add mq dynamic security conf to docker

compose/docker-compose.yml

@@ -111,9 +111,9 @@ services:
     restart: unless-stopped
     volumes:
       - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
+      - /root/dynamic-security.json:/mosquitto/config/dynamic-security.json
       - mosquitto_data:/mosquitto/data
       - mosquitto_logs:/mosquitto/log
-      - shared_certs:/mosquitto/certs
     expose:
       - "8883"
     labels:

docker/dynamic-security.json

@@ -0,0 +1,54 @@
+{
+	"clients":	[{
+			"username":	"bob",
+			"textName":	"Dynsec admin user",
+			"password":	"JEfqgJum2mlJa51WTGdvEAs2Rnc8vno14yAsAhxbjo9nKs0GAgL0+YM2iOUaW/GFK8L/B0EkbP5qd1AeyBdRTg==",
+			"salt":	"MgoCdNVGYMqJh+nU",
+			"iterations":	101,
+			"roles":	[{
+					"rolename":	"admin"
+				}]
+		}],
+	"roles":	[{
+			"rolename":	"admin",
+			"acls":	[{
+					"acltype":	"publishClientSend",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"$SYS/#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"$SYS/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"#",
+					"allow":	true
+				}, {
+					"acltype":	"unsubscribePattern",
+					"topic":	"#",
+					"allow":	true
+				}]
+		}],
+	"defaultACLAccess":	{
+		"publishClientSend":	false,
+		"publishClientReceive":	true,
+		"subscribe":	false,
+		"unsubscribe":	true
+	}
+}

docker/mosquitto.conf

@@ -1,12 +1,20 @@
-per_listener_settings true
+# per_listener_settings true
 
-listener 8883
-allow_anonymous false
-require_certificate true
-use_identity_as_username true
-cafile /mosquitto/certs/root.pem
-certfile /mosquitto/certs/server.pem
-keyfile /mosquitto/certs/server.key
+# listener 8883
+# allow_anonymous false
+# require_certificate true
+# use_identity_as_username true
+# cafile /mosquitto/certs/root.pem
+# certfile /mosquitto/certs/server.pem
+# keyfile /mosquitto/certs/server.key
+
+# listener 1883
+# allow_anonymous true
+
+per_listener_settings false
 
 listener 1883
-allow_anonymous true
+allow_anonymous false
+plugin /usr/lib/mosquitto_dynamic_security.so
+plugin_opt_config_file /mosquitto/config/dynamic-security.json
+