-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Cumulocity IoT basic device registration to allow SmartREST 1.0 usage for older clients #3036
Comments
A proof of concept (PoC) has been created to check the general compatibility of thin-edge.io and SmartREST 1.0 when using a basic auth device user, and first signs seems that they are compatible. The PoC used hacked together Rust code where it reads the device username/password (mostly) from environment variables in order to make work, it is by no means intended to be a good reference guide, however it still might be hopeful to see which parts of the code need to be adjusted. PR is provided here: #3039 |
In SmartREST 1.0, we can use |
Gaps between the requirements and the PoC:
I think 1) will the most time consumption as we don't have such mechanism now. It requires a small design level decision, which means it contains uncertainty in estimate. Excluding the device bootstrapping, I would say 1.5 weeks (including review process). |
The password must not be stored in There is small issue for the device id which is currently stored in the device certificate. We will have to handle a specific case here (storing/reading the device from an external file or simply |
The Rust code and Robot test are merged by #3196. However, the user guide is not added yet. |
How to connect to c8y with Basic AuthGiven that thin-edge is already installed in a target device.
[c8y]
username = "t5678/octocat"
password = "abcd1234"
How to apply SmartREST1.0 template
|
System tests have been added to cover the functionality |
Is your feature request related to a problem? Please describe.
Support Cumulocity IoT basic auth registration process to provide an upgrade path for existing customers whom use (legacy) SmartREST 1.0 (which is not supported when using cert based authentication)
Background
Existing customers with existing agents would like to take advantage of thin-edge.io and slowing migrate custom components. However these agents sometimes use SmartREST 1.0 which is incompatible with the cert-based device credentials (the default authentication used by thin-edge.io).
Describe the solution you'd like
Add support for basic auth device credentials for the Cumulocity IoT mapper so that devices can be registered following the Device Registration mechanism.
Implementation details
When using basic auth device credentials
Authorization: Basic <base64(username:password)>
s/uat
ands/dat
topics as they are only supported when using cert-based device credentials and errors will be posted tos/e
if they are subscribed toOpen questions
Implementation plan
The feature implementation can be broken into the following parts:
tedge config set c8y.registration_mode "basic"
tedge
and with600
permissions)tedge config set c8y.smartrest1.templates "template1,template2"
tedge connect
and the "basic" registration mode is active (there are some UX aspects here to consider).Describe alternatives you've considered
Additional context
Check list for components that require an update of the Authorization header mechanisms:
127.0.0.1:8001/c8y
service)The text was updated successfully, but these errors were encountered: