feat: auto generate users of form WIS2BOX_BROKER_USERNAME_* with perm…

…issions under topic of form WIS2BOX_BROKER_TOPIC_*
wmo-im · Aug 22, 2024 · 2ee2ba1 · 2ee2ba1
1 parent 3b8d09f
commit 2ee2ba1
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 13 deletions.
diff --git a/wis2box-broker/acl.conf b/wis2box-broker/acl.conf
@@ -5,8 +5,4 @@ user _WIS2BOX_BROKER_USERNAME
 topic readwrite origin/#
 topic readwrite wis2box/#
 topic readwrite data-incoming/#
-topic read $SYS/#
-
-user _WIS2BOX_CAP_USERNAME
-topic readwrite wis2box/cap/#
-topic read origin/#
+topic read $SYS/#
diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh
@@ -16,7 +16,6 @@ echo "Setting mosquitto authentication"
 if [ ! -e "/mosquitto/config/password.txt" ]; then
     echo "Adding wis2box users to mosquitto password file"
     mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD
-    mosquitto_passwd -b /mosquitto/config/password.txt $WIS2BOX_CAP_USERNAME $WIS2BOX_CAP_PASSWORD
     mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone
 else
     echo "Mosquitto password file already exists. Skipping wis2box user addition."
@@ -25,4 +24,15 @@ fi
 sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf
 sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf
 
+for i in `env | grep -Ee "\<WIS2BOX_BROKER_USERNAME_[[:alnum:]]+"`; do
+    NAME_TAIL=`echo $i | awk -FWIS2BOX_BROKER_USERNAME_ '{print $2}' | awk -F= '{print $1}'`
+    username=WIS2BOX_BROKER_USERNAME_$NAME_TAIL
+    password=WIS2BOX_BROKER_PASSWORD_$NAME_TAIL
+    topic=WIS2BOX_BROKER_TOPIC_$NAME_TAIL
+    echo ${!username}, ${!password}
+    mosquitto_passwd -b /mosquitto/config/password.txt ${!username} ${!password}
+    echo "user ${!username}" >>  /mosquitto/config/acl.conf
+    echo "topic readwrite ${!topic}" >>  /mosquitto/config/acl.conf
+done
+
 /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
diff --git a/wis2box-create-config.py b/wis2box-create-config.py
@@ -344,11 +344,6 @@ def create_wis2box_env(config_dir: str) -> None:
         # update WIS2BOX_BROKER_PUBLIC settings after updating broker defaults
         fh.write('# update WIS2BOX_BROKER_PUBLIC settings after updating broker defaults\n') # noqa
         fh.write('WIS2BOX_BROKER_PUBLIC=mqtt://${WIS2BOX_BROKER_USERNAME}:${WIS2BOX_BROKER_PASSWORD}@mosquitto:1883\n') # noqa
-        # use the default username wis2box for WIS2BOX_CAP
-        fh.write('WIS2BOX_CAP_USERNAME=wis2box\n')
-        # get password for WIS2BOX_CAP_PASSWORD and write it to wis2box.env
-        fh.write(get_password('WIS2BOX_CAP_PASSWORD'))
-        fh.write('\n')
         # update minio settings after updating storage and broker defaults
         fh.write('\n')
         fh.write('# minio settings\n') # noqa
@@ -359,8 +354,6 @@ def create_wis2box_env(config_dir: str) -> None:
         fh.write('MINIO_NOTIFY_MQTT_ENABLE_WIS2BOX=on\n')
         fh.write('MINIO_NOTIFY_MQTT_USERNAME_WIS2BOX=${WIS2BOX_BROKER_USERNAME}\n') # noqa
         fh.write('MINIO_NOTIFY_MQTT_PASSWORD_WIS2BOX=${WIS2BOX_BROKER_PASSWORD}\n') # noqa
-        fh.write('MINIO_NOTIFY_MQTT_USERNAME_CAP=${WIS2BOX_CAP_USERNAME}\n') # noqa
-        fh.write('MINIO_NOTIFY_MQTT_PASSWORD_CAP=${WIS2BOX_CAP_PASSWORD}\n') # noqa
         fh.write('MINIO_NOTIFY_MQTT_BROKER_WIS2BOX=tcp://${WIS2BOX_BROKER_HOST}:${WIS2BOX_BROKER_PORT}\n') # noqa
         fh.write('MINIO_NOTIFY_MQTT_TOPIC_WIS2BOX=wis2box/storage\n')
         fh.write('MINIO_NOTIFY_MQTT_QOS_WIS2BOX=1\n')