def create_from_x509_certificate(cls, x509, hostname, device_id, **kwargs):
"""
Instantiate a client which using X509 certificate authentication.
:param str hostname: Host running the IotHub.
Can be found in the Azure portal in the Overview tab as the string hostname.
:param x509: The complete x509 certificate object.
To use the certificate the enrollment object needs to contain cert
(either the root certificate or one of the intermediate CA certificates).
If the cert comes from a CER file, it needs to be base64 encoded.
:type x509: :class:`azure.iot.device.X509`
:param str device_id: The ID used to uniquely identify a device in the IoTHub
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:returns: An instance of an IoTHub client that uses an X509 certificate for authentication.
"""
authentication_provider = auth.X509AuthenticationProvider(
x509=x509, hostname=hostname, device_id=device_id)
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
pipeline_configuration.blob_upload = True # Blob Upload is a feature on Device Clients
http_pipeline = pipeline.HTTPPipeline(authentication_provider,
pipeline_configuration)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline, http_pipeline)
def create_from_connection_string(cls,
connection_string,
server_verification_cert=None,
**kwargs):
"""
Instantiate the client from a IoTHub device or module connection string.
:param str connection_string: The connection string for the IoTHub you wish to connect to.
:param str server_verification_cert: The trusted certificate chain. Necessary when
using connecting to an endpoint which has a non-standard root of trust, such as a
protocol gateway.
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:raises: ValueError if given an invalid connection_string.
:returns: An instance of an IoTHub client that uses a connection string for authentication.
"""
# TODO: Make this device/module specific and reject non-matching connection strings.
# This will require refactoring of the auth package to use common objects (e.g. ConnectionString)
# in order to differentiate types of connection strings.
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
if cls.__name__ == "IoTHubDeviceClient":
pipeline_configuration.blob_upload = True
authentication_provider = auth.SymmetricKeyAuthenticationProvider.parse(
connection_string)
authentication_provider.server_verification_cert = server_verification_cert
http_pipeline = pipeline.HTTPPipeline(authentication_provider,
pipeline_configuration)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline, http_pipeline)
def create_from_symmetric_key(cls, symmetric_key, hostname, device_id,
**kwargs):
"""
Instantiate a client using symmetric key authentication.
:param symmetric_key: The symmetric key.
:param str hostname: Host running the IotHub.
Can be found in the Azure portal in the Overview tab as the string hostname.
:param device_id: The device ID
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:return: An instance of an IoTHub client that uses a symmetric key for authentication.
"""
authentication_provider = auth.SymmetricKeyAuthenticationProvider(
hostname=hostname,
device_id=device_id,
module_id=None,
shared_access_key=symmetric_key)
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
pipeline_configuration.blob_upload = True # Blob Upload is a feature on Device Clients
http_pipeline = pipeline.HTTPPipeline(authentication_provider,
pipeline_configuration)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline, http_pipeline)
def create_from_connection_string(cls,
connection_string,
ca_cert=None,
**kwargs):
"""
Instantiate the client from a IoTHub device or module connection string.
:param str connection_string: The connection string for the IoTHub you wish to connect to.
:param str ca_cert: The trusted certificate chain. Only necessary when using a
connection string with a GatewayHostName parameter.
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:raises: ValueError if given an invalid connection_string.
:returns: An instance of an IoTHub client that uses a connection string for authentication.
"""
# TODO: Make this device/module specific and reject non-matching connection strings.
# This will require refactoring of the auth package to use common objects (e.g. ConnectionString)
# in order to differentiate types of connection strings.
authentication_provider = auth.SymmetricKeyAuthenticationProvider.parse(
connection_string)
authentication_provider.ca_cert = ca_cert # TODO: make this part of the instantiation
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline)
def create_from_shared_access_signature(cls, sas_token, **kwargs):
"""
Instantiate the client from a Shared Access Signature (SAS) token.
This method of instantiation is not recommended for general usage.
:param str sas_token: The string representation of a SAS token.
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:raises: ValueError if given an invalid sas_token
:returns: An instance of an IoTHub client that uses a SAS token for authentication.
"""
authentication_provider = auth.SharedAccessSignatureAuthenticationProvider.parse(
sas_token)
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline)
def create_from_edge_environment(cls, **kwargs):
"""
Instantiate the client from the IoT Edge environment.
This method can only be run from inside an IoT Edge container, or in a debugging
environment configured for Edge development (e.g. Visual Studio, Visual Studio Code)
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT over websockets.
:param str product_info: Configuration Option. Default is empty string. The string contains arbitrary product info which is appended to the user agent string.
:raises: OSError if the IoT Edge container is not configured correctly.
:raises: ValueError if debug variables are invalid
:returns: An instance of an IoTHub client that uses the IoT Edge environment for
authentication.
"""
# First try the regular Edge container variables
try:
hostname = os.environ["IOTEDGE_IOTHUBHOSTNAME"]
device_id = os.environ["IOTEDGE_DEVICEID"]
module_id = os.environ["IOTEDGE_MODULEID"]
gateway_hostname = os.environ["IOTEDGE_GATEWAYHOSTNAME"]
module_generation_id = os.environ["IOTEDGE_MODULEGENERATIONID"]
workload_uri = os.environ["IOTEDGE_WORKLOADURI"]
api_version = os.environ["IOTEDGE_APIVERSION"]
except KeyError:
# As a fallback, try the Edge local dev variables for debugging.
# These variables are set by VS/VS Code in order to allow debugging
# of Edge application code in a non-Edge dev environment.
try:
connection_string = os.environ["EdgeHubConnectionString"]
ca_cert_filepath = os.environ["EdgeModuleCACertificateFile"]
except KeyError as e:
new_err = OSError(
"IoT Edge environment not configured correctly")
new_err.__cause__ = e
raise new_err
# TODO: variant server_verification_cert file vs data object that would remove the need for this fopen
# Read the certificate file to pass it on as a string
try:
with io.open(ca_cert_filepath, mode="r") as ca_cert_file:
server_verification_cert = ca_cert_file.read()
except (OSError, IOError) as e:
# In Python 2, a non-existent file raises IOError, and an invalid file raises an IOError.
# In Python 3, a non-existent file raises FileNotFoundError, and an invalid file raises an OSError.
# However, FileNotFoundError inherits from OSError, and IOError has been turned into an alias for OSError,
# thus we can catch the errors for both versions in this block.
# Unfortunately, we can't distinguish cause of error from error type, so the raised ValueError has a generic
# message. If, in the future, we want to add detail, this could be accomplished by inspecting the e.errno
# attribute
new_err = ValueError("Invalid CA certificate file")
new_err.__cause__ = e
raise new_err
# Use Symmetric Key authentication for local dev experience.
try:
authentication_provider = auth.SymmetricKeyAuthenticationProvider.parse(
connection_string)
except ValueError:
raise
authentication_provider.server_verification_cert = server_verification_cert
else:
# Use an HSM for authentication in the general case
try:
authentication_provider = auth.IoTEdgeAuthenticationProvider(
hostname=hostname,
device_id=device_id,
module_id=module_id,
gateway_hostname=gateway_hostname,
module_generation_id=module_generation_id,
workload_uri=workload_uri,
api_version=api_version,
)
except auth.IoTEdgeError as e:
new_err = OSError("Unexpected failure in IoTEdge")
new_err.__cause__ = e
raise new_err
pipeline_configuration = IoTHubPipelineConfig(**kwargs)
pipeline_configuration.method_invoke = (
True
) # Method Invoke is allowed on modules created from edge environment
http_pipeline = pipeline.HTTPPipeline(authentication_provider,
pipeline_configuration)
iothub_pipeline = pipeline.IoTHubPipeline(authentication_provider,
pipeline_configuration)
return cls(iothub_pipeline, http_pipeline)
def test_method_invoke(self):
config = IoTHubPipelineConfig()
assert config.method_invoke is False
def test_blob_upload(self):
config = IoTHubPipelineConfig()
assert config.blob_upload is False
def test_product_info_default(self):
config = IoTHubPipelineConfig()
assert config.product_info == ""
def test_product_info_set(self):
my_product_info = "some_info"
config = IoTHubPipelineConfig(product_info=my_product_info)
assert config.product_info == my_product_info
def test_method_invoke(self, sastoken):
config = IoTHubPipelineConfig(device_id=device_id,
hostname=hostname,
sastoken=sastoken)
assert config.method_invoke is False
def test_blob_upload(self, sastoken):
config = IoTHubPipelineConfig(device_id=device_id,
hostname=hostname,
sastoken=sastoken)
assert config.blob_upload is False
def test_product_info_default(self, sastoken):
config = IoTHubPipelineConfig(device_id=device_id,
hostname=hostname,
sastoken=sastoken)
assert config.product_info == ""
def test_module_id_default(self, sastoken):
config = IoTHubPipelineConfig(device_id=device_id,
hostname=hostname,
sastoken=sastoken)
assert config.module_id is None
def test_device_id_set(self, sastoken):
config = IoTHubPipelineConfig(device_id=device_id,
hostname=hostname,
sastoken=sastoken)
assert config.device_id == device_id