MQTT topics with path parameters required to match guarded identity #1387

epieffe · 2025-01-29T22:45:58Z

The goal of this PR is to allow secure access to some MQTT client specific topics for publish and/or subscribe.

For publish or subscribe routes:

mqtt server can define path parameters for any segment in a topic name
mqtt server can enforce that a path parameter matches the client's guarded identity (e.g. via jwt guard)

Example configuration:

mqtt_server0:
  type: mqtt
  kind: server
  routes:
    - when:
        - publish:
          - topic: taxi/{id}/location
            params:
              id: ${guarded['jwt'].identity}
        - subscribe:
          - topic: taxi/{id}/update
            params:
              id: ${guarded['jwt'].identity}
      exit: mqtt_kafka_proxy0

Fixes #1382

...tt/src/main/java/io/aklivity/zilla/runtime/binding/mqtt/config/MqttPublishConfigBuilder.java

.../src/main/java/io/aklivity/zilla/runtime/binding/mqtt/config/MqttSubscribeConfigBuilder.java

...a/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttConditionConfigAdapterTest.java

...st/java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttConditionMatcherTest.java

.../java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttConditionConfigAdapter.java

...tt/src/main/java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttRouteConfig.java

.../java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttConditionConfigAdapter.java

...c/main/java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttConditionMatcher.java

...tt/src/main/java/io/aklivity/zilla/runtime/binding/mqtt/internal/config/MqttRouteConfig.java

…entity

jfallows requested changes Feb 6, 2025

View reviewed changes

epieffe force-pushed the feature/mqtt-topic-param branch 2 times, most recently from 2f9095f to d15893e Compare February 9, 2025 01:13

jfallows requested changes Feb 17, 2025

View reviewed changes

epieffe force-pushed the feature/mqtt-topic-param branch 4 times, most recently from 084e920 to d0c53ea Compare February 23, 2025 01:59

epieffe force-pushed the feature/mqtt-topic-param branch 5 times, most recently from 32aad91 to d0a21b7 Compare March 1, 2025 15:48

jfallows previously approved these changes Mar 10, 2025

View reviewed changes

epieffe added 2 commits March 15, 2025 00:17

Support mqtt topics with path parameters required to match guarded id…

db5434f

…entity

Integration tests for MQTT topic parameters with guarded identity

a5c4965

epieffe dismissed jfallows’s stale review via a5c4965 March 14, 2025 23:18

epieffe force-pushed the feature/mqtt-topic-param branch from d0a21b7 to a5c4965 Compare March 14, 2025 23:18

jfallows approved these changes Mar 17, 2025

View reviewed changes

jfallows merged commit 19dd6ad into aklivity:develop Apr 14, 2025
37 of 41 checks passed

jfallows mentioned this pull request Apr 14, 2025

Documentation for MQTT topics with path parameters aklivity/zilla-docs#311

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MQTT topics with path parameters required to match guarded identity #1387

MQTT topics with path parameters required to match guarded identity #1387

Uh oh!

epieffe commented Jan 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

MQTT topics with path parameters required to match guarded identity #1387

MQTT topics with path parameters required to match guarded identity #1387

Uh oh!

Conversation

epieffe commented Jan 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!