Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Storage Configuration - Renewal of cloud storage credentials #423

Open
wants to merge 15 commits into
base: development
Choose a base branch
from
Open

Storage Configuration - Renewal of cloud storage credentials #423

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
06a63d6
Add Storage Configuration Renewal
jmelancongen May 7, 2024
f0b716e
Clarify when to call the endpoint for first renewal
jmelancongen May 21, 2024
eafbddc
Add the token field from PR #424
jmelancongen Jun 3, 2024
3542e59
Add OpenAPI document for the Renewal schema
jmelancongen Jun 7, 2024
03b571e
Add descriptions to schema fields
jmelancongen Jun 7, 2024
73a7382
Add missing expiresAt
jmelancongen Aug 14, 2024
69e8304
Fix documentation of AuthorizationServer field for renewal
jmelancongen Aug 14, 2024
0443ecd
Remove content-type mention
jmelancongen Sep 11, 2024
5effd6f
Remove LocalPath & Type
jmelancongen Sep 11, 2024
4c63f83
Clarify the meaning of null values
jmelancongen Sep 11, 2024
73f10da
Clarify that the current storage configuration shall be updated by th…
jmelancongen Sep 11, 2024
5304029
Update the OpenAPI document according to spec changes
jmelancongen Sep 12, 2024
27c3096
Update CertPathValidationPolicy documentation to define empty behavior
jmelancongen Nov 14, 2024
231a53d
Update doc/Core.xml
jmelancongen Feb 3, 2025
543255f
Merge branch 'development' into storageconfig-renewal-api
jmelancongen Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions doc/Core.xml
View file
Open in desktop
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -6229,6 +6229,38 @@ onvif://www.onvif.org/name/ARV-453
</variablelist>
</para>
</section>
<section>
<title>Configuration Renewal</title>
<para>
The configuration allows for a renewal endpoint to be set. If the device supports this feature, it shall automatically renew the credentials
when they are about to expire.
</para>
<para>
The device shall do a GET request to the configured <literal>RenewalEndpoint</literal> with a JWT token retrieved from the configured
<literal>AuthorizationServer</literal>. The endpoint shall respond with a JSON payload with the following structure:
<programlisting><![CDATA[Content-Type: application/vnd.onvif.storageconfiguration.renewal+json

{
"type": "string",
"region": "string" | null,
"localPath": "string" | null,
"storageUri": "string" | null,
"user": {
"username": "string" | null,
"password": "string" | null
},
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
"expiresAt": "<ISO 8601 date-time>"
}]]></programlisting>
When the device receive a configuration with the <literal>ConfigurationRenewal</literal> set, it shall immediately contact
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
the renewal endpoint to get up-to-date credentials. The device may use the credentials provided by the configuration in the
meantime to avoid service disruption.
</para>
<para>
The device shall ensure to renew the configuration before the expiration provided by the <literal>expiresAt</literal> field.
If the renewal endpoint fails to provide a valid response, the device shall continue to use the existing configuration and retry
later using an exponential backoff strategy.
</para>
</section>
<section>
<title>GetStorageConfigurations</title>
<para>This operation lists all existing storage configurations. A device indicating storage configuration capability shall support the listing of existing storage configurations through the GetStorageConfigurations command.</para>
Expand Down
31 changes: 31 additions & 0 deletions wsdl/ver10/device/wsdl/devicemgmt.wsdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,11 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
<xs:documentation>Indicates maximum number of storage configurations supported.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="StorageConfigurationRenewal" type="xs:boolean">
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
<xs:annotation>
<xs:documentation>Indicates support for renewal of storage configuration.</xs:documentation>
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
</xs:annotation>
</xs:attribute>
<xs:attribute name="GeoLocationEntries" type="xs:int">
<xs:annotation>
<xs:documentation>If present signals support for geo location. The value signals the supported number of entries.</xs:documentation>
Expand Down Expand Up @@ -2159,6 +2164,32 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
<xs:documentation>User credential for the storage server</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ConfigurationRenewal" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="RenewalEndpoint" type="xs:anyURI">
<xs:annotation>
<xs:documentation>Remote URL to be queried by the device to renew the storage configuration.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="AuthorizationServer" type="tt:ReferenceToken">
<xs:annotation>
<xs:documentation>JWTConfiguration token referring to an Authorization server that provides JWT token to authorize with the the renewal endpoint.</xs:documentation>
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
</xs:annotation>
</xs:element>
<xs:element name="CertPathValidationPolicyID" type="xs:string" minOccurs="0">
<xs:annotation>
<xs:documentation>CertPathValidationPolicyID used to validate the renewal endpoint server certificate. If CertPathValidationPolicyID is not configured, the certificate shall not be validated.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Error" type="xs:string" minOccurs="0">
jmelancongen marked this conversation as resolved.
Show resolved Hide resolved
<xs:annotation>
<xs:documentation>Optional user readable error information (readonly).</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Extension" minOccurs="0">
<xs:complexType>
<xs:sequence>
Expand Down