feat: add emqx-init

prehor · Jun 22, 2024 · ae86ece · ae86ece
1 parent e568df9
commit ae86ece
Show file tree

Hide file tree

Showing 7 changed files with 124 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -110,6 +110,7 @@ Each Image will be built with a `rolling` tag, along with tags specific to it's
 
 Container | Channel | Image
 --- | --- | ---
+[emqx-init](https://github.com/prehor/container-images/pkgs/container/emqx-init) | stable | ghcr.io/prehor/emqx-init
 [usbip](https://github.com/prehor/container-images/pkgs/container/usbip) | stable | ghcr.io/prehor/usbip
 
 

diff --git a/apps/emqx-init/Dockerfile b/apps/emqx-init/Dockerfile
@@ -0,0 +1,31 @@
+ARG VERSION
+FROM docker.io/library/alpine:3.20
+
+ARG TARGETPLATFORM
+ARG VERSION
+ARG CHANNEL
+
+ENV CHARSET="UTF-8" \
+    LANG="en_US.UTF-8" \
+    UMASK="0002" \
+    TZ="Etc/UTC"
+
+USER root
+
+RUN \
+    mkdir /config \
+    && \
+    apk add --no-cache \
+        bash \
+        ca-certificates \
+        catatonit \
+        curl
+
+COPY ./apps/emqx-init/entrypoint.sh /entrypoint.sh
+
+WORKDIR /config
+
+ENTRYPOINT ["/usr/bin/catatonit", "--"]
+CMD ["/entrypoint.sh"]
+
+LABEL org.opencontainers.image.source="https://www.emqx.com"
diff --git a/apps/emqx-init/README.md b/apps/emqx-init/README.md
@@ -0,0 +1,8 @@
+# EMQX Init
+
+EMQX Authentication:
+* https://docs.emqx.com/en/emqx/latest/access-control/authn/authn.html
+* https://github.com/emqx/emqx/discussions/9142#discussioncomment-3862923
+
+EMQX Authorization:
+* https://docs.emqx.com/en/emqx/latest/access-control/authz/authz.html
diff --git a/apps/emqx-init/ci/goss.yaml b/apps/emqx-init/ci/goss.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/goss-org/goss/master/docs/schema.yaml
+file:
+  /entrypoint.sh:
+    exists: true
+    mode: "0755"
+  /usr/bin/curl:
+    exists: true
+    mode: "0755"
diff --git a/apps/emqx-init/ci/latest.sh b/apps/emqx-init/ci/latest.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+version="1.0.0"
+printf "%s" "${version}"
diff --git a/apps/emqx-init/entrypoint.sh b/apps/emqx-init/entrypoint.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+: "${INIT_EMQX_API_HOST:=localhost}"
+: "${INIT_EMQX_API_PORT:=18083}"
+: "${INIT_EMQX_ACCESS_KEY}"
+: "${INIT_EMQX_SECRET_KEY}"
+: "${INIT_EMQX_USER}"
+: "${INIT_EMQX_PASS}"
+: "${INIT_EMQX_TOPIC_ACTION:=all}"
+: "${INIT_EMQX_TOPIC_PERMISSION:=allow}"
+: "${INIT_EMQX_TOPIC:=${INIT_EMQX_USER}/*}"
+: "${INIT_EMQX_TOPIC_ACLS}"
+
+INIT_EMQX_BASE_API_URL="http://${INIT_EMQX_ACCESS_KEY}:${INIT_EMQX_SECRET_KEY}@${INIT_EMQX_API_HOST}:${INIT_EMQX_API_PORT}/api/v5"
+INIT_EMQX_AUTHN_API_URL="${INIT_EMQX_BASE_API_URL}/authentication/password_based:built_in_database/users"
+INIT_EMQX_AUTHZ_API_URL="${INIT_EMQX_BASE_API_URL}/authorization/sources/built_in_database/username"
+
+while ! curl ${CURL_PARAMS} "${INIT_EMQX_AUTHN_API_URL}"; do
+    echo 'Waiting for EMQX to start...'
+    sleep 5
+done
+
+echo 'EMQX started, ready to initialize...';
+
+# Authentication
+curl ${CURL_PARAMS} \
+     "${INIT_EMQX_AUTHN_API_URL}" \
+     -H 'Content-Type: application/json' \
+     -d "$(cat <<EOF
+    {
+        "user_id": "${INIT_EMQX_USER}",
+        "password": "${INIT_EMQX_PASS}"
+    }
+EOF
+)"
+echo 'EMQX access key created!'
+
+# Authorization
+for INIT_EMQX_TOPIC_ACL in "${INIT_EMQX_USER}:${INIT_EMQX_TOPIC_ACTION}:${INIT_EMQX_TOPIC_PERMISSION}" ${INIT_EMQX_TOPIC_ACLS}; do
+    local INIT_EMQX_TOPIC_USER="$(echo "${INIT_EMQX_TOPIC_ACL}" | cut -d ':' -f 1)"
+    local INIT_EMQX_TOPIC_ACTION="$(echo "${INIT_EMQX_TOPIC_ACL}" | cut -d ':' -f 2)"
+    local INIT_EMQX_TOPIC_PERMISSION="$(echo "${INIT_EMQX_TOPIC_ACL}" | cut -d ':' -f 3)"
+    curl ${CURL_PARAMS} \
+        "${INIT_EMQX_AUTHZ_API_URL}" \
+        -H 'Content-Type: application/json' \
+        -d "$(cat <<EOF
+                [
+                    {
+                        "username": "${INIT_EMQX_TOPIC_USER}",
+                        "rules": [
+                            {
+                                "action": "${INIT_EMQX_TOPIC_ACTION}",
+                                "permission": "${INIT_EMQX_TOPIC_PERMISSION}",
+                                "topic": "${INIT_EMQX_TOPIC}"
+                            }
+                        ]
+                    }
+                ]
+EOF
+)"
+done
+echo 'EMQX authorization created!'
diff --git a/apps/emqx-init/metadata.yaml b/apps/emqx-init/metadata.yaml
@@ -0,0 +1,10 @@
+---
+app: emqx-init
+semver: true
+channels:
+  - name: stable
+    platforms: ["linux/amd64"]
+    stable: true
+    tests:
+      enabled: true
+      type: cli