Role-Based Access Control in Eclipse Mosquitto MQTT Broker using Docker Init Containers

Mosquitto MQTT Broker 2.0 with Dynamic Security Plugin for Role-Based Access Control using Docker Compose Init Containers

Images

Name	Version	Purpose
`eclipse-mosquitto`	`2.0.14`	MQTT v3.1.1/v5 Broker
`cedalo/management-center`	`2.3.4`	Web-based UI for RBAC fine-tuning

Docker Init Container in Compose

NOTE: this feature is similar to Kubernetes Init Containers, which is available for Docker Compose since version 1.29.

The Init Container can initialize your container by using the depends_on spec. Depending on the intialization process, you can set three conditions of the container's state you wish to initialize:

service_started
service_healthy
service_completed_sucessfully

Unfortunately, this feature is yet to be documented. However, some resources to look into:

Usage

Create an external docker network

docker network create proxy-network

docker compose up

You will see that init-mqtt service bootstraps the mqtt service by:

generating the dynamic-security.json file in the init-mqtt container
the JSON file is available to mqtt service via the mqtt-dynsec shared volume

docker compose down --volumes # purge the created JSON file if you want to restart again

Availability

Service	Port
MQTT Broker	`1883`
MQTT management Center	`8088`

Dynamic Security RBAC control

Login into http://localhost:8088 (see credentials in cedalo.env)
Click on Top-Left Icon to expand the Options

Click on Clients to generate new users that can Publish / Subscribe to the Broker

You will have to go through the Dynamic Security Plugin Documentation from Mosquitto in order to understand what Clients, Groups, Roles are for fine granularity on MQTT Topics using RBAC mechanism.

System Specs

Docker Engine version

Client:
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.17.5
 Git commit:        e91ed5707e
 Built:             Mon Dec 13 22:31:40 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.12
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.5
  Git commit:       459d0dfbbb
  Built:            Mon Dec 13 22:30:43 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.1
  GitCommit:        10f428dac7cec44c864e1b830a4623af27a9fc70.m
 runc:
  Version:          1.1.0
  GitCommit:        v1.1.0-0-g067aaf85
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Docker Compose CLI Version (part of docker CLI)

Docker Compose version 2.3.3

Additional Resources

Steve's Internet Guide on MQTT Dynamic Security

shantanoo-desai / mqtt-rbac-docker-init Goto Github PK

mqtt-rbac-docker-init's Introduction

Role-Based Access Control in Eclipse Mosquitto MQTT Broker using Docker Init Containers

Images

Docker Init Container in Compose

Usage

Availability

Dynamic Security RBAC control

System Specs

Additional Resources

mqtt-rbac-docker-init's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent