Collect system information at fleet provisioning #451
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Can you remove our organization's name ? |
RogerZhongAWS
requested changes
Mar 15, 2024
|
changes mostly look good to me, just missing adding an option in the CLI and JSON parser but we can add a change on top of this one |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
We would like to collect and publish system information when the IoT device client proceeds with fleet provisioning,
such that our pre-provisioning hook (Lambda service) will be able to validate necessary information per security considerations and
revoke the provisioning SSL certificates upon success of this event.
This change has been reviewed internally by our team and a team member of ours had spoken with the owner of this package and gained
confirmation of contributing our envisioned change to this open-source project.
Modifications
Change summary
Please describe what changes are included in this pull request.
Added several auxiliary methods to the FleetProvisioning class to collect the following information:
and publish such information along with the fleet provisioning request to the AWS IoT Core.
Revision diff summary
If there is more than one revision, please explain what has been changed since the last revision.
N/A
Testing
Is your change tested? If not, please justify the reason.
Please list your testing steps and test results.
Since the added methods are private methods, no unit tests were created. However, we have tested on a camera in our testing environment
with the changes made in this PR. Below is the IoT device client's log emitting collected system information (sensitive information has
been reducted):
and from our preprovisioning Lambda, the fleet provisioning request successfully received the published system information:
INIT_START Runtime Version: python:3.12.v20 Runtime Version ARN: arn:aws:lambda:us-east-1::runtime:[REDUCTED]START RequestId: [REDUCTED] Version: $LATESTReceived event: {"claimCertificateId": "[REDUCTED]","certificateId": "[REDUCTED]","certificatePem": "[REDUCTED]","templateArn": "arn:aws:iot:us-east-1:[REDUCTED]:provisioningtemplate/TrustedUserProvisioningTemplate","clientId": "FleetProvisionedCamera-1","parameters": {"DeviceIPAddress": "[REDUCTED]","ProvisioningCertSerialNumber": "[REDUCTED]","SerialNumber": "[REDUCTED]","DeviceMACAddress": "[REDUCTED]","IoTDeviceClient-SHA256Hash": "591ed4238e753226dcca4659fac39dbac60db78855d1dfa54be6e5bdab17f923"}}END RequestId: [REDUCTED]REPORT RequestId: [REDUCTED] Duration: 4.09 ms Billed Duration: 5 ms Memory Size: 128 MB Max Memory Used: 33 MB Init Duration: 81.16 msHence, the fleet provisioning attempt with the changes in this PR was successful.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.