(Nucleus): Component recipe not updated when deploying new component version.
Closed this issue · 3 comments
Describe the bug
We have updated the ComponentConfiguration.DefaultConfiguration.accessControl
for our component in the recipe.yaml
file. It adds aws.greengrass.ipc.mqttproxy
permissions (topics) using variables ({iot:thingName}
) in MQTT topics. Additional deployment configuration (using merge
) adds aws.greengrass.SecretManager
permission.
We deploy the component successfully but its default configuration is not updated anymore, although it shows in the correct recipe on AWS Greengrass Console, it does not match the component configuration in Greengrass Core after deployment.
This is the current recipe (extract) displayed in AWS Greengrass Console for our component:
"RecipeFormatVersion": "2020-01-25",
"ComponentName": "<my-component>",
"ComponentVersion": "1.0.38",
"ComponentType": "aws.greengrass.generic",
"ComponentConfiguration": {
"DefaultConfiguration": {
"accessControl": {
"aws.greengrass.ipc.mqttproxy": {
"<my-component>:mqttproxy:1": {
"policyDescription": "Allows access AWS IoT jobs MQTT topics.",
"operations": [
"aws.greengrass#PublishToIoTCore",
"aws.greengrass#SubscribeToIoTCore"
],
"resources": [
"$aws/things/{iot:thingName}/jobs/notify",
"$aws/things/{iot:thingName}/jobs/notify-next",
"$aws/things/{iot:thingName}/jobs/get/#",
"$aws/things/{iot:thingName}/jobs/+/get/#",
"$aws/things/{iot:thingName}/jobs/+/get",
"$aws/things/{iot:thingName}/jobs/+/update"
]
}
}
}
}
},
...
After deployment, this is what we see in the Greengrass Core, using GG CLI:
bash-4.2# greengrass-cli component details -n <my-component>
Component Name: <my-component>
Version: 1.0.38
State: RUNNING
Configuration: {"accessControl":{"aws.greengrass.ipc.mqttproxy":{"<my-component>:mqttproxy:1":{"operations":["aws.greengrass#PublishToIoTCore","aws.greengrass#SubscribeToIoTCore"],"policyDescription":"Allows access AWS IoT jobs MQTT topics.","resources":["$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/notify","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/notify-next","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get/accepted","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get/rejected","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/+/get/accepted","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/+/get/rejected"]}},"aws.greengrass.SecretManager":{"<my-component>:secrets:1":{"operations":["aws.greengrass#GetSecretValue"],"policyDescription":"Credentials.","resources":["<REDACTED>"]}}},"GGEdgeDBSecretName":"< REDACTED >","LogLevel":"DEBUG"}
As we can see, the component configuration on Greengrass Core has an old configuration, not matching the newest one.
Expected behavior
We expected the ComponentConfiguration.DefaultConfiguration.accessControl
to be updated when we deploy a new version of the component and this be reflected in the Greengrass Core component configuration.
Actual behavior
The Default component configuration is not updated after deployment of new versions of the component.
Hint: This problem apparently started when we started using the {iot:thingName}
variables.
Environment
- OS: Amazon Linux 2
- Nucleus version: 2.10.1
Additional context
This problem apparently started when we started using the {iot:thingName}
variables.
When you change defaults, you must use RESET in the deployment to apply the new defaults.
And: https://youtu.be/hAZ-nlAaSvw?t=319
Also ensure you have configured Nucleus to interpolate configuration. https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-nucleus-component.html#greengrass-nucleus-component-configuration-interpolate-component-configuration
Okay, that's a surprise. We expected that when we deploy a new component version, it's Default configuration would always be updated no matter what.
If you want that behavior then you can have that behavior, you just need to set "RESET": [""]
in your deployment configuration update. It will stay there when you revise a deployment with new versions as well.