@ -3,6 +3,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
let
port = 1888 ;
tlsPort = 1889 ;
anonPort = 1890 ;
password = " V E R Y _ s e c r e t " ;
hashedPassword = " $ 7 $ 1 0 1 $ / W J c 4 M p + I + u Y E 9 s R $ o 7 z 9 r D 1 E Y X H P w E P 5 G q Q j 6 A 7 k 4 W 1 y V b e P l b 8 T q N c u O L V 9 W N C i D g w H O B 0 J H C 1 W C t d k s s q T B d u B N U n U G d 6 k m Z v D S w = = " ;
topic = " t e s t / f o o " ;
@ -63,7 +64,7 @@ in {
} ;
in {
server = { pkgs , . . . }: {
networking . firewall . allowedTCPPorts = [ port tlsPort ] ;
networking . firewall . allowedTCPPorts = [ port tlsPort anonPort ] ;
services . mosquitto = {
enable = true ;
settings = {
@ -112,6 +113,18 @@ in {
use_identity_as_username = true ;
} ;
}
{
port = anonPort ;
omitPasswordAuth = true ;
settings . allow_anonymous = true ;
acl = [ " p a t t e r n r e a d # " ] ;
users = {
anonWriter = {
password = " < i g n o r e d > " + password ;
acl = [ " w r i t e ${ topic } " ] ;
} ;
} ;
}
] ;
} ;
} ;
@ -182,5 +195,14 @@ in {
topic = " $ S Y S / # " ,
port = $ { toString tlsPort } ,
user = " n o _ s u c h _ u s e r " ) )
with subtest ( " c h e c k o m i t P a s s w o r d A u t h " ) :
parallel (
lambda : client1 . succeed ( subscribe ( " - i f d 5 6 0 3 2 c - d 9 c b - 4 8 1 3 - a 3 b 4 - 6 b e 0 e 0 4 c 8 f c 3 " ,
" a n o n R e a d e r " , port = $ { toString anonPort } ) ) ,
lambda : [
server . wait_for_console_text ( " f d 5 6 0 3 2 c - d 9 c b - 4 8 1 3 - a 3 b 4 - 6 b e 0 e 0 4 c 8 f c 3 " ) ,
client2 . succeed ( publish ( " - m t e s t " , " a n o n W r i t e r " , port = $ { toString anonPort } ) )
] )
'' ;
} )