruptions for those clients who have taken the step of converting to the new credentials.
For the rest of you who may be piggy-backing off these legacy credentials and your project is not listed above, the credential you have been using will stop working once AAI has enabled Authentication and Authorization with AAF. Let me say that again: the usernames and passwords that you have been using will stop working once we enable AAF in AAI – we were hoping to get there by M4 but we are unlikely to reach that goal so it will be implemented shortly after M4.
Each system should be issued its own ID in AAF; if your system has not been set up in AAF I recommend reaching out to the AAF team ASAP (Jonathan Gathman is the PTL) and then let me know what your application id is.
Please let me know soon so we can make this transition as painless and seamless as possible.
Thanks,
Jimmy Forsyth
AAI PTL