This plugin is a very basic way to allow multiple teams to use a single MQTT broker without any access to each others topics, and without needing them to stick to a specific topic pattern/prefix.
- Check out & build the mosquitto develop branch (or 2.1.0 once released)
- Check out this project in an adjacent directory
- run
makein this project
port 1883
plugin ./mosquitto_multi_tenant.so
plugin_opt_regex ^[a-z0-9]+@([a-z0-9]+)$
allow_anonymous false
password_file passwd
Use mosquitto_passwd to create a passwd file with usernames of the format user@groupname
and an admin user then run ./test.sh to start the broker.
- Subscribe user from group
foowithmosquitto_sub -u user@foo -P password -v -t '#' - Subscribe user from group
barwithmosquitto_sub -u user@bar -P password -v -t '#' - Subscribe admin user with
mosquitto_sub -u admin -P password -v -t '#'
Then
- Publish message for
foogroup withmosquitto_pub -u user@foo -P password -t test -m message
Client IDs still need to be globally unique across the whole broker.Shared Subscriptions not supported (yet)- ACLs need work, write is to the "original" topic, but read needs to be to the prefixed topic
This code is based on the topic-jail plugin example included in the Mosquitto 2.1.0 release