From 697a7a7e7e47e674e7e627239e84885ae2a830f6 Mon Sep 17 00:00:00 2001 From: Krishna Iyer Easwaran Date: Wed, 5 Jul 2023 11:59:40 +0200 Subject: [PATCH 1/2] tts: Export CACs only on explicit request --- pkg/source/tts/config/config.go | 17 +++++++++++++---- pkg/source/tts/source.go | 10 ++++++++-- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/pkg/source/tts/config/config.go b/pkg/source/tts/config/config.go index 6a9eb0a..d8bd478 100644 --- a/pkg/source/tts/config/config.go +++ b/pkg/source/tts/config/config.go @@ -98,7 +98,7 @@ func New() (*Config, *pflag.FlagSet) { os.Getenv("TTS_DEFAULT_GRPC_ADDRESS"), "TTS default GRPC Address (optional)") flags.StringVar(&config.ServerConfig.ApplicationServerGRPCAddress, - "appplication-server-grpc-address", + "application-server-grpc-address", os.Getenv("TTS_APPLICATION_SERVER_GRPC_ADDRESS"), "TTS Application Server GRPC Address") flags.StringVar(&config.ServerConfig.IdentityServerGRPCAddress, @@ -123,6 +123,12 @@ func New() (*Config, *pflag.FlagSet) { false, "TTS delete exported devices") + flags.BoolVar(&config.ExportCACs, + "export-cacs", + false, + "Export Claim Authentication Codes (CAC)", + ) + return config, flags } @@ -131,11 +137,14 @@ type Config struct { ServerConfig *serverConfig - caPath, appAPIKey, - AppID string + insecure bool + caPath string + appAPIKey string - insecure, NoSession, + ExportCACs bool + NoSession bool DeleteSourceDevice bool + AppID string } func (c *Config) Initialize(rootConfig source.Config) error { diff --git a/pkg/source/tts/source.go b/pkg/source/tts/source.go index 9f5b00f..16ed0f2 100644 --- a/pkg/source/tts/source.go +++ b/pkg/source/tts/source.go @@ -48,7 +48,13 @@ func (s Source) ExportDevice(devID string) (*ttnpb.EndDevice, error) { return nil, errNoAppID.New() } - isPaths, nsPaths, asPaths, jsPaths := splitEndDeviceGetPaths(ttnpb.BottomLevelFields(ttnpb.EndDeviceFieldPathsNested)...) + basePaths := ttnpb.EndDeviceFieldPathsNested + + if !s.config.ExportCACs { + basePaths = ttnpb.ExcludeFields(basePaths, claimAuthenticationCodePaths...) + } + + isPaths, nsPaths, asPaths, jsPaths := splitEndDeviceGetPaths(ttnpb.BottomLevelFields(basePaths)...) if len(nsPaths) > 0 { isPaths = ttnpb.AddFields(isPaths, "network_server_address") } @@ -73,7 +79,7 @@ func (s Source) ExportDevice(devID string) (*ttnpb.EndDevice, error) { if err != nil { return nil, err } - if dev.ClaimAuthenticationCode.GetValue() != "" { + if dev.ClaimAuthenticationCode.GetValue() != "" || !s.config.ExportCACs { // ClaimAuthenticationCode is already retrieved from the IS. We can unset the related JS paths jsPaths = ttnpb.ExcludeFields(jsPaths, claimAuthenticationCodePaths...) } From 1125cf599cbe2a8a5d9ddc6b2faea261db075973 Mon Sep 17 00:00:00 2001 From: Krishna Iyer Easwaran Date: Wed, 5 Jul 2023 12:10:31 +0200 Subject: [PATCH 2/2] dev: Update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb4516f..6a5a9ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Added - Each source has its own dedicated command. +- End Device Claim Authentication Codes are exported only if `--export-cacs` is set. ### Changed @@ -22,6 +23,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Fixed +- Wrong flag name `appplication-server-grpc-address` fixed to `application-server-grpc-address`. + ### Security ## [v0.9.0]