Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

UnauthorizedError when publishing to local MQTT

0

Hey folks,

Trying to get IPC working for custom components, and I've hit a wall.
I've configured local IPC according to the documentation (as far as I can tell), but whenever I publish to a topic I get an UnauthorizedError. I assumed that this was a misconfiguration of access control in the recipe, but I don't see any differences between my recipe and the examples. Any help would be much appreciated.

Here's the relevant bit of the recipe:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "my.custom.component:pubsub:1":
          policyDescription: "Publish access for database interface."
          operations:
            - "aws.greengrass#PublishToTopic"
          resources:
            - "*"

and here's the code that publishes:

def publish_to_topic(topic, message):
    logger.info(f"sending: {message} to {topic}")
    request = PublishToTopicRequest()
    request.topic = topic
    publish_message = PublishMessage()
    publish_message.binary_message = BinaryMessage()
    publish_message.binary_message.message = bytes(dumps(message), "utf-8")
    request.publish_message = publish_message
    operation = ipc_client.new_publish_to_topic()
    operation.activate(request)
    future = operation.get_response()
    try:
        future.result(TIMEOUT)
        logger.info('Successfully published to topic: ' + topic)
    except concurrent.futures.TimeoutError:
        logger.error('Timeout occurred while publishing to topic: ' + topic)
    except UnauthorizedError as e:
        logger.error('Unauthorized error while publishing to topic: ' + topic)
        raise e
    except Exception as e:
        logger.error('Exception while publishing to topic: ' + topic)
        raise e

TIMEOUT = 10
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/test/topic"
message = {
    'foo': 'FOO',
    'bar': 'BAR'
}
publish_to_topic(topic, message)
Argomenti
Internet delle cose (IoT)
Tag
AWS IoT Core
Lingua
English
continuities
posta 3 anni fa1234 visualizzazioni
2 Risposte
0
Risposta accettata

Hi,
You may be running into this if you ever deployed a version of the component with a different configuration. In a recipe the "DefaultConfiguration" is only the default, so if there is existing configuration on a device then the default values will not be used. To force it to use the updated default values, you must use a RESET configuration in the deployment. See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

After performing a reset if it still does not work, then please provide the effectiveConfig.yml file from the configs directory on the device as well as the greengrass log file. The greengrass log file will print what permission you are missing.

An important thing to note is that the policy ID must be unique for the entire device. You cannot duplicate IDs within a component or even across components.

Cheers,
Michael

AWS
ESPERTO
MichaelDombrowski-AWS
con risposta 3 anni fa
  • rePost-User-7846458
    un anno fa

    Hey Michael,

    We are facing same issue. We have checked the effective.yml also and its also got updated with wildcard *. First we did is we have set "" in reset and in merged provided wildcard * for all topic to publish and subscribe. But still facing following error .. "Unauthorized error while subscribing to topic: device/wifiNetworkAddResponse. "

0

Yup, that was absolutely it. I'd never have found that on my own. Thanks so much!

continuities
con risposta 3 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente