python-3.xgoogle-cloud-platformmqttgoogle-cloud-pubsubgoogle-cloud-python

403 Error while running cloudiot_pubsub_example_server.py code for GCP IOT Core and PUB/SUB


I am trying cloudiot_pubsub_example_server.py example code of GCP Python SDK. To give an overview there are two codes Client and Server. The client Publishes to a topic in GCP PUB/SUB and updates or publishes random temperature. The server subscribes to this topic and receives the temperature. Also the server publishes to the client's config topic and turns fan ON or OFF when a certain temperature is increased or decreased.

When I run both codes with all the credentials provided, the client is publishing temperature and the server is subscribed and getting temp data. But when the server publishes to config topic and sends FAN to ON or OFF, I am getting:

Error executing ModifyCloudToDeviceConfig: <HttpError 403 when requesting https://cloudiot.googleapis.com/v1/projects/project-aura-249003/locations/asia-east1/registries/Linux_PC/devices/linux_pc:modifyCloudToDeviceConfig?alt=json returned "The caller does not have permission". Details: "The caller does not have permission">

For Executing the Server Code, I used the below command:

python3 cloudiot_pubsub_example_server.py --project_id=project-aura-249003 --pubsub_subscription=temp

For executing the Client Code, I used below command:

python3 cloudiot_pubsub_example_mqtt_device.py --project_id=project-aura-249003 --registry_id=Linux_PC --device_id=linux_pc --private_key_file=rsa_private.pem --algorithm=RS256 --ca_certs=roots.pem --cloud_region=asia-east1

You can find all the files to execute code here: https://github.com/GoogleCloudPlatform/python-docs-samples/tree/master/iot/api-client/mqtt_example

I have also provided roots.pem file as well Please help me with this issue, 403 error is related to some authentication issue.

What am I missing here?


Solution

  • Make sure you have defined your environment variable GOOGLE_APPLICATION_CREDENTIALS='your_service_account_credentials.json' prior or include the option --service_account_json="your_service_account_credentials.json" when running cloudiot_pubsub_example_server.py.

    Your python command should look like:

    python3 cloudiot_pubsub_example_server.py --project_id=project-aura-249003 --pubsub_subscription=temp --service_account_json="your_service_account_credentials.json"
    

    Also double check if your associated service account has an EDITOR role as per the end to end IoT tutorial.

    I did follow the end to end IoT tutorial and encountered no issues. Everything was done in cloud shell. Prior to following the tutorial, I created the following:

    Run for cloudiot_pubsub_example_mqtt_device.py:

    python3 cloudiot_pubsub_example_mqtt_device.py --project_id=my-project-id --registry_id=my-registry --device_id=device-****** --private_key_file=rsa_private.pem --algorithm=RS256 --ca_certs=roots.pem
    

    Output for cloudiot_pubsub_example_mqtt_device.py:

    enter image description here

    Run for cloudiot_pubsub_example_server.py:

    python3 cloudiot_pubsub_example_server.py --project_id=my-project-id --pubsub_subscription=my-sub-****** --service_account_json="my_credentials.json"
    

    Output for cloudiot_pubsub_example_server.py:

    enter image description here