Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Provide more specific error for failures during MQTT WS handshake #562

Open
1 of 2 tasks
NickDarvey opened this issue Apr 26, 2024 · 3 comments · Fixed by #563
Open
1 of 2 tasks

Provide more specific error for failures during MQTT WS handshake #562

NickDarvey opened this issue Apr 26, 2024 · 3 comments · Fixed by #563
Labels
CRT/IoT feature-request A feature should be added or improved. p2 This is a standard priority issue

Comments

@NickDarvey
Copy link

Describe the feature

mqtt5_client_builder.websockets_with_default_aws_signing(...) raises a AWS_ERROR_HTTP_CALLBACK_FAILURE for both network errors and misconfiguration.

Use Case

For example, if I have a misconfigured client (like I connect with invalid client TLS details, or with a client identifier which I'm not authorized), I'd like to know about it so I can terminate the process because it's never going to connect. If it's a network issue, I'd like to let the MQTT client continue retrying to connect.

Proposed Solution

aws-crt-python/source/mqtt5_client.c

Lines 720 to 721 in c11a554

/* TODO: Translate Python exception to aws error. In the meantime here's a catch-all. */
error_code = AWS_ERROR_HTTP_CALLBACK_FAILURE;

:)

Using AwsCredentialProvider.get_credentials(...) I get AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE and AWS_AUTH_CREDENTIALS_PROVIDER_HTTP_STATUS_FAILURE for the misconfigurations mentioned above, and AWS_IO_DNS_QUERY_FAILED and AWS_IO_DNS_INVALID_NAME for network issues.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@NickDarvey NickDarvey added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 26, 2024
@jmklix jmklix added the CRT/IoT label Apr 29, 2024
@bretambrose bretambrose mentioned this issue Apr 29, 2024
Merged
@jmklix jmklix added p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Apr 29, 2024
@jmklix jmklix linked a pull request Apr 29, 2024 that will close this issue
Pass CRT error, if it exists, into completion function #563
Merged
@NickDarvey
Copy link
Author

@bretambrose, I've updated to awscrt==0.20.10; awsiotsdk==1.21.5.

Unfortunately, I still get just one kind of error, though it's a different one now!

AWS_AUTH_SIGNING_NO_CREDENTIALS: Attempt to sign an http request without credentials

I get this error if I have no internet, but I also get the same error if I use an invalid client_id with mqtt_builder.websockets_with_default_aws_signing (that is a client_id for which I don't have the right IAM permissions).

Should I open a new issue for this?

@bretambrose
Copy link
Contributor

That is the expected error that will be returned with any failure to source credentials for websocket handshake signing. I dont think it should be returned on a IAM policy failure though; I'll look into that when I can.

@bretambrose bretambrose reopened this May 24, 2024
@bretambrose
Copy link
Contributor

I am not able to repro:

If I remove connect permissions from my IAM policy, the connection attempt fails with AWS_ERROR_MQTT5_CONNACK_CONNECTION_REFUSED: Remote endpoint rejected the CONNECT attempt by returning an unsuccessful CONNACK

If I use good credentials but target the wrong account, the connection attempt fails with AWS_ERROR_HTTP_WEBSOCKET_UPGRADE_FAILURE: Failed to upgrade HTTP connection to Websocket

Both of these are accurate/expected.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
CRT/IoT feature-request A feature should be added or improved. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pass CRT error, if it exists, into completion function awslabs/aws-crt-python
3 participants
@bretambrose @jmklix @NickDarvey