Individual Device Snapshot Selection in Developer Mode #2484
Comments
MarianRaphael
added
story
MarianRaphael
added
customer request
|
As a FF customer this is a high priority item for us; it allows our team to save incremental snapshot checkpoints on individual devices without affecting the devices around it in the same instance. In addition, it allows us to look back at previous snapshots without having to set as target for all other devices |
MarianRaphael
removed
the
consideration
|
Thank you for adding this item to the list of improvements. This feature will be very useful to us for quickly changing the snapshot of a specific device and comparing to other snapshots without changing the target on the other devices. |
|
@MarianRaphael, Can the issue please be updated with some Acceptance Criteria? Do we have any design drawings in figma for this? /cc @joepavitt While I understand the benefits targeted snapshot selection will bring, I am struggling to see a clean layout/design for this feature especially considering the new type of snapshot "Device at Application Level" will bring. |
|
I hadn't seen this, so no UX designs for this atm, but can put something together this week. |
That would be great thanks Joe. Appreciated. |
|
So, my high-level thinking here:
Design: Default State when Developer Mode: Disabled Design: Hover Behaviour when Developer Mode: Disabled Design: Default State when Developer Mode: Enabled |
|
The "Developer Mode" tab is just an extraction of the content, currently hidden in "Settings", to try and encourage more users to explore it, and make it easily accessible. It's not essential for this piece of work, however, I would say that the "Dev Mode" toggle (top-right) would be very much desired. |
|
A key missing ingredient is then also the highlighting of a position where a Device is bound to an Instance, and that Instance itself as a Target Snapshot (I'm working on it) |
|
When attached to an Instance: 
|
|
Small update with the "Inherited Target Snapshot". When in Developer Mode, visual changes to make it clear that this Device is not in-sync with the rest of the Devices attach to the Snapshot 
|
|
FAO @MarianRaphael @knolleary @joepavitt Question:When a snapshot from another device/instance is deployed to a different device should we duplicate the snapshot (and prompt the user for details) Background:When a device or instance is deleted, we lose the original credential secret meaning a snapshots credentials are essentially lost. This issue (kinda) already exists but it becomes much more visible when we permit other-device->device and instance->device snapshot deploys. Side Benefits:A new device with a snapshot deployed from another device/instance will appear to have zero snapshots in its list. If we perform a duplicate (and request a snapshot name/description), the device will now have a self owned, aptly named snapshot and it will appear in its own list. Another side benefit is, should we decide to cascade delete snapshots when the owner (device/instance) is deleted, we wont break* devices that have had a snapshot deployed. _* break: by break I mean have a snapshot assigned that might have credentials that can never be reloaded because the creds decryption fails/throws) Alternative solutionWe store the credential secret with the snapshot object, meaning snapshot can live beyond device or instance deletion. This has benefits too. 1) We dont need to look at snapshot clean up. 2) The user might actually want to keep snapshots beyond the life of a device/instance, 3) less duplicates. 4) decouples snapshot from source. |
Struggling to follow this - don't understand the problem, where/why are credentials relevant? |
Because if a flow has any encrypted credentials (ie username/password in a HTTP-Request, MQTT config etc), they are decrypted (using the source device/instance) and re-encrypted using the target device. If the source is deleted, the secret is lost. And even if we side stepped this issue and ignored the decryption error, thus allowing a deploy with bad creds, you will see this:
But additional to all that, a device with a snapshot deployed from another device/instance appears to have no snapshot. It feels somewhat "magical" (opaque). |
This is straying into the work being done via #2756 to allow Devices be participants in a DevOps pipeline. I'm concerned we're implementing the same capability via two different methods. In the Pipeline model, deploying a snapshot to anything involves copying the source snapshot - and reencrypting its credentials for the target. If this item ends up doing the same, then why would someone use one method versus the other?
That is an option, but not a quick change to make and will still need to handle existing snapshots without the secret. If we went in this direction, the stored secret would be for internal use only - allowing us to decrypt the credentials before re-encrypting with the target's secret and sending the snapshot over the network. |
For one-off/ad-hoc action scenarios, this method is far simpler, minimum effort, more accessible, quick and easy IMO. I personally imagine this feature being used far more than pipelines for them scenarios. And with all the above said, as it stands, we still have a potential issue to resolve or at least handle. |
|
So to summarise, the two options are:
Option 1 still assumes the 'owner' of the snapshot still exists so we can get ahold of the decryption key at that point in time. Option 2 solves that for new snapshots, but all existing snapshots won't have the key property so the code will need to handle that (with the knowledge the key is lost of the instance is deleted.) It feels like option 2 is cleaner. However it has potentially wider implications and would need discussion with @Pezmc as this has knock-on effects to how pipelines handle snapshots. Given this is an existing edge case, I don't want it to delay getting all of the other work completed on this item. There's already a lot of work here that will need reviewing - this is only going to make it even larger and harder to review. I suggest we get what you have reviewed and merged, and then we can tackle the snapshot encryption changes which will touch a lot of different areas. |
Yes, but to make sure it is clear, I would like to point out this work will make the issue "less edge" / "more prominent". For example, it is perfectly reasonable to suppose a user will do the following:
So I will finish up this work and include concerns in the PR for later task generation. |
I am not saying we don't address it. I'm saying do not make your current PR more complicated by trying to address it at the same time.
Get an issue raised for this item - point to this discuss for context and detail. Addressing this will be the next task to tackle. |
|
Verified on staging in accordance with the extensive tests laid out in the PR here: #2835 (comment) |
Epic
No response
Description
As a FlowForge user,
I want the ability to select a Snapshot for an individual device independently from the target snapshot when Developer Mode is activated.
So that, I can compare different Snapshot versions more easily for enhanced version understanding and efficient debugging.
Which customers would this be availble to
Licensed Edition (EE)
Acceptance Criteria
Have you provided an initial effort estimate for this issue?
I have provided an initial effort estimate
The text was updated successfully, but these errors were encountered: