-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introducing protobuf file for the new /uuid endpoint #1284
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we also remove the ConfigRequest using a URL without the UUID? That is in the APIv4.md file
@kalyan-nidumolu are these protobuf errors you expect to see? I don't know if prototool would have the same complaints on our existing proto files in which case we can ignore them. |
- Once attestation feature is enabled in Controller, the /config endpoint will fail incoming requests without an integrity token associated with the request. As a result, the initial getUuid() method in zedclient will fail, since it starts early before attestation, and at that point system will not have any integrity token to use. - Since zedclient uses /config primarily for getting UUID of the device and other fields such as Manufacturer, Model etc, having a separate endpoint for that makes sense, and this PR adds protobuf fields for the same. Signed-off-by: Hariharasubramanian C S <cshari@zededa.com>
@eriknordmark Hariharasubramanians-MacBook-Pro:eve cshari$ cat /private/tmp/yetus-out/diff-patch-prototool.txt | grep attest Now, either I can fix the lint errors or we can ignore the yetus errors (to keep the naming conventions consistent with existing files), please let me know what you prefer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Let's ignore the yetus/prototool complaints
Hey @cshari-zededa @nordmark @deitch -- one sentence here caught my eye "Once attestation feature is enabled in Controller, the /config endpoint will fail incoming requests without an integrity token associated with the request" -- that's fine from the controller's standpoint (IOW controller forcing this behavior) but I wanted to make sure that we don't accidentally break V1 API compatibility with this change. We rely heavily on V1 API in Adam still (V2 work is getting delayed there) and making sure it keeps working is a pretty high priority. Please confirm. On a related note @cshari-zededa those few paragraphs from the description of this PR is what I was suggesting you add to your integrity token PR as part of updating docs/SECURITY.md |
Yes @rvs, V1 compatibility is not disturbed. In fact, we have not started enforcing integrity-token yet in any of the Controller, including ZedControl. These PRs are just setting it up from EVE side. But even when we enforce integrity-token check, we will do it only for V2 /config endpoint. But this also means that we should add /uuid support in Adam, before we can start replacing /config with /uuid in zedclient. |
Got it! Filed lf-edge/adam#38 @giggsoff @deitch -- can you guys please take a look ASAP? |
Once attestation feature is enabled in Controller, the /config endpoint
will fail incoming requests without an integrity token associated with the
request. As a result, the initial getUuid() method in zedclient will fail,
since it starts early before attestation, and at that point system will not
have any integrity token available.
Since zedclient uses /config primarily for getting UUID of the device and other
fields such as Manufacturer, Model etc, having a separate endpoint for that
makes sense, and this PR adds protobuf fields for the same.
Signed-off-by: Hariharasubramanian C S cshari@zededa.com