By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

UnauthorizedError when publishing to local MQTT

0

Hey folks,

Trying to get IPC working for custom components, and I've hit a wall.
I've configured local IPC according to the documentation (as far as I can tell), but whenever I publish to a topic I get an UnauthorizedError. I assumed that this was a misconfiguration of access control in the recipe, but I don't see any differences between my recipe and the examples. Any help would be much appreciated.

Here's the relevant bit of the recipe:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "my.custom.component:pubsub:1":
          policyDescription: "Publish access for database interface."
          operations:
            - "aws.greengrass#PublishToTopic"
          resources:
            - "*"

and here's the code that publishes:

def publish_to_topic(topic, message):
    logger.info(f"sending: {message} to {topic}")
    request = PublishToTopicRequest()
    request.topic = topic
    publish_message = PublishMessage()
    publish_message.binary_message = BinaryMessage()
    publish_message.binary_message.message = bytes(dumps(message), "utf-8")
    request.publish_message = publish_message
    operation = ipc_client.new_publish_to_topic()
    operation.activate(request)
    future = operation.get_response()
    try:
        future.result(TIMEOUT)
        logger.info('Successfully published to topic: ' + topic)
    except concurrent.futures.TimeoutError:
        logger.error('Timeout occurred while publishing to topic: ' + topic)
    except UnauthorizedError as e:
        logger.error('Unauthorized error while publishing to topic: ' + topic)
        raise e
    except Exception as e:
        logger.error('Exception while publishing to topic: ' + topic)
        raise e

TIMEOUT = 10
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/test/topic"
message = {
    'foo': 'FOO',
    'bar': 'BAR'
}
publish_to_topic(topic, message)
Topics
Internet of Things (IoT)
Tags
AWS IoT Core
Language
English
continuities
asked 3 years ago1180 views
2 Answers
0
Accepted Answer

Hi,
You may be running into this if you ever deployed a version of the component with a different configuration. In a recipe the "DefaultConfiguration" is only the default, so if there is existing configuration on a device then the default values will not be used. To force it to use the updated default values, you must use a RESET configuration in the deployment. See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

After performing a reset if it still does not work, then please provide the effectiveConfig.yml file from the configs directory on the device as well as the greengrass log file. The greengrass log file will print what permission you are missing.

An important thing to note is that the policy ID must be unique for the entire device. You cannot duplicate IDs within a component or even across components.

Cheers,
Michael

AWS
EXPERT
MichaelDombrowski-AWS
answered 3 years ago
  • rePost-User-7846458
    a year ago

    Hey Michael,

    We are facing same issue. We have checked the effective.yml also and its also got updated with wildcard *. First we did is we have set "" in reset and in merged provided wildcard * for all topic to publish and subscribe. But still facing following error .. "Unauthorized error while subscribing to topic: device/wifiNetworkAddResponse. "

0

Yup, that was absolutely it. I'd never have found that on my own. Thanks so much!

continuities
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content