[英]Properly Create a Device Template from a Live Device in Azure IOT Central
[英]GCP - Python create IoT device PermissionDenied
我正在嘗試通過 Python 腳本在 Google Cloud 上創建物聯網設備。 我已經設置了項目、物聯網注冊表並驗證了我的 GCloud,並將 GOOGLE_APPLICATION_CREDENTIALS 鏈接到相應服務帳戶的 json。 為什么我使用命令行創建一個帳戶,例如gcloud iot devices create dev01 --project=... --region=... --registry=...
,它有效。 但是,我的 Python 腳本(通過命令提示符運行)似乎沒有產生相同的結果。 我使用https://cloud.google.com/iot/docs/samples/device-manager-samples#iot-core-create-rs256-python作為 iot_v1 參考。
# Generate Key
key = rsa.generate_private_key(backend=default_backend(), public_exponent=65537, key_size=2048)
# Get Public
public_key = key.public_key().public_bytes(serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH)
# Get Private
pem = key.private_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
# Decode to UTF-8
private_key_str = pem.decode('utf-8')
public_key_str = public_key.decode('utf-8')
# Write keys
with open('Key Pairs/'+deviceName+'_private.pem', 'wb') as file:
file.write(pem)
with open('Key Pairs/' + deviceName + '_public.pem', 'wb') as file:
file.write(public_key)
# Create Device
client = iot_v1.DeviceManagerClient()
parent = client.registry_path(PROJECTID, REGION, REGISTRY)
deviceTemplate = {
'id': deviceName,
"credentials": [
{
"public_key": {
"format": iot_v1.PublicKeyFormat.RSA_X509_PEM,
"key": public_key_str,
}
}
]
}
client.create_device(request={'parent': parent, 'device': deviceTemplate})
錯誤回溯是
File "commissioning.py", line 46, in <module>
client.create_device(request={'parent': parent, 'device': deviceTemplate})
File "C:\Users\Niels\AppData\Local\Programs\Python\Python38\lib\site-packages\google\cloud\iot_v1\services\device_manager\client.py", line 728, in create_device
response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
File "C:\Users\Niels\AppData\Local\Programs\Python\Python38\lib\site-packages\google\api_core\gapic_v1\method.py", line 145, in __call__
return wrapped_func(*args, **kwargs)
File "C:\Users\Niels\AppData\Local\Programs\Python\Python38\lib\site-packages\google\api_core\grpc_helpers.py", line 59, in error_remapped_callable
six.raise_from(exceptions.from_grpc_error(exc), exc)
File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 The caller does not have permission
我想這要么是我使用 iot_v1 的方式有問題,要么是 Python 的權限有問題。任何幫助/提示將不勝感激!
確保用於創建客戶端的服務帳戶至少分配了roles/cloudiot.provisioner
角色(如果您不斷收到權限錯誤,請嘗試將roles/cloudiot.admin
角色添加到服務帳戶,因為它應該授予完整權限控制所有物聯網設備,在此處找到有關所有可用權限的更多信息。)
一旦您確定服務帳戶具有正確的權限,您就可以利用iot_v1.DeviceManagerClient() class提供的credentials
參數來確保您指向服務帳戶密鑰文件,如文檔的身份驗證部分所述.
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.