Storage Configuration - Renewal of cloud storage credentials #423
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ubkr
requested changes
May 24, 2024
| <xs:documentation>CertPathValidationPolicyID used to validate the renewal endpoint server certificate. If CertPathValidationPolicyID is not configured, the certificate shall not be validated.</xs:documentation> | ||
| </xs:annotation> | ||
| </xs:element> | ||
| <xs:element name="Error" type="xs:string" minOccurs="0"> |
There was a problem hiding this comment.
@jmelancongen I just approved #424 and I agree with @ubkr please re-review that PR and update this accordingly. Many kind thanks.
There was a problem hiding this comment.
Oh, accidentally resolved the comment early.
This follows the recent PR from Hans #419 so we have at least available information in case the renewal flow breaks unexpectedly. The client will be able to retrieve that error and help narrow down the issue.
|
To be Added: An OpenAPI document defining the schema of the response that device should expect from the API |
jmelancongen
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With the current specification, a cloud provider must continuously renew the credentials assigned to a device using the SetStorageConfiguration API. This means that a cloud provider must keep track of all devices and attempt to refresh this configuration, generally over Uplink, regularly to ensure that there is no loss of recording.
Instead of a manual procedure by the cloud provider, we propose that the device manage the lifecycle of its credentials on its own, by accepting an endpoint to a simple API that provides credentials to the device on-demand. This will allow the device to refresh credentials much faster in case of outages, where the device comes back online after a while and wants to resume recording as quickly as possible.