Details
-
Type:
Task
-
Status: Done
-
Priority:
(None)
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: Client API: Authentication
-
Labels:
-
Sprint:MEN Sprint 123
-
Story Points:21
-
Epic Link:
-
Backlog:yes
-
Days in progress:0
Description
Acceptance criteria:
- DBus implementation must using Glib's GIO dbus library (search for D-Bus to find various sub categories).
- DBus must live in the separate authentication Go routine from
MEN-4015, and be multiplexed with channel requests from the client. - Client must register itself on the system bus as io.mender.AuthenticationManager
- The D-Bus object name must be /io/mender/AuthenticationManager
- The interface name must be io.mender.Authentication1
- The member name must be GetJwtToken (the full name will be io.mender.Authentication1.GetJwtToken if combined with the interface name)
- The endpoint must return the current JWT token.
- If no JWT token is available, error must be returned.
- Endpoint must not trigger authentication (this is a different endpoint).
- Following
MEN-4032, it must be possible to completely compile out the Glib dependency, and hence the API.
This introduction page is useful to understand the different DBus concepts. Also, in the demo that was made for this feature earlier, this command line was used to query the deployment API, which may serve as an example:
dbus-send --print-reply --system --dest=com.mender.MenderClient /com/mender/MenderClient com.mender.Deployments.CheckForDeployment
In the case of authentication, this would be:
dbus-send --print-reply --system --dest=com.mender.AuthenticationManager /com/mender/AuthenticationManager com.mender.Authentication.GetJwtToken
Attachments
Release management
Issue Links
- blocks
-
MEN-4011 Acceptance test for GetJwtToken client API endpoint
-
- Done
-
-
MEN-4016 Implement Dbus API: FetchJwtToken
-
- Done
-
-
MEN-4017 Implement DBus signal: ValidJwtTokenAvailable
-
- Done
-
-
MEN-4033 Acceptance test which tests that non-root processes cannot access Mender client API
-
- Done
-
-
MEN-4123 Run DBus code through valgrind to make sure there are no memory leaks
-
- Done
-
-
MEN-4013 Acceptance test which verifies that no sensitive data is passed over DBus insecurely
-
- Rejected
-
- is blocked by
-
MEN-4015 Isolate client authentication and move to separate Go routine
-
- Done
-
-
MEN-4032 Introduce Glib's GIO library as a dependency in the client
-
- Done
-