Consume messages from MQTT brokers via sources and send messages to MQTT brokers via targets.
Content-type
When MQTT messages are sent in Ditto Protocol,
the payload should be UTF-8 encoded strings.
If messages which are not in Ditto Protocol should be processed, a payload mapping must be configured for the connection in order to transform the messages.
MQTT 3.1.1 properties
MQTT 3.1.1 messages have no application headers. Transmission-relevant properties are set in the
"headers" field as a part of Ditto protocol messages in the
payload.
This property is supported:
correlation-id: For correlating request messages and events. Twin events have the correlation IDs of Twin commands that produced them.
Specific connection configuration
The common configuration for connections in Connections > Sources and Connections > Targets applies here as well. Following are some specifics for MQTT connections:
Source format
For an MQTT connection:
- Source
"addresses"are MQTT topics to subscribe to. Wildcards+and#are allowed. "authorizationContext"may not contain placeholders{{ header:<header-name> }}as MQTT 3.1.1 has no application headers.- The optional field
"qos"sets the maximum Quality of Service to request when subscribing for messages. Its value can be0for at-most-once delivery,1for at-least-once delivery and2for exactly-once delivery. The default value is2(exactly-once). Support of any Quality of Service depends on the external MQTT broker; AWS IoT for example does not acknowledge subscriptions withqos=2.
{
"addresses": [
"<mqtt_topic>",
"..."
],
"authorizationContext": ["ditto:inbound-auth-subject", "..."],
"qos": 2
}
Note: This example assumes that there is a valid user named ditto:inbound-auth-subject in Ditto.
If you want to use a user for the basic auth (from the HTTP API) use the prefix nginx:, e.g. nginx:ditto.
See Basic Authentication for more information.
Enforcement
As MQTT 3.1.1 does not support headers in its protocol, headers may not be used during source enforcement.
Source header mapping
As MQTT 3.1.1 does not support headers in its protocol, it is not possible to configure a header mapping here.
Target format
For an MQTT connection, the target address is the MQTT topic to publish events and messages to. The target address may contain placeholders; see placeholders section for more information.
Further, "topics" is a list of strings, each list entry representing a subscription of
Ditto protocol topics.
Outbound messages are published to the configured target address if one of the subjects in "authorizationContext"
has READ permission on the Thing, that is associated with a message.
The additional field "qos" sets the Quality of Service with which messages are published.
Its value can be 0 for at-most-once delivery, 1 for at-least-once delivery and 2 for exactly-once delivery.
Support of any Quality of Service depends on the external MQTT broker.
The default value is 0 (at-most-once).
{
"address": "mqtt/topic/of/my/device/{{ thing:id }}",
"topics": [
"_/_/things/twin/events",
"_/_/things/live/messages"
],
"authorizationContext": ["ditto:outbound-auth-subject", "..."],
"qos": 0
}
Target header mapping
As MQTT 3.1.1 does not support headers in its protocol, a header mapping is not possible to configure here.
Specific Config
The MQTT binding offers an additional specific configuration for the mqtt client id. If the
clientId is not configured as a specific config Ditto will use the connection-id as clientId
for the outgoing mqtt connection.
Example
Defining the client id my-awesome-mqtt-client-id:
{
"id": "mqtt-example-connection-123",
"connectionType": "mqtt",
"connectionStatus": "open",
"failoverEnabled": true,
"uri": "tcp://test.mosquitto.org:1883",
"specificConfig": {
"clientId": "my-awesome-mqtt-client-id"
},
"sources": ["..."],
"targets": ["..."]
}
Establishing a connection to an MQTT 3.1.1 endpoint
Ditto’s Connectivity service is responsible for creating new and managing existing connections.
This can be done dynamically at runtime without the need to restart any microservice using a Ditto DevOps command.
Example
Connection configuration to create a new MQTT connection:
{
"id": "mqtt-example-connection-123",
"connectionType": "mqtt",
"connectionStatus": "open",
"failoverEnabled": true,
"uri": "tcp://test.mosquitto.org:1883",
"sources": [
{
"addresses": [
"eclipse-ditto-sandbox/#"
],
"authorizationContext": ["ditto:inbound-auth-subject"],
"qos": 0,
"filters": []
}
],
"targets": [
{
"address": "eclipse-ditto-sandbox/{{ thing:id }}",
"topics": [
"_/_/things/twin/events"
],
"authorizationContext": ["ditto:outbound-auth-subject"],
"qos": 0
}
]
}
Client-certificate authentication
Ditto supports certificate-based authentication for MQTT connections. Consult Certificates for Transport Layer Security for how to set it up.
Here is an example MQTT connection that checks the broker certificate and authenticates by a client certificate.
{
"id": "mqtt-example-connection-124",
"connectionType": "mqtt",
"connectionStatus": "open",
"failoverEnabled": true,
"uri": "ssl://test.mosquitto.org:8884",
"validateCertificates": true,
"ca": "-----BEGIN CERTIFICATE-----\n<test.mosquitto.org certificate>\n-----END CERTIFICATE-----",
"credentials": {
"type": "client-cert",
"cert": "-----BEGIN CERTIFICATE-----\n<signed client certificate>\n-----END CERTIFICATE-----",
"key": "-----BEGIN PRIVATE KEY-----\n<client private key>\n-----END PRIVATE KEY-----"
},
"sources": [
{
"addresses": [
"eclipse-ditto-sandbox/#"
],
"authorizationContext": ["ditto:inbound-auth-subject"],
"qos": 0,
"filters": []
}
],
"targets": [
{
"address": "eclipse-ditto-sandbox/{{ thing:id }}",
"topics": [
"_/_/things/twin/events"
],
"authorizationContext": ["ditto:outbound-auth-subject"],
"qos": 0
}
]
}