def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) return m_sdk.registration_status.delete_registration_state(registration_id) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_get( client, enrollment_id, dps_name, resource_group_name, show_keys=None ): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) enrollment = sdk.get_individual_enrollment( enrollment_id, raw=True ).response.json() if show_keys: enrollment_type = enrollment["attestation"]["type"] if enrollment_type == AttestationType.symmetricKey.value: attestation = sdk.get_individual_enrollment_attestation_mechanism( enrollment_id, raw=True ).response.json() enrollment["attestation"] = attestation else: logger.warn( "--show-keys argument was provided, but requested enrollment has an attestation type of '{}'." " Currently, --show-keys is only supported for symmetric key enrollments".format( enrollment_type ) ) return enrollment except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_get(client, enrollment_id, dps_name, resource_group_name): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) return m_sdk.device_enrollment.get(enrollment_id) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_create(client, enrollment_id, dps_name, resource_group_name, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, primary_key=None, secondary_key=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: attestation = AttestationMechanism( AttestationType.symmetricKey.value, None, None, SymmetricKeyAttestation(primary_key, secondary_key)) if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError( 'Please provide either certificate path or certficate name' ) attestation = _get_attestation_with_x509_signing_cert( certificate_path, secondary_certificate_path) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError( 'Please provide either certificate path or certficate name' ) attestation = _get_attestation_with_x509_ca_cert( root_ca_name, secondary_root_ca_name) reprovision = _get_reprovision_policy(reprovision_policy) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment(allocation_policy, iot_hub_host_name, iot_hub_list) if iot_hub_host_name and allocation_policy is None: allocation_policy = AllocationType.static.value iot_hub_list = iot_hub_host_name.split() group_enrollment = EnrollmentGroup(enrollment_id, attestation, None, initial_twin, None, provisioning_status, reprovision, allocation_policy, iot_hub_list) return m_sdk.device_enrollment_group.create_or_update( enrollment_id, group_enrollment) except errors.ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name, enrollment_id): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) return m_sdk.registration_state.query_registration_state(enrollment_id) except errors.ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) return sdk.delete_device_registration_state(registration_id) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_create(client, enrollment_id, attestation_type, dps_name, resource_group_name, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, primary_key=None, secondary_key=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None, edge_enabled=False): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) if attestation_type == AttestationType.tpm.value: if not endorsement_key: raise CLIError('Endorsement key is requried') attestation = AttestationMechanism(AttestationType.tpm.value, TpmAttestation(endorsement_key)) if attestation_type == AttestationType.x509.value: attestation = _get_attestation_with_x509_client_cert( certificate_path, secondary_certificate_path) if attestation_type == AttestationType.symmetricKey.value: attestation = AttestationMechanism( AttestationType.symmetricKey.value, None, None, SymmetricKeyAttestation(primary_key, secondary_key)) reprovision = _get_reprovision_policy(reprovision_policy) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment(allocation_policy, iot_hub_host_name, iot_hub_list) if iot_hub_host_name and allocation_policy is None: allocation_policy = AllocationType.static.value iot_hub_list = iot_hub_host_name.split() capabilities = DeviceCapabilities(iot_edge=edge_enabled) enrollment = IndividualEnrollment(enrollment_id, attestation, capabilities, device_id, None, initial_twin, None, provisioning_status, reprovision, allocation_policy, iot_hub_list) return m_sdk.device_enrollment.create_or_update( enrollment_id, enrollment) except errors.ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name, enrollment_id): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) return sdk.query_device_registration_states( enrollment_id, raw=True ).response.json() except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_delete( cmd, client, enrollment_id, dps_name, resource_group_name, etag=None ): target = get_iot_dps_connection_string(cmd, client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) return sdk.delete_enrollment_group(enrollment_id, if_match=(etag if etag else "*")) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_delete( client, enrollment_id, dps_name, resource_group_name ): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) return sdk.delete_individual_enrollment(enrollment_id) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None): from azext_iot.dps_sdk.models.query_specification import QuerySpecification target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) query_command = "SELECT *" query = QuerySpecification(query_command) return _execute_query(query, m_sdk.device_enrollment.query, top) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None): from azext_iot.sdk.dps.service.models.query_specification import QuerySpecification target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) query_command = "SELECT *" query = [QuerySpecification(query=query_command)] return _execute_query(query, sdk.query_individual_enrollments, top) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_create(client, enrollment_id, dps_name, resource_group_name, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: raise CLIError('Please provide at least one certificate') if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError('Please provide either certificate path or certficate name') attestation = _get_attestation_with_x509_signing_cert(certificate_path, secondary_certificate_path) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError('Please provide either certificate path or certficate name') attestation = _get_attestation_with_x509_ca_cert(root_ca_name, secondary_root_ca_name) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) group_enrollment = EnrollmentGroup(enrollment_id, attestation, iot_hub_host_name, initial_twin, None, provisioning_status) return m_sdk.device_enrollment_group.create_or_update(enrollment_id, group_enrollment) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_create(client, enrollment_id, attestation_type, dps_name, resource_group_name, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) if attestation_type == AttestationType.tpm.value: if not endorsement_key: raise CLIError('Endorsement key is requried') tpm = TpmAttestation(endorsement_key) attestation = AttestationMechanism(AttestationType.tpm.value, tpm) if attestation_type == AttestationType.x509.value: attestation = _get_attestation_with_x509_client_cert(certificate_path, secondary_certificate_path) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) enrollment = IndividualEnrollment(enrollment_id, attestation, device_id, None, iot_hub_host_name, initial_twin, None, provisioning_status) return m_sdk.device_enrollment.create_or_update(enrollment_id, enrollment) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_update(client, enrollment_id, dps_name, resource_group_name, etag=None, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, remove_certificate=None, remove_secondary_certificate=None, primary_key=None, secondary_key=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) enrollment_record = m_sdk.device_enrollment.get(enrollment_id) # Verify etag if etag and hasattr( enrollment_record, 'etag') and etag != enrollment_record.etag.replace('"', ''): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record.etag.replace('"', '') # Verify and update attestation information attestation_type = enrollment_record.attestation.type _validate_arguments_for_attestation_mechanism( attestation_type, endorsement_key, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate, primary_key, secondary_key) if attestation_type == AttestationType.tpm.value: if endorsement_key: enrollment_record.attestation.tpm.endorsement_key = endorsement_key elif attestation_type == AttestationType.x509.value: enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert( enrollment_record.attestation, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate) else: enrollment_record.attestation = m_sdk.device_enrollment.attestation_mechanism_method( enrollment_id) if primary_key: enrollment_record.attestation.symmetric_key.primary_key = primary_key if secondary_key: enrollment_record.attestation.symmetric_key.secondary_key = secondary_key # Update enrollment information if iot_hub_host_name: enrollment_record.allocation_policy = AllocationType.static.value enrollment_record.iot_hubs = iot_hub_host_name.split() enrollment_record.iot_hub_host_name = None if device_id: enrollment_record.device_id = device_id if provisioning_status: enrollment_record.provisioning_status = provisioning_status enrollment_record.registrationState = None if reprovision_policy: enrollment_record.reprovision_policy = _get_reprovision_policy( reprovision_policy) enrollment_record.initial_twin = _get_updated_inital_twin( enrollment_record, initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment(allocation_policy, iot_hub_host_name, iot_hub_list) if allocation_policy: enrollment_record.allocation_policy = allocation_policy enrollment_record.iot_hubs = iot_hub_list enrollment_record.iot_hub_host_name = None return m_sdk.device_enrollment.create_or_update( enrollment_id, enrollment_record, etag) except errors.ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_update( client, enrollment_id, dps_name, resource_group_name, etag=None, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, remove_certificate=None, remove_secondary_certificate=None, primary_key=None, secondary_key=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None, edge_enabled=None, webhook_url=None, api_version=None, ): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) enrollment_record = sdk.get_enrollment_group(enrollment_id) # Verify etag if ( etag and hasattr(enrollment_record, "etag") and etag != enrollment_record.etag.replace('"', "") ): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record.etag.replace('"', "") # Update enrollment information if enrollment_record.attestation.type == AttestationType.symmetricKey.value: enrollment_record.attestation = sdk.get_enrollment_group_attestation_mechanism( enrollment_id ) if primary_key: enrollment_record.attestation.symmetric_key.primary_key = primary_key if secondary_key: enrollment_record.attestation.symmetric_key.secondary_key = ( secondary_key ) if enrollment_record.attestation.type == AttestationType.x509.value: if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: # Check if certificate can be safely removed while no new certificate has been provided if remove_certificate and remove_secondary_certificate: raise CLIError("Please provide at least one certificate") if not _can_remove_primary_certificate( remove_certificate, enrollment_record.attestation ): raise CLIError( "Please provide at least one certificate while removing the only primary certificate" ) if not _can_remove_secondary_certificate( remove_secondary_certificate, enrollment_record.attestation ): raise CLIError( "Please provide at least one certificate while removing the only secondary certificate" ) if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError( "Please provide either certificate path or certficate name" ) enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert( enrollment_record.attestation, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate, ) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError( "Please provide either certificate path or certficate name" ) enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert( enrollment_record.attestation, root_ca_name, secondary_root_ca_name, remove_certificate, remove_secondary_certificate, ) if iot_hub_host_name: enrollment_record.allocation_policy = AllocationType.static.value enrollment_record.iot_hubs = iot_hub_host_name.split() enrollment_record.iot_hub_host_name = None if provisioning_status: enrollment_record.provisioning_status = provisioning_status if reprovision_policy: enrollment_record.reprovision_policy = _get_reprovision_policy( reprovision_policy ) enrollment_record.initial_twin = _get_updated_inital_twin( enrollment_record, initial_twin_tags, initial_twin_properties ) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment( allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version ) if allocation_policy: enrollment_record.allocation_policy = allocation_policy enrollment_record.iot_hubs = iot_hub_list enrollment_record.iot_hub_host_name = None if allocation_policy == AllocationType.custom.value: enrollment_record.custom_allocation_definition = CustomAllocationDefinition( webhook_url=webhook_url, api_version=api_version ) if edge_enabled is not None: enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled) return sdk.create_or_update_enrollment_group( enrollment_id, enrollment_record, etag ) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_update( client, enrollment_id, dps_name, resource_group_name, etag=None, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, remove_certificate=None, remove_secondary_certificate=None, primary_key=None, secondary_key=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None, edge_enabled=None, webhook_url=None, api_version=None, ): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) enrollment_record = sdk.get_individual_enrollment(enrollment_id) # Verify etag if ( etag and hasattr(enrollment_record, "etag") and etag != enrollment_record.etag.replace('"', "") ): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record.etag.replace('"', "") # Verify and update attestation information attestation_type = enrollment_record.attestation.type _validate_arguments_for_attestation_mechanism( attestation_type, endorsement_key, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate, primary_key, secondary_key, ) if attestation_type == AttestationType.tpm.value: if endorsement_key: enrollment_record.attestation.tpm.endorsement_key = endorsement_key elif attestation_type == AttestationType.x509.value: enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert( enrollment_record.attestation, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate, ) else: enrollment_record.attestation = sdk.get_individual_enrollment_attestation_mechanism( enrollment_id ) if primary_key: enrollment_record.attestation.symmetric_key.primary_key = primary_key if secondary_key: enrollment_record.attestation.symmetric_key.secondary_key = ( secondary_key ) # Update enrollment information if iot_hub_host_name: enrollment_record.allocation_policy = AllocationType.static.value enrollment_record.iot_hubs = iot_hub_host_name.split() enrollment_record.iot_hub_host_name = None if device_id: enrollment_record.device_id = device_id if provisioning_status: enrollment_record.provisioning_status = provisioning_status enrollment_record.registrationState = None if reprovision_policy: enrollment_record.reprovision_policy = _get_reprovision_policy( reprovision_policy ) enrollment_record.initial_twin = _get_updated_inital_twin( enrollment_record, initial_twin_tags, initial_twin_properties ) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment( allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version ) if allocation_policy: enrollment_record.allocation_policy = allocation_policy enrollment_record.iot_hubs = iot_hub_list enrollment_record.iot_hub_host_name = None if allocation_policy == AllocationType.custom.value: enrollment_record.custom_allocation_definition = CustomAllocationDefinition( webhook_url=webhook_url, api_version=api_version ) if edge_enabled is not None: enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled) return sdk.create_or_update_individual_enrollment( enrollment_id, enrollment_record, etag ) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_update(client, enrollment_id, dps_name, resource_group_name, etag=None, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, remove_certificate=None, remove_secondary_certificate=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) enrollment_record = m_sdk.device_enrollment.get(enrollment_id) # Verify etag if etag and 'etag' in enrollment_record and etag != enrollment_record['etag'].replace('"', ''): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record['etag'].replace('"', '') # Verify and update attestation information attestation_type = enrollment_record['attestation']['type'] if attestation_type == AttestationType.tpm.value: if certificate_path or secondary_certificate_path: raise CLIError('Cannot update certificate while enrollment is using tpm attestation mechanism') if remove_certificate or remove_secondary_certificate: raise CLIError('Cannot remove certificate while enrollment is using tpm attestation mechanism') if endorsement_key: enrollment_record['attestation']['tpm']['endorsement_key'] = endorsement_key else: if endorsement_key: raise CLIError('Cannot update endorsement key while enrollment is using x509 attestation mechanism') enrollment_record['attestation'] = _get_updated_attestation_with_x509_client_cert(enrollment_record['attestation'], certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate) # Update enrollment information if iot_hub_host_name: enrollment_record['iotHubHostName'] = iot_hub_host_name if device_id: enrollment_record['deviceId'] = device_id if provisioning_status: enrollment_record['provisioningStatus'] = provisioning_status enrollment_record['registrationState'] = None enrollment_record['initialTwin'] = _get_updated_inital_twin(enrollment_record, initial_twin_tags, initial_twin_properties) return m_sdk.device_enrollment.create_or_update(enrollment_id, enrollment_record, etag) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_update(client, enrollment_id, dps_name, resource_group_name, etag=None, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, remove_certificate=None, remove_secondary_certificate=None, primary_key=None, secondary_key=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) enrollment_record = m_sdk.device_enrollment_group.get(enrollment_id) # Verify etag if etag and hasattr( enrollment_record, 'etag') and etag != enrollment_record.etag.replace('"', ''): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record.etag.replace('"', '') # Update enrollment information if enrollment_record.attestation.type == AttestationType.symmetricKey.value: enrollment_record.attestation = m_sdk.device_enrollment_group.attestation_mechanism_method( enrollment_id) if primary_key: enrollment_record.attestation.symmetric_key.primary_key = primary_key if secondary_key: enrollment_record.attestation.symmetric_key.secondary_key = secondary_key if enrollment_record.attestation.type == AttestationType.x509.value: if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: # Check if certificate can be safely removed while no new certificate has been provided if remove_certificate and remove_secondary_certificate: raise CLIError( 'Please provide at least one certificate') if not _can_remove_primary_certificate( remove_certificate, enrollment_record.attestation): raise CLIError( 'Please provide at least one certificate while removing the only primary certificate' ) if not _can_remove_secondary_certificate( remove_secondary_certificate, enrollment_record.attestation): raise CLIError( 'Please provide at least one certificate while removing the only secondary certificate' ) if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError( 'Please provide either certificate path or certficate name' ) enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert( enrollment_record.attestation, certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError( 'Please provide either certificate path or certficate name' ) enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert( enrollment_record.attestation, root_ca_name, secondary_root_ca_name, remove_certificate, remove_secondary_certificate) if iot_hub_host_name: enrollment_record.allocation_policy = AllocationType.static.value enrollment_record.iot_hubs = iot_hub_host_name.split() enrollment_record.iot_hub_host_name = None if provisioning_status: enrollment_record.provisioning_status = provisioning_status if reprovision_policy: enrollment_record.reprovision_policy = _get_reprovision_policy( reprovision_policy) enrollment_record.initial_twin = _get_updated_inital_twin( enrollment_record, initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment(allocation_policy, iot_hub_host_name, iot_hub_list) if allocation_policy: enrollment_record.allocation_policy = allocation_policy enrollment_record.iot_hubs = iot_hub_list enrollment_record.iot_hub_host_name = None return m_sdk.device_enrollment_group.create_or_update( enrollment_id, enrollment_record, etag) except errors.ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_update(client, enrollment_id, dps_name, resource_group_name, etag=None, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, remove_certificate=None, remove_secondary_certificate=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk) enrollment_record = m_sdk.device_enrollment_group.get(enrollment_id) # Verify etag if etag and 'etag' in enrollment_record and etag != enrollment_record['etag'].replace('"', ''): raise LookupError("enrollment etag doesn't match.") if not etag: etag = enrollment_record['etag'].replace('"', '') # Update enrollment information if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: # Check if certificate can be safely removed while no new certificate has been provided if remove_certificate and remove_secondary_certificate: raise CLIError('Please provide at least one certificate') if not _can_remove_primary_certificate(remove_certificate, enrollment_record['attestation']): raise CLIError('Please provide at least one certificate while removing the only primary certificate') if not _can_remove_secondary_certificate(remove_secondary_certificate, enrollment_record['attestation']): raise CLIError('Please provide at least one certificate while removing the only secondary certificate') if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError('Please provide either certificate path or certficate name') enrollment_record['attestation'] = _get_updated_attestation_with_x509_signing_cert(enrollment_record['attestation'], certificate_path, secondary_certificate_path, remove_certificate, remove_secondary_certificate) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError('Please provide either certificate path or certficate name') enrollment_record['attestation'] = _get_updated_attestation_with_x509_ca_cert(enrollment_record['attestation'], root_ca_name, secondary_root_ca_name, remove_certificate, remove_secondary_certificate) if iot_hub_host_name: enrollment_record['iotHubHostName'] = iot_hub_host_name if provisioning_status: enrollment_record['provisioningStatus'] = provisioning_status enrollment_record['initialTwin'] = _get_updated_inital_twin(enrollment_record, initial_twin_tags, initial_twin_properties) return m_sdk.device_enrollment_group.create_or_update(enrollment_id, enrollment_record, etag) except errors.ErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_create( client, enrollment_id, attestation_type, dps_name, resource_group_name, endorsement_key=None, certificate_path=None, secondary_certificate_path=None, primary_key=None, secondary_key=None, device_id=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None, edge_enabled=False, webhook_url=None, api_version=None, ): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) if attestation_type == AttestationType.tpm.value: if not endorsement_key: raise CLIError("Endorsement key is requried") attestation = AttestationMechanism( type=AttestationType.tpm.value, tpm=TpmAttestation(endorsement_key=endorsement_key), ) if attestation_type == AttestationType.x509.value: attestation = _get_attestation_with_x509_client_cert( certificate_path, secondary_certificate_path ) if attestation_type == AttestationType.symmetricKey.value: attestation = AttestationMechanism( type=AttestationType.symmetricKey.value, symmetric_key=SymmetricKeyAttestation( primary_key=primary_key, secondary_key=secondary_key ), ) reprovision = _get_reprovision_policy(reprovision_policy) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment( allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version ) if iot_hub_host_name and allocation_policy is None: allocation_policy = AllocationType.static.value iot_hub_list = iot_hub_host_name.split() custom_allocation_definition = ( CustomAllocationDefinition(webhook_url=webhook_url, api_version=api_version) if allocation_policy == AllocationType.custom.value else None ) capabilities = DeviceCapabilities(iot_edge=edge_enabled) enrollment = IndividualEnrollment( registration_id=enrollment_id, attestation=attestation, capabilities=capabilities, device_id=device_id, initial_twin=initial_twin, provisioning_status=provisioning_status, reprovision_policy=reprovision, allocation_policy=allocation_policy, iot_hubs=iot_hub_list, custom_allocation_definition=custom_allocation_definition, ) return sdk.create_or_update_individual_enrollment(enrollment_id, enrollment) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)
def iot_dps_device_enrollment_group_create(client, enrollment_id, dps_name, resource_group_name, certificate_path=None, secondary_certificate_path=None, root_ca_name=None, secondary_root_ca_name=None, primary_key=None, secondary_key=None, iot_hub_host_name=None, initial_twin_tags=None, initial_twin_properties=None, provisioning_status=None, reprovision_policy=None, allocation_policy=None, iot_hubs=None, edge_enabled=False, webhook_url=None, api_version=None): target = get_iot_dps_connection_string(client, dps_name, resource_group_name) try: resolver = SdkResolver(target=target) sdk = resolver.get_sdk(SdkType.dps_sdk) if not certificate_path and not secondary_certificate_path: if not root_ca_name and not secondary_root_ca_name: attestation = AttestationMechanism( AttestationType.symmetricKey.value, None, None, SymmetricKeyAttestation(primary_key, secondary_key)) if certificate_path or secondary_certificate_path: if root_ca_name or secondary_root_ca_name: raise CLIError( 'Please provide either certificate path or certficate name' ) attestation = _get_attestation_with_x509_signing_cert( certificate_path, secondary_certificate_path) if root_ca_name or secondary_root_ca_name: if certificate_path or secondary_certificate_path: raise CLIError( 'Please provide either certificate path or certficate name' ) attestation = _get_attestation_with_x509_ca_cert( root_ca_name, secondary_root_ca_name) reprovision = _get_reprovision_policy(reprovision_policy) initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties) iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs _validate_allocation_policy_for_enrollment(allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version) if iot_hub_host_name and allocation_policy is None: allocation_policy = AllocationType.static.value iot_hub_list = iot_hub_host_name.split() custom_allocation_definition = CustomAllocationDefinition( webhook_url, api_version ) if allocation_policy == AllocationType.custom.value else None capabilities = DeviceCapabilities(iot_edge=edge_enabled) group_enrollment = EnrollmentGroup(enrollment_id, attestation, capabilities, None, initial_twin, None, provisioning_status, reprovision, allocation_policy, iot_hub_list, custom_allocation_definition) return sdk.device_enrollment_group.create_or_update( enrollment_id, group_enrollment) except ProvisioningServiceErrorDetailsException as e: raise CLIError(e)