Bosch IoT Device Management

2022-04-26 - Bosch IoT Things - service update

Our latest service release comes with the following new features:

Restrict creation of new policy / thing entities

With the latest release Bosch IoT Things supports you to restrict permissions to create things and policies specifically for each namespace.

A namespace policy is optional and by default not present.
A namespace without a policy means that every authenticated subject allowed to use the API in scope of your solution, is also allowed to create things and policies in that namespace.

However, in case you need to define creation restrictions, you can define a policy, potentially containing several policy entries which contain:

  • Subjects: defines who is allowed to create things or policies in the corresponding namespace.
    This may be for example a Suite OAuth2 client, or a user who is allowed to manage the subscription, or a role like Owner, Manager, Developer.

  • Resources: can be "thing:/" and/or "policy:/"
    No deeper levels of these resources can be referenced here, only root level is supported.

  • Permission: you can grant or revoke the "CREATE" permission.
    No other permissions are currently supported for namespace policies.
    As common in policies, a "revoke" is stronger than a "grant" on the same level, which is relevant if your authentication mechanism leads to that a user has several authorized subjects.

Examples

Find two example entries at Namespace policy.

Namespace management

The namespace policy can be managed either by the HTTP API or via the Suite UI

  • APIdocs: Navigate to HTTP API Solutions - /solutions/{solutionId}/namespaces/{namespaceId}/policy

  • Suite UI: select Namespaces from the left navigation bar

Enrichment of extra fields now supports placeholders

Connections, WebSockets as well as SSE support to configure enrichment of events via extraFields .
This existing mechanism has been enhanced to use two different placeholders instead of knowing the feature IDs in the configuration upfront:

  • features/*
    Using the asterisk/wildcard symbol * in place of the feature ID you can express to enrich data of all existing features of a thing.

  • features/{{ feature:id }}
    Using the placeholder syntax {{ feature:id }} in place of the feature ID you can express to enrich data for only the affected features of the change event.
    The placeholder syntax additionally supports applying placeholder functions, for example:

    • exclude specific feature IDs from being enriched:
      features/{{ feature:id | fn:filter('ne','ConnectionStatus') }}

    • include only specific feature IDs matching a pattern:
      features/{{ feature:id | fn:filter('like','*Updatabale|important*') }}

Example

Your application can configure to always include the feature "definition" of all affected modified features using the following extraFields.
Or, even more advanced, select both definition and potentially existing "desiredProperties" of all affected features:

  • extraFields=features/{{ feature:id }}/definition

  • extraFields=features/{{ feature:id }}/definition,features/{{ feature:id }}/desiredProperties

Or, using the asterisk/wildcard symbol, your application may always additionally receive all "desired properties" along with each event:

  • extraFields=features/*/desiredProperties

The extended enrichment is supported for all "change"-commands (i.e. "modify thing", "modify feature", "modify feature properties", "delete feature" "merge thing", etc.).


To omit a new source of failure or misunderstanding, the string for the feature ID
can not contain the * character, as it now has the wildcard semantic,
and cannot be the placeholder {{ feature:id }} itself.

Eclipse Ditto version 2.4 has been released

Bosch IoT Things is based on and powered by the open source project Eclipse Ditto.
Its latest version is 2.4.0. Read the full Ditto release notes at https://www.eclipse.org/ditto/release_notes_240.html.

At this occasion, various minor bugs have also been fixed.