mosquitto
mosquitto copied to clipboard
eclipse
%c and %u not working with the dynamic security plugin.
For the roles assigned in the dynamic security plugin, the use of %c and %u are not working as expected as it's used with ACL file .
In the ACL file, the use of pattern readwrite data/%u/# allows the user named userone to access the topic data/userone/messages and similar for the other username but the same does not apply for the dynamic security plugin when used such characters.
Given below is my sample role configuration which allows topic subscription and publishing using the characters "%u" itself only.
{
"rolename": "sampleRole",
"textname": "TN",
"textdescription": "TD",
"acls": [{
"acltype": "publishClientSend",
"topic": "%u/#",
"priority": 0,
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "%u/#",
"priority": 0,
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "%u/#",
"priority": 0,
"allow": true
}, {
"acltype": "unsubscribePattern",
"topic": "%u/#",
"priority": 0,
"allow": true
}]
}
We can create separate roles for the individual users appending the respective username in the ACLs topic but looking for the generic implementation of the automatic username fetching features based on characters such as %c or %u to be used with the dynamic security plugin. Are there any other ways to define the roles to achieve the same thing?
Note: using both acl_file with content pattern readwrite %u/# and dynamic security plugin with the above-mentioned role didn't achieve the expected result.
I'm afraid at the moment the %c and %u options aren't available in the dynsec ACLs. I intend for them to be part of version 2.1.
Hi, hit the same problem, so i guess i will need to wait for 2.1 in December, but while at it ... Are there any plans to add other certificate fields like: OU: OrganizationalUnit O: Organization L: Locality S: StateOrProvinceName C: CountryName It will be great to give devices with OU:Sensors the right to publish temperature data with a single rule for example and then control that right on sertificate generation without the need to modify config
Just came across this as I've started using this plugin. Great plugin, thanks! would you know when this functionality be released?
Is there any information about when 2.1 will be released? https://projects.eclipse.org/projects/iot.mosquitto shows it should've been released 4 months ago
I just started to use the plugin and was hoping to use this functionality for creating my roles. Unfortunately 2.1 appears to be not released still?? Anyhow, the relevant commit in the development version is c9c5889
Anyhow, the relevant commit in the development version is c9c5889
The first relevant commit is this one: 0cd26194013ac9b9466f02482fa194e44ff9837c
You can find the commit history for that plugin since that commit here: https://github.com/eclipse/mosquitto/commits/develop/plugins/dynamic-security?since=2021-06-10&after=1bb2299b0f3e44624cf3057f773cb8235e7f09b3+104
