Skip to content

shantanoo-desai/mqtt-rbac-docker-init

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

.github/assets

.github/assets

 
 

config

config

 
 

scripts

scripts

 
 

.env

.env

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

cedalo.env

cedalo.env

 
 

docker-compose.yml

docker-compose.yml

 
 

mosquitto.env

mosquitto.env

 
 

Repository files navigation

Role-Based Access Control in Eclipse Mosquitto MQTT Broker using Docker Init Containers

Mosquitto MQTT Broker 2.0 with Dynamic Security Plugin for Role-Based Access Control using Docker Compose Init Containers

Images

Name Version Purpose
eclipse-mosquitto 2.0.14 MQTT v3.1.1/v5 Broker
cedalo/management-center 2.3.4 Web-based UI for RBAC fine-tuning

Docker Init Container in Compose

NOTE: this feature is similar to Kubernetes Init Containers, which is available for Docker Compose since version 1.29.

The Init Container can initialize your container by using the depends_on spec. Depending on the intialization process, you can set three conditions of the container's state you wish to initialize:

  • service_started
  • service_healthy
  • service_completed_sucessfully

Unfortunately, this feature is yet to be documented. However, some resources to look into:

  1. Feature Request Issue on Docker Compose
  2. Pending Pull-Request for Documentation of Init Containers
  3. StackExchange Query with a possible example

Usage

Create an external docker network

docker network create proxy-network
docker compose up

You will see that init-mqtt service bootstraps the mqtt service by:

  • generating the dynamic-security.json file in the init-mqtt container
  • the JSON file is available to mqtt service via the mqtt-dynsec shared volume
docker compose down --volumes # purge the created JSON file if you want to restart again

Availability

Service Port
MQTT Broker 1883
MQTT management Center 8088

Dynamic Security RBAC control

  1. Login into http://localhost:8088 (see credentials in cedalo.env)
  2. Click on Top-Left Icon to expand the Options

Dynamic Security Plugin UI Snap

  1. Click on Clients to generate new users that can Publish / Subscribe to the Broker

You will have to go through the Dynamic Security Plugin Documentation from Mosquitto in order to understand what Clients, Groups, Roles are for fine granularity on MQTT Topics using RBAC mechanism.

System Specs

Docker Engine version

Client:
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.17.5
 Git commit:        e91ed5707e
 Built:             Mon Dec 13 22:31:40 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.12
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.5
  Git commit:       459d0dfbbb
  Built:            Mon Dec 13 22:30:43 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.1
  GitCommit:        10f428dac7cec44c864e1b830a4623af27a9fc70.m
 runc:
  Version:          1.1.0
  GitCommit:        v1.1.0-0-g067aaf85
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Docker Compose CLI Version (part of docker CLI)

Docker Compose version 2.3.3

Additional Resources

Steve's Internet Guide on MQTT Dynamic Security

About

Mosquitto MQTT Broker 2.0 with Dynamic Security Plugin for Role-Based Access Control using Docker Compose Init Containers

Topics

mqtt docker-compose rbac-management init-containers mosquitto-mqtt-broker

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages