Open knolleary opened 4 months ago
Solutions:
- Migrate the credentialSecret to live with the snapshot. Allows the originating device/instance to be deleted without losing access to the snapshot
- Add ApplicationId to snapshot. This will be set based on the originating Instance/Device. Need to consider what happens if a Device is then reassigned to a different Application. Do the snapshots move over as well?
I believe this is done right? (snapshot table now has credentialSecret field)
This is tricky. A snapshot may also be assigned to a Device Group or another device that will remain in the original application. A question that has been posed before is, when a device or group is assigned a snapshot, should we generate a copy and let the thing own that copy? This would remove this problem (but there will likely be a new set of considerations).
Perhaps a first step would be to have the device abandon its snapshots (clear snapshot.DeviceId) when being removed from an application or maybe when assigned to another application? Consider "dangerous" or sensitive data may be in a devices snapshots, moving those snapshots to another application may not be desirable?
Related to the above, another point of this overall story is to add ApplicationId
so that snapshots are never really orphaned, meaning if we do have devices abandon its snapshots, they still exist and are still accessible to be exported/imported.
One hurdle of a snapshot with only ApplicationId
is that it wont appear in a device or instance snapshots list & therefore cannot be applied to anything without first exporting/importing. As part of this, or a future task, we might wish to provide snapshot assignment from the application level. Alternatively, we permit Instance snapshot view to see All Application snapshots (like a device can)?
Since the above would provide access to abandoned snapshots, there is a means of downloading orphaned snapshots and uploading to a device/instance, but that is not great UX. The next task could be to:
Description
We need to improve our general lifecycle handling of snapshots.
We have seen cases where a snapshot gets orphaned (as its Instance/Device is deleted). The snapshot may still be 'in-use' as the target for a device group - however it can no longer be deployed as the Instance/Device no longer exists to retrieve the credentialSecret needed to decrypt the credentials.
Also, once in this state, the snapshot doesn't appear anywhere in the UI because there is no relation between the snapshot and Application/Instance/Device in order to retrieve it.
Problems to solve:
Solutions: