yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(secret): do not treat missing file secrets as config error 

They are intended to be used mostly in the context of resources, which
have their own feedback mechanism: statuses, retries, etc.

Also turn the error into a throw exception, so that it can be
interpreted as a regular error condition, for example by the resource
manager.
This commit is contained in:
Andrew Mayorov 2023-10-26 14:37:14 +07:00
parent 52f4519eeb
commit 44b4205561
No known key found for this signature in database
GPG Key ID: 2837C62ACFBFED5D
2 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/emqx/src/emqx_schema_secret.erl
View File

@ -75,14 +75,7 @@ convert_secret(Secret, #{}) ->
-spec wrap(source()) -> emqx_secret:t(t()). -spec wrap(source()) -> emqx_secret:t(t()).
wrap(Source) -> wrap(Source) ->
try emqx_secret:wrap(?MODULE, load, Source).
_Secret = load(Source),
emqx_secret:wrap(?MODULE, load, Source)
catch
error:Reason ->
% NOTE: This should be a term serializable as JSON value.
throw(emqx_utils:format(Reason))
end.
-spec source(emqx_secret:t(t())) -> source(). -spec source(emqx_secret:t(t())) -> source().
source(Secret) when is_function(Secret) -> source(Secret) when is_function(Secret) ->
@ -103,5 +96,9 @@ load_file(Filename) ->
{ok, Secret} -> {ok, Secret} ->
string:trim(Secret, trailing, [$\n]); string:trim(Secret, trailing, [$\n]);
{error, Reason} -> {error, Reason} ->
error({inaccessible_secret_file, Reason}, [Filename]) throw(#{
msg => failed_to_read_secret_file,
path => Filename,
reason => emqx_utils:explain_posix(Reason)
})
end. end.

12
apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
View File

@ -230,16 +230,18 @@ t_conf_bridge_authn_passfile(Config) ->
?assertReceive( ?assertReceive(
{authenticate, #{username := Username2, password := Password2}} {authenticate, #{username := Username2, password := Password2}}
), ),
{ok, 400, #{<<"message">> := Message}} = request_json( ?assertMatch(
{ok, 201, #{
<<"status">> := <<"disconnected">>,
<<"status_reason">> := <<"#{msg => failed_to_read_secret_file", _/bytes>>
}},
request_json(
post, post,
uri(["bridges"]), uri(["bridges"]),
?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{ ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
<<"name">> => <<"t_conf_bridge_authn_no_passfile">> <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
} }
), )
?assertMatch(
#{<<"reason">> := <<"{inaccessible_secret_file,enoent}">>},
emqx_utils_json:decode(Message)
). ).
hook_authenticate() -> hook_authenticate() ->