All V2 SDK samples can share policies. (#128)

graebm · web-flow · commit 6e653e6c0420 · 2020-08-07T10:33:21.000-07:00
ISSUE:
Currently, the "Getting Started Kit" vended by the IoT console vends a policy that doesn't match the strings used by any V2 SDK samples. So they fail right off the bat 😢

SOLUTION:
Let's get all the V2 SDKs using the same strings, then we can create a policy to fit them all. I'd like to put wildcards in the new policy so users can toy around a little bit, but include the word "test" everywhere so they feel inclined to change it before they ship.

Also, let's get all the samples putting randomness into the client-id, since colliding IDs are a frequent source of confusion.
Also, make a default topic for pubsub samples
diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
 # AWS IoT SDK for C++ v2
+
 This document provides information about the AWS IoT device SDK for C++ V2.
 
 If you have any issues or feature requests, please file an issue or pull request.
@@ -14,27 +15,27 @@ This SDK is built on the AWS Common Runtime, a collection of libraries
 cross-platform, high-performance, secure, and reliable. The libraries are bound
 to C++ by the [aws-crt-cpp](https://github.com/awslabs/aws-crt-cpp) package.
 
-
 *__Jump To:__*
+
 * [Installation](#Installation)
 * [Samples](samples)
 * [Getting Help](#Getting-Help)
 * [Giving Feedback and Contributions](#Giving-Feedback-and-Contributions)
 * [More Resources](#More-Resources)
 
-
-
 ## Installation
 
 ### Minimum Requirements
-*   C++ 11 or higher
-*   CMake 3.1+
-*   Clang 3.9+ or GCC 4.4+ or MSVC 2015+
 
+* C++ 11 or higher
+* CMake 3.1+
+* Clang 3.9+ or GCC 4.4+ or MSVC 2015+
 
 ### Build from source
+
 #### Automatically Build and Install AWS Dependencies
-```sh
+
+``` sh
 mkdir sdk-cpp-workspace
 cd sdk-cpp-workspace
 git clone --recursive https://github.com/aws/aws-iot-device-sdk-cpp-v2.git
@@ -43,9 +44,10 @@ cd aws-iot-device-sdk-cpp-v2-build
 cmake -DCMAKE_INSTALL_PREFIX="<absolute path sdk-cpp-workspace dir>"  -DBUILD_DEPS=ON ../aws-iot-device-sdk-cpp-v2
 cmake --build . --target install
 ```
+
 #### Using a Pre-Built aws-crt-cpp (Most useful for development of this package)
 
-```sh
+``` sh
 mkdir aws-iot-device-sdk-cpp-v2-build
 cd aws-iot-device-sdk-cpp-v2-build
 cmake -DCMAKE_INSTALL_PREFIX="<absolute path sdk-cpp-workspace dir>"  -DCMAKE_PREFIX_PATH="<absolute path sdk-cpp-workspace dir>" -DBUILD_DEPS=OFF ../aws-iot-device-sdk-cpp-v2
@@ -56,51 +58,43 @@ cmake --build . --target install
 
 Please note that on Mac, once a private key is used with a certificate, that certificate-key pair is imported into the Mac Keychain.  All subsequent uses of that certificate will use the stored private key and ignore anything passed in programmatically.  Beginning in v1.7.3, when a stored private key from the Keychain is used, the following will be logged at the "info" log level:
 
-```
+``` 
 static: certificate has an existing certificate-key pair that was previously imported into the Keychain.  Using key from Keychain instead of the one provided.
 ```
 
 ## Samples
 
 [Samples README](samples)
 
-
-
 ## Getting Help
 
 Use the following sources for information :
 
-*   Check api and developer guides.
-*   Check for similar issues already opened.
+* Check api and developer guides.
+* Check for similar issues already opened.
 
 If you still can’t find a solution to your problem open an [issue](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues)
 
-
-
 ## Giving Feedback and Contributions
 
 We need your help in making this SDK great. Please participate in the community and contribute to this effort by submitting issues, participating in discussion forums and submitting pull requests through the following channels.
 
-*   [Contributions Guidelines](CONTRIBUTING.md)
-*   Articulate your feature request or upvote existing ones on our [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues?q=is%3Aissue+is%3Aopen+label%3Afeature-request) page.
-*   Submit [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues)
-
-
+* [Contributions Guidelines](CONTRIBUTING.md)
+* Articulate your feature request or upvote existing ones on our [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues?q=is%3Aissue+is%3Aopen+label%3Afeature-request) page.
+* Submit [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues)
 
 ## More Resources
 
-*   [AWS IoT Core Documentation](https://docs.aws.amazon.com/iot/)
-*   [Developer Guide](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) ([source](https://github.com/awsdocs/aws-iot-docs))
-*   [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues)
-*   [Dev Blog](https://aws.amazon.com/blogs/?awsf.blog-master-iot=category-internet-of-things%23amazon-freertos%7Ccategory-internet-of-things%23aws-greengrass%7Ccategory-internet-of-things%23aws-iot-analytics%7Ccategory-internet-of-things%23aws-iot-button%7Ccategory-internet-of-things%23aws-iot-device-defender%7Ccategory-internet-of-things%23aws-iot-device-management%7Ccategory-internet-of-things%23aws-iot-platform)
+* [AWS IoT Core Documentation](https://docs.aws.amazon.com/iot/)
+* [Developer Guide](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) ([source](https://github.com/awsdocs/aws-iot-docs))
+* [Issues](https://github.com/aws/aws-iot-device-sdk-cpp-v2/issues)
+* [Dev Blog](https://aws.amazon.com/blogs/?awsf.blog-master-iot=category-internet-of-things%23amazon-freertos%7Ccategory-internet-of-things%23aws-greengrass%7Ccategory-internet-of-things%23aws-iot-analytics%7Ccategory-internet-of-things%23aws-iot-button%7Ccategory-internet-of-things%23aws-iot-device-defender%7Ccategory-internet-of-things%23aws-iot-device-management%7Ccategory-internet-of-things%23aws-iot-platform)
 
 Integration with AWS IoT Services such as
 [Device Shadow](https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html)
 and [Jobs](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html)
 is provided by code that been generated from a model of the service.
 
-
-
 ## License
 
-This library is licensed under the [Apache 2.0 License](LICENSE). 
+This library is licensed under the [Apache 2.0 License](LICENSE).
diff --git a/samples/README.md b/samples/README.md
@@ -22,32 +22,48 @@ and receive.
 <summary>(see sample policy)</summary>
 <pre>
 {
-    "Effect": "Allow",
-    "Action": [
-        "iot:Receive",
-        "iot:Publish"
-    ],
-    "Resource": [
-        "arn:aws:iot:<your-region>:<your-id>:topic/a/b"
-    ],
-},
-{
-    "Effect": "Allow",
-    "Action": [
+  "Version": "2012-10-17",
+  "Statement": [
+
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Publish",
+        "iot:Receive"
+      ],
+      "Resource": [
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topic/test/topic"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
         "iot:Subscribe"
-    ],
-    "Resource": [
-        "arn:aws:iot:<your-region>:<your-id>:topicfilter/a/b"
-    ]
+      ],
+      "Resource": [
+        "arn:aws:iot:<b>region</b>:<b>account</b>:topicfilter/test/topic"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Connect"
+      ],
+      "Resource": [
+        "arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
+      ]
+    }
+
+  ]
 }
 </pre>
 </details>
 
 To run the basic MQTT Pub-Sub use the following command:
 
-```sh
-./basic-pub-sub --endpoint <endpoint> --ca_file <path to root CA> 
---cert <path to the certificate> --key <path to the private key> 
+``` sh
+./basic-pub-sub --endpoint <endpoint> --ca_file <path to root CA>
+--cert <path to the certificate> --key <path to the private key>
 --topic <topic name>
 ```
 
@@ -59,7 +75,6 @@ This is a starting point for using custom
 
 source: `samples/mqtt/raw_pub_sub`
 
-
 ## Fleet provisioning
 
 This sample uses the AWS IoT
@@ -70,22 +85,21 @@ On startup, the script subscribes to topics based on the request type of either
 publishes the request to corresponding topic and calls RegisterThing.
 
 Source: `samples/identity/fleet_provisioning`
-
 cd ~/aws-iot-device-sdk-cpp-v2-build/samples/identity/fleet_provisioning
 
 Run the sample like this to provision using CreateKeysAndCertificate:
- 
-```sh
-./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA> 
---cert <path to the certificate> --key <path to the private key> 
+
+``` sh
+./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA>
+--cert <path to the certificate> --key <path to the private key>
 --template_name <template name> --template_parameters <template parameters json>
 ```
 
 Run the sample like this to provision using Csr:
- 
-```sh
-./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA> 
---cert <path to the certificate> --key <path to the private key> 
+
+``` sh
+./fleet-provisioning --endpoint <endpoint> --ca_file <path to root CA>
+--cert <path to the certificate> --key <path to the private key>
 --template_name <template name> --template_parameters <template parameters json> --csr <path to the CSR in PEM format>
 ```
 
@@ -129,14 +143,13 @@ and receive.
     {
       "Effect": "Allow",
       "Action": "iot:Connect",
-      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/samples-client-id"
+      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
     }
   ]
 }
 </pre>
 </details>
 
-
 ## Shadow
 
 This sample uses the AWS IoT
@@ -170,6 +183,7 @@ and receive.
 {
   "Version": "2012-10-17",
   "Statement": [
+
     {
       "Effect": "Allow",
       "Action": [
@@ -209,8 +223,9 @@ and receive.
     {
       "Effect": "Allow",
       "Action": "iot:Connect",
-      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/samples-client-id"
+      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
     }
+
   ]
 }
 </pre>
@@ -239,6 +254,7 @@ and receive.
 {
   "Version": "2012-10-17",
   "Statement": [
+
     {
       "Effect": "Allow",
       "Action": [
@@ -278,8 +294,9 @@ and receive.
     {
       "Effect": "Allow",
       "Action": "iot:Connect",
-      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/samples-client-id"
+      "Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
     }
+
   ]
 }
 </pre>
diff --git a/samples/greengrass/basic_discovery/main.cpp b/samples/greengrass/basic_discovery/main.cpp
@@ -33,7 +33,7 @@ static void s_printHelp()
     fprintf(stdout, "ca_file: ca file to use in verifying TLS connections.\n");
     fprintf(stdout, "\tIt's the path to a CA file in PEM format\n");
     fprintf(stdout, "thing_name: the name of your IOT thing\n");
-    fprintf(stdout, "topic: targeted topic. Default is sdk/test/cpp-v2\n");
+    fprintf(stdout, "topic: targeted topic. Default is test/topic\n");
     fprintf(stdout, "mode: default both\n");
     fprintf(stdout, "message: message to publish. default 'Hello World'\n");
     fprintf(stdout, "proxy-host: proxy host to use for discovery call. Default is to not use a proxy.\n");
@@ -70,7 +70,7 @@ int main(int argc, char *argv[])
     String keyPath;
     String caFile;
     String thingName;
-    String topic("sdk/test/cpp-v2");
+    String topic("test/topic");
     String mode("both");
     String message("Hello World");
 
diff --git a/samples/identity/fleet_provisioning/main.cpp b/samples/identity/fleet_provisioning/main.cpp
@@ -99,7 +99,7 @@ int main(int argc, char *argv[])
     String certificatePath;
     String keyPath;
     String caFile;
-    String clientId(Aws::Crt::UUID().ToString());
+    String clientId(String("test-") + Aws::Crt::UUID().ToString());
     String templateName;
     String templateParameters;
     String csrFile;
@@ -242,7 +242,7 @@ int main(int argc, char *argv[])
      * Actually perform the connect dance.
      */
     fprintf(stdout, "Connecting...\n");
-    if (!connection->Connect("client_id12335456", true, 0))
+    if (!connection->Connect(clientId.c_str(), true, 0))
     {
         fprintf(stderr, "MQTT Connection failed with error %s\n", ErrorDebugString(connection->LastError()));
         exit(-1);
diff --git a/samples/jobs/describe_job_execution/main.cpp b/samples/jobs/describe_job_execution/main.cpp
@@ -69,6 +69,7 @@ int main(int argc, char *argv[])
     String certificatePath;
     String keyPath;
     String caFile;
+    String clientId(String("test-") + Aws::Crt::UUID().ToString());
     String thingName;
     String jobId;
 
@@ -200,7 +201,7 @@ int main(int argc, char *argv[])
      * Actually perform the connect dance.
      */
     fprintf(stdout, "Connecting...\n");
-    if (!connection->Connect("client_id12335456", true, 0))
+    if (!connection->Connect(clientId.c_str(), true, 0))
     {
         fprintf(stderr, "MQTT Connection failed with error %s\n", ErrorDebugString(connection->LastError()));
         exit(-1);
diff --git a/samples/mqtt/basic_pub_sub/main.cpp b/samples/mqtt/basic_pub_sub/main.cpp
@@ -23,7 +23,7 @@ static void s_printHelp()
     fprintf(
         stdout,
         "basic-pub-sub --endpoint <endpoint> --cert <path to cert>"
-        " --key <path to key> --topic --ca_file <optional: path to custom ca>"
+        " --key <path to key> --topic <topic> --ca_file <optional: path to custom ca>"
         " --use_websocket --signing_region <region> --proxy_host <host> --proxy_port <port>"
         " --x509 --x509_role_alias <role_alias> --x509_endpoint <endpoint> --x509_thing <thing_name>"
         " --x509_cert <path to cert> --x509_key <path to key> --x509_rootca <path to root ca>\n\n");
@@ -32,7 +32,7 @@ static void s_printHelp()
         stdout,
         "cert: path to your client certificate in PEM format. If this is not set you must specify use_websocket\n");
     fprintf(stdout, "key: path to your key in PEM format. If this is not set you must specify use_websocket\n");
-    fprintf(stdout, "topic: topic to publish, subscribe to.\n");
+    fprintf(stdout, "topic: topic to publish, subscribe to. (optional)\n");
     fprintf(stdout, "client_id: client id to use (optional)\n");
     fprintf(
         stdout,
@@ -91,8 +91,8 @@ int main(int argc, char *argv[])
     String certificatePath;
     String keyPath;
     String caFile;
-    String topic;
-    String clientId(Aws::Crt::UUID().ToString());
+    String topic("test/topic");
+    String clientId(String("test-") + Aws::Crt::UUID().ToString());
     String signingRegion;
     String proxyHost;
     uint16_t proxyPort(8080);
@@ -108,7 +108,7 @@ int main(int argc, char *argv[])
     bool useX509 = false;
 
     /*********************** Parse Arguments ***************************/
-    if (!(s_cmdOptionExists(argv, argv + argc, "--endpoint") && s_cmdOptionExists(argv, argv + argc, "--topic")))
+    if (!s_cmdOptionExists(argv, argv + argc, "--endpoint"))
     {
         s_printHelp();
         return 1;
@@ -132,8 +132,10 @@ int main(int argc, char *argv[])
         s_printHelp();
         return 1;
     }
-
-    topic = s_getCmdOption(argv, argv + argc, "--topic");
+    if (s_getCmdOption(argv, argv + argc, "--topic"))
+    {
+        topic = s_getCmdOption(argv, argv + argc, "--topic");
+    }
     if (s_cmdOptionExists(argv, argv + argc, "--ca_file"))
     {
         caFile = s_getCmdOption(argv, argv + argc, "--ca_file");
diff --git a/samples/mqtt/raw_pub_sub/main.cpp b/samples/mqtt/raw_pub_sub/main.cpp
diff --git a/samples/shadow/shadow_sync/main.cpp b/samples/shadow/shadow_sync/main.cpp
