Overview
Hi all!
I am attempting to test out Data Connection - Push Based Ingestion
to a Stream. The ultimate goal will be to have a python application that steadily pushing information to a Foundry stream from a OPC-UA server (which is why many of the Foundry resources are named things like OPC-UA Streaming in the various screenshots). As a first testing step I am attempting to get the simple Python-requests based write to work.
I am largely trying to follow this guide:
The script executing is resulting in:
403 Forbidden {"errorCode":"PERMISSION_DENIED","errorName":"Security:PermissionDenied","errorInstanceId":"xxxx","parameters":{"rid":"xxxxx","operation":"streaming:write"}}
I have turned on various permissions as much as the documentation and my exploration can tell is necessary.
Based on the details of my configuration below, a guide on what I may be doing wrong would be appreciated. Is there a way to determine what set of security codes are being violated? Am I missing a configuration?
Details:
When I attempt to write to the stream using a personal token and the following script (generated from Foundry’s streaming write console page) it succeeds:
import requests
import json
FOUNDRY_TOKEN = "TOKEN"
# We define a row that matches the schema we described earlier
sample_data = {"timestamp":1722015471624,"value":"value"}
post_uri = "CORRECT URL"
# We use requests to create a post request with an array of streaming rows, in this case we have one row to push
response = requests.post(
post_uri,
data=json.dumps([{"value": sample_data}]),
headers={
"Authorization": "Bearer " + FOUNDRY_TOKEN,
"Content-Type": "application/json",
}
)
print(response.status_code, response.reason, response.text)
response:
200 OK {"topic":"ri.foundry-streaming.main.topic.7e244b10-ace2-4c56-a4ca-f431550015de","offsetAndPartitionIds":[{"offset":3,"partitionId":0}]}
When I attempt to use the following OAuth based script it fails:
import requests
import json
def push_row():
# We make a call to the OAuth2 endpoint with our id and secret to get an access token
token_response = requests.post("CORRECT URL",
data={
"grant_type": "client_credentials",
"client_id": "CLIENT ID",
"client_secret": "SECRET",
"scope": "compass:edit"
},
headers={
"Content-Type": "application/x-www-form-urlencoded",
}
)
access_token = token_response.json()["access_token"]
print('ACCESSS TOKENN:')
print(access_token)
# We define a row that matches the schema we described earlier
sample_data = {"timestamp":1722007394978,"value":"value"}
postUri = "CORRECT URL"
# We use requests to create a post request with an array of streaming rows, in this case we have one row to push
response = requests.post(
postUri,
data=json.dumps([{"value": sample_data}]),
headers={
"Authorization": "Bearer " + access_token,
"Content-Type": "application/json",
},
)
return response
# Call the function
response = push_row()
print(response.status_code, response.reason, response.text)
response
ACCESSS TOKENN:
<access-token printed out>
403 Forbidden {"errorCode":"PERMISSION_DENIED","errorName":"Security:PermissionDenied","errorInstanceId":"xxxxx","parameters":{"rid":"ri.foundry-streaming.main.view.xxxxxx","operation":"streaming:write"}}
Conjecture:
- Both scripts are executed from the same local laptop - so it is not a ingress issue or both would not work
- There must some level of within Foundry permissions that my personal token (as an Owner of much of the Foundry instance) has that the Applicaiton OAuth user does not have
The OAuth user, however, appears to have edit access to the appropriate resources. I even elevated the permissions as high as I could for the OAuth User:
Additionally the application is enabled:
Questions
I am not sure what could be causing this permissions issue:
Is it a problem with the scope of the application/OAuth token request?
A missing configuration?
There is some additional permissions that one needs to grant to enable streaming:write or to the "rid":"ri.foundry-streaming.main.view...
?
Any guidance would be appreciated!