Adds JWT refresh to http example. (#1190)

* Adds JWT refresh to http example. * Fixes style
GoogleCloudPlatform · Nov 2, 2017 · 66f06fd · 66f06fd
1 parent f352ca6
commit 66f06fd
Show file tree

Hide file tree

Showing 4 changed files with 148 additions and 65 deletions.
diff --git a/iot/api-client/http_example/README.md b/iot/api-client/http_example/README.md
diff --git a/iot/api-client/http_example/README.rst b/iot/api-client/http_example/README.rst
@@ -0,0 +1,103 @@
+.. This file is automatically generated. Do not edit this file directly.
+
+Google Cloud IoT Core API Python Samples
+===============================================================================
+
+This directory contains samples for Google Cloud IoT Core API. `Google Cloud IoT Core`_ allows developers to easily integrate Publish and Subscribe functionality with devices and programmatically manage device authorization.
+The following example runs the sample using the project ID `blue-jet-123` and the device name `my-python-device`:
+
+    python cloudiot_http_example.py \
+        --registry_id=my-registry \
+        --project_id=blue-jet-123 \
+        --device_id=my-python-device \
+        --message_type=event \
+        --algorithm=RS256 \
+        --private_key_file=../rsa_private.pem
+
+
+
+
+.. _Google Cloud IoT Core API: https://cloud.google.com/iot/docs 
+
+Setup
+-------------------------------------------------------------------------------
+
+
+Install Dependencies
+++++++++++++++++++++
+
+#. Install `pip`_ and `virtualenv`_ if you do not already have them. You may want to refer to the `Python Development Environment Setup Guide`_ for Google Cloud Platform for instructions.
+
+ .. _Python Development Environment Setup Guide:
+     https://cloud.google.com/python/setup
+
+#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
+
+    .. code-block:: bash
+
+        $ virtualenv env
+        $ source env/bin/activate
+
+#. Install the dependencies needed to run the samples.
+
+    .. code-block:: bash
+
+        $ pip install -r requirements.txt
+
+.. _pip: https://pip.pypa.io/
+.. _virtualenv: https://virtualenv.pypa.io/
+
+Samples
+-------------------------------------------------------------------------------
+
+HTTP Device Client Example
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+
+
+To run this sample:
+
+.. code-block:: bash
+
+    $ python cloudiot_http_example.py
+
+    usage: cloudiot_http_example.py [-h] --project_id PROJECT_ID --registry_id
+                                    REGISTRY_ID --device_id DEVICE_ID
+                                    --private_key_file PRIVATE_KEY_FILE
+                                    --algorithm {RS256,ES256}
+                                    [--cloud_region CLOUD_REGION]
+                                    [--ca_certs CA_CERTS]
+                                    [--num_messages NUM_MESSAGES] --message_type
+                                    {event,state} [--base_url BASE_URL]
+                                    [--jwt_expires_minutes JWT_EXPIRES_MINUTES]
+    
+    Example Google Cloud IoT Core HTTP device connection code.
+    
+    optional arguments:
+      -h, --help            show this help message and exit
+      --project_id PROJECT_ID
+                            GCP cloud project name
+      --registry_id REGISTRY_ID
+                            Cloud IoT Core registry id
+      --device_id DEVICE_ID
+                            Cloud IoT Core device id
+      --private_key_file PRIVATE_KEY_FILE
+                            Path to private key file.
+      --algorithm {RS256,ES256}
+                            The encryption algorithm to use to generate the JWT.
+      --cloud_region CLOUD_REGION
+                            GCP cloud region
+      --ca_certs CA_CERTS   CA root from https://pki.google.com/roots.pem
+      --num_messages NUM_MESSAGES
+                            Number of messages to publish.
+      --message_type {event,state}
+                            Indicates whether the message to be published is a
+                            telemetry event or a device state message.
+      --base_url BASE_URL   Base URL for the Cloud IoT Core Device Service API
+      --jwt_expires_minutes JWT_EXPIRES_MINUTES
+                            Expiration time, in minutes, for JWT tokens.
+
+
+
+
+.. _Google Cloud SDK: https://cloud.google.com/sdk/
diff --git a/iot/api-client/http_example/README.rst.in b/iot/api-client/http_example/README.rst.in
@@ -0,0 +1,31 @@
+# This file is used to generate README.rst
+
+product:
+  name: Google Cloud IoT Core API
+  short_name: Cloud IoT Core
+  url: https://cloud.google.com/iot/docs
+  description: >
+    `Google Cloud IoT Core`_ allows developers to easily integrate Publish and
+    Subscribe functionality with devices and programmatically manage device
+    authorization.
+
+    The following example runs the sample using the project ID `blue-jet-123`
+    and the device name `my-python-device`:
+
+        python cloudiot_http_example.py \
+            --registry_id=my-registry \
+            --project_id=blue-jet-123 \
+            --device_id=my-python-device \
+            --message_type=event \
+            --algorithm=RS256 \
+            --private_key_file=../rsa_private.pem
+
+setup:
+- install_deps
+
+samples:
+- name: HTTP Device Client Example
+  file: cloudiot_http_example.py
+  show_help: True
+
+cloud_client_library: false
diff --git a/iot/api-client/http_example/cloudiot_http_example.py b/iot/api-client/http_example/cloudiot_http_example.py
@@ -35,21 +35,6 @@
 
 
 def create_jwt(project_id, private_key_file, algorithm):
-    """Creates a JWT (https://jwt.io) to authenticate this device.
-    Args:
-     project_id: The cloud project ID this device belongs to
-     private_key_file: A path to a file containing either an RSA256 or
-     ES256 private key.
-     algorithm: The encryption algorithm to use. Either 'RS256' or
-     'ES256'
-    Returns:
-        A JWT generated from the given project_id and private key, which
-        expires in 20 minutes. After 20 minutes, your client will be
-        disconnected, and a new JWT will have to be generated.
-    Raises:
-        ValueError: If the private_key_file does not contain a known key.
-    """
-
     token = {
             # The time the token was issued.
             'iat': datetime.datetime.utcnow(),
@@ -141,6 +126,11 @@ def parse_command_line_args():
             '--base_url',
             default=_BASE_URL,
             help=('Base URL for the Cloud IoT Core Device Service API'))
+    parser.add_argument(
+            '--jwt_expires_minutes',
+            default=20,
+            type=int,
+            help=('Expiration time, in minutes, for JWT tokens.'))
 
     return parser.parse_args()
 
@@ -150,9 +140,18 @@ def main():
 
     jwt_token = create_jwt(
             args.project_id, args.private_key_file, args.algorithm)
+    jwt_iat = datetime.datetime.utcnow()
+    jwt_exp_mins = args.jwt_expires_minutes
 
     # Publish num_messages mesages to the HTTP bridge once per second.
     for i in range(1, args.num_messages + 1):
+        seconds_since_issue = (datetime.datetime.utcnow() - jwt_iat).seconds
+        if seconds_since_issue > 60 * jwt_exp_mins:
+            print('Refreshing token after {}s').format(seconds_since_issue)
+            jwt_token = create_jwt(
+                    args.project_id, args.private_key_file, args.algorithm)
+            jwt_iat = datetime.datetime.utcnow()
+
         payload = '{}/{}-payload-{}'.format(
                 args.registry_id, args.device_id, i)