fakecloud_iot/lib.rs
1//! AWS IoT Core (`iot`) restJson1 control-plane service for fakecloud.
2//!
3//! The full 272-operation AWS IoT Core Smithy model (SDK id `IoT`, SigV4
4//! signing name `iot`, endpoint prefix `iot`). Every operation is a RESTful
5//! `<METHOD> <@http URI>` route with path labels (e.g.
6//! `POST /things/{thingName}`, `GET /policies/{policyName}`,
7//! `PUT /jobs/{jobId}`, `POST /rules/{ruleName}`) so requests are routed by
8//! their HTTP method + `@http` URI template. The route table, per-operation
9//! HTTP bindings, model-derived input constraints, and output member shapes
10//! are all generated from the Smithy model (see `src/generated.rs`, produced
11//! by `scripts/generate-iot-tables.py`), so the registry, jobs, rules, and security control
12//! plane tracks the model exactly.
13//!
14//! **What is real.** Things, thing types, thing groups (static + dynamic),
15//! billing groups, policies (+ versions + attachments), certificates (+ CA
16//! certificates + principal attachments), jobs (+ job templates), topic rules
17//! (+ rule destinations), Device Defender security profiles / scheduled audits
18//! / audit configuration / mitigation actions / custom metrics / dimensions,
19//! provisioning templates (+ versions), domain configurations, fleet metrics,
20//! role aliases, authorizers, streams, OTA updates, packages (+ versions),
21//! certificate providers, commands, and every other modelled resource mint
22//! proper ARNs / ids, persist their attributes, echo them back on
23//! read / list with round-tripping pagination tokens, and enforce referential
24//! rules (attach / detach principals + policies, thing-group + billing-group
25//! membership). State is account-partitioned and persisted across restarts.
26//! `CreateKeysAndCertificate` / `CreateCertificateFromCsr` mint a 64-hex
27//! certificate id + ARN and a structurally-shaped PEM certificate and RSA key
28//! pair. `DescribeEndpoint` returns a deterministic account-specific endpoint
29//! for every endpoint type (`iot:Data-ATS`, `iot:CredentialProvider`,
30//! `iot:Jobs`, ...). Jobs carry a lifecycle (`QUEUED` -> `IN_PROGRESS` ->
31//! `COMPLETED`); topic rules store their SQL + actions verbatim. Input
32//! validation is model-derived: required members, string `@length`, numeric
33//! `@range`, and `@enum` constraints are enforced with IoT's declared
34//! exceptions (`ResourceNotFoundException`, `InvalidRequestException`,
35//! `ResourceAlreadyExistsException`, `DeleteConflictException`,
36//! `VersionConflictException`, ...).
37//!
38//! **Honest emulation choices (documented, not stubbed):**
39//! * There is no live MQTT broker or device connectivity. The registry / jobs
40//! / rules / security *control plane* is fully real and persisted, but no
41//! message is routed, no topic-rule action is executed against a real target
42//! (SNS / SQS / Lambda / ...), and no device ever attaches over MQTT. The
43//! data plane lives in the separate `fakecloud-iotdata` service (device
44//! shadows + retained messages).
45//! * `SearchIndex` and the aggregation queries (`GetCardinality`,
46//! `GetPercentiles`, `GetStatistics`, `GetBucketsAggregation`) run against
47//! the in-memory thing registry with a bounded query subset (a `thingName:`
48//! prefix / exact match and the wildcard `*`). Queries outside that subset
49//! return `InvalidQueryException` rather than a wrong result.
50//! * Certificates are structurally-valid PEM placeholders, not real CA-signed
51//! X.509 chains; the key pair is a shaped placeholder, not a usable private
52//! key.
53
54pub mod generated;
55pub mod persistence;
56pub mod service;
57pub mod state;
58pub mod validate;
59
60pub use service::{IotService, IOT_ACTIONS};
61pub use state::{IotData, IotSnapshot, SharedIotState, IOT_SNAPSHOT_SCHEMA_VERSION};