Turning on and off the Public Device URL from code on the device

Product support balenaOS
1

Hey team Balena,

I was poking around your api documentation trying to find a way to turn on and off the public device URL. The purpose of this would be to turn on an off access programmatically to add a layer of just-in-time security to a devices remote access.

I have set device tags in the past using this bit of python code:

def set_device_tag(self, name, value):
    logging.debug(f'set_device_tag: {name}, {value}')
    if type(value) == float:
        value = f'{value:.1f}'
    else:
        value = str(value)

    try:
        self.balena.models.tag.device.set(self.env['BALENA_DEVICE_UUID'], str(name), value)
    except Exception as e:
        logging.error("Tag set seems to have failed")
        handle_process_exception(e, debug=True)
        raise ConnectionError

def get_device_id(self):
    try:
        proc1 = subprocess.Popen("""curl --connect-timeout 10 --max-time 30 -sSL "$BALENA_API_URL/v3/device?\$select=id,uuid&\$filter=uuid%20eq%20'$BALENA_DEVICE_UUID'" -H "Authorization: Bearer $BALENA_API_KEY" | jq '.d[0].id'""",
                                 shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
                                 close_fds=True, encoding='UTF-8')
        stdout, stderr = proc1.communicate()
        if proc1.returncode != 0:
            raise ConnectionError
    except subprocess.CalledProcessError as e:
        handle_process_exception(e)
        raise ConnectionError
    if stdout and not stdout == '':
        self.balena_device_id = stdout.strip('\n')
        return
    # """curl -sSL "$BALENA_API_URL/v3/device?\$select=id,uuid&\$filter=uuid%20eq%20'$BALENA_DEVICE_UUID'"
    # -H "Authorization: Bearer $BALENA_API_KEY" | jq '.d[0].id'"""

I see the in is_web_accessible var the api docs for the deivce, but I can’t find anywhere I could possibly set that.

Thanks,
-Thomas

6

Hi @taclog, as far as I’m aware we don’t have a special API endpoint/method to set or toggle the public URL.

There is a way around this by using Pine queries (pine is our backend engine, handling our backend resources), but this will only work for our NodeJS SDK.
Here is a snippet:


  const { getSdk } = require('balena-sdk')
  const balena = getSdk({
    apiUrl: "https://api.balena-cloud.com/"
  })

  await balena.auth.loginWithToken('AUTH_TOKEN')
  await balena.pine.patch({
    resource: 'device',
    id: DEVICE_ID,
    body: {
      is_web_accessible: true
    }
  })

AFAIK you can’t run pine queries from our python SDK. This doesn’t seem right to me so let me get back to you once I talk to the python guys, as I might be misreading the docs.

8

Actually, for the NodeJS there are specific methods to enable/disable publicURL:

12

Thanks @tmigone that’s very helpful.

I am a bit new to node.js but I tired to throw something together.
Could I run this from python by pathing together two simple node scripts?

Add this to my Dockerfile.template

RUN apt-get update && install -y \
nodejs npm && \
apt-get clean && \
npm install --save balena-sdk
WORKDIR /usr/src/app
RUM mkdir /usr/src/app/balena

Then setting up a node script like this:

const { getSdk } = require(‘balena-sdk’);

const balena = getSdk({
apiUrl: “https://api.balena-cloud.com/”,
dataDirectory: “/usr/src/app/balena”
});

(async () => {
await balena.auth.loginWithToken(process.env.BALENA_API_KEY);
await balena.models.device.disableDeviceUrl(process.env.BALENA_DEVICE_UUID);
console.log(“Url turned off”);
})();

And call it from python with: os.system('node turnOffUrl.js')

Does that seem like it would work? Can you log into the sdk with the BALENA_API_KEY env var from an application on a device?

This works, I just tested it. @tmigone Thanks for your help!

-Thomas

1 Like
13

Also for other poeple that find this the python sdk also supports this:

14

Thank you for sharing how it worked for you @taclog

16

Hi everyone, just jumping back in to explain that it is in fact possible now to set Public Device URL via the API. Here is an example with curl:

curl -X PATCH \
"https://api.balena-cloud.com/v6/device(<ID>)" \
-H  "Content-Type: application/json"  \
-H "Authorization: Bearer <AUTH_TOKEN>" \
--data '{
    "is_web_accessible": "true"
}'
17

And here is an example with the cli from balena CLI Documentation - Balena Documentation

$ balena device public-url 23c73a1
$ balena device public-url 23c73a1 --enable
$ balena device public-url 23c73a1 --disable
$ balena device public-url 23c73a1 --status
18

And here is how you do it with PineJS:

pine.patch({ resource: 'device', id: UUID, { is_web_accessible: BOOLEAN } })