in source/lambda/iot-dr-layer/device_replication.py [0:0]
def create_thing_with_cert_and_policy(
c_iot, c_iot_primary, thing_name, thing_type_name, attrs, retries, wait):
primary_region = c_iot_primary.meta.region_name
secondary_region = c_iot.meta.region_name
logger.info(
'thing_name: {} primary_region: {} secondary_region: {}'.format(
thing_name, primary_region, secondary_region
)
)
try:
if not thing_exists(c_iot_primary, thing_name):
logger.warning(
'thing_name "{}" does not exist in primary region "{}", will not be created'.
format(thing_name, primary_region
)
)
return
logger.debug('calling create_thing: c_iot: {} c_iot_primary: {} \
thing_name: {} thing_type_name: {} attrs: {}'.
format(c_iot, c_iot_primary, thing_name, thing_type_name, attrs))
create_thing(c_iot, c_iot_primary, thing_name, thing_type_name, attrs)
principals = []
retries = retries
wait = wait
i = 1
while not principals and i <= retries:
logger.info('{}: get_thing_principals for thing_name: {}'.format(i, thing_name))
i += 1
principals = get_thing_principals(c_iot_primary, thing_name)
time.sleep(wait*i)
if not principals:
logger.error('thing_name: {}: no principals attached'.format(thing_name))
raise DeviceReplicationCreateThingException(
'no principals attached to thing_name: {}'.format(thing_name))
for principal in principals:
cert_id = principal.split('/')[-1]
logger.info(
'thing_name: {}: principal: {} cert_id: {}'.format(
thing_name, principal, cert_id
)
)
response = c_iot_primary.describe_certificate(certificateId=cert_id)
cert_arn = response['certificateDescription']['certificateArn']
cert_pem = response['certificateDescription']['certificatePem']
logger.info('thing_name: {}: cert_arn: {}'.format(thing_name, cert_arn))
cert_arn_secondary_region = cert_arn.replace(primary_region, secondary_region)
logger.info(
'thing_name: {}: cert_arn_secondary_region: {}'.format(
thing_name, cert_arn_secondary_region
)
)
if not certificate_exists(c_iot, cert_id):
logger.info('thing_name: {}: register certificate without CA'.format(thing_name))
register_cert(c_iot, cert_pem)
policies = []
retries = retries
wait = wait
i = 1
while not policies and i <= retries:
logger.info(
'thing_name: {}: {}: get_attached_policies for cert_arn: {}'.format(
thing_name, i, cert_arn
)
)
i += 1
policies = get_attached_policies(c_iot_primary, cert_arn)
time.sleep(wait*i)
if not policies:
logger.error(
'thing_name: {}: no policies attached to cert_arn: {}'.format(
thing_name, cert_arn
)
)
raise DeviceReplicationCreateThingException(
'no policies attached to cert_arn: {}'.format(cert_arn))
for policy in policies:
policy_name = policy['policyName']
logger.info('thing_name: {}: policy_name: {}'.format(thing_name, policy_name))
if not policy_exists(c_iot, policy_name):
logger.info('thing_name: {}: get_and_create_policy'.format(thing_name))
get_and_create_policy(c_iot, c_iot_primary, policy_name)
response2 = c_iot.attach_policy(
policyName=policy_name,
target=cert_arn_secondary_region
)
logger.info(
'thing_name: {}: response attach_policy: {}'.format(
thing_name, response2
)
)
response3 = c_iot.attach_thing_principal(
thingName=thing_name,
principal=cert_arn_secondary_region
)
logger.info(
'thing_name: {} response attach_thing_principal: {}'.format(
thing_name, response3
)
)
except Exception as e:
logger.error('thing_name: {}: create_thing_with_cert_and_policy: {}'.format(thing_name, e))
raise DeviceReplicationCreateThingException(e)