Device claiming client

api/api.md

@@ -1592,7 +1592,7 @@ PeerInfo
 
 | Field | Validations |
 | ----- | ----------- |
-| `qr_code` | <p>`bytes.min_len`: `1`</p><p>`bytes.max_len`: `1024`</p> |
+| `qr_code` | <p>`bytes.min_len`: `0`</p><p>`bytes.max_len`: `1024`</p> |
 | `target_application_ids` | <p>`message.required`: `true`</p> |
 | `target_device_id` | <p>`string.max_len`: `36`</p><p>`string.pattern`: `^[a-z0-9](?:[-]?[a-z0-9]){2,}$|^$`</p> |
 | `target_network_server_address` | <p>`string.pattern`: `^(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])(?::[0-9]{1,5})?$|^$`</p> |
@@ -1607,13 +1607,13 @@ PeerInfo
 | ----- | ---- | ----- | ----------- |
 | `join_eui` | [`bytes`](#bytes) |  |  |
 | `dev_eui` | [`bytes`](#bytes) |  |  |
-| `authentication_code` | [`bytes`](#bytes) |  |  |
+| `authentication_code` | [`string`](#string) |  |  |
 
 #### Field Rules
 
 | Field | Validations |
 | ----- | ----------- |
-| `authentication_code` | <p>`bytes.min_len`: `1`</p><p>`bytes.max_len`: `8`</p> |
+| `authentication_code` | <p>`string.pattern`: `^[A-Z0-9]{1,32}$`</p> |
 
 ### <a name="ttn.lorawan.v3.EndDeviceClaimingServer">Service `EndDeviceClaimingServer`</a>
 
@@ -1759,15 +1759,15 @@ Authentication code for end devices.
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| `value` | [`bytes`](#bytes) |  |  |
+| `value` | [`string`](#string) |  |  |
 | `valid_from` | [`google.protobuf.Timestamp`](#google.protobuf.Timestamp) |  |  |
 | `valid_to` | [`google.protobuf.Timestamp`](#google.protobuf.Timestamp) |  |  |
 
 #### Field Rules
 
 | Field | Validations |
 | ----- | ----------- |
-| `value` | <p>`bytes.min_len`: `1`</p><p>`bytes.max_len`: `8`</p> |
+| `value` | <p>`string.pattern`: `^[A-Z0-9]{1,32}$`</p> |
 
 ### <a name="ttn.lorawan.v3.EndDeviceBrand">Message `EndDeviceBrand`</a>
 

api/api.swagger.json

@@ -5919,8 +5919,7 @@
           "format": "byte"
         },
         "authentication_code": {
-          "type": "string",
-          "format": "byte"
+          "type": "string"
         }
       }
     },
@@ -8305,8 +8304,7 @@
       "type": "object",
       "properties": {
         "value": {
-          "type": "string",
-          "format": "byte"
+          "type": "string"
         },
         "valid_from": {
           "type": "string",

api/deviceclaimingserver.proto

@@ -28,11 +28,12 @@ message ClaimEndDeviceRequest {
   message AuthenticatedIdentifiers {
     bytes join_eui = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "go.thethings.network/lorawan-stack/pkg/types.EUI64", (gogoproto.customname) = "JoinEUI"];
     bytes dev_eui = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "go.thethings.network/lorawan-stack/pkg/types.EUI64", (gogoproto.customname) = "DevEUI"];
-    bytes authentication_code = 3 [(validate.rules).bytes = {min_len: 1, max_len: 8}];
+    string authentication_code = 3 [(validate.rules).string.pattern = "^[A-Z0-9]{1,32}$"];
   }
   oneof source_device {
+    option (validate.required) = true;
     AuthenticatedIdentifiers authenticated_identifiers = 1 [(gogoproto.customname) = "AuthenticatedIdentifiers"];
-    bytes qr_code = 2 [(validate.rules).bytes = {min_len: 1, max_len: 1024}, (gogoproto.customname) = "QRCode"];
+    bytes qr_code = 2 [(validate.rules).bytes = {min_len: 0, max_len: 1024}, (gogoproto.customname) = "QRCode"];
   }
 
   // Application identifiers of the target end device.

api/end_device.proto

@@ -330,7 +330,7 @@ enum PowerState {
 message EndDeviceAuthenticationCode {
   option (gogoproto.populate) = false;
 
-  bytes value = 1 [(validate.rules).bytes = {min_len: 1, max_len: 8}];
+  string value = 1 [(validate.rules).string.pattern = "^[A-Z0-9]{1,32}$"];
   google.protobuf.Timestamp valid_from = 2 [(gogoproto.stdtime) = true];
   google.protobuf.Timestamp valid_to = 3 [(gogoproto.stdtime) = true];
 }

cmd/ttn-lw-cli/commands/applications.go

@@ -44,7 +44,7 @@ func getApplicationID(flagSet *pflag.FlagSet, args []string) *ttnpb.ApplicationI
 	var applicationID string
 	if len(args) > 0 {
 		if len(args) > 1 {
-			logger.Warn("multiple IDs found in arguments, considering only the first")
+			logger.Warn("Multiple IDs found in arguments, considering only the first")
 		}
 		applicationID = args[0]
 	} else {

cmd/ttn-lw-cli/commands/applications_access.go

@@ -15,6 +15,7 @@
 package commands
 
 import (
+	"context"
 	"os"
 	"strings"
 
@@ -24,6 +25,18 @@ import (
 	"go.thethings.network/lorawan-stack/pkg/ttnpb"
 )
 
+func createApplicationAPIKey(ctx context.Context, ids ttnpb.ApplicationIdentifiers, name string, rights ...ttnpb.Right) (*ttnpb.APIKey, error) {
+	is, err := api.Dial(ctx, config.IdentityServerGRPCAddress)
+	if err != nil {
+		return nil, err
+	}
+	return ttnpb.NewApplicationAccessClient(is).CreateAPIKey(ctx, &ttnpb.CreateApplicationAPIKeyRequest{
+		ApplicationIdentifiers: ids,
+		Name:                   name,
+		Rights:                 rights,
+	})
+}
+
 var (
 	applicationRights = &cobra.Command{
 		Use:   "rights [application-id]",
@@ -191,15 +204,7 @@ var (
 				return errNoAPIKeyRights
 			}
 
-			is, err := api.Dial(ctx, config.IdentityServerGRPCAddress)
-			if err != nil {
-				return err
-			}
-			res, err := ttnpb.NewApplicationAccessClient(is).CreateAPIKey(ctx, &ttnpb.CreateApplicationAPIKeyRequest{
-				ApplicationIdentifiers: *appID,
-				Name:                   name,
-				Rights:                 rights,
-			})
+			res, err := createApplicationAPIKey(ctx, *appID, name, rights...)
 			if err != nil {
 				return err
 			}

cmd/ttn-lw-cli/commands/applications_claim.go

@@ -0,0 +1,92 @@
+// Copyright © 2019 The Things Network Foundation, The Things Industries B.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package commands
+
+import (
+	"github.com/spf13/cobra"
+	"go.thethings.network/lorawan-stack/cmd/ttn-lw-cli/internal/api"
+	"go.thethings.network/lorawan-stack/pkg/ttnpb"
+)
+
+var (
+	applicationClaim = &cobra.Command{
+		Use:   "claim",
+		Short: "Manage claim settings in applications",
+	}
+	applicationClaimAuthorize = &cobra.Command{
+		Use:   "authorize [application-id]",
+		Short: "Authorize an application for claiming (EXPERIMENTAL)",
+		Long: `Authorize an application for claiming (EXPERIMENTAL)
+
+The given API key must have devices and device keys read/write rights. If no API
+key is provided, a new API key will be created.`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			appID := getApplicationID(cmd.Flags(), args)
+			if appID == nil {
+				return errNoApplicationID
+			}
+
+			key, _ := cmd.Flags().GetString("api-key")
+			if key == "" {
+				logger.Info("Creating API key")
+				apiKey, err := createApplicationAPIKey(ctx, *appID, "Device Claiming",
+					ttnpb.RIGHT_APPLICATION_DEVICES_READ,
+					ttnpb.RIGHT_APPLICATION_DEVICES_READ_KEYS,
+					ttnpb.RIGHT_APPLICATION_DEVICES_WRITE,
+					ttnpb.RIGHT_APPLICATION_DEVICES_WRITE_KEYS,
+				)
+				if err != nil {
+					return err
+				}
+				key = apiKey.Key
+			}
+
+			dcs, err := api.Dial(ctx, config.DeviceClaimingServerGRPCAddress)
+			if err != nil {
+				return err
+			}
+			_, err = ttnpb.NewEndDeviceClaimingServerClient(dcs).AuthorizeApplication(ctx, &ttnpb.AuthorizeApplicationRequest{
+				ApplicationIdentifiers: *appID,
+				APIKey:                 key,
+			})
+			return err
+		},
+	}
+	applicationClaimUnauthorize = &cobra.Command{
+		Use:   "unauthorize [application-id]",
+		Short: "Unauthorize an application for claiming (EXPERIMENTAL)",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			appID := getApplicationID(cmd.Flags(), args)
+			if appID == nil {
+				return errNoApplicationID
+			}
+
+			dcs, err := api.Dial(ctx, config.DeviceClaimingServerGRPCAddress)
+			if err != nil {
+				return err
+			}
+			_, err = ttnpb.NewEndDeviceClaimingServerClient(dcs).UnauthorizeApplication(ctx, appID)
+			return err
+		},
+	}
+)
+
+func init() {
+	applicationClaimAuthorize.Flags().String("api-key", "", "")
+	applicationClaim.AddCommand(applicationClaimAuthorize)
+	applicationClaim.AddCommand(applicationClaimUnauthorize)
+	applicationClaim.PersistentFlags().AddFlagSet(applicationIDFlags())
+	applicationsCommand.AddCommand(applicationClaim)
+}

cmd/ttn-lw-cli/commands/applications_pubsub.go

@@ -78,7 +78,7 @@ func getApplicationPubSubID(flagSet *pflag.FlagSet, args []string) (*ttnpb.Appli
 		applicationID = args[0]
 		pubsubID = args[1]
 	default:
-		logger.Warn("multiple IDs found in arguments, considering the first")
+		logger.Warn("Multiple IDs found in arguments, considering the first")
 		applicationID = args[0]
 		pubsubID = args[1]
 	}

cmd/ttn-lw-cli/commands/applications_webhooks.go

@@ -53,7 +53,7 @@ func getApplicationWebhookID(flagSet *pflag.FlagSet, args []string) (*ttnpb.Appl
 		applicationID = args[0]
 		webhookID = args[1]
 	default:
-		logger.Warn("multiple IDs found in arguments, considering the first")
+		logger.Warn("Multiple IDs found in arguments, considering the first")
 		applicationID = args[0]
 		webhookID = args[1]
 	}

cmd/ttn-lw-cli/commands/clients.go

@@ -44,7 +44,7 @@ func getClientID(flagSet *pflag.FlagSet, args []string) *ttnpb.ClientIdentifiers
 	var clientID string
 	if len(args) > 0 {
 		if len(args) > 1 {
-			logger.Warn("multiple IDs found in arguments, considering only the first")
+			logger.Warn("Multiple IDs found in arguments, considering only the first")
 		}
 		clientID = args[0]
 	} else {

cmd/ttn-lw-cli/commands/config.go

@@ -44,6 +44,7 @@ type Config struct {
 	JoinServerEnabled                  bool   `name:"join-server-enabled" description:"Join Server enabled"`
 	JoinServerGRPCAddress              string `name:"join-server-grpc-address" description:"Join Server address"`
 	DeviceTemplateConverterGRPCAddress string `name:"device-template-converter-grpc-address" description:"Device Template Converter address"`
+	DeviceClaimingServerGRPCAddress    string `name:"device-claiming-server-grpc-address" description:"Device Claiming Server address"`
 	Insecure                           bool   `name:"insecure" description:"Connect without TLS"`
 	CA                                 string `name:"ca" description:"CA certificate file"`
 }
@@ -65,6 +66,7 @@ func (c Config) getHosts() []string {
 		hosts = append(hosts, c.JoinServerGRPCAddress)
 	}
 	hosts = append(hosts, c.DeviceTemplateConverterGRPCAddress)
+	hosts = append(hosts, c.DeviceClaimingServerGRPCAddress)
 	return getHosts(hosts...)
 }
 
@@ -88,6 +90,7 @@ var DefaultConfig = Config{
 	JoinServerEnabled:                  true,
 	JoinServerGRPCAddress:              clusterGRPCAddress,
 	DeviceTemplateConverterGRPCAddress: clusterGRPCAddress,
+	DeviceClaimingServerGRPCAddress:    clusterGRPCAddress,
 }
 
 var configCommand = commands.Config(mgr)

cmd/ttn-lw-cli/commands/end_device_templates.go

@@ -53,7 +53,7 @@ func getTemplateFormatID(flagSet *pflag.FlagSet, args []string) string {
 	var formatID string
 	if len(args) > 0 {
 		if len(args) > 1 {
-			logger.Warn("multiple IDs found in arguments, considering only the first")
+			logger.Warn("Multiple IDs found in arguments, considering only the first")
 		}
 		formatID = args[0]
 	} else {
@@ -218,7 +218,7 @@ This command takes end device templates from stdin.`,
 				joinEUIHex = args[0]
 				startDevEUIHex = args[1]
 			default:
-				logger.Warn("multiple EUIs found in arguments, considering the first")
+				logger.Warn("Multiple EUIs found in arguments, considering the first")
 				joinEUIHex = args[0]
 				startDevEUIHex = args[1]
 			}