feat: add profile support to the tedge cli and fix mosquitto configuration

[jarhodes314]

Proposed changes

This changes tedge connect etc. to use the <cloud>@<profile> syntax. For example,

tedge connect c8y --profile edge

becomes

tedge connect c8y@edge

It also fixes some issues that were causing mosquitto to fail to start when multiple cloud profiles are configured.

Additionally it adds the missing systemd service definitions, so you can now start tedge-mapper-c8y@profile to spawn a mapper instance with a profile selected.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s)
• I ran cargo fmt as mentioned in CODING_GUIDELINES
• I used cargo clippy as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

Attention: Patch coverage is 48.40580% with 356 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/core/tedge/src/cli/connect/command.rs	0.00%	95 Missing ⚠️
crates/core/tedge/src/cli/common.rs	17.24%	47 Missing and 1 partial ⚠️
crates/core/tedge_mapper/src/lib.rs	25.49%	34 Missing and 4 partials ⚠️
.../tedge_config/src/tedge_config_cli/tedge_config.rs	76.76%	24 Missing and 9 partials ⚠️
crates/core/tedge/src/cli/certificate/cli.rs	11.76%	25 Missing and 5 partials ⚠️
...ig/src/system_services/managers/general_manager.rs	15.38%	22 Missing ⚠️
crates/core/tedge/src/cli/connect/cli.rs	0.00%	15 Missing ⚠️
crates/core/tedge/src/cli/refresh_bridges.rs	0.00%	13 Missing ⚠️
plugins/c8y_remote_access_plugin/src/lib.rs	0.00%	13 Missing ⚠️
...ommon/tedge_config/src/system_services/services.rs	18.18%	9 Missing ⚠️
... and 12 more

Additional details and impacted files

📢 Thoughts on this report? Let us know!

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
529	0	2	529	100	1h29m34.666915s

[didier-wenzek]

The UX is really nice and it's a real plus to have a certificate per cloud.

$ tedge config set c8y@pki.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key
$ tedge config set c8y@pki.device.cert_path /etc/tedge/device-certs/demo-c8y-ca.pem
$ tedge cert create --device-id demo-c8y-ca c8y@pki
Certificate was successfully created
$ tedge cert show c8y@pki
Device certificate: /etc/tedge/device-certs/demo-c8y-ca.pem
...
$ tedge cert show c8y    
Device certificate: /etc/tedge/device-certs/demo-device-888.pem
... untouched! nice!

However, error messages might be improved regarding this new CLOUD parameter on many tedge commands. Could the error message list the clouds?

$ tedge cert show c8y@foo
Error: missing configuration parameter

Caused by:
    Unknown profile `foo` for the multi-profile property c8y

But:

$ tedge cert show foo@pki
error: invalid value 'foo@pki' for '[CLOUD]': Unrecognised cloud type: "foo@pki"

For more information, try '--help'.

[reubenmiller]

@jarhodes314 Overall it looks good, though I just have the following questions/observations:

1. Can users set profile specific settings using environment variables?

   For example the following is rejected by zsh/bash:

   $ export TEDGE_C8Y@HELLO_URL=hello.com
   export: not valid in this context: TEDGE_C8Y@HELLO_URL

2. There might be still merit to supporting the --profile argument as it is in some cases easier for users, mainly for the tedge connect command

   tedge config set c8y@pki.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key
   tedge config set c8y@tenant1.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key
   tedge config set c8y@tenant2.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key
   
   # vs.
   tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key --profile pki
   tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key --profile tenant1
   tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key --profile tenant2

   The latter is a bit easier for users to manage, and it would be open to support the following (if the --profile could also be set via env variable). Though the --profile argument could be syntaxial sugar for the c8y@<profile> syntax (or vice versa)

   export TEDGE_C8Y_PROFILE=pki
   tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key

[jarhodes314]

1. Can users set profile specific settings using environment variables?

@reubenmiller Not currently, although I'm not convinced of the value of such a feature, given the point of profiles is to allow us to store separate cloud configurations inside tedge.toml. If you're using environment variables to configure tedge, then surely you can just set the right variables per process to manually manage your cloud configurations? I guess for temporarily overriding a value it might make sense.

2. There might be still merit to supporting the --profile argument as it is in some cases easier for users, mainly for the tedge connect command

I agree, and I'll have a look into how easy this is to achieve.

export TEDGE_C8Y_PROFILE=pki
tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key

I'm slightly worried allowing this to be controlled by an environment variable might lead to confusion/difficult to resolve scenarios. As far as I'm aware, it can be quite difficult to unset an environment variable, so if this was set and you wanted to modify the default profile, you'd have a hard time doing so. I don't think environment variables provide the same value when they're replacing a command line argument

[didier-wenzek]

Approved.

[jarhodes314]

1. Can users set profile specific settings using environment variables?

@reubenmiller Not currently, although I'm not convinced of the value of such a feature, given the point of profiles is to allow us to store separate cloud configurations inside tedge.toml. If you're using environment variables to configure tedge, then surely you can just set the right variables per process to manually manage your cloud configurations? I guess for temporarily overriding a value it might make sense.

2. There might be still merit to supporting the --profile argument as it is in some cases easier for users, mainly for the tedge connect command

I agree, and I'll have a look into how easy this is to achieve.

export TEDGE_C8Y_PROFILE=pki
tedge config set c8y.device.key_path /etc/tedge/device-certs/demo-c8y-ca.key

I'm slightly worried allowing this to be controlled by an environment variable might lead to confusion/difficult to resolve scenarios. As far as I'm aware, it can be quite difficult to unset an environment variable, so if this was set and you wanted to modify the default profile, you'd have a hard time doing so. I don't think environment variables provide the same value when they're replacing a command line argument

I've decided to put these changes in a separate PR as this one is already getting quite large and makes sense in itself. As neither of these suggestions are breaking changes, it will be easier to deal with these separately.

[albinsuresh]

LGTM. Just some cosmetic comments and test/doc improvements.

[albinsuresh]

Suggested change

	The device id is read from the device certificate and cannot be set directly.\n\
	To set 'device.id' to some <id>, you can use `tedge cert create --device-id <id>`.",
	The device id that is used to connect to this cloud instance,
	which defaults to the main `device.id` setting, but can be overridden for this cloud.
	The device id is read from the device certificate and cannot be set directly.\n\
	To override the main `device.id` value for this cloud instance,
	create a new certificate at a different location using `tedge cert create --device-id <id> --config-dir /some/other/location`."
	and update the `key_path` and `cert_path` for this cloud instance using
	`tedge config set c8y@<instance>.device.key_path` and `tedge config set c8y@<instance>.device.cert_path` respectively

[albinsuresh]

One of the reasons why I hate adding lifetime parameters to structs (esp existing ones), unless absolutely necessary, as it just litters the whole call stack with that parameter.

Could we have used owned ProfileNames in SystemService as well, as done for the Cloud enum or BridgeConfigXyzParams structs, since the cost of having those owned copies here is very minimal in the grand scheme of things? Or was there some other reason other than efficiency that forced you to use references here?

[albinsuresh]

Suggested change

	"c8y-bridge".into()
	"Cumulocity".into()

If we don't use the same old client id, wouldn't that lead to message loses when thin-edge is self-updated, as the broker won't send any queued messages for the older client-id to the new one?

[albinsuresh]

You really love Cows, don't you? 😉

Not a request for change, but, in the context of these commands that are only executed just a handful of times during the entire lifetime of a device, I wonder if it's really worth the added complexity, unless I'm missing some hidden benefits.

[albinsuresh]

Suggested change

	bail!("The configurations: {keys} should be set to diffrent values, but are currently set to the same value");
	bail!("The configurations: {keys} should be set to different values, but are currently set to the same value");

[albinsuresh]

Even this step can be performed just once at the Suite Setup level itself, as repeating this step at Test Setup level just repeats the same steps on the same device.

[albinsuresh]

Suggested change

	Get Configuration from Main Device
	Get Configuration from Primary Cloud Connection

[albinsuresh]

Suggested change

	Get Configuration from Second Device
	Get Configuration from Profiled Cloud Connection

[albinsuresh]

Suggested change

	${PARENT_SN} ${EMPTY}
	${DEVICE_SN} ${EMPTY}

Just because there's no parent or child devices in this test.

[albinsuresh]

Suggested change

	Description=tedge-mapper-aws checks Thin Edge JSON measurements and forwards to AWS IoT Hub.
	Description=tedge-mapper-aws checks Thin Edge JSON measurements and forwards to AWS IoT Core.

You've only inherited this from the existing non-templated version, which was wrong.

[albinsuresh]

One unforseen side effect of these "secondary device twins" are that they're never auto-deleted from the connected tenant.