resource/mqtt: add optional username/password for MQTT authentication

[jacmet]

Description

Some setups do not allow unauthenticated MQTT access, so add optional username and password arguments to TasmotaPowerPort.

Checklist

• Documentation for the feature
• Tests for the feature

• The arguments and description in doc/configuration.rst have been updated

• Add a section on how to use the feature to doc/usage.rst

• Add a section on how to use the feature to doc/development.rst

• PR has been tested

• Man pages have been regenerated

[Emantor]

We can add this, however the username and password will be globally exposed for all users that can access the coordinator, so this does not add much security.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.4%. Comparing base (b666734) to head (022f552).
⚠️ Report is 8 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@          Coverage Diff           @@
##           master   #1834   +/-   ##
======================================
  Coverage    45.4%   45.4%           
======================================
  Files         177     177           
  Lines       13863   13869    +6     
======================================
+ Hits         6300    6306    +6     
  Misses       7563    7563           

Flag	Coverage Δ
3.10	45.4% <100.0%> (+<0.1%)	⬆️
3.11	45.4% <100.0%> (+<0.1%)	⬆️
3.12	45.4% <100.0%> (+<0.1%)	⬆️
3.13	45.4% <100.0%> (+<0.1%)	⬆️
3.14	45.4% <100.0%> (+<0.1%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Emantor]

We should use None instead of an empty string here if no password is set.

[jacmet]

Any specific reason why the empty string would not work just as well? I chose the empty string to simplify the {host}:{username}:{password} logic

[jacmet]

We can add this, however the username and password will be globally exposed for all users that can access the coordinator, so this does not add much security.

True, but that is the general situation with labgrid, right?

[jacmet]

We can add this, however the username and password will be globally exposed for all users that can access the coordinator, so this does not add much security.

True, but that is the general situation with labgrid, right?

Even without a strong security guarantee, there may be use cases where unauthenticated MQTT is disabled, E.G.:

• One broker used for multiple unrelated things and using authentication (together with ACLs) for isolation
• Simply to stop alerts from silly corporate network scanners

I am personally in the 2nd group ;)

[jacmet]

Changes since v1:

• Use None as default values for username/password
• Unconditionally call client.username_pw_set() as the protocol allows them to be sent independently of each other and paho correctly handles None arguments: https://github.com/eclipse-paho/paho.mqtt.python/blob/master/src/paho/mqtt/client.py#L1819-L1839
• Adjust unit test to match the unconditional client.username_pw_set() call

[jacmet]

Rebased on current master for consistency.

[jacmet]

@Emantor great, anything else missing before this can be merged?

[Emantor]

@Emantor great, anything else missing before this can be merged?

No, CI hadn't run when I approved. Thanks for the contribution.