GoogleCloudPlatform · gguuss · Oct 17, 2018 · Oct 10, 2018 · Oct 10, 2018 · Oct 10, 2018
diff --git a/iot/api-client/beta-features/commands/README.md b/iot/api-client/beta-features/commands/README.md
@@ -0,0 +1,31 @@
+# Cloud IoT Core Python Samples
+This folder contains Python samples that demonstrate an overview of the
+commands beta feature.
+
+## Quickstart
+1. Install the Cloud SDK as described in [the device manager guide](https://cloud.google.com/iot/docs/device_manager_guide).
+2. Create a PubSub topic:
+
+    gcloud beta pubsub topics create projects/my-iot-project/topics/device-events
+
+3. Create a registry:
+
+    gcloud iot registries create my-registry \
+        --project=my-iot-project \
+        --region=us-central1 \
+        --event-notification-config=topic=projects/intense-wavelet-343/topics/device-events
+
+4. Use the `generate_keys.sh` script to generate your signing keys:
+
+    <path-to>/python-docs-samples/iot/api-client/generate_keys.sh
+
+5. Register a device:
+
+    gcloud iot devices create my-python-device \
+        --project=my-iot-project \
+        --region=us-central1 \
+        --registry=my-registry \
+        --public-key path=rsa_cert.pem,type=rs256
+
+6. Connect a virtual device using the sample app in the `receive` folder.
+7. While the virtual device is connected, send a commmand using the sample app in the `send` folder.
diff --git a/iot/api-client/beta-features/commands/receive/README.rst b/iot/api-client/beta-features/commands/receive/README.rst
@@ -0,0 +1,108 @@
+.. This file is automatically generated. Do not edit this file directly.
+
+Google Cloud IoT Core Python Samples
+===============================================================================
+
+.. image:: https://gstatic.com/cloudssh/images/open-btn.png
+   :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=iot/api-client/mqtt_example/README.rst
+
+
+This directory contains samples for Google Cloud IoT Core. `Google Cloud IoT Core`_ allows developers to easily integrate Publish and Subscribe functionality with devices and programmatically manage device authorization.
+Before you run the sample, you must retrieve the Google root certificate. For example, ``wget https://pki.goog/roots.pem`` or ``curl https://pki.goog/roots.pem > roots.pem``.
+The following example runs the sample using the project ID ``blue-jet-123`` and the device name ``my-python-device``::
+
+    python receive.py \
+        --registry_id=my-registry \
+        --project_id=blue-jet-123 \
+        --device_id=my-python-device \
+        --algorithm=RS256 \
+        --private_key_file=../rsa_private.pem
+
+
+
+
+.. _Google Cloud IoT Core: https://cloud.google.com/iot/docs
+
+Setup
+-------------------------------------------------------------------------------
+
+
+Install Dependencies
+++++++++++++++++++++
+
+#. Install `pip`_ and `virtualenv`_ if you do not already have them. You may want to refer to the `Python Development Environment Setup Guide`_ for Google Cloud Platform for instructions.
+
+ .. _Python Development Environment Setup Guide:
+     https://cloud.google.com/python/setup
+
+#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
+
+    .. code-block:: bash
+
+        $ virtualenv env
+        $ source env/bin/activate
+
+#. Install the dependencies needed to run the samples.
+
+    .. code-block:: bash
+
+        $ pip install -r requirements.txt
+
+.. _pip: https://pip.pypa.io/
+.. _virtualenv: https://virtualenv.pypa.io/
+
+Samples
+-------------------------------------------------------------------------------
+
+MQTT Device Client Example
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+.. image:: https://gstatic.com/cloudssh/images/open-btn.png
+   :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=iot/api-client/mqtt_example/receive.py;iot/api-client/mqtt_example/README.rst
+
+
+
+
+To run this sample:
+
+.. code-block:: bash
+
+    $ python receive.py
+
+    usage: receive.py [-h] [--project_id PROJECT_ID] --registry_id REGISTRY_ID
+                      --device_id DEVICE_ID --private_key_file PRIVATE_KEY_FILE
+                      --algorithm {RS256,ES256} [--cloud_region CLOUD_REGION]
+                      [--ca_certs CA_CERTS]
+                      [--mqtt_bridge_hostname MQTT_BRIDGE_HOSTNAME]
+                      [--mqtt_bridge_port {8883,443}]
+                      [--jwt_expires_minutes JWT_EXPIRES_MINUTES]
+
+    Example Google Cloud IoT Core MQTT device connection code.
+
+    optional arguments:
+      -h, --help            show this help message and exit
+      --project_id PROJECT_ID
+                            GCP cloud project name
+      --registry_id REGISTRY_ID
+                            Cloud IoT Core registry id
+      --device_id DEVICE_ID
+                            Cloud IoT Core device id
+      --private_key_file PRIVATE_KEY_FILE
+                            Path to private key file.
+      --algorithm {RS256,ES256}
+                            Which encryption algorithm to use to generate the JWT.
+      --cloud_region CLOUD_REGION
+                            GCP cloud region
+      --ca_certs CA_CERTS   CA root from https://pki.google.com/roots.pem
+      --mqtt_bridge_hostname MQTT_BRIDGE_HOSTNAME
+                            MQTT bridge hostname.
+      --mqtt_bridge_port {8883,443}
+                            MQTT bridge port.
+      --jwt_expires_minutes JWT_EXPIRES_MINUTES
+                            Expiration time, in minutes, for JWT tokens.
+
+
+
+
+
+.. _Google Cloud SDK: https://cloud.google.com/sdk/
diff --git a/iot/api-client/beta-features/commands/receive/README.rst.in b/iot/api-client/beta-features/commands/receive/README.rst.in
@@ -0,0 +1,36 @@
+# This file is used to generate README.rst
+
+product:
+  name: Google Cloud IoT Core
+  short_name: Cloud IoT Core
+  url: https://cloud.google.com/iot/docs
+  description: >
+    `Google Cloud IoT Core`_ allows developers to easily integrate Publish and
+    Subscribe functionality with devices and programmatically manage device
+    authorization.
+
+    Before you run the sample, you must retrieve the Google root certificate.
+    For example, ``wget https://pki.goog/roots.pem`` or
+    ``curl https://pki.goog/roots.pem > roots.pem``.
+
+    The following example runs the sample using the project ID ``blue-jet-123``
+    and the device name ``my-python-device``::
+
+        python receive.py \
+            --registry_id=my-registry \
+            --project_id=blue-jet-123 \
+            --device_id=my-python-device \
+            --algorithm=RS256 \
+            --private_key_file=../rsa_private.pem
+
+setup:
+- install_deps
+
+samples:
+- name: MQTT Device Client Example
+  file: receive.py
+  show_help: True
+
+cloud_client_library: false
+
+folder: iot/api-client/mqtt_example
diff --git a/iot/api-client/beta-features/commands/receive/receive.py b/iot/api-client/beta-features/commands/receive/receive.py
@@ -0,0 +1,220 @@
+#!/usr/bin/env python
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Python sample for connecting to Google Cloud IoT Core via MQTT, using JWT.
+This example connects to Google Cloud IoT Core via MQTT, using a JWT for device
+authentication. After connecting, by default the device publishes 100 messages
+to the device's MQTT topic at a rate of one per second, and then exits.
+Before you run the sample, you must follow the instructions in the README
+for this sample.
+"""
+
+# [START iot_mqtt_includes]
+import argparse
+import datetime
+import os
+import ssl
+import time
+
+import jwt
+import paho.mqtt.client as mqtt
+# [END iot_mqtt_includes]
+
+# The initial backoff time after a disconnection occurs, in seconds.
+minimum_backoff_time = 1
+
+# The maximum backoff time before giving up, in seconds.
+MAXIMUM_BACKOFF_TIME = 32
+
+# Whether to wait with exponential backoff before publishing.
+should_backoff = False
+
+
+# [START iot_mqtt_jwt]
+def create_jwt(project_id, private_key_file, algorithm):
+    """Creates a JWT (https://jwt.io) to establish an MQTT connection.
+        Args:
+         project_id: The cloud project ID this device belongs to
+         private_key_file: A path to a file containing either an RSA256 or
+                 ES256 private key.
+         algorithm: The encryption algorithm to use. Either 'RS256' or 'ES256'
+        Returns:
+            A str for the JWT from the given project id and private key path,
+            set to expire in 60 minutes. After 60 minutes, your client will be
+            disconnected, and a new JWT will have to be generated.
+        Raises:
+            ValueError: If the private_key_file does not contain a known key.
+        """
+
+    token = {
+            # The time that the token was issued at
+            'iat': datetime.datetime.utcnow(),
+            # The time the token expires.
+            'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60),
+            # The audience field should always be set to the GCP project id.
+            'aud': project_id
+    }
+
+    # Read the private key file.
+    with open(private_key_file, 'r') as f:
+        private_key = f.read()
+
+    print('Creating JWT using {} from private key file {}'.format(
+            algorithm, private_key_file))
+
+    return jwt.encode(token, private_key, algorithm=algorithm)
+# [END iot_mqtt_jwt]
+
+
+# [START iot_mqtt_config]
+def error_str(rc):
+    """Convert a Paho error to a human readable string."""
+    return '{}: {}'.format(rc, mqtt.error_string(rc))
+
+
+def on_connect(unused_client, unused_userdata, unused_flags, rc):
+    """Callback for when a device connects."""
+    print('on_connect', mqtt.connack_string(rc))
+
+    # After a successful connect, reset backoff time and stop backing off.
+    global should_backoff
+    global minimum_backoff_time
+    should_backoff = False
+    minimum_backoff_time = 1
+
+
+def on_disconnect(unused_client, unused_userdata, rc):
+    """Paho callback for when a device disconnects."""
+    print('on_disconnect', error_str(rc))
+
+    # Since a disconnect occurred, the next loop iteration will wait with
+    # exponential backoff.
+    global should_backoff
+    should_backoff = True
+
+
+def on_publish(unused_client, unused_userdata, unused_mid):
+    """Paho callback when a message is sent to the broker."""
+    print('on_publish')
+
+
+def on_message(unused_client, unused_userdata, message):
+    """Callback when the device receives a message on a subscription."""
+    payload = str(message.payload)
+    print('Received message \'{}\' on topic \'{}\' with Qos {}'.format(
+            payload, message.topic, str(message.qos)))
+
+
+def get_client(
+        project_id, cloud_region, registry_id, device_id, private_key_file,
+        algorithm, ca_certs, mqtt_bridge_hostname, mqtt_bridge_port):
+    """Create our MQTT client. The client_id is a unique string that identifies
+    this device. For Google Cloud IoT Core, it must be in the format below."""
+    client_id = 'projects/{}/locations/{}/registries/{}/devices/{}'.format(
+            project_id, cloud_region, registry_id, device_id)
+    client = mqtt.Client(client_id=client_id)
+
+    password = create_jwt(project_id, private_key_file, algorithm)
+
+    # With Google Cloud IoT Core, the username field is ignored, and the
+    # password field is used to transmit a JWT to authorize the device.
+    client.username_pw_set(username='unused', password=password)
+
+    # Enable SSL/TLS support.
+    client.tls_set(ca_certs=ca_certs, tls_version=ssl.PROTOCOL_TLSv1_2)
+
+    # Register message callbacks. https://eclipse.org/paho/clients/python/docs/
+    # describes additional callbacks that Paho supports. In this example, the
+    # callbacks just print to standard out.
+    client.on_connect = on_connect
+    client.on_publish = on_publish
+    client.on_disconnect = on_disconnect
+    client.on_message = on_message
+
+    # Connect to the Google MQTT bridge.
+    print('Connecting with id: {} and pass: {}'.format(client_id, password))
+    client.connect(mqtt_bridge_hostname, mqtt_bridge_port)
+
+    # This is the topic that the device will receive configuration updates on.
+    mqtt_command_topic = '/devices/{}/commands/#'.format(device_id)
+
+    # Subscribe to the config topic.
+    print('Subscribing to {}'.format(mqtt_command_topic))
+    client.subscribe(mqtt_command_topic, qos=1)
+
+    return client
+# [END iot_mqtt_config]
+
+
+if __name__ == '__main__':
+    # [START iot_mqtt_run]
+    """Parse command line arguments."""
+    parser = argparse.ArgumentParser(description=(
+            'Example Google Cloud IoT Core MQTT device connection code.'))
+    parser.add_argument(
+            '--project_id',
+            default=os.environ.get('GOOGLE_CLOUD_PROJECT'),
+            help='GCP cloud project name')
+    parser.add_argument(
+            '--registry_id', required=True, help='Cloud IoT Core registry id')
+    parser.add_argument(
+            '--device_id', required=True, help='Cloud IoT Core device id')
+    parser.add_argument(
+            '--private_key_file',
+            required=True, help='Path to private key file.')
+    parser.add_argument(
+            '--algorithm',
+            choices=('RS256', 'ES256'),
+            required=True,
+            help='Which encryption algorithm to use to generate the JWT.')
+    parser.add_argument(
+            '--cloud_region', default='us-central1', help='GCP cloud region')
+    parser.add_argument(
+            '--ca_certs',
+            default='roots.pem',
+            help=('CA root from https://pki.google.com/roots.pem'))
+    parser.add_argument(
+            '--mqtt_bridge_hostname',
+            default='mqtt.googleapis.com',
+            help='MQTT bridge hostname.')
+    parser.add_argument(
+            '--mqtt_bridge_port',
+            choices=(8883, 443),
+            default=8883,
+            type=int,
+            help='MQTT bridge port.')
+    parser.add_argument(
+            '--jwt_expires_minutes',
+            default=20,
+            type=int,
+            help=('Expiration time, in minutes, for JWT tokens.'))
+
+    args = parser.parse_args()
+
+    # Add any JWT refresh logic here
+    client = get_client(
+        args.project_id, args.cloud_region, args.registry_id, args.device_id,
+        args.private_key_file, args.algorithm, args.ca_certs,
+        args.mqtt_bridge_hostname, args.mqtt_bridge_port)
+
+    # Wait two minutes for commands, for production you may want while True
+    for i in range(1, 120):
+        # Process network events.
+        client.loop()
+        print('Sleeping...')
+        time.sleep(1)
+
+    print('Finished.')
+    # [END iot_mqtt_run]