def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
return m_sdk.registration_status.delete_registration_state(registration_id)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_get(
client, enrollment_id, dps_name, resource_group_name, show_keys=None
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment = sdk.get_individual_enrollment(
enrollment_id, raw=True
).response.json()
if show_keys:
enrollment_type = enrollment["attestation"]["type"]
if enrollment_type == AttestationType.symmetricKey.value:
attestation = sdk.get_individual_enrollment_attestation_mechanism(
enrollment_id, raw=True
).response.json()
enrollment["attestation"] = attestation
else:
logger.warn(
"--show-keys argument was provided, but requested enrollment has an attestation type of '{}'."
" Currently, --show-keys is only supported for symmetric key enrollments".format(
enrollment_type
)
)
return enrollment
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_get(client, enrollment_id, dps_name, resource_group_name):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
return m_sdk.device_enrollment.get(enrollment_id)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
enrollment_id,
dps_name,
resource_group_name,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
attestation = AttestationMechanism(
AttestationType.symmetricKey.value, None, None,
SymmetricKeyAttestation(primary_key, secondary_key))
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_signing_cert(
certificate_path, secondary_certificate_path)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_ca_cert(
root_ca_name, secondary_root_ca_name)
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
group_enrollment = EnrollmentGroup(enrollment_id, attestation, None,
initial_twin, None,
provisioning_status, reprovision,
allocation_policy, iot_hub_list)
return m_sdk.device_enrollment_group.create_or_update(
enrollment_id, group_enrollment)
except errors.ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name,
enrollment_id):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
return m_sdk.registration_state.query_registration_state(enrollment_id)
except errors.ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_delete(client, dps_name, resource_group_name, registration_id):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_device_registration_state(registration_id)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_create(client,
enrollment_id,
attestation_type,
dps_name,
resource_group_name,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=False):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if attestation_type == AttestationType.tpm.value:
if not endorsement_key:
raise CLIError('Endorsement key is requried')
attestation = AttestationMechanism(AttestationType.tpm.value,
TpmAttestation(endorsement_key))
if attestation_type == AttestationType.x509.value:
attestation = _get_attestation_with_x509_client_cert(
certificate_path, secondary_certificate_path)
if attestation_type == AttestationType.symmetricKey.value:
attestation = AttestationMechanism(
AttestationType.symmetricKey.value, None, None,
SymmetricKeyAttestation(primary_key, secondary_key))
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
capabilities = DeviceCapabilities(iot_edge=edge_enabled)
enrollment = IndividualEnrollment(enrollment_id, attestation,
capabilities, device_id, None,
initial_twin, None,
provisioning_status, reprovision,
allocation_policy, iot_hub_list)
return m_sdk.device_enrollment.create_or_update(
enrollment_id, enrollment)
except errors.ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_list(client, dps_name, resource_group_name, enrollment_id):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.query_device_registration_states(
enrollment_id, raw=True
).response.json()
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_delete(
cmd, client, enrollment_id, dps_name, resource_group_name, etag=None
):
target = get_iot_dps_connection_string(cmd, client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_enrollment_group(enrollment_id, if_match=(etag if etag else "*"))
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_delete(
client, enrollment_id, dps_name, resource_group_name
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
return sdk.delete_individual_enrollment(enrollment_id)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None):
from azext_iot.dps_sdk.models.query_specification import QuerySpecification
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
query_command = "SELECT *"
query = QuerySpecification(query_command)
return _execute_query(query, m_sdk.device_enrollment.query, top)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_list(client, dps_name, resource_group_name, top=None):
from azext_iot.sdk.dps.service.models.query_specification import QuerySpecification
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
query_command = "SELECT *"
query = [QuerySpecification(query=query_command)]
return _execute_query(query, sdk.query_individual_enrollments, top)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
enrollment_id,
dps_name,
resource_group_name,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
raise CLIError('Please provide at least one certificate')
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError('Please provide either certificate path or certficate name')
attestation = _get_attestation_with_x509_signing_cert(certificate_path, secondary_certificate_path)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError('Please provide either certificate path or certficate name')
attestation = _get_attestation_with_x509_ca_cert(root_ca_name, secondary_root_ca_name)
initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties)
group_enrollment = EnrollmentGroup(enrollment_id,
attestation,
iot_hub_host_name,
initial_twin,
None,
provisioning_status)
return m_sdk.device_enrollment_group.create_or_update(enrollment_id, group_enrollment)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_create(client,
enrollment_id,
attestation_type,
dps_name,
resource_group_name,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if attestation_type == AttestationType.tpm.value:
if not endorsement_key:
raise CLIError('Endorsement key is requried')
tpm = TpmAttestation(endorsement_key)
attestation = AttestationMechanism(AttestationType.tpm.value, tpm)
if attestation_type == AttestationType.x509.value:
attestation = _get_attestation_with_x509_client_cert(certificate_path, secondary_certificate_path)
initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties)
enrollment = IndividualEnrollment(enrollment_id,
attestation,
device_id,
None,
iot_hub_host_name,
initial_twin,
None,
provisioning_status)
return m_sdk.device_enrollment.create_or_update(enrollment_id, enrollment)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment.get(enrollment_id)
# Verify etag
if etag and hasattr(
enrollment_record,
'etag') and etag != enrollment_record.etag.replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', '')
# Verify and update attestation information
attestation_type = enrollment_record.attestation.type
_validate_arguments_for_attestation_mechanism(
attestation_type, endorsement_key, certificate_path,
secondary_certificate_path, remove_certificate,
remove_secondary_certificate, primary_key, secondary_key)
if attestation_type == AttestationType.tpm.value:
if endorsement_key:
enrollment_record.attestation.tpm.endorsement_key = endorsement_key
elif attestation_type == AttestationType.x509.value:
enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert(
enrollment_record.attestation, certificate_path,
secondary_certificate_path, remove_certificate,
remove_secondary_certificate)
else:
enrollment_record.attestation = m_sdk.device_enrollment.attestation_mechanism_method(
enrollment_id)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = secondary_key
# Update enrollment information
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if device_id:
enrollment_record.device_id = device_id
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
enrollment_record.registrationState = None
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
return m_sdk.device_enrollment.create_or_update(
enrollment_id, enrollment_record, etag)
except errors.ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_update(
client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=None,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment_record = sdk.get_enrollment_group(enrollment_id)
# Verify etag
if (
etag
and hasattr(enrollment_record, "etag")
and etag != enrollment_record.etag.replace('"', "")
):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', "")
# Update enrollment information
if enrollment_record.attestation.type == AttestationType.symmetricKey.value:
enrollment_record.attestation = sdk.get_enrollment_group_attestation_mechanism(
enrollment_id
)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = (
secondary_key
)
if enrollment_record.attestation.type == AttestationType.x509.value:
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
# Check if certificate can be safely removed while no new certificate has been provided
if remove_certificate and remove_secondary_certificate:
raise CLIError("Please provide at least one certificate")
if not _can_remove_primary_certificate(
remove_certificate, enrollment_record.attestation
):
raise CLIError(
"Please provide at least one certificate while removing the only primary certificate"
)
if not _can_remove_secondary_certificate(
remove_secondary_certificate, enrollment_record.attestation
):
raise CLIError(
"Please provide at least one certificate while removing the only secondary certificate"
)
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
"Please provide either certificate path or certficate name"
)
enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert(
enrollment_record.attestation,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
"Please provide either certificate path or certficate name"
)
enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert(
enrollment_record.attestation,
root_ca_name,
secondary_root_ca_name,
remove_certificate,
remove_secondary_certificate,
)
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy
)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties
)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
if allocation_policy == AllocationType.custom.value:
enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
webhook_url=webhook_url, api_version=api_version
)
if edge_enabled is not None:
enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)
return sdk.create_or_update_enrollment_group(
enrollment_id, enrollment_record, etag
)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_update(
client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=None,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
enrollment_record = sdk.get_individual_enrollment(enrollment_id)
# Verify etag
if (
etag
and hasattr(enrollment_record, "etag")
and etag != enrollment_record.etag.replace('"', "")
):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', "")
# Verify and update attestation information
attestation_type = enrollment_record.attestation.type
_validate_arguments_for_attestation_mechanism(
attestation_type,
endorsement_key,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
primary_key,
secondary_key,
)
if attestation_type == AttestationType.tpm.value:
if endorsement_key:
enrollment_record.attestation.tpm.endorsement_key = endorsement_key
elif attestation_type == AttestationType.x509.value:
enrollment_record.attestation = _get_updated_attestation_with_x509_client_cert(
enrollment_record.attestation,
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate,
)
else:
enrollment_record.attestation = sdk.get_individual_enrollment_attestation_mechanism(
enrollment_id
)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = (
secondary_key
)
# Update enrollment information
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if device_id:
enrollment_record.device_id = device_id
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
enrollment_record.registrationState = None
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy
)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties
)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
if allocation_policy == AllocationType.custom.value:
enrollment_record.custom_allocation_definition = CustomAllocationDefinition(
webhook_url=webhook_url, api_version=api_version
)
if edge_enabled is not None:
enrollment_record.capabilities = DeviceCapabilities(iot_edge=edge_enabled)
return sdk.create_or_update_individual_enrollment(
enrollment_id, enrollment_record, etag
)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
remove_certificate=None,
remove_secondary_certificate=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment.get(enrollment_id)
# Verify etag
if etag and 'etag' in enrollment_record and etag != enrollment_record['etag'].replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record['etag'].replace('"', '')
# Verify and update attestation information
attestation_type = enrollment_record['attestation']['type']
if attestation_type == AttestationType.tpm.value:
if certificate_path or secondary_certificate_path:
raise CLIError('Cannot update certificate while enrollment is using tpm attestation mechanism')
if remove_certificate or remove_secondary_certificate:
raise CLIError('Cannot remove certificate while enrollment is using tpm attestation mechanism')
if endorsement_key:
enrollment_record['attestation']['tpm']['endorsement_key'] = endorsement_key
else:
if endorsement_key:
raise CLIError('Cannot update endorsement key while enrollment is using x509 attestation mechanism')
enrollment_record['attestation'] = _get_updated_attestation_with_x509_client_cert(enrollment_record['attestation'],
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate)
# Update enrollment information
if iot_hub_host_name:
enrollment_record['iotHubHostName'] = iot_hub_host_name
if device_id:
enrollment_record['deviceId'] = device_id
if provisioning_status:
enrollment_record['provisioningStatus'] = provisioning_status
enrollment_record['registrationState'] = None
enrollment_record['initialTwin'] = _get_updated_inital_twin(enrollment_record,
initial_twin_tags,
initial_twin_properties)
return m_sdk.device_enrollment.create_or_update(enrollment_id, enrollment_record, etag)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
remove_certificate=None,
remove_secondary_certificate=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment_group.get(enrollment_id)
# Verify etag
if etag and hasattr(
enrollment_record,
'etag') and etag != enrollment_record.etag.replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record.etag.replace('"', '')
# Update enrollment information
if enrollment_record.attestation.type == AttestationType.symmetricKey.value:
enrollment_record.attestation = m_sdk.device_enrollment_group.attestation_mechanism_method(
enrollment_id)
if primary_key:
enrollment_record.attestation.symmetric_key.primary_key = primary_key
if secondary_key:
enrollment_record.attestation.symmetric_key.secondary_key = secondary_key
if enrollment_record.attestation.type == AttestationType.x509.value:
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
# Check if certificate can be safely removed while no new certificate has been provided
if remove_certificate and remove_secondary_certificate:
raise CLIError(
'Please provide at least one certificate')
if not _can_remove_primary_certificate(
remove_certificate, enrollment_record.attestation):
raise CLIError(
'Please provide at least one certificate while removing the only primary certificate'
)
if not _can_remove_secondary_certificate(
remove_secondary_certificate,
enrollment_record.attestation):
raise CLIError(
'Please provide at least one certificate while removing the only secondary certificate'
)
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
enrollment_record.attestation = _get_updated_attestation_with_x509_signing_cert(
enrollment_record.attestation, certificate_path,
secondary_certificate_path, remove_certificate,
remove_secondary_certificate)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
enrollment_record.attestation = _get_updated_attestation_with_x509_ca_cert(
enrollment_record.attestation, root_ca_name,
secondary_root_ca_name, remove_certificate,
remove_secondary_certificate)
if iot_hub_host_name:
enrollment_record.allocation_policy = AllocationType.static.value
enrollment_record.iot_hubs = iot_hub_host_name.split()
enrollment_record.iot_hub_host_name = None
if provisioning_status:
enrollment_record.provisioning_status = provisioning_status
if reprovision_policy:
enrollment_record.reprovision_policy = _get_reprovision_policy(
reprovision_policy)
enrollment_record.initial_twin = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list)
if allocation_policy:
enrollment_record.allocation_policy = allocation_policy
enrollment_record.iot_hubs = iot_hub_list
enrollment_record.iot_hub_host_name = None
return m_sdk.device_enrollment_group.create_or_update(
enrollment_id, enrollment_record, etag)
except errors.ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
remove_certificate=None,
remove_secondary_certificate=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment_group.get(enrollment_id)
# Verify etag
if etag and 'etag' in enrollment_record and etag != enrollment_record['etag'].replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record['etag'].replace('"', '')
# Update enrollment information
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
# Check if certificate can be safely removed while no new certificate has been provided
if remove_certificate and remove_secondary_certificate:
raise CLIError('Please provide at least one certificate')
if not _can_remove_primary_certificate(remove_certificate, enrollment_record['attestation']):
raise CLIError('Please provide at least one certificate while removing the only primary certificate')
if not _can_remove_secondary_certificate(remove_secondary_certificate, enrollment_record['attestation']):
raise CLIError('Please provide at least one certificate while removing the only secondary certificate')
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError('Please provide either certificate path or certficate name')
enrollment_record['attestation'] = _get_updated_attestation_with_x509_signing_cert(enrollment_record['attestation'],
certificate_path,
secondary_certificate_path,
remove_certificate,
remove_secondary_certificate)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError('Please provide either certificate path or certficate name')
enrollment_record['attestation'] = _get_updated_attestation_with_x509_ca_cert(enrollment_record['attestation'],
root_ca_name,
secondary_root_ca_name,
remove_certificate,
remove_secondary_certificate)
if iot_hub_host_name:
enrollment_record['iotHubHostName'] = iot_hub_host_name
if provisioning_status:
enrollment_record['provisioningStatus'] = provisioning_status
enrollment_record['initialTwin'] = _get_updated_inital_twin(enrollment_record,
initial_twin_tags,
initial_twin_properties)
return m_sdk.device_enrollment_group.create_or_update(enrollment_id, enrollment_record, etag)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_create(
client,
enrollment_id,
attestation_type,
dps_name,
resource_group_name,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
primary_key=None,
secondary_key=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=False,
webhook_url=None,
api_version=None,
):
target = get_iot_dps_connection_string(client, dps_name, resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
if attestation_type == AttestationType.tpm.value:
if not endorsement_key:
raise CLIError("Endorsement key is requried")
attestation = AttestationMechanism(
type=AttestationType.tpm.value,
tpm=TpmAttestation(endorsement_key=endorsement_key),
)
if attestation_type == AttestationType.x509.value:
attestation = _get_attestation_with_x509_client_cert(
certificate_path, secondary_certificate_path
)
if attestation_type == AttestationType.symmetricKey.value:
attestation = AttestationMechanism(
type=AttestationType.symmetricKey.value,
symmetric_key=SymmetricKeyAttestation(
primary_key=primary_key, secondary_key=secondary_key
),
)
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags, initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(
allocation_policy, iot_hub_host_name, iot_hub_list, webhook_url, api_version
)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
custom_allocation_definition = (
CustomAllocationDefinition(webhook_url=webhook_url, api_version=api_version)
if allocation_policy == AllocationType.custom.value
else None
)
capabilities = DeviceCapabilities(iot_edge=edge_enabled)
enrollment = IndividualEnrollment(
registration_id=enrollment_id,
attestation=attestation,
capabilities=capabilities,
device_id=device_id,
initial_twin=initial_twin,
provisioning_status=provisioning_status,
reprovision_policy=reprovision,
allocation_policy=allocation_policy,
iot_hubs=iot_hub_list,
custom_allocation_definition=custom_allocation_definition,
)
return sdk.create_or_update_individual_enrollment(enrollment_id, enrollment)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
enrollment_id,
dps_name,
resource_group_name,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
primary_key=None,
secondary_key=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None,
reprovision_policy=None,
allocation_policy=None,
iot_hubs=None,
edge_enabled=False,
webhook_url=None,
api_version=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
resolver = SdkResolver(target=target)
sdk = resolver.get_sdk(SdkType.dps_sdk)
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
attestation = AttestationMechanism(
AttestationType.symmetricKey.value, None, None,
SymmetricKeyAttestation(primary_key, secondary_key))
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_signing_cert(
certificate_path, secondary_certificate_path)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_ca_cert(
root_ca_name, secondary_root_ca_name)
reprovision = _get_reprovision_policy(reprovision_policy)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
iot_hub_list = iot_hubs.split() if iot_hubs else iot_hubs
_validate_allocation_policy_for_enrollment(allocation_policy,
iot_hub_host_name,
iot_hub_list, webhook_url,
api_version)
if iot_hub_host_name and allocation_policy is None:
allocation_policy = AllocationType.static.value
iot_hub_list = iot_hub_host_name.split()
custom_allocation_definition = CustomAllocationDefinition(
webhook_url, api_version
) if allocation_policy == AllocationType.custom.value else None
capabilities = DeviceCapabilities(iot_edge=edge_enabled)
group_enrollment = EnrollmentGroup(enrollment_id, attestation,
capabilities, None, initial_twin,
None, provisioning_status,
reprovision, allocation_policy,
iot_hub_list,
custom_allocation_definition)
return sdk.device_enrollment_group.create_or_update(
enrollment_id, group_enrollment)
except ProvisioningServiceErrorDetailsException as e:
raise CLIError(e)
