This commit is contained in:
Joseph Hanson 2024-09-23 02:10:32 -05:00
parent e4a027e21d
commit 3594a73baf
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
4 changed files with 20 additions and 7 deletions

View file

@ -22,10 +22,17 @@ spec:
mountPath: /opt/init-user.json mountPath: /opt/init-user.json
subPath: init-user.json subPath: init-user.json
readOnly: true readOnly: true
- name: acl-conf
mountPath: /opt/acl.conf
subPath: acl.conf
readOnly: true
extraVolumes: extraVolumes:
- name: init-user - name: init-user
secret: secret:
secretName: emqx-init-user-secret secretName: emqx-init-user-secret
- name: acl-conf
configMap:
name: emqx-acl-conf
listenersServiceTemplate: listenersServiceTemplate:
metadata: metadata:
annotations: annotations:

View file

@ -9,6 +9,9 @@ configMapGenerator:
- name: emqx-conf - name: emqx-conf
files: files:
- emqx.conf=./resources/emqx.conf - emqx.conf=./resources/emqx.conf
- name: emqx-acl-conf
files:
- acl.conf=./resources/acl.conf
replacements: replacements:
- source: - source:
kind: ConfigMap kind: ConfigMap

View file

@ -0,0 +1,5 @@
%% ACLs for emqx %%
{allow, {user, "jahanson"}, all, ["#"]}.
{allow, {user, "tasmota"}, publish, ["tasmota/discovery/#", "tele/tasmota_+/+", "cmnd/tasmota_+/+"]}.
{allow, {user, "homeassistant"}, subscribe, ["stat/tasmota_+/+", "tele/tasmota_+/+"]}.
{deny, all}.

View file

@ -14,14 +14,12 @@ authorization {
{ {
type = built_in_database type = built_in_database
enable = true enable = true
},
{
type = file
enable = true
path = "/opt/acl.conf"
} }
] ]
no_match: "deny" no_match: "deny"
} }
authorization.sources.built_in_database.rules = [
{allow, {user, "jahanson"}, all, ["#"]},
{allow, {user, "tasmota"}, publish, ["tasmota/discovery/#", "tele/tasmota_+/+", "cmnd/tasmota_+/+"]},
{allow, {user, "homeassistant"}, subscribe, ["stat/tasmota_+/+", "tele/tasmota_+/+"]},
{deny, all}
]