Class: DeviceEnableCmd
Overview
Constant Summary
MrMurano::Verbose::TABULARIZE_DATA_FORMAT_ERROR
Instance Method Summary
collapse
ask_yes_no, #ask_yes_no, #assert, assert, cmd_confirm_delete!, #cmd_confirm_delete!, debug, #debug, dump_file_json, dump_file_plain, dump_file_yaml, #dump_output_file, #error, error, #error_file_format!, fancy_ticks, #fancy_ticks, #load_file_json, #load_file_plain, #load_file_yaml, #load_input_file, outf, #outf, #outformat_engine, #pluralize?, pluralize?, #prepare_hash_csv, #read_hashf!, #tabularize, tabularize, verbose, #verbose, warning, #warning, #whirly_interject, whirly_interject, #whirly_linger, whirly_linger, #whirly_msg, whirly_msg, #whirly_pause, whirly_pause, #whirly_start, whirly_start, #whirly_stop, whirly_stop, #whirly_unpause, whirly_unpause
Instance Method Details
#command_init(cmd) ⇒ Object
189
190
191
192
193
|
# File 'lib/MrMurano/commands/devices.rb', line 189
def command_init(cmd)
configure_command_meta(cmd)
configure_command_options(cmd)
configure_command_action(cmd)
end
|
262
263
264
265
266
267
268
269
270
271
|
# File 'lib/MrMurano/commands/devices.rb', line 262
def configure_command_action(cmd)
cmd.action do |args, options|
cmd.verify_arg_count!(args, 1)
must_specify_device_id_or_file!(args, options)
must_specify_auth_or_cred_maybe!(options)
must_specify_sane_expire!(options)
must_specify_valid_auth!(options)
enable_device(args, options)
end
end
|
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
# File 'lib/MrMurano/commands/devices.rb', line 195
def configure_command_meta(cmd)
cmd.syntax = %(murano device enable (<identifier>|--file <path>) [--options])
cmd.summary = %(Enable Identifiers in Murano for real world devices)
cmd.description = %(
Enable one or more Identities to create Devices, a/k/a digital twins, in Murano.
).strip
cmd.example %(
Use a certificate request to enable a new device identity
# and obtain a TLS Client Certificate for the device to use
# to communicate with Murano.
#
# SETUP: Use the web UI to configure your Product's Public Key
# Infrastructure.
#
# Navigate to the Product Settings page, e.g.,
#
# http://localhost:4000/business/<business.id>/connectivity/<product.id>/settings
#
# Select "Enable PKI", and fill in the fields.†
#
# [†: The process of signing up with a certificate provider,
# obtaining an API key, and gererating a Client CA certificate
# is beyond the scope of this help documentation.]
#
# USAGE: You may now enable a device identify and receive a certificate.
#
# First, generate a certificate request.
#
# The following is an example of how one might use openssl to make a CSR:
#
# openssl genrsa -out rootCA.key 2048
#
# openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
# # 1. Be sure to set the Organization Name as the same name used to the
# # Client CA Certificate.
# # 2. Set the Common Name to the name of the device identity you want to enable.
#
# openssl req -x509 -nodes -days 365 -sha256 \\
# -subj /C=/ST=/L=/O=<ORGANIZATION_NAME>/CN=<COMMON_NAME> \\
# -newkey rsa:2048 -keyout deviceIdent-key.pem
# # Be sure to set ORGANIZATION_NAME and COMMON_NAME appropriately.
#
# openssl req -new -key deviceIdent-key.pem -out deviceIdent.csr \\
# -subj "/C=/ST=/L=/O=<ORGANIZATION_NAME>/CN=<COMMON_NAME>"
# # Be sure to set ORGANIZATION_NAME and COMMON_NAME appropriately.
#
# Next, enable the device and copy the certificate.
).lstrip, 'device_cert=$(murano device enable 12345 --expire 1 --auth csr --csr path/to/deviceIdent.csr)'
end
|
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
# File 'lib/MrMurano/commands/devices.rb', line 245
def configure_command_options(cmd)
cmd.option '-e', '--expire HOURS', %(
Devices that do not activate within HOURS hours will be deleted for security purposes
).strip
cmd.option '-f', '--file FILE', %(A file of serial numbers, one per line)
allowed_types = MrMurano::Gateway::Device::DEVICE_AUTH_TYPES.map(&:to_s).sort
cmd.option '--auth TYPE', %(
Type of credential used to authenticate [#{allowed_types.join('|')}]
).strip
cmd.option '--cred KEY', %(
The credential used to authenticate, e.g., token, password, etc.
).strip
cmd.option '--key FILE', %(Path to file containing public TLS key for this device)
cmd.option '--csr FILE', %(Path to CSR file containing certificate request)
end
|
#enable_device(args, options) ⇒ Object
336
337
338
339
340
341
342
343
344
345
346
347
|
# File 'lib/MrMurano/commands/devices.rb', line 336
def enable_device(args, options)
prd = MrMurano::Gateway::Device.new
if !options.file.to_s.empty?
enable_device_batch(prd, options)
elsif args.count > 0
result = enable_device_single(prd, args[0], options)
process_enable_single_result(result, options)
else
raise 'Impossible'
end
end
|
#enable_device_batch(prd, options) ⇒ Object
349
350
351
352
353
|
# File 'lib/MrMurano/commands/devices.rb', line 349
def enable_device_batch(prd, options)
= (options)
(, options)
prd.enable_batch(options.file, options.expire)
end
|
#enable_device_single(prd, device_id, options) ⇒ Object
377
378
379
380
381
382
383
|
# File 'lib/MrMurano/commands/devices.rb', line 377
def enable_device_single(prd, device_id, options)
enable_opts = {}
enable_opts[:expire] = options.expire unless options.expire.nil?
enable_opts[:type] = options.auth unless options.auth.nil?
enable_device_slurp_key(options, enable_opts)
prd.enable(device_id, **enable_opts)
end
|
#enable_device_slurp_key(options, enable_opts) ⇒ Object
385
386
387
388
389
390
391
392
393
|
# File 'lib/MrMurano/commands/devices.rb', line 385
def enable_device_slurp_key(options, enable_opts)
if options.key
enable_device_slurp_key_read_file(options.key, enable_opts)
elsif options.csr
enable_device_slurp_key_read_file(options.csr, enable_opts)
elsif !options.cred.nil?
enable_opts[:key] = options.cred
end
end
|
#enable_device_slurp_key_read_file(key_file_path, enable_opts) ⇒ Object
395
396
397
398
399
|
# File 'lib/MrMurano/commands/devices.rb', line 395
def enable_device_slurp_key_read_file(key_file_path, enable_opts)
File.open(key_file_path, 'rb') do |io|
enable_opts[:key] = io.read
end
end
|
355
356
357
358
359
360
361
362
|
# File 'lib/MrMurano/commands/devices.rb', line 355
def (options)
File.new(options.file).gets
rescue Errno::ENOENT => err
fancy_file = fancy_ticks(options.file)
error %(Unable to open file #{fancy_file}: #{err.message})
exit 2
end
|
#must_specify_auth_or_cred_maybe!(options) ⇒ Object
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
# File 'lib/MrMurano/commands/devices.rb', line 283
def must_specify_auth_or_cred_maybe!(options)
if (
!options.file.nil? &&
(!options.key.nil? || !options.auth.nil? || !options.cred.nil?)
)
error %(Cannot use --file with any of: --key, --auth, or --cred)
exit 1
end
credish_opts = [options.cred, options.key, options.csr]
n_credish_opts = credish_opts.count { |opt| !opt.nil? }
if n_credish_opts > 1
error %(Please use only one of: --cred, --key, or --csr)
exit 1
end
if options.auth && n_credish_opts.zero?
error %(When using --auth, please specify one of: --cred, -key, or --csr)
exit 1
end
options.auth = options.auth.to_sym unless options.auth.nil?
return if options.key.nil?
if !options.auth.nil? && !i[certificate csr].include?(options.auth)
warning %(You probably mean to use "--auth certificate" with --key)
end
return if options.csr.nil? || options.auth == :csr
warning %(The --csr option is only relevant when used with "--auth csr")
end
|
#must_specify_device_id_or_file!(args, options) ⇒ Object
273
274
275
276
277
278
279
280
281
|
# File 'lib/MrMurano/commands/devices.rb', line 273
def must_specify_device_id_or_file!(args, options)
if args.count.zero? && options.file.to_s.empty?
error 'Missing device identifier or --file'
exit 1
elsif !args.count.zero? && !options.file.to_s.empty?
error 'Please specify an identifier or --file but not both'
exit 1
end
end
|
#must_specify_sane_expire!(options) ⇒ Object
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
|
# File 'lib/MrMurano/commands/devices.rb', line 310
def must_specify_sane_expire!(options)
return if options.expire.nil?
unless options.expire =~ /^[0-9]+$/
fancy_expire = fancy_ticks(options.expire)
error %(
The --expire value is not a number of hours: #{fancy_expire}
).strip
exit 1
end
micros_since_epoch = (Time.now.to_f * 1_000_000).to_i
mircos_until_purge = options.expire.to_i * 60 * 60 * 1000 * 1000
options.expire = micros_since_epoch + mircos_until_purge
end
|
#must_specify_valid_auth!(options) ⇒ Object
328
329
330
331
332
333
334
|
# File 'lib/MrMurano/commands/devices.rb', line 328
def must_specify_valid_auth!(options)
return if options.auth.nil?
options.auth = options.auth.to_sym
return if MrMurano::Gateway::Device::DEVICE_AUTH_TYPES.include?(options.auth)
MrMurano::Verbose.error("unrecognized --auth: #{options.auth}")
exit 1
end
|
364
365
366
367
368
369
370
371
372
373
374
375
|
# File 'lib/MrMurano/commands/devices.rb', line 364
def (, options)
if .nil?
error 'Nothing in file!'
exit 1
end
return if =~ /\s*ID\s*(,SSL Client Certificate\s*)?/
error %(Missing column headers in file "#{options.file}")
error %(
First line in file should be either "ID" or "ID, SSL Client Certificate"
).strip
exit 2
end
|
#process_enable_single_result(result, options) ⇒ Object
401
402
403
404
405
406
407
408
409
410
|
# File 'lib/MrMurano/commands/devices.rb', line 401
def process_enable_single_result(result, options)
return unless options.auth == :csr
if result.to_s.empty?
warning %(Unexpected: Response missing new device identity certificate)
elsif !result.is_a?(Hash) || !result.key?(:certificate)
warning %(Unexpected: Unrecognized result format: #{result})
else
puts result[:certificate]
end
end
|