Enforce AAF permissions

Issue-ID: OPTFRA-331
Change-Id: I046ddef243f73ae90ca0a28184ee0decf73069ee
Signed-off-by: Frank Sandoval <frank.sandoval@oamtechnologies.com>
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>

1 files changed, 16 insertions, 5 deletions

diff --git a/conductor.conf b/conductor.conf
index 027335d..0c0ae2b 100755
--- a/conductor.conf
+++ b/conductor.conf
@@ -131,20 +131,30 @@
 #fatal_deprecations = false
 
 
-[aaf_authentication]
+[aaf_api]
 
 #
 # From conductor
 #
 
 # is_aaf_enabled. (boolean value)
-#is_aaf_enabled = true
+#is_aaf_enabled = false
 
 # aaf_cache_expiry_hrs. (integer value)
-#aaf_cache_expiry_hrs = 3
+aaf_cache_expiry_hrs = 3
 
 # aaf_url. (string value)
-aaf_url = http://aaf-service:8100/authz/perms/user/
+#aaf_url = https://aaf-service:8100/authz/perms/user/
+
+# aaf_cert_file. (string value)
+#aaf_cert_file = <None>
+
+# aaf_cert_key_file. (string value)
+#aaf_cert_key_file = <None>
+
+# aaf_ca_bundle_file. (string value)
+#aaf_ca_bundle_file =
+aaf_ca_bundle_file = AAF_RootCA.cer
 
 # aaf_retries. (integer value)
 #aaf_retries = 3
@@ -153,7 +163,7 @@ aaf_url = http://aaf-service:8100/authz/perms/user/
 #aaf_timeout = 100
 
 # aaf_user_roles. (list value)
-#aaf_user_roles = {"type": "org.onap.oof","instance": "plans","action": "GET"},{"type": "org.onap.oof","instance": "plans","action": "POST"}
+#aaf_permissions = {"type": "org.onap.oof.access","instance": "*","action": "*"}
 
 
 [aaf_sms]
@@ -594,3 +604,4 @@ concurrent = true
 
 # Extensions list to use (list value)
 #extensions = multicloud
+