diff --git a/apps/emqx/src/emqx_map_lib.erl b/apps/emqx/src/emqx_map_lib.erl index b01391c7b..6484d4269 100644 --- a/apps/emqx/src/emqx_map_lib.erl +++ b/apps/emqx/src/emqx_map_lib.erl @@ -133,7 +133,7 @@ deep_merge(BaseMap, NewMap) -> ), maps:merge(MergedBase, maps:with(NewKeys, NewMap)). --spec deep_convert(map(), convert_fun(), Args :: list()) -> map(). +-spec deep_convert(any(), convert_fun(), Args :: list()) -> any(). deep_convert(Map, ConvFun, Args) when is_map(Map) -> maps:fold( fun(K, V, Acc) -> diff --git a/apps/emqx_bridge/test/emqx_bridge_SUITE.erl b/apps/emqx_bridge/test/emqx_bridge_SUITE.erl index 5b19904ff..99d5af447 100644 --- a/apps/emqx_bridge/test/emqx_bridge_SUITE.erl +++ b/apps/emqx_bridge/test/emqx_bridge_SUITE.erl @@ -44,6 +44,9 @@ init_per_testcase(t_get_basic_usage_info_1, Config) -> {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), setup_fake_telemetry_data(), Config; +init_per_testcase(t_update_ssl_conf, Config) -> + Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>], + [{config_path, Path} | Config]; init_per_testcase(_TestCase, Config) -> {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), Config. @@ -63,6 +66,9 @@ end_per_testcase(t_get_basic_usage_info_1, _Config) -> ok = emqx_config:put([bridges], #{}), ok = emqx_config:put_raw([bridges], #{}), ok; +end_per_testcase(t_update_ssl_conf, Config) -> + Path = proplists:get_value(config_path, Config), + emqx:remove_config(Path); end_per_testcase(_TestCase, _Config) -> ok. @@ -149,82 +155,30 @@ setup_fake_telemetry_data() -> ok = snabbkaffe:stop(), ok. -t_update_ssl_conf(_) -> - Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>], +t_update_ssl_conf(Config) -> + Path = proplists:get_value(config_path, Config), EnableSSLConf = #{ - <<"connector">> => + <<"bridge_mode">> => false, + <<"clean_start">> => true, + <<"keepalive">> => <<"60s">>, + <<"mode">> => <<"cluster_shareload">>, + <<"proto_ver">> => <<"v4">>, + <<"server">> => <<"127.0.0.1:1883">>, + <<"ssl">> => #{ - <<"bridge_mode">> => false, - <<"clean_start">> => true, - <<"keepalive">> => <<"60s">>, - <<"mode">> => <<"cluster_shareload">>, - <<"proto_ver">> => <<"v4">>, - <<"server">> => <<"127.0.0.1:1883">>, - <<"ssl">> => - #{ - <<"cacertfile">> => cert_file("cafile"), - <<"certfile">> => cert_file("certfile"), - <<"enable">> => true, - <<"keyfile">> => cert_file("keyfile"), - <<"verify">> => <<"verify_peer">> - } - }, - <<"direction">> => <<"ingress">>, - <<"local_qos">> => 1, - <<"payload">> => <<"${payload}">>, - <<"remote_qos">> => 1, - <<"remote_topic">> => <<"t/#">>, - <<"retain">> => false + <<"cacertfile">> => cert_file("cafile"), + <<"certfile">> => cert_file("certfile"), + <<"enable">> => true, + <<"keyfile">> => cert_file("keyfile"), + <<"verify">> => <<"verify_peer">> + } }, - - emqx:update_config(Path, EnableSSLConf), - ?assertMatch({ok, [_, _, _]}, list_pem_dir(Path)), - NoSSLConf = #{ - <<"connector">> => - #{ - <<"bridge_mode">> => false, - <<"clean_start">> => true, - <<"keepalive">> => <<"60s">>, - <<"max_inflight">> => 32, - <<"mode">> => <<"cluster_shareload">>, - <<"password">> => <<>>, - <<"proto_ver">> => <<"v4">>, - <<"reconnect_interval">> => <<"15s">>, - <<"replayq">> => - #{<<"offload">> => false, <<"seg_bytes">> => <<"100MB">>}, - <<"retry_interval">> => <<"15s">>, - <<"server">> => <<"127.0.0.1:1883">>, - <<"ssl">> => - #{ - <<"ciphers">> => <<>>, - <<"depth">> => 10, - <<"enable">> => false, - <<"reuse_sessions">> => true, - <<"secure_renegotiate">> => true, - <<"user_lookup_fun">> => <<"emqx_tls_psk:lookup">>, - <<"verify">> => <<"verify_peer">>, - <<"versions">> => - [ - <<"tlsv1.3">>, - <<"tlsv1.2">>, - <<"tlsv1.1">>, - <<"tlsv1">> - ] - }, - <<"username">> => <<>> - }, - <<"direction">> => <<"ingress">>, - <<"enable">> => true, - <<"local_qos">> => 1, - <<"payload">> => <<"${payload}">>, - <<"remote_qos">> => 1, - <<"remote_topic">> => <<"t/#">>, - <<"retain">> => false - }, - - emqx:update_config(Path, NoSSLConf), + {ok, _} = emqx:update_config(Path, EnableSSLConf), + {ok, Certs} = list_pem_dir(Path), + ?assertMatch([_, _, _], Certs), + NoSSLConf = EnableSSLConf#{<<"ssl">> := #{<<"enable">> => false}}, + {ok, _} = emqx:update_config(Path, NoSSLConf), ?assertMatch({error, not_dir}, list_pem_dir(Path)), - emqx:remove_config(Path), ok. list_pem_dir(Path) -> diff --git a/apps/emqx_connector/src/emqx_connector_ssl.erl b/apps/emqx_connector/src/emqx_connector_ssl.erl index 7dc6179e1..c2449f095 100644 --- a/apps/emqx_connector/src/emqx_connector_ssl.erl +++ b/apps/emqx_connector/src/emqx_connector_ssl.erl @@ -24,20 +24,6 @@ try_clear_certs/3 ]). -%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`. -%% The `connector` config layer will be removed. -%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink` -convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when - is_map(Connector) --> - SSL = maps:get(<<"ssl">>, Connector, undefined), - new_ssl_config(RltvDir, Config, SSL); -convert_certs(RltvDir, #{connector := Connector} = Config) when - is_map(Connector) --> - SSL = maps:get(ssl, Connector, undefined), - new_ssl_config(RltvDir, Config, SSL); -%% for bridges without `connector` field. i.e. webhook convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) -> new_ssl_config(RltvDir, Config, SSL); convert_certs(RltvDir, #{ssl := SSL} = Config) -> @@ -49,14 +35,6 @@ convert_certs(_RltvDir, Config) -> clear_certs(RltvDir, Config) -> clear_certs2(RltvDir, normalize_key_to_bin(Config)). -clear_certs2(RltvDir, #{<<"connector">> := Connector} = _Config) when - is_map(Connector) --> - %% TODO remove the 'connector' clause after dev/ee5.0 is merged back to master - %% The `connector` config layer will be removed. - %% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink` - OldSSL = maps:get(<<"ssl">>, Connector, undefined), - ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL); clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) -> ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL); clear_certs2(_RltvDir, _) -> @@ -69,15 +47,10 @@ try_clear_certs(RltvDir, NewConf, OldConf) -> normalize_key_to_bin(OldConf) ). -try_clear_certs2(RltvDir, #{<<"connector">> := NewConnector}, #{<<"connector">> := OldConnector}) -> - NewSSL = maps:get(<<"ssl">>, NewConnector, undefined), - OldSSL = maps:get(<<"ssl">>, OldConnector, undefined), - try_clear_certs2(RltvDir, NewSSL, OldSSL); -try_clear_certs2(RltvDir, NewSSL, OldSSL) when is_map(NewSSL) andalso is_map(OldSSL) -> - ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL); try_clear_certs2(RltvDir, NewConf, OldConf) -> - ?SLOG(debug, #{msg => "unexpected_conf", path => RltvDir, new => NewConf, OldConf => OldConf}), - ok. + NewSSL = try_map_get(<<"ssl">>, NewConf, undefined), + OldSSL = try_map_get(<<"ssl">>, OldConf, undefined), + ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL). new_ssl_config(RltvDir, Config, SSL) -> case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of @@ -98,5 +71,12 @@ new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) -> new_ssl_config(Config, _NewSSL) -> Config. -normalize_key_to_bin(Map) -> +normalize_key_to_bin(undefined) -> + undefined; +normalize_key_to_bin(Map) when is_map(Map) -> emqx_map_lib:binary_key_map(Map). + +try_map_get(_Key, undefined, Default) -> + Default; +try_map_get(Key, Map, Default) when is_map(Map) -> + maps:get(Key, Map, Default).