Fleet provisioning (#113)

* Fleet provisioning

Co-authored-by: Justin Boswell <boswej@amazon.com>

Author: zayeshaataws

CMakeLists.txt

@@ -57,8 +57,10 @@ endif()
 add_subdirectory(jobs)
 add_subdirectory(shadow)
 add_subdirectory(discovery)
+add_subdirectory(identity)
 
 if (BUILD_SAMPLES)
+    add_subdirectory(samples/identity/fleet_provisioning)
     add_subdirectory(samples/mqtt/basic_pub_sub)
     add_subdirectory(samples/mqtt/raw_pub_sub)
     add_subdirectory(samples/jobs/describe_job_execution)

README.md

@@ -30,22 +30,97 @@ is provided by code that been generated from a model of the service.
 ## Build from source
 ### Automatically Build and Install AWS Dependencies
 ```
+mkdir sdk-cpp-workspace
+cd sdk-cpp-workspace
 git clone --recursive https://github.com/aws/aws-iot-device-sdk-cpp-v2.git
 mkdir aws-iot-device-sdk-cpp-v2-build
 cd aws-iot-device-sdk-cpp-v2-build
-cmake -DCMAKE_INSTALL_PREFIX="<path to where you install>"  -DBUILD_DEPS=ON ../aws-iot-device-sdk-cpp-v2
+cmake -DCMAKE_INSTALL_PREFIX="<absolute path sdk-cpp-workspace dir>"  -DBUILD_DEPS=ON ../aws-iot-device-sdk-cpp-v2
 cmake --build . --target install
 ```
 ### Using a Pre-Built aws-crt-cpp (Most useful for development of this package)
 
 ```
 mkdir aws-iot-device-sdk-cpp-v2-build
 cd aws-iot-device-sdk-cpp-v2-build
-cmake -DCMAKE_INSTALL_PREFIX="<path to where you install>"  -DCMAKE_PREFIX_PATH="<path to where you install>" -DBUILD_DEPS=OFF ../aws-iot-device-sdk-cpp-v2
+cmake -DCMAKE_INSTALL_PREFIX="<absolute path sdk-cpp-workspace dir>"  -DCMAKE_PREFIX_PATH="<absolute path sdk-cpp-workspace dir>" -DBUILD_DEPS=OFF ../aws-iot-device-sdk-cpp-v2
 cmake --build . --target install
 ```
 # Samples
 
+## fleet provisioning
+
+This sample uses the AWS IoT
+[Fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html)
+to provision devices using either a CSR or KeysAndcertificate and subsequently calls RegisterThing.
+
+On startup, the script subscribes to topics based on the request type of either CSR or Keys topics,
+publishes the request to corresponding topic and calls RegisterThing.
+
+Source: `samples/identity/fleet_provisioning`
+
+cd ~/aws-iot-device-sdk-cpp-v2-build/samples/identity/fleet_provisioning
+
+Run the sample like this to provision using CreateKeysAndCertificate:
+ 
+```
+./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA> 
+--cert <path to the certificate> --key <path to the private key> 
+--template_name <template name> --template_parameters <template parameters json>
+```
+
+Run the sample like this to provision using Csr:
+ 
+```
+./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA> 
+--cert <path to the certificate> --key <path to the private key> 
+--template_name <template name> --template_parameters <template parameters json> --csr <path to the CSR in PEM format>
+```
+
+Your Thing's
+[Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html)
+must provide privileges for this sample to connect, subscribe, publish,
+and receive.
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Publish"
+      ],
+      "Resource": [
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Receive",
+        "iot:Subscribe"
+      ],
+      "Resource": [
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json/accepted",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json/rejected",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json/accepted",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json/rejected",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json/accepted",
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json/rejected"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "iot:Connect",
+      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/samples-client-id"
+    }
+  ]
+}
+```
+
 ## Basic MQTT Pub-Sub
 
 This sample uses the

identity/CMakeLists.txt

@@ -0,0 +1,118 @@
+cmake_minimum_required(VERSION 3.1)
+project(IotIdentity-cpp CXX)
+
+set(RUNTIME_DIRECTORY bin)
+
+if (UNIX AND NOT APPLE)
+    include(GNUInstallDirs)
+elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
+    set(CMAKE_INSTALL_LIBDIR "lib")
+
+    if (${CMAKE_INSTALL_LIBDIR} STREQUAL "lib64")
+        set(FIND_LIBRARY_USE_LIB64_PATHS true)
+    endif()
+endif()
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_PREFIX_PATH}/${CMAKE_INSTALL_LIBDIR}/cmake")
+
+if (NOT CMAKE_CXX_STANDARD)
+    set(CMAKE_CXX_STANDARD 11)
+endif()
+
+file(GLOB AWS_IOTIDENTITY_HEADERS
+        "include/aws/iotidentity/*.h"
+)
+
+file(GLOB AWS_IOTIDENTITY_SRC
+       "source/*.cpp"
+)
+
+file(GLOB AWS_IOTIDENTITY_CPP_SRC
+        ${AWS_IOTIDENTITY_SRC}
+)
+
+if (WIN32)
+    if (MSVC)
+        source_group("Header Files\\aws\\iotidentity\\" FILES ${AWS_IOTIDENTITY_HEADERS})
+
+        source_group("Source Files" FILES ${AWS_IOTIDENTITY_SRC})
+    endif ()
+endif()
+
+add_library(IotIdentity-cpp ${AWS_IOTIDENTITY_CPP_SRC})
+
+set_target_properties(IotIdentity-cpp PROPERTIES LINKER_LANGUAGE CXX)
+
+set(CMAKE_C_FLAGS_DEBUGOPT "")
+
+#set warnings
+if (MSVC)
+    target_compile_options(IotIdentity-cpp PRIVATE /W4 /WX)
+else ()
+    target_compile_options(IotIdentity-cpp PRIVATE -Wall -Wno-long-long -pedantic -Werror)
+endif ()
+
+if (CMAKE_BUILD_TYPE STREQUAL "" OR CMAKE_BUILD_TYPE MATCHES Debug)
+    target_compile_definitions(IotIdentity-cpp PRIVATE "-DDEBUG_BUILD")
+endif ()
+
+if (BUILD_SHARED_LIBS)
+    target_compile_definitions(IotIdentity-cpp PUBLIC "-DAWS_IOTIDENTITY_USE_IMPORT_EXPORT")
+    target_compile_definitions(IotIdentity-cpp PRIVATE "-DAWS_IOTIDENTITY_EXPORTS")
+
+    install(TARGETS IotIdentity-cpp
+            EXPORT IotIdentity-cpp-targets
+            ARCHIVE
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            COMPONENT Development
+            LIBRARY
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            NAMELINK_SKIP
+            COMPONENT Runtime
+            RUNTIME
+            DESTINATION ${RUNTIME_DIRECTORY}
+            COMPONENT Runtime)
+
+    install(TARGETS IotIdentity-cpp
+            EXPORT IotIdentity-cpp-targets
+            LIBRARY
+            DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            NAMELINK_ONLY
+            COMPONENT Development)
+else()
+    install(TARGETS IotIdentity-cpp
+            EXPORT IotIdentity-cpp-targets
+            ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            COMPONENT Development)
+endif()
+
+target_include_directories(IotIdentity-cpp PUBLIC
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+        $<INSTALL_INTERFACE:include>)
+
+if (NOT IS_SUBDIRECTORY_INCLUDE)
+    aws_use_package(aws-crt-cpp)
+endif()
+
+target_link_libraries(IotIdentity-cpp ${DEP_AWS_LIBS})
+
+install(FILES ${AWS_IOTIDENTITY_HEADERS} DESTINATION "include/aws/iotidentity/" COMPONENT Development)
+
+if (BUILD_SHARED_LIBS)
+    set(TARGET_DIR "shared")
+else()
+    set(TARGET_DIR "static")
+endif()
+
+install(EXPORT "IotIdentity-cpp-targets"
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/IotIdentity-cpp/cmake/${TARGET_DIR}"
+        NAMESPACE AWS::
+        COMPONENT Development)
+
+configure_file("cmake/IotIdentity-cpp-config.cmake"
+        "${CMAKE_CURRENT_BINARY_DIR}/IotIdentity-cpp-config.cmake"
+        @ONLY)
+
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/IotIdentity-cpp-config.cmake"
+        DESTINATION "lib/IotIdentity-cpp/cmake/"
+        COMPONENT Development)

identity/cmake/IotIdentity-cpp-config.cmake

@@ -0,0 +1,9 @@
+include(CMakeFindDependencyMacro)
+
+find_dependency(aws-crt-cpp)
+
+if (BUILD_SHARED_LIBS)
+   include(${CMAKE_CURRENT_LIST_DIR}/shared/@PROJECT_NAME@-targets.cmake)
+else()
+   include(${CMAKE_CURRENT_LIST_DIR}/static/@PROJECT_NAME@-targets.cmake)
+endif()

identity/include/aws/iotidentity/CreateCertificateFromCsrRequest.h

@@ -0,0 +1,44 @@
+#pragma once
+/* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+
+* This file is generated
+*/
+
+#include <aws/iotidentity/Exports.h>
+
+#include <aws/crt/JsonObject.h>
+#include <aws/crt/StlAllocator.h>
+
+namespace Aws
+{
+    namespace Iotidentity
+    {
+
+        class AWS_IOTIDENTITY_API CreateCertificateFromCsrRequest final
+        {
+          public:
+            CreateCertificateFromCsrRequest() = default;
+
+            CreateCertificateFromCsrRequest(const Crt::JsonView &doc);
+            CreateCertificateFromCsrRequest &operator=(const Crt::JsonView &doc);
+
+            void SerializeToObject(Crt::JsonObject &doc) const;
+
+            Aws::Crt::Optional<Aws::Crt::String> CertificateSigningRequest;
+
+          private:
+            static void LoadFromObject(CreateCertificateFromCsrRequest &obj, const Crt::JsonView &doc);
+        };
+    } // namespace Iotidentity
+} // namespace Aws

identity/include/aws/iotidentity/CreateCertificateFromCsrResponse.h

@@ -0,0 +1,46 @@
+#pragma once
+/* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+
+* This file is generated
+*/
+
+#include <aws/iotidentity/Exports.h>
+
+#include <aws/crt/JsonObject.h>
+#include <aws/crt/StlAllocator.h>
+
+namespace Aws
+{
+    namespace Iotidentity
+    {
+
+        class AWS_IOTIDENTITY_API CreateCertificateFromCsrResponse final
+        {
+          public:
+            CreateCertificateFromCsrResponse() = default;
+
+            CreateCertificateFromCsrResponse(const Crt::JsonView &doc);
+            CreateCertificateFromCsrResponse &operator=(const Crt::JsonView &doc);
+
+            void SerializeToObject(Crt::JsonObject &doc) const;
+
+            Aws::Crt::Optional<Aws::Crt::String> CertificateId;
+            Aws::Crt::Optional<Aws::Crt::String> CertificateOwnershipToken;
+            Aws::Crt::Optional<Aws::Crt::String> CertificatePem;
+
+          private:
+            static void LoadFromObject(CreateCertificateFromCsrResponse &obj, const Crt::JsonView &doc);
+        };
+    } // namespace Iotidentity
+} // namespace Aws

identity/include/aws/iotidentity/CreateCertificateFromCsrSubscriptionRequest.h

@@ -0,0 +1,42 @@
+#pragma once
+/* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*
+* Licensed under the Apache License, Version 2.0 (the "License").
+* You may not use this file except in compliance with the License.
+* A copy of the License is located at
+*
+*  http://aws.amazon.com/apache2.0
+*
+* or in the "license" file accompanying this file. This file is distributed
+* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+* express or implied. See the License for the specific language governing
+* permissions and limitations under the License.
+
+* This file is generated
+*/
+
+#include <aws/iotidentity/Exports.h>
+
+#include <aws/crt/JsonObject.h>
+#include <aws/crt/StlAllocator.h>
+
+namespace Aws
+{
+    namespace Iotidentity
+    {
+
+        class AWS_IOTIDENTITY_API CreateCertificateFromCsrSubscriptionRequest final
+        {
+          public:
+            CreateCertificateFromCsrSubscriptionRequest() = default;
+
+            CreateCertificateFromCsrSubscriptionRequest(const Crt::JsonView &doc);
+            CreateCertificateFromCsrSubscriptionRequest &operator=(const Crt::JsonView &doc);
+
+            void SerializeToObject(Crt::JsonObject &doc) const;
+
+          private:
+            static void LoadFromObject(CreateCertificateFromCsrSubscriptionRequest &obj, const Crt::JsonView &doc);
+        };
+    } // namespace Iotidentity
+} // namespace Aws