test(CI): add cts

.ci/apps_tests/.env

@@ -1,5 +1,5 @@
-MYSQL_VSN=5.7
+MYSQL_TAG=5.7
-REDIS_VSN=6
+REDIS_TAG=6
-MONGO_VSN=4.1
+MONGO_TAG=4.1
-PGSQL_VSN=11
+PGSQL_TAG=11
-LDAP_VSN=2.4.50
+LDAP_TAG=2.4.50

.ci/apps_tests/docker-compose.yaml

@@ -19,7 +19,7 @@ services:
 
   mysql_server:
     container_name: mysql
-    image: mysql:${MYSQL_VSN}
+    image: mysql:${MYSQL_TAG}
     restart: always
     ports:
       - 3306:3306
@@ -47,7 +47,7 @@ services:
 
   redis_server:
     container_name: redis
-    image: redis:${REDIS_VSN}
+    image: redis:${REDIS_TAG}
     ports:
       - 6379:6379
     command:
@@ -65,7 +65,7 @@ services:
 
   mongo_server:
     container_name: mongo
-    image: mongo:${MONGO_VSN}
+    image: mongo:${MONGO_TAG}
     ports:
       - 27017:27017
     restart: always
@@ -83,7 +83,7 @@ services:
 
   pgsql_server:
     container_name: pgsql
-    image: postgres:${PGSQL_VSN}
+    image: postgres:${PGSQL_TAG}
     ports:
       - 5432:5432
     restart: always
@@ -99,7 +99,7 @@ services:
     build:
       context: ./emqx_ldap
       args: 
-        LDAP_VSN: ${LDAP_VSN}
+        LDAP_TAG: ${LDAP_TAG}
     image: emqx-ldap:1.0
     ports:
       - 389:389

.ci/apps_tests/emqx_ldap/Dockerfile

@@ -1,13 +1,13 @@
 FROM buildpack-deps:stretch
 
-ARG LDAP_VSN=2.4.50
+ARG LDAP_TAG=2.4.50
 
 RUN apt-get update && apt-get install -y groff groff-base
-RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${LDAP_VSN}.tgz \
+RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${LDAP_TAG}.tgz \
-    && gunzip -c openldap-${LDAP_VSN}.tgz | tar xvfB - \
+    && gunzip -c openldap-${LDAP_TAG}.tgz | tar xvfB - \
-    && cd openldap-${LDAP_VSN} \
+    && cd openldap-${LDAP_TAG} \
     && ./configure && make depend && make && make install \
-    && cd .. && rm -rf  openldap-${LDAP_VSN}
+    && cd .. && rm -rf  openldap-${LDAP_TAG}
 
 COPY ./slapd.conf /usr/local/etc/openldap/slapd.conf
 COPY ./schema/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif

.ci/compatibility_tests/docker-compose-ldap.yaml

@@ -0,0 +1,40 @@
+version: '3'
+
+services:
+  erlang:
+    container_name: erlang
+    image: erlang:22.3
+    depends_on:
+      - ldap_server
+    networks:
+      - emqx_bridge
+    volumes:
+      - ../../.:/emqx
+    working_dir: /emqx
+    tty: true
+
+  ldap_server:
+    container_name: ldap
+    build:
+      context: ./openldap
+      args: 
+        LDAP_TAG: ${LDAP_TAG}
+    image: openldap 
+    ports:
+      - 389:389
+    restart: always
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.239.0/24
+          gateway: 172.100.239.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-mongo-tls.yaml

@@ -0,0 +1,43 @@
+version: '3'
+
+services:
+  erlang:
+    container_name: erlang
+    image: erlang:22.3
+    volumes:
+      - ../../:/emqx
+    working_dir: /emqx
+    networks:
+      - emqx_bridge
+    depends_on:
+      - mongo_server
+    tty: true
+
+  mongo_server:
+    container_name: mongo 
+    image: mongo:${MONGO_TAG}
+    restart: always
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    volumes:
+        - ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem
+    networks:
+      - emqx_bridge
+    command:
+      --ipv6
+      --bind_ip_all
+      --sslMode requireSSL
+      --sslPEMKeyFile /etc/certs/mongodb.pem
+
+networks:
+  emqx_bridge:
+    driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-mongo.yaml

@@ -2,9 +2,11 @@ version: '3'
 
 services:
   erlang:
-    image: erlang:22.1
+    container_name: erlang
+    image: erlang:22.3
     volumes:
-      - ./:/emqx_auth_mongo
+      - ../..:/emqx
+    working_dir: /emqx
     networks:
       - emqx_bridge
     depends_on:
@@ -12,20 +14,26 @@ services:
     tty: true
 
   mongo_server:
+    container_name: mongo 
     image: mongo:${MONGO_TAG}
     restart: always
     environment:
       MONGO_INITDB_DATABASE: mqtt
-    volumes:
-        - ./test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem
     networks:
       - emqx_bridge
     command:
       --ipv6
       --bind_ip_all
-      --sslMode requireSSL
-      --sslPEMKeyFile /etc/certs/mongodb.pem
 
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-mysql-tls.yaml

@@ -2,9 +2,11 @@ version: '3'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ./:/emqx_auth_mysql
+      - ../../:/emqx
+    working_dir: /emqx
     networks:
       - emqx_bridge
     depends_on:
@@ -12,15 +14,16 @@ services:
     tty: true
 
   mysql_server:
+    container_name: mysql
     image: mysql:${MYSQL_TAG}
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: public
       MYSQL_DATABASE: mqtt
     volumes:
-      - ./test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem
+      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem
-      - ./test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem
+      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem
-      - ./test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem
+      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem
     networks:
       - emqx_bridge
     command:
@@ -39,3 +42,12 @@ services:
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-mysql.yaml

@@ -2,9 +2,11 @@ version: '3'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ./:/emqx_auth_mysql
+      - ../../:/emqx
+    working_dir: /emqx
     networks:
       - emqx_bridge
     depends_on:
@@ -12,6 +14,7 @@ services:
     tty: true
 
   mysql_server:
+    container_name: mysql
     image: mysql:${MYSQL_TAG}
     restart: always
     environment:
@@ -32,3 +35,12 @@ services:
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-pgsql-tls.yaml

@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+  erlang:
+    container_name: erlang
+    image: erlang:22.3
+    volumes:
+      - ../../:/emqx
+    working_dir: /emqx
+    networks:
+      - emqx_bridge
+    depends_on:
+      - pgsql_server
+    tty: true
+
+  pgsql_server:
+    container_name: pgsql
+    image: postgres:${PGSQL_TAG}
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: public
+      POSTGRES_USER: root
+      POSTGRES_DB: mqtt
+    volumes:
+      - ../../apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/pg.conf:/etc/postgresql/postgresql.conf
+      - ../../apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem:/etc/postgresql/server-cert.pem
+      - ../../apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem:/etc/postgresql/server-key.pem
+    command:
+      - -c
+      - config_file=/etc/postgresql/postgresql.conf
+    networks:
+      - emqx_bridge
+
+networks:
+  emqx_bridge:
+    driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-pgsql.yaml

@@ -2,9 +2,11 @@ version: '3'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_pgsql
+      - ../../:/emqx
+    working_dir: /emqx
     networks:
       - emqx_bridge
     depends_on:
@@ -12,11 +14,8 @@ services:
     tty: true
 
   pgsql_server:
-    build:
+    container_name: pgsql
-        context: ./pgsql
+    image: postgres:${PGSQL_TAG}
-        args:
-            BUILD_FROM: postgres:${PGSQL_TAG}
-    image: emqx-pgsql
     restart: always
     environment:
       POSTGRES_PASSWORD: public
@@ -28,3 +27,12 @@ services:
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-redis-cluster-tls.yaml

@@ -4,20 +4,22 @@ version: '2.4'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_redis
+      - ../..:/emqx
     networks:
       - app_net
     depends_on:
       - redis_cluster
+    working_dir: /emqx
     tty: true
 
   redis_cluster:
-    image: redis:6.0.9
+    container_name: redis
-    container_name: redis-cluster
+    image: redis:${REDIS_TAG}
     volumes:
-      - ../test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node cluster --tls-enabled && while true; do echo 1; sleep 1; done"
     networks:
@@ -36,4 +38,4 @@ networks:
         - subnet: 172.16.239.0/24
           gateway: 172.16.239.1
         - subnet: 2001:3200:3200::/64
-          gateway: 2001:3200:3200::1
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-redis-cluster.yaml

@@ -4,18 +4,20 @@ version: '2.4'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_redis
+      - ../..:/emqx
     networks:
       - app_net
     depends_on:
       - redis_cluster
+    working_dir: /emqx
     tty: true
 
   redis_cluster:
     image: redis:${REDIS_TAG}
-    container_name: redis-cluster
+    container_name: redis
     volumes:
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node cluster && while true; do echo 1; sleep 1; done"
@@ -35,4 +37,4 @@ networks:
         - subnet: 172.16.239.0/24
           gateway: 172.16.239.1
         - subnet: 2001:3200:3200::/64
-          gateway: 2001:3200:3200::1
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-redis-sentinel.yaml

@@ -4,18 +4,20 @@ version: '2.4'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_redis
+      - ../..:/emqx
     networks:
       - app_net
     depends_on:
       - redis_cluster
+    working_dir: /emqx
     tty: true
 
   redis_cluster:
+    container_name: redis
     image: redis:${REDIS_TAG}
-    container_name: redis-cluster
     volumes:
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel && while true; do echo 1; sleep 1; done"
@@ -35,4 +37,4 @@ networks:
         - subnet: 172.16.239.0/24
           gateway: 172.16.239.1
         - subnet: 2001:3200:3200::/64
-          gateway: 2001:3200:3200::1
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-redis-singer-tls.yaml

@@ -2,19 +2,22 @@ version: '3'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_redis
+      - ../..:/emqx
     networks:
       - emqx_bridge
     depends_on:
       - redis_server
+    working_dir: /emqx
     tty: true
 
   redis_server:
-    image: redis:6.0.9
+    container_name: redis 
+    image: redis:${REDIS_TAG}
     volumes:
-      - ../test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls
     command:
       - redis-server
       - "--bind 0.0.0.0 ::"
@@ -29,3 +32,12 @@ services:
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/docker-compose-redis-singer.yaml

@@ -2,16 +2,19 @@ version: '3'
 
 services:
   erlang:
+    container_name: erlang
     image: erlang:22.3
     volumes:
-      - ../:/emqx_auth_redis    
+      - ../..:/emqx
     networks:
       - emqx_bridge
     depends_on:
       - redis_server
+    working_dir: /emqx
     tty: true
 
   redis_server:
+    container_name: redis 
     image: redis:${REDIS_TAG}
     command:
         - redis-server
@@ -23,3 +26,12 @@ services:
 networks:
   emqx_bridge:
     driver: bridge
+    name: emqx_bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.100.100.0/24
+          gateway: 172.100.100.1
+        - subnet: 2001:3200:3200::/64
+          gateway: 2001:3200:3200::1

.ci/compatibility_tests/openldap/Dockerfile

@@ -0,0 +1,26 @@
+FROM buildpack-deps:stretch
+
+ARG LDAP_TAG=2.4.50
+
+RUN apt-get update && apt-get install -y groff groff-base
+RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-${LDAP_TAG}.tgz \
+    && gunzip -c openldap-${LDAP_TAG}.tgz | tar xvfB - \
+    && cd openldap-${LDAP_TAG} \
+    && ./configure && make depend && make && make install \
+    && cd .. && rm -rf  openldap-${LDAP_TAG}
+
+COPY ./slapd.conf /usr/local/etc/openldap/slapd.conf
+COPY ./schema/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
+COPY ./schema/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
+COPY ./certs/*.pem /usr/local/etc/openldap/
+
+RUN mkdir -p /usr/local/etc/openldap/data \
+    && slapadd -l /usr/local/etc/openldap/schema/emqx.io.ldif -f /usr/local/etc/openldap/slapd.conf
+
+WORKDIR /usr/local/etc/openldap
+
+EXPOSE 389 636
+
+ENTRYPOINT ["/usr/local/libexec/slapd", "-h", "ldap:/// ldaps:///", "-d", "3", "-f", "/usr/local/etc/openldap/slapd.conf"]
+
+CMD []

.ci/compatibility_tests/openldap/certs/cacert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
+BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD
+DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE
+AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1
+EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2
+juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur
+MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ
+uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D
+tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ
+KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj
+EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa
+ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5
+CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y
+E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo
+88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30
+IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg==
+-----END CERTIFICATE-----

.ci/compatibility_tests/openldap/certs/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
+MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
+MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x
+ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl
+cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn
+AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW
+Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT
+8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7
+4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc
+lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080
+BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
+BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt
+iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa
+sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp
+iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH
+UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n
+KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ=
+-----END CERTIFICATE-----

.ci/compatibility_tests/openldap/certs/client-cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
+MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
+MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x
+ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6
+TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW
+1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt
+dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV
+PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa
+nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i
+eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
+BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk
+M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z
+5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd
+UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR
+jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl
+goraNgPISnrbpR6KjxLZkVembXzjNNc=
+-----END CERTIFICATE-----

.ci/compatibility_tests/openldap/certs/client-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X
+EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO
+LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v
+561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD
+BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE
+C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq
+uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD
+UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW
+5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2
+ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH
+5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg
+w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX
+Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x
+xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A
+Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl
+zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td
+EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA
+Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w
+fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn
+O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr
+H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx
+gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms
+n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j
+ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp
+asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
+-----END RSA PRIVATE KEY-----

.ci/compatibility_tests/openldap/certs/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi
+sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep
+OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf
+wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn
+s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t
+zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/
+n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF
+V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N
+WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG
+xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm
+ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C
+Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49
+ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R
+/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY
+uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb
+yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+
+Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF
+zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB
+0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG
+jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA
+OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP
+vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog
+q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd
+rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55
+RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3
+-----END RSA PRIVATE KEY-----

.ci/compatibility_tests/openldap/schema/emqx.io.ldif

@@ -0,0 +1,135 @@
+## create emqx.io
+
+dn:dc=emqx,dc=io
+objectclass: top
+objectclass: dcobject
+objectclass: organization
+dc:emqx
+o:emqx,Inc.
+
+# create testdevice.emqx.io
+dn:ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectclass:organizationalUnit
+ou:testdevice
+
+# create user admin
+dn:uid=admin,ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectClass: simpleSecurityObject
+objectClass: account
+userPassword:: e1NIQX1XNnBoNU1tNVB6OEdnaVVMYlBnekczN21qOWc9
+uid: admin
+
+## create user=mqttuser0001,
+#         password=mqttuser0001,
+#         passhash={SHA}mlb3fat40MKBTXUVZwCKmL73R/0=
+#         base64passhash=e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
+dn:uid=mqttuser0001,ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectClass: mqttUser
+objectClass: mqttDevice
+objectClass: mqttSecurity
+uid: mqttuser0001
+isEnabled: TRUE
+mqttAccountName: user1
+mqttPublishTopic: mqttuser0001/pub/1
+mqttPublishTopic: mqttuser0001/pub/+
+mqttPublishTopic: mqttuser0001/pub/#
+mqttSubscriptionTopic: mqttuser0001/sub/1
+mqttSubscriptionTopic: mqttuser0001/sub/+
+mqttSubscriptionTopic: mqttuser0001/sub/#
+mqttPubSubTopic: mqttuser0001/pubsub/1
+mqttPubSubTopic: mqttuser0001/pubsub/+
+mqttPubSubTopic: mqttuser0001/pubsub/#
+userPassword:: e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
+
+## create user=mqttuser0002
+#         password=mqttuser0002,
+#         passhash={SSHA}n9XdtoG4Q/TQ3TQF4Y+khJbMBH4qXj4M
+#         base64passhash=e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
+dn:uid=mqttuser0002,ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectClass: mqttUser
+objectClass: mqttDevice
+objectClass: mqttSecurity
+uid: mqttuser0002
+isEnabled: TRUE
+mqttAccountName: user2
+mqttPublishTopic: mqttuser0002/pub/1
+mqttPublishTopic: mqttuser0002/pub/+
+mqttPublishTopic: mqttuser0002/pub/#
+mqttSubscriptionTopic: mqttuser0002/sub/1
+mqttSubscriptionTopic: mqttuser0002/sub/+
+mqttSubscriptionTopic: mqttuser0002/sub/#
+mqttPubSubTopic: mqttuser0002/pubsub/1
+mqttPubSubTopic: mqttuser0002/pubsub/+
+mqttPubSubTopic: mqttuser0002/pubsub/#
+userPassword:: e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
+
+## create user mqttuser0003
+#         password=mqttuser0003,
+#         passhash={MD5}ybsPGoaK3nDyiQvveiCOIw==
+#         base64passhash=e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
+dn:uid=mqttuser0003,ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectClass: mqttUser
+objectClass: mqttDevice
+objectClass: mqttSecurity
+uid: mqttuser0003
+isEnabled: TRUE
+mqttPublishTopic: mqttuser0003/pub/1
+mqttPublishTopic: mqttuser0003/pub/+
+mqttPublishTopic: mqttuser0003/pub/#
+mqttSubscriptionTopic: mqttuser0003/sub/1
+mqttSubscriptionTopic: mqttuser0003/sub/+
+mqttSubscriptionTopic: mqttuser0003/sub/#
+mqttPubSubTopic: mqttuser0003/pubsub/1
+mqttPubSubTopic: mqttuser0003/pubsub/+
+mqttPubSubTopic: mqttuser0003/pubsub/#
+userPassword:: e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
+
+## create user mqttuser0004
+#         password=mqttuser0004,
+#         passhash={MD5}2Br6pPDSEDIEvUlu9+s+MA==
+#         base64passhash=e01ENX0yQnI2cFBEU0VESUV2VWx1OStzK01BPT0=
+dn:uid=mqttuser0004,ou=testdevice,dc=emqx,dc=io
+objectClass: top
+objectClass: mqttUser
+objectClass: mqttDevice
+objectClass: mqttSecurity
+uid: mqttuser0004
+isEnabled: TRUE
+mqttPublishTopic: mqttuser0004/pub/1
+mqttPublishTopic: mqttuser0004/pub/+
+mqttPublishTopic: mqttuser0004/pub/#
+mqttSubscriptionTopic: mqttuser0004/sub/1
+mqttSubscriptionTopic: mqttuser0004/sub/+
+mqttSubscriptionTopic: mqttuser0004/sub/#
+mqttPubSubTopic: mqttuser0004/pubsub/1
+mqttPubSubTopic: mqttuser0004/pubsub/+
+mqttPubSubTopic: mqttuser0004/pubsub/#
+userPassword: {MD5}2Br6pPDSEDIEvUlu9+s+MA==
+
+## create user mqttuser0005
+#         password=mqttuser0005,
+#         passhash={SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
+#         base64passhash=e1NIQX1qS254ZUVER1IxNGtFOEFSN3l1VkZPZWxoejQ9
+objectClass: top
+dn:uid=mqttuser0005,ou=testdevice,dc=emqx,dc=io
+objectClass: mqttUser
+objectClass: mqttDevice
+objectClass: mqttSecurity
+uid: mqttuser0005
+isEnabled: TRUE
+mqttPublishTopic: mqttuser0005/pub/1
+mqttPublishTopic: mqttuser0005/pub/+
+mqttPublishTopic: mqttuser0005/pub/#
+mqttSubscriptionTopic: mqttuser0005/sub/1
+mqttSubscriptionTopic: mqttuser0005/sub/+
+mqttSubscriptionTopic: mqttuser0005/sub/#
+mqttPubSubTopic: mqttuser0005/pubsub/1
+mqttPubSubTopic: mqttuser0005/pubsub/+
+mqttPubSubTopic: mqttuser0005/pubsub/#
+userPassword: {SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
+

.ci/compatibility_tests/openldap/schema/emqx.schema

@@ -0,0 +1,46 @@
+#
+# Preliminary Apple OS X Native LDAP Schema
+# This file is subject to change.
+#
+attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.1.3 NAME 'isEnabled'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+
+attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.1 NAME ( 'mqttPublishTopic' 'mpt' )
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.2 NAME ( 'mqttSubscriptionTopic' 'mst' )
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.3 NAME ( 'mqttPubSubTopic' 'mpst' )
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.4 NAME ( 'mqttAccountName' 'man' )
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+
+
+objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4 NAME 'mqttUser'
+	AUXILIARY
+	MAY ( mqttPublishTopic $ mqttSubscriptionTopic $ mqttPubSubTopic $ mqttAccountName) )
+
+objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.2 NAME 'mqttDevice'
+	SUP top
+	STRUCTURAL
+	MUST ( uid )
+	MAY ( isEnabled ) )
+
+objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.3 NAME 'mqttSecurity'
+	SUP top
+	AUXILIARY
+	MAY ( userPassword $ userPKCS12 $ pwdAttribute $ pwdLockout ) )

.ci/compatibility_tests/openldap/slapd.conf

@@ -0,0 +1,16 @@
+include         /usr/local/etc/openldap/schema/core.schema
+include         /usr/local/etc/openldap/schema/cosine.schema
+include         /usr/local/etc/openldap/schema/inetorgperson.schema
+include         /usr/local/etc/openldap/schema/ppolicy.schema
+include         /usr/local/etc/openldap/schema/emqx.schema
+
+TLSCACertificateFile  /usr/local/etc/openldap/cacert.pem
+TLSCertificateFile    /usr/local/etc/openldap/cert.pem
+TLSCertificateKeyFile /usr/local/etc/openldap/key.pem
+
+database bdb
+suffix "dc=emqx,dc=io"
+rootdn "cn=root,dc=emqx,dc=io"
+rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
+
+directory       /usr/local/etc/openldap/data

.github/workflows/run_cts_tests.yaml

@@ -0,0 +1,300 @@
+name: Compatibility Test Suite
+
+on:
+  push:
+  release:
+    types:
+      - published
+  pull_request:
+  workflow_dispatch:
+  repository_dispatch:
+    types: [run_actions]
+
+jobs:
+  ldap:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        ldap_tag:
+        - 2.4.50
+        network_type:
+        - ipv4
+        - ipv6
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup
+        env:
+          LDAP_TAG: ${{ matrix.ldap_tag }}
+        run: |
+          cp -f apps/emqx_auth_ldap/emqx.io.ldif .ci/apps_tests/emqx_ldap/schema
+          cp -f apps/emqx_auth_ldap/emqx.schema  .ci/apps_tests/emqx_ldap/schema
+          cp -f apps/emqx_auth_ldap/test/certs/* .ci/apps_tests/emqx_ldap/certs
+          docker-compose -f .ci/apps_tests/docker-compose.yaml build --no-cache
+          docker-compose -f .ci/compatibility_tests/docker-compose-ldap.yaml up -d
+      - name: setup
+        if: matrix.network_type == 'ipv4'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap)
+          sed -i "/auth.ldap.servers/c auth.ldap.servers = $server_address" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+      - name: setup
+        if: matrix.network_type == 'ipv6'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' ldap)
+          sed -i "/auth.ldap.servers/c auth.ldap.servers = $server_address" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+      - name: run test cases
+        run: |
+          docker exec -i erlang sh -c "make ensure-rebar3"
+          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_ldap"
+          docker exec -i erlang sh -c "./rebar3 ct    --dir apps/emqx_auth_ldap"
+      - uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs_ldap${{ matrix.ldap_tag }}_${{ matrix.network_type }}
+          path: _build/test/logs
+
+  mongo:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        mongo_tag:
+        - 3
+        - 4
+        network_type:
+        - ipv4
+        - ipv6
+        connect_type:
+        - tls
+        - tcp
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup
+        env:
+          MONGO_TAG: ${{ matrix.mongo_tag }}
+        if: matrix.connect_type == 'tls'
+        run: |
+          docker-compose -f .ci/compatibility_tests/docker-compose-mongo-tls.yaml up -d
+          echo 'auth.mongo.ssl = true' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl_opts.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl_opts.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+          echo 'auth.mongo.ssl_opts.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem' >> apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+      - name: setup
+        env:
+          MONGO_TAG: ${{ matrix.mongo_tag }}
+        if: matrix.connect_type == 'tcp'
+        run: docker-compose -f .ci/compatibility_tests/docker-compose-mongo.yaml up -d
+      - name: setup
+        if: matrix.network_type == 'ipv4'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongo)
+          sed -i "/auth.mongo.server/c auth.mongo.server = $server_address:27017" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+      - name: setup
+        if: matrix.network_type == 'ipv6'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mongo)
+          sed -i "/auth.mongo.server/c auth.mongo.server = $server_address:27017" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+      - name: run test cases
+        run: |
+          docker exec -i erlang sh -c "make ensure-rebar3"
+          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mongo"
+          docker exec -i erlang sh -c "./rebar3 ct    --dir apps/emqx_auth_mongo"
+      - uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs_mongo${{ matrix.mongo_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
+          path: _build/test/logs
+
+  mysql:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        mysql_tag:
+        - 5.7
+        - 8
+        network_type:
+        - ipv4
+        - ipv6
+        connect_type:
+        - tls
+        - tcp
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup
+        env:
+          MYSQL_TAG: ${{ matrix.mysql_tag }}
+        if: matrix.connect_type == 'tls'
+        run: |
+          docker-compose -f .ci/compatibility_tests/docker-compose-mysql-tls.yaml up -d
+          echo '\n' >> apps/emqx_auth_mongo/etc/emqx_auth_mysql.conf
+          echo 'auth.mysql.ssl = on' >> apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          echo "auth.mysql.ssl.cafile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem" >> apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          echo "auth.mysql.ssl.certfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem" >> apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+          echo "auth.mysql.ssl.keyfile =  /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem" >> apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+      - name: setup
+        env:
+          MYSQL_TAG: ${{ matrix.mysql_tag }}
+        if: matrix.connect_type == 'tcp'
+        run: docker-compose -f .ci/compatibility_tests/docker-compose-mysql.yaml up -d
+      - name: setup
+        if: matrix.network_type == 'ipv4'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql)
+          sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+      - name: setup
+        if: matrix.network_type == 'ipv6'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mysql)
+          sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+      - name: run test cases
+        run: |
+          docker exec -i erlang sh -c "make ensure-rebar3"
+          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mysql"
+          docker exec -i erlang sh -c "./rebar3 ct    --dir apps/emqx_auth_mysql"
+      - uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs_mysql${{ matrix.mysql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
+          path: _build/test/logs
+
+  pgsql:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        pgsql_tag:
+        - 9
+        - 10
+        - 11
+        - 12
+        - 13
+        network_type:
+        - ipv4
+        - ipv6
+        connect_type:
+            # - tls
+        - tcp
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup
+        env:
+          PGSQL_TAG: ${{ matrix.pgsql_tag }}
+        if: matrix.connect_type == 'tls'
+        run: |
+          docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
+          echo '\n' >> apps/emqx_auth_mongo/etc/emqx_auth_pgsql.conf
+          echo 'auth.pgsql.ssl = true' >> apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          echo "auth.pgsql.ssl_opts.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem" >> apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          echo "auth.pgsql.ssl_opts.certfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem" >> apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          echo "auth.pgsql.ssl_opts.keyfile =  /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem" >> apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+      - name: setup
+        env:
+          PGSQL_TAG: ${{ matrix.pgsql_tag }}
+        if: matrix.connect_type == 'tcp'
+        run: docker-compose -f .ci/compatibility_tests/docker-compose-pgsql.yaml up -d
+      - name: setup
+        if: matrix.network_type == 'ipv4'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql)
+          sed -i "/auth.pgsql.server/c auth.pgsql.server = $server_address:5432" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+      - name: setup
+        if: matrix.network_type == 'ipv6'
+        run: |
+          server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' pgsql)
+          sed -i "/auth.pgsql.server/c auth.pgsql.server = $server_address:5432" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+      - name: run test cases
+        run: |
+          docker exec -i erlang sh -c "make ensure-rebar3"
+          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_pgsql"
+          docker exec -i erlang sh -c "./rebar3 ct    --dir apps/emqx_auth_pgsql"
+      - uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs_pgsql${{ matrix.pgsql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
+          path: _build/test/logs
+
+  redis:
+    runs-on: ubuntu-20.04
+
+    strategy:
+      matrix:
+        redis_tag:
+        - 5
+        - 6
+        network_type:
+        - ipv4
+        - ipv6
+        connect_type:
+        - tls
+        - tcp
+        node_type:
+        - singer
+        - cluster
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: setup
+        env:
+          REDIS_TAG: ${{ matrix.redis_tag }}
+        if: matrix.connect_type == 'tls' && matrix.redis_tag != '5'
+        run: |
+          set -exu
+          docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}-tls.yaml up -d
+          echo '\n' >> apps/emqx_auth_mongo/etc/emqx_auth_redis.conf
+          echo 'auth.redis.ssl = on' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.cafile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          echo 'auth.redis.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key' >> apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+      - name: setup
+        env:
+          REDIS_TAG: ${{ matrix.redis_tag }}
+        if: matrix.connect_type == 'tcp'
+        run: docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}.yaml up -d
+      - name: get server address
+        if: matrix.connect_type == 'tcp' || (matrix.connect_type == 'tls' && matrix.redis_tag != '5')
+        run: |
+          set -exu
+          ipv4_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redis)
+          ipv6_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' redis)
+          echo "redis_ipv4_address=$ipv4_address" >> $GITHUB_ENV
+          echo "redis_ipv6_address=$ipv6_address" >> $GITHUB_ENV
+      - name: setup
+        if: matrix.node_type == 'singer' && matrix.connect_type == 'tcp'
+        run: |
+          set -exu
+          sed -i "/auth.redis.server/c auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6379" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+      - name: setup
+        if: matrix.node_type == 'singer' && matrix.connect_type == 'tls' && matrix.redis_tag != '5'
+        run: |
+          set -exu
+          sed -i "/auth.redis.server/c auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6380" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+      - name: setup
+        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tcp'
+        run: |
+          set -exu
+          sed -i "/auth.redis.type/c auth.redis.type = cluster" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "/auth.redis.server/c auth.redis.server = ${redis_${{ matrix.network_type }}_address}:7000, ${redis_${{ matrix.network_type }}_address}:7001, ${redis_${{ matrix.network_type }}_address}:7002" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+      - name: setup
+        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tls' && matrix.redis_tag != '5' 
+        run: |
+          set -exu
+          sed -i "/auth.redis.type/c auth.redis.type = cluster" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+          sed -i "/auth.redis.server/c auth.redis.server = ${redis_${{ matrix.network_type }}_address}:8000, ${redis_${{ matrix.network_type }}_address}:8001, ${redis_${{ matrix.network_type }}_address}:8002" apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+      - name: run test cases
+        if: matrix.connect_type == 'tcp' || (matrix.connect_type == 'tls' && matrix.redis_tag != '5')
+        run: |
+          docker exec -i erlang sh -c "make ensure-rebar3"
+          docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_redis"
+          docker exec -i erlang sh -c "./rebar3 ct    --dir apps/emqx_auth_redis"
+      - uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs_redis${{ matrix.redis_tag }}_${{ matrix.node_type }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
+          path: _build/test/logs
+
+

.github/workflows/run_test_cases.yaml

@@ -18,21 +18,21 @@ jobs:
 
         strategy:
           matrix:
-            mysql_vsn: [5.7, 8]
+            mysql_tag: [5.7]
-            redis_vsn: [6]
+            redis_tag: [6]
-            mongo_vsn: [3, 4]
+            mongo_tag: [3, 4]
-            pgsql_vsn: [11, 12, 13]
+            pgsql_tag: [13]
-            ldap_vsn: [2.4.50]
+            ldap_tag: [2.4.50]
 
         steps:
         - uses: actions/checkout@v2
         - name: set up
           env:
-            MYSQL_VSN: ${{ matrix.mysql_vsn }}
+            MYSQL_TAG: ${{ matrix.mysql_tag }}
-            REDIS_VSN: ${{ matrix.redis_vsn }}
+            REDIS_TAG: ${{ matrix.redis_tag }}
-            MONGO_VSN: ${{ matrix.mongo_vsn }}
+            MONGO_TAG: ${{ matrix.mongo_tag }}
-            PGSQL_VSN: ${{ matrix.pgsql_vsn }}
+            PGSQL_TAG: ${{ matrix.pgsql_tag }}
-            LDAP_VSN: ${{ matrix.ldap_vsn }}
+            LDAP_TAG: ${{ matrix.ldap_tag }}
           run: |
             cp -f apps/emqx_auth_ldap/emqx.io.ldif .ci/apps_tests/emqx_ldap/schema
             cp -f apps/emqx_auth_ldap/emqx.schema  .ci/apps_tests/emqx_ldap/schema
@@ -68,9 +68,9 @@ jobs:
         - uses: actions/upload-artifact@v1
           if: failure()
           with:
-            name: logs_mysql${{ matrix.mysql_vsn }}_reids${{ matrix.redis_vsn }}_mongo${{ matrix.mongo_vsn }}_pgsql${{ matrix.pgsql_vsn }}_ldap${{ matrix.ldap_vsn }}
+            name: logs_mysql${{ matrix.mysql_tag }}_reids${{ matrix.redis_tag }}_mongo${{ matrix.mongo_tag }}_pgsql${{ matrix.pgsql_tag }}_ldap${{ matrix.ldap_tag }}
             path: _build/test/logs
         - uses: actions/upload-artifact@v1
           with:
-            name: cover_mysql${{ matrix.mysql_vsn }}_reids${{ matrix.redis_vsn }}_mongo${{ matrix.mongo_vsn }}_pgsql${{ matrix.pgsql_vsn }}_ldap${{ matrix.ldap_vsn }}
+            name: cover_mysql${{ matrix.mysql_tag }}_reids${{ matrix.redis_tag }}_mongo${{ matrix.mongo_tag }}_pgsql${{ matrix.pgsql_tag }}_ldap${{ matrix.ldap_tag }}
             path: _build/test/cover

apps/emqx_auth_mongo/docker-compose.yml

@@ -1,27 +0,0 @@
-version: '3'
-
-services:
-  erlang:
-    image: erlang:22.1
-    volumes:
-      - ./:/emqx_auth_mongo
-    networks:
-      - emqx_bridge
-    depends_on:
-      - mongo_server
-    tty: true
-
-  mongo_server:
-    image: mongo:${MONGO_TAG}
-    restart: always
-    environment:
-      MONGO_INITDB_DATABASE: mqtt
-    networks:
-      - emqx_bridge
-    command:
-      --ipv6
-      --bind_ip_all
-
-networks:
-  emqx_bridge:
-    driver: bridge

apps/emqx_auth_pgsql/.ci/pgsql/Dockerfile

@@ -1,8 +0,0 @@
-ARG BUILD_FROM=postgres:11
-FROM ${BUILD_FROM}
-COPY pg.conf /etc/postgresql/postgresql.conf
-COPY server-cert.pem /etc/postgresql/server-cert.pem
-COPY server-key.pem /etc/postgresql/server-key.pem
-RUN chown -R postgres:postgres /etc/postgresql \
-    && chmod 600 /etc/postgresql/*.pem 
-CMD ["-c", "config_file=/etc/postgresql/postgresql.conf"]

apps/emqx_auth_redis/etc/emqx_auth_redis.conf

@@ -113,4 +113,5 @@ auth.redis.acl_cmd = HGETALL mqtt_acl:%u
 ## Client ssl keyfile.
 ##
 ## Value: File
-#auth.redis.keyfile = path/to/your/keyfile
+#auth.redis.keyfile = path/to/your/keyfile
+