Topic policy

You can use a topic policy to specify which clients can publish or subscribe to a topic.

In a topic policy, the Topic parameter specifies the topic string that the topic policy applies to. When you create a topic policy, you can specify which messaging actions can be used by which of the clients that connect to the endpoints associated with the topic policy. You can choose from a combination of the following actions:

Publish

Allows clients to publish messages to the topic that is specified in the topic policy.
Subscribe

Allows clients to subscribe to the topic that is specified in the topic policy.

You can use filter attributes to restrict which clients can use the messaging actions. You must specify at least one of the following filters:

Client IP address

Specifies the client IP addresses that are allowed to connect to Eclipse Amlen.

The IP address can contain an asterisk (*), or a comma-separated list of IPv4 or IPv6 addresses or ranges. For example, 192.0.2.32, 192.0.0.0, 192.0.2.0-192.0.2.100. The range must be specified from low to high.

IPv6 addresses must be enclosed in brackets [ ].
Client ID

Specifies the Client ID that is allowed to connect to Eclipse Amlen by using the specified endpoint.

You can use an asterisk (*) as a wildcard to specify multiple client IDs.
User ID

Specifies the messaging user ID that is allowed to connect to Eclipse Amlen by using the specified endpoint.

You can use an asterisk (*) as a wildcard to specify multiple user IDs.
Group Name

Specifies the messaging group that is allowed to connect to Eclipse Amlen by using the specified endpoint.

You can use an asterisk (*) as a wildcard to specify multiple group names.
Certificate Common Name

Specifies the client certificate common name that must be used to connect to Eclipse Amlen by using the specified endpoint.

You can use an asterisk (*) as a wildcard to specify multiple certificate common names.
Protocol

Specifies which protocols are allowed to connect to Eclipse Amlen.

You can specify one or more protocols.

For example, for a topic exampleTopic/topicA:

One topic policy specifies that only clients that connect from the IP address range of 192.0.2.0-192.0.2.50 can publish to the topic.
Another topic policy specifies that only clients that connect from the IP address range of 192.0.2.51-192.0.2.100 can subscribe to the topic. The clients must also have a user ID beginning with SUB.

The topic policy configuration looks like the following examples:


curl -X POST  \
   -H 'Content-Type: application/json'  \
   -d  '{                          
           "TopicPolicy": {   
               "examplePubPolicy1": {
                "Description": "Topic policy that restricts based on IP address.",
                "Topic": "exampleTopic/topicA", 
                "ActionList": "Publish",
                "ClientAddress": "192.0.2.0-192.0.2.50"
              }
          }
      }
  '   \
http://127.0.0.1:9089/ima/v1/configuration/


curl -X POST  \
   -H 'Content-Type: application/json'  \
   -d  '{                          
           "TopicPolicy": {   
               "exampleSubPolicy1": {
                "Description": "Topic policy that restricts based on IP address and user ID.",
                "Topic": "exampleTopic/topicA",
                "ActionList": "Subscribe",
                "ClientAddress": "192.0.2.51-192.0.2.100",
                "UserID": "SUB*"
              }
          }
      }
  '   \
http://127.0.0.1:9089/ima/v1/configuration/

If you are using MQTT global-shared subscriptions, you must configure a topic policy and a subscription policy. You must ensure that the Subscription and Topic parameters are correctly configured.; for more information, see Topic filters for MQTT global-shared subscriptions.

You can use variable substitution in topic policies to avoid configuring large numbers of messaging policies. For more information about using variable substitution, see Variable substitution in messaging policies.

For more information about configuring messaging policies, see Configuring message hubs.