使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

UnauthorizedError when publishing to local MQTT

0

Hey folks,

Trying to get IPC working for custom components, and I've hit a wall.
I've configured local IPC according to the documentation (as far as I can tell), but whenever I publish to a topic I get an UnauthorizedError. I assumed that this was a misconfiguration of access control in the recipe, but I don't see any differences between my recipe and the examples. Any help would be much appreciated.

Here's the relevant bit of the recipe:

ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "my.custom.component:pubsub:1":
          policyDescription: "Publish access for database interface."
          operations:
            - "aws.greengrass#PublishToTopic"
          resources:
            - "*"

and here's the code that publishes:

def publish_to_topic(topic, message):
    logger.info(f"sending: {message} to {topic}")
    request = PublishToTopicRequest()
    request.topic = topic
    publish_message = PublishMessage()
    publish_message.binary_message = BinaryMessage()
    publish_message.binary_message.message = bytes(dumps(message), "utf-8")
    request.publish_message = publish_message
    operation = ipc_client.new_publish_to_topic()
    operation.activate(request)
    future = operation.get_response()
    try:
        future.result(TIMEOUT)
        logger.info('Successfully published to topic: ' + topic)
    except concurrent.futures.TimeoutError:
        logger.error('Timeout occurred while publishing to topic: ' + topic)
    except UnauthorizedError as e:
        logger.error('Unauthorized error while publishing to topic: ' + topic)
        raise e
    except Exception as e:
        logger.error('Exception while publishing to topic: ' + topic)
        raise e

TIMEOUT = 10
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/test/topic"
message = {
    'foo': 'FOO',
    'bar': 'BAR'
}
publish_to_topic(topic, message)
主題
物聯網 (IoT)
標籤
AWS IoT Core
語言
English
continuities
已提問 3 年前檢視次數 1209 次
2 個答案
0
已接受的答案

Hi,
You may be running into this if you ever deployed a version of the component with a different configuration. In a recipe the "DefaultConfiguration" is only the default, so if there is existing configuration on a device then the default values will not be used. To force it to use the updated default values, you must use a RESET configuration in the deployment. See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

After performing a reset if it still does not work, then please provide the effectiveConfig.yml file from the configs directory on the device as well as the greengrass log file. The greengrass log file will print what permission you are missing.

An important thing to note is that the policy ID must be unique for the entire device. You cannot duplicate IDs within a component or even across components.

Cheers,
Michael

AWS
專家
MichaelDombrowski-AWS
已回答 3 年前
  • rePost-User-7846458
    1 年前

    Hey Michael,

    We are facing same issue. We have checked the effective.yml also and its also got updated with wildcard *. First we did is we have set "" in reset and in merged provided wildcard * for all topic to publish and subscribe. But still facing following error .. "Unauthorized error while subscribing to topic: device/wifiNetworkAddResponse. "

0

Yup, that was absolutely it. I'd never have found that on my own. Thanks so much!

continuities
已回答 3 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容