Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connection methods #655

Merged
merged 39 commits into from
Dec 8, 2023
Merged

Connection methods #655

Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
82c6f06
Connection methods code snippets
alfred2g Nov 16, 2023
54eaa36
remove empty lines
alfred2g Nov 16, 2023
c9256fe
Fix formatting
alfred2g Nov 22, 2023
8e6d7b2
Fix details sections
alfred2g Dec 3, 2023
08f9b0c
Fix pre section
alfred2g Dec 3, 2023
019401c
fix
alfred2g Dec 3, 2023
3a0cf3b
Fix
alfred2g Dec 3, 2023
bafe58e
Fix
alfred2g Dec 3, 2023
3f7520e
fix
alfred2g Dec 3, 2023
7115fbc
fix
alfred2g Dec 3, 2023
7d0d0b7
fix
alfred2g Dec 3, 2023
099fcc7
Fix
alfred2g Dec 3, 2023
39b6efe
Fix
alfred2g Dec 3, 2023
4bdb66a
Fix
alfred2g Dec 3, 2023
4c65765
Fix details sections
alfred2g Dec 4, 2023
6214f95
Fix samples
alfred2g Dec 4, 2023
bd01b4c
Fix readme text
alfred2g Dec 4, 2023
ff04527
clang format
alfred2g Dec 4, 2023
f6bf558
Remove username password from auth
alfred2g Dec 5, 2023
55f60c6
add options to commands
alfred2g Dec 5, 2023
2fea746
Fix comments
alfred2g Dec 5, 2023
fa78359
Fix indent
alfred2g Dec 5, 2023
946a0db
fix
alfred2g Dec 5, 2023
d06d7a2
Fix
alfred2g Dec 5, 2023
b64ec27
fix rendering
alfred2g Dec 8, 2023
1762e0f
fix md rendering
alfred2g Dec 8, 2023
ebaf878
fix md render
alfred2g Dec 8, 2023
51a2fa5
Fix md render
alfred2g Dec 8, 2023
8aefdf2
markdown test
alfred2g Dec 8, 2023
8a9294e
markdown
alfred2g Dec 8, 2023
d2a544f
markdown
alfred2g Dec 8, 2023
7d5650c
markdown
alfred2g Dec 8, 2023
3dca126
fix
alfred2g Dec 8, 2023
212c020
markdown
alfred2g Dec 8, 2023
6a578c3
markdown
alfred2g Dec 8, 2023
0146cfb
markdown
alfred2g Dec 8, 2023
c2c33a5
markdown
alfred2g Dec 8, 2023
feb45e1
markdown
alfred2g Dec 8, 2023
5f4b365
markdown
alfred2g Dec 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions samples/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
* [Mqtt5 Pub-Sub](./mqtt5/mqtt5_pubsub/README.md)
* [Mqtt5 Shared Subscription](./mqtt5/mqtt5_shared_subscription/README.md)
* [Websocket Connect](./mqtt/websocket_connect/README.md)
* [Websocket Connect/custom auth](./mqtt/websocket_connect/README_custom_auth.md)
* [Websocket Connect/username and password](./mqtt/websocket_connect/README_username_password.md)
* [Websocket Connect/proxy](./mqtt/websocket_connect/README_proxy.md)
* [Websocket Connect/static credentials](./mqtt/websocket_connect/README_static_credentials.md)
* [PKCS#11 Connect](./mqtt/pkcs11_connect/README.md)
* [PKCS#12 Connect](./mqtt/pkcs12_connect/README.md)
* [x509 Credentials Provider Connect](./mqtt/x509_credentials_provider_connect/README.md)
Expand Down
19 changes: 17 additions & 2 deletions samples/mqtt/websocket_connect/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,16 @@

[**Return to main sample list**](../../README.md)

This sample makes an MQTT connection via Websockets and then disconnects. On startup, the device connects to the server via Websockets and then disconnects right after. This sample is for reference on connecting via Websockets. This sample demonstrates the most straightforward way to connect via Websockets by querying the AWS credentials for the connection from the device's environment variables or local files.
This sample makes an MQTT connection via Websockets and then disconnects.
On startup, the device connects to the server via Websockets and then disconnects right after.
This sample is for reference on connecting via Websockets.
This sample demonstrates the most straightforward way to connect via Websockets by querying the AWS credentials for the connection from the device's environment variables or local files.

If you want to use custom auth (or static creds, or basic auth, etc) instead,
then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.

* [Websocket Connect/custom auth](./README_custom_auth.md)
* [Websocket Connect/static credentials](./README_static_credentials.md)

Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.

Expand Down Expand Up @@ -37,7 +46,13 @@ For this sample, using Websockets will attempt to fetch the AWS credentials to a

## How to run

To run the websocket connect use the following command:
To use a proxy server which is optional pass the following arguments

Optional parameters:
```
--proxy_host <str>
--proxy_port <int>
```

``` sh
./websocket-connect --endpoint <endpoint> --signing_region <signing region>
Expand Down
95 changes: 95 additions & 0 deletions samples/mqtt/websocket_connect/README_custom_auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# Websocket Connect with Custom Authentication

[**Return to main sample list**](../../README.md)

alfred2g marked this conversation as resolved.
Show resolved Hide resolved
This sample makes an MQTT connection and connects through a Custom Authorizer.
On startup, the device connects to the server and then disconnects.
This sample is for reference on connecting using a Custom Authorizer.
Using a Custom Authorizer allows you to perform your own authorization using an AWS Lambda function.
See Custom Authorizer for more information.
You will need to setup your Custom Authorizer so that the lambda function returns a policy document.
See this page on the documentation for more details and example return result.
alfred2g marked this conversation as resolved.
Show resolved Hide resolved
You can customize this lambda function as needed for your application to provide your own security measures based on the needs of your application.
Your IoT Core Thing's Policy must provide privileges for this sample to connect.
Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.

If you want to use simple or custom auth (or static creds, or basic auth, etc) instead,
then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.

Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.

<details>
<summary>(see sample policy)</summary>
<pre>
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
]
}
]
}
</pre>


Replace with the following with the data from your AWS account:
* `<region>`: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`.
* `<account>`: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website.

Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id <client ID here>` to send the client ID your policy supports.

For this sample, using Websockets will attempt to connect using custom auth.

</details>

<details>
alfred2g marked this conversation as resolved.
Show resolved Hide resolved
<summary> (code snipet to replace similar section)</summary>
alfred2g marked this conversation as resolved.
Show resolved Hide resolved
<pre language="c++"> <code>
void connection_setup(int argc, char *argv[], ApiHandle &apiHandle, Utils::cmdData &cmdData,
Aws::Iot::MqttClientConnectionConfigBuilder &clientConfigBuilder)
{
cmdData = Utils::parseSampleInputCustomAuthorizerConnect(argc, argv, &apiHandle);

// Create the MQTT builder and populate it with data from cmdData.
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig defaultConfig;
std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> provider =
Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderChainDefault(defaultConfig);
Aws::Iot::WebsocketConfig websocketConfig((cmdData.input_signingRegion), provider);

clientConfigBuilder = Aws::Iot::MqttClientConnectionConfigBuilder(websocketConfig);
clientConfigBuilder.WithEndpoint((cmdData.input_endpoint));
clientConfigBuilder.WithCustomAuthorizer(
(cmdData.input_customAuthUsername),
(cmdData.input_customAuthorizerName),
(cmdData.input_customAuthorizerSignature),
(cmdData.input_customAuthPassword),
(cmdData.input_customTokenKeyName),
(cmdData.input_customTokenValue));
}
</code></pre>
</details>

## How to run

Options for custom auth
```
--custom_auth_username <str>
--custom_auth_authorizer_name <str>
--custom_auth_authorizer_signature <str>
--custom_auth_password <str>
--custom_auth_token_name <str>
--custom_auth_token_value <str>
```

To run the websocket connect use the following command:

```
./websocket-connect --endpoint <endpoint> --signing_region <signing region> --custom_auth_username <str> --custom_auth_authorizer_name <str> --custom_auth_authorizer_signature <str> --custom_auth_password <str> --custom_auth_token_name <str> --custom_auth_token_value <str>
```

84 changes: 84 additions & 0 deletions samples/mqtt/websocket_connect/README_static_credentials.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# Websocket Connect with static credentials

[**Return to main sample list**](../../README.md)

This sample makes an MQTT connection via Websockets and then disconnects.
On startup, the device connects to the server via Websockets then disconnects right after.
This sample demonstrates connecting via static credentials.

If you want to use simple or custom auth (or static creds, or basic auth, etc) instead,
then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.

Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.

<details>
<summary>(see sample policy)</summary>
<pre>
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
]
}
]
}
</pre>

Replace with the following with the data from your AWS account:
* `<region>`: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`.
* `<account>`: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website.

Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id <client ID here>` to send the client ID your policy supports.

For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from static credentials.

</details>


<details>
<summary> (code snipet to replace similar section)</summary>
<pre language="c++"> <code>
alfred2g marked this conversation as resolved.
Show resolved Hide resolved
void connection_setup(int argc, char *argv[], ApiHandle &apiHandle, Utils::cmdData &cmdData,
Aws::Iot::MqttClientConnectionConfigBuilder &clientConfigBuilder)
{
cmdData = Utils::parseSampleInputWebsocketStaticCredentialsConnect(argc, argv, &apiHandle);

Aws::Crt::Auth::CredentialsProviderChainDefaultConfig defaultConfig;

std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> provider = nullptr;
Aws::Crt::Auth::CredentialsProviderStaticConfig providerConfig;

providerConfig.AccessKeyId = aws_byte_cursor_from_c_str((cmdData.input_accessKeyId.c_str()));
providerConfig.SecretAccessKey = aws_byte_cursor_from_c_str((cmdData.input_secretAccessKey.c_str()));
providerConfig.SessionToken = aws_byte_cursor_from_c_str((cmdData.input_sessionToken.c_str()));

provider = Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderStatic(providerConfig);
Aws::Iot::WebsocketConfig config(cmdData.input_signingRegion, provider);

clientConfigBuilder = Aws::Iot::MqttClientConnectionConfigBuilder(config);
clientConfigBuilder.WithEndpoint((cmdData.input_endpoint));
}
</code> </pre>
</details>

## How to run

Options for static credentials
```
--access_key_id <str>
--secret_access_key <str>
--session_token <str>
```

To run the websocket connect use the following command:

``` sh
./websocket-connect --endpoint <endpoint> --signing_region <signing region> --access_key_id <str> --secret_access_key <str> --session_token <str>
```

41 changes: 26 additions & 15 deletions samples/mqtt/websocket_connect/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,15 @@

using namespace Aws::Crt;

int main(int argc, char *argv[])
void connection_setup(
int argc,
char *argv[],
ApiHandle &apiHandle,
Utils::cmdData &cmdData,
Aws::Iot::MqttClientConnectionConfigBuilder &clientConfigBuilder)
{
/************************ Setup ****************************/

// Do the global initialization for the API.
ApiHandle apiHandle;

/**
* cmdData is the arguments/input from the command line placed into a single struct for
* use in this sample. This handles all of the command line parsing, validating, etc.
* See the Utils/CommandLineUtils for more information.
*/
Utils::cmdData cmdData = Utils::parseSampleInputWebsocketConnect(argc, argv, &apiHandle);
cmdData = Utils::parseSampleInputWebsocketConnect(argc, argv, &apiHandle);

// Create the MQTT builder and populate it with data from cmdData.
Aws::Iot::MqttClient client;
Aws::Iot::MqttClientConnectionConfigBuilder clientConfigBuilder;
std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> provider = nullptr;
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig defaultConfig;
provider = Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderChainDefault(defaultConfig);
Expand Down Expand Up @@ -61,6 +53,25 @@ int main(int argc, char *argv[])
clientConfigBuilder.WithPortOverride(static_cast<uint16_t>(cmdData.input_port));
}
clientConfigBuilder.WithEndpoint(cmdData.input_endpoint);
}

int main(int argc, char *argv[])
{
/************************ Setup ****************************/

// Do the global initialization for the API.
ApiHandle apiHandle;
/**
* cmdData is the arguments/input from the command line placed into a single struct for
* use in this sample. This handles all of the command line parsing, validating, etc.
* See the Utils/CommandLineUtils for more information.
*/
Utils::cmdData cmdData;
Aws::Iot::MqttClient client;
// Create the MQTT builder and populate it with data from cmdData.
Aws::Iot::MqttClientConnectionConfigBuilder clientConfigBuilder;

connection_setup(argc, argv, apiHandle, cmdData, clientConfigBuilder);

// Create the MQTT connection from the MQTT builder
auto clientConfig = clientConfigBuilder.Build();
Expand Down
47 changes: 47 additions & 0 deletions samples/utils/CommandLineUtils.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ namespace Utils
static const char *m_cmd_proxy_host = "proxy_host";
static const char *m_cmd_proxy_port = "proxy_port";
static const char *m_cmd_signing_region = "signing_region";
static const char *m_cmd_access_key_id = "access_key_id";
static const char *m_cmd_secret_access_key = "secret_access_key";
static const char *m_cmd_session_token = "session_token";
static const char *m_cmd_x509_endpoint = "x509_endpoint";
static const char *m_cmd_x509_role = "x509_role_alias";
static const char *m_cmd_x509_thing_name = "x509_thing_name";
Expand All @@ -40,6 +43,8 @@ namespace Utils
static const char *m_cmd_custom_auth_authorizer_name = "custom_auth_authorizer_name";
static const char *m_cmd_custom_auth_authorizer_signature = "custom_auth_authorizer_signature";
static const char *m_cmd_custom_auth_password = "custom_auth_password";
static const char *m_cmd_custom_auth_token_name = "custom_auth_token_name";
static const char *m_cmd_custom_token_value = "custom_auth_token_value";
static const char *m_cmd_verbosity = "verbosity";
static const char *m_cmd_log_file = "log_file";
static const char *m_cmd_cognito_identity = "cognito_identity";
Expand Down Expand Up @@ -601,6 +606,9 @@ namespace Utils
cmdUtils.AddCommonMQTTCommands();
cmdUtils.AddCommonCustomAuthorizerCommands();
cmdUtils.RegisterCommand(m_cmd_client_id, "<str>", "Client id to use (optional, default='test-*')");
cmdUtils.RegisterCommand(m_cmd_custom_auth_password, "<str>", "Password (optional)");
cmdUtils.RegisterCommand(m_cmd_custom_auth_token_name, "<str>", "Token name (optional)");
cmdUtils.RegisterCommand(m_cmd_custom_token_value, "<str>", "Token value (optional)");
cmdUtils.RemoveCommand("ca_file");
s_addLoggingSendArgumentsStartLogging(argc, argv, api_handle, &cmdUtils);
cmdData returnData = cmdData();
Expand All @@ -612,6 +620,9 @@ namespace Utils
returnData.input_customAuthorizerSignature =
cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_authorizer_signature, "");
returnData.input_customAuthPassword = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_password, "");
returnData.input_customTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_name, "");
returnData.input_customTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_token_value, "");

return returnData;
}

Expand Down Expand Up @@ -651,6 +662,39 @@ namespace Utils
}
return returnData;
}
cmdData parseSampleInputWebsocketStaticCredentialsConnect(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle)
{
CommandLineUtils cmdUtils = CommandLineUtils();
cmdUtils.RegisterProgramName("websocket-connect");
cmdUtils.AddCommonMQTTCommands();
cmdUtils.AddCommonProxyCommands();
cmdUtils.RegisterCommand(m_cmd_signing_region, "<str>", "The signing region used for the websocket signer");
cmdUtils.RegisterCommand(m_cmd_client_id, "<str>", "Client id to use (optional, default='test-*')");
cmdUtils.RegisterCommand(m_cmd_port_override, "<int>", "The port override to use when connecting (optional)");
cmdUtils.RegisterCommand(m_cmd_access_key_id, "<str>", "The Access key ID (optional)");
cmdUtils.RegisterCommand(m_cmd_secret_access_key, "<str>", "The secret access key (optional)");
cmdUtils.RegisterCommand(m_cmd_session_token, "<str>", "The session token (optional)");
s_addLoggingSendArgumentsStartLogging(argc, argv, api_handle, &cmdUtils);

cmdData returnData = cmdData();
s_parseCommonMQTTCommands(&cmdUtils, &returnData);
returnData.input_clientId =
cmdUtils.GetCommandOrDefault(m_cmd_client_id, Aws::Crt::String("test-") + Aws::Crt::UUID().ToString());
returnData.input_signingRegion = cmdUtils.GetCommandRequired(m_cmd_signing_region, m_cmd_region);
if (cmdUtils.HasCommand(m_cmd_proxy_host))
{
returnData.input_proxyHost = cmdUtils.GetCommandRequired(m_cmd_proxy_host);
returnData.input_proxyPort = atoi(cmdUtils.GetCommandOrDefault(m_cmd_proxy_port, "8080").c_str());
}
if (cmdUtils.HasCommand(m_cmd_port_override))
{
returnData.input_port = atoi(cmdUtils.GetCommandOrDefault(m_cmd_port_override, "0").c_str());
}
returnData.input_accessKeyId = cmdUtils.GetCommandRequired(m_cmd_access_key_id, "");
returnData.input_secretAccessKey = cmdUtils.GetCommandRequired(m_cmd_secret_access_key, "");
returnData.input_sessionToken = cmdUtils.GetCommandRequired(m_cmd_session_token, "");
return returnData;
}

cmdData parseSampleInputWebsocketConnect(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle)
{
Expand All @@ -661,6 +705,9 @@ namespace Utils
cmdUtils.RegisterCommand(m_cmd_signing_region, "<str>", "The signing region used for the websocket signer");
cmdUtils.RegisterCommand(m_cmd_client_id, "<str>", "Client id to use (optional, default='test-*')");
cmdUtils.RegisterCommand(m_cmd_port_override, "<int>", "The port override to use when connecting (optional)");
cmdUtils.RegisterCommand(m_cmd_access_key_id, "<str>", "The Access key ID (optional)");
cmdUtils.RegisterCommand(m_cmd_secret_access_key, "<str>", "The secret access key (optional)");
cmdUtils.RegisterCommand(m_cmd_session_token, "<str>", "The session token (optional)");
s_addLoggingSendArgumentsStartLogging(argc, argv, api_handle, &cmdUtils);

cmdData returnData = cmdData();
Expand Down
Loading
Loading