def iot_dps_device_enrollment_get(
    client, enrollment_id, dps_name, resource_group_name, show_keys=None
):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        enrollment = sdk.get_individual_enrollment(
            enrollment_id, raw=True
        ).response.json()
        if show_keys:
            enrollment_type = enrollment["attestation"]["type"]
            if enrollment_type == AttestationType.symmetricKey.value:
                attestation = sdk.get_individual_enrollment_attestation_mechanism(
                    enrollment_id, raw=True
                ).response.json()
                enrollment["attestation"] = attestation
            else:
                logger.warn(
                    "--show-keys argument was provided, but requested enrollment has an attestation type of '{}'."
                    " Currently, --show-keys is only supported for symmetric key enrollments".format(
                        enrollment_type
                    )
                )
        return enrollment
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        return sdk.delete_device_registration_state(registration_id)
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_device_enrollment_delete(
    client, enrollment_id, dps_name, resource_group_name
):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        return sdk.delete_individual_enrollment(enrollment_id)
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name, enrollment_id):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        return sdk.query_device_registration_states(
            enrollment_id, raw=True
        ).response.json()
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
 def __init__(self, cmd, hub_name, rg, login=None):
     self.cmd = cmd
     self.hub_name = hub_name
     self.rg = rg
     self.discovery = IotHubDiscovery(cmd)
     self.target = self.discovery.get_target(
         hub_name=self.hub_name,
         rg=self.rg,
         login=login,
     )
     self.resolver = SdkResolver(self.target)
Exemple #6
0
def iot_dps_device_enrollment_group_delete(
    cmd, client, enrollment_id, dps_name, resource_group_name, etag=None
):
    target = get_iot_dps_connection_string(cmd, client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        return sdk.delete_enrollment_group(enrollment_id, if_match=(etag if etag else "*"))
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
Exemple #7
0
 def __init__(self, cmd, hub_name, rg, login=None):
     self.cmd = cmd
     self.hub_name = hub_name
     self.rg = rg
     self.target = get_iot_hub_connection_string(
         cmd=self.cmd,
         hub_name=self.hub_name,
         resource_group_name=self.rg,
         login=login,
     )
     self.resolver = SdkResolver(self.target)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None):
    from azext_iot.sdk.dps.service.models.query_specification import QuerySpecification

    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)

    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        query_command = "SELECT *"
        query = [QuerySpecification(query=query_command)]
        return _execute_query(query, sdk.query_individual_enrollments, top)
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
Exemple #9
0
    def get_device_twin(self, central_dns_suffix):
        from azext_iot.common._azure import get_iot_central_tokens

        tokens = get_iot_central_tokens(
            self._cmd, self._app_id, self._token, central_dns_suffix
        )

        exception = None

        # The device could be in any hub associated with the given app.
        # We must search through each IoT Hub until device is found.
        for token_group in tokens.values():
            sas_token = token_group["iothubTenantSasToken"]["sasToken"]
            endpoint = find_between(sas_token, "SharedAccessSignature sr=", "&sig=")
            target = {"entity": endpoint}
            auth = BasicSasTokenAuthentication(sas_token=sas_token)
            service_sdk = SdkResolver(target=target, auth_override=auth).get_sdk(
                SdkType.service_sdk
            )
            try:
                return service_sdk.devices.get_twin(
                    id=self._device_id, raw=True
                ).response.json()
            except CloudError as e:
                if exception is None:
                    exception = CLIError(unpack_msrest_error(e))

        raise CLIError("Could not get device twin")
Exemple #10
0
 def __init__(self,
              cmd,
              hub_name,
              rg,
              login=None,
              auth_type_dataplane=None):
     self.cmd = cmd
     self.hub_name = hub_name
     self.rg = rg
     self.discovery = IotHubDiscovery(cmd)
     self.target = self.discovery.get_target(
         hub_name=self.hub_name,
         resource_group_name=self.rg,
         login=login,
         auth_type=auth_type_dataplane,
     )
     self.resolver = SdkResolver(self.target)
class IoTHubProvider(object):
    def __init__(self, cmd, hub_name, rg, login=None):
        self.cmd = cmd
        self.hub_name = hub_name
        self.rg = rg
        self.discovery = IotHubDiscovery(cmd)
        self.target = self.discovery.get_target(
            hub_name=self.hub_name,
            rg=self.rg,
            login=login,
        )
        self.resolver = SdkResolver(self.target)

    def get_sdk(self, sdk_type):
        return self.resolver.get_sdk(sdk_type)
Exemple #12
0
class IoTHubProvider(object):
    def __init__(self, cmd, hub_name, rg, login=None):
        self.cmd = cmd
        self.hub_name = hub_name
        self.rg = rg
        self.target = get_iot_hub_connection_string(
            cmd=self.cmd,
            hub_name=self.hub_name,
            resource_group_name=self.rg,
            login=login,
        )
        self.resolver = SdkResolver(self.target)

    def get_sdk(self, sdk_type):
        return self.resolver.get_sdk(sdk_type)
def iot_dps_device_enrollment_create(
    client,
    enrollment_id,
    attestation_type,
    dps_name,
    resource_group_name,
    endorsement_key=None,
    certificate_path=None,
    secondary_certificate_path=None,
    primary_key=None,
    secondary_key=None,
    device_id=None,
    iot_hub_host_name=None,
    initial_twin_tags=None,
    initial_twin_properties=None,
    provisioning_status=None,
    reprovision_policy=None,
    allocation_policy=None,
    iot_hubs=None,
    edge_enabled=False,
    webhook_url=None,
    api_version=None,
):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        if attestation_type == AttestationType.tpm.value:
            if not endorsement_key:
                raise CLIError("Endorsement key is requried")
            attestation = AttestationMechanism(
                type=AttestationType.tpm.value,
                tpm=TpmAttestation(endorsement_key=endorsement_key),
            )
        if attestation_type == AttestationType.x509.value:
            attestation = _get_attestation_with_x509_client_cert(
                certificate_path, secondary_certificate_path
            )
        if attestation_type == AttestationType.symmetricKey.value:
            attestation = AttestationMechanism(
                type=AttestationType.symmetricKey.value,
                symmetric_key=SymmetricKeyAttestation(
                    primary_key=primary_key, secondary_key=secondary_key
                ),
            )
        reprovision = _get_reprovision_policy(reprovision_policy)
        initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties)
        iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
        _validate_allocation_policy_for_enrollment(
            allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
        )
        if iot_hub_host_name and allocation_policy is None:
            allocation_policy = AllocationType.static.value
            iot_hub_list = iot_hub_host_name.split()

        custom_allocation_definition = (
            CustomAllocationDefinition(webhook_url=webhook_url, api_version=api_version)
            if allocation_policy == AllocationType.custom.value
            else None
        )
        capabilities = DeviceCapabilities(iot_edge=edge_enabled)
        enrollment = IndividualEnrollment(
            registration_id=enrollment_id,
            attestation=attestation,
            capabilities=capabilities,
            device_id=device_id,
            initial_twin=initial_twin,
            provisioning_status=provisioning_status,
            reprovision_policy=reprovision,
            allocation_policy=allocation_policy,
            iot_hubs=iot_hub_list,
            custom_allocation_definition=custom_allocation_definition,
        )
        return sdk.create_or_update_individual_enrollment(enrollment_id, enrollment)
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_device_enrollment_group_update(
    client,
    enrollment_id,
    dps_name,
    resource_group_name,
    etag=None,
    certificate_path=None,
    secondary_certificate_path=None,
    root_ca_name=None,
    secondary_root_ca_name=None,
    remove_certificate=None,
    remove_secondary_certificate=None,
    primary_key=None,
    secondary_key=None,
    iot_hub_host_name=None,
    initial_twin_tags=None,
    initial_twin_properties=None,
    provisioning_status=None,
    reprovision_policy=None,
    allocation_policy=None,
    iot_hubs=None,
    edge_enabled=None,
    webhook_url=None,
    api_version=None,
):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        enrollment_record = sdk.get_enrollment_group(enrollment_id)
        # Verify etag
        if (
            etag
            and hasattr(enrollment_record, "etag")
            and etag != enrollment_record.etag.replace('"', "")
        ):
            raise LookupError("enrollment etag doesn't match.")
        if not etag:
            etag = enrollment_record.etag.replace('"', "")
        # Update enrollment information
        if enrollment_record.attestation.type == AttestationType.symmetricKey.value:
            enrollment_record.attestation = sdk.get_enrollment_group_attestation_mechanism(
                enrollment_id
            )
            if primary_key:
                enrollment_record.attestation.symmetric_key.primary_key = primary_key
            if secondary_key:
                enrollment_record.attestation.symmetric_key.secondary_key = (
                    secondary_key
                )

        if enrollment_record.attestation.type == AttestationType.x509.value:
            if not certificate_path and not secondary_certificate_path:
                if not root_ca_name and not secondary_root_ca_name:
                    # Check if certificate can be safely removed while no new certificate has been provided
                    if remove_certificate and remove_secondary_certificate:
                        raise CLIError("Please provide at least one certificate")

                    if not _can_remove_primary_certificate(
                        remove_certificate, enrollment_record.attestation
                    ):
                        raise CLIError(
                            "Please provide at least one certificate while removing the only primary certificate"
                        )

                    if not _can_remove_secondary_certificate(
                        remove_secondary_certificate, enrollment_record.attestation
                    ):
                        raise CLIError(
                            "Please provide at least one certificate while removing the only secondary certificate"
                        )

            if certificate_path or secondary_certificate_path:
                if root_ca_name or secondary_root_ca_name:
                    raise CLIError(
                        "Please provide either certificate path or certficate name"
                    )
                enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert(
                    enrollment_record.attestation,
                    certificate_path,
                    secondary_certificate_path,
                    remove_certificate,
                    remove_secondary_certificate,
                )
            if root_ca_name or secondary_root_ca_name:
                if certificate_path or secondary_certificate_path:
                    raise CLIError(
                        "Please provide either certificate path or certficate name"
                    )
                enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert(
                    enrollment_record.attestation,
                    root_ca_name,
                    secondary_root_ca_name,
                    remove_certificate,
                    remove_secondary_certificate,
                )
        if iot_hub_host_name:
            enrollment_record.allocation_policy = AllocationType.static.value
            enrollment_record.iot_hubs = iot_hub_host_name.split()
            enrollment_record.iot_hub_host_name = None
        if provisioning_status:
            enrollment_record.provisioning_status = provisioning_status
        if reprovision_policy:
            enrollment_record.reprovision_policy = _get_reprovision_policy(
                reprovision_policy
            )
        enrollment_record.initial_twin = _get_updated_inital_twin(
            enrollment_record, initial_twin_tags, initial_twin_properties
        )
        iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
        _validate_allocation_policy_for_enrollment(
            allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
        )
        if allocation_policy:
            enrollment_record.allocation_policy = allocation_policy
            enrollment_record.iot_hubs = iot_hub_list
            enrollment_record.iot_hub_host_name = None
            if allocation_policy == AllocationType.custom.value:
                enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
                    webhook_url=webhook_url, api_version=api_version
                )
        if edge_enabled is not None:
            enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)
        return sdk.create_or_update_enrollment_group(
            enrollment_id, enrollment_record, etag
        )
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_device_enrollment_update(
    client,
    enrollment_id,
    dps_name,
    resource_group_name,
    etag=None,
    endorsement_key=None,
    certificate_path=None,
    secondary_certificate_path=None,
    remove_certificate=None,
    remove_secondary_certificate=None,
    primary_key=None,
    secondary_key=None,
    device_id=None,
    iot_hub_host_name=None,
    initial_twin_tags=None,
    initial_twin_properties=None,
    provisioning_status=None,
    reprovision_policy=None,
    allocation_policy=None,
    iot_hubs=None,
    edge_enabled=None,
    webhook_url=None,
    api_version=None,
):
    target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        enrollment_record = sdk.get_individual_enrollment(enrollment_id)
        # Verify etag
        if (
            etag
            and hasattr(enrollment_record, "etag")
            and etag != enrollment_record.etag.replace('"', "")
        ):
            raise LookupError("enrollment etag doesn't match.")
        if not etag:
            etag = enrollment_record.etag.replace('"', "")
        # Verify and update attestation information
        attestation_type = enrollment_record.attestation.type
        _validate_arguments_for_attestation_mechanism(
            attestation_type,
            endorsement_key,
            certificate_path,
            secondary_certificate_path,
            remove_certificate,
            remove_secondary_certificate,
            primary_key,
            secondary_key,
        )
        if attestation_type == AttestationType.tpm.value:
            if endorsement_key:
                enrollment_record.attestation.tpm.endorsement_key = endorsement_key
        elif attestation_type == AttestationType.x509.value:
            enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert(
                enrollment_record.attestation,
                certificate_path,
                secondary_certificate_path,
                remove_certificate,
                remove_secondary_certificate,
            )
        else:
            enrollment_record.attestation = sdk.get_individual_enrollment_attestation_mechanism(
                enrollment_id
            )
            if primary_key:
                enrollment_record.attestation.symmetric_key.primary_key = primary_key
            if secondary_key:
                enrollment_record.attestation.symmetric_key.secondary_key = (
                    secondary_key
                )
        # Update enrollment information
        if iot_hub_host_name:
            enrollment_record.allocation_policy = AllocationType.static.value
            enrollment_record.iot_hubs = iot_hub_host_name.split()
            enrollment_record.iot_hub_host_name = None
        if device_id:
            enrollment_record.device_id = device_id
        if provisioning_status:
            enrollment_record.provisioning_status = provisioning_status
        enrollment_record.registrationState = None
        if reprovision_policy:
            enrollment_record.reprovision_policy = _get_reprovision_policy(
                reprovision_policy
            )
        enrollment_record.initial_twin = _get_updated_inital_twin(
            enrollment_record, initial_twin_tags, initial_twin_properties
        )
        iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
        _validate_allocation_policy_for_enrollment(
            allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
        )
        if allocation_policy:
            enrollment_record.allocation_policy = allocation_policy
            enrollment_record.iot_hubs = iot_hub_list
            enrollment_record.iot_hub_host_name = None
            if allocation_policy == AllocationType.custom.value:
                enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
                    webhook_url=webhook_url, api_version=api_version
                )
        if edge_enabled is not None:
            enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)

        return sdk.create_or_update_individual_enrollment(
            enrollment_id, enrollment_record, etag
        )
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
                                           enrollment_id,
                                           dps_name,
                                           resource_group_name,
                                           certificate_path=None,
                                           secondary_certificate_path=None,
                                           root_ca_name=None,
                                           secondary_root_ca_name=None,
                                           primary_key=None,
                                           secondary_key=None,
                                           iot_hub_host_name=None,
                                           initial_twin_tags=None,
                                           initial_twin_properties=None,
                                           provisioning_status=None,
                                           reprovision_policy=None,
                                           allocation_policy=None,
                                           iot_hubs=None,
                                           edge_enabled=False,
                                           webhook_url=None,
                                           api_version=None):
    target = get_iot_dps_connection_string(client, dps_name,
                                           resource_group_name)
    try:
        resolver = SdkResolver(target=target)
        sdk = resolver.get_sdk(SdkType.dps_sdk)

        if not certificate_path and not secondary_certificate_path:
            if not root_ca_name and not secondary_root_ca_name:
                attestation = AttestationMechanism(
                    AttestationType.symmetricKey.value, None, None,
                    SymmetricKeyAttestation(primary_key, secondary_key))
        if certificate_path or secondary_certificate_path:
            if root_ca_name or secondary_root_ca_name:
                raise CLIError(
                    'Please provide either certificate path or certficate name'
                )
            attestation = _get_attestation_with_x509_signing_cert(
                certificate_path, secondary_certificate_path)
        if root_ca_name or secondary_root_ca_name:
            if certificate_path or secondary_certificate_path:
                raise CLIError(
                    'Please provide either certificate path or certficate name'
                )
            attestation = _get_attestation_with_x509_ca_cert(
                root_ca_name, secondary_root_ca_name)
        reprovision = _get_reprovision_policy(reprovision_policy)
        initial_twin = _get_initial_twin(initial_twin_tags,
                                         initial_twin_properties)
        iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
        _validate_allocation_policy_for_enrollment(allocation_policy,
                                                   iot_hub_host_name,
                                                   iot_hub_list, webhook_url,
                                                   api_version)
        if iot_hub_host_name and allocation_policy is None:
            allocation_policy = AllocationType.static.value
            iot_hub_list = iot_hub_host_name.split()

        custom_allocation_definition = CustomAllocationDefinition(
            webhook_url, api_version
        ) if allocation_policy == AllocationType.custom.value else None

        capabilities = DeviceCapabilities(iot_edge=edge_enabled)
        group_enrollment = EnrollmentGroup(enrollment_id, attestation,
                                           capabilities, None, initial_twin,
                                           None, provisioning_status,
                                           reprovision, allocation_policy,
                                           iot_hub_list,
                                           custom_allocation_definition)
        return sdk.device_enrollment_group.create_or_update(
            enrollment_id, group_enrollment)
    except ProvisioningServiceErrorDetailsException as e:
        raise CLIError(e)