Skip to content

Extend generate-sas-token to take a device connection string #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
nanowireUK wants to merge 1 commit into from
Closed

Extend generate-sas-token to take a device connection string #319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions azext_iot/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,12 @@ def load_arguments(self, _):
context.argument(
"module_id", options_list=["--module-id", "-m"], help="Target Module."
)
context.argument(
"device_connection_string",
options_list=["--device-connection-string", "--dcs"],
help="Target device connection string."
"This bypasses the IoT Hub registry and generates the SAS token directly from the supplied symmetric key without further validation."
)
context.argument(
"key_type",
options_list=["--key-type", "--kt"],
Expand Down
6 changes: 4 additions & 2 deletions azext_iot/_validators.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,14 @@ def mode2_iot_login_handler(cmd, namespace):
iot_cmd_type = None
entity_value = None

if 'hub_name' in args:
if 'device_connection_string' in args:
entity_value = 'NA'
elif 'hub_name' in args:
iot_cmd_type = 'IoT Hub'
entity_value = args['hub_name']
elif 'dps_name' in args:
iot_cmd_type = 'DPS'
entity_value = args['dps_name']
entity_value = args['dps_name']
Copy link
Member

@digimaun digimaun Mar 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's remove the extra spaces.


if not any([login_value, entity_value]):
raise CLIError(error_no_hub_or_login_on_input(iot_cmd_type))
23 changes: 20 additions & 3 deletions azext_iot/operations/hub.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1611,6 +1611,7 @@ def iot_get_sas_token(
cmd,
hub_name=None,
device_id=None,
device_connection_string=None,
Copy link
Member

@digimaun digimaun Mar 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of supporting an offline mode just for device connection strings, I'm thinking it would be valuable to support either hub, device or module offline SAS token generation via generic connection_string corresponding to a new --connection-string argument on this command.

Copy link
Author

@nanowireUK nanowireUK Mar 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@digimaun absolutely agree. This just happened to cover my use case for IoT Central but agree that there's no reason to restrict to only device connection strings

policy_name="iothubowner",
key_type="primary",
duration=3600,
Expand Down Expand Up @@ -1639,6 +1640,7 @@ def iot_get_sas_token(
cmd,
hub_name,
device_id,
device_connection_string,
module_id,
policy_name,
key_type,
Expand All @@ -1653,6 +1655,7 @@ def _iot_build_sas_token(
cmd,
hub_name=None,
device_id=None,
device_connection_string=None,
module_id=None,
policy_name="iothubowner",
key_type="primary",
Expand All @@ -1665,16 +1668,30 @@ def _iot_build_sas_token(
parse_iot_device_module_connection_string,
)

uri = None
policy = None
key = None

if device_connection_string:
Copy link
Member

@digimaun digimaun Mar 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets add tests to exercise the scenario

Copy link
Author

@nanowireUK nanowireUK Mar 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've noticed it creates a bunch of regression issues in my az iot cli which I need to look at before I go further with it

try:
parsed_device_cs = parse_iot_device_connection_string(device_connection_string)
except ValueError as e:
logger.debug(e)
raise CLIError("This device does not support SAS auth.")

uri = "{}/devices/{}".format(parsed_device_cs["HostName"], parsed_device_cs["DeviceId"])
key = parsed_device_cs["SharedAccessKey"]

return SasTokenAuthentication(uri, policy, key, duration)

discovery = IotHubDiscovery(cmd)
target = discovery.get_target(
hub_name=hub_name,
resource_group_name=resource_group_name,
policy_name=policy_name,
login=login,
)
uri = None
policy = None
key = None

if device_id:
logger.info(
'Obtaining device "%s" details from registry, using IoT Hub policy "%s"',
Expand Down