search

TheThingsNetwork / lorawan-stack

The Things Stack, an Open Source LoRaWAN Network Server
https://www.thethingsindustries.com/stack/
Apache License 2.0
980 stars 309 forks source link

Potential regression in UpdateEndDeviceRequest #5553

Closed lulf closed 2 years ago

lulf commented 2 years ago

Summary

We have a component that is reconciling the internal state of our device database with TTN API, and it recently started failing with the following error:

{"code":3,"message":"error:pkg/rpcmiddleware/validator:field_mask_paths (forbidden path(s) in field mask)","details":[{"@type":"type.googleapis.com/ttn.lorawan.v3.ErrorDetails","namespace":"pkg/rpcmiddleware/validator","name":"field_mask_paths","message_format":"forbidden path(s) in field mask","attributes":{"forbidden_paths":["ids.dev_eui"]},"correlation_id":"641691f1fc9647bdae81347704ba514d","code":3}]}

I am not sure if this is an expected change on your end or not, but it seems like a regression unless I'm mistaken about it used to work before. It could also be that it just didn't throw the error before and ignored the fields that were not updateable.

In either case it would be useful to know if it's expected or not and if it's expected, make sure it's documented in the API reference.

Steps to Reproduce

  1. Create a device

    curl -X POST -i -H "Authorization: Bearer NNSXS...." https://eu1.cloud.thethings.network/api/v3/applications/myapp/devices?field_mask=name,description,attributes,join_server_address,network_server_address,application_server_address,ids.dev_eui -d '{"end_device":{"ids":{"device_id":"lora-device","dev_eui":"AAAAAAAAAAAAAAAA","join_eui":"0000000000000000"},"device_id":"lora-device"}, "field_mask":{"paths":["name", "description", "attributes", "join_server_address", "network_server_address", "application_server_address", "ids.dev_eui", "ids.join_eui"]}}'

  2. Attempt to update EUI of device:

    curl -X PUT -i -H "Authorization: Bearer NNSXS...." https://eu1.cloud.thethings.network/api/v3/applications/myapp/devices/lora-device -d '{"end_device":{"ids":{"device_id":"lora-device","dev_eui":"BBBBBBBBBBBBBBBB","join_eui":"0000000000000000"},"device_id":"lora-device"}, "field_mask":{"paths":["name", "description", "attributes", "join_server_address", "network_server_address", "application_server_address", "ids.dev_eui"]}}'

I'm using the public TTN service.

What do you see now?

That the device update request fails.

What do you want to see instead?

That I'm allowed to update the EUI OR that the documentation is updated to mention which field_masks are supported and not for Update operations.

Environment

Linux + curl using the REST API

...

lulf commented 2 years ago

Sorry for the spam. I accidentally hit create so I had to update the issue a few times with a more accurate description

nejraselimovic commented 2 years ago

@lulf Ulf, thank you for creating this issue. The ids.dev_eui field is indeed a part of the allowed field mask for the Set method, because you have to use it when registering the end device. However, when the end device is already created, this field can no longer be changed, i.e. you cannot update the DevEUI. This goes for app ID, device ID, join/app EUI, device EUI and API key ID. You can also notice that TTS Console prevents you from updating these fields as well.

To close this issue, I'll make a PR with a note that IDs cannot be updated.

lulf commented 2 years ago

@nejraselimovic Thanks for clarifying this! We'll update our usage of the API accordingly.