Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Trying to use GreengrassCoreIPCClientV2().get_thing_shadow()

0

The following code looks valid to me. But when I try to run it, inside a greengrass component, I get an incomprehensible error:

...blahblahblah eventstreamrpc.py", line 723, in _on_continuation_message raise shape awsiot.greengrasscoreipc.model.ServiceError

what? Whats' the error??? :( I dont see anything relevant in the greengrass.log to explain this either. Just lifecyclemanager.GenericExternalService: service-errored. {exitCode=1, ...."

Here's my actual code:

import os
from awsiot.greengrasscoreipc.clientv2 import GreengrassCoreIPCClientV2

THINGNAME = os.getenv("AWS_IOT_THING_NAME")
CLIENTOBJ = GreengrassCoreIPCClientV2()

def create_deviceshadow_cache():
    print("DEBUG: thingname is " + THINGNAME)
    shadow_response = CLIENTOBJ.get_thing_shadow(thing_name=THINGNAME)
    print("DEBUG: Printing shadow info: " + shadow_response.payload)

create_deviceshadow_cache()
  • MichaelDombrowski-AWS EXPERTE
    vor einem Jahr

    What is your component recipe?

    Does your component depend on the shadow manager component? It must for this to work.

Themen
Internet der Dinge (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Sprache
English
rePost-User-8804953
gefragt vor einem Jahr405 Aufrufe
1 Antwort
0
Akzeptierte Antwort

Aha. Thanks Michael. After fixing that, .. it still gives me the same error in my component log :-/ But now at least, the main greengrass.log shows me a related error.

2023-05-23T15:28:07.053Z [WARN] (Thread-7) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-
shadow. Not authorized to get shadow. {thing name=demo-device, shadow name=null}
com.aws.greengrass.authorization.exceptions.AuthorizationException: Principal com.bolthole.copyshadow is not authorized to perf
orm aws.greengrass.ShadowManager:aws.greengrass#GetThingShadow on resource $aws/things/demo-device/shadow

Which is odd, because I thought I have allowed all required perms, as shown below. Any further enlightenment you can give?

In recipe, copied more or less from AWS examples:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ShadowManager:
        'com.bolthole.copyshadow:shadow:1':
          policyDescription: 'Allows access to shadows'
          operations:
            - 'aws.greengrass#GetThingShadow'
            - 'aws.greengrass#UpdateThingShadow'
            - 'aws.greengrass#DeleteThingShadow'
          resources:
            - $aws/things/{iot:thingName}/shadow
        'com.bolthole.copyshadow:shadow:2':
          policyDescription: 'Allows access to things with shadows'
          operations:
            - 'aws.greengrass#ListNamedShadowsForThing'
          resources:
            - {iot:thingName}

And in my thing policy, I have:

    {
      "Effect": "Allow",
      "Action": "iot:GetThingShadow",
      "Resource": "*"
    }

(edit: walk through comments for final solution)

rePost-User-8804953
beantwortet vor einem Jahr
  • MichaelDombrowski-AWS EXPERTE
    vor einem Jahr

    Did you enable interpolate configuration? https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-nucleus-component.html#greengrass-nucleus-component-configuration-interpolate-component-configuration

    When you deploy, use RESET: https://github.com/aws-greengrass/aws-greengrass-nucleus/issues/1470#issuecomment-1559595709

  • rePost-User-8804953
    vor einem Jahr

    Looks like it is getting properly interpolated. Looking at effectiveConfig.yaml shows

             aws.greengrass.ShadowManager:
          com.bolthole.copyshadow:shadow:1:
            operations:
            - "aws.greengrass#GetThingShadow"
            - "aws.greengrass#UpdateThingShadow"
            - "aws.greengrass#DeleteThingShadow"
            policyDescription: "Allows access to shadows"
            resources:
            - "$aws/things/demo-device/shadow"
            - "$aws/things/demo-device/shadow/name/myNamedShadow"
  • MichaelDombrowski-AWS EXPERTE
    vor einem Jahr

    what about the second policy you had? I think you need to wrap the {iot:thingName} in quotes or else yaml will treat it as a map.

  • rePost-User-8804953
    vor einem Jahr

    HUH! there were a buncha other lines, that were NOT quoted, and used {iot:thingName}, and worked. but that one line, I guess since its not in the middle of some other string... it has to be quoted. "Interesting" feature. Thanks for that.

    Even more "interesting", is that.. given that I cut-n-pasted from AWS docs... THE AWS DOCS ARE WRONG!!!

    https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-local-shadows.html

  • rePost-User-8804953
    vor einem Jahr

    Almost working. At least I can now call the get shadow function. But now yet another underdocumented category of error. I'm trying to get the default non-named shadow. I created one in the GUI, and it got autonamed "Classic Shadow'.

    But the code I have in my first post here isnt working.

    2023-05-24T02:18:26.808Z [WARN] (Thread-7) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Shadow does not exist. {thing name=demo-device, shadow name=null}

    I thought leaving shadow name null would be the way to get default shadow, but that doesnt seem to work. Nor does shadow_name="". Same error, "Shadow does not exist"

    But I cant set the name to "Classic Shadow" either. So what am I supposed to do?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt