Support a driver debug user

This should make debugging drivers easier.

acs-edge/lib/driverBroker.ts

@@ -26,6 +26,7 @@ interface ACL {
 export class DriverBroker extends EventEmitter {
     broker:     Aedes
     passwords:  string
+    debugUser:  string | undefined
     acl:        Map<string, ACL>
     hostname:   string
     port:       number
@@ -44,6 +45,7 @@ export class DriverBroker extends EventEmitter {
             : 1883;
 
         this.passwords = env.EDGE_PASSWORDS;
+        this.debugUser = env.EDGE_DEBUG_USER;
 
         this.broker = new Aedes();
         this.acl = new Map();
@@ -81,17 +83,26 @@ export class DriverBroker extends EventEmitter {
 
         const fail = (f, ...a) => { log(f, ...a); callback(null, false); };
 
-        if (id != username)
-            return fail("Invalid client-id %s for %s", id, username);
         if (!password)
             return fail("No password for %s", username);
         const expect = await fs.readFile(`${this.passwords}/${username}`)
             .catch(e => null);
         if (!expect)
-            return fail("Unexpected driver %s", username);
+            return fail("Unknown user %s", username);
         if (expect.compare(password) != 0)
             return fail("Bad password for %s", username);
+
+        if (username == this.debugUser) {
+            this.acl.set(id, {
+                publish: /./,
+                subscribe: /./,
+            });
+            return callback(null, true);
+        }
 
+        if (id != username)
+            return fail("Invalid client-id %s for %s", id, username);
+
         this.acl.set(id, {
             publish: new RegExp(
                 `^${prefix}/${id}/(?:status|data/\\w+|err/\\w+)$`),

edge-helm-charts/charts/edge-agent/templates/edge-agent.yaml

@@ -58,6 +58,10 @@ spec:
 {{- end }}
             - name: EDGE_PASSWORDS
               value: "/usr/app/driver-passwords"
+{{- if .Values.driverDebugUser }}
+            - name: EDGE_DEBUG_USER
+              value: "{{ .Values.driverDebugUser }}"
+{{- end }}
           resources:
             limits:
               memory: {{ .Values.limits.memory | quote }}
@@ -128,15 +132,3 @@ spec:
   edgeAgent: true
   secrets:
     - edge-agent-sensitive-information-{{ .Values.uuid }}
-{{ range $name, $image := .Values.drivers }}
----
-apiVersion: factoryplus.app.amrc.co.uk/v1
-kind: LocalSecret
-metadata:
-  namespace: {{ $.Release.Namespace }}
-  name: "driver-passwords.{{ $k8sname }}.{{ $name | lower }}"
-spec:
-  format: Password
-  secret: "driver-passwords.{{ $k8sname }}"
-  key: "{{ $name }}"
-{{- end }}

edge-helm-charts/charts/edge-agent/templates/local-secrets.yaml

@@ -0,0 +1,25 @@
+{{- $k8sname := include "edge-agent.k8sname" . }}
+{{ range $name, $image := .Values.drivers }}
+---
+apiVersion: factoryplus.app.amrc.co.uk/v1
+kind: LocalSecret
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: "driver-passwords.{{ $k8sname }}.{{ $name | lower }}"
+spec:
+  format: Password
+  secret: "driver-passwords.{{ $k8sname }}"
+  key: "{{ $name }}"
+{{- end }}
+{{- if .Values.driverDebugUser }}
+---
+apiVersion: factoryplus.app.amrc.co.uk/v1
+kind: LocalSecret
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: "driver-passwords.{{ $k8sname }}.{{ .Values.driverDebugUser | lower }}"
+spec:
+  format: Password
+  secret: "driver-passwords.{{ $k8sname }}"
+  key: "{{ .Values.driverDebugUser }}"
+{{- end }}

edge-helm-charts/charts/edge-agent/values.yaml

@@ -40,6 +40,8 @@ drivers: {}
 
 # Make the driver interface available externally.
 #externalIPs: []
+# Create a privileged account on the driver broker.
+#driverDebugUser: admin
 debug: false
 verbosity: ALL,!token,!service,!sparkplug
 poll_int: 10