[AAA-204] Eliminate blueprint from aaa-encrypt-service Created: 03/Nov/20 Updated: 27/Mar/23 Resolved: 16/Feb/23 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | 0.17.6 |
| Type: | Task | Priority: | Medium |
| Reporter: | Robert Varga | Assignee: | Robert Varga |
| Resolution: | Done | Votes: | 0 |
| Labels: | pt | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Epic Link: | Eliminate Blueprint | ||||||||||||||||
| Description |
|
This is essentially a rehash of aaa-password-service in |
| Comments |
| Comment by Robert Varga [ 23/Jan/23 ] |
|
So I think this is problematic, because AAAEncryptionService is used by NETCONF to encrypt things in the datastore. Most notably we need a way to decrypt things as well. That means the configuration is coupled with datastore content, which unfortunately, is a very loose coupling. I think we need to retain the config datastore integration and do the heavy lifting through org.osgi.service.component.ComponentFactory, meaning register a ClusteredDataTreeChangeListener on component startup and activate a service configuration. We already do this (without datastore, but reacting to OSGi SR) in mdsal-binding-runtime-osgi).
|
| Comment by Robert Varga [ 05/Feb/23 ] |
|
Looking at this a bit more, there is a lot going on here and it is intrinsically tied to the blueprint plugin re. the actual configuration:
Let's split the effort up. As a first step, we will separate out configuration update concerns into a separate class wired through Blueprint (for now) and let AAAEncryptionServiceImpl pick up its configuration from OSGi SR and instantiate with OSGi DS. This will lead to an OSGi DS component being dependent on Blueprint, which is kind of okay and unblocks upstreams. The second part is to re-wire the configuration template/update wiring to work without blueprint and without initial config file. |