yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(bridge): cover ssl testing for cassandra bridge

This commit is contained in:
JianBo He 2023-03-17 18:23:58 +08:00
parent 5f0828a2ea
commit 678cc937c0
8 changed files with 80 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.ci/docker-compose-file/cassandra/cassandra.yaml
View File

@ -1046,7 +1046,7 @@ server_encryption_options:
client_encryption_options: client_encryption_options:
enabled: true enabled: true
# If enabled and optional is set to true encrypted and unencrypted connections are handled. # If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: true optional: false
keystore: /certs/server.jks keystore: /certs/server.jks
keystore_password: my_password keystore_password: my_password
require_client_auth: true require_client_auth: true
@ -1055,7 +1055,6 @@ client_encryption_options:
truststore_password: my_password truststore_password: my_password
# More advanced defaults below: # More advanced defaults below:
protocol: TLS protocol: TLS
algorithm: SunX509
store_type: JKS store_type: JKS
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

27
.ci/docker-compose-file/certs/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzs74tdftT7xGMGXQSoX/nnFkFAOjNtEVOI3bChzR+w6Xwo8Z
OUiOuOjynKvsJeltdmc0L+cbHZh7j+aHuAqVYxavqaqhFneF0f03t17qju9AixoV
JXgNT3ru56aZFa6Ov6NhfZfRirGnbNrg2RhuNeYZ4TYLH7iMR36exNFP83glXwXM
inMd1tsHL7xHLf3KjCbkusA5ncFWcpIUtpuWVn9aAE402dN7BJWfAbkQ4Y3VToR1
P/T+W6WBldv0i2WlNbfiuAzuapA3EzJwoyTrG2Qyz7EtXM8XZdOZ6oJmW4s7c4V/
FBT5knNtmXTt78xBBlIPFas5BAJIeV4eADx9MwIDAQABAoIBAQCZTvcynpJuxIxn
vmItjK5U/4wIBjZNIawQk6BoG7tR2JyJ/1jcjTw4OX/4wr450JRz7MfUJweD5hDb
OTMtLLNXlG6+YR4vsIUEiSlvhy5srVH0jG5Wq2t6mxBVq7vaRd/OkshnuU79+Pq7
iHqclS7GSACxYkXWyxE6wtPh5aTWP8joK/LvYFiOqKPilUnLZ4hBhmL7CRUCZ0ZA
QGNyEhlmiAL+LNKW2RLXPBxlKX21X78ahUQmkkTM0lBK9x6hm4dD3SpLqmZyQQ9M
UfiMbU6XOYlDva/USZzrvTDlRf9uCG9QOsZzngP1aIy8Cq3QHECOeMIPO9WQLMll
SyY+SpyJAoGBAP4fhnbDpQC6ekd9TNoU9GE/FNNNGKLh82GDgnGcWU/oIzv8GlaR
rkEHTb6aRoPpjTxWIjJpScs9kycC+7N3oNo9rub4s5UvllI+EgQ95+j/5fnZx6gO
la8ousLy1hTYu9C0nTWdTV3YtfC0l0opn7Friv5QafNmhSn74DqrH0BHAoGBANBV
/NhBDAH1PHzYA+XuNLYTLv56Q4osmoen17nPnFNWb1TtWblzb0yWp86GGDFcs8CZ
eH0mXCRUzGMSWtOHe4CbIm2brAYXuL2t6+DZ1A22gsnW5avNrosZRS7eN7BE7DDj
5cp9+Es9UWnArzJU7jSWwAtA6o47WHfHU/pqRB21AoGAGx6eKPqEF2nPNuXmV7e4
xNAIluw5XtiiMpvoRdubpG1vpS0oWmi9oe73mwm30MgR7Ih8qciWuXvewmENH3/6
yI+gpMGR2K/1aN166rz4jOMSVfGp3wN/cev00m0774mZsZI03M3mvccs031ST/XV
Nwf1E2Ldi747I9nfeiNc+G0CgYEAslFHD1ntiyd6VGkYPQ978nPM/2dqs7OluILC
tHmslfAfbpOQ/ph9JRK2IqDHyEhOWoWBiazxpO8n2Yx2TSNjZBpkh2h8/uIC7+cT
Q+tuAya6H0ReZISx5sEEZC8zfx4fA2Gs53qWsN+U9W1FB1GGaWC2k2tG1+KXwD3N
9UJLdxkCgYBB96dsfT7nXmy0JLUz0rQ4umBje6H5uvuaevWdVMEptHB+O7+6CAse
OVwqlFLQ4QC7s4/P9FQwfr/0uMRInB1aC043Haa1LbiRcRIlSuBDUezK5xidUbz+
uB/ABkwwEuqW3Ns1+QieJyyfoNYKZ2v0RtYxBuieKOpUCm3oNFZRWg==
-----END RSA PRIVATE KEY-----

25
.ci/docker-compose-file/certs/client.pem Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEMjCCAhoCFCOrAvLNRztbFFcN0zrCQXoj73cHMA0GCSqGSIb3DQEBCwUAMDQx
EjAQBgNVBAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MB4XDTIzMDMxNzA5MzgzMVoXDTMzMDMxNDA5MzgzMVowdzELMAkGA1UEBhMC
U0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UEBwwJU3RvY2tob2xtMRIwEAYD
VQQKDAlNeU9yZ05hbWUxGDAWBgNVBAsMD015U2VydmljZUNsaWVudDESMBAGA1UE
AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs74
tdftT7xGMGXQSoX/nnFkFAOjNtEVOI3bChzR+w6Xwo8ZOUiOuOjynKvsJeltdmc0
L+cbHZh7j+aHuAqVYxavqaqhFneF0f03t17qju9AixoVJXgNT3ru56aZFa6Ov6Nh
fZfRirGnbNrg2RhuNeYZ4TYLH7iMR36exNFP83glXwXMinMd1tsHL7xHLf3KjCbk
usA5ncFWcpIUtpuWVn9aAE402dN7BJWfAbkQ4Y3VToR1P/T+W6WBldv0i2WlNbfi
uAzuapA3EzJwoyTrG2Qyz7EtXM8XZdOZ6oJmW4s7c4V/FBT5knNtmXTt78xBBlIP
Fas5BAJIeV4eADx9MwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBHgfJgMjTgWZXG
eyzIVxaqzWTLxrT7zPy09Mw4qsAl1TfWg9/r8nuskq4bjBQuKm0k9H0HQXz//eFC
Qn85qTHyAmZok6c4ljO2P+kTIl3nkKk5zudmeCTy3W9YBdyWvDXQ/GhbywIfO+1Y
fYA82I5rXVg4c9fUVTNczUFyDNcZzoJoqCS8jwFDtNR0N/fptJN14j8pnYvNV+4c
hZ+pcnhSoz7dD8WjyYCc/QCajJdTyb15i072HxuGmhwltjnwIE/2xfeXCCeUTzsJ
8h4/ABRu9VEqjqDQHepXIflYuVhU38SL0f4ly7neMXmytAbXwGLVM+ME81HG60Bw
8hkfSwKBbEkhUmD6+V1bdUz14I6HjWJt/INtFU+O+MYZbIFt4ep9GKLV3nk97CyL
fwDv5b4WXdC68iWMZqSrADAXr+VG3DgHqpNItj0XmhY6ihmt5tA3Z6IZJj45TShA
vRqTCx3Hf6EO3zf4KCrzaPSSSfVLnGKftA/6oz3bl8EK2e2M44lOspRk4l9k+iBR
sfHPmpiWY0hIiFtd3LD/uGDSBcGkKjU/fLvJZXJpVXwmT9pmK9LzkAPOK1rr97e9
esHqwe1bo3z7IdeREZ0wdxqGL3BNpm4f1NaIzV/stX+vScau0AyFYXzumjeBIpKa
Gt0A+dZnUfWG6qn5NiRENXxFQSppaA==
-----END CERTIFICATE-----

BIN
.ci/docker-compose-file/certs/server.jks
View File

Binary file not shown.

BIN
.ci/docker-compose-file/certs/server.p12
View File

Binary file not shown.

BIN
.ci/docker-compose-file/certs/truststore.jks
View File

Binary file not shown.

30
lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_cassa_SUITE.erl
View File

@ -37,6 +37,15 @@
-define(CASSA_PASSWORD, "public"). -define(CASSA_PASSWORD, "public").
-define(BATCH_SIZE, 10). -define(BATCH_SIZE, 10).
%% cert files for client
-define(CERT_ROOT,
filename:join([emqx_common_test_helpers:proj_root(), ".ci", "docker-compose-file", "certs"])
).
-define(CAFILE, filename:join(?CERT_ROOT, ["ca.crt"])).
-define(CERTFILE, filename:join(?CERT_ROOT, ["client.pem"])).
-define(KEYFILE, filename:join(?CERT_ROOT, ["client.key"])).
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% CT boilerplate %% CT boilerplate
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
@ -196,6 +205,10 @@ cassa_config(BridgeType, Config) ->
" }\n" " }\n"
" ssl = {\n" " ssl = {\n"
" enable = ~w\n" " enable = ~w\n"
" cacertfile = \"~s\"\n"
" certfile = \"~s\"\n"
" keyfile = \"~s\"\n"
" server_name_indication = disable\n"
" }\n" " }\n"
"}", "}",
[ [
@ -208,7 +221,10 @@ cassa_config(BridgeType, Config) ->
?SQL_BRIDGE, ?SQL_BRIDGE,
BatchSize, BatchSize,
QueryMode, QueryMode,
TlsEnabled TlsEnabled,
?CAFILE,
?CERTFILE,
?KEYFILE
] ]
), ),
{Name, parse_and_check(ConfigString, BridgeType, Name)}. {Name, parse_and_check(ConfigString, BridgeType, Name)}.
@ -257,12 +273,18 @@ connect_direct_cassa(Config) ->
password => ?CASSA_PASSWORD, password => ?CASSA_PASSWORD,
keyspace => ?CASSA_KEYSPACE keyspace => ?CASSA_KEYSPACE
}, },
SslOpts = SslOpts =
case ?config(enable_tls, Config) of case ?config(enable_tls, Config) of
true -> true ->
Opts#{ Opts#{
ssl => emqx_tls_lib:to_client_opts(#{enable => true}) ssl => emqx_tls_lib:to_client_opts(
#{
enable => true,
cacertfile => ?CAFILE,
certfile => ?CERTFILE,
keyfile => ?KEYFILE
}
)
}; };
false -> false ->
Opts Opts
@ -272,6 +294,8 @@ connect_direct_cassa(Config) ->
% These funs connect and then stop the cassandra connection % These funs connect and then stop the cassandra connection
connect_and_create_table(Config) -> connect_and_create_table(Config) ->
%% XXX: drop first
_ = connect_and_drop_table(Config),
Con = connect_direct_cassa(Config), Con = connect_direct_cassa(Config),
{ok, _} = ecql:query(Con, ?SQL_CREATE_TABLE), {ok, _} = ecql:query(Con, ?SQL_CREATE_TABLE),
ok = ecql:close(Con). ok = ecql:close(Con).

1
lib-ee/emqx_ee_connector/src/emqx_ee_connector_cassa.erl
View File

@ -127,7 +127,6 @@ on_start(
{pool_size, PoolSize} {pool_size, PoolSize}
], ],
%% FIXME: how to set tls options
SslOpts = SslOpts =
case maps:get(enable, SSL) of case maps:get(enable, SSL) of
true -> true ->