Read permission error after MQTT Moquette Broker restarts with active client connection (Windows)

Our client's on_connection_resumed method initiates a new connection if no session is present. This works fine with IoT Core when the client loses connectivity.

However, when paired w/ Greengrass, we get the following error in greengrass.log on the FIRST reconnect attempt:

2022-08-19T21:14:24.480Z [WARN] (Session Executor 0) io.moquette.broker.Authorizator: Client does not have read permissions on the topic username: -----BEGIN CERTIFICATE-----
XXXXX
-----END CERTIFICATE-----
, messageId: 3, topic: /topic/path. {}

Here is the client code:

def on_connection_resumed(self, connection, return_code, session_present, **kwargs):
    if return_code == mqtt.ConnectReturnCode.ACCEPTED and not session_present:
        self.reconnect()

Reconnect is essentially calling a disconnect (OK if this fails) followed by a fresh connect:

try:
    disconnect_future = self._shadow_client.mqtt_connection.disconnect()
    disconnect_future.result(timeout=FUTURE_TIMEOUT)
except:
    ....
try:
    mqtt_connection = mqtt_connection_builder.mtls_from_path(...)
    connected_future = mqtt_connection.connect()
except:
    ....

The error above is only present after the first reconnect attempt. Subsequent reconnect attempts connect successfully.

Auth component is configured correctly (fully permissive policy)

JoeAtAWS
2 years ago
Hi - can you also post logs leading up to this warning? I'm particularly interested in logs relating to "sessions". That will help us figure out if the issue is in the client device auth component, or if this is failing inside Moquette.

I'm a bit confused why your client would initiate a new connection after receiving a connection resumed callback. Do you mean it re-subscribes if no session is present? Can you attach a code snippet? Thanks
gstclair
2 years ago
Updated the initial comment w/ additional code snippets. For now, this is mitigated by catching the failed subscription and attempting (another) reconnect, which does complete successfully. This appears to be on the Moquette side, though I don't see any additional information in the logs.
MichaelDombrowski-AWS EXPERT
2 years ago
Thank you for the additional information, we are attempting to reproduce the issue now.

Topics

Internet of Things (IoT)

Relevant content

MQTT CLient unable to connect to AWS broker
rsala
asked 8 months ago
Greengrass MQTT (Moquette) Broker throwing max size allowed error on UpdateThingShadowRequest with 10KB payload
Accepted Answer
gstclair
asked a month ago
MQTT Client unable to connect to AWS IoT MQTT Broker
smanickam1983
asked 6 years ago
MQTT Client cross-account to connect and publish to AWS IoT MQTT Broker
Rowen
asked 3 months ago
How do I delete or terminate a Client VPN endpoint or connection on AWS Client VPN?
AWS OFFICIALUpdated 2 years ago
How do I create a new Windows WorkSpace image with a client language other than English?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot Amazon MQ broker connection issues?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot packet loss, latency, or intermittent connectivity issues with my Client VPN connection?
AWS OFFICIALUpdated 7 months ago
AWS Client VPN connection and traffic flow handling simplified
EXPERT
Karthikiran Ilango
published 6 months ago
Should I use the AWS IoT Device SDKs or other MQTT Clients?
EXPERT
David Malone
published a year ago