fix(mqtt source): pass client certificates to rumqttc for mTLS

[mr-]

Summary

This PR fixes a bug in the MQTT source where user-provided TLS client certificates (crt_file / key_file) were being silently ignored, breaking mTLS connections to strict brokers like AWS IoT Core.

Vector configuration

sources:
  aws_iot_subscriber:
    type: "mqtt"
    host: "foo-ats.iot.eu-central-1.amazonaws.com"
    port: 8883
    client_id: "MARTIN"

    topic:
      - "v1/sensors"


    tls:
      enabled: true
      ca_file:  "AmazonBundle.pem"
      crt_file: "AWS-IoT-Client.crt"
      key_file: "AWS-IoT-Client-pkcs8.key"
    decoding:
      codec: "bytes"


sinks:
  console_output:
    type: "console"
    inputs:
      - "aws_iot_subscriber"
    target: "stdout"
    encoding:
      codec: "text"

How did you test this PR?

It was tested manually by providing valid certificates.

Change Type

• Bug fix
• New feature
• Dependencies
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

Not sure. Not unless people depended on certificates being ignored.

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the no-changelog label to this PR.

References

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• Some CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • make fmt
    • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
    • make test
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[mr-]

@vectordotdev/vector when debugging this, I've noticed that all errors are silently ignored.
I've added logs now, but I'm not sure if there's more error handling that should be done. As far as I know, rumqttc's EventLoop/poll will try to reconnect, but not all errors are transient.

[mr-]

I have read the CLA Document and I hereby sign the CLA

[thomasqueirozb]

I don't think this is correct since this will terminate the connection as soon as any error is received instead of continuing

[mr-]

Agreed. What should the behaviour be for non-recoverable errors? I won't implement this now, but I'd like to get a sense for what the proper solution is supposed to be

[thomasqueirozb]

Can we revert the changes to this file? They don't seem related to this PR

[mr-]

Will do. However, it's been extremely frustrating not being able to see what was going on. From a user perspective the mqtt sink just failed with no indication what might be wrong.