Balena-cli breaks token authentication with openBalena in newest release

[HenrikWittemeier]

Expected Behavior

balena login --token *** should succeed

Actual Behavior

balena login --token ** Throws: Logging in to *My openbalenainstance "Token authentication failed"

Steps to Reproduce the Problem

Use openbalena as Server Install recent CLI (v16.7.9) Try login authentication with Token

Specifications

• balena CLI version: v16.7.9
• Cloud backend: openBalena or balenaCloud? openBalena
• Operating system version: ubuntu 22.04
• 32/64 bit OS and processor: 64bit arm / 64bit x64
• Install method: only download and unzip the release, no installation

[otaviojacobi]

Hello @HenrikWittemeier thanks for raising I will look into what can be done on the CLI side to fix it. The underlying issue here is that the newer version of the CLI is consuming a new endpoint on open-balena-api for /actor/v1/whoami which allows us to do a whole new set of interesting features such as login with device/application api keys, so if possible updating your open-balena-api would solve the issue.

In the mean time, I understand updating open-balena-api it might not be your best option so I will raise internally to see what we can do regarding fixing it.

[otaviojacobi]

Hello, unfortunately this is expected behaviour and balena cli newer versions require open balena api to have been updated to v14.1.0+

[shawaj]

This should not have been closed.

It's not currently possible to update open-balena-api to v14.1.0 when running openbalena.

See the current versions here: https://github.com/balena-io/open-balena/blob/master/compose/versions

[shawaj]

@otaviojacobi Unless maybe you can merge this? https://github.com/balena-io/open-balena/pull/168

And fix the issues described here: https://forums.balena.io/t/fixed-openbalena-api-migration-issues-v0-209-2-v14-3-6/368841

[thgreasi]

It's not currently possible to update open-balena-api to v14.1.0 when running openbalena.

Hi @shawaj, Can you clarify why it's not possible to update the open-balena-api version on your open-balena deployment setup? While we have passed https://github.com/balena-io/open-balena/pull/168 internally for review, can you confirm whether the changes there work for you?

This issue is closed since even though the title is a fact (for that cli-api combination), it is not a balena-cli issue per see. That's because the cli has been updated to use the latest features available on the latest open-balena-api and balena-cloud. In many cases in order to be update the balena-cli to the latest version, it is expected for open-balena users to have to update their open-balena-api to the respective version that it depends on.

[shawaj]

@thgreasi there's a few different issues here really:

1. Breaking changes without any kind of documentation or notification
2. As detailed in this forum post, the upgrade path to latest versions of API is broken https://forums.balena.io/t/fixed-openbalena-api-migration-issues-v0-209-2-v14-3-6/368841
3. The above is true with all versions of openbalena components not just API
4. The link https://github.com/balena-io/open-balena/pull/168 doesn't solve the cli problems that have been introduced because it is using open-balena-api v11.8.3. @otaviojacobi has said it needs to be at v14.1.0+

Maybe some time should be spent to upgrade openbalena documentation? It hasn't been updated meaningfully in a very long time.

I get that openbalena isn't a money spinner for you like BalenaCloud. But with trusted community members like @bartversluijs putting in PRs and then taking 6+ months to be reviewed seems a bit excessive.

I also don't really understand why openbalena can't be added to your automated build and test pipelines.

[babourn]

@thgreasi Bumping this, I agree with @shawaj it doesn't make a ton of sense to me why this repo isn't updated more often. It would make sense to spend just a little bit time to add this to an automated build/test pipeline and then you could actually merge community PRs as it stands today People aren't going to submit PR's as they can clearly see it's going to take months if not Years for them to even be looked at. The cost you put into maintaining this open source repo will assuredly help your company out as other people help build out your core product for you.

But I digress, any update on merging a PR/bumping versions in open balena so that the repo actually works without fixes?