def test_get_dps_conn_string(self, mocker, dpscount, targetdps,
policy_name, rg_name, exp_success, why):
def _build_dps(dps, name, rg=None):
dps.name = name
dps.properties.service_operations_host_name = "{}.{}".format(
name, dps_suffix)
dps.resourcegroup = rg
client.config.subscription_id = mock_target['subscription']
return dps
def _build_policy(policy, name):
policy.key_name = name
policy.primary_key = mock_target['primarykey']
policy.secondary_key = mock_target['secondarykey']
return policy
client = mocker.MagicMock(name='dpsclient')
dps_list = []
for i in range(0, dpscount):
dps_list.append(
_build_dps(mocker.MagicMock(), "dps{}".format(i), rg_name))
client.list_by_subscription.return_value = dps_list
if why == "dps":
client.iot_dps_resource.get.side_effect = ValueError
else:
client.iot_dps_resource.get.return_value = _build_dps(
mocker.MagicMock(), targetdps, rg_name)
if why == "policy":
client.iot_dps_resource.list_keys_for_key_name.side_effect = ValueError
else:
client.iot_dps_resource.list_keys_for_key_name.return_value = _build_policy(
mocker.MagicMock(), policy_name)
from azext_iot.common.azure import get_iot_dps_connection_string
if exp_success:
result = get_iot_dps_connection_string(client, targetdps, rg_name,
policy_name)
expecting_dps = "{}.{}".format(targetdps, dps_suffix)
assert result['entity'] == expecting_dps
assert result['policy'] == policy_name
assert result['subscription'] == mock_target['subscription']
assert result[
'cs'] == "HostName={};SharedAccessKeyName={};SharedAccessKey={}".format(
expecting_dps, policy_name, mock_target['primarykey'])
client.iot_dps_resource.get.assert_called_with(targetdps, rg_name)
client.iot_dps_resource.list_keys_for_key_name.assert_called_with(
targetdps, policy_name, rg_name)
else:
with pytest.raises(CLIError):
get_iot_dps_connection_string(client, targetdps, rg_name,
policy_name)
def iot_dps_device_enrollment_get(client, enrollment_id, dps_name,
resource_group_name):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
return m_sdk.device_enrollment.get(enrollment_id)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_registration_delete(client, dps_name, resource_group_name,
registration_id):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
return m_sdk.registration_status.delete_registration_state(
registration_id)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_list(client,
dps_name,
resource_group_name,
top=None):
from azext_iot.dps_sdk.models.query_specification import QuerySpecification
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
query_command = "SELECT *"
query = QuerySpecification(query_command)
return execute_query(query, m_sdk.device_enrollment.query, errors, top)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_create(client,
enrollment_id,
dps_name,
resource_group_name,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
raise CLIError('Please provide at least one certificate')
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_signing_cert(
certificate_path, secondary_certificate_path)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
attestation = _get_attestation_with_x509_ca_cert(
root_ca_name, secondary_root_ca_name)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
group_enrollment = EnrollmentGroup(enrollment_id, attestation,
iot_hub_host_name, initial_twin,
None, provisioning_status)
return m_sdk.device_enrollment_group.create_or_update(
enrollment_id, group_enrollment)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_create(client,
enrollment_id,
attestation_type,
dps_name,
resource_group_name,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
if attestation_type == AttestationType.tpm.value:
if not endorsement_key:
raise CLIError('Endorsement key is requried')
tpm = TpmAttestation(endorsement_key)
attestation = AttestationMechanism(AttestationType.tpm.value, tpm)
if attestation_type == AttestationType.x509.value:
attestation = _get_attestation_with_x509_client_cert(
certificate_path, secondary_certificate_path)
initial_twin = _get_initial_twin(initial_twin_tags,
initial_twin_properties)
enrollment = IndividualEnrollment(enrollment_id, attestation,
device_id, None, iot_hub_host_name,
initial_twin, None,
provisioning_status)
return m_sdk.device_enrollment.create_or_update(
enrollment_id, enrollment)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_group_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
certificate_path=None,
secondary_certificate_path=None,
root_ca_name=None,
secondary_root_ca_name=None,
remove_certificate=None,
remove_secondary_certificate=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment_group.get(enrollment_id)
# Verify etag
if etag and 'etag' in enrollment_record and etag != enrollment_record[
'etag'].replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record['etag'].replace('"', '')
# Update enrollment information
if not certificate_path and not secondary_certificate_path:
if not root_ca_name and not secondary_root_ca_name:
# Check if certificate can be safely removed while no new certificate has been provided
if remove_certificate and remove_secondary_certificate:
raise CLIError('Please provide at least one certificate')
if not _can_remove_primary_certificate(
remove_certificate, enrollment_record['attestation']):
raise CLIError(
'Please provide at least one certificate while removing the only primary certificate'
)
if not _can_remove_secondary_certificate(
remove_secondary_certificate,
enrollment_record['attestation']):
raise CLIError(
'Please provide at least one certificate while removing the only secondary certificate'
)
if certificate_path or secondary_certificate_path:
if root_ca_name or secondary_root_ca_name:
raise CLIError(
'Please provide either certificate path or certficate name'
)
enrollment_record[
'attestation'] = _get_updated_attestation_with_x509_signing_cert(
enrollment_record['attestation'], certificate_path,
secondary_certificate_path, remove_certificate,
remove_secondary_certificate)
if root_ca_name or secondary_root_ca_name:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Please provide either certificate path or certficate name'
)
enrollment_record[
'attestation'] = _get_updated_attestation_with_x509_ca_cert(
enrollment_record['attestation'], root_ca_name,
secondary_root_ca_name, remove_certificate,
remove_secondary_certificate)
if iot_hub_host_name:
enrollment_record['iotHubHostName'] = iot_hub_host_name
if provisioning_status:
enrollment_record['provisioningStatus'] = provisioning_status
enrollment_record['initialTwin'] = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties)
return m_sdk.device_enrollment_group.create_or_update(
enrollment_id, enrollment_record, etag)
except errors.ErrorDetailsException as e:
raise CLIError(e)
def iot_dps_device_enrollment_update(client,
enrollment_id,
dps_name,
resource_group_name,
etag=None,
endorsement_key=None,
certificate_path=None,
secondary_certificate_path=None,
remove_certificate=None,
remove_secondary_certificate=None,
device_id=None,
iot_hub_host_name=None,
initial_twin_tags=None,
initial_twin_properties=None,
provisioning_status=None):
target = get_iot_dps_connection_string(client, dps_name,
resource_group_name)
try:
m_sdk, errors = _bind_sdk(target, SdkType.dps_sdk)
enrollment_record = m_sdk.device_enrollment.get(enrollment_id)
# Verify etag
if etag and 'etag' in enrollment_record and etag != enrollment_record[
'etag'].replace('"', ''):
raise LookupError("enrollment etag doesn't match.")
if not etag:
etag = enrollment_record['etag'].replace('"', '')
# Verify and update attestation information
attestation_type = enrollment_record['attestation']['type']
if attestation_type == AttestationType.tpm.value:
if certificate_path or secondary_certificate_path:
raise CLIError(
'Cannot update certificate while enrollment is using tpm attestation mechanism'
)
if remove_certificate or remove_secondary_certificate:
raise CLIError(
'Cannot remove certificate while enrollment is using tpm attestation mechanism'
)
if endorsement_key:
enrollment_record['attestation']['tpm'][
'endorsement_key'] = endorsement_key
else:
if endorsement_key:
raise CLIError(
'Cannot update endorsement key while enrollment is using x509 attestation mechanism'
)
enrollment_record[
'attestation'] = _get_updated_attestation_with_x509_client_cert(
enrollment_record['attestation'], certificate_path,
secondary_certificate_path, remove_certificate,
remove_secondary_certificate)
# Update enrollment information
if iot_hub_host_name:
enrollment_record['iotHubHostName'] = iot_hub_host_name
if device_id:
enrollment_record['deviceId'] = device_id
if provisioning_status:
enrollment_record['provisioningStatus'] = provisioning_status
enrollment_record['registrationState'] = None
enrollment_record['initialTwin'] = _get_updated_inital_twin(
enrollment_record, initial_twin_tags, initial_twin_properties)
return m_sdk.device_enrollment.create_or_update(
enrollment_id, enrollment_record, etag)
except errors.ErrorDetailsException as e:
raise CLIError(e)
