<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 11, 2014 at 5:08 PM, Lukáš Fryč <span dir="ltr"><<a href="mailto:lukas.fryc@gmail.com" target="_blank">lukas.fryc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Tue, Nov 11, 2014 at 2:12 PM, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><p style="margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px;margin-top:0px!important">Hi,</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">I would like to start a discussion around the import/export of installations in UPS. To track all the tasks, we have a ticket[1] also containing some sub-tasks.</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-scope" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Scope</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">For now we stick to installations, meanning we can import or export installations from a particular Variant. Import/Export for Variants will maybe come later but due to some security issues (mainly for iOS cert/passphrase) it's on hold.</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-import-service" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Import Service</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">That's an easy one ;) since the service already exist [2]. It's a REST service and it uses the VariantId/Secret combination to authenticate.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">Data format looks like :</p><pre style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;margin-top:0px;margin-bottom:16px;padding:16px;overflow:auto;line-height:1.45;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;padding:0px;margin:0px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-break:normal;border:0px;display:inline;line-height:inherit;word-wrap:normal;background-color:transparent">[
{
"deviceToken" : "someTokenString",
"deviceType" : "iPad",
"operatingSystem" : "iOS",
"osVersion" : "6.1.2",
"alias" : "someUsername or email adress...",
"categories" : ["football", "sport"]
},
{
"deviceToken" : "someOtherTokenString",
...
},
...
]
</code></pre><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-export-service" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Export Service</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">Like import, it will use the variantId/secret combo to authenticate and retrieve the right variant to export the installations. The data structure format would of course looks like the one used for import.</p><h3 style="margin-top:1em;margin-bottom:16px;line-height:1.43;font-size:1.5em;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-output-format" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Output format</h3><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">How should provide the exported data ? I need your input here 1. Raw Json ? 2. Json file ? 3. Zip / tarball ?</p></div></blockquote><div><br></div></span><div>Gzipped json file download sounds as easily accessible for browsers.</div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-ui" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>UI</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">UI should be a <em>nice to have</em></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">I would suggest to add 2 items (import and export) in the contextual menu that you can see in this screenshot :</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px"><a href="https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank"><img src="https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67" alt="" style="border: 0px; max-width: 100%;"></a></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">For import, the user will have a <code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0.2em 0px;margin:0px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgba(0,0,0,0.0392157)">file</code> input and feedback on how many installations were imported. For export, the user just have to press an <code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0.2em 0px;margin:0px;border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;background-color:rgba(0,0,0,0.0392157)">export</code> button</p></div></blockquote><div><br></div></span><div>+1 sounds good, we just need to decide whether block the user when uploading / downloading</div><div><br></div><div>I guess:</div><div><br></div><div>a) downloading - do not block UI, downloading is a separate activity</div><div>b) uploading - block the UI, offer progress and error indication and ability to cancel the process (transactional? - cancelling means no installation is imported?)</div></div></div></div></blockquote><div>I want to bring up this point again by exposing the current situation.</div><div><br></div><div> The import process is async on the server side : <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/installations/InstallationRegistrationEndpoint.java#L246-L248">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/installations/InstallationRegistrationEndpoint.java#L246-L248</a> </div><div>And as you can see we always return a 200 Ok . </div><div><br></div><div>So what do we want to do here : </div><div>1. Just inform the Front End that the import process has started (with no feedback on success or failure) </div><div>2. Make it blocking on the server side :/ ? </div><div>3. Add some Push feature to inform the frontend of the import result </div><div><br></div><div>In the PR I'm about to submit, option 1 will be there. But based on the discussion, it will of course be updated if needed.</div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><div dir="ltr"><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-migration-issues" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Migration issues</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">So, that is a very important point that I would like to discuss. Even if we are able to import installations, the <strong>variantID_ and the __variantSecret</strong> will not match with those that are in the Clients.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">Imagine the following scenario : I export 15000 installations, my datacenter burns, I create a new UPS instance, with a new Push App and a new Variant (so new VariantID and VariantSecret), then I inport the installations. Well, my 15000 clients will point to the wrong variant. For sure, they can be updated but that might not always be an option.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">That is why I would like suggest the following change : Make <strong>VariantId</strong> and <strong>VariantSecret</strong> editable, so after someone has done an import he can change the values of the variants so it matches the clients.</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">I know we had this discussion before, but in the future we might want to change the naming around VariantId and VariantSecret, to me it sounds more like <strong>variantAPIKey</strong> / <strong>variantAPISecret</strong></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">wdyt ?</p><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif"><a name="1499f9d75b0e5140_1499efc16cadc060_user-content-security" href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px" target="_blank"></a>Security</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">As said before, import/export uses variantId/variantSecret to authenticate. So if someone has access to these keys he could make a malicious import of 500k installations. What should we do for that ? We could give this access only to authenticated "console" users but then it would be hard to expose import/export as rest service (because of KC implication)</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">Please comment, ask questions , be crazy ...</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">Sebi</p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">[1] <a href="https://issues.jboss.org/browse/AGPUSH-978" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://issues.jboss.org/browse/AGPUSH-978</a></p><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:20.4799995422363px">[2] <a href="http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html" rel="noreferrer" style="color:rgb(65,131,196);text-decoration:none" target="_blank">http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html</a></p></div>
<br></span>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div></div>