named shadow not found

Question

Getting closer to actually accessing the shadow   
  
my configuration allows access to the config1 topic:

I'm getting an error saying that the shadow doesn't exist:  
  
2021-10-11T03:10:47.008Z \[WARN] (Thread-6) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Shadow does not exist. {thing name=smartdvr-1423019132001, shadow name=config1}  
software.amazon.awssdk.aws.greengrass.model.ResourceNotFoundError: No shadow found  
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.lambda$handleRequest$0(GetThingShadowRequestHandler.java:91)  
	at com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions(ExceptionUtil.java:33)  
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.handleRequest(GetThingShadowRequestHandler.java:75)  
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:82)  
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:28)  
	at software.amazon.awssdk.eventstreamrpc.OperationContinuationHandler.onContinuationMessage(OperationContinuationHandler.java:271)  
	at software.amazon.awssdk.crt.eventstream.ServerConnectionContinuationHandler.onContinuationMessageShim(ServerConnectionContinuationHandler.java:53)  
  
i've double checked on the online console that thing smartdvr-1423019132001 does have a config1 named shadow with content.  
  
Where can i look further on why it thinks the named shadow doesn't exist ?

--component :  
  
import sys  
import datetime  
import os  
import logging  
import awsiot.greengrasscoreipc  
import awsiot.greengrasscoreipc.client as client  
from awsiot.greengrasscoreipc.model import GetThingShadowRequest  
  
device = os.environ\['AWS_IOT_THING_NAME']  
logger = logging.getLogger(__name__)  
logger.setLevel(logging.INFO)  
  
TIMEOUT = 10

def get_thing_shadow_request(thingName, shadowName):  
    try:  
        # set up IPC client to connect to the IPC server  
        ipc_client = awsiot.greengrasscoreipc.connect()  
                  
        # create the GetThingShadow request  
        get_thing_shadow_request = GetThingShadowRequest()  
        get_thing_shadow_request.thing_name = thingName  
        get_thing_shadow_request.shadow_name = shadowName  
         
        # retrieve the GetThingShadow response after sending the request to the IPC server  
        op = ipc_client.new_get_thing_shadow()  
        op.activate(get_thing_shadow_request)  
        fut = op.get_response()  
         
        result = fut.result(TIMEOUT)  
        logger.error(result.payload)  
        return result.payload  
    except BaseException as err: #InvalidArgumentsError as e:  
        logger.error("TS>" + err)

test = get_thing_shadow_request(device, "config1")  
  
Edited by: clogwog on Oct 11, 2021 4:09 PM  
  
Edited by: clogwog on Oct 11, 2021 4:11 PM  
  
this editor hides details in my question..  
  
Edited by: clogwog on Oct 11, 2021 9:52 PM

Answer

Hi clogwog,  
  
Thanks for your followup. We'll be tracking this issue on GitHub and keep that updated: https://github.com/aws-greengrass/aws-greengrass-shadow-manager/issues/98   
  
-zhaoylin

Answer

Thank you for that suggestion.  
  
i found:  
com.aws.greengrass.shadowmanager.exception.SkipSyncRequestException: software.amazon.awssdk.services.iotdataplane.model.IotDataPlaneException: null (Service: IotDataPlane, Status Code: 403,  
  
in greengrass.log  
  
so it was the core policy. I had used :  
    {  
      "Effect": "Allow",  
      "Action": \[  
        "iot:GetThingShadow",  
        "iot:UpdateThingShadow"  
      ],  
      "Resource": \[  
        "arn:aws:iot:ap-southeast-2:....:thing/${iot:ClientId}"  
      ]  
    },  
  
I had found it somewhere in an example so i can re-use the policy for all my greengrass devices with a device specific wildcard, but it (now) obviously didn't work because as soon as i set it to * the sync started working.

Answer

Hello,  
  
as soon as i add the "iot:DeleteThingShadow"  
permission the shadow manager deletes my server shadow. which is why i left it out.  
  
there is a ticket for it at   
https://github.com/aws-greengrass/aws-greengrass-shadow-manager/pull/96  
  
i would just like to know if I need to wait for this ticket to me merged and available before or if there is a way around it ?  
  
thanks,  
tom

Answer

note: the aws discussion forum editor is stripping details out of my configuration  
see here for the full config:

Answer

Hello,  
  
I am assuming that the shadow has been created in the cloud and you are expecting that to be synced back to the device. Is smartdvr-1423019132001 the name of your GG v2 core? If so, can you attach all the logs from the logs folder to this ticket? There should be an indication in the greengrass.log file on why it was unable to sync that shadow to the device.  
  
Cheers,   
Nikkhil

Answer

Is the Shadow Manager public component currently being used in a production environment by anyone ?

Answer

Hello clogwog,  
regarding the policy you posted, the resource does not match the minimal policy we require. Check https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html#greengrass-core-minimal-iot-policy The policy includes the ** wildcard after the core device thing name (For example, core-device-thing-name**).   
```  
{  
            "Effect": "Allow",  
            "Action": \[  
                "iot:GetThingShadow",  
                "iot:UpdateThingShadow",  
                "iot:DeleteThingShadow"  
            ],  
            "Resource": \[  
                "arn:aws:iot:region:account-id:thing/core-device-thing-name*"  
            ]  
        },  
```  
Please also find more about the shadow manager configuration requirements at: https://docs.aws.amazon.com/greengrass/v2/developerguide/sync-shadows-with-iot-core.html  
  
-zhaoylin

named shadow not found

相关内容