feat: Support username/password for local broker authentication

[rina23q]

Proposed changes

Support username/password authentication to the MQTT local broker.

---

Prepare a /etc/tedge/.password file. The first line is read as the password.

testpassword

Then, configure these parameters.

tedge config set mqtt.client.auth.username testuser
tedge config set mqtt.client.auth.password_file /etc/tedge/.password

If encrypted connection is activated in the broker, configure any secure port (e.g. 8883) and give the CA certificate file or the directory (below is example)

tedge config set mqtt.client.port 8883
tedge config set mqtt.client.auth.ca_file /etc/mosquitto/certs/ca.crt

Todo:

• Confirm tedge mqtt pub/sub works
• Confirm tedge-agent & tedge-mapper-c8y work with mosquitto bridge
• Confirm tedge-agent & tedge-mapper-c8y works with build-in bridge
• Confirm it works with non-c8y cloud
• Write system tests
• Extend the user guide

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#3807

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
• I ran just format as mentioned in CODING_GUIDELINES
• I used just check as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

❌ Patch coverage is 29.71014% with 97 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/common/mqtt_channel/src/config.rs	18.98%	60 Missing and 4 partials ⚠️
..._config/src/tedge_toml/tedge_config/mqtt_config.rs	44.18%	20 Missing and 4 partials ⚠️
crates/extensions/tedge_mqtt_bridge/src/lib.rs	50.00%	3 Missing and 3 partials ⚠️
crates/core/tedge/src/cli/mqtt/cli.rs	50.00%	1 Missing ⚠️
crates/core/tedge/src/cli/mqtt/publish.rs	0.00%	0 Missing and 1 partial ⚠️
crates/core/tedge/src/cli/mqtt/subscribe.rs	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[rina23q]

This error has to be removed as the MQTT specification states that you can send a username without password. However, both username and password are required for MqttOptions::set_credentials() in rumqttc, so I'm not sure how empty password is addressed in rumqttc.

[rina23q]

I checked how MqttOptions::set_cedentials() behaves in the packet level.

In the MQTT specs level, there are username flag and password flag. So, "empty password" and "password not set" are different. The former, the password flag is set but password is empty string. The latter, the password flag itself isn't set.

"Empty password" exmaple:

mosquitto_pub -h 127.0.0.1 -u testuser -P "" -t test -p 1883 -m message

"Password not set" example:

mosquitto_pub -h 127.0.0.1 -u testuser -t test -p 1883 -m message

Back to rumqttc. Their API offers only set_credentials(username, password). I provided the empty string to the second argument as below.

    mqttoptions.set_credentials("username", "");

Then, I ran the rumqttc client and confirmed the password flag was not set in the CONNECT packet. This means, rumqttc treats "empty password" equals to "password not set".

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
729	0	3	729	100	2h12m5.466814s

[didier-wenzek]

This is a nice improvement.