Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(PolicyVariableResolver): [Question] Is it possible to use or implement Thing Attributes in policies? #433

Open
mschwab12 opened this issue Jun 27, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@mschwab12
Copy link
Contributor

Feature Description
Would it be possible to use or implement the use of Thing Attributes as policy variables?

Example: {iot:Connection.Thing.Attributes[SomeAttribute]}

I think right now only {iot:ThingName} is possible.

Use Case

We have following setup in place:

LocalDevices -> CoreDevie ( EMQX and MQTT Bridge in place) -> IoTCore

In coredevice's policy we use variables to restrict topics to coredevies attributes e.g.
arn:aws:iot:eu-central-1:123456789012:topic/cfg/${iot:Connection.Thing.Attributes[id]}/info/*

Right now we can restrict topics at client device auth component with wildcards which is ok if localDevice sends to a topic that is totally wrong but not if it used the wrong id inside the right topic. So if this is the case the policy will only be evaluated at IoT Core level and only coredevice will get notified that this topic is not allowed.

Better would be if we could use the attribute as policy variable in the client device auth config and so the local device gets blocked there and notified that the topic is not allowd.

Hope you understand my use case.

Regards, Marco

@jcosentino11 jcosentino11 added enhancement New feature or request and removed needs-triage labels Jun 27, 2024
@jcosentino11
Copy link
Member

Hi Marco, thanks for the request!

Yep, only thing name substitution is available in CDA right now. Thing attr support is in our backlog; I can't say for sure when we'll be able to get around to it, but I'll bring it up with the team again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants