yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12085 from zmstone/1201-otp-26-in-ci 

ci: upgrade to otp 26
This commit is contained in:
Zaiming (Stone) Shi 2023-12-15 10:23:39 +01:00 committed by GitHub
parent bcae3d67c7 1b8d2304cb
commit 7ad2acb337
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 256 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/docker-compose-file/docker-compose-kafka.yaml
View File

@ -18,7 +18,7 @@ services:
- /tmp/emqx-ci/emqx-shared-secret:/var/lib/secret - /tmp/emqx-ci/emqx-shared-secret:/var/lib/secret
kdc: kdc:
hostname: kdc.emqx.net hostname: kdc.emqx.net
image: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04 image: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04
container_name: kdc.emqx.net container_name: kdc.emqx.net
expose: expose:
- 88 # kdc - 88 # kdc

2
.ci/docker-compose-file/docker-compose.yaml
View File

@ -3,7 +3,7 @@ version: '3.9'
services: services:
erlang: erlang:
container_name: erlang container_name: erlang
image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04} image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04}
env_file: env_file:
- credentials.env - credentials.env
- conf.env - conf.env

2
.github/actions/package-macos/action.yaml vendored
View File

@ -3,7 +3,7 @@ inputs:
profile: # emqx, emqx-enterprise profile: # emqx, emqx-enterprise
required: true required: true
type: string type: string
otp: # 25.3.2-2 otp:
required: true required: true
type: string type: string
os: os:

22
.github/workflows/_pr_entrypoint.yaml vendored
View File

@ -17,17 +17,17 @@ env:
jobs: jobs:
sanity-checks: sanity-checks:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
container: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04" container: "ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04"
outputs: outputs:
ct-matrix: ${{ steps.matrix.outputs.ct-matrix }} ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
ct-host: ${{ steps.matrix.outputs.ct-host }} ct-host: ${{ steps.matrix.outputs.ct-host }}
ct-docker: ${{ steps.matrix.outputs.ct-docker }} ct-docker: ${{ steps.matrix.outputs.ct-docker }}
version-emqx: ${{ steps.matrix.outputs.version-emqx }} version-emqx: ${{ steps.matrix.outputs.version-emqx }}
version-emqx-enterprise: ${{ steps.matrix.outputs.version-emqx-enterprise }} version-emqx-enterprise: ${{ steps.matrix.outputs.version-emqx-enterprise }}
builder: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04" builder: "ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04"
builder_vsn: "5.2-3" builder_vsn: "5.2-8"
otp_vsn: "25.3.2-2" otp_vsn: "26.1.2-2"
elixir_vsn: "1.14.5" elixir_vsn: "1.15.7"
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -92,14 +92,14 @@ jobs:
MATRIX="$(echo "${APPS}" | jq -c ' MATRIX="$(echo "${APPS}" | jq -c '
[ [
(.[] | select(.profile == "emqx") | . + { (.[] | select(.profile == "emqx") | . + {
builder: "5.2-3", builder: "5.2-8",
otp: "25.3.2-2", otp: "26.1.2-2",
elixir: "1.14.5" elixir: "1.15.7"
}), }),
(.[] | select(.profile == "emqx-enterprise") | . + { (.[] | select(.profile == "emqx-enterprise") | . + {
builder: "5.2-3", builder: "5.2-8",
otp: ["25.3.2-2"][], otp: ["26.1.2-2"][],
elixir: "1.14.5" elixir: "1.15.7"
}) })
] ]
')" ')"

22
.github/workflows/_push-entrypoint.yaml vendored
View File

@ -20,7 +20,7 @@ env:
jobs: jobs:
prepare: prepare:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
container: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' container: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04'
outputs: outputs:
profile: ${{ steps.parse-git-ref.outputs.profile }} profile: ${{ steps.parse-git-ref.outputs.profile }}
release: ${{ steps.parse-git-ref.outputs.release }} release: ${{ steps.parse-git-ref.outputs.release }}
@ -29,10 +29,10 @@ jobs:
ct-matrix: ${{ steps.matrix.outputs.ct-matrix }} ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
ct-host: ${{ steps.matrix.outputs.ct-host }} ct-host: ${{ steps.matrix.outputs.ct-host }}
ct-docker: ${{ steps.matrix.outputs.ct-docker }} ct-docker: ${{ steps.matrix.outputs.ct-docker }}
builder: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' builder: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04'
builder_vsn: '5.2-3' builder_vsn: '5.2-8'
otp_vsn: '25.3.2-2' otp_vsn: '26.1.2-2'
elixir_vsn: '1.14.5' elixir_vsn: '1.15.7'
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -62,14 +62,14 @@ jobs:
MATRIX="$(echo "${APPS}" | jq -c ' MATRIX="$(echo "${APPS}" | jq -c '
[ [
(.[] | select(.profile == "emqx") | . + { (.[] | select(.profile == "emqx") | . + {
builder: "5.2-3", builder: "5.2-8",
otp: "25.3.2-2", otp: "26.1.2-2",
elixir: "1.14.5" elixir: "1.15.7"
}), }),
(.[] | select(.profile == "emqx-enterprise") | . + { (.[] | select(.profile == "emqx-enterprise") | . + {
builder: "5.2-3", builder: "5.2-8",
otp: ["25.3.2-2"][], otp: ["26.1.2-2"][],
elixir: "1.14.5" elixir: "1.15.7"
}) })
] ]
')" ')"

6
.github/workflows/build_and_push_docker_images.yaml vendored
View File

@ -58,15 +58,15 @@ on:
otp_vsn: otp_vsn:
required: false required: false
type: string type: string
default: '25.3.2-2' default: '26.1.2-2'
elixir_vsn: elixir_vsn:
required: false required: false
type: string type: string
default: '1.14.5' default: '1.15.7'
builder_vsn: builder_vsn:
required: false required: false
type: string type: string
default: '5.2-3' default: '5.2-8'
permissions: permissions:
contents: read contents: read

6
.github/workflows/build_packages.yaml vendored
View File

@ -54,15 +54,15 @@ on:
otp_vsn: otp_vsn:
required: false required: false
type: string type: string
default: '25.3.2-2' default: '26.1.2-2'
elixir_vsn: elixir_vsn:
required: false required: false
type: string type: string
default: '1.14.5' default: '1.15.7'
builder_vsn: builder_vsn:
required: false required: false
type: string type: string
default: '5.2-3' default: '5.2-8'
jobs: jobs:
mac: mac:

10
.github/workflows/build_packages_cron.yaml vendored
View File

@ -14,7 +14,7 @@ jobs:
if: github.repository_owner == 'emqx' if: github.repository_owner == 'emqx'
runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }} runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
container: container:
image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}" image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}-${{ matrix.os }}"
strategy: strategy:
fail-fast: false fail-fast: false
@ -22,8 +22,6 @@ jobs:
profile: profile:
- ['emqx', 'master'] - ['emqx', 'master']
- ['emqx-enterprise', 'release-54'] - ['emqx-enterprise', 'release-54']
otp:
- 25.3.2-2
arch: arch:
- x64 - x64
os: os:
@ -31,9 +29,7 @@ jobs:
- ubuntu22.04 - ubuntu22.04
- amzn2023 - amzn2023
builder: builder:
- 5.2-3 - 5.2-8:1.15.7-26.1.2-2
elixir:
- 1.14.5
defaults: defaults:
run: run:
@ -98,7 +94,7 @@ jobs:
branch: branch:
- master - master
otp: otp:
- 25.3.2-2 - 26.1.2-2
os: os:
- macos-12-arm64 - macos-12-arm64

12
.github/workflows/build_slim_packages.yaml vendored
View File

@ -27,19 +27,19 @@ on:
builder: builder:
required: false required: false
type: string type: string
default: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' default: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04'
builder_vsn: builder_vsn:
required: false required: false
type: string type: string
default: '5.2-3' default: '5.2-8'
otp_vsn: otp_vsn:
required: false required: false
type: string type: string
default: '25.3.2-2' default: '26.1.2-2'
elixir_vsn: elixir_vsn:
required: false required: false
type: string type: string
default: '1.14.5' default: '1.15.7'
jobs: jobs:
linux: linux:
@ -51,8 +51,8 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
profile: profile:
- ["emqx", "25.3.2-2", "ubuntu20.04", "elixir"] - ["emqx", "26.1.2-2", "ubuntu20.04", "elixir"]
- ["emqx-enterprise", "25.3.2-2", "ubuntu20.04", "erlang"] - ["emqx-enterprise", "26.1.2-2", "ubuntu20.04", "erlang"]
container: "ghcr.io/emqx/emqx-builder/${{ inputs.builder_vsn }}:${{ inputs.elixir_vsn }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}" container: "ghcr.io/emqx/emqx-builder/${{ inputs.builder_vsn }}:${{ inputs.elixir_vsn }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"

2
.github/workflows/codeql.yaml vendored
View File

@ -20,7 +20,7 @@ jobs:
actions: read actions: read
security-events: write security-events: write
container: container:
image: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04 image: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04
strategy: strategy:
fail-fast: false fail-fast: false

2
.github/workflows/performance_test.yaml vendored
View File

@ -26,7 +26,7 @@ jobs:
prepare: prepare:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository_owner == 'emqx' if: github.repository_owner == 'emqx'
container: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu20.04 container: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu20.04
outputs: outputs:
BENCH_ID: ${{ steps.prepare.outputs.BENCH_ID }} BENCH_ID: ${{ steps.prepare.outputs.BENCH_ID }}
PACKAGE_FILE: ${{ steps.package_file.outputs.PACKAGE_FILE }} PACKAGE_FILE: ${{ steps.package_file.outputs.PACKAGE_FILE }}

2
.github/workflows/run_relup_tests.yaml vendored
View File

@ -74,7 +74,7 @@ jobs:
steps: steps:
- uses: erlef/setup-beam@v1.16.0 - uses: erlef/setup-beam@v1.16.0
with: with:
otp-version: 25.3.2 otp-version: 26.1.2
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: hawk/lux repository: hawk/lux

2
.tool-versions
View File

@ -1,2 +1,2 @@
erlang 26.1.2-1 erlang 26.1.2-2
elixir 1.15.7-otp-26 elixir 1.15.7-otp-26

4
Makefile
View File

@ -7,7 +7,7 @@ REBAR = $(CURDIR)/rebar3
BUILD = $(CURDIR)/build BUILD = $(CURDIR)/build
SCRIPTS = $(CURDIR)/scripts SCRIPTS = $(CURDIR)/scripts
export EMQX_RELUP ?= true export EMQX_RELUP ?= true
export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11
export EMQX_DEFAULT_RUNNER = public.ecr.aws/debian/debian:11-slim export EMQX_DEFAULT_RUNNER = public.ecr.aws/debian/debian:11-slim
export EMQX_REL_FORM ?= tgz export EMQX_REL_FORM ?= tgz
export QUICER_DOWNLOAD_FROM_RELEASE = 1 export QUICER_DOWNLOAD_FROM_RELEASE = 1
@ -102,7 +102,7 @@ endif
# Allow user-set GROUPS environment variable # Allow user-set GROUPS environment variable
ifneq ($(GROUPS),) ifneq ($(GROUPS),)
GROUPS_ARG := --groups $(GROUPS) GROUPS_ARG := --group $(GROUPS)
endif endif
ifeq ($(ENABLE_COVER_COMPILE),1) ifeq ($(ENABLE_COVER_COMPILE),1)

4
README-RU.md
View File

@ -83,7 +83,9 @@ docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8084:8084 -p
Ветка `master` предназначена для последней версии 5, переключитесь на ветку `main-v4.4` для версии 4.4. Ветка `master` предназначена для последней версии 5, переключитесь на ветку `main-v4.4` для версии 4.4.
EMQX требует OTP 24 для версии 4.4. Версию 5.0 можно собирать с OTP 24 или 25. EMQX требует OTP 24 для версии 4.4.
Версии 5.0 ~ 5.3 могут быть собраны с OTP 24 или 25.
Версия 5.4 и новее могут быть собраны с OTP 25 или 26.
```bash ```bash
git clone https://github.com/emqx/emqx.git git clone https://github.com/emqx/emqx.git

4
README.md
View File

@ -95,7 +95,9 @@ For more organised improvement proposals, you can send pull requests to [EIP](ht
The `master` branch tracks the latest version 5. For version 4.4 checkout the `main-v4.4` branch. The `master` branch tracks the latest version 5. For version 4.4 checkout the `main-v4.4` branch.
EMQX 4.4 requires OTP 24. EMQX 5.0 and 5.1 can be built with OTP 24 or 25. EMQX 4.4 requires OTP 24.
EMQX 5.0 ~ 5.3 can be built with OTP 24 or 25.
EMQX 5.4 and newer can be built with OTP 24 or 25.
```bash ```bash
git clone https://github.com/emqx/emqx.git git clone https://github.com/emqx/emqx.git

2
apps/emqx/integration_test/emqx_persistent_session_ds_SUITE.erl
View File

@ -516,7 +516,7 @@ do_t_session_expiration(_Config, Opts) ->
t_session_gc(Config) -> t_session_gc(Config) ->
GCInterval = ?config(gc_interval, Config), GCInterval = ?config(gc_interval, Config),
[Node1, Node2, Node3] = Nodes = ?config(nodes, Config), [Node1, Node2, _Node3] = Nodes = ?config(nodes, Config),
CoreNodes = [Node1, Node2], CoreNodes = [Node1, Node2],
[ [
Port1, Port1,

2
apps/emqx/rebar.config
View File

@ -66,7 +66,7 @@
{plt_location, "."}, {plt_location, "."},
{plt_prefix, "emqx_dialyzer"}, {plt_prefix, "emqx_dialyzer"},
{plt_apps, all_apps}, {plt_apps, all_apps},
{plt_extra_apps, [hocon]}, {plt_extra_apps, [hocon,mnesia,bcrypt,os_mon,pbkdf2,emqx_http_lib, recon]},
{statistics, true} {statistics, true}
]}. ]}.

8
apps/emqx/src/emqx_session.erl
View File

@ -175,19 +175,11 @@
%% Behaviour %% Behaviour
%% ------------------------------------------------------------------- %% -------------------------------------------------------------------
-if(?OTP_RELEASE < 26).
-callback create(clientinfo(), conninfo(), conf()) ->
term().
-callback open(clientinfo(), conninfo(), conf()) ->
term().
-callback destroy(t() | clientinfo()) -> ok.
-else.
-callback create(clientinfo(), conninfo(), conf()) -> -callback create(clientinfo(), conninfo(), conf()) ->
t(). t().
-callback open(clientinfo(), conninfo(), conf()) -> -callback open(clientinfo(), conninfo(), conf()) ->
{_IsPresent :: true, t(), _ReplayContext} | false. {_IsPresent :: true, t(), _ReplayContext} | false.
-callback destroy(t() | clientinfo()) -> ok. -callback destroy(t() | clientinfo()) -> ok.
-endif.
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Create a Session %% Create a Session

2
apps/emqx/test/emqx_broker_SUITE.erl
View File

@ -94,7 +94,7 @@ init_per_group(quic, Config) ->
[ [
{conn_fun, quic_connect}, {conn_fun, quic_connect},
{port, emqx_config:get([listeners, quic, test, bind])}, {port, emqx_config:get([listeners, quic, test, bind])},
{ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, {ssl_opts, emqx_common_test_helpers:client_mtls()},
{ssl, true}, {ssl, true},
{group_apps, Apps} {group_apps, Apps}
| Config | Config

4
apps/emqx/test/emqx_client_SUITE.erl
View File

@ -395,7 +395,7 @@ t_peercert_preserved_before_connected(_) ->
?HP_HIGHEST ?HP_HIGHEST
), ),
ClientId = atom_to_binary(?FUNCTION_NAME), ClientId = atom_to_binary(?FUNCTION_NAME),
SslConf = emqx_common_test_helpers:client_ssl_twoway(default), SslConf = emqx_common_test_helpers:client_mtls(default),
{ok, Client} = emqtt:start_link([ {ok, Client} = emqtt:start_link([
{port, 8883}, {port, 8883},
{clientid, ClientId}, {clientid, ClientId},
@ -455,7 +455,7 @@ tls_certcn_as_clientid(TLSVsn) ->
tls_certcn_as_clientid(TLSVsn, RequiredTLSVsn) -> tls_certcn_as_clientid(TLSVsn, RequiredTLSVsn) ->
CN = <<"Client">>, CN = <<"Client">>,
emqx_config:put_zone_conf(default, [mqtt, peer_cert_as_clientid], cn), emqx_config:put_zone_conf(default, [mqtt, peer_cert_as_clientid], cn),
SslConf = emqx_common_test_helpers:client_ssl_twoway(TLSVsn), SslConf = emqx_common_test_helpers:client_mtls(TLSVsn),
{ok, Client} = emqtt:start_link([{port, 8883}, {ssl, true}, {ssl_opts, SslConf}]), {ok, Client} = emqtt:start_link([{port, 8883}, {ssl, true}, {ssl_opts, SslConf}]),
{ok, _} = emqtt:connect(Client), {ok, _} = emqtt:connect(Client),
#{clientinfo := #{clientid := CN}} = emqx_cm:get_chan_info(CN), #{clientinfo := #{clientid := CN}} = emqx_cm:get_chan_info(CN),

35
apps/emqx/test/emqx_common_test_helpers.erl
View File

@ -48,8 +48,10 @@
-export([ -export([
client_ssl/0, client_ssl/0,
client_ssl/1, client_ssl/1,
client_ssl_twoway/0, client_mtls/0,
client_ssl_twoway/1, client_mtls/1,
ssl_verify_fun_allow_any_host/0,
ssl_verify_fun_allow_any_host_impl/3,
ensure_mnesia_stopped/0, ensure_mnesia_stopped/0,
ensure_quic_listener/2, ensure_quic_listener/2,
ensure_quic_listener/3, ensure_quic_listener/3,
@ -430,11 +432,11 @@ flush(Msgs) ->
after 0 -> lists:reverse(Msgs) after 0 -> lists:reverse(Msgs)
end. end.
client_ssl_twoway() -> client_mtls() ->
client_ssl_twoway(default). client_mtls(default).
client_ssl_twoway(TLSVsn) -> client_mtls(TLSVsn) ->
client_certs() ++ ciphers(TLSVsn). ssl_verify_fun_allow_any_host() ++ client_certs() ++ ciphers(TLSVsn).
%% Paths prepended to cert filenames %% Paths prepended to cert filenames
client_certs() -> client_certs() ->
@ -1421,3 +1423,24 @@ group_path(Config) ->
_:_ -> _:_ ->
[] []
end. end.
%% almost verify_none equivalent, but only ignores 'hostname_check_failed'
ssl_verify_fun_allow_any_host_impl(_Cert, Event, State) ->
case Event of
valid ->
{valid, State};
valid_peer ->
{valid, State};
{bad_cert, hostname_check_failed} ->
{valid, State};
{bad_cert, _} ->
{fail, Event};
{extension, _} ->
{unknown, State}
end.
ssl_verify_fun_allow_any_host() ->
[
{verify, verify_peer},
{verify_fun, {fun ?MODULE:ssl_verify_fun_allow_any_host_impl/3, _State = #{}}}
].

30
apps/emqx/test/emqx_crl_cache_SUITE.erl
View File

@ -387,7 +387,8 @@ assert_successful_connection(Config, ClientNum) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -601,7 +602,8 @@ t_cache(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -619,7 +621,8 @@ t_cache(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -829,7 +832,8 @@ t_filled_cache(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -853,7 +857,8 @@ t_not_cached_and_unreachable(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -871,7 +876,8 @@ t_revoked(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -893,7 +899,8 @@ t_revoke_then_refresh(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -916,7 +923,8 @@ t_revoke_then_refresh(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -961,7 +969,8 @@ do_t_update_listener(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),
@ -999,7 +1008,8 @@ do_t_update_listener(Config) ->
{ssl, true}, {ssl, true},
{ssl_opts, [ {ssl_opts, [
{certfile, ClientCert}, {certfile, ClientCert},
{keyfile, ClientKey} {keyfile, ClientKey},
{verify, verify_none}
]}, ]},
{port, 8883} {port, 8883}
]), ]),

6
apps/emqx/test/emqx_ocsp_cache_SUITE.erl
View File

@ -915,10 +915,8 @@ do_t_validations(_Config) ->
#{<<"code">> := <<"BAD_REQUEST">>, <<"message">> := MsgRaw3} = #{<<"code">> := <<"BAD_REQUEST">>, <<"message">> := MsgRaw3} =
emqx_utils_json:decode(ResRaw3, [return_maps]), emqx_utils_json:decode(ResRaw3, [return_maps]),
%% we can't remove certfile now, because it has default value. %% we can't remove certfile now, because it has default value.
?assertMatch( ?assertMatch({match, _}, re:run(MsgRaw3, <<"enoent">>)),
<<"{bad_ssl_config,#{file_read => enoent,pem_check => invalid_pem", _/binary>>, ?assertMatch({match, _}, re:run(MsgRaw3, <<"invalid_pem">>)),
MsgRaw3
),
ok. ok.
t_unknown_error_fetching_ocsp_response(_Config) -> t_unknown_error_fetching_ocsp_response(_Config) ->

2
apps/emqx/test/emqx_persistent_session_SUITE.erl
View File

@ -115,7 +115,7 @@ init_per_group(quic, Config) ->
[ [
{port, get_listener_port(quic, test)}, {port, get_listener_port(quic, test)},
{conn_fun, quic_connect}, {conn_fun, quic_connect},
{ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, {ssl_opts, emqx_common_test_helpers:client_mtls()},
{ssl, true}, {ssl, true},
{group_apps, Apps} {group_apps, Apps}
| Config | Config

15
apps/emqx/test/emqx_shared_sub_SUITE.erl
View File

@ -739,11 +739,16 @@ t_qos1_random_dispatch_if_all_members_are_down(Config) when is_list(Config) ->
?assert(is_process_alive(Pid2)), ?assert(is_process_alive(Pid2)),
{ok, _} = emqtt:publish(ConnPub, Topic, <<"hello11">>, 1), {ok, _} = emqtt:publish(ConnPub, Topic, <<"hello11">>, 1),
ct:sleep(100), ?retry(
Msgs1 = emqx_mqueue:to_list(get_mqueue(Pid1)), 100,
Msgs2 = emqx_mqueue:to_list(get_mqueue(Pid2)), 10,
%% assert the message is in mqueue (because socket is closed) begin
?assertMatch([#message{payload = <<"hello11">>}], Msgs1 ++ Msgs2), Msgs1 = emqx_mqueue:to_list(get_mqueue(Pid1)),
Msgs2 = emqx_mqueue:to_list(get_mqueue(Pid2)),
%% assert the message is in mqueue (because socket is closed)
?assertMatch([#message{payload = <<"hello11">>}], Msgs1 ++ Msgs2)
end
),
emqtt:stop(ConnPub), emqtt:stop(ConnPub),
ok. ok.

2
apps/emqx_bridge_dynamo/rebar.config
View File

@ -1,6 +1,6 @@
%% -*- mode: erlang; -*- %% -*- mode: erlang; -*-
{erl_opts, [debug_info]}. {erl_opts, [debug_info]}.
{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}} {deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}}
, {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_connector, {path, "../../apps/emqx_connector"}}
, {emqx_resource, {path, "../../apps/emqx_resource"}} , {emqx_resource, {path, "../../apps/emqx_resource"}}
, {emqx_bridge, {path, "../../apps/emqx_bridge"}} , {emqx_bridge, {path, "../../apps/emqx_bridge"}}

4
apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
View File

@ -205,7 +205,9 @@ on_start(
http -> http ->
{tcp, []}; {tcp, []};
https -> https ->
SSLOpts = emqx_tls_lib:to_client_opts(maps:get(ssl, Config)), SSLConf = maps:get(ssl, Config),
%% force enable ssl
SSLOpts = emqx_tls_lib:to_client_opts(SSLConf#{enable => true}),
{tls, SSLOpts} {tls, SSLOpts}
end, end,
NTransportOpts = emqx_utils:ipv6_probe(TransportOpts), NTransportOpts = emqx_utils:ipv6_probe(TransportOpts),

10
apps/emqx_bridge_influxdb/test/emqx_bridge_influxdb_connector_SUITE.erl
View File

@ -124,7 +124,7 @@ perform_lifecycle_check(PoolName, InitialConfig) ->
?assertEqual({error, not_found}, emqx_resource:get_instance(PoolName)). ?assertEqual({error, not_found}, emqx_resource:get_instance(PoolName)).
t_tls_verify_none(Config) -> t_tls_verify_none(Config) ->
PoolName = <<"emqx_bridge_influxdb_connector_SUITE">>, PoolName = <<"testpool-1">>,
Host = ?config(influxdb_tls_host, Config), Host = ?config(influxdb_tls_host, Config),
Port = ?config(influxdb_tls_port, Config), Port = ?config(influxdb_tls_port, Config),
InitialConfig = influxdb_config(Host, Port, true, <<"verify_none">>), InitialConfig = influxdb_config(Host, Port, true, <<"verify_none">>),
@ -135,7 +135,7 @@ t_tls_verify_none(Config) ->
ok. ok.
t_tls_verify_peer(Config) -> t_tls_verify_peer(Config) ->
PoolName = <<"emqx_bridge_influxdb_connector_SUITE">>, PoolName = <<"testpool-2">>,
Host = ?config(influxdb_tls_host, Config), Host = ?config(influxdb_tls_host, Config),
Port = ?config(influxdb_tls_port, Config), Port = ?config(influxdb_tls_port, Config),
InitialConfig = influxdb_config(Host, Port, true, <<"verify_peer">>), InitialConfig = influxdb_config(Host, Port, true, <<"verify_peer">>),
@ -157,7 +157,11 @@ perform_tls_opts_check(PoolName, InitialConfig, VerifyReturn) ->
to_client_opts, to_client_opts,
fun(Opts) -> fun(Opts) ->
Verify = {verify_fun, {custom_verify(), {return, VerifyReturn}}}, Verify = {verify_fun, {custom_verify(), {return, VerifyReturn}}},
[Verify | meck:passthrough([Opts])] [
Verify,
{cacerts, public_key:cacerts_get()}
| meck:passthrough([Opts])
]
end end
), ),
try try

2
apps/emqx_bridge_kinesis/rebar.config
View File

@ -1,6 +1,6 @@
%% -*- mode: erlang; -*- %% -*- mode: erlang; -*-
{erl_opts, [debug_info]}. {erl_opts, [debug_info]}.
{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}} {deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}}
, {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_connector, {path, "../../apps/emqx_connector"}}
, {emqx_resource, {path, "../../apps/emqx_resource"}} , {emqx_resource, {path, "../../apps/emqx_resource"}}
, {emqx_bridge, {path, "../../apps/emqx_bridge"}} , {emqx_bridge, {path, "../../apps/emqx_bridge"}}

13
apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl
View File

@ -230,19 +230,18 @@ t_conf_bridge_authn_passfile(Config) ->
?assertReceive( ?assertReceive(
{authenticate, #{username := Username2, password := Password2}} {authenticate, #{username := Username2, password := Password2}}
), ),
?assertMatch( {ok, 201, #{
{ok, 201, #{ <<"status">> := <<"disconnected">>,
<<"status">> := <<"disconnected">>, <<"status_reason">> := Reason
<<"status_reason">> := <<"#{msg => failed_to_read_secret_file", _/bytes>> }} =
}},
request_json( request_json(
post, post,
uri(["bridges"]), uri(["bridges"]),
?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{ ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{
<<"name">> => <<"t_conf_bridge_authn_no_passfile">> <<"name">> => <<"t_conf_bridge_authn_no_passfile">>
} }
) ),
). ?assertMatch({match, _}, re:run(Reason, <<"failed_to_read_secret_file">>)).
hook_authenticate() -> hook_authenticate() ->
emqx_hooks:add('client.authenticate', {?MODULE, authenticate, [self()]}, ?HP_HIGHEST). emqx_hooks:add('client.authenticate', {?MODULE, authenticate, [self()]}, ?HP_HIGHEST).

16
apps/emqx_bridge_pulsar/test/emqx_bridge_pulsar_impl_producer_SUITE.erl
View File

@ -385,7 +385,6 @@ start_consumer(TestCase, Config) ->
<<Scheme/binary, (list_to_binary(PulsarHost))/binary, ":", <<Scheme/binary, (list_to_binary(PulsarHost))/binary, ":",
(integer_to_binary(PulsarPort))/binary>> (integer_to_binary(PulsarPort))/binary>>
), ),
ConnOpts = #{},
ConsumerClientId = list_to_atom( ConsumerClientId = list_to_atom(
atom_to_list(TestCase) ++ integer_to_list(erlang:unique_integer()) atom_to_list(TestCase) ++ integer_to_list(erlang:unique_integer())
), ),
@ -396,15 +395,9 @@ start_consumer(TestCase, Config) ->
certfile => filename:join([CertsPath, "cert.pem"]), certfile => filename:join([CertsPath, "cert.pem"]),
cacertfile => filename:join([CertsPath, "cacert.pem"]) cacertfile => filename:join([CertsPath, "cacert.pem"])
}, },
{ok, _ClientPid} = pulsar:ensure_supervised_client( Opts = #{enable_ssl => UseTLS, ssl_opts => emqx_tls_lib:to_client_opts(SSLOpts)},
ConsumerClientId, {ok, _ClientPid} = pulsar:ensure_supervised_client(ConsumerClientId, [URL], Opts),
[URL], ConsumerOpts = Opts#{
#{
conn_opts => ConnOpts,
ssl_opts => emqx_tls_lib:to_client_opts(SSLOpts)
}
),
ConsumerOpts = #{
cb_init_args => #{send_to => self()}, cb_init_args => #{send_to => self()},
cb_module => pulsar_echo_consumer, cb_module => pulsar_echo_consumer,
sub_type => 'Shared', sub_type => 'Shared',
@ -414,8 +407,7 @@ start_consumer(TestCase, Config) ->
%% id, or else weird bugs will happen, like the %% id, or else weird bugs will happen, like the
%% consumer never starts... %% consumer never starts...
name => list_to_atom("test_consumer" ++ integer_to_list(erlang:unique_integer())), name => list_to_atom("test_consumer" ++ integer_to_list(erlang:unique_integer())),
consumer_id => 1, consumer_id => 1
conn_opts => ConnOpts
}, },
{ok, Consumer} = pulsar:ensure_supervised_consumers( {ok, Consumer} = pulsar:ensure_supervised_consumers(
ConsumerClientId, ConsumerClientId,

6
apps/emqx_bridge_rabbitmq/rebar.config
View File

@ -4,7 +4,7 @@
%% The following two are dependencies of rabbit_common %% The following two are dependencies of rabbit_common
{thoas, {git, "https://github.com/emqx/thoas.git", {tag, "v1.0.0"}}} {thoas, {git, "https://github.com/emqx/thoas.git", {tag, "v1.0.0"}}}
, {credentials_obfuscation, {git, "https://github.com/emqx/credentials-obfuscation.git", {tag, "v3.2.0"}}} , {credentials_obfuscation, {git, "https://github.com/emqx/credentials-obfuscation.git", {tag, "v3.2.0"}}}
%% The v3.11.13_with_app_src tag, employed in the next two dependencies, %% The v3.11.13.2 (v3.11.13_with_app_src branch), employed in the next two dependencies,
%% represents a fork of the official RabbitMQ v3.11.13 tag. This fork diverges %% represents a fork of the official RabbitMQ v3.11.13 tag. This fork diverges
%% from the official version as it includes app and hrl files %% from the official version as it includes app and hrl files
%% generated by make files in subdirectories deps/rabbit_common and %% generated by make files in subdirectories deps/rabbit_common and
@ -17,11 +17,11 @@
%% packages that we don't have control over. %% packages that we don't have control over.
, {rabbit_common, {git_subdir, , {rabbit_common, {git_subdir,
"https://github.com/emqx/rabbitmq-server.git", "https://github.com/emqx/rabbitmq-server.git",
{tag, "v3.11.13-emqx"}, {tag, "v3.11.13.2"},
"deps/rabbit_common"}} "deps/rabbit_common"}}
, {amqp_client, {git_subdir, , {amqp_client, {git_subdir,
"https://github.com/emqx/rabbitmq-server.git", "https://github.com/emqx/rabbitmq-server.git",
{tag, "v3.11.13-emqx"}, {tag, "v3.11.13.2"},
"deps/amqp_client"}} "deps/amqp_client"}}
, {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_connector, {path, "../../apps/emqx_connector"}}
, {emqx_resource, {path, "../../apps/emqx_resource"}} , {emqx_resource, {path, "../../apps/emqx_resource"}}

19
apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl
View File

@ -308,7 +308,7 @@ t_lookup_badarg(_Config) ->
ok. ok.
t_start_supervised_worker(_Config) -> t_start_supervised_worker(_Config) ->
{ok, _} = emqx_connector_jwt_sup:start_link(), {ok, Sup} = emqx_connector_jwt_sup:start_link(),
Config = #{resource_id := ResourceId, table := TId} = generate_config(), Config = #{resource_id := ResourceId, table := TId} = generate_config(),
{ok, Pid} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), {ok, Pid} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config),
Ref = emqx_connector_jwt_worker:ensure_jwt(Pid), Ref = emqx_connector_jwt_worker:ensure_jwt(Pid),
@ -333,7 +333,7 @@ t_start_supervised_worker(_Config) ->
?assertEqual({error, not_found}, emqx_connector_jwt:lookup_jwt(TId, ResourceId)), ?assertEqual({error, not_found}, emqx_connector_jwt:lookup_jwt(TId, ResourceId)),
%% ensure the specs are removed from the supervision tree. %% ensure the specs are removed from the supervision tree.
?assertEqual([], supervisor:which_children(emqx_connector_jwt_sup)), ?assertEqual([], supervisor:which_children(emqx_connector_jwt_sup)),
ok. ok = stop_jwt_sup(Sup).
t_start_supervised_worker_already_started(_Config) -> t_start_supervised_worker_already_started(_Config) ->
{ok, _} = emqx_connector_jwt_sup:start_link(), {ok, _} = emqx_connector_jwt_sup:start_link(),
@ -344,17 +344,28 @@ t_start_supervised_worker_already_started(_Config) ->
ok. ok.
t_start_supervised_worker_already_present(_Config) -> t_start_supervised_worker_already_present(_Config) ->
{ok, _} = emqx_connector_jwt_sup:start_link(), {ok, Sup} = emqx_connector_jwt_sup:start_link(),
Config = #{resource_id := ResourceId} = generate_config(), Config = #{resource_id := ResourceId} = generate_config(),
{ok, Pid0} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), {ok, Pid0} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config),
Ref = monitor(process, Pid0), Ref = monitor(process, Pid0),
exit(Pid0, kill), exit(Pid0, kill),
receive receive
{'DOWN', Ref, process, Pid0, killed} -> ok {'DOWN', Ref, process, Pid0, killed} -> ok
after 1_000 -> error(worker_didnt_stop)
end, end,
{ok, Pid1} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), {ok, Pid1} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config),
?assertNotEqual(Pid0, Pid1), ?assertNotEqual(Pid0, Pid1),
?assert(is_process_alive(Pid1)),
ok = stop_jwt_sup(Sup).
stop_jwt_sup(Sup) ->
Ref = monitor(process, Sup),
unlink(Sup),
exit(Sup, shutdown),
receive
{'DOWN', Ref, process, Sup, shutdown} -> ok
after 1000 ->
error(timeout)
end,
ok. ok.
t_unknown_requests(_Config) -> t_unknown_requests(_Config) ->

8
apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
View File

@ -261,9 +261,10 @@ request_dashboard(Method, Url, Auth) ->
request_dashboard(Method, Url, QueryParams, Auth) -> request_dashboard(Method, Url, QueryParams, Auth) ->
Request = {Url ++ "?" ++ QueryParams, [Auth]}, Request = {Url ++ "?" ++ QueryParams, [Auth]},
do_request_dashboard(Method, Request). do_request_dashboard(Method, Request).
do_request_dashboard(Method, Request) ->
do_request_dashboard(Method, {Url, _} = Request) ->
ct:pal("Method: ~p, Request: ~p", [Method, Request]), ct:pal("Method: ~p, Request: ~p", [Method, Request]),
case httpc:request(Method, Request, [], []) of case httpc:request(Method, Request, maybe_ssl(Url), []) of
{error, socket_closed_remotely} -> {error, socket_closed_remotely} ->
{error, socket_closed_remotely}; {error, socket_closed_remotely};
{ok, {{"HTTP/1.1", Code, _}, _Headers, Return}} when {ok, {{"HTTP/1.1", Code, _}, _Headers, Return}} when
@ -276,6 +277,9 @@ do_request_dashboard(Method, Request) ->
{error, Reason} {error, Reason}
end. end.
maybe_ssl("http://" ++ _) -> [];
maybe_ssl("https://" ++ _) -> [{ssl, [{verify, verify_none}]}].
auth_header_() -> auth_header_() ->
auth_header_(<<"admin">>, <<"public">>). auth_header_(<<"admin">>, <<"public">>).

38
apps/emqx_dashboard/test/emqx_dashboard_https_SUITE.erl
View File

@ -198,8 +198,25 @@ t_verify_cacertfile(_Config) ->
VerifyPeerConf1, VerifyPeerConf1,
naive_env_interpolation(<<"${EMQX_ETC_DIR}/certs/cacert.pem">>) naive_env_interpolation(<<"${EMQX_ETC_DIR}/certs/cacert.pem">>)
), ),
validate_https(VerifyPeerConf2, MaxConnection, DefaultSSLCert, verify_peer), %% we always test client with verify_none and no client cert is sent
ok. %% since the server is configured with verify_peer
%% hence the expected observation on the client side is an error
ErrorReason =
try
validate_https(VerifyPeerConf2, MaxConnection, DefaultSSLCert, verify_peer)
catch
error:{https_client_error, Reason} ->
Reason
end,
%% There seems to be a race-condition causing the return value to vary a bit
case ErrorReason of
socket_closed_remotely ->
ok;
{ssl_error, _SslSock, {tls_alert, {certificate_required, _}}} ->
ok;
Other ->
throw({unexpected, Other})
end.
t_bad_certfile(_Config) -> t_bad_certfile(_Config) ->
Conf = #{ Conf = #{
@ -219,9 +236,12 @@ t_bad_certfile(_Config) ->
validate_https(Conf, MaxConnection, SSLCert, Verify) -> validate_https(Conf, MaxConnection, SSLCert, Verify) ->
emqx_common_test_helpers:load_config(emqx_dashboard_schema, Conf), emqx_common_test_helpers:load_config(emqx_dashboard_schema, Conf),
emqx_mgmt_api_test_util:init_suite([emqx_management], fun(X) -> X end), emqx_mgmt_api_test_util:init_suite([emqx_management], fun(X) -> X end),
assert_ranch_options(MaxConnection, SSLCert, Verify), try
assert_https_request(), assert_ranch_options(MaxConnection, SSLCert, Verify),
emqx_mgmt_api_test_util:end_suite([emqx_management]). assert_https_request()
after
emqx_mgmt_api_test_util:end_suite([emqx_management])
end.
assert_ranch_options(MaxConnections0, SSLCert, Verify) -> assert_ranch_options(MaxConnections0, SSLCert, Verify) ->
Middlewares = [emqx_dashboard_middleware, cowboy_router, cowboy_handler], Middlewares = [emqx_dashboard_middleware, cowboy_router, cowboy_handler],
@ -286,10 +306,10 @@ assert_https_request() ->
lists:foreach( lists:foreach(
fun(Path) -> fun(Path) ->
ApiPath = https_api_path([Path]), ApiPath = https_api_path([Path]),
?assertMatch( case emqx_dashboard_SUITE:request_dashboard(get, ApiPath, Headers) of
{ok, _}, {ok, _} -> ok;
emqx_dashboard_SUITE:request_dashboard(get, ApiPath, Headers) {error, Reason} -> error({https_client_error, Reason})
) end
end, end,
?OVERVIEWS ?OVERVIEWS
). ).

2
apps/emqx_dashboard/test/emqx_swagger_requestBody_SUITE.erl
View File

@ -315,6 +315,8 @@ t_none_ref(_Config) ->
), ),
ok. ok.
namespace() -> undefined.
t_sub_fields(_Config) -> t_sub_fields(_Config) ->
Spec = #{ Spec = #{
post => #{ post => #{

1
apps/emqx_ft/test/emqx_ft_storage_fs_reader_SUITE.erl
View File

@ -125,6 +125,7 @@ t_bad_messages(Config) ->
). ).
t_nonexistent_file(_Config) -> t_nonexistent_file(_Config) ->
erlang:process_flag(trap_exit, true),
?assertEqual( ?assertEqual(
{error, enoent}, {error, enoent},
emqx_ft_storage_fs_reader:start_link(self(), "/a/b/c/bar") emqx_ft_storage_fs_reader:start_link(self(), "/a/b/c/bar")

16
apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl
View File

@ -143,11 +143,11 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) ->
false -> false ->
[]; [];
true -> true ->
Opts1 = maps:get(ssl, Options, #{}),
Opts2 = maps:without([handshake_timeout], Opts1),
SSLOpts = emqx_tls_lib:to_server_opts(tls, Opts2),
[ [
{ssl_options, {ssl_options, SSLOpts}
maps:to_list(
maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{}))
)}
] ]
end, end,
ListenOnStr = emqx_listeners:format_bind(ListenOn), ListenOnStr = emqx_listeners:format_bind(ListenOn),
@ -200,20 +200,20 @@ start_grpc_client_channel(
}} }}
) )
end, end,
case emqx_utils_maps:deep_get([ssl_options, enable], Options, false) of SSLOpts = emqx_utils_maps:deep_get([ssl_options], Options, #{}),
case maps:get(enable, SSLOpts, false) of
false -> false ->
SvrAddr = compose_http_uri(http, Host, Port), SvrAddr = compose_http_uri(http, Host, Port),
grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{}); grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{});
true -> true ->
SslOpts = maps:to_list(maps:get(ssl, Options, #{})), SSLOpts1 = [{nodelay, true} | emqx_tls_lib:to_client_opts(SSLOpts)],
ClientOpts = #{ ClientOpts = #{
gun_opts => gun_opts =>
#{ #{
transport => ssl, transport => ssl,
transport_opts => SslOpts transport_opts => SSLOpts1
} }
}, },
SvrAddr = compose_http_uri(https, Host, Port), SvrAddr = compose_http_uri(https, Host, Port),
grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts) grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts)
end; end;

41
apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl
View File

@ -180,7 +180,7 @@ set_special_cfg(_, _, _, _) ->
listener_confs(Type) -> listener_confs(Type) ->
Default = #{bind => 7993, acceptors => 8}, Default = #{bind => 7993, acceptors => 8},
#{Type => #{'default' => maps:merge(Default, socketopts(Type))}}. #{Type => #{'default' => maps:merge(Default, server_socketopts(Type))}}.
default_config() -> default_config() ->
?CONF_DEFAULT. ?CONF_DEFAULT.
@ -593,11 +593,11 @@ open(udp) ->
{ok, Sock} = gen_udp:open(0, ?TCPOPTS), {ok, Sock} = gen_udp:open(0, ?TCPOPTS),
{udp, Sock}; {udp, Sock};
open(ssl) -> open(ssl) ->
SslOpts = maps:to_list(client_ssl_opts()), SslOpts = client_ssl_opts(),
{ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts),
{ssl, SslSock}; {ssl, SslSock};
open(dtls) -> open(dtls) ->
SslOpts = maps:to_list(client_ssl_opts()), SslOpts = client_ssl_opts(),
{ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts),
{dtls, SslSock}. {dtls, SslSock}.
@ -635,24 +635,24 @@ close({dtls, Sock}) ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Server-Opts %% Server-Opts
socketopts(tcp) -> server_socketopts(tcp) ->
#{tcp_options => tcp_opts()}; #{tcp_options => server_tcp_opts()};
socketopts(ssl) -> server_socketopts(ssl) ->
#{ #{
tcp_options => tcp_opts(), tcp_options => server_tcp_opts(),
ssl_options => ssl_opts() ssl_options => server_ssl_opts()
}; };
socketopts(udp) -> server_socketopts(udp) ->
#{udp_options => udp_opts()}; #{udp_options => server_udp_opts()};
socketopts(dtls) -> server_socketopts(dtls) ->
#{ #{
udp_options => udp_opts(), udp_options => server_udp_opts(),
dtls_options => dtls_opts() dtls_options => server_dtls_opts()
}. }.
tcp_opts() -> server_tcp_opts() ->
maps:merge( maps:merge(
udp_opts(), server_udp_opts(),
#{ #{
send_timeout => 15000, send_timeout => 15000,
send_timeout_close => true, send_timeout_close => true,
@ -661,7 +661,7 @@ tcp_opts() ->
} }
). ).
udp_opts() -> server_udp_opts() ->
#{ #{
recbuf => 1024, recbuf => 1024,
sndbuf => 1024, sndbuf => 1024,
@ -669,7 +669,7 @@ udp_opts() ->
reuseaddr => true reuseaddr => true
}. }.
ssl_opts() -> server_ssl_opts() ->
Certs = certs("key.pem", "cert.pem", "cacert.pem"), Certs = certs("key.pem", "cert.pem", "cacert.pem"),
maps:merge( maps:merge(
Certs, Certs,
@ -684,14 +684,15 @@ ssl_opts() ->
} }
). ).
dtls_opts() -> server_dtls_opts() ->
maps:merge(ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}). maps:merge(server_ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}).
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Client-Opts %% Client-Opts
client_ssl_opts() -> client_ssl_opts() ->
certs("client-key.pem", "client-cert.pem", "cacert.pem"). OptsWithCerts = certs("client-key.pem", "client-cert.pem", "cacert.pem"),
[{verify, verify_none} | maps:to_list(OptsWithCerts)].
certs(Key, Cert, CACert) -> certs(Key, Cert, CACert) ->
CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"), CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"),

7
apps/emqx_opentelemetry/src/emqx_otel_config.erl
View File

@ -150,12 +150,13 @@ tr_handler_conf(#{logs := LogsConf, exporter := ExporterConf}) ->
ssl_opts(Endpoint, SSLOpts) -> ssl_opts(Endpoint, SSLOpts) ->
case is_ssl(Endpoint) of case is_ssl(Endpoint) of
true -> true ->
emqx_tls_lib:to_client_opts(SSLOpts); %% force enable ssl
emqx_tls_lib:to_client_opts(SSLOpts#{enable => true});
false -> false ->
[] []
end. end.
is_ssl(<<"https://", _/binary>> = _Endpoint) -> is_ssl(<<"https://", _/binary>>) ->
true; true;
is_ssl(_Endpoint) -> is_ssl(<<"http://", _/binary>>) ->
false. false.

2
apps/emqx_postgresql/rebar.config
View File

@ -2,7 +2,7 @@
{erl_opts, [debug_info]}. {erl_opts, [debug_info]}.
{deps, [ {deps, [
{epgsql, {git, "https://github.com/emqx/epgsql", {tag, "4.7.0.1"}}}, {epgsql, {git, "https://github.com/emqx/epgsql", {tag, "4.7.1.1"}}},
{emqx_connector, {path, "../../apps/emqx_connector"}}, {emqx_connector, {path, "../../apps/emqx_connector"}},
{emqx_resource, {path, "../../apps/emqx_resource"}} {emqx_resource, {path, "../../apps/emqx_resource"}}
]}. ]}.

2
apps/emqx_s3/rebar.config
View File

@ -1,6 +1,6 @@
{deps, [ {deps, [
{emqx, {path, "../../apps/emqx"}}, {emqx, {path, "../../apps/emqx"}},
{erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}}, {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}},
{emqx_bridge_http, {path, "../emqx_bridge_http"}} {emqx_bridge_http, {path, "../emqx_bridge_http"}}
]}. ]}.

2
apps/emqx_s3/test/emqx_s3_client_SUITE.erl
View File

@ -129,7 +129,7 @@ t_url(Config) ->
?assertMatch( ?assertMatch(
{ok, {{_StatusLine, 200, "OK"}, _Headers, "data"}}, {ok, {{_StatusLine, 200, "OK"}, _Headers, "data"}},
httpc:request(Url) httpc:request(get, {Url, []}, [{ssl, [{verify, verify_none}]}], [])
). ).
t_no_acl(Config) -> t_no_acl(Config) ->

10
apps/emqx_s3/test/emqx_s3_uploader_SUITE.erl
View File

@ -64,13 +64,13 @@ groups() ->
{tcp_cases, [ {tcp_cases, [
t_config_switch, t_config_switch,
t_config_switch_http_settings,
t_too_large, t_too_large,
t_no_profile t_no_profile
]}, ]},
{tls_cases, [ {tls_cases, [
t_tls_error t_tls_error,
t_config_switch_http_settings
]}, ]},
{noconn_errors, [{group, transport_errors}]}, {noconn_errors, [{group, transport_errors}]},
@ -205,7 +205,8 @@ t_signed_url_download(_Config) ->
emqx_s3_client:uri(Client, Key) emqx_s3_client:uri(Client, Key)
end), end),
{ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, [], []), HttpOpts = [{ssl, [{verify, verify_none}]}],
{ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, HttpOpts, []),
?assertEqual( ?assertEqual(
iolist_to_binary(Data), iolist_to_binary(Data),
@ -222,7 +223,8 @@ t_signed_nonascii_url_download(_Config) ->
emqx_s3_client:uri(Client, Key) emqx_s3_client:uri(Client, Key)
end), end),
{ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, [], []), HttpOpts = [{ssl, [{verify, verify_none}]}],
{ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, HttpOpts, []),
?assertEqual( ?assertEqual(
iolist_to_binary(Data), iolist_to_binary(Data),

6
build
View File

@ -387,10 +387,10 @@ docker_cleanup() {
## Build the default docker image based on debian 11. ## Build the default docker image based on debian 11.
make_docker() { make_docker() {
local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.1-4}" local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.2-8}"
local EMQX_BUILDER_PLATFORM="${EMQX_BUILDER_PLATFORM:-debian11}" local EMQX_BUILDER_PLATFORM="${EMQX_BUILDER_PLATFORM:-debian11}"
local EMQX_BUILDER_OTP="${EMQX_BUILDER_OTP:-25.3.2-2}" local EMQX_BUILDER_OTP="${EMQX_BUILDER_OTP:-26.1.2-2}"
local EMQX_BUILDER_ELIXIR="${EMQX_BUILDER_ELIXIR:-1.14.5}" local EMQX_BUILDER_ELIXIR="${EMQX_BUILDER_ELIXIR:-1.15.7}"
local EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}} local EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}}
local EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}" local EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}"
local EMQX_DOCKERFILE="${EMQX_DOCKERFILE:-deploy/docker/Dockerfile}" local EMQX_DOCKERFILE="${EMQX_DOCKERFILE:-deploy/docker/Dockerfile}"

1
changes/ce/feat-12085.en.md Normal file
View File

@ -0,0 +1 @@
Upgrade to OTP 26.1.2-2

2
deploy/docker/Dockerfile
View File

@ -1,4 +1,4 @@
ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11
ARG RUN_FROM=public.ecr.aws/debian/debian:11-slim ARG RUN_FROM=public.ecr.aws/debian/debian:11-slim
FROM ${BUILD_FROM} AS builder FROM ${BUILD_FROM} AS builder
ARG DEBUG=0 ARG DEBUG=0

7
mix.exs
View File

@ -79,7 +79,7 @@ defmodule EMQXUmbrella.MixProject do
# in conflict by ehttpc and emqtt # in conflict by ehttpc and emqtt
{:gun, github: "emqx/gun", tag: "1.3.9", override: true}, {:gun, github: "emqx/gun", tag: "1.3.9", override: true},
# in conflict by emqx_connector and system_monitor # in conflict by emqx_connector and system_monitor
{:epgsql, github: "emqx/epgsql", tag: "4.7.0.1", override: true}, {:epgsql, github: "emqx/epgsql", tag: "4.7.1.1", override: true},
# in conflict by emqx and observer_cli # in conflict by emqx and observer_cli
{:recon, github: "ferd/recon", tag: "2.5.1", override: true}, {:recon, github: "ferd/recon", tag: "2.5.1", override: true},
{:jsx, github: "talentdeficit/jsx", tag: "v3.1.0", override: true}, {:jsx, github: "talentdeficit/jsx", tag: "v3.1.0", override: true},
@ -97,6 +97,7 @@ defmodule EMQXUmbrella.MixProject do
{:hackney, github: "emqx/hackney", tag: "1.18.1-1", override: true}, {:hackney, github: "emqx/hackney", tag: "1.18.1-1", override: true},
# set by hackney (dependency) # set by hackney (dependency)
{:ssl_verify_fun, "1.1.7", override: true}, {:ssl_verify_fun, "1.1.7", override: true},
{:rfc3339, github: "emqx/rfc3339", tag: "0.2.3", override: true},
{:uuid, github: "okeuday/uuid", tag: "v2.0.6", override: true}, {:uuid, github: "okeuday/uuid", tag: "v2.0.6", override: true},
{:quickrand, github: "okeuday/quickrand", tag: "v2.0.6", override: true} {:quickrand, github: "okeuday/quickrand", tag: "v2.0.6", override: true}
] ++ ] ++
@ -214,12 +215,12 @@ defmodule EMQXUmbrella.MixProject do
github: "emqx/credentials-obfuscation", tag: "v3.2.0", override: true}, github: "emqx/credentials-obfuscation", tag: "v3.2.0", override: true},
{:rabbit_common, {:rabbit_common,
github: "emqx/rabbitmq-server", github: "emqx/rabbitmq-server",
tag: "v3.11.13-emqx", tag: "v3.11.13.2",
sparse: "deps/rabbit_common", sparse: "deps/rabbit_common",
override: true}, override: true},
{:amqp_client, {:amqp_client,
github: "emqx/rabbitmq-server", github: "emqx/rabbitmq-server",
tag: "v3.11.13-emqx", tag: "v3.11.13.2",
sparse: "deps/amqp_client", sparse: "deps/amqp_client",
override: true} override: true}
] ]

1
rebar.config
View File

@ -96,6 +96,7 @@
, {jsone, {git, "https://github.com/emqx/jsone.git", {tag, "1.7.1"}}} , {jsone, {git, "https://github.com/emqx/jsone.git", {tag, "1.7.1"}}}
, {uuid, {git, "https://github.com/okeuday/uuid.git", {tag, "v2.0.6"}}} , {uuid, {git, "https://github.com/okeuday/uuid.git", {tag, "v2.0.6"}}}
, {ssl_verify_fun, "1.1.7"} , {ssl_verify_fun, "1.1.7"}
, {rfc3339, {git, "https://github.com/emqx/rfc3339.git", {tag, "0.2.3"}}}
]}. ]}.
{xref_ignores, {xref_ignores,

2
rebar.config.erl
View File

@ -562,7 +562,7 @@ dialyzer(Config) ->
AppsToExclude = AppNames -- KnownApps, AppsToExclude = AppNames -- KnownApps,
Extra = Extra =
[os_mon, system_monitor, covertool] ++ [os_mon, system_monitor, tools, covertool] ++
[bcrypt || provide_bcrypt_dep()] ++ [bcrypt || provide_bcrypt_dep()] ++
[jq || is_jq_supported()] ++ [jq || is_jq_supported()] ++
[quicer || is_quicer_supported()], [quicer || is_quicer_supported()],

4
scripts/buildx.sh
View File

@ -9,7 +9,7 @@
## example: ## example:
## ./scripts/buildx.sh --profile emqx --pkgtype tgz --arch arm64 \ ## ./scripts/buildx.sh --profile emqx --pkgtype tgz --arch arm64 \
## --builder ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 ## --builder ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11
set -euo pipefail set -euo pipefail
@ -24,7 +24,7 @@ help() {
echo "--arch amd64|arm64: Target arch to build the EMQX package for" echo "--arch amd64|arm64: Target arch to build the EMQX package for"
echo "--src_dir <SRC_DIR>: EMQX source code in this dir, default to PWD" echo "--src_dir <SRC_DIR>: EMQX source code in this dir, default to PWD"
echo "--builder <BUILDER>: Builder image to pull" echo "--builder <BUILDER>: Builder image to pull"
echo " E.g. ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11" echo " E.g. ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11"
} }
die() { die() {

6
scripts/pr-sanity-checks.sh
View File

@ -12,9 +12,9 @@ if ! type "yq" > /dev/null; then
exit 1 exit 1
fi fi
EMQX_BUILDER_VERSION=${EMQX_BUILDER_VERSION:-5.1-4} EMQX_BUILDER_VERSION=${EMQX_BUILDER_VERSION:-5.2-8}
EMQX_BUILDER_OTP=${EMQX_BUILDER_OTP:-25.3.2-2} EMQX_BUILDER_OTP=${EMQX_BUILDER_OTP:-26.1.2-2}
EMQX_BUILDER_ELIXIR=${EMQX_BUILDER_ELIXIR:-1.14.5} EMQX_BUILDER_ELIXIR=${EMQX_BUILDER_ELIXIR:-1.15.7}
EMQX_BUILDER_PLATFORM=${EMQX_BUILDER_PLATFORM:-ubuntu22.04} EMQX_BUILDER_PLATFORM=${EMQX_BUILDER_PLATFORM:-ubuntu22.04}
EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}} EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}}

2
scripts/relup-test/start-relup-test-cluster.sh
View File

@ -22,7 +22,7 @@ WEBHOOK="webhook.$NET"
BENCH="bench.$NET" BENCH="bench.$NET"
COOKIE='this-is-a-secret' COOKIE='this-is-a-secret'
## Erlang image is needed to run webhook server and emqtt-bench ## Erlang image is needed to run webhook server and emqtt-bench
ERLANG_IMAGE="ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-ubuntu20.04" ERLANG_IMAGE="ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04"
# builder has emqtt-bench installed # builder has emqtt-bench installed
BENCH_IMAGE="$ERLANG_IMAGE" BENCH_IMAGE="$ERLANG_IMAGE"