Copyright © https://mongoose-os.com

Mongoose OS Forum

frame
ATTENTION! This forum has moved to:

https://community.mongoose-os.com

Do not post any new messages.

ESP32 GCP IOT error: The caller does not have permission

branco21branco21 Poland
edited February 22 in Mongoose OS

Hello,

I'm getting error trying to create a new device on GCP IOT registry using mos command:

mos gcp-iot-setup --gcp-project pszpoton-iot --gcp-region europe-west1 --gcp-registry iot-registry

Using port COM4
Connecting to the device...
  esp32 30AEA4CC3CD0 running app2
Generating ECDSA private key

Certificate info:
  Subject : CN=esp32_CC3CD0
  Issuer  : CN=esp32_CC3CD0
  Serial  : 0
  Validity: 2019/02/22 - 2029/02/21
  Key algo: ECDSA
  Sig algo: ECDSA-SHA256
Writing public key to gcp-esp32_CC3CD0.pub.pem...
Writing key to gcp-esp32_CC3CD0.key.pem...
Uploading gcp-esp32_CC3CD0.key.pem (227 bytes)...
Creating the device...
Trying to delete the device...
Error: googleapi: Error 403: The caller does not have permission, forbidden
/go/src/cesanta.com/mos/gcp/gcp.go:150: failed to re-create device
/go/src/cesanta.com/mos/main.go:176: gcp-iot-setup failed

However it is possible to create one on the same console, by using gcloud command with just the same args:
gcloud iot devices create my-es256-device --project=pszpoton-iot --region=europe-west1 --registry=iot-registry --public-key path=gcp-esp32_CC3CD0.pub.pem,type=es256

Created device [my-es256-device].

Could anyone help me to point out what kind of permission is needed or what might be missing in the command?

Comments

  • mbbendermbbender North Carolina

    I can't help unfortunately, but I can confirm I'm getting the same problem.

  • Had a similar problem. For me executing these lines in terminal again helped:

    gcloud auth application-default login

    and

    gcloud projects add-iam-policy-binding YOUR_PROJECT_NAME --member=serviceAccount:cloud-iot@system.gserviceaccount.com --role=roles/pubsub.publisher

  • One way to solve it is to create a service account on GCP with Editor rights to the IOT registry. Then download and store locally JSON key file, then set GOOGLE_APPLICATION_CREDENTIALS environmental variable to point to the location of your file. It should work after that.

Sign In or Register to comment.