Target registry option: Eclipse Hono

docs/content/guides/runhawkbit.md

@@ -66,6 +66,54 @@ spring.rabbitmq.host=localhost
 spring.rabbitmq.port=5672
 ```
 
+### Set [Eclipse Hono](https://www.eclipse.org/hono/) as hawkBit's device registry
+
+```
+hawkbit.dmf.hono.enabled=true
+hawkbit.dmf.hono.tenant-list-uri=http://HONO_HOST/v1/tenants
+hawkbit.dmf.hono.device-list-uri=http://HONO_HOST/v1/devices/$tenantId
+hawkbit.dmf.hono.credentials-list-uri=http://HONO_HOST/v1/credentials/$tenantId/$deviceId
+```
+`$tenantId` and `$deviceId` are placeholders which will be replaced by hawkBit during the respective requests.
+
+hawkBit currently supports three different methods to authenticate with hono:
+- None (`none`; default)
+- BasicAuth (`basic`)
+- OpenID Connect (`oidc`)
+
+If you intend to use any authentication method other than `none` you must provide these additional properties: 
+
+```
+hawkbit.dmf.hono.authentication-method=oidc
+hawkbit.dmf.hono.username=USERNAME
+hawkbit.dmf.hono.password=PASSWORD
+
+// Only for authentication-method = oidc
+hawkbit.dmf.hono.oidc-token-uri=http://OIDC_HOST/auth/realms/REALM/protocol/openid-connect/token
+hawkbit.dmf.hono.oidc-client-id=OIDC_CLIENT_ID
+hawkbit.dmf.hono.oidc-client-secret=OIDC_CLIENT_SECRET # You can use a oidc client secret instead of username+password
+```
+
+hawkBit handles device registry updates through CUD events emitted by Hono over any Spring Cloud Stream supported channel, such as AMQP or Google Cloud Pub/Sub.
+
+In order to have predictable channel names use the following properties:
+```
+spring.cloud.stream.bindings.device-created.destination=device-registry.device-created
+spring.cloud.stream.bindings.device-created.group=hawkBit
+spring.cloud.stream.bindings.device-updated.destination=device-registry.device-updated
+spring.cloud.stream.bindings.device-updated.group=hawkBit
+spring.cloud.stream.bindings.device-deleted.destination=device-registry.device-deleted
+spring.cloud.stream.bindings.device-deleted.group=hawkBit
+```
+For Google Cloud Pub/Sub disable the default Maven profile `hono-amqp` and enable the profile `amqp-gcp-pubsub`.
+
+Additionally, you can specify a field of the device's extension object which will be used as the corresponding target's name:
+```
+hawkbit.dmf.hono.target-name-field=fancyFieldName
+```
+If none is specified the device's ID is used as the target's name.
+
+
 ### Adapt hostname of example scenario [creation script](https://github.com/eclipse/hawkbit-examples/blob/master/hawkbit-example-mgmt-simulator/src/main/resources/application.properties)
 
 Should only be necessary if your system does not run on localhost or uses a different port than the example app.

hawkbit-autoconfigure/pom.xml

@@ -25,12 +25,18 @@
          <version>${project.version}</version>
          <optional>true</optional>
       </dependency>
-       <dependency>
+      <dependency>
          <groupId>org.eclipse.hawkbit</groupId>
          <artifactId>hawkbit-dmf-amqp</artifactId>
          <version>${project.version}</version>
          <optional>true</optional>
       </dependency>
+      <dependency>
+         <groupId>org.eclipse.hawkbit</groupId>
+         <artifactId>hawkbit-dmf-hono</artifactId>
+         <version>${project.version}</version>
+         <optional>true</optional>
+      </dependency>
       <dependency>
          <groupId>org.eclipse.hawkbit</groupId>
          <artifactId>hawkbit-ui</artifactId>

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/dmf/hono/DmfHonoAutoConfiguration.java

@@ -0,0 +1,23 @@
+/**
+ * Copyright (c) 2019 Kiwigrid GmbH and others.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.eclipse.hawkbit.autoconfigure.dmf.hono;
+
+import org.eclipse.hawkbit.dmf.hono.DmfHonoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+
+/**
+ * The Eclipse Hono based device Management Federation API (DMF) auto configuration.
+ */
+@Configuration
+@ConditionalOnClass(DmfHonoConfiguration.class)
+@Import(DmfHonoConfiguration.class)
+public class DmfHonoAutoConfiguration {
+}

hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java

@@ -24,6 +24,7 @@
 import org.eclipse.hawkbit.cache.DownloadIdCache;
 import org.eclipse.hawkbit.ddi.rest.api.DdiRestConstants;
 import org.eclipse.hawkbit.ddi.rest.resource.DdiApiConfiguration;
+import org.eclipse.hawkbit.dmf.hono.HonoDeviceSync;
 import org.eclipse.hawkbit.im.authentication.SpPermission;
 import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
 import org.eclipse.hawkbit.im.authentication.TenantUserPasswordAuthenticationToken;
@@ -40,15 +41,18 @@
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateAnonymousDownloadFilter;
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticateSecurityTokenFilter;
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedGatewaySecurityTokenFilter;
+import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedHonoFilter;
 import org.eclipse.hawkbit.security.HttpControllerPreAuthenticatedSecurityHeaderFilter;
 import org.eclipse.hawkbit.security.HttpDownloadAuthenticationFilter;
+import org.eclipse.hawkbit.security.PreAuthHonoAuthenticationProvider;
 import org.eclipse.hawkbit.security.PreAuthTokenSourceTrustAuthenticationProvider;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
 import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.eclipse.hawkbit.ui.MgmtUiConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -165,6 +169,9 @@ static class ControllerSecurityConfigurationAdapter extends WebSecurityConfigure
         private final HawkbitSecurityProperties securityProperties;
         private final SystemSecurityContext systemSecurityContext;
 
+        @Autowired(required = false)
+        private HonoDeviceSync honoDeviceSync;
+
         @Autowired
         ControllerSecurityConfigurationAdapter(final ControllerManagement controllerManagement,
                 final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
@@ -213,6 +220,17 @@ protected void configure(final HttpSecurity http) throws Exception {
             securityHeaderFilter.setCheckForPrincipalChanges(true);
             securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
 
+
+            HttpControllerPreAuthenticatedHonoFilter honoFilter = null;
+            if (honoDeviceSync != null) {
+                honoFilter = new HttpControllerPreAuthenticatedHonoFilter(
+                        tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext,
+                        honoDeviceSync);
+                honoFilter.setAuthenticationManager(authenticationManager());
+                honoFilter.setCheckForPrincipalChanges(true);
+                honoFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+            }
+
             final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
                     tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext);
             securityTokenFilter.setAuthenticationManager(authenticationManager());
@@ -244,7 +262,11 @@ protected void configure(final HttpSecurity http) throws Exception {
                         .authenticationFilter(anonymousFilter);
             } else {
 
-                httpSec.addFilter(securityHeaderFilter).addFilter(securityTokenFilter)
+                httpSec.addFilter(securityHeaderFilter);
+                if (honoFilter != null) {
+                    httpSec.addFilter(honoFilter);
+                }
+                httpSec.addFilter(securityTokenFilter)
                         .addFilter(gatewaySecurityTokenFilter).requestMatchers().antMatchers(DDI_ANT_MATCHERS).and()
                         .anonymous().disable().authorizeRequests().anyRequest().authenticated().and()
                         .exceptionHandling()
@@ -257,6 +279,10 @@ protected void configure(final HttpSecurity http) throws Exception {
         @Override
         protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
 
+            if (honoDeviceSync != null) {
+                auth.authenticationProvider(new PreAuthHonoAuthenticationProvider(honoDeviceSync,
+                        ddiSecurityConfiguration.getRp().getTrustedIPs()));
+            }
             auth.authenticationProvider(new PreAuthTokenSourceTrustAuthenticationProvider(
                     ddiSecurityConfiguration.getRp().getTrustedIPs()));
         }
@@ -281,6 +307,9 @@ static class ControllerDownloadSecurityConfigurationAdapter extends WebSecurityC
         private final HawkbitSecurityProperties securityProperties;
         private final SystemSecurityContext systemSecurityContext;
 
+        @Autowired(required = false)
+        private HonoDeviceSync honoDeviceSync;
+
         @Autowired
         ControllerDownloadSecurityConfigurationAdapter(final ControllerManagement controllerManagement,
                 final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,
@@ -329,6 +358,16 @@ protected void configure(final HttpSecurity http) throws Exception {
             securityHeaderFilter.setCheckForPrincipalChanges(true);
             securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
 
+            HttpControllerPreAuthenticatedHonoFilter honoFilter = null;
+            if (honoDeviceSync != null) {
+                honoFilter = new HttpControllerPreAuthenticatedHonoFilter(
+                        tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext,
+                        honoDeviceSync);
+                honoFilter.setAuthenticationManager(authenticationManager());
+                honoFilter.setCheckForPrincipalChanges(true);
+                honoFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+            }
+
             final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
                     tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext);
             securityTokenFilter.setAuthenticationManager(authenticationManager());
@@ -366,7 +405,11 @@ protected void configure(final HttpSecurity http) throws Exception {
                         .authenticationFilter(anonymousFilter);
             } else {
 
-                httpSec.addFilter(securityHeaderFilter).addFilter(securityTokenFilter)
+                httpSec.addFilter(securityHeaderFilter);
+                if (honoFilter != null) {
+                    httpSec.addFilter(honoFilter);
+                }
+                httpSec.addFilter(securityTokenFilter)
                         .addFilter(gatewaySecurityTokenFilter).addFilter(controllerAnonymousDownloadFilter)
                         .requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().anonymous().disable()
                         .authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
@@ -379,6 +422,10 @@ protected void configure(final HttpSecurity http) throws Exception {
         @Override
         protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
 
+            if (honoDeviceSync != null) {
+                auth.authenticationProvider(new PreAuthHonoAuthenticationProvider(honoDeviceSync,
+                        ddiSecurityConfiguration.getRp().getTrustedIPs()));
+            }
             auth.authenticationProvider(new PreAuthTokenSourceTrustAuthenticationProvider(
                     ddiSecurityConfiguration.getRp().getTrustedIPs()));
         }
@@ -435,6 +482,9 @@ public static class IdRestSecurityConfigurationAdapter extends WebSecurityConfig
         @Autowired
         private DownloadIdCache downloadIdCache;
 
+        @Autowired(required = false)
+        private HonoDeviceSync honoDeviceSync;
+
         @Override
         protected void configure(final HttpSecurity http) throws Exception {
 
@@ -453,6 +503,10 @@ protected void configure(final HttpSecurity http) throws Exception {
 
         @Override
         protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+            if (honoDeviceSync != null) {
+                auth.authenticationProvider(new PreAuthHonoAuthenticationProvider(honoDeviceSync,
+                        ddiSecurityConfiguration.getRp().getTrustedIPs()));
+            }
             auth.authenticationProvider(new PreAuthTokenSourceTrustAuthenticationProvider(
                     ddiSecurityConfiguration.getRp().getTrustedIPs()));
         }

hawkbit-autoconfigure/src/main/resources/META-INF/spring.factories

@@ -4,6 +4,7 @@ org.eclipse.hawkbit.autoconfigure.cache.CacheAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.cache.DownloadIdCacheAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.ddi.DDiApiAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.dmf.amqp.DmfApiAutoConfiguration,\
+org.eclipse.hawkbit.autoconfigure.dmf.hono.DmfHonoAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.mgmt.ui.MgmtUiAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.mgmt.MgmtApiAutoConfiguration,\
 org.eclipse.hawkbit.autoconfigure.repository.event.EventPublisherAutoConfiguration,\

hawkbit-dmf/hawkbit-dmf-hono/pom.xml

@@ -0,0 +1,48 @@
+<!--
+
+    Copyright (c) 2019 Kiwigrid GmbH and others.
+
+    All rights reserved. This program and the accompanying materials
+    are made available under the terms of the Eclipse Public License v1.0
+    which accompanies this distribution, and is available at
+    http://www.eclipse.org/legal/epl-v10.html
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>hawkbit-dmf-parent</artifactId>
+        <groupId>org.eclipse.hawkbit</groupId>
+        <version>0.3.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>hawkbit-dmf-hono</artifactId>
+    <name>hawkBit :: DMF :: Hono</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-stream</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.hawkbit</groupId>
+            <artifactId>hawkbit-repository-api</artifactId>
+            <version>0.3.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.hawkbit</groupId>
+            <artifactId>hawkbit-repository-core</artifactId>
+            <version>0.3.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.hawkbit</groupId>
+            <artifactId>hawkbit-repository-jpa</artifactId>
+            <version>0.3.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+    </dependencies>
+</project>