Hmm… perhaps disabling AAF is not effective if you are seeing this with AAF enabled = false. Pavel, can you have a look and let us know if Yan is disabling it correctly? I recommend that you check your AAF deployment, in the past I’ve seen this when the aaf-locate pod appears to be running but restarting it solves the problem.
Thanks, jimmy From: <[email protected]> on behalf of Yan Yang <[email protected]> Reply-To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Date: Thursday, September 12, 2019 at 12:03 PM To: "FORSYTH, JAMES" <[email protected]>, "[email protected]" <[email protected]>, 'Keong Lim' <[email protected]> Subject: [onap-discuss] 答复: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Following is the logs on aai-resources pod: 2019-09-12T15:59:22.793+0000 INFO [cadi] Persist Cache: removed 0 of 0 items from memory and 0 of 0 from disk 2019-09-12T15:59:41.295+0000 AUDIT [cadi] ID AAI converted to [email protected] 2019-09-12T15:59:41.318+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:50768 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T15:59:41.318+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:50768 2019-09-12T15:59:41.322+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=27.823477,validate=27.811932,code=0.000000 2019-09-12T16:00:42.548+0000 AUDIT [cadi] ID AAI converted to [email protected] 2019-09-12T16:00:42.625+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:51148 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T16:00:42.626+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:51148 2019-09-12T16:00:42.644+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=96.419441,validate=96.406677,code=0.000000 2019-09-12T16:01:22.794+0000 INFO [cadi] Persist Cache: removed 0 of 0 items from memory and 0 of 0 from disk 2019-09-12T16:01:42.888+0000 AUDIT [cadi] ID AAI converted to [email protected] 2019-09-12T16:01:42.987+0000 WARN [cadi] Authenticating Service unavailable from 10.42.14.13:51530 ( No Entries found for 'https://aaf-locate.onap:8095/locate/AAF_NS.service:2.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__aaf-2Dlocate.onap-3A8095_locate_AAF-5FNS.service-3A2.0&d=DwQFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Oej6QUk5p2KdqNEWySpOHA&m=HmW-GsFPH8s1IQ3tnWNBj2fdqcwk3I8hYh5yD4_FNEw&s=DbmRzTn3WP_eFkMLsumtzIYgG1K2bVsXbVrCMA4x-kk&e=>' ) 2019-09-12T16:01:42.987+0000 AUDIT [cadi] No TAF will authorize for request from 10.42.14.13:51530 2019-09-12T16:01:42.989+0000 WARN [cadi] Trans: user=n/a[],ip=10.42.14.13,ms=100.579651,validate=100.569031,code=0.000000 BR, Yan 发件人: FORSYTH, JAMES [mailto:[email protected]] 发送时间: 2019年9月12日 23:58 收件人: Yan Yang; [email protected]; 'Keong Lim' 主题: Re: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi, Yan, What do you see when you do “kubectl logs” on the aai-resources pod? Thanks, jimmy From: Yan Yang <[email protected]<mailto:[email protected]>> Date: Thursday, September 12, 2019 at 11:57 AM To: "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>> Subject: 答复: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi Jimmy, Thank you for your quick reply. Before we disable AAF, we also try to call AAI, but got authentication error, so we re-deployed AAI with aaf_enable false. BR, Yan 发件人: FORSYTH, JAMES [mailto:[email protected]] 发送时间: 2019年9月12日 23:53 收件人: Yan Yang; [email protected]<mailto:[email protected]>; 'Keong Lim' 主题: Re: [AAI] When access AAI, get 403 Forbdiden Access Denied Hi, Yan, Is there a reason for disabling AAF? Thanks, jimmy From: Yan Yang <[email protected]<mailto:[email protected]>> Date: Thursday, September 12, 2019 at 11:51 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "FORSYTH, JAMES" <[email protected]<mailto:[email protected]>>, 'Keong Lim' <[email protected]<mailto:[email protected]>> Subject: [AAI] When access AAI, get 403 Forbdiden Access Denied Dear Jimmy and AAI team, When we call AAI to get the cloud list ,we got the following error: {"timestamp":1568302764354,"status":403,"error":"Forbdiden","message":"Access Denied","path":"/aai/v13/cloud-infrastructure/cloud-regions"} When we deploy AAI Dublin release, we make the aaf_enable: false. I’m not sure what’s the reason, could you give some help? BTW aaf also run in our env and the aaf pods are running. BR, Yan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18940): https://lists.onap.org/g/onap-discuss/message/18940 Mute This Topic: https://lists.onap.org/mt/34116666/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
