Kirill Lukashin and IBM Montreal Controller Design Studio – Architecture & Design for integration with AAF Draft version Kirill Lukashin and IBM Montreal Dec, 2018

Agenda What is AAF CDS-AAF Common Architecture CDS-AAF integration DesignTime Flow CDS-AAF Integration Runtime Flow Roles/Permissions/Resources Impact on Controller Blueprint Archive (CBA)

What is AAF? AAF stands for “Application Auth Framework” Originally “Auth” was “Authorization”, but now supports implementations for Authentication Authorization AAF consists of CADI Framework - a library used by services to: Authenticate with one or more Authentication Protocols Authorize in a FINE-GRAINED manner using AAF Components AAF Components – RESTful Services: Service (primary) – All the Authorization information Locate – how to find ANY OR ALL AAF instances across any geographic distribution OAuth 2.0 – new component providing Tokens and Introspection GUI – Tool to view and manage Authorization Information, and create Credentials Certman – Certificate Manger, create and renew X509 with Fine-Grained Identity FS – File Server to provide access to distributable elements (like well known certs) Hello - Test your client access (certs, OAuth 2.0, etc) Cassandra as global replicating Data Store

Support for secure call UI to Backend Use TLS for Encryption, and CADI Framework/AAF Services to do Authorization!

Real time Authorization Process

AAF Capabilities for Developers Self-Serve AAF Functions for Developers Applications get a “Namespace” in AAF Example “org.onap.cds” Create Credentials for their App x509 Client Certificate or User/Password (Basic Auth) Create a Server Certificate (so service can be HTTP/S TLS) Can use the x509 Client Certificate, assuming all clients trust its Certificate Authority Create “Permissions” representing what they want to protect Code to those Permissions

CDS – AAF Common Architecture A&AI MS Policy Networks / VNFs / Devices DmaaP Consumer Blueprint Processor Platform Device Components DMaaP Producer Capability Components Directed Graph Rest Adapters DB Controller Design Studio MS Controller Blueprints MS CB DB BP DB CDS DB User/password validation Obtain Permissions

Controller Design Time Certified/Approval to trigger CSAR Package with CBA content Distribution via SDC DMAAP Interface User/password validation/or oAuth Controller Design Studio GUI AAF SDC Integrated User Experience Retrieve permissions to manage CBA files CDS APP Ext using iframe Controller blueprint ms Controller Persona Run Time SDC Design Catalog Controller Blueprint Instances SDC Upload/Download Self-Service Design Environment Self-Service Test Runtime Environment

Post Instantiation Controller Run Time SO POLICY AAF DMaaP Bus Check permissions to access resource Data Sources A&AI MD-SAL Database Network Content Runtime Catalog (Certified Models & Design Artifacts) Controller Persona API Resource Resolution mS SDC Design Catalog DMaaP Bus Subscribe API Template Meshing mS CSAR Package Controller Blueprint Archive Approved Artifacts

Affected Tasks CDS UI Using loopback.io framework CDS Backend – Controller Blueprint Ms, Blueprint Processor Ms Implement AAF for Swagger Implement AAF for Webflux

Affected Data Flows -> See Roles 1A. User registers Model Types, & Reusable Dictionaries 2A. User create CBA file Component Executor Self Service Rest API DmaaP CBA Listener Publisher BP MS Directed Graph Resource Resolution Python Ansible Netconf Restconf Groovy 3C.Consume CBA file 3D.Persist CBA file 4B.Retrieve CBA file 4C.Execute CBA 4E.Execute CBA Components 4D.Get CBA 4F.Return Self Service Response 4G.Publish Response Controller Design Studio Controller Blueprints Microservice CB DB GIT MAVEN 1B. Jenkins Builds and Deploy to Maven Repo 1C. Auto load Model Types, & Reusable Dictionaries 2B. Enrich, Validate CBA file 1D. Store SDC 2D.Test CBA file 2C.Test Deploy CBA file 3A.Store CBA file 3B.Publish CBA file 4H.Consume SO 4A.Send Request DMaaP Blueprint Processor Platform

Functional Decomposition – Interaction with AAF Ms Artifact Management(Blue Prints, Model Type, Resource Definitions) Enrichment( Model Types/ Resource Definition) Validation( Model Types/ Resource Definition) CDS Frontend/UI MS Spring Boot 2.1 CDS UI/ Client Controller Blue Prints Studio MS Angular / Browser Http / Websocket Webflux Http / GRPC CDS UI / Server Webflux Http / GRPC Spring Boot Loopback4 / Nodejs Process Resource Resolution Network Communication Webflux Http / GRPC Blue Prints Processor MS Proxy Artifact Management(Blue Prints, Model Type, Resource Definitions) Proxy Enhancement and Enrichment User Event Management User Access Control Management. AAF MS

AAF Entities to be defined for CDS Roles Resources Permissions

Roles Role Class Description CBAdmin org.onap.sdnc.controllerblueprints.admin Design time tasks CBDesigner org.onap.sdnc.controllerblueprints.designer Desing time tasks CBOwner org.onap.sdnc.controllerblueprints.owner BPAdmin org.onap.sdnc.blueprintsprocessor.admin Run time tasks BPDesigner org.onap.sdnc.blueprintsprocessor.designer BP<ServiceName>Owner org.onap.sdnc.controllerblueprints.<ServiceName>.owner

Permissions all access for management Role Description all access for management CBAdmin Design the blue prints Model Types and Node Types CBDesigner Design the blue prints Model Types and Node Types and Blueprint Create CBOwner All access for management BPAdmin Has Upload BluePrint/Download Access BPDesigner Has execute permission blueprint processor API BP<ServiceName>Owner

Resources Resources Type Description Blue prints, Model Types, Resource Definitions file Model Artifacts DG process Workflows Data Dictionary DB Resource mapping rules

Open questions? Which Authentication protocols to use? Any modifications on AAF side to support CDS needs?

Controller Blueprints Archive(CBA) Format Controller Blueprints definitions file. Formats : .json Definition Application properties or environment properties file. Formats: .properties Configuration Flow Definitions files, such as directed graph, dataflow dsl, etc. Formats: .json, .xml Plans Executions scripts used during flows. Formats: .py, .js, .groovy Scripts Templates used duting processing. Format: .vtl Templates Resource Dictionaries, used during processing. Format: .json Dictionary Data Dictionary File Format : .json Mappings Add AFF specific configuration? .cba

Thank You