Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to use mountpoint without listeners ? #311

Open
SebUndefined opened this issue May 18, 2022 · 1 comment
Open

Is it possible to use mountpoint without listeners ? #311

SebUndefined opened this issue May 18, 2022 · 1 comment

Comments

@SebUndefined
Copy link

SebUndefined commented May 18, 2022
edited
Loading

Hi,

We use VerneMQ for our iot solution and we would like to use mountpoint for splitting our clients.

As far as we can see, it is possible to use mountpoint through Webhook without creating a listener. Our strategy would be:

  • prefix the username or client_id of the device with a specific string (the client name for example). Like [Client_Name]_[Device_username]. This will be done at the device creation automatically.
  • check if the client exist in DB with the prefix, auth the device of course and return a modifier like this in the auth_on_register webhook
{
      "result": "ok",
      "modifiers": {
        "client_id": "client_id",
        "mountpoint": "client_name"
      }
}

Note: we have to return the client_id in the modifier otherwise the mountpoint modifier is ignored.
https://pi3g.com/2019/06/09/changing-the-mountpoint-on-auth_on_register-webhook-for-vernemq/

as far as we can see, it works pretty well. The mountpoint is taken into consideration after auth_on_register and one device subscribing to a topic on mountpoint "x" is not able to see message published on this topic by another device connected to a mountpoint "y".

I am just wondering if this solution is ok or is it just an "hack" ? We found that creating listeners "on the fly" for each customer could be really complicated especially with k8s deployment. But if this solution is viable in production, it could fix all our problems :)
@ioolkos
Copy link
Contributor

ioolkos commented Jun 17, 2022

@SebUndefined apologies that I missed to comment on this.
I will not issue security recommendations (as a general disclaimer), but your approach uses the modifier in a valid way. The plugin is free to modify the mountpoint internally. This can, in fact, be used as a label to partition Clients.

The difference to using listeners alongside is that there's still only 1 topic tree with your approach. So, ACL must be in place to ensure that Clients do not cross-subscribe, subscribe to wrong topics etc. The other consequence is that the same topic name will mean the actual same topic for all clients. (that is, you cannot use a topic "example" with entirerly separated meaning per customer)

But other than that, your approach is certainly good and usable.

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ioolkos @SebUndefined