Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(iot): Add ability to set user device certificate #859

Merged
merged 8 commits into from
Sep 15, 2021
Merged

feat(iot): Add ability to set user device certificate #859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
faa2cb5
feat(iot): add ability to set user device certificate
Jul 15, 2021
0709c4f
test(iot): add test for user device certificate
Sep 13, 2021
63ba7c8
test(iot): use unique resource names in tests to prevent conflict bet…
Sep 13, 2021
529727e
test(iot): update cassettes for iot-device-minimal
Jul 19, 2021
b590be1
chore: add a SECURITY.md (#872)
remyleone Sep 14, 2021
e5da8c3
feat(domain): add record resource (#854)
jerjako Sep 14, 2021
5f42a09
doc: fix default runtime on k8s_pool (#873)
jtherin Sep 15, 2021
182d500
Merge branch 'master' into iot-setdevcrt
Sep 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 25 additions & 2 deletions docs/resources/iot_device.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,27 @@ resource scaleway_iot_device main {
}
```

### With custom certificate

```hcl
resource scaleway_iot_hub main {
name = "test-iot"
product_plan = "plan_shared"
}

data local_file device_cert {
filename = "device-certificate.pem"
}

resource scaleway_iot_device main {
hub_id = scaleway_iot_hub.main.id
name = "test-iot"
certificate {
crt = data.local_file.device_cert.content
}
}
```

## Arguments Reference

The following arguments are supported:
Expand Down Expand Up @@ -55,6 +76,9 @@ The following arguments are supported:
- `policy` (Optional) Same as publish rules.
- `topics` (Optional) Same as publish rules.

- `certificate.crt` - (Optional) The certificate of the device, either generated by Scaleway or provided.

~> **Important:** Updates to `certificate.crt` will disconnect connected devices and the previous certificate will be deleted and won't be recoverable.

## Attributes Reference

Expand All @@ -64,8 +88,7 @@ In addition to all arguments above, the following attributes are exported:
- `created_at` - The date and time the device was created.
- `updated_at` - The date and time the device resource was updated.
- `certificate` - The certificate bundle of the device.
- `crt` - The certificate of the device.
- `key` - The private key of the device.
- `key` - The private key of the device, in case it is generated by Scaleway.
- `status` - The current status of the device.
- `last_activity_at` - The last MQTT activity of the device.
- `is_connected` - The current connection status of the device.
Expand Down
92 changes: 72 additions & 20 deletions scaleway/resource_iot_device.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,7 @@ func resourceScalewayIotDevice() *schema.Resource {
},
},
},
// Computed elements
"region": regionSchema(),
"created_at": {
Type: schema.TypeString,
Computed: true,
Description: "The date and time of the creation of the device",
},
"updated_at": {
Type: schema.TypeString,
Computed: true,
Description: "The date and time of the last update of the device",
},
// Provided or computed elements
"certificate": {
Type: schema.TypeList,
MaxItems: 1,
Expand All @@ -141,18 +130,32 @@ func resourceScalewayIotDevice() *schema.Resource {
Schema: map[string]*schema.Schema{
"crt": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Sensitive: true,
Description: "X509 PEM encoded certificate of the device",
},
"key": {
Type: schema.TypeString,
Computed: true,
Description: "X509 PEM encoded key of the device",
Sensitive: true,
Description: "X509 PEM encoded key of the device",
},
},
},
},
// Computed elements
"region": regionSchema(),
"created_at": {
Type: schema.TypeString,
Computed: true,
Description: "The date and time of the creation of the device",
},
"updated_at": {
Type: schema.TypeString,
Computed: true,
Description: "The date and time of the last update of the device",
},
"status": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -242,12 +245,26 @@ func resourceScalewayIotDeviceCreate(ctx context.Context, d *schema.ResourceData

d.SetId(newRegionalIDString(region, res.Device.ID))

// Certificate and Key cannot be retreived later
cert := map[string]interface{}{
"crt": res.Certificate.Crt,
"key": res.Certificate.Key,
// If user certifcate is provided.
if devCrt, ok := d.GetOk("certificate.0.crt"); ok {
// Set user certificate to device.
// It cannot currently be added in the create device request.
_, err := iotAPI.SetDeviceCertificate(&iot.SetDeviceCertificateRequest{
Region: region,
DeviceID: res.Device.ID,
CertificatePem: devCrt.(string),
}, scw.WithContext(ctx))
if err != nil {
return diag.FromErr(err)
}
} else {
// Update certificate and key as they cannot be retreived later.
cert := map[string]interface{}{
"crt": res.Certificate.Crt,
"key": res.Certificate.Key,
}
_ = d.Set("certificate", []map[string]interface{}{cert})
}
_ = d.Set("certificate", []map[string]interface{}{cert})

return resourceScalewayIotDeviceRead(ctx, d, meta)
}
Expand Down Expand Up @@ -319,11 +336,32 @@ func resourceScalewayIotDeviceRead(ctx context.Context, d *schema.ResourceData,
_ = d.Set("message_filters", []map[string]interface{}{mf})
}

////
// Read Device certificate
////

// As we cannot read the key, we get back it from cache and do not change it.
if devCrtKey, ok := d.GetOk("certificate.0.key"); ok {
devCrt, err := iotAPI.GetDeviceCertificate(&iot.GetDeviceCertificateRequest{
Region: region,
DeviceID: deviceID,
}, scw.WithContext(ctx))
if err != nil {
return diag.FromErr(err)
}
// Set device certificate.
cert := map[string]interface{}{
"crt": devCrt.CertificatePem,
"key": devCrtKey.(string),
}
_ = d.Set("certificate", []map[string]interface{}{cert})
}

return nil
}

func resourceScalewayIotDeviceUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
iotAPI, region, hubID, err := iotAPIWithRegionAndID(meta, d.Id())
iotAPI, region, deviceID, err := iotAPIWithRegionAndID(meta, d.Id())
if err != nil {
return diag.FromErr(err)
}
Expand All @@ -333,7 +371,7 @@ func resourceScalewayIotDeviceUpdate(ctx context.Context, d *schema.ResourceData
////
updateRequest := &iot.UpdateDeviceRequest{
Region: region,
DeviceID: hubID,
DeviceID: deviceID,
}

if d.HasChange("allow_insecure") {
Expand Down Expand Up @@ -387,6 +425,20 @@ func resourceScalewayIotDeviceUpdate(ctx context.Context, d *schema.ResourceData
return diag.FromErr(err)
}

////
// Set the device certificate if changed
////
if d.HasChange("certificate.0.crt") {
_, err := iotAPI.SetDeviceCertificate(&iot.SetDeviceCertificateRequest{
Region: region,
DeviceID: deviceID,
CertificatePem: d.Get("certificate.0.crt").(string),
}, scw.WithContext(ctx))
if err != nil {
return diag.FromErr(err)
}
}

return resourceScalewayIotDeviceRead(ctx, d, meta)
}

Expand Down
Loading