1. Manuals
  2. Brands
  3. HP Manuals
  4. Controller
  5. HPE VAN SDN Controller 2.7
  6. Administrator's manual

Role-Based Access Control (Rbac); Assigning A User To A Role - HP HPE VAN SDN Controller 2.7 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

The controller must have:
The valid trusted CA signed identity and CA certificates configured in the controller keystore
The CA certificate must be configured in the controller truststore
The authentication manager ConnSSLClientAuth should be set to true to enforce mutual
authentication
Keystone should be configured to:
Use valid trusted CA signed identity certificate
Configure trusted CA to be used to validate client certificates
Require SSL
Require the client certificate to be valid

Role-Based Access Control (RBAC)

HPE VAN SDN Controller supports limited RBAC (Role Based Access Control). The SDN
Controller currently enforces a single role which has access to all controller features. By default,
the single role is sdn-admin. The authenticated user must have this role in order to be granted
access to the controller. You must ensure that Keystone is configured to grant this role.
The applications installed on the SDN Controller can enforce RBAC to meet their security
requirements.

Assigning a user to a role

To assign a user the sdn-admin role and give the user access to the desired SDN Controller:
1.
Create a tenant (the example creates a test tenant):
curl -H "X-Auth-Token:ADMIN" -H "Content-Type: application/json"
-d '{"tenant": {"enabled": true, "name": "test-tenant", "description": "Test Tenant"}}'
http://<controller-ip>:35357/v2.0/tenants
2.
List tenants:
curl -H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/tenants
3.
Create a user:
curl -H "X-Auth-Token:ADMIN" -H "Content-Type: application/json"
-d '{"user": {"email": "tester@test.rose.hp.com", "password": "somepass", "enabled": true,
"name": "test-user", "tenantId": "2c851897a09f483fa452e2de11511f71"}}'
http://<controller-ip>:35357/v2.0/users
4.
List users:
curl -H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/users
5.
Create a role:
curl -H "X-Auth-Token:ADMIN" -H "Content-Type: application/json" -d '{"role": {"name": "test-role"}}'
http://<controller-ip>:35357/v2.0/OS-KSADM/roles
6.
List roles:
curl -H "X-Auth-Token:ADMIN" http://<controller-ip>:35357/v2.0/OS-KSADM/roles
7.
Assign a user to a role:
curl -X PUT -H "X-Auth-Token:ADMIN";
http://<controller-ip>:35357/v2.0/tenants/<tenant-id>/users/<user-id>/roles/OS-KSADM/<role-id>
8.
List roles for a user for a given tenant:
curl -X GET -H "X-Auth-Token:ADMIN" http://<controller-ip>/v2.0/tenants/<tenant-id>/users/<user-id>/roles
Example
1. List tenants
root@sdnctl1:/var# curl -H "X-Auth-Token:ADMIN" http://192.168.4.61:35357/v2.0/tenants | python -mjson.tool
% Total
% Received % Xferd
100
243
100
118
Security
Average Speed
Dload
Upload
243
0
0
38786
Time
Time
Time
Total
Spent
Left
0 --:--:-- --:--:-- --:--:-- 40500
Current
Speed
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for HP HPE VAN SDN Controller 2.7

Related Content for HP HPE VAN SDN Controller 2.7

Table of Contents