Merge pull request #566 from greenbone/mqtt-auth

Add: Support authenticated connection to MQTT broker
greenbone · Jan 25, 2024 · 18f3b07 · 18f3b07
2 parents 7e50f78 + e67c5cc
commit 18f3b07
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/notus/scanner/cli/parser.py b/notus/scanner/cli/parser.py
@@ -112,6 +112,25 @@ def __init__(self) -> None:
             type=int,
             help="Port of the MQTT broker. (default: %(default)s)",
         )
+        parser.add_argument(
+            "--mqtt-broker-username",
+            default=None,
+            type=str,
+            help=(
+                "Username to connect to MQTT broker for MQTT communication."
+                "Default %(default)s"
+            ),
+        )
+        parser.add_argument(
+            "--mqtt-broker-password",
+            default=None,
+            type=str,
+            help=(
+                "PASSWORD to connect to MQTT broker for MQTT communication."
+                "Default %(default)s"
+            ),
+        )
+
         parser.add_argument(
             "--disable-hashsum-verification",
             type=bool,

diff --git a/notus/scanner/config.py b/notus/scanner/config.py
@@ -41,6 +41,16 @@
         "NOTUS_SCANNER_MQTT_BROKER_ADDRESS",
         DEFAULT_MQTT_BROKER_ADDRESS,
     ),
+    (
+        "mqtt-broker-username",
+        "NOTUS_SCANNER_MQTT_BROKER_USERNAME",
+        None,
+    ),
+    (
+        "mqtt-broker-password",
+        "NOTUS_SCANNER_MQTT_BROKER_PASSWORD",
+        None,
+    ),
     (
         "mqtt-broker-port",
         "NOTUS_SCANNER_MQTT_BROKER_PORT",

diff --git a/notus/scanner/daemon.py b/notus/scanner/daemon.py
@@ -63,6 +63,8 @@ def on_hash_sum_verification_failure(
 def run_daemon(
     mqtt_broker_address: str,
     mqtt_broker_port: int,
+    mqtt_broker_username: str,
+    mqtt_broker_password: str,
     products_directory_path: Path,
     disable_hashsum_verification: bool,
 ):
@@ -87,6 +89,9 @@ def run_daemon(
         mqtt_broker_address=mqtt_broker_address,
         mqtt_broker_port=mqtt_broker_port,
     )
+    if mqtt_broker_username and mqtt_broker_password:
+        client.username_pw_set(mqtt_broker_username, mqtt_broker_password)
+
     daemon: MQTTDaemon
     try:
         daemon = MQTTDaemon(client)
@@ -130,6 +135,8 @@ def main():
     run_daemon(
         args.mqtt_broker_address,
         args.mqtt_broker_port,
+        args.mqtt_broker_username,
+        args.mqtt_broker_password,
         args.products_directory,
         args.disable_hashsum_verification,
     )