chore(ssl conf): update the ssl configuration format for mongo, pgsql, and redis plug-ins

.ci/compatibility_tests/.env

@@ -0,0 +1,5 @@
+MYSQL_TAG=5.7
+REDIS_TAG=6
+MONGO_TAG=4.1
+PGSQL_TAG=11
+LDAP_TAG=2.4.50

.github/workflows/run_cts_tests.yaml

@@ -2,6 +2,8 @@ name: Compatibility Test Suite
 
 on:
   push:
+    tags:
+      - v*
   release:
     types:
       - published
@@ -77,10 +79,15 @@ jobs:
         if: matrix.connect_type == 'tls'
         run: |
           docker-compose -f .ci/compatibility_tests/docker-compose-mongo-tls.yaml up -d
-          echo 'auth.mongo.ssl = true' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl = on' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          echo 'auth.mongo.ssl_opts.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          echo 'auth.mongo.ssl_opts.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-          echo 'auth.mongo.ssl_opts.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+
+          # echo 'auth.mongo.ssl = true' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          # echo 'auth.mongo.ssl_opts.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          # echo 'auth.mongo.ssl_opts.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          # echo 'auth.mongo.ssl_opts.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
       - name: setup
         env:
           MONGO_TAG: ${{ matrix.mongo_tag }}
@@ -247,9 +254,9 @@ jobs:
           docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}-tls.yaml up -d
           echo '\n' >> apps/emqx_auth_mongo/etc/emqx_auth_redis.conf
           echo 'auth.redis.ssl = on' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          echo 'auth.redis.cafile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.ssl.cafile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          echo 'auth.redis.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.ssl.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-          echo 'auth.redis.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.ssl.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
       - name: setup
         env:
           REDIS_TAG: ${{ matrix.redis_tag }}

.github/workflows/run_test_cases.yaml

@@ -20,7 +20,7 @@ jobs:
           matrix:
             mysql_tag: [5.7]
             redis_tag: [6]
-            mongo_tag: [3, 4]
+            mongo_tag: [4]
             pgsql_tag: [13]
             ldap_tag: [2.4.50]
 
@@ -49,15 +49,15 @@ jobs:
 
             sed -i "/auth.redis.server/c auth.redis.server = redis_server:6379" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
             echo 'auth.redis.ssl = on' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-            echo 'auth.redis.cafile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+            echo 'auth.redis.ssl.cafile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-            echo 'auth.redis.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+            echo 'auth.redis.ssl.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
-            echo 'auth.redis.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+            echo 'auth.redis.ssl.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
 
             sed -i "/auth.mongo.server/c auth.mongo.server = mongo_server:27017" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-            echo 'auth.mongo.ssl = true' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+            echo 'auth.mongo.ssl = on' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-            echo 'auth.mongo.ssl_opts.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+            echo 'auth.mongo.ssl.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-            echo 'auth.mongo.ssl_opts.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+            echo 'auth.mongo.ssl.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
-            echo 'auth.mongo.ssl_opts.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+            echo 'auth.mongo.ssl.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
 
             sed -i "/auth.pgsql.server/c auth.pgsql.server = pgsql_server:5432" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
             sed -i "/auth.ldap.servers/c auth.ldap.servers = ldap_server" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf

apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf

@@ -52,23 +52,23 @@ auth.mongo.database = mqtt
 
 ## Whether to enable SSL connection.
 ##
-## Value: true | false
+## Value: on | off
-## auth.mongo.ssl = false
+## auth.mongo.ssl = off
 
 ## SSL keyfile.
 ##
 ## Value: File
-## auth.mongo.ssl_opts.keyfile =
+## auth.mongo.ssl.keyfile =
 
 ## SSL certfile.
 ##
 ## Value: File
-## auth.mongo.ssl_opts.certfile =
+## auth.mongo.ssl.certfile =
 
 ## SSL cacertfile.
 ##
 ## Value: File
-## auth.mongo.ssl_opts.cacertfile =
+## auth.mongo.ssl.cacertfile =
 
 ## MongoDB write mode.
 ##

apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema

@@ -42,19 +42,19 @@
 ]}.
 
 {mapping, "auth.mongo.ssl", "emqx_auth_mongo.server", [
-  {default, false},
+  {default, off},
-  {datatype, {enum, [true, false]}}
+  {datatype, flag}
 ]}.
 
-{mapping, "auth.mongo.ssl_opts.keyfile", "emqx_auth_mongo.server", [
+{mapping, "auth.mongo.ssl.keyfile", "emqx_auth_mongo.server", [
   {datatype, string}
 ]}.
 
-{mapping, "auth.mongo.ssl_opts.certfile", "emqx_auth_mongo.server", [
+{mapping, "auth.mongo.ssl.certfile", "emqx_auth_mongo.server", [
   {datatype, string}
 ]}.
 
-{mapping, "auth.mongo.ssl_opts.cacertfile", "emqx_auth_mongo.server", [
+{mapping, "auth.mongo.ssl.cacertfile", "emqx_auth_mongo.server", [
   {datatype, string}
 ]}.
 
@@ -107,7 +107,7 @@
                             {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
                             {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}])
                 end,
-      [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
+      [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}];
     false ->
       []
   end,

apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf

@@ -36,23 +36,23 @@ auth.pgsql.encoding = utf8
 
 ## Whether to enable SSL connection.
 ##
-## Value: true | false
+## Value: on | off
-auth.pgsql.ssl = false
+auth.pgsql.ssl = off
 
 ## SSL keyfile.
 ##
 ## Value: File
-## auth.pgsql.ssl_opts.keyfile =
+## auth.pgsql.ssl.keyfile =
 
 ## SSL certfile.
 ##
 ## Value: File
-## auth.pgsql.ssl_opts.certfile =
+## auth.pgsql.ssl.certfile =
 
 ## SSL cacertfile.
 ##
 ## Value: File
-## auth.pgsql.ssl_opts.cacertfile =
+## auth.pgsql.ssl.cacertfile =
 
 ## Authentication query.
 ##

apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema

@@ -31,19 +31,19 @@
 ]}.
 
 {mapping, "auth.pgsql.ssl", "emqx_auth_pgsql.server", [
-  {default, false},
+  {default, off},
-  {datatype, {enum, [true, false]}}
+  {datatype, flag}
 ]}.
 
-{mapping, "auth.pgsql.ssl_opts.keyfile", "emqx_auth_pgsql.server", [
+{mapping, "auth.pgsql.ssl.keyfile", "emqx_auth_pgsql.server", [
   {datatype, string}
 ]}.
 
-{mapping, "auth.pgsql.ssl_opts.certfile", "emqx_auth_pgsql.server", [
+{mapping, "auth.pgsql.ssl.certfile", "emqx_auth_pgsql.server", [
   {datatype, string}
 ]}.
 
-{mapping, "auth.pgsql.ssl_opts.cacertfile", "emqx_auth_pgsql.server", [
+{mapping, "auth.pgsql.ssl.cacertfile", "emqx_auth_pgsql.server", [
   {datatype, string}
 ]}.
 
@@ -85,7 +85,7 @@
    {database, DB},
    {encoding, Encoding},
    {ssl, Ssl},
-   {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}]
+   {ssl_opts, SslOpts("auth.pgsql.ssl")}]
 end}.
 
 {mapping, "auth.pgsql.auth_query", "emqx_auth_pgsql.auth_query", [

apps/emqx_auth_redis/etc/emqx_auth_redis.conf

@@ -103,15 +103,15 @@ auth.redis.acl_cmd = HGETALL mqtt_acl:%u
 ## CA certificate.
 ##
 ## Value: File
-#auth.redis.cafile = path/to/your/cafile
+#auth.redis.ssl.cafile = path/to/your/cafile
 
 ## Client ssl certificate.
 ##
 ## Value: File
-#auth.redis.certfile = path/to/your/certfile
+#auth.redis.ssl.certfile = path/to/your/certfile
 
 ## Client ssl keyfile.
 ##
 ## Value: File
-#auth.redis.keyfile = path/to/your/keyfile
+#auth.redis.ssl.keyfile = path/to/your/keyfile
 

apps/emqx_auth_redis/priv/emqx_auth_redis.schema

@@ -38,17 +38,17 @@
   {datatype, flag}
 ]}.
 
-{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [
+{mapping, "auth.redis.ssl.cafile", "emqx_auth_redis.options", [
   {default, ""},
   {datatype, string}
 ]}.
 
-{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [
+{mapping, "auth.redis.ssl.certfile", "emqx_auth_redis.options", [
   {default, ""},
   {datatype, string}
 ]}.
 
-{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [
+{mapping, "auth.redis.ssl.keyfile", "emqx_auth_redis.options", [
   {default, ""},
   {datatype, string}
 ]}.
@@ -57,9 +57,9 @@
    Ssl = cuttlefish:conf_get("auth.redis.ssl", Conf, false),
    case Ssl of
        true ->
-            CA = cuttlefish:conf_get("auth.redis.cafile", Conf),
+            CA = cuttlefish:conf_get("auth.redis.ssl.cafile", Conf),
-            Cert = cuttlefish:conf_get("auth.redis.certfile", Conf),
+            Cert = cuttlefish:conf_get("auth.redis.ssl.certfile", Conf),
-            Key = cuttlefish:conf_get("auth.redis.keyfile", Conf),
+            Key = cuttlefish:conf_get("auth.redis.ssl.keyfile", Conf),
             [{options, [{ssl_options, [{cacertfile, CA},
                                        {certfile, Cert},
                                        {keyfile, Key}]}]}];