yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4140 from HJianBo/unify_pgsql_conf 

Refine the auth-pgsql SSL version configuration
This commit is contained in:
JianBo He 2021-02-11 15:51:09 +08:00 committed by GitHub
parent 514c2c0af5 2b4906b47d
commit 7bf0097330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.ci/compatibility_tests/docker-compose-pgsql-tls.yaml
View File

@ -24,9 +24,9 @@ services:
image: emqx_pgsql:${PGSQL_TAG}
restart: always
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: mqtt
POSTGRES_USER: root
POSTGRES_PASSWORD: public
ports:
- "5432:5432"
command:

12
.github/workflows/run_cts_tests.yaml vendored
View File

@ -194,15 +194,9 @@ jobs:
run: |
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache
docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d
if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then
sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
else
sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
fi
sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
- name: setup

14
apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
View File

@ -22,7 +22,7 @@ auth.pgsql.username = root
## PostgreSQL password.
##
## Value: String
# auth.pgsql.password =
#auth.pgsql.password =
## PostgreSQL database.
##
@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8
## Value: on | off
auth.pgsql.ssl = off
## TLS version
## You can configure multi-version use "," split,
## default value is :tlsv1.2
## Example:
## tlsv1.2,tlsv1.1
## TLS version.
##
#auth.pgsql.ssl.tls_versions = tlsv1.2
## Available enum values:
## tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
##
## Value: String, seperated by ','
#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
## SSL keyfile.
##

6
apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
View File

@ -36,7 +36,7 @@
]}.
{mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
{default, "tlsv1.2"},
{default, "tlsv1.3,tlsv1.2,tlsv1.1"},
{datatype, string}
]}.
@ -92,9 +92,9 @@
SslOpts = fun(Prefix) ->
Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
{certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
{cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined),
{cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
{versions, [list_to_existing_atom(Value)
||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}])
|| Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
end,
%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0