yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4140 from HJianBo/unify_pgsql_conf 

Refine the auth-pgsql SSL version configuration
This commit is contained in:
JianBo He 2021-02-11 15:51:09 +08:00 committed by GitHub
parent 514c2c0af5 2b4906b47d
commit 7bf0097330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.ci/compatibility_tests/docker-compose-pgsql-tls.yaml
View File

@ -24,9 +24,9 @@ services:
image: emqx_pgsql:${PGSQL_TAG} image: emqx_pgsql:${PGSQL_TAG}
restart: always restart: always
environment: environment:
POSTGRES_DB: postgres POSTGRES_DB: mqtt
POSTGRES_USER: postgres POSTGRES_USER: root
POSTGRES_PASSWORD: postgres POSTGRES_PASSWORD: public
ports: ports:
- "5432:5432" - "5432:5432"
command: command:

12
.github/workflows/run_cts_tests.yaml vendored
View File

@ -194,15 +194,9 @@ jobs:
run: | run: |
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
else sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
fi
sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
- name: setup - name: setup

14
apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
View File

@ -22,7 +22,7 @@ auth.pgsql.username = root
## PostgreSQL password. ## PostgreSQL password.
## ##
## Value: String ## Value: String
# auth.pgsql.password = #auth.pgsql.password =
## PostgreSQL database. ## PostgreSQL database.
## ##
@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8
## Value: on | off ## Value: on | off
auth.pgsql.ssl = off auth.pgsql.ssl = off
## TLS version ## TLS version.
## You can configure multi-version use "," split,
## default value is :tlsv1.2
## Example:
## tlsv1.2,tlsv1.1
## ##
#auth.pgsql.ssl.tls_versions = tlsv1.2 ## Available enum values:
## tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
##
## Value: String, seperated by ','
#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
## SSL keyfile. ## SSL keyfile.
## ##

6
apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
View File

@ -36,7 +36,7 @@
]}. ]}.
{mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [ {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
{default, "tlsv1.2"}, {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
{datatype, string} {datatype, string}
]}. ]}.
@ -92,9 +92,9 @@
SslOpts = fun(Prefix) -> SslOpts = fun(Prefix) ->
Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
{certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)}, {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
{cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined), {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
{versions, [list_to_existing_atom(Value) {versions, [list_to_existing_atom(Value)
||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}]) || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
end, end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0