Merge pull request #6059 from tigercl/fix/ssl

fix(ssl): fix API returns the certificate file name instead of the certificate content

apps/emqx/src/emqx_authentication_config.erl

@@ -107,29 +107,29 @@ do_pre_config_update({move_authenticator, _ChainName, AuthenticatorID, Position}
 post_config_update(_, UpdateReq, NewConfig, OldConfig, AppEnvs) ->
     do_post_config_update(UpdateReq, check_configs(to_list(NewConfig)), OldConfig, AppEnvs).
 
-do_post_config_update({create_authenticator, ChainName, Config}, _NewConfig, _OldConfig, _AppEnvs) ->
+do_post_config_update({create_authenticator, ChainName, Config}, NewConfig, _OldConfig, _AppEnvs) ->
-    NConfig = check_config(Config),
+    NConfig = get_authenticator_config(authenticator_id(Config), NewConfig),
     _ = emqx_authentication:create_chain(ChainName),
     emqx_authentication:create_authenticator(ChainName, NConfig);
 do_post_config_update({delete_authenticator, ChainName, AuthenticatorID}, _NewConfig, OldConfig, _AppEnvs) ->
     case emqx_authentication:delete_authenticator(ChainName, AuthenticatorID) of
         ok ->
-            [Config] = [Config0 || Config0 <- to_list(OldConfig), AuthenticatorID == authenticator_id(Config0)],
+            Config = get_authenticator_config(AuthenticatorID, to_list(OldConfig)),
             CertsDir = certs_dir(ChainName, AuthenticatorID),
             ok = clear_certs(CertsDir, Config);
         {error, Reason} ->
             {error, Reason}
     end;
-do_post_config_update({update_authenticator, ChainName, AuthenticatorID, Config}, _NewConfig, _OldConfig, _AppEnvs) ->
+do_post_config_update({update_authenticator, ChainName, AuthenticatorID, Config}, NewConfig, _OldConfig, _AppEnvs) ->
-    NConfig = check_config(Config),
+    case get_authenticator_config(authenticator_id(Config), NewConfig) of
-    emqx_authentication:update_authenticator(ChainName, AuthenticatorID, NConfig);
+        {error, not_found} ->
+            {error, {not_found, {authenticator, AuthenticatorID}}};
+        NConfig ->
+            emqx_authentication:update_authenticator(ChainName, AuthenticatorID, NConfig)
+    end;
 do_post_config_update({move_authenticator, ChainName, AuthenticatorID, Position}, _NewConfig, _OldConfig, _AppEnvs) ->
     emqx_authentication:move_authenticator(ChainName, AuthenticatorID, Position).
 
-check_config(Config) ->
-    [Checked] = check_configs([Config]),
-    Checked.
-
 check_configs(Configs) ->
     Providers = emqx_authentication:get_providers(),
     lists:map(fun(C) -> do_check_conifg(C, Providers) end, Configs).
@@ -208,6 +208,12 @@ clear_certs(CertsDir, Config) ->
     OldSSL = maps:get(<<"ssl">>, Config, undefined),
     ok = emqx_tls_lib:delete_ssl_files(CertsDir, undefined, OldSSL).
 
+get_authenticator_config(AuthenticatorID, AuthenticatorsConfig) ->
+    case [C0 || C0 <- AuthenticatorsConfig, AuthenticatorID == authenticator_id(C0)] of
+        [C | _] -> C;
+        [] -> {error, not_found}
+    end.
+
 split_by_id(ID, AuthenticatorsConfig) ->
     case lists:foldl(
              fun(C, {P1, P2, F0}) ->

apps/emqx_authn/src/emqx_authn_api.erl

@@ -857,7 +857,7 @@ fill_defaults(Configs) when is_list(Configs) ->
 fill_defaults(Config) ->
     emqx_authn:check_config(Config, #{only_fill_defaults => true}).
 
-convert_certs(#{<<"ssl">> := SSLOpts} = Config) ->
+convert_certs(#{ssl := SSLOpts} = Config) ->
     NSSLOpts = lists:foldl(fun(K, Acc) ->
                                case maps:get(K, Acc, undefined) of
                                    undefined -> Acc;
@@ -865,8 +865,8 @@ convert_certs(#{<<"ssl">> := SSLOpts} = Config) ->
                                        {ok, Bin} = file:read_file(Filename),
                                        Acc#{K => Bin}
                                end
-                           end, SSLOpts, [<<"certfile">>, <<"keyfile">>, <<"cacertfile">>]),
+                           end, SSLOpts, [certfile, keyfile, cacertfile]),
-    Config#{<<"ssl">> => NSSLOpts};
+    Config#{ssl => NSSLOpts};
 convert_certs(Config) ->
     Config.