Skip to content

Feature Request: Add machine-readable error codes to Dynamic Security Plugin responses #3517

New issue
New issue
Open
Open
Feature Request: Add machine-readable error codes to Dynamic Security Plugin responses#3517
Labels
Status: AvailableNo one has claimed responsibility for resolving this issue.
@vorlif

Description

@vorlif
vorlif
opened on Feb 22, 2026

I am currently developing an application that manages sensors by dynamically creating MQTT clients via the Dynamic Security Plugin API. To keep the architecture clean, I use the Mosquitto plugin as the "Source of Truth" and do not locally track which clients have already been created. Instead, my application simply attempts to create a client when a sensor connects.

Problem

Currently, I am facing a major hurdle in error handling. Since the API only returns human-readable strings, my application has to perform string parsing to decide how to proceed.

if response.Error == "Client already exists" {
    return nil 
} else if response.Error == "Role not found" || response.Error == "Group not found"
    return fmt.Errorf("Critical configuration mismatch: %s", response.Error)
}

This approach is highly error-prone. If a future update of Mosquitto changes "Client already exists" to "Username already exists" or "Client already defined", my integration will fail silently or trigger false alerts.

Proposed Solution

I propose adding a machine-readable field (e.g., code or reason_code) to the JSON response. This would allow programmatic error handling that is independent of the translated or formatted error message.

Example:

{
  "responses": [
    {
      "command": "createClient",
      "error": "Client already exists",
      "code": 409
    }
  ]
}

Implementation Ideas

My first thought was status codes, as used in the REST API. However, I dismissed the idea because a single command like createClient can fail for multiple distinct reasons. For instance, if I try to create a client and simultaneously assign it to a group, the error needs to distinguish between "Client already exists" and "Group does not exist."

Therefore, I propose a structured set of error codes like the following:

Code Constant / Identifier Description
0 SUCCESS Command executed successfully.
1 ERR_INVALID_FORMAT The JSON structure or field types are invalid.
2 ERR_CLIENT_EXISTS The client already exists
3 ERR_ROLE_NOT_FOUND Role does not exist.
4 ERR_GROUP_NOT_FOUND Group does not exist.
5 ... ...

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: AvailableNo one has claimed responsibility for resolving this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions