-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication Feature need to be Added #46
Comments
@vadivelk2023 |
The OPC UA Protocol supports Authentication mechanisms such as Username/Password, X509 Certificate, JWT token based authentication. For more details please visit https://reference.opcfoundation.org/Core/Part2/v105/docs/5.2.3 Please consider these auth mechanisms for OPC UA device service. |
OK, I see. |
Thanks for the Invite :) However, the library used in the device-opc-ua (https://github.com/gopcua/opcua) supports all these authentication mechanisms. The only thing that needs to be done is adding additional keys to get these values in config and adding two more functions to pass the credentials to the underlying Native gopcua library based on the auth mode mentioned in config. I have another doubt and please consider this as a suggestion as well. The authentication information is mentioned in configuration.yml file. Whenever a new device is added to the device-opc-ua service its auth details need to be added to the configuration.yml file. As of now based on my understanding there is no API to change/update the content of the configuration.yml file (Example is App Service Configurable completely works based on the configuration.yml file - The only way to update the file content is rebuilding the image or mounting the file from local file system - This also requires deleting the metadata volume). My suggestion is why don't we get these details from the device file itself? If it is maintained in the device file it can be updated through Core metadata API. Like below Path:cmd/res/devices/Simple-Devices.yaml deviceList:
|
The suggestion as you mentioned in the second paragraph, it's a good idea. Maybe we'll refactor it in the next release v3.2 or later. |
The credentials should not be stored in core-metadata, but in the secret store. |
@vadivelk2023 I have do something about what you've mention, you can find it here Ldsystem/device-opc-ua.
But I'm totally new to golang and I've made a massive change of the code, so it is difficult for me to bring it back to this repo. you can try it before the updates come to life. |
@cloudxxx8 I agree with you regarding credential management. @jiekechoo The device-opc-ua has provision to add certificate and key in configuration.yml. validation also fine. But it is not properly passed or handled in getClient function in subscriptionlistener.go file. My suggestions to improve this is
The certificate paths were directly referring configuration.yml file content not secretstore. This need to be improved. @Ldsystem I appreciate your effort. But in my experience I have seen connection pool for databases only not for OPCUA Servers. I am not sure it is required or not. please do a performance testing with and without connection pool. If there is some positive results we may consider connection pool as well. |
I see. |
@vadivelk2023 I did performance tests indeed, here are the results:
I also try #48 on my local computer, it performs nearly the same as my single reusable client test case:
As we can see, when running with |
Username and Password based authentication need to be added.
The text was updated successfully, but these errors were encountered: