Enhancement to support managing multiple devices per Device Access #71
Conversation
hubertp-ericsson
requested review from
PeterKovacs2,
carlosromerog,
eric-murray and
tlohmar
as code owners
hubertp-ericsson
force-pushed
the
hubertp-device-groups
branch
from
5c8ac5a to
e0f882a
Compare
|
@camaraproject/application-profile_codeowners that PR is too large to be incorporated last minute into the Fall25 release, so I suppose it is planned for the next release. Please set to draft to provide release reviewers a clear situation. |
|
/easycla |
# Conflicts resolved in: # code/API_definitions/dedicated-network-accesses.yaml
|
I have some concerns on this pull request, I will express in the following comments:
Notes 11/3/2025: We have also to define a behavior for overlapping groups: (A) prevent a device from being concurrently in two active group‑bound accesses for the same networkId (B) manage union of multiple accesses (couldn't be too complex?!) |
Example: ASP API consumer 1 has provisioned a group of device with individual API endpoint, ASP API consumer 2 has provisioned a set of device with group API endpoint. After a while a third actor (could be in ASP or CSP) has to do an auditing on a wrong provisioning and he has no glue on which was the event to lookup in the logs... The API could expose whether an access was created via group or individually (e.g., provisioningMode = individual|group, originGroupId) to avoid relying solely on backend DB for reporting and troubleshooting. Those info can be exposed in the GET /accesses response or can be introduced as query parmeters in the endpoint (GET /accesses?networkId=...&deviceGroupId=...&provisioningMode=group&originGroupId=...) |
Challenging example: Suppose a group is created and then, via PATCH, the QoS Profile or Network ID is changed for a specific device within that group. This could introduce complexity and ambiguity in managing device-to-network relationships. A uniform mode approach would mean that the group is intended as a cohesive management unit: all devices share defaultQosProfile and qosProfiles; per‑device PATCH operations on accesses created via group provisioning (provisioningMode=group) are forbidden. If individualized management is required for a device, the correct process would be:
|
|
Counting and Observability issue: with two separate POST endpoint, if I want to know how many devices are there with the specific Dedicated Network (so the instance of a DN with a specific Network ID) how can I count them? I suggest to design, together with the current endpoints, a way to count devices per networkId and filter by deviceGroupId, provisioningMode, originGroupId, etc Possible suggested counting endpoints: |
Alternative Approach to new endpoint for group device access.If the real need is bulk provisioning, you may consider extending the existing POST /accesses to accept multiple devices. { Another alternative is introducing POST /accesses/batch instead of creating a new persistent resource type. NOTE 3/11/2025 APIs can be designed to reflect aggregate boundaries:
Treating a group of resources (in our case device accesses) as an aggregate means that the API exposes only the operations that make sense for the whole group. If a device needs any specific individual management, as shown in comment 1 above, it must first be removed from the group. This means that the APIs is mirroring the aggregate’s consistency boundary in the underlining software, making both implementation and client code simpler and potentially more concurrency-safe. So together with this alternative approach , it could be beneficial for the API that we preserve consistency and the aggregate boundary by rejecting PATCH operations that attempt to modify per-device settings on accesses provisioned via a group (provisioningMode=group). This would help maintain clear and predictable behavior for both API consumers and implementers. |
|
Wouldn't it make sense to collaborate with the team of cos-booking-and-assignment and see if it is possible to find a common ground to design the assignment of a bulk of device with one request to a network (reservation)? I'm skeptical to introduce a complete new resource type for this purpose, especially if there is the requirement that devices can be managed individually further on. |
|
Just to note that since CAMARA follows REST principles, we should use the established term 'collection' to refer to a group of resources ( ref "Architectural Styles and the Design of Network-based Software", R. Fielding, Section 5.2.1.1, 2000). |
Thanks for your comment. Just to understand your comment, are you suggesting to use the term 'device-collection' in the API instead of 'device-group' ? |
No, it's rather when discussing the concept - I suggest to use 'collection' rather than 'group of resources' or 'aggregate' , because it's the established term. The collection resource itself can be named whatever is deemed most suitable. |
4 participants
What type of PR is this?
What this PR does / why we need it:
This PR proposes enhancement of the Accesses API to enable handling of more than one device per Device Access. It addresses issue #70 by adding a separate device group handling endpoint and a new device group identifier. The device group identifier is used when providing device access to Dedicated Network. The device group referred to by the identifier can be used by more than one Device Access at the same time or at different times (i.e. identified by different
accessIdidentifiers), and can therefore be reused multiple times. Devices can be added and/or removed from a device group while being used be a Device Access affecting their respective rights to access the Dedicated Network.Which issue(s) this PR fixes:
Fixes #70
Special notes for reviewers:
Changelog input
Additional documentation
This section can be blank.