Is there an example of the Syntax for the “Topic” (topic = The topic or wildcard topic representing the scope of the privilege) use in the ACL for the Distributor Module?
We are looking to use this to filter Edge device Publishing scope, so we don’t in advertently have a misconfigured Edge device publish over top of existing data published by a different Edge node.
I am referring to the documentation found here (bottom of page):
https://docs.chariot.io/display/CLD80/MD%3A+Configuration
Contents
Does it use the Sparkplug Topic Namespace Elements as part of the “topic”?
namespace/group_id/message_type/edge_node_id/[device_id] - How?
Good morning Chris,
While there is an example just below your quoted text on this tutorial page we do plan to add additional examples to handle requests to limit an Edge device (user) to publish on a specific topic. The complexity arises when limiting such access with an ACL as not all publishing (or subscribing) clients adhere to the same subscription lists. Our examples will only address Ignition and our MQTT Modules. And the ACL acts much like a Firewall policy where each topic must be specified once you have moved away from the wildcards ( # and + ) in the topic filter.
Regards,
Daniel
Thanks Dan for the response.
You will have to forgive me as I ask more questions
The general Topic Namespace Elements for Sparkplug B are: namespace/group_id/message_type/edge_node_id/[device_id] ← is this the general topic form that is used in the example below?
The example in the documentation shows:
W device_one/temp/#,R state/#
- This allows clients connecting using this username/password to publish on device_one/temp/# and subscribe on state/# topics
I guess what I am looking for is the topic format definition, so we understand how to write the syntax correctly. Can you provide this?
Chris,
So you’ll have to take care to accurately set the topics such that the Edge (Transmission) does not try to publish any additional Group or Edge Node messages, which will result in a disconnected Edge from the Distributor (Server).
Try the following entries in Distributor for a test:
Edge (Transmission) user ACLs as entered in Distributor
Publish ( W ) topics:
- spBv1.0/GroupID/+/EdgeNodeID/#
Subscribe ( R ) topics:
- STATE/PrimaryHostID, spBv1.0/GroupID/+/EdgeNodeID/#
Example in Distributor browser portal:
As I mentioned if you attempt to publish any other Group or EdgeNode data you will be bounced from the Server so experimentation in your laboratory is highly recommended prior to modifying your production environment.
Using a client tool such as MQTT.fx to see the actual Topics published from the Edge before you lock-down the Server is most useful and can save a lot of aggravation.
Dan
