We have a special identity, which has the attribute name “identity”. When I call the management-api I only get the " Device Id" from Mender. My specific identity is not in the answer of the call. On the GUI I see the identity and I can use it for listing.
Hi @urszaugg! If you can see it in the GUI, that’s a good sign, as it must be available. Could you share your request and response?
Your custom identity attribute should be in the “identity_data” of the response you get from the device authentication API (described in the docs here).
Oh, thanks a lot and sorry, that I haven’t seen it before. I just used the “device inventory”. It worked well with your proposal.
Hey no problem, glad to help! The device details are split between the inventory service and device authentication; the latter handles device identity as well as accepting/rejecting the devices.
Is it also possible to get a device by its identity? Something like /api/management/v1/inventory/devices?sn=abcdefg
, but sn
being an attribute from the device identity? Or do I have to loop through every device?
Use case: I want to use Azure’s device ID from the IoT Hub (which in my case is the same as the Common Name in the device’s client certificate), and I’d really like to sync Mender to the IoT Hub with that method. The preauthorization script from server-integrations unfortunately looses any information that lets me associate devices from the IoT hub with the correct one in Mender (and the other way around), and also doesn’t delete devices from Mender when deleting them in Azure… Using a common ID seems much more convenient, but I need the API to support that.
Hi @moqmar have you tried the details shown here? It seems to support just what you are describing. Please correct me if I am misunderstanding.
Drew
Yes, this works for the Inventory API, but I can’t use the Device’s identity here, only the metadata of the device, which can change at any time. It would be enough if that format would be supported by the Device Authentication API (/api/management/v2/devauth/devices?mac=12:34:...
instead of /api/management/v1/inventory/devices?mac_eth0=12:34:...
), but it isn’t - the mac address obviously is a bad example as it exists both in the metadata and in the identity, but if I change the script in /usr/share/mender/identity/mender-device-identity
, those values will be fully independent from each other.
@peter @tranchitella do either of you have anything to add here?
@moqmar unfortunately, Device Authentication API (devauth) does not support filters. With the current implementation of Mender APIs, you have to explicitly loop over the devices.