【以下的问题经过翻译处理】 我正在尝试从AWS IoT 获取事物定义名为cycle_topic
的影子。权限/配置让我困惑。在我看来,在ShadowManager中,我为SliceOfPi
设备获取count_topic
配置了正确的权限。我相信这是一个权限问题。我的配置哪里出了问题?
以下是各组件的配置:
Configure aws.greengrass.clientdevices.mqtt.Bridge:
{
"reset": [],
"merge": {
"mqttTopicMapping": {
"HelloWorldIotCoreMapping": {
"topic": "#",
"source": "Pubsub",
"target": "IotCore"
}
},
"ShadowsPubsubToLocalMqtt": {
"topic": "$aws/things/+/shadow/#",
"source": "Pubsub",
"target": "LocalMqtt"
}
}
}
Configure aws.greengrass.clientdevices.Auth:
{
"reset": [],
"merge": {
"deviceGroups": {
"formatVersion": "2021-03-05",
"definitions": {
"MyPermissiveDeviceGroup": {
"selectionRule": "thingName: *",
"policyName": "MyPermissivePolicy"
}
},
"policies": {
"MyPermissivePolicy": {
"AllowAll": {
"statementDescription": "Allow client devices to perform all actions.",
"operations": [
"*"
],
"resources": [
"*"
]
}
}
}
}
}
}
aws.greengrass.ShadowManager:
{
"reset": [],
"merge": {
"strategy": {
"type": "realTime"
},
"synchronize": {
"coreThing": {
"classic": true,
"namedShadows": [
"count_topic"
]
},
"shadowDocuments": [
{
"thingName": "SliceOfPi",
"classic": true,
"namedShadows": [
"count_topic"
]
}
],
"direction": "cloudToDevice"
}
}
}
我在greengrass.log中看到的错误日志:
2022-09-20T21:51:46.237Z [WARN] (Thread-4) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Not authorized to get shadow. {thing name=SliceOfPi, shadow name=count_topic} com.aws.greengrass.authorization.exceptions.AuthorizationException: Principal com.xxxxxxxxxx.productivity.cycle_count is not authorized to perform aws.greengrass.ShadowManager:aws.greengrass#GetThingShadow on resource $aws/things/SliceOfPi/shadow/name/count_topic at com.aws.greengrass.authorization.AuthorizationHandler.isAuthorized(AuthorizationHandler.java:247) at com.aws.greengrass.authorization.AuthorizationHandler.isAuthorized(AuthorizationHandler.java:255) at com.aws.greengrass.shadowmanager.AuthorizationHandlerWrapper.doAuthorization(AuthorizationHandlerWrapper.java:73) at com.aws.greengrass.shadowmanager.AuthorizationHandlerWrapper.doAuthorization(AuthorizationHandlerWrapper.java:56) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.lambda$handleRequest$0(GetThingShadowRequestHandler.java:87) at com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions(ExceptionUtil.java:33) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.handleRequest(GetThingShadowRequestHandler.java:75) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:82) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:28) at software.amazon.awssdk.eventstreamrpc.OperationContinuationHandler.onContinuationMessage(OperationContinuationHandler.java:291) at software.amazon.awssdk.crt.eventstream.ServerConnectionContinuationHandler.onContinuationMessageShim(ServerConnectionContinuationHandler.java:53)