AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

UnauthorizedError when publishing to local MQTT

0

Hey folks,

Trying to get IPC working for custom components, and I've hit a wall.
I've configured local IPC according to the documentation (as far as I can tell), but whenever I publish to a topic I get an UnauthorizedError. I assumed that this was a misconfiguration of access control in the recipe, but I don't see any differences between my recipe and the examples. Any help would be much appreciated.

Here's the relevant bit of the recipe:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "my.custom.component:pubsub:1":
          policyDescription: "Publish access for database interface."
          operations:
            - "aws.greengrass#PublishToTopic"
          resources:
            - "*"

and here's the code that publishes:

def publish_to_topic(topic, message):
    logger.info(f"sending: {message} to {topic}")
    request = PublishToTopicRequest()
    request.topic = topic
    publish_message = PublishMessage()
    publish_message.binary_message = BinaryMessage()
    publish_message.binary_message.message = bytes(dumps(message), "utf-8")
    request.publish_message = publish_message
    operation = ipc_client.new_publish_to_topic()
    operation.activate(request)
    future = operation.get_response()
    try:
        future.result(TIMEOUT)
        logger.info('Successfully published to topic: ' + topic)
    except concurrent.futures.TimeoutError:
        logger.error('Timeout occurred while publishing to topic: ' + topic)
    except UnauthorizedError as e:
        logger.error('Unauthorized error while publishing to topic: ' + topic)
        raise e
    except Exception as e:
        logger.error('Exception while publishing to topic: ' + topic)
        raise e

TIMEOUT = 10
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/test/topic"
message = {
    'foo': 'FOO',
    'bar': 'BAR'
}
publish_to_topic(topic, message)
주제
사물 인터넷(IoT)
태그
AWS IoT Core
언어
English
continuities
질문됨 3년 전1234회 조회
2개 답변
0
수락된 답변

Hi,
You may be running into this if you ever deployed a version of the component with a different configuration. In a recipe the "DefaultConfiguration" is only the default, so if there is existing configuration on a device then the default values will not be used. To force it to use the updated default values, you must use a RESET configuration in the deployment. See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

After performing a reset if it still does not work, then please provide the effectiveConfig.yml file from the configs directory on the device as well as the greengrass log file. The greengrass log file will print what permission you are missing.

An important thing to note is that the policy ID must be unique for the entire device. You cannot duplicate IDs within a component or even across components.

Cheers,
Michael

AWS
전문가
MichaelDombrowski-AWS
답변함 3년 전
  • rePost-User-7846458
    일 년 전

    Hey Michael,

    We are facing same issue. We have checked the effective.yml also and its also got updated with wildcard *. First we did is we have set "" in reset and in merged provided wildcard * for all topic to publish and subscribe. But still facing following error .. "Unauthorized error while subscribing to topic: device/wifiNetworkAddResponse. "

0

Yup, that was absolutely it. I'd never have found that on my own. Thanks so much!

continuities
답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠