From 0055a852bb4b8d462f71a2a446156b08abc988e7 Mon Sep 17 00:00:00 2001
From: Kristjan Komlosi <kristjan@piskot.si>
Date: Sun, 28 Dec 2025 15:55:32 +0100
Subject: [PATCH] test: add mosquitto ACL file and mount it; grant testuser
 readwrite on lambdaiot topic

---
 test/aclfile            | 4 ++++
 test/docker-compose.yml | 1 +
 test/mosquitto.conf     | 2 ++
 3 files changed, 7 insertions(+)
 create mode 100644 test/aclfile

diff --git a/test/aclfile b/test/aclfile
new file mode 100644
index 0000000..c2c5b4b
--- /dev/null
+++ b/test/aclfile
@@ -0,0 +1,4 @@
+# ACL for testuser — allow publish and subscribe on 'lambdaiot' topic
+user testuser
+topic readwrite lambdaiot
+topic readwrite lambdaiot/#
diff --git a/test/docker-compose.yml b/test/docker-compose.yml
index 580560b..2dc0e2a 100644
--- a/test/docker-compose.yml
+++ b/test/docker-compose.yml
@@ -30,6 +30,7 @@ services:
       - mosquitto_data:/mosquitto/data
       - mosquitto_log:/mosquitto/log
       - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
+      - ./aclfile:/mosquitto/data/aclfile:ro
     environment:
       - MOSQ_USER=testuser
       - MOSQ_PASS=testpass
diff --git a/test/mosquitto.conf b/test/mosquitto.conf
index 4af9417..c6539a2 100644
--- a/test/mosquitto.conf
+++ b/test/mosquitto.conf
@@ -5,6 +5,8 @@ listener 1883 0.0.0.0
 allow_anonymous false
 # place password file in the data volume (writable)
 password_file /mosquitto/data/passwordfile
+# ACL file controls topic permissions
+acl_file /mosquitto/data/aclfile
 # Increase persistence location so container can map volume if needed
 persistence true
 persistence_location /mosquitto/data/