add option to allow connection from external clients (#452)

Signed-off-by: z8674558 <own7000hr@gmail.com>

5 files changed, 335 insertions, 3 deletions

diff --git a/tedge_config/src/settings.rs b/tedge_config/src/settings.rs
index 438cead8..d8f8c206 100644
--- a/tedge_config/src/settings.rs
+++ b/tedge_config/src/settings.rs
@@ -152,14 +152,99 @@ impl ConfigSetting for MqttPortSetting {
     const KEY: &'static str = "mqtt.port";
 
     const DESCRIPTION: &'static str = concat!(
-        "Mqtt broker port, which is used by the mqtt clients to publish or subscribe. ",
-        "Example: listener 1883"
+        "Mqtt broker port, which is used by the local mqtt clients to publish or subscribe. ",
+        "Example: 1883"
     );
 
     type Value = Port;
 }
 
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalPortSetting;
+
+impl ConfigSetting for MqttExternalPortSetting {
+    const KEY: &'static str = "mqtt.external.port";
+
+    const DESCRIPTION: &'static str = concat!(
+        "Mqtt broker port, which is used by the external mqtt clients to publish or subscribe. ",
+        "Example: 8883"
+    );
+
+    type Value = Port;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalBindAddressSetting;
+
+impl ConfigSetting for MqttExternalBindAddressSetting {
+    const KEY: &'static str = "mqtt.external.bind_address";
+
+    const DESCRIPTION: &'static str = concat!(
+        "IP address / hostname, which the mqtt broker limits incoming connections on. ",
+        "Example: 0.0.0.0"
+    );
+
+    type Value = String;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalBindInterfaceSetting;
+
+impl ConfigSetting for MqttExternalBindInterfaceSetting {
+    const KEY: &'static str = "mqtt.external.bind_interface";
+
+    const DESCRIPTION: &'static str = concat!(
+        "Name of network interface, which the mqtt broker limits incoming connections on. ",
+        "Example: wlan0"
+    );
+
+    type Value = String;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalCAPathSetting;
+
+impl ConfigSetting for MqttExternalCAPathSetting {
+    const KEY: &'static str = "mqtt.external.capath";
+
+    const DESCRIPTION: &'static str = concat!(
+        "Path to a file containing the PEM encoded CA certificates ",
+        "that are trusted when checking incoming client certificates. ",
+        "Example: /etc/ssl/certs"
+    );
+
+    type Value = FilePath;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalCertfileSetting;
+
+impl ConfigSetting for MqttExternalCertfileSetting {
+    const KEY: &'static str = "mqtt.external.certfile";
+
+    const DESCRIPTION: &'static str = concat!(
+        "Path to the certificate file, which is used by external MQTT listener",
+        "Example: /etc/tedge/device-certs/tedge-certificate.pem"
+    );
+
+    type Value = FilePath;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub struct MqttExternalKeyfileSetting;
+
+impl ConfigSetting for MqttExternalKeyfileSetting {
+    const KEY: &'static str = "mqtt.external.keyfile";
+
+    const DESCRIPTION: &'static str = concat!(
+        "Path to the private key file, which is used by external MQTT listener",
+        "Example: /etc/tedge/device-certs/tedge-private-key.pem"
+    );
+
+    type Value = FilePath;
+}
+
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
 pub struct SoftwarePluginDefaultSetting;
 
 impl ConfigSetting for SoftwarePluginDefaultSetting {
diff --git a/tedge_config/src/tedge_config.rs b/tedge_config/src/tedge_config.rs
index cbfacaa6..dcc1ccb0 100644
--- a/tedge_config/src/tedge_config.rs
+++ b/tedge_config/src/tedge_config.rs
@@ -244,6 +244,163 @@ impl ConfigSettingAccessor<MqttPortSetting> for TEdgeConfig {
     }
 }
 
+impl ConfigSettingAccessor<MqttExternalPortSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalPortSetting) -> ConfigSettingResult<Port> {
+        self.data
+            .mqtt
+            .external_port
+            .map(Port)
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalPortSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalPortSetting,
+        value: Port,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_port = Some(value.into());
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalPortSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_port = None;
+        Ok(())
+    }
+}
+
+impl ConfigSettingAccessor<MqttExternalBindAddressSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalBindAddressSetting) -> ConfigSettingResult<String> {
+        self.data
+            .mqtt
+            .external_bind_address
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalBindAddressSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalBindAddressSetting,
+        value: String,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_bind_address = Some(value);
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalBindAddressSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_bind_address = None;
+        Ok(())
+    }
+}
+
+impl ConfigSettingAccessor<MqttExternalBindInterfaceSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalBindInterfaceSetting) -> ConfigSettingResult<String> {
+        self.data
+            .mqtt
+            .external_bind_interface
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalBindInterfaceSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalBindInterfaceSetting,
+        value: String,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_bind_interface = Some(value);
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalBindInterfaceSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_bind_interface = None;
+        Ok(())
+    }
+}
+
+impl ConfigSettingAccessor<MqttExternalCAPathSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalCAPathSetting) -> ConfigSettingResult<FilePath> {
+        self.data
+            .mqtt
+            .external_capath
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalCAPathSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalCAPathSetting,
+        value: FilePath,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_capath = Some(value);
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalCAPathSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_capath = None;
+        Ok(())
+    }
+}
+
+impl ConfigSettingAccessor<MqttExternalCertfileSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalCertfileSetting) -> ConfigSettingResult<FilePath> {
+        self.data
+            .mqtt
+            .external_certfile
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalCertfileSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalCertfileSetting,
+        value: FilePath,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_certfile = Some(value);
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalCertfileSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_certfile = None;
+        Ok(())
+    }
+}
+
+impl ConfigSettingAccessor<MqttExternalKeyfileSetting> for TEdgeConfig {
+    fn query(&self, _setting: MqttExternalKeyfileSetting) -> ConfigSettingResult<FilePath> {
+        self.data
+            .mqtt
+            .external_keyfile
+            .clone()
+            .ok_or(ConfigSettingError::ConfigNotSet {
+                key: MqttExternalKeyfileSetting::KEY,
+            })
+    }
+
+    fn update(
+        &mut self,
+        _setting: MqttExternalKeyfileSetting,
+        value: FilePath,
+    ) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_keyfile = Some(value);
+        Ok(())
+    }
+
+    fn unset(&mut self, _setting: MqttExternalKeyfileSetting) -> ConfigSettingResult<()> {
+        self.data.mqtt.external_keyfile = None;
+        Ok(())
+    }
+}
+
 impl ConfigSettingAccessor<SoftwarePluginDefaultSetting> for TEdgeConfig {
     fn query(&self, _setting: SoftwarePluginDefaultSetting) -> ConfigSettingResult<String> {
         self.data
diff --git a/tedge_config/src/tedge_config_defaults.rs b/tedge_config/src/tedge_config_defaults.rs
index e3e0a654..7f6b98ab 100644
--- a/tedge_config/src/tedge_config_defaults.rs
+++ b/tedge_config/src/tedge_config_defaults.rs
@@ -35,7 +35,7 @@ pub struct TEdgeConfigDefaults {
     /// Default mapper timestamp bool
     pub default_mapper_timestamp: Flag,
 
-    /// Default port for mqtt
+    /// Default port for mqtt internal listener
     pub default_mqtt_port: Port,
 }
 
diff --git a/tedge_config/src/tedge_config_dto.rs b/tedge_config/src/tedge_config_dto.rs
index faabd8d4..92851962 100644
--- a/tedge_config/src/tedge_config_dto.rs
+++ b/tedge_config/src/tedge_config_dto.rs
@@ -75,6 +75,12 @@ pub(crate) struct AzureConfigDto {
 #[serde(deny_unknown_fields)]
 pub(crate) struct MqttConfigDto {
     pub(crate) port: Option<u16>,
+    pub(crate) external_port: Option<u16>,
+    pub(crate) external_bind_address: Option<String>,
+    pub(crate) external_bind_interface: Option<String>,
+    pub(crate) external_capath: Option<FilePath>,
+    pub(crate) external_certfile: Option<FilePath>,
+    pub(crate) external_keyfile: Option<FilePath>,
 }
 
 #[derive(Debug, Default, Deserialize, Serialize)]
diff --git a/tedge_config/tests/test_tedge_config.rs b/tedge_config/tests/test_tedge_config.rs
index 6eb8fbcd..a4f772e1 100644
--- a/tedge_config/tests/test_tedge_config.rs
+++ b/tedge_config/tests/test_tedge_config.rs
@@ -24,6 +24,12 @@ mapper_timestamp = true
 
 [mqtt]
 port = 1234
+external_port = 2345
+external_bind_address = "0.0.0.0"
+external_bind_interface = "wlan0"
+external_capath = "ca.pem"
+external_certfile = "cert.pem"
+external_keyfile = "key.pem"
 "#;
 
     let (_tempdir, config_location) = create_temp_tedge_config(toml_conf)?;
@@ -63,6 +69,33 @@ port = 1234
 
     assert_eq!(config.query(MqttPortSetting)?, Port(1234));
 
+    assert_eq!(config.query(MqttExternalPortSetting)?, Port(2345));
+
+    assert_eq!(
+        config.query(MqttExternalBindAddressSetting)?.as_str(),
+        "0.0.0.0"
+    );
+
+    assert_eq!(
+        config.query(MqttExternalBindInterfaceSetting)?.as_str(),
+        "wlan0"
+    );
+
+    assert_eq!(
+        config.query(MqttExternalCAPathSetting)?,
+        FilePath::from("ca.pem")
+    );
+
+    assert_eq!(
+        config.query(MqttExternalCertfileSetting)?,
+        FilePath::from("cert.pem")
+    );
+
+    assert_eq!(
+        config.query(MqttExternalKeyfileSetting)?,
+        FilePath::from("key.pem")
+    );
+
     Ok(())
 }
 
@@ -98,6 +131,12 @@ port = 1883
     let updated_c8y_url = "other-tenant.cumulocity.com";
     let updated_azure_url = "OtherAzure.azure-devices.net";
     let updated_mqtt_port = Port(2345);
+    let updated_mqtt_external_port = Port(3456);
+    let updated_mqtt_external_bind_address = "localhost";
+    let updated_mqtt_external_bind_interface = "eth0";
+    let updated_mqtt_external_capath = "/some/path";
+    let updated_mqtt_external_certfile = "cert.pem";
+    let updated_mqtt_external_keyfile = "key.pem";
 
     {
         let mut config = config_repo.load()?;
@@ -138,6 +177,27 @@ port = 1883
         config.unset(AzureRootCertPathSetting)?;
         config.unset(AzureMapperTimestamp)?;
         config.update(MqttPortSetting, updated_mqtt_port)?;
+        config.update(MqttExternalPortSetting, updated_mqtt_external_port)?;
+        config.update(
+            MqttExternalBindAddressSetting,
+            updated_mqtt_external_bind_address.to_string(),
+        )?;
+        config.update(
+            MqttExternalBindInterfaceSetting,
+            updated_mqtt_external_bind_interface.to_string(),
+        )?;
+        config.update(
+            MqttExternalCAPathSetting,
+            FilePath::from(updated_mqtt_external_capath),
+        )?;
+        config.update(
+            MqttExternalCertfileSetting,
+            FilePath::from(updated_mqtt_external_certfile),
+        )?;
+        config.update(
+            MqttExternalKeyfileSetting,
+            FilePath::from(updated_mqtt_external_keyfile),
+        )?;
         config_repo.store(&config)?;
     }
 
@@ -168,6 +228,30 @@ port = 1883
         assert_eq!(config.query(AzureMapperTimestamp)?, Flag(true));
 
         assert_eq!(config.query(MqttPortSetting)?, updated_mqtt_port);
+        assert_eq!(
+            config.query(MqttExternalPortSetting)?,
+            updated_mqtt_external_port
+        );
+        assert_eq!(
+            config.query(MqttExternalBindAddressSetting)?.as_str(),
+            updated_mqtt_external_bind_address
+        );
+        assert_eq!(
+            config.query(MqttExternalBindInterfaceSetting)?.as_str(),
+            updated_mqtt_external_bind_interface
+        );
+        assert_eq!(
+            config.query(MqttExternalCAPathSetting)?,
+            FilePath::from(updated_mqtt_external_capath)
+        );
+        assert_eq!(
+            config.query(MqttExternalCertfileSetting)?,
+            FilePath::from(updated_mqtt_external_certfile)
+        );
+        assert_eq!(
+            config.query(MqttExternalKeyfileSetting)?,
+            FilePath::from(updated_mqtt_external_keyfile)
+        );
     }
 
     Ok(())