(Nucleus): Component recipe not updated when deploying new component version.

Question

(Nucleus): Component recipe not updated when deploying new component version.

Closed this issue a year ago · 3 comments

Describe the bug
We have updated the ComponentConfiguration.DefaultConfiguration.accessControl for our component in the recipe.yaml file. It adds aws.greengrass.ipc.mqttproxy permissions (topics) using variables ({iot:thingName}) in MQTT topics. Additional deployment configuration (using merge) adds aws.greengrass.SecretManager permission.
We deploy the component successfully but its default configuration is not updated anymore, although it shows in the correct recipe on AWS Greengrass Console, it does not match the component configuration in Greengrass Core after deployment.

This is the current recipe (extract) displayed in AWS Greengrass Console for our component:

  "RecipeFormatVersion": "2020-01-25",
  "ComponentName": "<my-component>",
  "ComponentVersion": "1.0.38",
  "ComponentType": "aws.greengrass.generic",
  "ComponentConfiguration": {
    "DefaultConfiguration": {
      "accessControl": {
        "aws.greengrass.ipc.mqttproxy": {
          "<my-component>:mqttproxy:1": {
            "policyDescription": "Allows access AWS IoT jobs MQTT topics.",
            "operations": [
              "aws.greengrass#PublishToIoTCore",
              "aws.greengrass#SubscribeToIoTCore"
            ],
            "resources": [
              "$aws/things/{iot:thingName}/jobs/notify",
              "$aws/things/{iot:thingName}/jobs/notify-next",
              "$aws/things/{iot:thingName}/jobs/get/#",
              "$aws/things/{iot:thingName}/jobs/+/get/#",
              "$aws/things/{iot:thingName}/jobs/+/get",
              "$aws/things/{iot:thingName}/jobs/+/update"
            ]
          }
        }
      }
    }
  },
...

After deployment, this is what we see in the Greengrass Core, using GG CLI:

bash-4.2# greengrass-cli component details -n <my-component>
Component Name: <my-component>
    Version: 1.0.38
    State: RUNNING
    Configuration: {"accessControl":{"aws.greengrass.ipc.mqttproxy":{"<my-component>:mqttproxy:1":{"operations":["aws.greengrass#PublishToIoTCore","aws.greengrass#SubscribeToIoTCore"],"policyDescription":"Allows access AWS IoT jobs MQTT topics.","resources":["$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/notify","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/notify-next","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get/accepted","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/get/rejected","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/+/get/accepted","$aws/things/swx-edge-gateway-7a9e860c508f0f0dfbd4c00bd5845d0c/jobs/+/get/rejected"]}},"aws.greengrass.SecretManager":{"<my-component>:secrets:1":{"operations":["aws.greengrass#GetSecretValue"],"policyDescription":"Credentials.","resources":["<REDACTED>"]}}},"GGEdgeDBSecretName":"< REDACTED >","LogLevel":"DEBUG"}

As we can see, the component configuration on Greengrass Core has an old configuration, not matching the newest one.

Expected behavior
We expected the ComponentConfiguration.DefaultConfiguration.accessControl to be updated when we deploy a new version of the component and this be reflected in the Greengrass Core component configuration.

Actual behavior
The Default component configuration is not updated after deployment of new versions of the component.
Hint: This problem apparently started when we started using the {iot:thingName} variables.

Environment

OS: Amazon Linux 2
Nucleus version: 2.10.1

Additional context
This problem apparently started when we started using the {iot:thingName} variables.

Answer 1 · 2023-05-23T14:52:35.000Z

When you change defaults, you must use RESET in the deployment to apply the new defaults.

See: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update

And: https://youtu.be/hAZ-nlAaSvw?t=319

Also ensure you have configured Nucleus to interpolate configuration. https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-nucleus-component.html#greengrass-nucleus-component-configuration-interpolate-component-configuration

Answer 2 · 2023-05-23T15:48:13.000Z

Okay, that's a surprise. We expected that when we deploy a new component version, it's Default configuration would always be updated no matter what.

Answer 3 · 2023-05-23T15:58:51.000Z

If you want that behavior then you can have that behavior, you just need to set "RESET": [""] in your deployment configuration update. It will stay there when you revise a deployment with new versions as well.