-
Sub-task
-
Resolution: Done
-
Medium
-
Casablanca Release
-
None
-
Policy Casablanca - 4, Policy Casablanca - 6
- pdp-d, consul, and pap machine users must be pre-provisioned in AAF.
- These users, and appropriate roles, and permissions, should be added to the org.onap.policy.pdpx namespace.
- AAF must be pre-configured with these permissions for demo automated installation purposes.
- pdp-d, and pap should use client certificate authentication.
- pap, and pdp-d should also support the existing HTTP Basic Authentication mechanisms when talking to the pdp-x component. When using client certificates, the authentication credentials will be used for authorization requests to AAF.
- When AAF is not available in a lab deployment, pap, and pdp-d should default to use existing authentication mechanisms.
- pdp-x should use the AAF CADI Framework client libraries to interact with AAF.
- pdp-x should talk to AAF using HTTPS Client Certificates based authentication to perform. The pdp-x client certificate must be stored in the pdp-x keystore to present it to AAF.
- PDP-X REST API Client Interactions (i.e. DCAE and CLAMP)
- dcae and clamp machine users must be pre-provisioned in AAF.
- These users, and appropriate roles, and permissions, should be added to the appropriate dmaap namespace in AAF.
- These users, and appropriate roles, and permissions, should be added to the org.onap.policy.pdpx namespace.
- dcae and clamp must carry out its identity as currently does in HTTP headers. This in turn will be used by pdp-x to authenticate and perform authorization requests against AAF