Skip to content

Commit

Permalink
fixup! Migrate device-provisioning-service to repository
Browse files Browse the repository at this point in the history
  • Loading branch information
Danielius1922 committed Aug 19, 2024
1 parent b6bc1dc commit 4ae3694
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 21 deletions.
11 changes: 5 additions & 6 deletions charts/plgd-hub/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

More information are available in our [docs](https://plgd.dev/deployment/k8s/).

### Required variables:
### Required variables

```yaml
# -- Global config variables
Expand Down Expand Up @@ -45,9 +45,9 @@ global:
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | mongodb | 15.4.4 |
| https://nats-io.github.io/k8s/helm/charts/ | nats | 1.1.9 |
| https://scylla-operator-charts.storage.googleapis.com/stable | scylla | 1.10.0 |
| <https://charts.bitnami.com/bitnami> | mongodb | 15.4.4 |
| <https://nats-io.github.io/k8s/helm/charts/> | nats | 1.1.9 |
| <https://scylla-operator-charts.storage.googleapis.com/stable> | scylla | 1.10.0 |
## Values
Expand Down Expand Up @@ -893,7 +893,7 @@ global:
| resourcedirectory.service.type | string | `"ClusterIP"` | resource-directory service type |
| resourcedirectory.tolerations | object | `{}` | Toleration definition |
| scylla.datacenter | string | `"dc-1"` | |
| scylla.enabled | bool | `false` | Enable scylla service. Required scylla operator: https://github.com/scylladb/scylla-operator/blob/master/docs/source/generic.md#deploy-scylla-operator |
| scylla.enabled | bool | `false` | Enable scylla service. Required scylla operator: <https://github.com/scylladb/scylla-operator/blob/master/docs/source/generic.md#deploy-scylla-operator> |
| scylla.racks[0].members | int | `3` | |
| scylla.racks[0].name | string | `"dc-1a"` | |
| scylla.racks[0].resources.limits.cpu | int | `1` | |
Expand Down Expand Up @@ -1010,4 +1010,3 @@ global:

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,12 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- define "plgd-hub.deviceProvisioningService.coapGateway" }}
{{- $ := index . 0 }}
{{- $hub := index . 1 }}
{{- $_ := required "CoAP Gateway address is required. Use global.domain or deviceProvisioningService.enrollmentGroups[].hub.coapGateway. In case of using global domain, default port 5684 or coapgateway.service.nodePort.port if specified is used" ( $hub.coapGateway | default $.Values.global.domain ) }}
{{- if $hub.coapGateway }}
{{- $hub.coapGateway }}
{{- else }}
{{- else if $.Values.global.domain }}
{{- printf "%s:%v" $.Values.global.domain ( $.Values.coapgateway.service.nodePort | default 5684 ) }}
{{- else }}
{{- fail "CoAP Gateway address is required. Use global.domain or deviceProvisioningService.enrollmentGroups[].hub.coapGateway. In case of using global domain, default port 5684 or coapgateway.service.nodePort.port if specified is used" }}
{{- end }}
{{- end }}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.deviceProvisioningService.enabled }}
{{- range $.Values.deviceProvisioningService.enrollmentGroups }}
{{- $EG := . }}
{{- $eg := . }}
{{- if .hubs }}
{{- range .hubs }}
{{ if .authorization }}
Expand All @@ -9,7 +9,7 @@
apiVersion: v1
kind: Secret
metadata:
{{ $id := (or .id .hubID $EG.id ) }}
{{ $id := (or .id .hubID $eg.id ) }}
name: {{ printf "hub-oauth-%s" $id }}
namespace: {{ $.Release.Namespace }}
labels:
Expand Down
22 changes: 11 additions & 11 deletions device-provisioning-service/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Device Provisioning Service

The Device Provisioning Service provides API to provision device to the [plgd/hub](https://github.com/plgd-dev/hub).
The Device Provisioning Service provides an API to provision a device to the [plgd/hub](https://github.com/plgd-dev/hub).

## Workflow

Expand All @@ -15,7 +15,7 @@ plantuml -tsvg workflow.puml

## Docker Image

Before you use the image you need to setup [K8s access to private registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry).
Before you use the image, you need to set up [K8s access to private registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry).

```bash
docker pull ghcr.io/plgd-dev/hub/device-provisioning-service:latest
Expand All @@ -30,10 +30,10 @@ A configuration template is available on [config.yaml](https://github.com/plgd-d
| Property | Type | Description | Default |
| ---------- | -------- | -------------- | ------- |
| `log.dumpBody` | bool | `Set to true if you would like to dump raw messages.` | `false` |
| `log.level` | string | `Logging enabled from level.` | `"info"` |
| `log.level` | string | `Minimum log level for logging. Logs with lower severity than this level will not be output. Supported levels: "debug", "info", "warn", "error".` | `"info"` |
| `log.encoding` | string | `Logging format. The supported values are: "json", "console"` | `"json"` |
| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `"false` |
| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn` |
| `log.stacktrace.enabled` | bool | `Log stacktrace.` | `false` |
| `log.stacktrace.level` | string | `Stacktrace from level.` | `"warn"` |
| `log.encoderConfig.timeEncoder` | string | `Time format for logs. The supported values are: "rfc3339nano", "rfc3339".` | `"rfc3339nano"` |

### CoAP API
Expand All @@ -42,7 +42,7 @@ CoAP API as specified in the [workflow](./workflow.puml).

| Property | Type | Description | Default |
| ---------- | -------- | -------------- | ------- |
| `apis.coap.address` | string | `Listen specification <host>:<port> for coap client connection.` | `"0.0.0.0:5688"` |
| `apis.coap.address` | string | `Listening specification <host>:<port> for coap client connection.` | `"0.0.0.0:5688"` |
| `apis.coap.protocols` | []string | `Protocol for coap connection. The supported values are: "tcp", "udp" .` | `["tcp"]` |
| `apis.coap.maxMessageSize` | int | `Max message size which can be sent/received via coap. i.e. 256*1024 = 262144 bytes.` | `262144` |
| `apis.coap.messagePoolSize` | int | `Defines the maximum preallocated messages in the pool for parse/create coap messages.` | `1000` |
Expand All @@ -59,7 +59,7 @@ The plgd device provisioning service REST API is defined by [swagger](https://ra
| Property | Type | Description | Default |
| ---------- | -------- | -------------- | ------- |
| `apis.http.enabled` | bool | `Enable HTTP API.` | `false` |
| `apis.http.address` | string | `Listen specification <host>:<port> for http client connection.` | `"0.0.0.0:9100"` |
| `apis.http.address` | string | `Listening specification <host>:<port> for http client connection.` | `"0.0.0.0:9100"` |
| `apis.http.tls.caPool` | string | `File path to the root certificate in PEM format which might contain multiple certificates in a single file.` | `""` |
| `apis.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` |
| `apis.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` |
Expand All @@ -75,7 +75,7 @@ The plgd device provisioning service REST API is defined by [swagger](https://ra
| `apis.http.authorization.http.tls.keyFile` | string | `File path to private key in PEM format.` | `""` |
| `apis.http.authorization.http.tls.certFile` | string | `File path to certificate in PEM format.` | `""` |
| `apis.http.authorization.http.tls.useSystemCAPool` | bool | `If true, use system certification pool.` | `false` |
| `apis.http.readTimeout` | string | `The maximum duration for reading the entire request, including the body by the server. A zero or negative value means there will be no timeout.` | `8s` |
| `apis.http.readTimeout` | string | `Maximum duration allowed for reading the entire request body, including the body by the server. A zero or negative value means there will be no timeout. Example: "8s" (8 seconds).` | `8s` |
| `apis.http.readHeaderTimeout` | string | `The amount of time allowed to read request headers by the server. If readHeaderTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `4s` |
| `apis.http.writeTimeout` | string | `The maximum duration before the server times out writing of the response. A zero or negative value means there will be no timeout.` | `16s` |
| `apis.http.idleTimeout` | string | `The maximum amount of time the server waits for the next request when keep-alives are enabled. If idleTimeout is zero, the value of readTimeout is used. If both are zero, there is no timeout.` | `30s` |
Expand Down Expand Up @@ -123,7 +123,7 @@ Enrollment group entry configuration.
| ---------- | -------- | -------------- | ------- |
| `enrollmentGroups.[].id` | string | `Unique enrollment group id in GUID format` | `""` |
| `enrollmentGroups.[].owner` | string | `Owner of a newly provisioned device` | `""` |
| `enrollmentGroups.[].preSharedKeyFile` | string | `File path to the pre-shared key that will be stored on the device for the owner. It must be empty or have 16 characters in the preSharedKeyFile.` | `""` |
| `enrollmentGroups.[].preSharedKeyFile` | string | `Path to the pre-shared key that will be stored on the device. It must either be empty or contain exactly 16 characters. If the key does not meet this requirement, the provisioning will fail.` | `""` |
| `enrollmentGroups.[].attestationMechanism.x509.certificateChain` | string | `File path to certificate chain in PEM format.` | `""` |
| `enrollmentGroups.[].attestationMechanism.x509.expiredCertificateEnabled` | bool | `Accept device connections with an expired certificate.` | `false` |

Expand All @@ -147,11 +147,11 @@ Defines configuration of the plgd hub where the device connects after it's succe

#### OAuth2.0 Client

OAuth2.0 Client is used to obtain JWT with ownerClaim an deviceIDClaim via the client credentials flow. The JWT will be is used directly during the [SignUp operation](https://plgd.dev/architecture/component-overview/#hub-registration).
OAuth2.0 Client is used to obtain JWT with ownerClaim and deviceIDClaim via the client credentials flow. The JWT will be is used directly during the [SignUp operation](https://plgd.dev/architecture/component-overview/#hub-registration).

| Property | Type | Description | Default |
| ---------- | -------- | -------------- | ------- |
| `enrollmentGroups.[].hub.authorization.ownerClaim` | string | `Claim used to identify owner of the device. If configured, your OAuth2.0 server has to set the owner id to the token as configured. OwnerClaim with sub is not supported. Custom owner claim needs to be configured also on the plgd hub instance. If used with the plgd mock OAuth Server, value https://plgd.dev/owner has to be set. **Required.**` | `""` |
| `enrollmentGroups.[].hub.authorization.ownerClaim` | string | `Claim used to identify the owner of the device. If configured, your OAuth2.0 server has to set the owner id to the token as configured. OwnerClaim with sub is not supported. Custom owner claim needs to be configured also on the plgd hub instance. If used with the plgd mock OAuth Server, value https://plgd.dev/owner has to be set. **Required.**` | `""` |
| `enrollmentGroups.[].hub.authorization.deviceIDClaim` | string | `Claim used to make JWT tokens device specific. If configured, your OAuth2.0 server has to set the device id to the token as configured. If used with the plgd mock OAuth Server, value https://plgd.dev/deviceId has to be set.` | `""` |
| `enrollmentGroups.[].hub.authorization.provider.name` | string | `Provider name which is registered also on the instance of the plgd hub where the device connects after it's successfully provisioned. The grant type for this provider must be set to ClientCredentials.` | `""` |
| `enrollmentGroups.[].hub.authorization.provider.authority` | string | `Authority is the address of the token-issuing authentication server. Services will use this URI to find token endpoint.` | `""` |
Expand Down

0 comments on commit 4ae3694

Please sign in to comment.