feat: support clean pem_cache cli

2022-04-20 21:47:06 +08:00 · 2022-04-20 21:47:06 +08:00 · 8a322f1548
parent 051ed84fc8
commit 8a322f1548
3 changed files with 54 additions and 15 deletions
--- a/apps/emqx/src/proto/emqx_proto_v1.erl
+++ b/apps/emqx/src/proto/emqx_proto_v1.erl
@ -33,7 +33,8 @@
    delete_all_deactivated_alarms/1,

    clean_authz_cache/1,
-    clean_authz_cache/2
+    clean_authz_cache/2,
+    clean_pem_cache/1
 ]).

 introduced_in() ->
@ -66,6 +67,10 @@ clean_authz_cache(Node, ClientId) ->
 clean_authz_cache(Node) ->
    rpc:call(Node, emqx_authz_cache, drain_cache, []).

+-spec clean_pem_cache(node()) -> ok | {badrpc, _}.
+clean_pem_cache(Node) ->
+    rpc:call(Node, ssl_pem_cache, clear, []).
+
 -spec deactivate_alarm(node(), binary() | atom()) ->
    ok | {error, not_found} | {badrpc, _}.
 deactivate_alarm(Node, Name) ->
--- a/apps/emqx_management/src/emqx_mgmt.erl
+++ b/apps/emqx_management/src/emqx_mgmt.erl
@ -56,12 +56,14 @@
    clean_authz_cache/2,
    clean_authz_cache_all/0,
    clean_authz_cache_all/1,
+    clean_pem_cache_all/0,
+    clean_pem_cache_all/1,
    set_ratelimit_policy/2,
    set_quota_policy/2,
    set_keepalive/2
 ]).

-%% Internal funcs
+%% Internal functions
 -export([do_call_client/2]).

 %% Subscriptions
@ -283,6 +285,13 @@ clean_authz_cache(Node, ClientId) ->

 clean_authz_cache_all() ->
    Results = [{Node, clean_authz_cache_all(Node)} || Node <- mria_mnesia:running_nodes()],
+    wrap_results(Results).
+
+clean_pem_cache_all() ->
+    Results = [{Node, clean_pem_cache_all(Node)} || Node <- mria_mnesia:running_nodes()],
+    wrap_results(Results).
+
+wrap_results(Results) ->
    case lists:filter(fun({_Node, Item}) -> Item =/= ok end, Results) of
        [] -> ok;
        BadNodes -> {error, BadNodes}
@ -291,6 +300,9 @@ clean_authz_cache_all() ->
 clean_authz_cache_all(Node) ->
    wrap_rpc(emqx_proto_v1:clean_authz_cache(Node)).

+clean_pem_cache_all(Node) ->
+    wrap_rpc(emqx_proto_v1:clean_pem_cache(Node)).
+
 set_ratelimit_policy(ClientId, Policy) ->
    call_client(ClientId, {ratelimit, Policy}).

--- a/apps/emqx_management/src/emqx_mgmt_cli.erl
+++ b/apps/emqx_management/src/emqx_mgmt_cli.erl
@ -41,6 +41,7 @@
    traces/1,
    log/1,
    authz/1,
+    pem_cache/1,
    olp/1
 ]).

@ -601,21 +602,14 @@ listeners(_) ->
 %% @doc authz Command

 authz(["cache-clean", "node", Node]) ->
-    case emqx_mgmt:clean_authz_cache_all(erlang:list_to_existing_atom(Node)) of
-        ok ->
-            emqx_ctl:print("Authorization cache drain started on node ~ts.~n", [Node]);
-        {error, Reason} ->
-            emqx_ctl:print("Authorization drain failed on node ~ts: ~0p.~n", [Node, Reason])
-    end;
+    Msg = io_lib:format("Authorization cache drain started on node ~ts", [Node]),
+    with_log(fun() -> for_node(fun emqx_mgmt:clean_authz_cache_all/1, Node) end, Msg);
 authz(["cache-clean", "all"]) ->
-    case emqx_mgmt:clean_authz_cache_all() of
-        ok ->
-            emqx_ctl:print("Started Authorization cache drain in all nodes~n");
-        {error, Reason} ->
-            emqx_ctl:print("Authorization cache-clean failed: ~p.~n", [Reason])
-    end;
+    Msg = "Authorization cache drain started on all nodes",
+    with_log(fun emqx_mgmt:clean_authz_cache_all/0, Msg);
 authz(["cache-clean", ClientId]) ->
-    emqx_mgmt:clean_authz_cache(ClientId);
+    Msg = io_lib:format("Drain ~ts authz cache", [ClientId]),
+    with_log(fun() -> emqx_mgmt:clean_authz_cache(ClientId) end, Msg);
 authz(_) ->
    emqx_ctl:usage(
        [
@ -625,6 +619,17 @@ authz(_) ->
        ]
    ).

+pem_cache(["clean", "all"]) ->
+    with_log(fun emqx_mgmt:clean_pem_cache_all/0, "PEM cache clean");
+pem_cache(["clean", "node", Node]) ->
+    Msg = io_lib:format("~ts PEM cache clean", [Node]),
+    with_log(fun() -> for_node(fun emqx_mgmt:clean_pem_cache_all/1, Node) end, Msg);
+pem_cache(_) ->
+    emqx_ctl:usage([
+        {"pem_cache clean all", "Clears x509 certificate cache on all nodes"},
+        {"pem_cache clean node <Node>", "Clears x509 certificate cache on given node"}
+    ]).
+
 %%--------------------------------------------------------------------
 %% @doc OLP (Overload Protection related)
 olp(["status"]) ->
@ -786,3 +791,20 @@ format_listen_on({Addr, Port}) when is_tuple(Addr) ->

 name(Filter) ->
    iolist_to_binary(["CLI-", Filter]).
+
+for_node(Fun, Node) ->
+    try list_to_existing_atom(Node) of
+        NodeAtom ->
+            Fun(NodeAtom)
+    catch
+        error:badarg ->
+            {error, unknown_node}
+    end.
+
+with_log(Fun, Msg) ->
+    case Fun() of
+        ok ->
+            emqx_ctl:print("~s OK~n", [Msg]);
+        {error, Reason} ->
+            emqx_ctl:print("~s FAILED~n~p~n", [Msg, Reason])
+    end.