Merge pull request #4140 from HJianBo/unify_pgsql_conf

Refine the auth-pgsql SSL version configuration

.ci/compatibility_tests/docker-compose-pgsql-tls.yaml

@@ -24,9 +24,9 @@ services:
     image: emqx_pgsql:${PGSQL_TAG}
     restart: always
     environment:
-      POSTGRES_DB: postgres
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: mqtt
+      POSTGRES_USER: root
+      POSTGRES_PASSWORD: public
     ports:
       - "5432:5432"
     command:

.github/workflows/run_cts_tests.yaml

@@ -194,15 +194,9 @@ jobs:
         run: |
           docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache
           docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
-          if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then
-              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
-          else
-              sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
-          fi
-
-          sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
-          sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
-          sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+          sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
           sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
       - name: setup

apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf

@@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8
 ## Value: on | off
 auth.pgsql.ssl = off
 
-## TLS version
-## You can configure multi-version use "," split,
-## default value is :tlsv1.2
-## Example:
-##    tlsv1.2,tlsv1.1
+## TLS version.
 ##
-#auth.pgsql.ssl.tls_versions = tlsv1.2
+## Available enum values:
+##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+##
+## Value: String, seperated by ','
+#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
 
 ## SSL keyfile.
 ##

apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema

@@ -36,7 +36,7 @@
 ]}.
 
 {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.2"},
+  {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
   {datatype, string}
 ]}.
 
@@ -92,9 +92,9 @@
   SslOpts = fun(Prefix) ->
                 Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                         {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined),
+                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
                         {versions, [list_to_existing_atom(Value)
-                                    ||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}])
+                                    || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
             end,
 
   %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0