summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpkaras <piotr.karas@nokia.com>2019-04-12 13:08:48 +0200
committerpkaras <piotr.karas@nokia.com>2019-04-12 13:08:48 +0200
commit198486f728dd14e0c65ff7c995e5a3173596995a (patch)
tree08df532fd298cb1938c38d96a27cc35da1210a7e
parent0654d98f69b80b8d932dd33a5dcc56dbecc6a64e (diff)
security related documentation moved to buscontroller
Change-Id: Id6becd889f890210dd4a2f7a83d0b13797e301bd Issue-ID: DMAAP-1115 Signed-off-by: piotr.karas <piotr.karas@nokia.com>
-rw-r--r--docs/api.rst51
1 files changed, 0 insertions, 51 deletions
diff --git a/docs/api.rst b/docs/api.rst
index 7f187d4..9eab4da 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -4928,54 +4928,3 @@ Topic Model Structure
topicName | No | string | | | the short name used by humans, and utilized to construct the `FQTN`
version | No | string | | | a hook for any versioning needed for managing a `Topic` over time
-Security
-~~~~~~~~
-As default security is in Dmaap Bus Controller disabled.
-
-Enable
-------
-Settings to turn on security is in file dmaapbc.properties. The file is located in OOM project in path: ./oom/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
-During deployment the the file is placed into ConfigMap XXX-dmaap-bus-controller-config (XXX depend on deployment setup). The config map is linked to volume with read only permission so it can not be changed from pod level.
-Ater updating ConfigMap the bus controller pod needs to be restarted.
-
-Settings
-++++++++
-
-In the dmaapbc.properties for security settings there is a main flag:
-
-1.UseAAF: true
-
-If set to true then creating topic also will create required perms in AAF. The perms will be created in org.onap.dmaap.mr.
-The last element -mr- is related to another setting - MR.projectID .
-
-Example:
- Topic name:
- aSimpleTopic
- Permitions
- org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|pub
- org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|sub
- org.onap.dmaap.mr.topic|:topic.org.onap.dmaap.mr.aSimpleTopic|view
-
-
-Hint: User defined in the certificate of cadi (property:cadi.properties, user:dmaap-bc@dmaap-bc.onap.org) needs to have permissions to create and view such topics (org.onap.dmaap.mr.topic|*|*).
-
-
-Authentication is using CADI
-
-CADI confilguration is stored in CADI files. Location of the files is defined in varaible:
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-The configuration is a mandatory and missing parameter or file cause exception.
-
-Authorization is done by CADI - configuration is required as above
-
-Call to bus controller needs to have given user credentials. The user ich checked in AAF for permission to call topic.
-The check is done in org.onap.dmaap-bc.api according to ApiNamespace setting.
-
-Hint: User defined in the certificate of cadi (property:cadi.properties, user:dmaap-bc@dmaap-bc.onap.org) needs to have permission to read the namespace (org.onap.dmaap-bc.api.access|*|read).
-
-
-2.UseAAF: false
-
-For backward compatibility, if AAF flag is turned off the previous implementation is enabled based on AuthorizationFilter and ApiPermission class.
-This filter switching has been made due to the technology differences: Jersey filters do not implement directly servlet API, but CADI filter is based on it. \ No newline at end of file