By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Trying to use GreengrassCoreIPCClientV2().get_thing_shadow()

0

The following code looks valid to me. But when I try to run it, inside a greengrass component, I get an incomprehensible error:

...blahblahblah eventstreamrpc.py", line 723, in _on_continuation_message raise shape awsiot.greengrasscoreipc.model.ServiceError

what? Whats' the error??? :( I dont see anything relevant in the greengrass.log to explain this either. Just lifecyclemanager.GenericExternalService: service-errored. {exitCode=1, ...."

Here's my actual code:

import os
from awsiot.greengrasscoreipc.clientv2 import GreengrassCoreIPCClientV2

THINGNAME = os.getenv("AWS_IOT_THING_NAME")
CLIENTOBJ = GreengrassCoreIPCClientV2()

def create_deviceshadow_cache():
    print("DEBUG: thingname is " + THINGNAME)
    shadow_response = CLIENTOBJ.get_thing_shadow(thing_name=THINGNAME)
    print("DEBUG: Printing shadow info: " + shadow_response.payload)

create_deviceshadow_cache()
  • MichaelDombrowski-AWS EXPERT
    a year ago

    What is your component recipe?

    Does your component depend on the shadow manager component? It must for this to work.

Topics
Internet of Things (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Language
English
rePost-User-8804953
asked a year ago395 views
1 Answer
0
Accepted Answer

Aha. Thanks Michael. After fixing that, .. it still gives me the same error in my component log :-/ But now at least, the main greengrass.log shows me a related error.

2023-05-23T15:28:07.053Z [WARN] (Thread-7) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-
shadow. Not authorized to get shadow. {thing name=demo-device, shadow name=null}
com.aws.greengrass.authorization.exceptions.AuthorizationException: Principal com.bolthole.copyshadow is not authorized to perf
orm aws.greengrass.ShadowManager:aws.greengrass#GetThingShadow on resource $aws/things/demo-device/shadow

Which is odd, because I thought I have allowed all required perms, as shown below. Any further enlightenment you can give?

In recipe, copied more or less from AWS examples:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ShadowManager:
        'com.bolthole.copyshadow:shadow:1':
          policyDescription: 'Allows access to shadows'
          operations:
            - 'aws.greengrass#GetThingShadow'
            - 'aws.greengrass#UpdateThingShadow'
            - 'aws.greengrass#DeleteThingShadow'
          resources:
            - $aws/things/{iot:thingName}/shadow
        'com.bolthole.copyshadow:shadow:2':
          policyDescription: 'Allows access to things with shadows'
          operations:
            - 'aws.greengrass#ListNamedShadowsForThing'
          resources:
            - {iot:thingName}

And in my thing policy, I have:

    {
      "Effect": "Allow",
      "Action": "iot:GetThingShadow",
      "Resource": "*"
    }

(edit: walk through comments for final solution)

rePost-User-8804953
answered a year ago
  • MichaelDombrowski-AWS EXPERT
    a year ago

    Did you enable interpolate configuration? https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-nucleus-component.html#greengrass-nucleus-component-configuration-interpolate-component-configuration

    When you deploy, use RESET: https://github.com/aws-greengrass/aws-greengrass-nucleus/issues/1470#issuecomment-1559595709

  • rePost-User-8804953
    a year ago

    Looks like it is getting properly interpolated. Looking at effectiveConfig.yaml shows

             aws.greengrass.ShadowManager:
          com.bolthole.copyshadow:shadow:1:
            operations:
            - "aws.greengrass#GetThingShadow"
            - "aws.greengrass#UpdateThingShadow"
            - "aws.greengrass#DeleteThingShadow"
            policyDescription: "Allows access to shadows"
            resources:
            - "$aws/things/demo-device/shadow"
            - "$aws/things/demo-device/shadow/name/myNamedShadow"
  • MichaelDombrowski-AWS EXPERT
    a year ago

    what about the second policy you had? I think you need to wrap the {iot:thingName} in quotes or else yaml will treat it as a map.

  • rePost-User-8804953
    a year ago

    HUH! there were a buncha other lines, that were NOT quoted, and used {iot:thingName}, and worked. but that one line, I guess since its not in the middle of some other string... it has to be quoted. "Interesting" feature. Thanks for that.

    Even more "interesting", is that.. given that I cut-n-pasted from AWS docs... THE AWS DOCS ARE WRONG!!!

    https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-local-shadows.html

  • rePost-User-8804953
    a year ago

    Almost working. At least I can now call the get shadow function. But now yet another underdocumented category of error. I'm trying to get the default non-named shadow. I created one in the GUI, and it got autonamed "Classic Shadow'.

    But the code I have in my first post here isnt working.

    2023-05-24T02:18:26.808Z [WARN] (Thread-7) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Shadow does not exist. {thing name=demo-device, shadow name=null}

    I thought leaving shadow name null would be the way to get default shadow, but that doesnt seem to work. Nor does shadow_name="". Same error, "Shadow does not exist"

    But I cant set the name to "Classic Shadow" either. So what am I supposed to do?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content