Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

UnauthorizedError when publishing to local MQTT

0

Hey folks,

Trying to get IPC working for custom components, and I've hit a wall.
I've configured local IPC according to the documentation (as far as I can tell), but whenever I publish to a topic I get an UnauthorizedError. I assumed that this was a misconfiguration of access control in the recipe, but I don't see any differences between my recipe and the examples. Any help would be much appreciated.

Here's the relevant bit of the recipe:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "my.custom.component:pubsub:1":
          policyDescription: "Publish access for database interface."
          operations:
            - "aws.greengrass#PublishToTopic"
          resources:
            - "*"

and here's the code that publishes:

def publish_to_topic(topic, message):
    logger.info(f"sending: {message} to {topic}")
    request = PublishToTopicRequest()
    request.topic = topic
    publish_message = PublishMessage()
    publish_message.binary_message = BinaryMessage()
    publish_message.binary_message.message = bytes(dumps(message), "utf-8")
    request.publish_message = publish_message
    operation = ipc_client.new_publish_to_topic()
    operation.activate(request)
    future = operation.get_response()
    try:
        future.result(TIMEOUT)
        logger.info('Successfully published to topic: ' + topic)
    except concurrent.futures.TimeoutError:
        logger.error('Timeout occurred while publishing to topic: ' + topic)
    except UnauthorizedError as e:
        logger.error('Unauthorized error while publishing to topic: ' + topic)
        raise e
    except Exception as e:
        logger.error('Exception while publishing to topic: ' + topic)
        raise e

TIMEOUT = 10
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/test/topic"
message = {
    'foo': 'FOO',
    'bar': 'BAR'
}
publish_to_topic(topic, message)
Themen
Internet der Dinge (IoT)
Tags
AWS IoT Core
Sprache
English
continuities
gefragt vor 3 Jahren1234 Aufrufe
2 Antworten
0
Akzeptierte Antwort

Hi,
You may be running into this if you ever deployed a version of the component with a different configuration. In a recipe the "DefaultConfiguration" is only the default, so if there is existing configuration on a device then the default values will not be used. To force it to use the updated default values, you must use a RESET configuration in the deployment. See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

After performing a reset if it still does not work, then please provide the effectiveConfig.yml file from the configs directory on the device as well as the greengrass log file. The greengrass log file will print what permission you are missing.

An important thing to note is that the policy ID must be unique for the entire device. You cannot duplicate IDs within a component or even across components.

Cheers,
Michael

AWS
EXPERTE
MichaelDombrowski-AWS
beantwortet vor 3 Jahren
  • rePost-User-7846458
    vor einem Jahr

    Hey Michael,

    We are facing same issue. We have checked the effective.yml also and its also got updated with wildcard *. First we did is we have set "" in reset and in merged provided wildcard * for all topic to publish and subscribe. But still facing following error .. "Unauthorized error while subscribing to topic: device/wifiNetworkAddResponse. "

0

Yup, that was absolutely it. I'd never have found that on my own. Thanks so much!

continuities
beantwortet vor 3 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt