def test_sastoken(self, mocker, client_class, connection_string):
sksm_mock = mocker.patch.object(auth, "SymmetricKeySigningMechanism")
sastoken_mock = mocker.patch.object(st, "SasToken")
cs_obj = cs.ConnectionString(connection_string)
client_class.create_from_connection_string(connection_string)
# Determine expected URI based on class under test
if client_class.__name__ == "IoTHubDeviceClient":
expected_uri = "{hostname}/devices/{device_id}".format(
hostname=cs_obj[cs.HOST_NAME], device_id=cs_obj[cs.DEVICE_ID])
else:
expected_uri = "{hostname}/devices/{device_id}/modules/{module_id}".format(
hostname=cs_obj[cs.HOST_NAME],
device_id=cs_obj[cs.DEVICE_ID],
module_id=cs_obj[cs.MODULE_ID],
)
# SymmetricKeySigningMechanism created using the connection string's SharedAccessKey
assert sksm_mock.call_count == 1
assert sksm_mock.call_args == mocker.call(
key=cs_obj[cs.SHARED_ACCESS_KEY])
# Token was created with a SymmetricKeySigningMechanism and the expected URI
assert sastoken_mock.call_count == 1
assert sastoken_mock.call_args == mocker.call(expected_uri,
sksm_mock.return_value)
def test_pipeline_config(
self,
mocker,
client_class,
mock_open,
edge_local_debug_environment,
mock_mqtt_pipeline_init,
mock_http_pipeline_init,
):
mocker.patch.dict(os.environ, edge_local_debug_environment, clear=True)
sastoken_mock = mocker.patch.object(st, "SasToken")
mock_file_handle = mock_open.return_value.__enter__.return_value
ca_cert_file_contents = "some cert"
mock_file_handle.read.return_value = ca_cert_file_contents
cs_obj = cs.ConnectionString(
edge_local_debug_environment["EdgeHubConnectionString"])
client_class.create_from_edge_environment()
# Verify pipelines created with an IoTHubPipelineConfig
assert mock_mqtt_pipeline_init.call_count == 1
assert mock_http_pipeline_init.call_count == 1
assert mock_mqtt_pipeline_init.call_args[0][
0] is mock_http_pipeline_init.call_args[0][0]
assert isinstance(mock_mqtt_pipeline_init.call_args[0][0],
IoTHubPipelineConfig)
# Verify the IoTHubPipelingConfig is constructed as expected
config = mock_mqtt_pipeline_init.call_args[0][0]
assert config.device_id == cs_obj[cs.DEVICE_ID]
assert config.module_id == cs_obj[cs.MODULE_ID]
assert config.hostname == cs_obj[cs.HOST_NAME]
assert config.gateway_hostname == cs_obj[cs.GATEWAY_HOST_NAME]
assert config.sastoken is sastoken_mock.return_value
assert config.server_verification_cert == ca_cert_file_contents
assert config.method_invoke is True
assert config.blob_upload is False
def test_pipeline_config(
self,
mocker,
client_class,
connection_string,
mock_mqtt_pipeline_init,
mock_http_pipeline_init,
):
sastoken_mock = mocker.patch.object(st, "SasToken")
cs_obj = cs.ConnectionString(connection_string)
client_class.create_from_connection_string(connection_string)
# Verify pipelines created with an IoTHubPipelineConfig
assert mock_mqtt_pipeline_init.call_count == 1
assert mock_http_pipeline_init.call_count == 1
assert mock_mqtt_pipeline_init.call_args[0][
0] is mock_http_pipeline_init.call_args[0][0]
assert isinstance(mock_mqtt_pipeline_init.call_args[0][0],
IoTHubPipelineConfig)
# Verify the IoTHubPipelineConfig is constructed as expected
config = mock_mqtt_pipeline_init.call_args[0][0]
assert config.device_id == cs_obj[cs.DEVICE_ID]
assert config.hostname == cs_obj[cs.HOST_NAME]
assert config.sastoken is sastoken_mock.return_value
if client_class.__name__ == "IoTHubModuleClient":
assert config.module_id == cs_obj[cs.MODULE_ID]
assert config.blob_upload is False
assert config.method_invoke is False
else:
assert config.module_id is None
assert config.blob_upload is True
assert config.method_invoke is False
if cs_obj.get(cs.GATEWAY_HOST_NAME):
assert config.gateway_hostname == cs_obj[cs.GATEWAY_HOST_NAME]
else:
assert config.gateway_hostname is None
def test_sastoken(self, mocker, client_class, mock_open,
edge_local_debug_environment):
mocker.patch.dict(os.environ, edge_local_debug_environment, clear=True)
sksm_mock = mocker.patch.object(auth, "SymmetricKeySigningMechanism")
sastoken_mock = mocker.patch.object(st, "SasToken")
cs_obj = cs.ConnectionString(
edge_local_debug_environment["EdgeHubConnectionString"])
expected_uri = "{hostname}/devices/{device_id}/modules/{module_id}".format(
hostname=cs_obj[cs.HOST_NAME],
device_id=cs_obj[cs.DEVICE_ID],
module_id=cs_obj[cs.MODULE_ID],
)
client_class.create_from_edge_environment()
# SymmetricKeySigningMechanism created using the connection string's Shared Access Key
assert sksm_mock.call_count == 1
assert sksm_mock.call_args == mocker.call(
key=cs_obj[cs.SHARED_ACCESS_KEY])
# SasToken created with the SymmetricKeySigningMechanism and the expected URI
assert sastoken_mock.call_count == 1
assert sastoken_mock.call_args == mocker.call(expected_uri,
sksm_mock.return_value)
def create_from_edge_environment(cls, **kwargs):
"""
Instantiate the client from the IoT Edge environment.
This method can only be run from inside an IoT Edge container, or in a debugging
environment configured for Edge development (e.g. Visual Studio, Visual Studio Code)
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT
over websockets.
:param cipher: Configuration Option. Cipher suite(s) for TLS/SSL, as a string in
"OpenSSL cipher list format" or as a list of cipher suite strings.
:type cipher: str or list(str)
:param str product_info: Configuration Option. Default is empty string. The string contains
arbitrary product info which is appended to the user agent string.
:param proxy_options: Options for sending traffic through proxy servers.
:type proxy_options: :class:`azure.iot.device.ProxyOptions`
:param int sastoken_ttl: The time to live (in seconds) for the created SasToken used for
authentication. Default is 3600 seconds (1 hour)
:param int keepalive: Maximum period in seconds between communications with the
broker. If no other messages are being exchanged, this controls the
rate at which the client will send ping messages to the broker.
If not provided default value of 60 secs will be used.
:raises: OSError if the IoT Edge container is not configured correctly.
:raises: ValueError if debug variables are invalid.
:raises: TypeError if given an unsupported parameter.
:returns: An instance of an IoTHub client that uses the IoT Edge environment for
authentication.
"""
# Ensure no invalid kwargs were passed by the user
excluded_kwargs = ["server_verification_cert"]
_validate_kwargs(exclude=excluded_kwargs, **kwargs)
# First try the regular Edge container variables
try:
hostname = os.environ["IOTEDGE_IOTHUBHOSTNAME"]
device_id = os.environ["IOTEDGE_DEVICEID"]
module_id = os.environ["IOTEDGE_MODULEID"]
gateway_hostname = os.environ["IOTEDGE_GATEWAYHOSTNAME"]
module_generation_id = os.environ["IOTEDGE_MODULEGENERATIONID"]
workload_uri = os.environ["IOTEDGE_WORKLOADURI"]
api_version = os.environ["IOTEDGE_APIVERSION"]
except KeyError:
# As a fallback, try the Edge local dev variables for debugging.
# These variables are set by VS/VS Code in order to allow debugging
# of Edge application code in a non-Edge dev environment.
try:
connection_string = os.environ["EdgeHubConnectionString"]
ca_cert_filepath = os.environ["EdgeModuleCACertificateFile"]
except KeyError as e:
new_err = OSError(
"IoT Edge environment not configured correctly")
new_err.__cause__ = e
raise new_err
# Read the certificate file to pass it on as a string
# TODO: variant server_verification_cert file vs data object that would remove the need for this fopen
try:
with io.open(ca_cert_filepath, mode="r") as ca_cert_file:
server_verification_cert = ca_cert_file.read()
except (OSError, IOError) as e:
# In Python 2, a non-existent file raises IOError, and an invalid file raises an IOError.
# In Python 3, a non-existent file raises FileNotFoundError, and an invalid file raises an OSError.
# However, FileNotFoundError inherits from OSError, and IOError has been turned into an alias for OSError,
# thus we can catch the errors for both versions in this block.
# Unfortunately, we can't distinguish cause of error from error type, so the raised ValueError has a generic
# message. If, in the future, we want to add detail, this could be accomplished by inspecting the e.errno
# attribute
new_err = ValueError("Invalid CA certificate file")
new_err.__cause__ = e
raise new_err
# Extract config values from connection string
connection_string = cs.ConnectionString(connection_string)
try:
device_id = connection_string[cs.DEVICE_ID]
module_id = connection_string[cs.MODULE_ID]
hostname = connection_string[cs.HOST_NAME]
gateway_hostname = connection_string[cs.GATEWAY_HOST_NAME]
except KeyError:
raise ValueError("Invalid Connection String")
# Use Symmetric Key authentication for local dev experience.
signing_mechanism = auth.SymmetricKeySigningMechanism(
key=connection_string[cs.SHARED_ACCESS_KEY])
else:
# Use an HSM for authentication in the general case
hsm = edge_hsm.IoTEdgeHsm(
module_id=module_id,
generation_id=module_generation_id,
workload_uri=workload_uri,
api_version=api_version,
)
try:
server_verification_cert = hsm.get_certificate()
except edge_hsm.IoTEdgeError as e:
new_err = OSError("Unexpected failure in IoTEdge")
new_err.__cause__ = e
raise new_err
signing_mechanism = hsm
# Create SasToken
uri = _form_sas_uri(hostname=hostname,
device_id=device_id,
module_id=module_id)
token_ttl = kwargs.get("sastoken_ttl", 3600)
try:
sastoken = st.SasToken(uri, signing_mechanism, ttl=token_ttl)
except st.SasTokenError as e:
new_err = ValueError(
"Could not create a SasToken using the values provided, or in the Edge environment"
)
new_err.__cause__ = e
raise new_err
# Pipeline Config setup
config_kwargs = _get_config_kwargs(**kwargs)
pipeline_configuration = pipeline.IoTHubPipelineConfig(
device_id=device_id,
module_id=module_id,
hostname=hostname,
gateway_hostname=gateway_hostname,
sastoken=sastoken,
server_verification_cert=server_verification_cert,
**config_kwargs)
pipeline_configuration.method_invoke = (
True # Method Invoke is allowed on modules created from edge environment
)
# Pipeline setup
http_pipeline = pipeline.HTTPPipeline(pipeline_configuration)
mqtt_pipeline = pipeline.MQTTPipeline(pipeline_configuration)
return cls(mqtt_pipeline, http_pipeline)
def create_from_connection_string(cls, connection_string, **kwargs):
"""
Instantiate the client from a IoTHub device or module connection string.
:param str connection_string: The connection string for the IoTHub you wish to connect to.
:param str server_verification_cert: Configuration Option. The trusted certificate chain.
Necessary when using connecting to an endpoint which has a non-standard root of trust,
such as a protocol gateway.
:param bool websockets: Configuration Option. Default is False. Set to true if using MQTT
over websockets.
:param cipher: Configuration Option. Cipher suite(s) for TLS/SSL, as a string in
"OpenSSL cipher list format" or as a list of cipher suite strings.
:type cipher: str or list(str)
:param str product_info: Configuration Option. Default is empty string. The string contains
arbitrary product info which is appended to the user agent string.
:param proxy_options: Options for sending traffic through proxy servers.
:type proxy_options: :class:`azure.iot.device.ProxyOptions`
:param int sastoken_ttl: The time to live (in seconds) for the created SasToken used for
authentication. Default is 3600 seconds (1 hour)
:param int keepalive: Maximum period in seconds between communications with the
broker. If no other messages are being exchanged, this controls the
rate at which the client will send ping messages to the broker.
If not provided default value of 60 secs will be used.
:raises: ValueError if given an invalid connection_string.
:raises: TypeError if given an unsupported parameter.
:returns: An instance of an IoTHub client that uses a connection string for authentication.
"""
# TODO: Make this device/module specific and reject non-matching connection strings.
# Ensure no invalid kwargs were passed by the user
_validate_kwargs(**kwargs)
# Create SasToken
connection_string = cs.ConnectionString(connection_string)
uri = _form_sas_uri(
hostname=connection_string[cs.HOST_NAME],
device_id=connection_string[cs.DEVICE_ID],
module_id=connection_string.get(cs.MODULE_ID),
)
signing_mechanism = auth.SymmetricKeySigningMechanism(
key=connection_string[cs.SHARED_ACCESS_KEY])
token_ttl = kwargs.get("sastoken_ttl", 3600)
try:
sastoken = st.SasToken(uri, signing_mechanism, ttl=token_ttl)
except st.SasTokenError as e:
new_err = ValueError(
"Could not create a SasToken using provided values")
new_err.__cause__ = e
raise new_err
# Pipeline Config setup
config_kwargs = _get_config_kwargs(**kwargs)
pipeline_configuration = pipeline.IoTHubPipelineConfig(
device_id=connection_string[cs.DEVICE_ID],
module_id=connection_string.get(cs.MODULE_ID),
hostname=connection_string[cs.HOST_NAME],
gateway_hostname=connection_string.get(cs.GATEWAY_HOST_NAME),
sastoken=sastoken,
**config_kwargs)
if cls.__name__ == "IoTHubDeviceClient":
pipeline_configuration.blob_upload = True
# Pipeline setup
http_pipeline = pipeline.HTTPPipeline(pipeline_configuration)
mqtt_pipeline = pipeline.MQTTPipeline(pipeline_configuration)
return cls(mqtt_pipeline, http_pipeline)
