0.2.7 • Published 1 year ago

gcp-iot-provision v0.2.7

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
1 year ago

Google Cloud Function for IoT Device Provisioning

This Cloud Function allows you to provision and synchronize a balena device with Google Cloud IoT Core in a secure and automated way via an HTTP endpoint. The Cloud Function may be called by a balena device, as seen in the cloud-relay example.

MethodAction
POSTProvisions a balena device with IoT Core. First the function verifies the device UUID with balenaCloud. Then it creates a public/private key pair and adds the device to the registry. Finally the function pushes the private key to a balena device environment variable.
DELETERemoves a balena device from the IoT Core registry and removes the balena device environment variable for the private key. Essentially reverses the actions from provisioning with HTTP POST.

Setup and Testing

Google Cloud setup

The Cloud Function interacts with Google Cloud IoT Core via client code operating with service account credentials. You must setup a Google Cloud project with an IoT Core registry. The service account must have the Cloud IoT Provisioner role to manage device records in the IoT Core registry. See the IoT Core documentation for more background.

Development setup

Clone this repo

$ git clone https://github.com/balena-io-examples/gcp-iot-provision

The sections below show how to test the Cloud Function on a local test server and deploy to Cloud Functions. In either case you must provide the environment variables in the table below as instructed for the test/deployment.

KeyValue
BALENA_API_KEYfor use of balena API; found in balenaCloud dashboard at: account -> Preferences -> Access tokens
GCP_PROJECT_IDGoogle Cloud project ID, like my-project-000000
GCP_REGIONGoogle Cloud region for registry, like us-central1
GCP_REGISTRY_IDGoogle Cloud registry ID you provided to create the registry
GCP_SERVICE_ACCOUNTbase64 encoding of the JSON formatted GCP service account credentials provided by Google when you created the service account. Example below, assuming the credentials JSON is contained in a file.cat <credentials.txt> \| base64 -w 0

HTTP API

The HTTP endpoint expects a request containing a JSON body with the attributes below. Use POST to add a device to the cloud registry, DELETE to remove.

AttributeValue
uuidUUID of device
balena_service(optional) Name of service container on balena device that uses provisioned key and certificate, for example cloud-relay. If defined, creates service level variables; otherwise creates device level variables. Service level variables are more secure.

Test locally

The Google Functions Framework is a convenient tool for local testing. First, start a local HTTP server (docs reference) using a script like below.

export BALENA_API_KEY=<...>
... <other environment variables from table above>
export GCP_SERVICE_ACCOUNT=<...>

npx @google-cloud/functions-framework --target=provision

Next, use curl to send an HTTP request to the local server to provision a device. See the HTTP API section above for body contents.

curl -X POST http://localhost:8080 -H "Content-Type:application/json" \
   -d '{ "uuid": "<device-uuid>", "balena_service": "<service-name>" }'

After a successful POST, you should see the device appear in your IoT Core registry and GCP_CLIENT_PATH, GCP_DATA_TOPIC_ROOT, GCP_PRIVATE_KEY, and GCP_PROJECT_ID variables appear in balenaCloud for the device. After a successful DELETE, those variables disappear.

Deploy

To deploy to Cloud Functions, use the command below. See the command documentation for the format of yaml-file, which contains the variables from the table in the Development setup section above.

gcloud functions deploy provision --runtime=nodejs14 --trigger-http \
   --env-vars-file=<yaml-file> --allow-unauthenticated \
   --service-account=<name>@<xxxx>.iam.gserviceaccount.com

The result is a Cloud Function like below. Notice the TRIGGER tab, which provides the URL for the function.

Alt text

Test the Cloud Function

To test the function, use a command like below, where the URL is from the TRIGGER tab in the console. See the HTTP API section above for body contents.

curl -X POST https://<region>-<projectID>.cloudfunctions.net/provision \
   -H "Content-Type:application/json" \
   -d '{ "uuid": "<device-uuid>", "balena_service": "<service-name>" }'

After a successful POST, you should see the device appear in your IoT Core registry and GCP_CLIENT_PATH, GCP_DATA_TOPIC_ROOT, GCP_PRIVATE_KEY, and GCP_PROJECT_ID variables appear in balenaCloud for the device. After a successful DELETE, those variables disappear.

balenabalenaCloudgoogleiotcoreiotgcp
@google-cloud/functions-framework@google-cloud/iotbalena-sdk
@infinitebrahmanuniverse/nolb-gc@everything-registry/sub-chunk-1727
0.2.8-dependabot-npm-and-yarn-balena-sdk-16-28-2-d6a3b568c784f156bada381c3aa1fe5dfcb5e24e

1 year ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-28-4-b597d1b00d9af56382041066e2a3057ec7d40d39

1 year ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-27-0-cb71ef781b6efb37aaefa3eb61a4c20341d06eb6

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-28-1-019ea09d1b26e78a3bdac40d7eb6aa83bfd0e5c3

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-26-1-74dae0779fde7dd493a3edb773c03dac8363a525

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-26-5-7bbc0e6ee003cee970259a7e257cc03566a8114d

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-26-2-ed8fde2922e091a06e196673eb570786e6750e66

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-25-1-7b00e089f16c793d9a6f0c297bf551174dc5d257

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-24-1-7c665096990208ee780836fc66c3f427b58842b3

2 years ago

0.2.8-dependabot-npm-and-yarn-balena-sdk-16-24-0-e479ec99c7493b1767876aace931060e2ba779d1

2 years ago

0.2.8-dependabot-npm-and-yarn-moment-2-29-4-3c89a9bfdd6cd07673085dda5660f43122540b27

2 years ago

0.2.7

2 years ago

0.2.7-add-repo-yml-0f09d42662b1a0426f0a64d4c53ea9fe36c12e43

2 years ago

0.2.7-dependabot-npm-and-yarn-balena-sdk-16-24-0-cee7aefb76ac8e6f577cb7f15a1c276bb190f803

2 years ago

0.2.7-dependabot-npm-and-yarn-balena-sdk-16-22-0-bad5e68351a454284dd7f5fc02bbb30702cb852c

2 years ago

0.2.6

2 years ago

0.2.6-uniform-readme-sections-5716c780868f8f33d9ba0275b116a9434b40526d

2 years ago

0.2.6-dependabot-npm-and-yarn-balena-sdk-16-22-0-0a2d6fd35c83a2cb526ba1dd48ba26640cb79e4b

2 years ago

0.2.5

2 years ago

0.2.5-doc-device-env-vars-fd750c9be0194b58d91e32531fb6768cfbbc623a

2 years ago

0.2.5-dependabot-npm-and-yarn-balena-sdk-16-22-0-14f427b32bf2be89722d613ff25928d178d92c0f

2 years ago

0.2.5-dependabot-npm-and-yarn-google-cloud-functions-framework-3-1-2-bc00a4e5900a2ca4dfd837ecb084b4e76c2b466b

2 years ago

0.2.5-dependabot-npm-and-yarn-google-cloud-functions-framework-3-1-1-58e990e8530b0be79dfa036fad30318197590f7e

2 years ago

0.2.4-dependabot-npm-and-yarn-google-cloud-functions-framework-3-1-1-dfef560917c4cb151a248258f92139ac736490d8

2 years ago

0.2.4

2 years ago

0.2.4-dependabot-npm-and-yarn-node-forge-1-3-1-fd3e783334351dec8d893cca0a52c4f4dfe7ac8d

2 years ago

0.2.3

2 years ago

0.2.3-dependabot-npm-and-yarn-moment-2-29-3-312b699e0064649a3f286f6e9d7cb837dff38aec

2 years ago

0.2.2

2 years ago

0.2.2-dependabot-npm-and-yarn-minimist-1-2-6-3f850e85b59a5f8fe4b98e32af8d035b9f50feb3

2 years ago

0.2.1

2 years ago

0.2.1-fix-dependabot-location-19e04aee08846ffec9536de7216601c0ffa9f4ee

2 years ago

0.2.0

2 years ago

0.2.0-dependabot-automation-bd10fbdcd31aed687926e3c7a678772e985af583

2 years ago

0.2.0-dependabot-npm-and-yarn-node-forge-1-3-1-34801fadbe6449712929c65e58bef087ddfdee49

2 years ago

0.2.0-dependabot-npm-and-yarn-moment-2-29-3-7c3bbbe07a24ed25ea7bd0a512b3c8beefc0b42b

2 years ago

0.2.0-dependabot-npm-and-yarn-minimist-1-2-6-6fcb6912765eed66678f8ffdba8110051bb65533

2 years ago

0.1.0-use-api-key-34f0049bb856d6d788486d4b02becdba46778294

2 years ago

0.1.0-use-api-key-70d014cd051671eac1c011b18a253b19833cfcec

2 years ago