search

gordlea / fireboard2mqtt

8 stars 5 forks source link

Standalone container failing to authorize MQTT user #49

Closed npawelek closed 6 months ago

npawelek commented 6 months ago

My setup utilizes HA core with separate mosquitto and fireboard2mqtt containers. I have many devices using the defined MQTT credentials, so I know the username and password are good, along with valid ACLs to readwrite to homeassistant/# (provided below).

Trace logs from the docker container, which seems to indicate the connection is successful, but says not authorized:

[2024-04-14T04:59:07Z DEBUG fireboard2mqtt::config] loading config from env
[2024-04-14T04:59:07Z DEBUG fireboard2mqtt] config loaded successfully: {
      "fireboardaccount_email": "redacted",
      "fireboard_enable_drive": true,
      "mqtt_host": "mqtt.redacted.com",
      "mqtt_port": 1883,
      "mqtt_discovery_topic": "homeassistant",
      "mqtt_base_topic": "fireboard2mqtt",
      "mqtt_credentials": {
        "username": "iot"
      },
      "mqtt_clientid": "fireboard2mqtt"
    }
[2024-04-14T04:59:08Z DEBUG fireboard2mqtt::fireboard_watcher] client authenticated successfully
[2024-04-14T04:59:08Z INFO  fireboard2mqtt] connecting to mqtt broker at mqtt.domain.com:1883 with clientId fireboard2mqtt
[2024-04-14T04:59:08Z INFO  fireboard2mqtt::fireboard_watcher] checking fireboard api for updates
[2024-04-14T04:59:08Z TRACE fireboard2mqtt] mqtt event: Incoming(ConnAck(ConnAck { session_present: false, code: Success, properties: Some(ConnAckProperties { session_expiry_interval: None, receive_max: Some(20), max_qos: None, retain_available: None, max_packet_size: None, assigned_client_identifier: None, topic_alias_max: Some(10), reason_string: None, user_properties: [], wildcard_subscription_available: None, subscription_identifiers_available: None, shared_subscription_available: None, server_keep_alive: None, response_information: None, server_reference: None, authentication_method: None, authentication_data: None }) }))
[2024-04-14T04:59:08Z TRACE fireboard2mqtt] mqtt event: Outgoing(Publish(1))
[2024-04-14T04:59:08Z ERROR fireboard2mqtt] mqtt error: MqttState(PubAckFail { reason: NotAuthorized })

Logs from mosquitto (from this container IP):

1713070445: New connection from 10.32.0.37:56560 on port 1883.
1713070445: New client connected from 10.32.0.37:56560 as fireboard2mqtt (p5, c1, k60, u'iot').
1713070445: Client fireboard2mqtt closed its connection.

ACL in mosquitto for the iot user:

user iot
topic readwrite homeassistant/#

Any thoughts as to what may be going on? I tried TLS as well, but it does not appear to support TLS1.2 or beyond for MQTT.

npawelek commented 6 months ago

I assumed incorrectly that this was nesting the fireboard2mqtt topic under homeassistant prefix for discovery. Since my iot user did not have access to fireboard2mqtt/#, this was failing. Updated the base topic to homeassistant/fireboard2mqtt to work with my existing ACL and this appears to be working properly.