Coder Social home page Coder Social logo

nordicsemiconductor / asset-tracker-cloud-memfault-azure-js Goto Github PK

View Code? Open in Web Editor NEW
0.0 3.0 0.0 1.83 MB

Memfault integration for Azure IoT Hub developed in TypeScript.

Home Page: https://docs.nordicsemi.com/bundle/nrf-asset-tracker-saga/

License: BSD 3-Clause "New" or "Revised" License

TypeScript 81.05% JavaScript 0.61% Bicep 18.34%
nrf-asset-tracker iot memfault azure arm

asset-tracker-cloud-memfault-azure-js's Introduction

Note

This repository has been archived, because it is considered feature-complete. ✔️

Memfault integration for Azure IoT Hub

GitHub Actions semantic-release Renovate @commitlint/config-conventional code style: prettier ESLint: TypeScript

Memfault integration for Azure IoT Hub developed in TypeScript.

Device information

Meta information about devices is populated by cloud when devices report their values

  • board type (hardware_version) is inferred cloud side from dev.v.brdV Thing shadow property.
  • nickname is inferred from the user's name setting for the device using the name Thing attribute.

Chunks

The Memfault SDK packages the data from all modules in chunks. They are received via MQTT and forwared to the Memfault chunks API.

Memfault embeds offset information in each chunk so they can re-assemble data that arrives out of order, so there is no need to buffer the chunks on the cloudside.

Devices publish the chunks via MQTT to a configurable topic. Right now the asset_tracker_v2 uses <deviceId>/memfault/<Memfault project key>, however deviceId and Memfault project key are superfluous because they can be inferred on the cloud side from the MQTT connection.

To support devices publishing to a MQTT topic named memfault directly, the Memfault project key needed for chunks API is stored on the cloud side in an SSM parameter.

This also allows for changing the project key on the fly if needed without needing deploy a new firmware to devices. However, note that the project key is not a secret and does not need rotation.

It is also useful to have the Memfault project key on the device to directly publish to the Memfault HTTP API to be able to debug problems with the MQTT connections.

This can however also be solved by setting up an API endpoint the accepts requests signed with JWT tokens created using the devices keypair. This would allow to remove the Memfault project key entirely from the firmware. Right now however this is not supported in nRF Connect SDK. Please reach out if you would like to see this feature.

Installation in your Azure account

Install dependencies

npm ci

Setup

Export these environment variables for the Memfault integration stack:

export STORAGE_ACCOUNT_NAME=...

Export these environment variables from your nRF Asset Tracker for Azure deployment:

export RESOURCE_GROUP=...
export APP_NAME=...
export KEY_VAULT_NAME=...

Deploy

Note
This adds the Memfault integration to the existing nRF Asset Tracker for Azure resources.

az deployment group create \
--mode Incremental \
--name memfault-integration-deployment \
--resource-group ${RESOURCE_GROUP:-nrfassettracker} \
--template-file memfault-integration.bicep \
--parameters \
    appName=${APP_NAME:-nrfassettracker} \
    keyVaultName=${KEY_VAULT_NAME:-assetTracker} \
    storageAccountName=${STORAGE_ACCOUNT_NAME:-nrfassettrackermemfault}

# Deploy the function app
npx tsc
npx tsx scripts/pack-app.ts
az functionapp deployment source config-zip -g ${RESOURCE_GROUP:-nrfassettracker} -n ${APP_NAME:-nrfassettracker}-memfault-integration --src dist/functionapp.zip

Configure memfault settings

You can retrieve the project settings from the settings page of the Memfault dashboard of your organization.

az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultProjectKey --value my-projectKey
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultOrganization --value my-org
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultProject --value my-project

The organization auth token can be accessed and managed by Administrators at Admin → Organization Auth Tokens in the Memfault UI.

az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultAuthToken --value my-authToken

End-to-end tests

Set up the mock API

# Create a new resource group
az group create -n ${MOCK_API_RESOURCE_GROUP:-memfault-mock-api} -l ${LOCATION:-northeurope}

# Create the resources
az deployment group create \
--mode Complete \
--name manual-deployment \
--resource-group ${MOCK_API_RESOURCE_GROUP:-memfault-mock-api} \
--template-file mock-http-api.bicep \
--parameters \
    storageAccountName=${MOCK_API_STORAGE_ACCOUNT_NAME:-memfaultmockapi} \
    appName=${MOCK_API_APP_NAME}

# Deploy the function app
export MOCK_HTTP_API_ENDPOINT=`az functionapp show -g ${MOCK_API_RESOURCE_GROUP:-memfault-mock-api} -n ${MOCK_API_APP_NAME} | jq -r '.defaultHostName'`
echo $MOCK_HTTP_API_ENDPOINT
npx tsc
npx tsx scripts/pack-mock-http-api-app.ts
az functionapp deployment source config-zip -g ${MOCK_API_RESOURCE_GROUP:-memfault-mock-api} -n ${MOCK_API_APP_NAME} --src dist/mock-http-api.zip

# Configure Memfault Key value parameters
USER_OBJECT_ID=`az ad signed-in-user show --query id -o tsv`
# Assign 'Key Vault Secrets Officer' permission
az role assignment create --role b86a8fe4-44ce-4948-aee5-eccb2c155cd7 \
        --assignee ${USER_OBJECT_ID} \
        --scope /subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP:-memfault}/providers/Microsoft.KeyVault/vaults/${KEY_VAULT_NAME:-assetTracker}

az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultProjectKey --value my-projectKey
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultOrganization --value my-org
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultProject --value my-project
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultAuthToken --value my-authToken
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultApiEndpoint --value "https://${MOCK_HTTP_API_ENDPOINT}/api/api.memfault.com/"
az keyvault secret set --vault-name ${KEY_VAULT_NAME:-assetTracker} --name memfaultChunksEndpoint --value "https://${MOCK_HTTP_API_ENDPOINT}/api/chunks.memfault.com/"

# Observe Mock API logs
az webapp log tail --resource-group ${MOCK_API_RESOURCE_GROUP:-memfault-mock-api} --name ${MOCK_API_APP_NAME}

# Observe integration logs
az webapp log tail --resource-group ${RESOURCE_GROUP:-nrfassettracker} --name ${APP_NAME:-nrfassettracker}-memfault-integration

# Run the end-to-end tests
npm run test:e2e

Continuous Integration

In order to continuously test this solution, authenticate GitHub Actions by follow the instructions to Configure a service principal with a Federated Credential to use OIDC based authentication. Use https://nrfassettracker.invalid/memfault-ci as the name.

From the command line this can be achieved using:

# Create application
az ad app create --display-name 'https://nrfassettracker.invalid/memfault-ci'
export APPLICATION_OBJECT_ID=`az ad app list | jq -r '.[] | select(.displayName=="https://nrfassettracker.invalid/memfault-ci") | .id' | tr -d '\n'`
# Create federated credentials
az rest --method POST --uri "https://graph.microsoft.com/beta/applications/${APPLICATION_OBJECT_ID}/federatedIdentityCredentials" --body '{"name":"GitHubActions","issuer":"https://token.actions.githubusercontent.com","subject":"repo:NordicSemiconductor/asset-tracker-cloud-memfault-azure-js:environment:ci","description":"Allow GitHub Actions to modify Azure resources","audiences":["api://AzureADTokenExchange"]}'
# Grant the application Owner permissions for subscription
export AZURE_CLIENT_ID=`az ad app list --display-name 'https://nrfassettracker.invalid/memfault-ci' | jq -r '.[].appId'`
export AZURE_SUBSCRIPTION_ID=`az account show | jq -r '.id'`
az ad sp create --id $AZURE_CLIENT_ID
az role assignment create --role Owner \
         --assignee ${AZURE_CLIENT_ID} \
         --scope /subscriptions/${AZURE_SUBSCRIPTION_ID}

Make sure to use the organization and repository name of your fork instead of NordicSemiconductor/asset-tracker-cloud-memfault-azure-js in the command above.

Then,

  1. Store the application (client) ID of the service principal app registration created in step in the above step as a GitHub Actions secret 
    gh secret set AZURE_CLIENT_ID --env ci --body `az ad app list --display-name 'https://nrfassettracker.invalid/memfault-ci' | jq -r '.[].appId'`
  2. Store the directory (tenant) ID of the service principal app registration created in step in the above step as a GitHub Actions secret 
    gh secret set AZURE_TENANT_ID --env ci --body `az account show | jq -r '.tenantId'`
  3. Store the ID of the subscription which contains the resources as a GitHub Actions secret 
    gh secret set AZURE_SUBSCRIPTION_ID --env ci --body `az account show | jq -r '.id'`

asset-tracker-cloud-memfault-azure-js's People

Contributors

coderbyheart avatar lenakh97 avatar renovate-bot avatar renovate[bot] avatar

Watchers

avatar avatar avatar

asset-tracker-cloud-memfault-azure-js's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

  • WARN: Fallback to renovate.json file as a preset is deprecated, please use a default.json file instead.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • chore(deps): update dependency azure-iothub to v1.16.5
  • chore(deps): update dependency @azure/logger to v1.1.2
  • chore(deps): update azure/login action to v2
  • chore(deps): update dependency @azure/arm-appservice to v15
  • chore(deps): update dependency @commitlint/config-conventional to v19
  • chore(deps): update dependency @types/node to v20
  • chore(deps): update dependency chai to v5
  • chore(deps): update dependency tsx to v4
  • chore(deps): update resource microsoft.devices/iothubs/eventhubendpoints/consumergroups to 2023-06-30
  • chore(deps): update resource microsoft.keyvault/vaults to 2023-07-01
  • chore(deps): update resource microsoft.managedidentity/userassignedidentities to 2023-01-31
  • chore(deps): update resource microsoft.storage/storageaccounts to 2023-05-01
  • chore(deps): update resource microsoft.storage/storageaccounts/tableservices to 2023-05-01
  • chore(deps): update resource microsoft.storage/storageaccounts/tableservices/tables to 2023-05-01
  • chore(deps): update resource microsoft.web/serverfarms to 2023-12-01
  • chore(deps): update resource microsoft.web/sites to 2023-12-01
  • fix(deps): update dependency @azure/functions to v4
  • fix(deps): update dependency @azure/identity to v4
  • fix(deps): update dependency @nordicsemiconductor/from-env to v3
  • 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

bicep
memfault-integration.bicep
  • Microsoft.Devices/IotHubs 2021-07-02
  • Microsoft.Devices/iotHubs/eventhubEndpoints/ConsumerGroups 2020-03-01
  • Microsoft.Storage/storageAccounts 2019-06-01
  • Microsoft.Web/serverfarms 2022-09-01
  • Microsoft.ManagedIdentity/userAssignedIdentities 2018-11-30
  • Microsoft.Web/sites 2022-09-01
  • microsoft.insights/components 2020-02-02
  • Microsoft.KeyVault/vaults 2023-02-01
  • Microsoft.Authorization/roleAssignments 2022-04-01
mock-http-api.bicep
  • Microsoft.Storage/storageAccounts 2019-06-01
  • Microsoft.Web/serverfarms 2022-09-01
  • Microsoft.Web/sites 2022-09-01
  • microsoft.insights/components 2020-02-02
  • Microsoft.Storage/storageAccounts/tableServices 2022-09-01
  • Microsoft.Storage/storageAccounts/tableServices/tables 2022-09-01
  • Microsoft.Storage/storageAccounts/tableServices/tables 2022-09-01
test-resources.bicep
  • Microsoft.KeyVault/vaults 2023-02-01
  • Microsoft.Devices/IotHubs 2021-07-02
github-actions
.github/workflows/sync-issue-labels.yaml
  • actions/checkout v4
  • ubuntu 22.04
.github/workflows/test-and-release.yaml
  • azure/login v1
  • actions/checkout v4
  • actions/setup-node v4
  • azure/login v1
  • actions/checkout v4
  • actions/setup-node v4
  • azure/login v1
  • actions/checkout v4
  • actions/setup-node v4
  • azure/login v1
  • azure/login v1
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
  • azure/login v1
  • azure/login v1
  • actions/checkout v4
  • actions/setup-node v4
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
  • ubuntu 22.04
.github/workflows/update-repo-info.yaml
  • actions/checkout v4
  • ubuntu 22.04
npm
package.json
  • @azure/functions 3.5.1
  • @azure/identity 3.4.2
  • @azure/keyvault-secrets 4.8.0
  • @bifravst/run 1.2.0
  • @nordicsemiconductor/from-env 1.0.3
  • @azure/arm-appservice 13.0.3
  • @azure/arm-deviceprovisioningservices 5.1.0
  • @azure/arm-iothub 6.3.0
  • @azure/arm-resources-subscriptions 2.1.0
  • @azure/data-tables 13.2.2
  • @azure/logger 1.0.4
  • @bifravst/eslint-config-typescript 6.0.10
  • @bifravst/prettier-config 1.0.0
  • @commitlint/config-conventional 18.6.2
  • @nordicsemiconductor/bdd-markdown 3.5.29
  • @nordicsemiconductor/random-words 7.0.0
  • @sinclair/typebox 0.25.21
  • @swc/cli 0.3.9
  • @types/chai-subset 1.3.5
  • @types/node 18.19.17
  • azure-iot-device-mqtt 1.16.3
  • azure-iothub 1.16.4
  • chai 4.4.1
  • chai-subset 1.6.0
  • check-node-version 4.2.1
  • husky 9.0.11
  • id128 1.6.6
  • tsx 3.14.0
  • node >=20
  • npm >=10
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.