Comments (3)
I have changed my mind about the dynamic security plugin for Quicksetup: far too complex, not necessarily for us, but if we'd have to support the resulting configuration.
We might be able to simplify with some Ansible/Jinja templating which picks up specific user files and inserts them into the ACL where they belong.
from quicksetup.
This looks okay, using only Jinja templating:
main acl template
----
{% for f in friends %}
# main: user={{ f.username }}
{% set fragment = "t/" + f.username + ".acl" %}
{% include fragment ignore missing %}
{% endfor %}
----
fragment t/jjolie.acl
# --begin special for jjolie
topic read owntracks/jpmens/5s
topic read $SYS/#
# --end special for jjolie
output
----
# main: user=jane
# main: user=ck
# main: user=ck00
# main: user=bbb
# main: user=ccc
# main: user=jip
# main: user=jjolie
# --begin special for jjolie
topic read owntracks/jpmens/5s
topic read $SYS/#
# --end special for jjolie# main: user=iris
# main: user=iris
# main: user=iris
# main: user=andie
# main: user=huawei
# main: user=simu
# main: user=simu
----
from quicksetup.
output (no default for a user, which is good)
user jip
topic readwrite owntracks/jip/#
topic read owntracks/+/+
topic read owntracks/+/+/event
topic read owntracks/+/+/info
# --begin special for jjolie
topic read owntracks/jpmens/5s
topic read $SYS/#
# --end special for jjolie
user iris
topic readwrite owntracks/iris/#
topic read owntracks/+/+
topic read owntracks/+/+/event
topic read owntracks/+/+/info
template
{% for f in friends %}
{{ f.username | mqtt_acl() }}
{% endfor %}
new filter function
This filter tests if a fragement file for the specified username exists; if so it is read in, otherwise a default ACL for the particular user is emitted.
from ansible.errors import AnsibleFilterError
from string import Template
import os
def mqtt_acl(username):
acl = """
user $U
topic readwrite owntracks/$U/#
topic read owntracks/+/+
topic read owntracks/+/+/event
topic read owntracks/+/+/info
"""
path = os.path.join("t", "%s.acl" % username)
if os.path.exists(path):
with open(path, "r") as f:
acl = f.read()
return acl
return Template(acl).safe_substitute(U=username)
class FilterModule(object):
def filters(self):
return {
'mqtt_acl': mqtt_acl,
}
from quicksetup.
Related Issues (20)
- Avoid clobbering passwords / otrc files when multiple devices in configuration.yaml have the same username / device HOT 5
- Multiuser and MQTT passwords HOT 2
- MQTT configuration changes HOT 8
- Add template validation for mosquitto*.* when 2.1 is released
- User-specific waypoints for inline/otrc configuration HOT 6
- Check task duration: why does otrc generation take so long? HOT 2
- bootstrap.sh should detect if it's being run as priviledged user
- Assertion failing during OwnTracks installation HOT 4
- How-to change login password at https://owntracks.example/owntracks/ ? HOT 11
- Please Delete This
- Battery shows 0% no matter what at https://owntracks.domain.com/owntracks/table/ HOT 3
- Rate-Limited By OpenCage? HOT 2
- Change "mqttProtocolLevel" HOT 1
- Quicksetup acme "cant find solver" "firewall problem?" HOT 10
- Post quicksetup connection issues HOT 2
- Front end URL could be improved HOT 1
- Quicksetup: Where does the data live? HOT 2
- mosquitto restart issue during install HOT 9
- How Quicksetup logs Let's Encrypt certificate renewals
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quicksetup.