From de41ca54492e9109e14e7845be8352963a57854d Mon Sep 17 00:00:00 2001 From: Jimmy Forsyth Date: Fri, 7 Jun 2019 09:47:07 -0400 Subject: Add instructions for AAF role for sparky Move nodes API block to proper location Issue-ID: AAI-2411 Signed-off-by: Jimmy Forsyth Change-Id: If21e610366c765a251fe4fb78ded7ca90bcfa142 --- docs/AAI REST API Documentation/AAIRESTAPI.rst | 29 +++++++++++----------- .../AAIRESTAPI_DUBLIN.rst | 29 +++++++++++----------- docs/release-notes.rst | 27 ++++++++++++++++++-- 3 files changed, 55 insertions(+), 30 deletions(-) diff --git a/docs/AAI REST API Documentation/AAIRESTAPI.rst b/docs/AAI REST API Documentation/AAIRESTAPI.rst index 5cd758bb..04cd6c08 100644 --- a/docs/AAI REST API Documentation/AAIRESTAPI.rst +++ b/docs/AAI REST API Documentation/AAIRESTAPI.rst @@ -1062,6 +1062,21 @@ The Bulk API allows clients to make multiple requests in a single transaction. Please look for additional details on the following wiki page: `Bulk API `_ +Nodes API +--------- + +In working with A&AI's standard REST API, you may have noticed that +certain API paths have a hierarchy to them and require a client to +know multiple object keys to preform GETs. For example: the vserver +object is under tenant, which is itself under cloud-region. If you +wanted to look up a vserver by name, you would still need to know the +tenant-id and cloud-region-id (and cloud-owner) in order to +successfully perform that GET. The nodes API allows for more freedom +in querying A&AI, allowing clients to circumvent the need to know +every key in the hierarchy. + +See `Nodes API `_ for more information. + AAI Traversal APIs ================== @@ -1082,20 +1097,6 @@ values. Please reference `Nodes Query `_ for details on the API and test queries. -Nodes API ---------- - -In working with A&AI's standard REST API, you may have noticed that -certain API paths have a hierarchy to them and require a client to -know multiple object keys to preform GETs. For example: the vserver -object is under tenant, which is itself under cloud-region. If you -wanted to look up a vserver by name, you would still need to know the -tenant-id and cloud-region-id (and cloud-owner) in order to -successfully perform that GET. The nodes API allows for more freedom -in querying A&AI, allowing clients to circumvent the need to know -every key in the hierarchy. - -See `Nodes API `_ for more information. Generic Queries --------------- diff --git a/docs/AAI REST API Documentation/AAIRESTAPI_DUBLIN.rst b/docs/AAI REST API Documentation/AAIRESTAPI_DUBLIN.rst index 5cd758bb..04cd6c08 100644 --- a/docs/AAI REST API Documentation/AAIRESTAPI_DUBLIN.rst +++ b/docs/AAI REST API Documentation/AAIRESTAPI_DUBLIN.rst @@ -1062,6 +1062,21 @@ The Bulk API allows clients to make multiple requests in a single transaction. Please look for additional details on the following wiki page: `Bulk API `_ +Nodes API +--------- + +In working with A&AI's standard REST API, you may have noticed that +certain API paths have a hierarchy to them and require a client to +know multiple object keys to preform GETs. For example: the vserver +object is under tenant, which is itself under cloud-region. If you +wanted to look up a vserver by name, you would still need to know the +tenant-id and cloud-region-id (and cloud-owner) in order to +successfully perform that GET. The nodes API allows for more freedom +in querying A&AI, allowing clients to circumvent the need to know +every key in the hierarchy. + +See `Nodes API `_ for more information. + AAI Traversal APIs ================== @@ -1082,20 +1097,6 @@ values. Please reference `Nodes Query `_ for details on the API and test queries. -Nodes API ---------- - -In working with A&AI's standard REST API, you may have noticed that -certain API paths have a hierarchy to them and require a client to -know multiple object keys to preform GETs. For example: the vserver -object is under tenant, which is itself under cloud-region. If you -wanted to look up a vserver by name, you would still need to know the -tenant-id and cloud-region-id (and cloud-owner) in order to -successfully perform that GET. The nodes API allows for more freedom -in querying A&AI, allowing clients to circumvent the need to know -every key in the hierarchy. - -See `Nodes API `_ for more information. Generic Queries --------------- diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 4fd9876d..efb8134c 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -39,6 +39,29 @@ under aai/oom for more details). AAI now manages its own helm charts. See `aai/oom `__ +**Known Issues** + +The AAI UI is now integrated with Portal and AAF. However, the AAF +default boostrap does not include a role that is necessary the demo +user to access the AAI UI. + +Run the following as a workaround, adjust the URL and credentials +according to your environment. The user in CRED must be able to update +the org.onap.aai namespace. The following example has been tested from +inside the AAI resources pod. + + .. code-block:: bash + + URL='https://aaf-service.onap:8100' + CRED='aai@aai.onap.org:demo123456!' + + curl -v -k -u "$CRED" -H "Content-Type: application/RoleRequest+json" $URL/authz/role -d '{"name":"org.onap.aai.aaiui"}' + + curl -v -k -u "$CRED" -H "Content-Type: application/UserRoleRequest+json" $URL/authz/userRole -d '{ "user":"demo@people.osaaf.org", "role":"org.onap.aai.aaiui" }' + +Future releases will include the role and role assignment in the +default bootstrap data (being tracked under `AAI-2475 `__) + **Security Notes** @@ -56,7 +79,7 @@ Quick Links: - `AAI project page `_ - `Passing Badge information for AAI `_ -- `Project Vulnerability Review Table for AAI `_ +- `R4 Project Vulnerability Review Table for AAI `_ @@ -192,7 +215,7 @@ Quick Links: - `AAI project page `_ - `Passing Badge information for AAI `_ -- `Project Vulnerability Review Table for AAI `_ +- `R3 Project Vulnerability Review Table for AAI `_ Version: 1.2.0 -- cgit 1.2.3-korg