fix(schema): simplify ssl ciphers filed schema

2021-09-22 22:01:45 +02:00 · 2021-09-22 22:01:45 +02:00 · 4392357877
parent 4f638b8242
commit 4392357877
2 changed files with 7 additions and 25 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -23,7 +23,6 @@
 -dialyzer(no_fail_call).

 -include_lib("typerefl/include/types.hrl").
-include_lib("snabbkaffe/include/snabbkaffe.hrl").

 -type duration() :: integer().
 -type duration_s() :: integer().
@ -1084,7 +1083,7 @@ default_tls_vsns(tcp) ->

 -spec ciphers_schema(quic | dtls | tcp_all | undefined) -> hocon_schema:field_schema().
 ciphers_schema(Default) ->
-    sc(hoconsc:union([string(), hoconsc:array(string())]),
+    sc(hoconsc:array(string()),
       #{ default => default_ciphers(Default)
        , converter => fun(Ciphers) when is_binary(Ciphers) ->
                               binary:split(Ciphers, <<",">>, [global]);
@ -1283,13 +1282,7 @@ parse_user_lookup_fun(StrConf) ->
 validate_ciphers(Ciphers) ->
    All = ssl:cipher_suites(all, 'tlsv1.3', openssl) ++
          ssl:cipher_suites(all, 'tlsv1.2', openssl), %% includes older version ciphers
-    lists:foreach(
-        fun(Cipher) ->
-                case lists:member(Cipher, All) of
-                    true ->
-                        ok;
-                    false ->
-                        ?tp(error, bad_tls_cipher_suite, #{ciphers => Cipher}),
-                        error({bad_tls_cipher_suite, Cipher})
-                end
-        end, Ciphers).
+    case lists:filter(fun(Cipher) -> not lists:member(Cipher, All) end, Ciphers) of
+        [] -> ok;
+        Bad -> {error, {bad_ciphers, Bad}}
+    end.
--- a/apps/emqx/test/emqx_schema_tests.erl
+++ b/apps/emqx/test/emqx_schema_tests.erl
@ -17,7 +17,6 @@
 -module(emqx_schema_tests).

 -include_lib("eunit/include/eunit.hrl").
-include_lib("snabbkaffe/include/snabbkaffe.hrl").

 ssl_opts_dtls_test() ->
    Sc = emqx_schema:server_ssl_opts_schema(#{versions => dtls,
@ -71,14 +70,11 @@ ssl_opts_tls_psk_test() ->
                  end, PskCiphers).

 bad_cipher_test() ->
-    ok = snabbkaffe:start_trace(),
    Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
-    ?assertThrow({_Sc, [{validation_error, _Error}]},
+    Reason = {bad_ciphers, ["foo"]},
+    ?assertThrow({_Sc, [{validation_error, #{reason := Reason}}]},
              [validate(Sc, #{<<"versions">> => [<<"tlsv1.2">>],
                        <<"ciphers">> => [<<"foo">>]})]),
-    Trace = snabbkaffe:collect_trace(),
-    ?assertEqual(1, length(?of_kind(bad_tls_cipher_suite, Trace))),
-    snabbkaffe:stop(),
    ok.

 validate(Schema, Data0) ->
@ -96,13 +92,6 @@ validate(Schema, Data0) ->

 ciperhs_schema_test() ->
    Sc = emqx_schema:ciphers_schema(undefined),
-    ?assertMatch(
-       #{type := {union, [_, {array, _}]},
-         default := [_ | _],
-         converter := Converter,
-         validator := Validator
-        } when is_function(Converter) andalso is_function(Validator),
-       Sc),
    WSc = #{roots => [{ciphers, Sc}]},
    ?assertThrow({_, [{validation_error, _}]},
                 hocon_schema:check_plain(WSc, #{<<"ciphers">> => <<"foo,bar">>})).