def iot_dps_device_enrollment_get(
client, enrollment_id, dps_name, resource_group_name, show_keys=None
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment = sdk.get_individual_enrollment(
enrollment_id, raw=True
).response.json()
if show_keys:
enrollment_type = enrollment["attestation"]["type"]
if enrollment_type == AttestationType.symmetricKey.value:
attestation = sdk.get_individual_enrollment_attestation_mechanism(
enrollment_id, raw=True
).response.json()
enrollment["attestation"] = attestation
else:
logger.warn(
"--show-keys argument was provided, but requested enrollment has an attestation type of '{}'."
" Currently, --show-keys is only supported for symmetric key enrollments".format(
enrollment_type
)
)
return enrollment
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_device_registration_state(registration_id)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_delete(
client, enrollment_id, dps_name, resource_group_name
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_individual_enrollment(enrollment_id)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name, enrollment_id):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.query_device_registration_states(
enrollment_id, raw=True
).response.json()
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_delete(
cmd, client, enrollment_id, dps_name, resource_group_name, etag=None
):
target = get_iot_dps_connection_string(cmd, client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_enrollment_group(enrollment_id, if_match=(etag if etag else "*"))
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None):
from azext_iot.sdk.dps.service.models.query_specification import QuerySpecification
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
query_command = "SELECT *"
query = [QuerySpecification(query=query_command)]
return _execute_query(query, sdk.query_individual_enrollments, top)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
class IoTHubProvider(object):
def __init__(self, cmd, hub_name, rg, login=None):
self.cmd = cmd
self.hub_name = hub_name
self.rg = rg
self.discovery = IotHubDiscovery(cmd)
self.target = self.discovery.get_target(
hub_name=self.hub_name,
rg=self.rg,
login=login,
)
self.resolver = SdkResolver(self.target)
def get_sdk(self, sdk_type):
return self.resolver.get_sdk(sdk_type)
class IoTHubProvider(object):
def __init__(self, cmd, hub_name, rg, login=None):
self.cmd = cmd
self.hub_name = hub_name
self.rg = rg
self.target = get_iot_hub_connection_string(
cmd=self.cmd,
hub_name=self.hub_name,
resource_group_name=self.rg,
login=login,
)
self.resolver = SdkResolver(self.target)
def get_sdk(self, sdk_type):
return self.resolver.get_sdk(sdk_type)
def iot_dps_device_enrollment_create(
client,
enrollment_id,
attestation_type,
dps_name,
resource_group_name,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=False,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
if attestation_type == AttestationType.tpm.value:
if not endorsement_key:
raise CLIError("Endorsement key is requried")
attestation = AttestationMechanism(
type=AttestationType.tpm.value,
tpm=TpmAttestation(endorsement_key=endorsement_key),
)
if attestation_type == AttestationType.x509.value:
attestation = _get_attestation_with_x509_client_cert(
certificate_path, secondary_certificate_path
)
if attestation_type == AttestationType.symmetricKey.value:
attestation = AttestationMechanism(
type=AttestationType.symmetricKey.value,
symmetric_key=SymmetricKeyAttestation(
primary_key=primary_key, secondary_key=secondary_key
),
)
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
custom_allocation_definition = (
CustomAllocationDefinition(webhook_url=webhook_url, api_version=api_version)
if allocation_policy == AllocationType.custom.value
else None
)
capabilities = DeviceCapabilities(iot_edge=edge_enabled)
enrollment = IndividualEnrollment(
registration_id=enrollment_id,
attestation=attestation,
capabilities=capabilities,
device_id=device_id,
initial_twin=initial_twin,
provisioning_status=provisioning_status,
reprovision_policy=reprovision,
allocation_policy=allocation_policy,
iot_hubs=iot_hub_list,
custom_allocation_definition=custom_allocation_definition,
)
return sdk.create_or_update_individual_enrollment(enrollment_id, enrollment)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_update(
client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=None,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment_record = sdk.get_enrollment_group(enrollment_id)
# Verify etag
if (
etag
and hasattr(enrollment_record, "etag")
and etag != enrollment_record.etag.replace('"', "")
):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', "")
# Update enrollment information
if enrollment_record.attestation.type == AttestationType.symmetricKey.value:
enrollment_record.attestation = sdk.get_enrollment_group_attestation_mechanism(
enrollment_id
)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = (
secondary_key
)
if enrollment_record.attestation.type == AttestationType.x509.value:
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
# Check if certificate can be safely removed while no new certificate has been provided
if remove_certificate and remove_secondary_certificate:
raise CLIError("Please provide at least one certificate")
if not _can_remove_primary_certificate(
remove_certificate, enrollment_record.attestation
):
raise CLIError(
"Please provide at least one certificate while removing the only primary certificate"
)
if not _can_remove_secondary_certificate(
remove_secondary_certificate, enrollment_record.attestation
):
raise CLIError(
"Please provide at least one certificate while removing the only secondary certificate"
)
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
"Please provide either certificate path or certficate name"
)
enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert(
enrollment_record.attestation,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
"Please provide either certificate path or certficate name"
)
enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert(
enrollment_record.attestation,
root_ca_name,
secondary_root_ca_name,
remove_certificate,
remove_secondary_certificate,
)
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy
)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties
)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
if allocation_policy == AllocationType.custom.value:
enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
webhook_url=webhook_url, api_version=api_version
)
if edge_enabled is not None:
enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)
return sdk.create_or_update_enrollment_group(
enrollment_id, enrollment_record, etag
)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_update(
client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=None,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment_record = sdk.get_individual_enrollment(enrollment_id)
# Verify etag
if (
etag
and hasattr(enrollment_record, "etag")
and etag != enrollment_record.etag.replace('"', "")
):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', "")
# Verify and update attestation information
attestation_type = enrollment_record.attestation.type
_validate_arguments_for_attestation_mechanism(
attestation_type,
endorsement_key,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
primary_key,
secondary_key,
)
if attestation_type == AttestationType.tpm.value:
if endorsement_key:
enrollment_record.attestation.tpm.endorsement_key = endorsement_key
elif attestation_type == AttestationType.x509.value:
enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert(
enrollment_record.attestation,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
)
else:
enrollment_record.attestation = sdk.get_individual_enrollment_attestation_mechanism(
enrollment_id
)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = (
secondary_key
)
# Update enrollment information
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if device_id:
enrollment_record.device_id = device_id
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
enrollment_record.registrationState = None
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy
)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties
)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
if allocation_policy == AllocationType.custom.value:
enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
webhook_url=webhook_url, api_version=api_version
)
if edge_enabled is not None:
enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)
return sdk.create_or_update_individual_enrollment(
enrollment_id, enrollment_record, etag
)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
enrollment_id,
dps_name,
resource_group_name,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=False,
webhook_url=None,
api_version=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
attestation = AttestationMechanism(
AttestationType.symmetricKey.value, None, None,
SymmetricKeyAttestation(primary_key, secondary_key))
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_signing_cert(
certificate_path, secondary_certificate_path)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_ca_cert(
root_ca_name, secondary_root_ca_name)
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list, webhook_url,
api_version)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
custom_allocation_definition = CustomAllocationDefinition(
webhook_url, api_version
) if allocation_policy == AllocationType.custom.value else None
capabilities = DeviceCapabilities(iot_edge=edge_enabled)
group_enrollment = EnrollmentGroup(enrollment_id, attestation,
capabilities, None, initial_twin,
None, provisioning_status,
reprovision, allocation_policy,
iot_hub_list,
custom_allocation_definition)
return sdk.device_enrollment_group.create_or_update(
enrollment_id, group_enrollment)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)