Merge pull request #7863 from terry-xiaoyu/connector_ssl

fix: don't drop input ssl options even if invalid
2022-05-05 17:45:46 +08:00 · 2022-05-05 17:45:46 +08:00 · 55cdce955c
parent 7f0f2571d0 1ce8a8c886
commit 55cdce955c
2 changed files with 30 additions and 9 deletions
--- a/apps/emqx_bridge/src/emqx_bridge.erl
+++ b/apps/emqx_bridge/src/emqx_bridge.erl
@ -347,13 +347,15 @@ create_dry_run(Type, Conf) ->
    case emqx_resource:check_config(emqx_bridge:resource_type(Type), Conf0) of
        {ok, Conf1} ->
            TmpPath = iolist_to_binary(["bridges-create-dry-run:", emqx_misc:gen_id(8)]),
-            try emqx_connector_ssl:convert_certs(TmpPath, Conf1) of
+            case emqx_connector_ssl:convert_certs(TmpPath, Conf1) of
                {error, Reason} ->
                    {error, Reason};
                {ok, ConfNew} ->
-                    emqx_resource:create_dry_run_local(emqx_bridge:resource_type(Type), ConfNew)
-            after
-                emqx_connector_ssl:clear_certs(TmpPath, Conf1)
+                    Res = emqx_resource:create_dry_run_local(
+                        emqx_bridge:resource_type(Type), ConfNew
+                    ),
+                    _ = maybe_clear_certs(TmpPath, ConfNew),
+                    Res
            end;
        {error, _} = Error ->
            Error
@ -568,6 +570,28 @@ fill_dry_run_conf(Conf) ->
            #{<<"remote_topic">> => <<"t">>}
    }.

+maybe_clear_certs(TmpPath, #{ssl := SslConf} = Conf) ->
+    %% don't remove the cert files if they are in use
+    case is_tmp_path_conf(TmpPath, SslConf) of
+        true -> emqx_connector_ssl:clear_certs(TmpPath, Conf);
+        false -> ok
+    end.
+
+is_tmp_path_conf(TmpPath, #{certfile := Certfile}) ->
+    is_tmp_path(TmpPath, Certfile);
+is_tmp_path_conf(TmpPath, #{keyfile := Keyfile}) ->
+    is_tmp_path(TmpPath, Keyfile);
+is_tmp_path_conf(TmpPath, #{cacertfile := CaCertfile}) ->
+    is_tmp_path(TmpPath, CaCertfile);
+is_tmp_path_conf(_TmpPath, _Conf) ->
+    false.
+
+is_tmp_path(TmpPath, File) ->
+    string:str(str(File), str(TmpPath)) > 0.
+
+str(Bin) when is_binary(Bin) -> binary_to_list(Bin);
+str(Str) when is_list(Str) -> Str.
+
 bin(Bin) when is_binary(Bin) -> Bin;
 bin(Str) when is_list(Str) -> list_to_binary(Str);
 bin(Atom) when is_atom(Atom) -> atom_to_binary(Atom, utf8).
--- a/apps/emqx_connector/src/emqx_connector_ssl.erl
+++ b/apps/emqx_connector/src/emqx_connector_ssl.erl
@ -22,7 +22,7 @@
 ]).

 convert_certs(RltvDir, NewConfig) ->
-    NewSSL = drop_invalid_certs(map_get_oneof([<<"ssl">>, ssl], NewConfig, undefined)),
+    NewSSL = map_get_oneof([<<"ssl">>, ssl], NewConfig, undefined),
    case emqx_tls_lib:ensure_ssl_files(RltvDir, NewSSL) of
        {ok, NewSSL1} ->
            {ok, new_ssl_config(NewConfig, NewSSL1)};
@ -31,16 +31,13 @@ convert_certs(RltvDir, NewConfig) ->
    end.

 clear_certs(RltvDir, Config) ->
-    OldSSL = drop_invalid_certs(map_get_oneof([<<"ssl">>, ssl], Config, undefined)),
+    OldSSL = map_get_oneof([<<"ssl">>, ssl], Config, undefined),
    ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL).

 new_ssl_config(Config, undefined) -> Config;
 new_ssl_config(Config, #{<<"enable">> := _} = SSL) -> Config#{<<"ssl">> => SSL};
 new_ssl_config(Config, #{enable := _} = SSL) -> Config#{ssl => SSL}.

-drop_invalid_certs(undefined) -> undefined;
-drop_invalid_certs(SSL) -> emqx_tls_lib:drop_invalid_certs(SSL).
-
 map_get_oneof([], _Map, Default) ->
    Default;
 map_get_oneof([Key | Keys], Map, Default) ->