test(bridge): cover ssl testing for cassandra bridge

2023-03-17 18:23:58 +08:00 · 2023-03-17 18:23:58 +08:00 · 678cc937c0
parent 5f0828a2ea
commit 678cc937c0
8 changed files with 80 additions and 6 deletions
--- a/.ci/docker-compose-file/cassandra/cassandra.yaml
+++ b/.ci/docker-compose-file/cassandra/cassandra.yaml
@ -1046,7 +1046,7 @@ server_encryption_options:
 client_encryption_options:
    enabled: true
    # If enabled and optional is set to true encrypted and unencrypted connections are handled.
-    optional: true
+    optional: false
    keystore: /certs/server.jks
    keystore_password: my_password
    require_client_auth: true
@ -1055,7 +1055,6 @@ client_encryption_options:
    truststore_password: my_password
    # More advanced defaults below:
    protocol: TLS
-    algorithm: SunX509
    store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

--- a/.ci/docker-compose-file/certs/client.key
+++ b/.ci/docker-compose-file/certs/client.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzs74tdftT7xGMGXQSoX/nnFkFAOjNtEVOI3bChzR+w6Xwo8Z
+OUiOuOjynKvsJeltdmc0L+cbHZh7j+aHuAqVYxavqaqhFneF0f03t17qju9AixoV
+JXgNT3ru56aZFa6Ov6NhfZfRirGnbNrg2RhuNeYZ4TYLH7iMR36exNFP83glXwXM
+inMd1tsHL7xHLf3KjCbkusA5ncFWcpIUtpuWVn9aAE402dN7BJWfAbkQ4Y3VToR1
+P/T+W6WBldv0i2WlNbfiuAzuapA3EzJwoyTrG2Qyz7EtXM8XZdOZ6oJmW4s7c4V/
+FBT5knNtmXTt78xBBlIPFas5BAJIeV4eADx9MwIDAQABAoIBAQCZTvcynpJuxIxn
+vmItjK5U/4wIBjZNIawQk6BoG7tR2JyJ/1jcjTw4OX/4wr450JRz7MfUJweD5hDb
+OTMtLLNXlG6+YR4vsIUEiSlvhy5srVH0jG5Wq2t6mxBVq7vaRd/OkshnuU79+Pq7
+iHqclS7GSACxYkXWyxE6wtPh5aTWP8joK/LvYFiOqKPilUnLZ4hBhmL7CRUCZ0ZA
+QGNyEhlmiAL+LNKW2RLXPBxlKX21X78ahUQmkkTM0lBK9x6hm4dD3SpLqmZyQQ9M
+UfiMbU6XOYlDva/USZzrvTDlRf9uCG9QOsZzngP1aIy8Cq3QHECOeMIPO9WQLMll
+SyY+SpyJAoGBAP4fhnbDpQC6ekd9TNoU9GE/FNNNGKLh82GDgnGcWU/oIzv8GlaR
+rkEHTb6aRoPpjTxWIjJpScs9kycC+7N3oNo9rub4s5UvllI+EgQ95+j/5fnZx6gO
+la8ousLy1hTYu9C0nTWdTV3YtfC0l0opn7Friv5QafNmhSn74DqrH0BHAoGBANBV
+/NhBDAH1PHzYA+XuNLYTLv56Q4osmoen17nPnFNWb1TtWblzb0yWp86GGDFcs8CZ
+eH0mXCRUzGMSWtOHe4CbIm2brAYXuL2t6+DZ1A22gsnW5avNrosZRS7eN7BE7DDj
+5cp9+Es9UWnArzJU7jSWwAtA6o47WHfHU/pqRB21AoGAGx6eKPqEF2nPNuXmV7e4
+xNAIluw5XtiiMpvoRdubpG1vpS0oWmi9oe73mwm30MgR7Ih8qciWuXvewmENH3/6
+yI+gpMGR2K/1aN166rz4jOMSVfGp3wN/cev00m0774mZsZI03M3mvccs031ST/XV
+Nwf1E2Ldi747I9nfeiNc+G0CgYEAslFHD1ntiyd6VGkYPQ978nPM/2dqs7OluILC
+tHmslfAfbpOQ/ph9JRK2IqDHyEhOWoWBiazxpO8n2Yx2TSNjZBpkh2h8/uIC7+cT
+Q+tuAya6H0ReZISx5sEEZC8zfx4fA2Gs53qWsN+U9W1FB1GGaWC2k2tG1+KXwD3N
+9UJLdxkCgYBB96dsfT7nXmy0JLUz0rQ4umBje6H5uvuaevWdVMEptHB+O7+6CAse
+OVwqlFLQ4QC7s4/P9FQwfr/0uMRInB1aC043Haa1LbiRcRIlSuBDUezK5xidUbz+
+uB/ABkwwEuqW3Ns1+QieJyyfoNYKZ2v0RtYxBuieKOpUCm3oNFZRWg==
+-----END RSA PRIVATE KEY-----
--- a/.ci/docker-compose-file/certs/client.pem
+++ b/.ci/docker-compose-file/certs/client.pem
@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAhoCFCOrAvLNRztbFFcN0zrCQXoj73cHMA0GCSqGSIb3DQEBCwUAMDQx
+EjAQBgNVBAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MB4XDTIzMDMxNzA5MzgzMVoXDTMzMDMxNDA5MzgzMVowdzELMAkGA1UEBhMC
+U0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UEBwwJU3RvY2tob2xtMRIwEAYD
+VQQKDAlNeU9yZ05hbWUxGDAWBgNVBAsMD015U2VydmljZUNsaWVudDESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzs74
+tdftT7xGMGXQSoX/nnFkFAOjNtEVOI3bChzR+w6Xwo8ZOUiOuOjynKvsJeltdmc0
+L+cbHZh7j+aHuAqVYxavqaqhFneF0f03t17qju9AixoVJXgNT3ru56aZFa6Ov6Nh
+fZfRirGnbNrg2RhuNeYZ4TYLH7iMR36exNFP83glXwXMinMd1tsHL7xHLf3KjCbk
+usA5ncFWcpIUtpuWVn9aAE402dN7BJWfAbkQ4Y3VToR1P/T+W6WBldv0i2WlNbfi
+uAzuapA3EzJwoyTrG2Qyz7EtXM8XZdOZ6oJmW4s7c4V/FBT5knNtmXTt78xBBlIP
+Fas5BAJIeV4eADx9MwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBHgfJgMjTgWZXG
+eyzIVxaqzWTLxrT7zPy09Mw4qsAl1TfWg9/r8nuskq4bjBQuKm0k9H0HQXz//eFC
+Qn85qTHyAmZok6c4ljO2P+kTIl3nkKk5zudmeCTy3W9YBdyWvDXQ/GhbywIfO+1Y
+fYA82I5rXVg4c9fUVTNczUFyDNcZzoJoqCS8jwFDtNR0N/fptJN14j8pnYvNV+4c
+hZ+pcnhSoz7dD8WjyYCc/QCajJdTyb15i072HxuGmhwltjnwIE/2xfeXCCeUTzsJ
+8h4/ABRu9VEqjqDQHepXIflYuVhU38SL0f4ly7neMXmytAbXwGLVM+ME81HG60Bw
+8hkfSwKBbEkhUmD6+V1bdUz14I6HjWJt/INtFU+O+MYZbIFt4ep9GKLV3nk97CyL
+fwDv5b4WXdC68iWMZqSrADAXr+VG3DgHqpNItj0XmhY6ihmt5tA3Z6IZJj45TShA
+vRqTCx3Hf6EO3zf4KCrzaPSSSfVLnGKftA/6oz3bl8EK2e2M44lOspRk4l9k+iBR
+sfHPmpiWY0hIiFtd3LD/uGDSBcGkKjU/fLvJZXJpVXwmT9pmK9LzkAPOK1rr97e9
+esHqwe1bo3z7IdeREZ0wdxqGL3BNpm4f1NaIzV/stX+vScau0AyFYXzumjeBIpKa
+Gt0A+dZnUfWG6qn5NiRENXxFQSppaA==
+-----END CERTIFICATE-----
--- a/.ci/docker-compose-file/certs/server.jks
+++ b/.ci/docker-compose-file/certs/server.jks
--- a/.ci/docker-compose-file/certs/server.p12
+++ b/.ci/docker-compose-file/certs/server.p12
--- a/.ci/docker-compose-file/certs/truststore.jks
+++ b/.ci/docker-compose-file/certs/truststore.jks
--- a/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_cassa_SUITE.erl
+++ b/lib-ee/emqx_ee_bridge/test/emqx_ee_bridge_cassa_SUITE.erl
@ -37,6 +37,15 @@
 -define(CASSA_PASSWORD, "public").
 -define(BATCH_SIZE, 10).

+%% cert files for client
+-define(CERT_ROOT,
+    filename:join([emqx_common_test_helpers:proj_root(), ".ci", "docker-compose-file", "certs"])
+).
+
+-define(CAFILE, filename:join(?CERT_ROOT, ["ca.crt"])).
+-define(CERTFILE, filename:join(?CERT_ROOT, ["client.pem"])).
+-define(KEYFILE, filename:join(?CERT_ROOT, ["client.key"])).
+
 %%------------------------------------------------------------------------------
 %% CT boilerplate
 %%------------------------------------------------------------------------------
@ -196,6 +205,10 @@ cassa_config(BridgeType, Config) ->
            "  }\n"
            "  ssl = {\n"
            "    enable = ~w\n"
+            "    cacertfile = \"~s\"\n"
+            "    certfile = \"~s\"\n"
+            "    keyfile = \"~s\"\n"
+            "    server_name_indication = disable\n"
            "  }\n"
            "}",
            [
@ -208,7 +221,10 @@ cassa_config(BridgeType, Config) ->
                ?SQL_BRIDGE,
                BatchSize,
                QueryMode,
-                TlsEnabled
+                TlsEnabled,
+                ?CAFILE,
+                ?CERTFILE,
+                ?KEYFILE
            ]
        ),
    {Name, parse_and_check(ConfigString, BridgeType, Name)}.
@ -257,12 +273,18 @@ connect_direct_cassa(Config) ->
        password => ?CASSA_PASSWORD,
        keyspace => ?CASSA_KEYSPACE
    },
-
    SslOpts =
        case ?config(enable_tls, Config) of
            true ->
                Opts#{
-                    ssl => emqx_tls_lib:to_client_opts(#{enable => true})
+                    ssl => emqx_tls_lib:to_client_opts(
+                        #{
+                            enable => true,
+                            cacertfile => ?CAFILE,
+                            certfile => ?CERTFILE,
+                            keyfile => ?KEYFILE
+                        }
+                    )
                };
            false ->
                Opts
@ -272,6 +294,8 @@ connect_direct_cassa(Config) ->

 % These funs connect and then stop the cassandra connection
 connect_and_create_table(Config) ->
+    %% XXX: drop first
+    _ = connect_and_drop_table(Config),
    Con = connect_direct_cassa(Config),
    {ok, _} = ecql:query(Con, ?SQL_CREATE_TABLE),
    ok = ecql:close(Con).
--- a/lib-ee/emqx_ee_connector/src/emqx_ee_connector_cassa.erl
+++ b/lib-ee/emqx_ee_connector/src/emqx_ee_connector_cassa.erl
@ -127,7 +127,6 @@ on_start(
        {pool_size, PoolSize}
    ],

-    %% FIXME: how to set tls options
    SslOpts =
        case maps:get(enable, SSL) of
            true ->