ESPHome
MQTT Client ID and topic prefix should match when is_name_add_mac_suffix_enabled() is true
#3438
Unanswered
kaechele
asked this question in
Component enhancements
MQTT Client ID and topic prefix should match when `is_name_add_mac_suffix_enabled()` is `true`
#3438
Replies: 1 comment
-
|
🏷️ I've automatically added the |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Component name
mqtt
Link to component documentation on our website
https://esphome.io/components/mqtt/
Describe the enhancement
When using
name_add_mac_suffix: truethe automatically generated MQTT client ID and topic prefix should match.Right now the client ID will be
<APP_NAME>-<MAC>and the topic prefix will be<APP_NAME>.To illustrate, take a device with MAC address
12:34:56:78:90:ABthat has the following settings:Resulting MQTT Client ID:
mydevice-7890ab-1234567890abResulting Topic Prefix:
mydevice-7890abIdeally, both the client ID and the topic prefix would be the same.
Use cases
Mosquitto allows restricting access to topics based on dynamic ACLs. Subscriptions to topics can be limited based on topic patterns. Two variables are available there for substitution
%ufor the username and%cfor the client ID.Imagine a scenario where you are deploying a number of similar ESPHome devices with MQTT. You create one common build with
name_add_mac_suffixenabled to be able to tell them apart without needing a separate build for each device. Due to the single common build you only have one set of MQTT credentials hardcoded into the build, so identifying nodes by username is not possible.To enhance security you now want to limit devices to only be able to subscribe and publish to topics that are relevant to itself.
Using the dynamic security plugin you can create the ACL pattern '%c/#' meaning the device can access any topics that start with its client ID.
But when the Client ID and topic prefix being differs you cannot do this.
This is only problematic when using
name_add_mac_suffixbecausemqtt.client_idandmqtt.topic_prefixdon't accept lambdas, so you have no way of pulling either the mac address orApp.get_name()during runtime to create unique IDs.Anything else?
This issue would be solved if either:
name_add_mac_suffixis used ORmqtt.client_idandmqtt.topic_prefixaccepted lambdasBeta Was this translation helpful? Give feedback.
All reactions