From 7f349d814e320f2f323e2cf1586fc3597f273935 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Wed, 3 Feb 2021 17:03:16 +0800 Subject: [PATCH 1/3] test(ci): unify the pgsql confs --- .ci/compatibility_tests/docker-compose-pgsql-tls.yaml | 6 +++--- .github/workflows/run_cts_tests.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.ci/compatibility_tests/docker-compose-pgsql-tls.yaml b/.ci/compatibility_tests/docker-compose-pgsql-tls.yaml index d3d9d93b5..6bb3d321e 100644 --- a/.ci/compatibility_tests/docker-compose-pgsql-tls.yaml +++ b/.ci/compatibility_tests/docker-compose-pgsql-tls.yaml @@ -24,9 +24,9 @@ services: image: emqx_pgsql:${PGSQL_TAG} restart: always environment: - POSTGRES_DB: postgres - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres + POSTGRES_DB: mqtt + POSTGRES_USER: root + POSTGRES_PASSWORD: public ports: - "5432:5432" command: diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml index fdca76a7c..5e0335d92 100644 --- a/.github/workflows/run_cts_tests.yaml +++ b/.github/workflows/run_cts_tests.yaml @@ -200,9 +200,9 @@ jobs: sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf fi - sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - name: setup From c3642c5c831e0f0f6c17dc3ab1856cb7cb3d4d60 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Thu, 4 Feb 2021 15:29:00 +0800 Subject: [PATCH 2/3] refactor(pgsql): set the default ssl version to tlsv1.3,tlsv1.2,tlsv1.1 --- apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf | 14 +++++++------- apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf index ef8e7533a..d27956b16 100644 --- a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf +++ b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf @@ -22,7 +22,7 @@ auth.pgsql.username = root ## PostgreSQL password. ## ## Value: String -# auth.pgsql.password = +#auth.pgsql.password = ## PostgreSQL database. ## @@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8 ## Value: on | off auth.pgsql.ssl = off -## TLS version -## You can configure multi-version use "," split, -## default value is :tlsv1.2 -## Example: -## tlsv1.1,tlsv1.2,tlsv1.3 +## TLS version. ## -#auth.pgsql.ssl.tls_versions = tlsv1.2 +## Available enum values: +## tlsv1.3,tlsv1.2,tlsv1.1,tlsv1 +## +## Value: String, seperated by ',' +#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1 ## SSL keyfile. ## diff --git a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema index 859495a60..77a239ba9 100644 --- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema +++ b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema @@ -36,7 +36,7 @@ ]}. {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [ - {default, "tlsv1.2"}, + {default, "tlsv1.3,tlsv1.2,tlsv1.1"}, {datatype, string} ]}. @@ -92,9 +92,9 @@ SslOpts = fun(Prefix) -> Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)}, - {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined), + {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}, {versions, [list_to_existing_atom(Value) - ||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}]) + || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}]) end, %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 From daa9648db5964ab89b4350b4e6f459833e654903 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Thu, 4 Feb 2021 15:30:25 +0800 Subject: [PATCH 3/3] chore(ci): delete the ssl version configuration --- .github/workflows/run_cts_tests.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml index 5e0335d92..f5ad55183 100644 --- a/.github/workflows/run_cts_tests.yaml +++ b/.github/workflows/run_cts_tests.yaml @@ -194,12 +194,6 @@ jobs: run: | docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d - if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then - sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - else - sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - fi - sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf