Greengrass V2 不断给我 MqttProxyIPCAgent Not Authorized
Greengrass V2 continuously giving me MqttProxyIPCAgent Not Authorized
我有以下 Greengrass V2 自定义配方:
---
RecipeFormatVersion: "2020-01-25"
ComponentName: com.savic.Telemetry
ComponentVersion: 1.0.12
ComponentDescription: Vehicle telemetry consisting of CAN and additional messages
ComponentPublisher: ##############
ComponentConfiguration:
DefaultConfiguration:
Environment: nonprod
accessControl:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
policyDescription: Allows access to publish to telemetry topic
operations:
- aws.greengrass#PublishToIoTCore
resources:
- savicmc/{configuration:/Environment}/telemetry/events
Manifests:
- Platform:
os: linux
Lifecycle:
Setenv:
SAVICMC_ENV: "{configuration:/Environment}"
SAVIC_SENDLOG_PATH: "/var/log/sendLog.txt"
SAVIC_SAMPLE_RATE: 10
SAVIC_TELEMETRY_TOPIC: "savicmc/{configuration:/Environment}/telemetry/events"
Install:
RequiresPrivilege: true
script: python3 -m pip install --user awsiotsdk
Run:
RequiresPrivilege: true
script: python3 -u {artifacts:path}/telemetry.py
Artifacts:
- Uri: s3://greengrass-components-#############-############/artifacts/com.savic.Telemetry/1.0.12/telemetry.py
Permission:
Execute: OWNER
注意:我还尝试了 accessControl 的变体:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:mqttproxy:2:
------ AND --------
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
(注意:pubsub 与 mqttproxy)
但是,在我的 greengrass.log 中,我不断收到以下信息:
2022-01-24T06:29:45.178Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.RpcServer: New connection code [AWS_ERROR_SUCCESS] for [Id 1141, Class ServerConnection, Refs 1](2022-01-24T06:29:45.178120Z) - <null>. {}
2022-01-24T06:29:45.181Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: aws.greengrass#GreengrassCoreIPC authenticated identity: com.savic.Telemetry. {}
2022-01-24T06:29:45.184Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Connection accepted for com.savic.Telemetry. {}
2022-01-24T06:29:45.185Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Sending connect response for com.savic.Telemetry. {}
2022-01-24T06:29:45.191Z [INFO] (Thread-8) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.savic.Telemetry is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource savicmc/nonprod/telemetry/events}
注意:
com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.savic.Telemetry is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource savicmc/nonprod/telemetry/events}
My Thing 设备证书也有允许 iot:*
和 greengrass:*
的策略,因此从 Policy/IAM 的角度来看,我可以发布。
为什么我在设备上收到未授权的任何想法?
Recipes variables 仅在配方的生命周期部分受支持。因此,accessControl
中的 {configuration:/Environment}
字符串未解析为您期望的值。
savicmc/{configuration:/Environment}/telemetry/events
您可以将默认值 accessControl
更改为默认使用 Environment
的值,这样当您使用默认值时组件将按预期工作。
ComponentConfiguration:
DefaultConfiguration:
Environment: nonprod
accessControl:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
policyDescription: Allows access to publish to telemetry topic
operations:
- aws.greengrass#PublishToIoTCore
resources:
- savicmc/nonprod/telemetry/events
当您 configure and deploy the component with a different value for Environment
, you can also update the topic in accessControl
. For example, you can specify the following configuration merge update 将 Environment
和资源主题更改为 prod
时。
{
"Environment": "prod"
"accessControl": {
"aws.greengrass.ipc.mqttproxy": {
"com.savic.Telemetry:pubsub:2": {
"resources": {
"savicmc/prod/telemetry/events
}
}
}
}
}
我有以下 Greengrass V2 自定义配方:
---
RecipeFormatVersion: "2020-01-25"
ComponentName: com.savic.Telemetry
ComponentVersion: 1.0.12
ComponentDescription: Vehicle telemetry consisting of CAN and additional messages
ComponentPublisher: ##############
ComponentConfiguration:
DefaultConfiguration:
Environment: nonprod
accessControl:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
policyDescription: Allows access to publish to telemetry topic
operations:
- aws.greengrass#PublishToIoTCore
resources:
- savicmc/{configuration:/Environment}/telemetry/events
Manifests:
- Platform:
os: linux
Lifecycle:
Setenv:
SAVICMC_ENV: "{configuration:/Environment}"
SAVIC_SENDLOG_PATH: "/var/log/sendLog.txt"
SAVIC_SAMPLE_RATE: 10
SAVIC_TELEMETRY_TOPIC: "savicmc/{configuration:/Environment}/telemetry/events"
Install:
RequiresPrivilege: true
script: python3 -m pip install --user awsiotsdk
Run:
RequiresPrivilege: true
script: python3 -u {artifacts:path}/telemetry.py
Artifacts:
- Uri: s3://greengrass-components-#############-############/artifacts/com.savic.Telemetry/1.0.12/telemetry.py
Permission:
Execute: OWNER
注意:我还尝试了 accessControl 的变体:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:mqttproxy:2:
------ AND --------
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
(注意:pubsub 与 mqttproxy)
但是,在我的 greengrass.log 中,我不断收到以下信息:
2022-01-24T06:29:45.178Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.RpcServer: New connection code [AWS_ERROR_SUCCESS] for [Id 1141, Class ServerConnection, Refs 1](2022-01-24T06:29:45.178120Z) - <null>. {}
2022-01-24T06:29:45.181Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: aws.greengrass#GreengrassCoreIPC authenticated identity: com.savic.Telemetry. {}
2022-01-24T06:29:45.184Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Connection accepted for com.savic.Telemetry. {}
2022-01-24T06:29:45.185Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Sending connect response for com.savic.Telemetry. {}
2022-01-24T06:29:45.191Z [INFO] (Thread-8) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.savic.Telemetry is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource savicmc/nonprod/telemetry/events}
注意:
com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.savic.Telemetry is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource savicmc/nonprod/telemetry/events}
My Thing 设备证书也有允许 iot:*
和 greengrass:*
的策略,因此从 Policy/IAM 的角度来看,我可以发布。
为什么我在设备上收到未授权的任何想法?
Recipes variables 仅在配方的生命周期部分受支持。因此,accessControl
中的 {configuration:/Environment}
字符串未解析为您期望的值。
savicmc/{configuration:/Environment}/telemetry/events
您可以将默认值 accessControl
更改为默认使用 Environment
的值,这样当您使用默认值时组件将按预期工作。
ComponentConfiguration:
DefaultConfiguration:
Environment: nonprod
accessControl:
aws.greengrass.ipc.mqttproxy:
com.savic.Telemetry:pubsub:2:
policyDescription: Allows access to publish to telemetry topic
operations:
- aws.greengrass#PublishToIoTCore
resources:
- savicmc/nonprod/telemetry/events
当您 configure and deploy the component with a different value for Environment
, you can also update the topic in accessControl
. For example, you can specify the following configuration merge update 将 Environment
和资源主题更改为 prod
时。
{
"Environment": "prod"
"accessControl": {
"aws.greengrass.ipc.mqttproxy": {
"com.savic.Telemetry:pubsub:2": {
"resources": {
"savicmc/prod/telemetry/events
}
}
}
}
}