Login fails for UDMP (Unifi OS)

[chrishas35]

The UDMP is my first experience with a cloud key device as opposed to a standalone controller, so it's possible any CK controller may deal with this. Here's what I'm able to gather so far from the browser network calls:

When presented with the login page, the auth end-point is https://unifi/api/auth/login.

Once logged into the "device" home page, you click on Network to go do what is the typical controller view. That UI makes calls to API where the base URL is: https://unifi/proxy/network/api/.

So when I give the Terraform provider an api_url of "https://unifi/proxy/network/api/" it attempts to login at https://unifi/proxy/proxy/network/api/login which shows a return of 400 Bad Request.

Not entirely sure best way to move this forward, or the exact similarities between UDMP and other CK deployments. I have both a plain controller and the UDMP to compare to, but not a CK. Happy to provide any additional testing/troubleshooting.

[paultyng]

I'm kind of Unifi novice, and don't have a pro but I think your are referring to the WebRTC cloud connection? I have not figured out how to get the WebRTC connection to work yet, but it's definitely on my list. Only the direct controller access via IP or host name works so far.

In the cloud UI you can toggle between cloud or direct connection though. But obviously limiting in terms of management to require a local connection.

[paultyng]

My UDM does have a CK built in of course, I just don't run the SDK or provider through it yet.

[chrishas35]

Only trying to do the direct, local connection. Not WebRTC cloud connection. It's a varriation in how the direct controller is available on the UDMP

I've did a bit more digging and based on what I saw in this project the UDMP is running "Unifi OS." There are some references to this on ui.com, but not a whole lot. The Unifi OS wraps the controller, because that UDMP can also be running Protect, Access, etc.

As that project implemented, there is the login endpoint at /api/auth/login and then all of the network controller APIs will be behind /proxy/network. That's all a variation from the non-Unifi OS devices, maybe only UDMP at this point.

[chrishas35]

Also found this commit in a Go project that might be more useful than the python project.

My Go knowledge is a bit limited right now, so currently just collecting a bit of info. I recognize testing this without a device may prove difficult for you, so I might need to jump in with a fix.

[paultyng]

Maybe I can just split the variables for login path and API path in the near term to let you override in config.

[paultyng]

I think this is now resolved in 3d37110380a46485260835700cccfffdf008fd32. I just used a similar discovery mechanism that Unifi Poller uses.