Support external drivers

acs-edge/lib/driverBroker.ts

@@ -26,6 +26,7 @@ interface ACL {
 export class DriverBroker extends EventEmitter {
     broker:     Aedes
     passwords:  string
+    debugUser:  string | undefined
     acl:        Map<string, ACL>
     hostname:   string
     port:       number
@@ -44,6 +45,7 @@ export class DriverBroker extends EventEmitter {
             : 1883;
 
         this.passwords = env.EDGE_PASSWORDS;
+        this.debugUser = env.EDGE_DEBUG_USER;
 
         this.broker = new Aedes();
         this.acl = new Map();
@@ -81,17 +83,26 @@ export class DriverBroker extends EventEmitter {
 
         const fail = (f, ...a) => { log(f, ...a); callback(null, false); };
 
-        if (id != username)
-            return fail("Invalid client-id %s for %s", id, username);
         if (!password)
             return fail("No password for %s", username);
         const expect = await fs.readFile(`${this.passwords}/${username}`)
             .catch(e => null);
         if (!expect)
-            return fail("Unexpected driver %s", username);
+            return fail("Unknown user %s", username);
         if (expect.compare(password) != 0)
             return fail("Bad password for %s", username);
+
+        if (username == this.debugUser) {
+            this.acl.set(id, {
+                publish: /./,
+                subscribe: /./,
+            });
+            return callback(null, true);
+        }
 
+        if (id != username)
+            return fail("Invalid client-id %s for %s", id, username);
+
         this.acl.set(id, {
             publish: new RegExp(
                 `^${prefix}/${id}/(?:status|data/\\w+|err/\\w+)$`),

edge-helm-charts/charts/edge-agent/templates/edge-agent.yaml

@@ -58,6 +58,10 @@ spec:
 {{- end }}
             - name: EDGE_PASSWORDS
               value: "/usr/app/driver-passwords"
+{{- if .Values.driverDebugUser }}
+            - name: EDGE_DEBUG_USER
+              value: "{{ .Values.driverDebugUser }}"
+{{- end }}
           resources:
             limits:
               memory: {{ .Values.limits.memory | quote }}
@@ -73,12 +77,13 @@ spec:
             - mountPath: /usr/app/driver-passwords
               name: driver-passwords
 {{- range $name, $driver := coalesce .Values.drivers dict }}
+  {{- if not $driver.external }}
         - name: "driver-{{ $name | lower }}"
-  {{- list $ $driver.image | include "edge-agent.image" | nindent 10 }}
-  {{- if $driver.privileged }}
+    {{- list $ $driver.image | include "edge-agent.image" | nindent 10 }}
+    {{- if $driver.privileged }}
           securityContext:
             privileged: true
-  {{- end }}
+    {{- end }}
           env:
             - name: EDGE_MQTT
               value: "mqtt://localhost"
@@ -91,11 +96,12 @@ spec:
                   key: "{{ $name }}"
             - name: VERBOSE
               value: "{{ $.Values.verbosity }}"
-  {{- if $driver.deviceMounts }}
+    {{- if $driver.deviceMounts }}
           volumeMounts:
-    {{- range $name, $path := coalesce $driver.deviceMounts dict }}
+      {{- range $name, $path := coalesce $driver.deviceMounts dict }}
             - mountPath: "{{ $path }}"
               name: "driver-dev-{{ $name }}"
+      {{- end }}
     {{- end }}
   {{- end }}
 {{- end }}
@@ -126,15 +132,3 @@ spec:
   edgeAgent: true
   secrets:
     - edge-agent-sensitive-information-{{ .Values.uuid }}
-{{ range $name, $image := .Values.drivers }}
----
-apiVersion: factoryplus.app.amrc.co.uk/v1
-kind: LocalSecret
-metadata:
-  namespace: {{ $.Release.Namespace }}
-  name: "driver-passwords.{{ $k8sname }}.{{ $name | lower }}"
-spec:
-  format: Password
-  secret: "driver-passwords.{{ $k8sname }}"
-  key: "{{ $name }}"
-{{- end }}

edge-helm-charts/charts/edge-agent/templates/local-secrets.yaml

@@ -0,0 +1,25 @@
+{{- $k8sname := include "edge-agent.k8sname" . }}
+{{ range $name, $image := .Values.drivers }}
+---
+apiVersion: factoryplus.app.amrc.co.uk/v1
+kind: LocalSecret
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: "driver-passwords.{{ $k8sname }}.{{ $name | lower }}"
+spec:
+  format: Password
+  secret: "driver-passwords.{{ $k8sname }}"
+  key: "{{ $name }}"
+{{- end }}
+{{- if .Values.driverDebugUser }}
+---
+apiVersion: factoryplus.app.amrc.co.uk/v1
+kind: LocalSecret
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: "driver-passwords.{{ $k8sname }}.{{ .Values.driverDebugUser | lower }}"
+spec:
+  format: Password
+  secret: "driver-passwords.{{ $k8sname }}"
+  key: "{{ .Values.driverDebugUser }}"
+{{- end }}

edge-helm-charts/charts/edge-agent/values.yaml

@@ -23,6 +23,8 @@ drivers: {}
   #Test:
     # An image name from the image list above.
     #image: test
+    # OR: this driver is deployed externally
+    #external: false
     # Run this driver as a privileged container. This removes a k8s
     # security feature but is necessary to allow access to hardware.
     #privileged: true
@@ -38,6 +40,8 @@ drivers: {}
 
 # Make the driver interface available externally.
 #externalIPs: []
+# Create a privileged account on the driver broker.
+#driverDebugUser: admin
 debug: false
 verbosity: ALL,!token,!service,!sparkplug
 poll_int: 10