This repository has been archived by the owner on May 26, 2023. It is now read-only.
Enable CLI to work with both secured/none secured EdgeXFoundry instances #207
Labels
dependent issue
Issue/functionality that could be handled only when another issue is fixed/implemented
enhancement
New feature or request
hanoi
Hanoi release
Comments
Closed
difince
added
the
dependent issue
|
I thought we'd ruled out support for secure mode as the client for the initial release? |
|
Isn't this a duplicate of issue #101? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
🚀 Feature Request
Description
EdgeX Foundry could work in two modes - secure and none secure.
When security is off all micro services are accessible and could be called from outside.
When security is On, there is a single entry point - gateway that accepts https requests and requires
AuthorizationHeader.Here it is how you could create a user with name
tonythat belongs to pre-existent group -admin.Once the user is created a token is provided.
This token could be used for accessing edgex services by sending it in the
AuthorizationHeader.More about Gateway security : here
Describe the solution you'd like
The token could be created only by executing the above command locally on the EdgeX Server. So lets assume that the token is already created and ENV variable is created with the token value on the machine where edgex-cli is running.
Propose Name for env variable could be : EDGEX_ACCESS_TOKEN
configuration.tolm file content will be different depending on the EdgeX Foundry security mode.
If the security is Off: the content should be :
If the security is On
Configuration file, will be filled with the appropriate content during the installation process:
make install- the default will be working in security enabled mode.make install insecure- work in security disabled mode.On start up, edgex-cli should check what is the value of
securitypropertyIf it is true, all requests towards all edgex microservices goes through the gateway. Part of the url will be used to identify which EdgeX micro service the request should be routed to.
coredata 48080 -> coredata
metadata 48081 -> metadata
command 48082 -> command
notifications 48060 -> notifications
supportlogging 48061 -> supportlogging
examples:
curl https://:8443/coredata/api/v1/ping
curl https://:8443/metadata/api/v1/ping
curl https://:8443/command/api/v1/ping
and etc.
Each request should contain the special two Headers:
Authorization: EDGEX_ACCESS_TOKEN
host: edgex
Current Edgex-CLI implementation use go-mod-core-contracts models and Interface clients - that are not prepared to work in security mode. First Go-mod-core -contract should be updated appropriately and used in the Edgex-CLI.
(I am still not sure if the security mode need to be implemnted for edgex api v1, or to come when working with edgex API v2 )
The text was updated successfully, but these errors were encountered: