MuranoCLI 3.0.0 → 3.0.1

data/lib/MrMurano/Webservice-Cors.rb

@@ -1,4 +1,4 @@
-# Last Modified: 2017.08.17 /coding: utf-8
+# Last Modified: 2017.08.22 /coding: utf-8
 # frozen_string_literal: true
 
 # Copyright © 2016-2017 Exosite LLC.
@@ -59,10 +59,16 @@ module MrMurano
         if !file.nil?
           data = YAML.load_file(file)
         else
-          data = $project['routes.cors']
+          file = $project['routes.cors']
           # If it is just a string, then is a file to load.
-          data = YAML.load_file(data) if data.is_a? String
+          if file.is_a? String
+            data = YAML.load_file(file)
+          else
+            data = file
+            file = %(ProjectFile['routes.cors'])
+          end
         end
+        return unless upload_item_allowed(file)
         put('', data)
       end
     end

data/lib/MrMurano/Webservice-Endpoint.rb

@@ -1,4 +1,4 @@
-# Last Modified: 2017.08.17 /coding: utf-8
+# Last Modified: 2017.08.22 /coding: utf-8
 # frozen_string_literal: true
 
 # Copyright © 2016-2017 Exosite LLC.
@@ -16,7 +16,6 @@ module MrMurano
   # …/endpoint
   module Webservice
     class Endpoint < WebserviceBase
-
       # Route Specific details on an Item
       class RouteItem < Item
         # @return [String] HTTP method for this endpoint
@@ -49,7 +48,7 @@ module MrMurano
         ret = get
         return [] unless ret.is_a?(Array)
         ret.map do |item|
-          if item[:content_type].to_s.empty? then
+          if item[:content_type].to_s.empty?
             item[:content_type] = 'application/json'
           end
           # XXX should this update the script header?
@@ -69,9 +68,9 @@ module MrMurano
 
         ret[:content_type] = 'application/json' if ret[:content_type].empty?
 
-        script = ret[:script].lines.map{|l|l.chomp}
+        script = ret[:script].lines.map(&:chomp)
 
-        aheader = (script.first or "")
+        aheader = (script.first || '')
 
         rh = ['--#ENDPOINT', ret[:method].upcase, ret[:path]]
         rh << ret[:content_type] if ret[:content_type] != 'application/json'
@@ -81,19 +80,21 @@ module MrMurano
         # If header is wrong, replace it.
 
         md = @match_header.match(aheader)
-        if md.nil? then
+        if md.nil?
           # header missing.
           script.unshift rheader
-        elsif md[:method] != ret[:method] or
-          md[:path] != ret[:path] or
-          md[:ctype] != ret[:content_type] then
+        elsif (
+          md[:method] != ret[:method] ||
+          md[:path] != ret[:path] ||
+          md[:ctype] != ret[:content_type]
+        )
           # header is wrong.
           script[0] = rheader
         end
         # otherwise current header is good.
 
         script = script.join("\n") + "\n"
-        if block_given? then
+        if block_given?
           yield script
         else
           script
@@ -105,23 +106,24 @@ module MrMurano
       # @param local [Pathname] path to file to push
       # @param remote [RouteItem] of method and endpoint path
       # @param modify [Boolean] True if item exists already and this is changing it
-      def upload(local, remote, modify)
-        local = Pathname.new(local) unless local.kind_of? Pathname
-        raise "no file" unless local.exist?
+      def upload(local, remote, _modify)
+        local = Pathname.new(local) unless local.is_a? Pathname
+        raise 'no file' unless local.exist?
         # we assume these are small enough to slurp.
-        if remote.script.nil? then
+        if remote.script.nil?
           script = local.read
           remote[:script] = script
         end
         limitkeys = [:method, :path, :script, :content_type, @itemkey]
-        remote = remote.to_h.select{|k,v| limitkeys.include? k }
-        #      post('', remote)
-        if remote.has_key? @itemkey then
+        remote = remote.to_h.select { |k, _v| limitkeys.include? k }
+        if remote.key? @itemkey
+          return unless upload_item_allowed(remote[@itemkey])
           put('/' + remote[@itemkey], remote) do |request, http|
             response = http.request(request)
             case response
             when Net::HTTPSuccess
               #return JSON.parse(response.body)
+              return
             when Net::HTTPNotFound
               verbose "\tDoesn't exist, creating"
               post('/', remote)
@@ -131,6 +133,8 @@ module MrMurano
           end
         else
           verbose "\tNo itemkey, creating"
+          #return unless upload_item_allowed(remote)
+          return unless upload_item_allowed(local)
           post('', remote)
         end
       end
@@ -138,29 +142,31 @@ module MrMurano
       ##
       # Delete an endpoint
       def remove(id)
+        return unless remove_item_allowed(id)
         delete('/' + id.to_s)
       end
 
-      def tolocalname(item, key)
+      def tolocalname(item, _key)
         name = ''
         # 2017-07-02: Changing shovel operator << to +=
         # to support Ruby 3.0 frozen string literals.
-        name += item[:path].split('/').reject { |i| i.empty? }.join('-')
+        name += item[:path].split('/').reject(&:empty?).join('-')
         name += '.'
         # This downcase is just for the filename.
         name += item[:method].downcase
         name += '.lua'
+        name
       end
 
-      def to_remote_item(from, path)
+      def to_remote_item(_from, path)
         # Path could be have multiple endpoints in side, so a loop.
         items = []
-        path = Pathname.new(path) unless path.kind_of? Pathname
+        path = Pathname.new(path) unless path.is_a? Pathname
         cur = nil
         lineno = 0
-        path.readlines().each do |line|
+        path.readlines.each do |line|
           md = @match_header.match(line)
-          if not md.nil? then
+          if !md.nil?
             # header line.
             cur[:line_end] = lineno unless cur.nil?
             items << cur unless cur.nil?
@@ -181,12 +187,12 @@ module MrMurano
               #method: md[:method],
               method: md[:method].upcase,
               path: md[:path],
-              content_type: (md[:ctype] or 'application/json'),
+              content_type: (md[:ctype] || 'application/json'),
               local_path: path,
               line: lineno,
               script: up_line,
             )
-          elsif not cur.nil? and not cur[:script].nil? then
+          elsif !cur.nil? && !cur[:script].nil?
             # 2017-07-02: Frozen string literal: change << to +=
             cur[:script] += line
           end
@@ -204,27 +210,27 @@ module MrMurano
         return false if md.nil?
         debug "match pattern: '#{md[:method]}' '#{md[:path]}'"
 
-        unless md[:method].empty? then
+        unless md[:method].empty?
           return false unless item[:method].casecmp(md[:method]).zero?
         end
 
         return true if md[:path].empty?
 
-        ::File.fnmatch(md[:path],item[:path])
+        ::File.fnmatch(md[:path], item[:path])
       end
 
       def synckey(item)
         "#{item[:method].upcase}_#{item[:path]}"
       end
 
-      def docmp(itemA, itemB)
-        if itemA[:script].nil? and itemA[:local_path] then
-          itemA[:script] = itemA[:local_path].read
+      def docmp(item_a, item_b)
+        if item_a[:script].nil? && item_a[:local_path]
+          item_a[:script] = item_a[:local_path].read
         end
-        if itemB[:script].nil? and itemB[:local_path] then
-          itemB[:script] = itemB[:local_path].read
+        if item_b[:script].nil? && item_b[:local_path]
+          item_b[:script] = item_b[:local_path].read
         end
-        return (itemA[:script] != itemB[:script] or itemA[:content_type] != itemB[:content_type])
+        (item_a[:script] != item_b[:script] || item_a[:content_type] != item_b[:content_type])
       end
     end
 

data/lib/MrMurano/Webservice-File.rb

@@ -1,5 +1,12 @@
+# Last Modified: 2017.08.22 /coding: utf-8
+# frozen_string_literal: true
+
+# Copyright © 2016-2017 Exosite LLC.
+# License: MIT. See LICENSE.txt.
+#  vim:tw=0:ts=2:sw=2:et:ai
+
 require 'digest/sha1'
-require "http/form_data"
+require 'http/form_data'
 require 'mime/types'
 require 'net/http'
 require 'uri'
@@ -50,12 +57,12 @@ module MrMurano
       # Get one item of the static content.
       def fetch(path, &block)
         path = path[1..-1] if path[0] == '/'
-        path = '/'+ URI.encode_www_form_component(path)
+        path = '/' + URI.encode_www_form_component(path)
         get(path) do |request, http|
           http.request(request) do |resp|
             case resp
             when Net::HTTPSuccess
-              if block_given? then
+              if block_given?
                 resp.read_body(&block)
               else
                 resp.read_body do |chunk|
@@ -75,15 +82,14 @@ module MrMurano
       # @param path [String] The identifying key for this item
       def remove(path)
         path = path[1..-1] if path[0] == '/'
+        return unless remove_item_allowed(path)
         delete('/' + URI.encode_www_form_component(path))
       end
 
       def curldebug(request)
         # The upload will get printed out inside of upload.
         # Because we don't have the correct info here.
-        if request.method != 'PUT' then
-          super(request)
-        end
+        super(request) if request.method != 'PUT'
       end
 
       ##
@@ -91,8 +97,8 @@ module MrMurano
       # @param src [Pathname] Full path of where to upload from
       # @param item [Hash] The item details to upload
       # @param modify [Boolean] True if item exists already and this is changing it
-      def upload(local, remote, modify)
-        local = Pathname.new(local) unless local.kind_of? Pathname
+      def upload(local, remote, _modify)
+        local = Pathname.new(local) unless local.is_a? Pathname
 
         path = remote[:path]
         path = path[1..-1] if path[0] == '/'
@@ -110,22 +116,25 @@ module MrMurano
         # Most of these pull into ram.  So maybe just go with that. Would guess that
         # truely large static content is rare, and we can optimize/fix that later.
 
-        file = HTTP::FormData::File.new(local.to_s, { content_type: remote[:mime_type] })
+        file = HTTP::FormData::File.new(local.to_s, content_type: remote[:mime_type])
         form = HTTP::FormData.create(file: file)
         req = Net::HTTP::Put.new(uri)
-        set_def_headers(req)
+        add_headers(req)
+
+        return unless upload_item_allowed(remote[@itemkey])
+
         workit(req) do |request, http|
           request.content_type = form.content_type
           request.content_length = form.content_length
           request.body = form.to_s
 
-          if $cfg['tool.curldebug'] then
+          if $cfg['tool.curldebug']
             a = []
-            a << %{curl -s -H 'Authorization: #{request['authorization']}'}
-            a << %{-H 'User-Agent: #{request['User-Agent']}'}
-            a << %{-X #{request.method}}
-            a << %{'#{request.uri.to_s}'}
-            a << %{-F file=@#{local.to_s}}
+            a << %(curl -s -H 'Authorization: #{request['authorization']}')
+            a << %(-H 'User-Agent: #{request['User-Agent']}')
+            a << %(-X #{request.method})
+            a << %('#{request.uri}')
+            a << %(-F file=@#{local})
             if $cfg.curlfile_f.nil?
               puts a.join(' ')
             else
@@ -156,20 +165,22 @@ module MrMurano
         name = '/' if name == $cfg['files.default_page']
         name = "/#{name}" unless name.chars.first == '/'
 
-        mime = MIME::Types.type_for(path.to_s)[0] || MIME::Types["application/octet-stream"][0]
+        mime = MIME::Types.type_for(path.to_s)[0] || MIME::Types['application/octet-stream'][0]
 
         # It does not actually take the SHA1 of the file.
         # It first converts the file to hex, then takes the SHA1 of that string
         #sha1 = Digest::SHA1.file(path.to_s).hexdigest
         sha1 = Digest::SHA1.new
         path.open('rb:ASCII-8BIT') do |io|
-          while chunk = io.read(1048576) do
+          # rubocop:disable Lint/AssignmentInCondition
+          # "Assignment in condition - you probably meant to use ==."
+          while chunk = io.read(1_048_576)
             sha1 << Digest.hexencode(chunk)
           end
         end
         debug "Checking #{name} (#{mime.simplified} #{sha1.hexdigest})"
 
-        FileItem.new(:path=>name, :mime_type=>mime.simplified, :checksum=>sha1.hexdigest)
+        FileItem.new(path: name, mime_type: mime.simplified, checksum: sha1.hexdigest)
       end
 
       # @param item [FileItem] The item to get a key from
@@ -179,11 +190,11 @@ module MrMurano
       end
 
       # Compare items.
-      # @param itemA [FileItem]
-      # @param itemB [FileItem]
-      def docmp(itemA, itemB)
-        return (itemA[:mime_type] != itemB[:mime_type] or
-          itemA[:checksum] != itemB[:checksum])
+      # @param item_a [FileItem]
+      # @param item_b [FileItem]
+      def docmp(item_a, item_b)
+        (item_a[:mime_type] != item_b[:mime_type] ||
+        item_a[:checksum] != item_b[:checksum])
       end
     end
 

data/lib/MrMurano/commands/business.rb

@@ -1,4 +1,4 @@
-# Last Modified: 2017.08.17 /coding: utf-8
+# Last Modified: 2017.08.23 /coding: utf-8
 # frozen_string_literal: true
 
 # Copyright © 2016-2017 Exosite LLC.
@@ -10,7 +10,7 @@ require 'MrMurano/Account'
 require 'MrMurano/Business'
 require 'MrMurano/ReCommander'
 
-MSG_BUSINESSES_NONE_FOUND = 'No businesses found' if !defined? MSG_BUSINESSES_NONE_FOUND
+MSG_BUSINESSES_NONE_FOUND = 'No businesses found' unless defined? MSG_BUSINESSES_NONE_FOUND
 
 # *** Base business command help.
 # -------------------------------
@@ -22,9 +22,10 @@ command :business do |c|
 Commands for working with businesses.
   ).strip
   c.project_not_required = true
+  c.subcmdgrouphelp = true
 
   c.action do |_args, _options|
-    ::Commander::UI.enable_paging
+    ::Commander::UI.enable_paging unless $cfg['tool.no-page']
     say MrMurano::SubCmdGroupHelp.new(c).get_help
   end
 end
@@ -49,19 +50,17 @@ def cmd_options_add_id_and_name(c)
 end
 
 def cmd_defaults_id_and_name(options)
-  if !options.id.nil? && !options.name.nil?
-    MrMurano::Verbose.error('Please only --id or --name but not both')
-    exit 1
-  end
+  return if options.id.nil? || options.name.nil?
+  MrMurano::Verbose.error('Please specify only --id or --name but not both')
+  exit 1
 end
 
 def cmd_verify_args_and_id_or_name!(args, options)
-  if !args.any? && (options.id || options.name)
-    MrMurano::Verbose.warning(
-      'The --id and --name options only apply when specifying a business name or ID.'
-    )
-    exit 1
-  end
+  return unless args.none? && (options.id || options.name)
+  MrMurano::Verbose.warning(
+    'The --id and --name options only apply when specifying a business name or ID.'
+  )
+  exit 1
 end
 
 def cmd_option_business_pickers(c)
@@ -123,7 +122,7 @@ Find business by name or ID.
   c.action do |args, options|
     # SKIP: c.verify_arg_count!(args)
     cmd_defaults_id_and_name(options)
-    if !args.any? && !any_business_pickers?(options)
+    if args.none? && !any_business_pickers?(options)
       MrMurano::Verbose.error('What would you like to find?')
       exit 1
     end
@@ -149,9 +148,9 @@ def business_find_or_ask!(acc, options)
     biz = businesses_ask_which(acc) if biz.nil?
   end
 
-  match_bid = $cfg.set('business.id', nil, :internal)
-  match_name = $cfg.set('business.name', nil, :internal)
-  match_fuzzy = $cfg.set('business.fuzzy', nil, :internal)
+  $cfg.set('business.id', nil, :internal)
+  $cfg.set('business.name', nil, :internal)
+  $cfg.set('business.fuzzy', nil, :internal)
 
   biz
 end
@@ -186,7 +185,8 @@ def business_from_config
     if biz.valid?
       say("Found Business #{biz.pretty_name_and_id}")
     else
-      say("Could not find Business ‘#{biz.bid}’ referenced in the config")
+      biz_bid = MrMurano::Verbose.fancy_ticks(biz.bid)
+      say("Could not find Business #{biz_bid} referenced in the config")
     end
     puts('')
   end

data/lib/MrMurano/commands/content.rb

@@ -1,4 +1,4 @@
-# Last Modified: 2017.08.16 /coding: utf-8
+# Last Modified: 2017.08.22 /coding: utf-8
 # frozen_string_literal: true
 
 # Copyright © 2016-2017 Exosite LLC.
@@ -17,9 +17,10 @@ This set of commands let you interact with the content area for a product.
 This is where OTA data can be stored so that devices can easily download it.
   ).strip
   c.project_not_required = true
+  c.subcmdgrouphelp = true
 
   c.action do |_args, _options|
-    ::Commander::UI.enable_paging
+    ::Commander::UI.enable_paging unless $cfg['tool.no-page']
     say MrMurano::SubCmdGroupHelp.new(c).get_help
   end
 end

data/lib/MrMurano/commands/devices.rb

@@ -1,23 +1,25 @@
-# Last Modified: 2017.08.16 /coding: utf-8
+# Last Modified: 2017.08.23 /coding: utf-8
 # frozen_string_literal: true
 
 # Copyright © 2016-2017 Exosite LLC.
 # License: MIT. See LICENSE.txt.
 #  vim:tw=0:ts=2:sw=2:et:ai
 
+require 'date'
 require 'MrMurano/Gateway'
 require 'MrMurano/ReCommander'
 
-command 'device' do |c|
+command :device do |c|
   c.syntax = %(murano device)
   c.summary = %(Interact with a device)
   c.description = %(
 Interact with a device.
   ).strip
   c.project_not_required = true
+  c.subcmdgrouphelp = true
 
   c.action do |_args, _options|
-    ::Commander::UI.enable_paging
+    ::Commander::UI.enable_paging unless $cfg['tool.no-page']
     say MrMurano::SubCmdGroupHelp.new(c).get_help
   end
 end
@@ -90,7 +92,7 @@ end
 alias_command 'devices list', 'device list'
 
 command 'device read' do |c|
-  c.syntax = %(murano device read <identifier> (<alias>...))
+  c.syntax = %(murano device read <identifier> [<alias>...] [--options])
   c.summary = %(Read state of a device)
   c.description = %(
 Read state of a device.
@@ -101,7 +103,7 @@ This reads the latest state values for the resources in a device.
   c.option '-o', '--output FILE', %(Download to file instead of STDOUT)
 
   c.action do |args, options|
-    c.verify_arg_count!(args, nil, ['Identifier missing'])
+    c.verify_arg_count!(args, nil, ['Missing device identifier'])
 
     prd = MrMurano::Gateway::Device.new
 
@@ -142,7 +144,7 @@ If an alias is not settable, this will fail.
   ).strip
 
   c.action do |args, _options|
-    c.verify_arg_count!(args, nil, ['Identifier missing'])
+    c.verify_arg_count!(args, nil, ['Missing device identifier'])
 
     resources = (MrMurano::Gateway::GweBase.new.info || {})[:resources]
 
@@ -174,45 +176,108 @@ If an alias is not settable, this will fail.
 end
 
 command 'device enable' do |c|
-  c.syntax = %(murano device enable [<identifier>|--file <identifiers>])
-  c.summary = %(Enable an Identifier; Creates device in Murano)
+  c.syntax = %(murano device enable (<identifier>|--file <path>) [--options])
+  c.summary = %(Enable Identifiers in Murano for real world devices)
   c.description = %(
-Enables Identifiers, creating the digial shadow in Murano.
+Enables Identifiers, creating devices, or digital shadows, in Murano.
   ).strip
 
+  c.option '-e', '--expire HOURS', %(Devices that do not activate within HOURS hours will be deleted for security purposes)
   c.option '-f', '--file FILE', %(A file of serial numbers, one per line)
-  c.option '--key FILE', %(Public TLS key for this device)
+  c.option '--key FILE', %(Path to file containing public TLS key for this device)
+  allowed_types = MrMurano::Gateway::Device::DEVICE_AUTH_TYPES.map(&:to_s).sort
+  c.option '--auth TYPE', %(Type of credential used to authenticate [#{allowed_types.join('|')}])
+  c.option '--cred KEY', %(The credential used to authenticate, e.g., token, password, etc.)
 
   c.action do |args, options|
-    # SKIP: c.verify_arg_count!(args)
+    c.verify_arg_count!(args, 1)
+
     prd = MrMurano::Gateway::Device.new
-    if !options.file.nil? && !options.key.nil?
-      prd.error %(Cannot use both --file and --key)
+
+    if args.count.zero? && options.file.to_s.empty?
+      prd.error 'Missing device identifier or --file'
       exit 1
+    elsif !args.count.zero? && !options.file.to_s.empty?
+      prd.error 'Please specify an identifier or --file but not both'
+      exit 1
+    end
+
+    if !options.file.nil? && (!options.key.nil? || !options.auth.nil? || !options.cred.nil?)
+      prd.error %(Cannot use --file with any of: --key, --auth, or --cred)
+      exit 1
+    end
+    if !options.key.nil? && !options.cred.nil?
+      prd.error %(Please use either --cred or --key but not both)
+      exit 1
+    end
+    if options.auth.nil? ^ options.cred.nil?
+      prd.error %(Please specify both --auth and --cred or neither)
+      exit 1
+    end
+    options.auth = options.auth.to_sym unless options.auth.nil?
+    unless options.key.nil?
+      if !options.auth.nil? && options.auth != :certificate
+        prd.warning %(You probably mean to use "--auth certificate" with --key)
+      else
+        options.auth = :certificate
+      end
     end
-    if options.file
+
+    unless options.expire.nil?
+      unless options.expire =~ /^[0-9]+$/
+        prd.error %(The --expire value is not a number of hours: #{prd.fancy_ticks(options.expire)})
+        exit 1
+      end
+      # The platform expects the expiration time to be an integer
+      # representing microseconds since the epoch, e.g.,
+      #    hours * mins/hour * secs/min * msec/sec * μsec/msec
+      # or hours * 60        * 60       * 1000     * 1000
+      micros_since_epoch = DateTime.now.strftime('%Q').to_i * 1000
+      mircos_until_purge = options.expire.to_i * 60 * 60 * 1000 * 1000
+      options.expire = micros_since_epoch + mircos_until_purge
+    end
+
+    unless options.auth.nil?
+      options.auth = options.auth.to_sym
+      unless MrMurano::Gateway::Device.DEVICE_AUTH_TYPES.include?(options.auth)
+        MrMurano::Verbose.error("unrecognized --auth: #{options.auth}")
+        exit 1
+      end
+    end
+
+    if !options.file.to_s.empty?
       # Check file for headers.
-      header = File.new(options.file).gets
+      begin
+        header = File.new(options.file).gets
+      rescue Errno::ENOENT => err
+        prd.error %(Unable to open file #{prd.fancy_ticks(options.file)}: #{err.message})
+        exit 2
+      end
       if header.nil?
         prd.error 'Nothing in file!'
         exit 1
       end
       unless header =~ /\s*ID\s*(,SSL Client Certificate\s*)?/
-        prd.error "Missing column headers in file \"#{options.file}\""
+        prd.error %(Missing column headers in file "#{options.file}")
         prd.error %(First line in file should be either "ID" or "ID, SSL Client Certificate")
         exit 2
       end
-      prd.enable_batch(options.file)
+      prd.enable_batch(options.file, options.expire)
     elsif args.count > 0
+      opts = {}
+      opts[:expire] = options.expire unless options.expire.nil?
+      opts[:type] = options.auth unless options.auth.nil?
       if options.key
         File.open(options.key, 'rb') do |io|
-          prd.enable(args[0], type: :certificate, publickey: io)
+          prd.enable(args[0], **opts, key: io)
         end
       else
-        prd.enable(args[0])
+        opts[:key] = options.cred unless options.cred.nil?
+        prd.enable(args[0], **opts)
       end
     else
-      prd.error 'Missing an Identifier to enable'
+      # Impossible path: neither args nor --file; would've exited by now.
+      raise 'Impossible'
     end
   end
 end
@@ -236,7 +301,7 @@ you cannot retrive the CIK again.
   ).strip
 
   c.action do |args, _options|
-    c.verify_arg_count!(args, nil, ['Identifier missing'])
+    c.verify_arg_count!(args, nil, ['Missing device identifier'])
     prd = MrMurano::Gateway::Device.new
     prd.outf prd.activate(args.first)
   end
@@ -250,7 +315,7 @@ Delete a device.
   ).strip
 
   c.action do |args, _options|
-    c.verify_arg_count!(args, nil, ['Identifier missing'])
+    c.verify_arg_count!(args, nil, ['Missing device identifier'])
     prd = MrMurano::Gateway::Device.new
     snid = args.shift
     ret = prd.remove(snid)
@@ -273,6 +338,53 @@ Get the URL for the HTTP-Data-API for this Project.
   end
 end
 
+command 'device lock' do |c|
+  c.syntax = %(murano device lock <identifier>)
+  c.summary = %(Lock a device, not allowing connections to it until unlocked)
+  c.description = %(
+Lock a device, not allowing connections to it until unlocked.
+  ).strip
+
+  c.action do |args, _options|
+    c.verify_arg_count!(args, 1, ['Missing device identifier'])
+    prd = MrMurano::Gateway::Device.new
+    prd.lock(args[0])
+  end
+end
+
+command 'device unlock' do |c|
+  c.syntax = %(murano device unlock <identifier>)
+  c.summary = %(Unlock a device, allowing connections to it again)
+  c.description = %(
+Unlock a device, allowing connections to it again.
+  ).strip
+
+  c.action do |args, _options|
+    c.verify_arg_count!(args, 1, ['Missing device identifier'])
+    prd = MrMurano::Gateway::Device.new
+    prd.unlock(args[0])
+  end
+end
+
+command 'device revoke' do |c|
+  c.syntax = %(murano device revoke <identifier>)
+  c.summary = %(Force device to reprovision)
+  c.description = %(
+Force device to reprovision.
+
+This will revoke the device's keys and cause it to temporarily disconnect. The will then reconnect and be provisioned with new keys.
+  ).strip
+
+  c.action do |args, _options|
+    c.verify_arg_count!(args, 1, ['Missing device identifier'])
+    prd = MrMurano::Gateway::Device.new
+    # MAYBE/2017-08-23: This command doesn't return an error if the device
+    # ID was not found, or if the keys were already revoked. Do we care?
+    # At least the lock command fails if the device ID is not found.
+    prd.revoke(args[0])
+  end
+end
+
 alias_command 'product device', 'device'
 alias_command 'product device list', 'device list'
 alias_command 'product devices list', 'device list'
@@ -283,4 +395,7 @@ alias_command 'product device enable', 'device enable'
 alias_command 'product device activate', 'device activate'
 alias_command 'product device delete', 'device delete'
 alias_command 'product device httpurl', 'device httpurl'
+alias_command 'product device lock', 'device lock'
+alias_command 'product device unlock', 'device unlock'
+alias_command 'product device revoke', 'device revoke'