diff options
author | pennae <github@quasiparticle.net> | 2021-10-24 19:34:25 +0200 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2021-10-24 19:38:51 +0200 |
commit | d09952fea85538ff72fb25a9fe8e473f853a58ec (patch) | |
tree | 765695b4433b653e15c9c0c5b43b400b598a0bf9 /nixos/tests/mosquitto.nix | |
parent | 81175b442f4e4e3c9c8aa807b92047f73647458e (diff) |
nixos/mosquitto: restore passwordless system feature
during the rewrite the checkPasswords=false feature of the old module was lost. restore it, and with it systems that allow any client to use any username.
Diffstat (limited to 'nixos/tests/mosquitto.nix')
-rw-r--r-- | nixos/tests/mosquitto.nix | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/nixos/tests/mosquitto.nix b/nixos/tests/mosquitto.nix index bcca5372eaefa..36cc8e3e3d9bd 100644 --- a/nixos/tests/mosquitto.nix +++ b/nixos/tests/mosquitto.nix @@ -3,6 +3,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let port = 1888; tlsPort = 1889; + anonPort = 1890; password = "VERY_secret"; hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw=="; topic = "test/foo"; @@ -63,7 +64,7 @@ in { }; in { server = { pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ port tlsPort ]; + networking.firewall.allowedTCPPorts = [ port tlsPort anonPort ]; services.mosquitto = { enable = true; settings = { @@ -112,6 +113,18 @@ in { use_identity_as_username = true; }; } + { + port = anonPort; + omitPasswordAuth = true; + settings.allow_anonymous = true; + acl = [ "pattern read #" ]; + users = { + anonWriter = { + password = "<ignored>" + password; + acl = [ "write ${topic}" ]; + }; + }; + } ]; }; }; @@ -182,5 +195,14 @@ in { topic="$SYS/#", port=${toString tlsPort}, user="no_such_user")) + + with subtest("check omitPasswordAuth"): + parallel( + lambda: client1.succeed(subscribe("-i fd56032c-d9cb-4813-a3b4-6be0e04c8fc3", + "anonReader", port=${toString anonPort})), + lambda: [ + server.wait_for_console_text("fd56032c-d9cb-4813-a3b4-6be0e04c8fc3"), + client2.succeed(publish("-m test", "anonWriter", port=${toString anonPort})) + ]) ''; }) |