# Azure IoT Device Provisioning client library for Python
The IoT Hub Device Provisioning Service (DPS) is a helper service for IoT Hub that enables zero-touch, just-in-time provisioning to the right IoT hub without requiring human intervention, allowing customers to provision millions of devices in a secure and scalable manner.
This service SDK provides data plane operations for backend apps. You can use this service SDK to create and manage individual enrollments and enrollment groups, and to query and manage device registration records.
Learn how to provision devices to your IoT hub(s) with our [quickstarts, tutorials, and samples](https://learn.microsoft.com/azure/iot-dps/).
## Getting started
### Prerequisites
* Python 3.7 or later is required to use this package. For more details, please read our page on [Azure SDK for Python version support policy](https://github.com/Azure/azure-sdk-for-python/wiki/Azure-SDKs-Python-version-support-policy).
* You must have an [Azure subscription](https://azure.microsoft.com/free/) and an
[Azure IoT Hub Device Provisioning Service](https://learn.microsoft.com/azure/iot-dps/about-iot-dps) to use this package.
This package has been tested with Python 3.7+.
For a more complete view of Azure libraries, see the [azure sdk python release](https://aka.ms/azsdk/python/all).
### Install the package
Install the Azure IoT Device Provisioning client library for Python with [pip](https://pypi.org/project/pip/):
```bash
pip install azure-iot-deviceprovisioning
```
### Create an IoT Hub Device Provisioning Service
If you wish to create a new Device Provisioning Service, you can use the
[Azure CLI](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision-cli):
```bash
# Create a new resource group (if necessary)
az group create --name my-resource-group --location westus2
# Create the DPS instance
az iot dps create --name my-dps --resource-group my-resource-group --location westus2
```
[Azure Portal](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision),
or [Bicep](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision-bicep?tabs=CLI),
### Create the client
The Azure IoT Device Provisioning client library for Python allows you to interact with three main operational categories: individual enrollments, enrollment groups, and device registration states.
Interaction with these resources starts with an instance of a DeviceProvisioningClient. To create the DeviceProvisioningClient object, you will need the DPS resource's endpoint URL and a credential that allows you to access the resource.
#### Creating the client from Azure credentials
To use an [Azure Active Directory (AAD) token credential](https://learn.microsoft.com/azure/iot-dps/concepts-control-access-dps-azure-ad),
provide an instance of the desired credential type obtained from the
[azure-identity](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#credentials) library.
For example, [DefaultAzureCredential](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#defaultazurecredential)
can be used to authenticate the client.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
from azure.identity import DefaultAzureCredential
# Initialize credential object
credential = DefaultAzureCredential()
# Create client using endpoint and credential
client = DeviceProvisioningClient(endpoint="https://my-dps.azure-device-provisioning.net/", credential=credential)
```
#### Using a DPS connection string:
Depending on your use case and authorization method, you may prefer to initialize a client instance with a DPS
connection string instead of providing the endpoint URL and credential separately. To do this, pass the DPS
connection string to the client's `from_connection_string` class method:
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
connection_string = "Hostname=https;SharedAccessKeyName=xxxx;SharedAccessKey=xxxx"
client = DeviceProvisioningClient.from_connection_string(connection_string=connection_string)
```
#### Using SAS Credentials
A client instance can also be initialized with an `AzureNamedKeyCredential` using individual components of a DPS resource's Shared Access Policy, as well as an `AzureSasCredential` using a SAS token generated from the policy components and the DPS endpoint string.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
from azure.iot.deviceprovisioning import generate_sas_token
from azure.core.credentials import AzureNamedKeyCredential, AzureSasCredential
dps_endpoint = "https://my-dps.azure-device-provisioning.net/"
policy_name = "<access_policy_name>"
policy_key = "<access_policy_primary_key>"
# AzureNamedKeyCredential
credential = AzureNamedKeyCredential(name=policy_name, key=policy_key)
# AzureSasCredential
sas_token = generate_sas_token(dps_endpoint, policy_name, policy_key)
credential = AzureSasCredential(signature=sas_token)
client = DeviceProvisioningClient(endpoint=dps_endpoint, credential=credential)
```
### Async Clients
This library includes a complete async API supported on Python 3.5+. To use it, you must
first install an async transport, such as [aiohttp](https://pypi.org/project/aiohttp/).
See
[azure-core documentation](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/core/azure-core/CLIENT_LIBRARY_DEVELOPER.md#transport)
for more information.
## Key concepts
The following operation groups comprise the Service data plane layer:
1. [Individual enrollments](https://learn.microsoft.com/azure/iot-dps/concepts-service#individual-enrollment)
2. [Enrollment groups](https://learn.microsoft.com/azure/iot-dps/concepts-service#enrollment-group)
3. [Device registration](https://learn.microsoft.com/azure/iot-dps/concepts-service#registration-record)
The Azure IoT Device Provisioning client library for Python allows you to interact with each of these components through different operation namespaces on the DeviceProvisioningClient.
## Examples
The following sections provide several code snippets covering some of the most common DPS service, including:
* [Create an individual device enrollment](#create-an-individual-device-enrollment "Create an individual device enrollment")
* [Create an enrollment with reprovisioning policies](#create-an-enrollment-with-reprovisioning-policies "Create an enrollment with reprovisioning policies")
* [Create an intermediate x509 certificate enrollment group](#create-an-intermediate-x509-certificate-enrollment-group "Create an intermediate x509 certificate enrollment group")
* [Create an x509 CA certificate enrollment group](#create-an-x509-ca-certificate-enrollment-group "Create an x509 CA certificate enrollment group")
* [Check device registration status](#check-device-registration-status "Check device registration status")
### Create an individual device enrollment
Create a symmetric key enrollment to provision an individual device and configure its initial state.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
# Initialize client
client = DeviceProvisioningClient.from_connection_string(connection_string="<connection_string>")
# Construct initial twin with desired properties of {"key": "value"} and a tag of {"env": "Development"}
initial_twin = {
"properties": {
"desired": {
"key": "value"
}
},
"tags": {
"env": "Development"
}
}
# Create a symmetric key individual enrollment with initial twin
client.individual_enrollment.create_or_update(
id="<enrollment_id>",
enrollment = {
"registrationId": "<enrollment_id>",
"attestation": {
"type": "symmetricKey",
},
"deviceId": "<device_id>",
"initialTwin": initial_twin
}
)
```
### Create an enrollment with reprovisioning policies
Create an individual enrollment with a specific reprovisioning policy.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
# Initialize client
client = DeviceProvisioningClient.from_connection_string(connection_string="<connection_string>")
# Create a reprovisioning policy to migrate the device's data and reassess hub assignment
reprovision_policy = {
"migrateDeviceData": True,
"updateHubAssignment": True
}
# Create a symmetric key individual enrollment with reprovisioning policy
client.individual_enrollment.create_or_update(
id="<enrollment_id>",
enrollment = {
"registrationId": "<enrollment_id>",
"attestation": {
"type": "symmetricKey",
},
"deviceId": "<device_id>",
"reprovisionPolicy": reprovision_policy
}
)
```
### Create an intermediate x509 certificate enrollment group
Create an x509 enrollment group to provision one or more devices using x509 attestation.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
# Initialize client
client = DeviceProvisioningClient.from_connection_string(connection_string="<connection_string>")
# Load certificate contents
certificate = open("certificate.pem", "rt", encoding="utf-8")
cert_contents = certificate.read()
# Create x509 enrollment group with an intermediate cert
client.enrollment_groups.create_or_update(
id="<enrollment_group_id>",
enrollment_group={
"enrollmentGroupId": "<enrollment_group_id>",
"attestation": {
"type": "x509",
"x509": {
"signingCertificates": {
"primary": {"certificate": f"{cert_contents}"},
"secondary": {"certificate": f"{cert_contents}"},
}
},
},
}
)
```
### Create an x509 CA certificate enrollment group
Create an enrollment group with an x509 CA certificate attestation.
This will ensure a registered device's certificate chain has been signed by the target CA cert at the control plane layer.
```python
from azure.iot.deviceprovisioning import DeviceProvisioningClient
# Initialize client
client = DeviceProvisioningClient.from_connection_string(connection_string="<connection_string>")
# Load certificate contents
ca_certificate = open("ca_certificate.pem", "rt", encoding="utf-8")
ca_contents = certificate.read()
# Create x509 enrollment group with CA References
client.enrollment_groups.create_or_update(
id="<enrollment_group_id>",
enrollment_group={
"enrollmentGroupId": "<enrollment_group_id>",
"attestation": {
"type": "x509",
"x509": {
"caReferences": {
"primary": f"{ca_contents}",
"secondary": f"{ca_contents}",
}
},
},
}
)
```
### Check device registration status
```python
from azure.iot.deviceprovisioningservice import DeviceProvisioningClient
# Initialize client
client = DeviceProvisioningClient.from_connection_string(connection_string="<connection_string>")
# Query device registrations for an enrollment group
device_registrations = client.device_registration_state.query(
id="<enrollment_group_id>"
)
# Get device registration status for a particular device
state = client.device_registration_state.get(
id="<device_id>"
)
```
## Troubleshooting
### Connection String errors
If you see an error message that states `IoT DPS connection string has missing property: [property]`, it indicates that your connection string is not formed correctly.
Please ensure your connection string is semicolon-delimited, and contains the following properties: `hostname`, `sharedaccesskeyname`, and `sharedaccesskey`.
### Standard HTTPResponse errors
The client methods in this SDK raise an [HttpResponseError](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/core/azure-core#httpresponseerror) on request failure.
The HttpResponseError raised by the Azure IoT Hub Device Provisioning client library includes detailed error response information that provides useful insights into what went wrong and includes corrective actions to fix common issues.
This error information can be found inside the `message` property of the `HttpResponseError` instance.
Here is an example of how to catch and handle these errors:
```python
try:
client.individual_enrollment.create_or_update(
id="<enrollment_id>",
enrollment = {
"registrationId": "<enrollment_id>",
"attestation": {
"type": "symmetricKey",
},
}
)
except HttpResponseError as error:
# handle the error here
if error.status_code == 409:
pass
```
- `HTTP 400` errors indicate a malformed or bad request. Verify that your inputs are of the correct type and that you have provided all required properties.
- `HTTP 401` errors indicate problems authenticating. Check the exception message or logs for more information.
- `HTTP 403` errors indicate that the provided user credentials are not authorized to perform a specific operation on this Device Provisioning Service resource.
This can also occur if you have incorrectly generated a SAS credential. Verify your credentials and ensure access to your DPS resource.
- `HTTP 409` errors indicate a resource conflict. This can occur if:
- You are trying to create an object that already exists
- You are updating an object using a `create_or_update_` method without providing an `eTag` / `if-match` value
## Next steps
### More sample code
Get started with our [samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/).
prov
Several samples, as well as async samples, are available to you in the samples directory.
- [Device Registration States](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_device_registration.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_device_registration_async.py)):
- Create a basic enrollment group
- Register a device (Requires device SDK)
- Query device registration states for an enrollment group
- Get device registration state
- Delete device registration state
- [Enrollment Groups](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_enrollment_groups.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_enrollment_groups_async.py)):
- Create a symmetric key enrollment group
- Create an x509 certificate enrollment group
- Get an enrollment group
- Update an enrollment group
- Get enrollment group attestation mechanism
- Bulk enrollment group operations
- Delete enrollment group
- [Individual Enrollments](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_individual_enrollments.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_individual_enrollments_async.py)):
- Create a symmetric key individual enrollment
- Create a TPM attestation individual enrollment
- Create an x509 certificate individual enrollment
- Get an individual enrollment
- Update an individual enrollment
- Get an individual enrollment's attestation mechanism
- Bulk individual enrollment operations
- Delete an individual enrollment
### Additional documentation
For more extensive documentation on Azure IoT Hub Device Provisioning Service, see the [Azure IoT Hub Device Provisioning Service documentation](https://learn.microsoft.com/azure/iot-dps/) on learn.microsoft.com.
## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
# Release History
## 1.0.0b1 (2023-06-14)
- Initial Release
Raw data
{
"_id": null,
"home_page": "https://github.com/Azure/azure-sdk-for-python",
"name": "azure-iot-deviceprovisioning",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "azure,azure sdk,iot,dps,device,provisioning",
"author": "Microsoft Corporation",
"author_email": "azpysdkhelp@microsoft.com",
"download_url": "https://files.pythonhosted.org/packages/22/e6/a00bbfd70bb76efa1f974198a0a3e4b70617d7920d5d8a5432e62e38583f/azure-iot-deviceprovisioning-1.0.0b1.zip",
"platform": null,
"description": "# Azure IoT Device Provisioning client library for Python\n\nThe IoT Hub Device Provisioning Service (DPS) is a helper service for IoT Hub that enables zero-touch, just-in-time provisioning to the right IoT hub without requiring human intervention, allowing customers to provision millions of devices in a secure and scalable manner. \n\nThis service SDK\u202fprovides data plane operations for backend apps. You can use this service SDK to create and manage individual enrollments and enrollment groups, and to query and manage device registration records.\n\nLearn how to provision devices to your IoT hub(s) with our [quickstarts, tutorials, and samples](https://learn.microsoft.com/azure/iot-dps/).\n\n## Getting started\n\n### Prerequisites\n* Python 3.7 or later is required to use this package. For more details, please read our page on [Azure SDK for Python version support policy](https://github.com/Azure/azure-sdk-for-python/wiki/Azure-SDKs-Python-version-support-policy).\n* You must have an [Azure subscription](https://azure.microsoft.com/free/) and an\n[Azure IoT Hub Device Provisioning Service](https://learn.microsoft.com/azure/iot-dps/about-iot-dps) to use this package.\n\nThis package has been tested with Python 3.7+.\nFor a more complete view of Azure libraries, see the [azure sdk python release](https://aka.ms/azsdk/python/all).\n\n\n### Install the package\nInstall the Azure IoT Device Provisioning client library for Python with [pip](https://pypi.org/project/pip/):\n```bash\npip install azure-iot-deviceprovisioning\n```\n\n### Create an IoT Hub Device Provisioning Service\nIf you wish to create a new Device Provisioning Service, you can use the\n[Azure CLI](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision-cli):\n\n```bash\n# Create a new resource group (if necessary)\naz group create --name my-resource-group --location westus2\n\n# Create the DPS instance\naz iot dps create --name my-dps --resource-group my-resource-group --location westus2\n```\n\n[Azure Portal](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision),\nor [Bicep](https://learn.microsoft.com/azure/iot-dps/quick-setup-auto-provision-bicep?tabs=CLI),\n\n### Create the client\nThe Azure IoT Device Provisioning client library for Python allows you to interact with three main operational categories: individual enrollments, enrollment groups, and device registration states.\n\nInteraction with these resources starts with an instance of a DeviceProvisioningClient. To create the DeviceProvisioningClient object, you will need the DPS resource's endpoint URL and a credential that allows you to access the resource.\n\n#### Creating the client from Azure credentials\nTo use an [Azure Active Directory (AAD) token credential](https://learn.microsoft.com/azure/iot-dps/concepts-control-access-dps-azure-ad),\n provide an instance of the desired credential type obtained from the\n [azure-identity](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#credentials) library.\n For example, [DefaultAzureCredential](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#defaultazurecredential)\n can be used to authenticate the client.\n\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\nfrom azure.identity import DefaultAzureCredential\n\n# Initialize credential object\ncredential = DefaultAzureCredential()\n\n# Create client using endpoint and credential\nclient = DeviceProvisioningClient(endpoint=\"https://my-dps.azure-device-provisioning.net/\", credential=credential)\n```\n\n#### Using a DPS connection string:\nDepending on your use case and authorization method, you may prefer to initialize a client instance with a DPS\nconnection string instead of providing the endpoint URL and credential separately. To do this, pass the DPS\nconnection string to the client's `from_connection_string` class method:\n\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\n\nconnection_string = \"Hostname=https;SharedAccessKeyName=xxxx;SharedAccessKey=xxxx\"\nclient = DeviceProvisioningClient.from_connection_string(connection_string=connection_string)\n```\n\n#### Using SAS Credentials\nA client instance can also be initialized with an `AzureNamedKeyCredential` using individual components of a DPS resource's Shared Access Policy, as well as an `AzureSasCredential` using a SAS token generated from the policy components and the DPS endpoint string.\n\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\nfrom azure.iot.deviceprovisioning import generate_sas_token\nfrom azure.core.credentials import AzureNamedKeyCredential, AzureSasCredential\n\ndps_endpoint = \"https://my-dps.azure-device-provisioning.net/\"\npolicy_name = \"<access_policy_name>\"\npolicy_key = \"<access_policy_primary_key>\"\n\n\n# AzureNamedKeyCredential\ncredential = AzureNamedKeyCredential(name=policy_name, key=policy_key)\n\n# AzureSasCredential\nsas_token = generate_sas_token(dps_endpoint, policy_name, policy_key)\ncredential = AzureSasCredential(signature=sas_token)\n\nclient = DeviceProvisioningClient(endpoint=dps_endpoint, credential=credential)\n```\n\n### Async Clients \nThis library includes a complete async API supported on Python 3.5+. To use it, you must\nfirst install an async transport, such as [aiohttp](https://pypi.org/project/aiohttp/).\nSee\n[azure-core documentation](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/core/azure-core/CLIENT_LIBRARY_DEVELOPER.md#transport)\nfor more information.\n\n## Key concepts\nThe following operation groups comprise the Service data plane layer:\n1. [Individual enrollments](https://learn.microsoft.com/azure/iot-dps/concepts-service#individual-enrollment)\n2. [Enrollment groups](https://learn.microsoft.com/azure/iot-dps/concepts-service#enrollment-group)\n3. [Device registration](https://learn.microsoft.com/azure/iot-dps/concepts-service#registration-record)\n\nThe Azure IoT Device Provisioning client library for Python allows you to interact with each of these components through different operation namespaces on the DeviceProvisioningClient.\n\n## Examples\nThe following sections provide several code snippets covering some of the most common DPS service, including:\n\n* [Create an individual device enrollment](#create-an-individual-device-enrollment \"Create an individual device enrollment\")\n* [Create an enrollment with reprovisioning policies](#create-an-enrollment-with-reprovisioning-policies \"Create an enrollment with reprovisioning policies\")\n* [Create an intermediate x509 certificate enrollment group](#create-an-intermediate-x509-certificate-enrollment-group \"Create an intermediate x509 certificate enrollment group\")\n* [Create an x509 CA certificate enrollment group](#create-an-x509-ca-certificate-enrollment-group \"Create an x509 CA certificate enrollment group\")\n* [Check device registration status](#check-device-registration-status \"Check device registration status\")\n\n### Create an individual device enrollment\nCreate a symmetric key enrollment to provision an individual device and configure its initial state.\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\n\n# Initialize client\nclient = DeviceProvisioningClient.from_connection_string(connection_string=\"<connection_string>\")\n\n# Construct initial twin with desired properties of {\"key\": \"value\"} and a tag of {\"env\": \"Development\"}\ninitial_twin = {\n \"properties\": {\n \"desired\": {\n \"key\": \"value\"\n }\n },\n \"tags\": {\n \"env\": \"Development\"\n }\n}\n\n# Create a symmetric key individual enrollment with initial twin\nclient.individual_enrollment.create_or_update(\n id=\"<enrollment_id>\",\n enrollment = {\n \"registrationId\": \"<enrollment_id>\",\n \"attestation\": {\n \"type\": \"symmetricKey\",\n },\n \"deviceId\": \"<device_id>\",\n \"initialTwin\": initial_twin\n }\n)\n```\n\n### Create an enrollment with reprovisioning policies\nCreate an individual enrollment with a specific reprovisioning policy.\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\n\n# Initialize client\nclient = DeviceProvisioningClient.from_connection_string(connection_string=\"<connection_string>\")\n\n# Create a reprovisioning policy to migrate the device's data and reassess hub assignment\nreprovision_policy = {\n \"migrateDeviceData\": True,\n \"updateHubAssignment\": True\n}\n\n# Create a symmetric key individual enrollment with reprovisioning policy\nclient.individual_enrollment.create_or_update(\n id=\"<enrollment_id>\",\n enrollment = {\n \"registrationId\": \"<enrollment_id>\",\n \"attestation\": {\n \"type\": \"symmetricKey\",\n },\n \"deviceId\": \"<device_id>\",\n \"reprovisionPolicy\": reprovision_policy\n }\n)\n```\n\n### Create an intermediate x509 certificate enrollment group\nCreate an x509 enrollment group to provision one or more devices using x509 attestation.\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\n\n# Initialize client\nclient = DeviceProvisioningClient.from_connection_string(connection_string=\"<connection_string>\")\n\n# Load certificate contents\ncertificate = open(\"certificate.pem\", \"rt\", encoding=\"utf-8\")\ncert_contents = certificate.read()\n\n# Create x509 enrollment group with an intermediate cert\nclient.enrollment_groups.create_or_update(\n id=\"<enrollment_group_id>\",\n enrollment_group={\n \"enrollmentGroupId\": \"<enrollment_group_id>\",\n \"attestation\": {\n \"type\": \"x509\",\n \"x509\": {\n \"signingCertificates\": {\n \"primary\": {\"certificate\": f\"{cert_contents}\"},\n \"secondary\": {\"certificate\": f\"{cert_contents}\"},\n }\n },\n },\n }\n)\n```\n\n### Create an x509 CA certificate enrollment group\nCreate an enrollment group with an x509 CA certificate attestation. \nThis will ensure a registered device's certificate chain has been signed by the target CA cert at the control plane layer.\n```python\nfrom azure.iot.deviceprovisioning import DeviceProvisioningClient\n\n# Initialize client\nclient = DeviceProvisioningClient.from_connection_string(connection_string=\"<connection_string>\")\n\n# Load certificate contents\nca_certificate = open(\"ca_certificate.pem\", \"rt\", encoding=\"utf-8\")\nca_contents = certificate.read()\n\n# Create x509 enrollment group with CA References\nclient.enrollment_groups.create_or_update(\n id=\"<enrollment_group_id>\",\n enrollment_group={\n \"enrollmentGroupId\": \"<enrollment_group_id>\",\n \"attestation\": {\n \"type\": \"x509\",\n \"x509\": {\n \"caReferences\": {\n \"primary\": f\"{ca_contents}\",\n \"secondary\": f\"{ca_contents}\",\n }\n },\n },\n }\n)\n```\n\n### Check device registration status\n```python\nfrom azure.iot.deviceprovisioningservice import DeviceProvisioningClient\n\n# Initialize client\nclient = DeviceProvisioningClient.from_connection_string(connection_string=\"<connection_string>\")\n\n# Query device registrations for an enrollment group\ndevice_registrations = client.device_registration_state.query(\n id=\"<enrollment_group_id>\"\n)\n\n# Get device registration status for a particular device\nstate = client.device_registration_state.get(\n id=\"<device_id>\"\n)\n```\n\n\n## Troubleshooting\n\n\n### Connection String errors\nIf you see an error message that states `IoT DPS connection string has missing property: [property]`, it indicates that your connection string is not formed correctly.\n\nPlease ensure your connection string is semicolon-delimited, and contains the following properties: `hostname`, `sharedaccesskeyname`, and `sharedaccesskey`.\n\n### Standard HTTPResponse errors\nThe client methods in this SDK raise an [HttpResponseError](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/core/azure-core#httpresponseerror) on request failure.\nThe HttpResponseError raised by the Azure IoT Hub Device Provisioning client library includes detailed error response information that provides useful insights into what went wrong and includes corrective actions to fix common issues.\n\nThis error information can be found inside the `message` property of the `HttpResponseError` instance.\n\nHere is an example of how to catch and handle these errors:\n\n```python\ntry:\n client.individual_enrollment.create_or_update(\n id=\"<enrollment_id>\",\n enrollment = {\n \"registrationId\": \"<enrollment_id>\",\n \"attestation\": {\n \"type\": \"symmetricKey\",\n },\n }\n )\nexcept HttpResponseError as error:\n # handle the error here\n if error.status_code == 409:\n pass\n```\n\n- `HTTP 400` errors indicate a malformed or bad request. Verify that your inputs are of the correct type and that you have provided all required properties.\n\n- `HTTP 401` errors indicate problems authenticating. Check the exception message or logs for more information.\n\n- `HTTP 403` errors indicate that the provided user credentials are not authorized to perform a specific operation on this Device Provisioning Service resource. \nThis can also occur if you have incorrectly generated a SAS credential. Verify your credentials and ensure access to your DPS resource.\n\n- `HTTP 409` errors indicate a resource conflict. This can occur if:\n - You are trying to create an object that already exists\n - You are updating an object using a `create_or_update_` method without providing an `eTag` / `if-match` value\n\n## Next steps\n\n### More sample code\nGet started with our [samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/).\nprov\nSeveral samples, as well as async samples, are available to you in the samples directory.\n\n- [Device Registration States](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_device_registration.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_device_registration_async.py)):\n - Create a basic enrollment group\n - Register a device (Requires device SDK)\n - Query device registration states for an enrollment group\n - Get device registration state\n - Delete device registration state\n\n- [Enrollment Groups](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_enrollment_groups.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_enrollment_groups_async.py)):\n - Create a symmetric key enrollment group\n - Create an x509 certificate enrollment group\n - Get an enrollment group\n - Update an enrollment group\n - Get enrollment group attestation mechanism\n - Bulk enrollment group operations\n - Delete enrollment group\n\n\n- [Individual Enrollments](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_individual_enrollments.py) ([async version](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/iothub/azure-iot-deviceprovisioning/samples/dps_service_sample_individual_enrollments_async.py)):\n - Create a symmetric key individual enrollment\n - Create a TPM attestation individual enrollment\n - Create an x509 certificate individual enrollment\n - Get an individual enrollment\n - Update an individual enrollment\n - Get an individual enrollment's attestation mechanism\n - Bulk individual enrollment operations\n - Delete an individual enrollment\n\n### Additional documentation\nFor more extensive documentation on Azure IoT Hub Device Provisioning Service, see the [Azure IoT Hub Device Provisioning Service documentation](https://learn.microsoft.com/azure/iot-dps/) on learn.microsoft.com.\n\n## Contributing\nThis project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.\n\nWhen you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.\n\n\n# Release History\n\n## 1.0.0b1 (2023-06-14)\n\n - Initial Release\n",
"bugtrack_url": null,
"license": "MIT License",
"summary": "Microsoft Azure IoT Device Provisioning Client Library for Python",
"version": "1.0.0b1",
"project_urls": {
"Homepage": "https://github.com/Azure/azure-sdk-for-python"
},
"split_keywords": [
"azure",
"azure sdk",
"iot",
"dps",
"device",
"provisioning"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "49943e5ff2130403dd979c9c1a70d4cbd63493d18df9b6053b128685176836da",
"md5": "5dc623db8db4263c6cb54eef1371ee7d",
"sha256": "93bd7602ba245fce35e902c8299e86e153b02973fd9874e51a8a80108cf2d90e"
},
"downloads": -1,
"filename": "azure_iot_deviceprovisioning-1.0.0b1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5dc623db8db4263c6cb54eef1371ee7d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 88348,
"upload_time": "2023-06-14T19:40:24",
"upload_time_iso_8601": "2023-06-14T19:40:24.217196Z",
"url": "https://files.pythonhosted.org/packages/49/94/3e5ff2130403dd979c9c1a70d4cbd63493d18df9b6053b128685176836da/azure_iot_deviceprovisioning-1.0.0b1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "22e6a00bbfd70bb76efa1f974198a0a3e4b70617d7920d5d8a5432e62e38583f",
"md5": "dd97d5dad18f255217d6e6d23a8cf8a3",
"sha256": "8a6eccb99377c8f72ecf1b8a4776ed8ec083e636e3acb553e1e2a441e72b7fcc"
},
"downloads": -1,
"filename": "azure-iot-deviceprovisioning-1.0.0b1.zip",
"has_sig": false,
"md5_digest": "dd97d5dad18f255217d6e6d23a8cf8a3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 146681,
"upload_time": "2023-06-14T19:40:21",
"upload_time_iso_8601": "2023-06-14T19:40:21.856730Z",
"url": "https://files.pythonhosted.org/packages/22/e6/a00bbfd70bb76efa1f974198a0a3e4b70617d7920d5d8a5432e62e38583f/azure-iot-deviceprovisioning-1.0.0b1.zip",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-14 19:40:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Azure",
"github_project": "azure-sdk-for-python",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"lcname": "azure-iot-deviceprovisioning"
}