fix(connector): fix ssl clear
This commit is contained in:
Zaiming (Stone) Shi
parent
cc9e5b1a56
commit
983e904858
|
|
@ -133,7 +133,7 @@ deep_merge(BaseMap, NewMap) ->
|
||||||
),
|
),
|
||||||
maps:merge(MergedBase, maps:with(NewKeys, NewMap)).
|
maps:merge(MergedBase, maps:with(NewKeys, NewMap)).
|
||||||
|
|
||||||
-spec deep_convert(map(), convert_fun(), Args :: list()) -> map().
|
-spec deep_convert(any(), convert_fun(), Args :: list()) -> any().
|
||||||
deep_convert(Map, ConvFun, Args) when is_map(Map) ->
|
deep_convert(Map, ConvFun, Args) when is_map(Map) ->
|
||||||
maps:fold(
|
maps:fold(
|
||||||
fun(K, V, Acc) ->
|
fun(K, V, Acc) ->
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,9 @@ init_per_testcase(t_get_basic_usage_info_1, Config) ->
|
||||||
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
||||||
setup_fake_telemetry_data(),
|
setup_fake_telemetry_data(),
|
||||||
Config;
|
Config;
|
||||||
|
init_per_testcase(t_update_ssl_conf, Config) ->
|
||||||
|
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
|
||||||
|
[{config_path, Path} | Config];
|
||||||
init_per_testcase(_TestCase, Config) ->
|
init_per_testcase(_TestCase, Config) ->
|
||||||
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
||||||
Config.
|
Config.
|
||||||
|
|
@ -63,6 +66,9 @@ end_per_testcase(t_get_basic_usage_info_1, _Config) ->
|
||||||
ok = emqx_config:put([bridges], #{}),
|
ok = emqx_config:put([bridges], #{}),
|
||||||
ok = emqx_config:put_raw([bridges], #{}),
|
ok = emqx_config:put_raw([bridges], #{}),
|
||||||
ok;
|
ok;
|
||||||
|
end_per_testcase(t_update_ssl_conf, Config) ->
|
||||||
|
Path = proplists:get_value(config_path, Config),
|
||||||
|
emqx:remove_config(Path);
|
||||||
end_per_testcase(_TestCase, _Config) ->
|
end_per_testcase(_TestCase, _Config) ->
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
|
|
@ -149,82 +155,30 @@ setup_fake_telemetry_data() ->
|
||||||
ok = snabbkaffe:stop(),
|
ok = snabbkaffe:stop(),
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
t_update_ssl_conf(_) ->
|
t_update_ssl_conf(Config) ->
|
||||||
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
|
Path = proplists:get_value(config_path, Config),
|
||||||
EnableSSLConf = #{
|
EnableSSLConf = #{
|
||||||
<<"connector">> =>
|
<<"bridge_mode">> => false,
|
||||||
|
<<"clean_start">> => true,
|
||||||
|
<<"keepalive">> => <<"60s">>,
|
||||||
|
<<"mode">> => <<"cluster_shareload">>,
|
||||||
|
<<"proto_ver">> => <<"v4">>,
|
||||||
|
<<"server">> => <<"127.0.0.1:1883">>,
|
||||||
|
<<"ssl">> =>
|
||||||
#{
|
#{
|
||||||
<<"bridge_mode">> => false,
|
<<"cacertfile">> => cert_file("cafile"),
|
||||||
<<"clean_start">> => true,
|
<<"certfile">> => cert_file("certfile"),
|
||||||
<<"keepalive">> => <<"60s">>,
|
<<"enable">> => true,
|
||||||
<<"mode">> => <<"cluster_shareload">>,
|
<<"keyfile">> => cert_file("keyfile"),
|
||||||
<<"proto_ver">> => <<"v4">>,
|
<<"verify">> => <<"verify_peer">>
|
||||||
<<"server">> => <<"127.0.0.1:1883">>,
|
}
|
||||||
<<"ssl">> =>
|
|
||||||
#{
|
|
||||||
<<"cacertfile">> => cert_file("cafile"),
|
|
||||||
<<"certfile">> => cert_file("certfile"),
|
|
||||||
<<"enable">> => true,
|
|
||||||
<<"keyfile">> => cert_file("keyfile"),
|
|
||||||
<<"verify">> => <<"verify_peer">>
|
|
||||||
}
|
|
||||||
},
|
|
||||||
<<"direction">> => <<"ingress">>,
|
|
||||||
<<"local_qos">> => 1,
|
|
||||||
<<"payload">> => <<"${payload}">>,
|
|
||||||
<<"remote_qos">> => 1,
|
|
||||||
<<"remote_topic">> => <<"t/#">>,
|
|
||||||
<<"retain">> => false
|
|
||||||
},
|
},
|
||||||
|
{ok, _} = emqx:update_config(Path, EnableSSLConf),
|
||||||
emqx:update_config(Path, EnableSSLConf),
|
{ok, Certs} = list_pem_dir(Path),
|
||||||
?assertMatch({ok, [_, _, _]}, list_pem_dir(Path)),
|
?assertMatch([_, _, _], Certs),
|
||||||
NoSSLConf = #{
|
NoSSLConf = EnableSSLConf#{<<"ssl">> := #{<<"enable">> => false}},
|
||||||
<<"connector">> =>
|
{ok, _} = emqx:update_config(Path, NoSSLConf),
|
||||||
#{
|
|
||||||
<<"bridge_mode">> => false,
|
|
||||||
<<"clean_start">> => true,
|
|
||||||
<<"keepalive">> => <<"60s">>,
|
|
||||||
<<"max_inflight">> => 32,
|
|
||||||
<<"mode">> => <<"cluster_shareload">>,
|
|
||||||
<<"password">> => <<>>,
|
|
||||||
<<"proto_ver">> => <<"v4">>,
|
|
||||||
<<"reconnect_interval">> => <<"15s">>,
|
|
||||||
<<"replayq">> =>
|
|
||||||
#{<<"offload">> => false, <<"seg_bytes">> => <<"100MB">>},
|
|
||||||
<<"retry_interval">> => <<"15s">>,
|
|
||||||
<<"server">> => <<"127.0.0.1:1883">>,
|
|
||||||
<<"ssl">> =>
|
|
||||||
#{
|
|
||||||
<<"ciphers">> => <<>>,
|
|
||||||
<<"depth">> => 10,
|
|
||||||
<<"enable">> => false,
|
|
||||||
<<"reuse_sessions">> => true,
|
|
||||||
<<"secure_renegotiate">> => true,
|
|
||||||
<<"user_lookup_fun">> => <<"emqx_tls_psk:lookup">>,
|
|
||||||
<<"verify">> => <<"verify_peer">>,
|
|
||||||
<<"versions">> =>
|
|
||||||
[
|
|
||||||
<<"tlsv1.3">>,
|
|
||||||
<<"tlsv1.2">>,
|
|
||||||
<<"tlsv1.1">>,
|
|
||||||
<<"tlsv1">>
|
|
||||||
]
|
|
||||||
},
|
|
||||||
<<"username">> => <<>>
|
|
||||||
},
|
|
||||||
<<"direction">> => <<"ingress">>,
|
|
||||||
<<"enable">> => true,
|
|
||||||
<<"local_qos">> => 1,
|
|
||||||
<<"payload">> => <<"${payload}">>,
|
|
||||||
<<"remote_qos">> => 1,
|
|
||||||
<<"remote_topic">> => <<"t/#">>,
|
|
||||||
<<"retain">> => false
|
|
||||||
},
|
|
||||||
|
|
||||||
emqx:update_config(Path, NoSSLConf),
|
|
||||||
?assertMatch({error, not_dir}, list_pem_dir(Path)),
|
?assertMatch({error, not_dir}, list_pem_dir(Path)),
|
||||||
emqx:remove_config(Path),
|
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
list_pem_dir(Path) ->
|
list_pem_dir(Path) ->
|
||||||
|
|
|
||||||
|
|
@ -24,20 +24,6 @@
|
||||||
try_clear_certs/3
|
try_clear_certs/3
|
||||||
]).
|
]).
|
||||||
|
|
||||||
%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`.
|
|
||||||
%% The `connector` config layer will be removed.
|
|
||||||
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
|
|
||||||
convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when
|
|
||||||
is_map(Connector)
|
|
||||||
->
|
|
||||||
SSL = maps:get(<<"ssl">>, Connector, undefined),
|
|
||||||
new_ssl_config(RltvDir, Config, SSL);
|
|
||||||
convert_certs(RltvDir, #{connector := Connector} = Config) when
|
|
||||||
is_map(Connector)
|
|
||||||
->
|
|
||||||
SSL = maps:get(ssl, Connector, undefined),
|
|
||||||
new_ssl_config(RltvDir, Config, SSL);
|
|
||||||
%% for bridges without `connector` field. i.e. webhook
|
|
||||||
convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
|
convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
|
||||||
new_ssl_config(RltvDir, Config, SSL);
|
new_ssl_config(RltvDir, Config, SSL);
|
||||||
convert_certs(RltvDir, #{ssl := SSL} = Config) ->
|
convert_certs(RltvDir, #{ssl := SSL} = Config) ->
|
||||||
|
|
@ -49,14 +35,6 @@ convert_certs(_RltvDir, Config) ->
|
||||||
clear_certs(RltvDir, Config) ->
|
clear_certs(RltvDir, Config) ->
|
||||||
clear_certs2(RltvDir, normalize_key_to_bin(Config)).
|
clear_certs2(RltvDir, normalize_key_to_bin(Config)).
|
||||||
|
|
||||||
clear_certs2(RltvDir, #{<<"connector">> := Connector} = _Config) when
|
|
||||||
is_map(Connector)
|
|
||||||
->
|
|
||||||
%% TODO remove the 'connector' clause after dev/ee5.0 is merged back to master
|
|
||||||
%% The `connector` config layer will be removed.
|
|
||||||
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
|
|
||||||
OldSSL = maps:get(<<"ssl">>, Connector, undefined),
|
|
||||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
|
||||||
clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
|
clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
|
||||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
||||||
clear_certs2(_RltvDir, _) ->
|
clear_certs2(_RltvDir, _) ->
|
||||||
|
|
@ -69,15 +47,10 @@ try_clear_certs(RltvDir, NewConf, OldConf) ->
|
||||||
normalize_key_to_bin(OldConf)
|
normalize_key_to_bin(OldConf)
|
||||||
).
|
).
|
||||||
|
|
||||||
try_clear_certs2(RltvDir, #{<<"connector">> := NewConnector}, #{<<"connector">> := OldConnector}) ->
|
|
||||||
NewSSL = maps:get(<<"ssl">>, NewConnector, undefined),
|
|
||||||
OldSSL = maps:get(<<"ssl">>, OldConnector, undefined),
|
|
||||||
try_clear_certs2(RltvDir, NewSSL, OldSSL);
|
|
||||||
try_clear_certs2(RltvDir, NewSSL, OldSSL) when is_map(NewSSL) andalso is_map(OldSSL) ->
|
|
||||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL);
|
|
||||||
try_clear_certs2(RltvDir, NewConf, OldConf) ->
|
try_clear_certs2(RltvDir, NewConf, OldConf) ->
|
||||||
?SLOG(debug, #{msg => "unexpected_conf", path => RltvDir, new => NewConf, OldConf => OldConf}),
|
NewSSL = try_map_get(<<"ssl">>, NewConf, undefined),
|
||||||
ok.
|
OldSSL = try_map_get(<<"ssl">>, OldConf, undefined),
|
||||||
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL).
|
||||||
|
|
||||||
new_ssl_config(RltvDir, Config, SSL) ->
|
new_ssl_config(RltvDir, Config, SSL) ->
|
||||||
case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
|
case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
|
||||||
|
|
@ -98,5 +71,12 @@ new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) ->
|
||||||
new_ssl_config(Config, _NewSSL) ->
|
new_ssl_config(Config, _NewSSL) ->
|
||||||
Config.
|
Config.
|
||||||
|
|
||||||
normalize_key_to_bin(Map) ->
|
normalize_key_to_bin(undefined) ->
|
||||||
|
undefined;
|
||||||
|
normalize_key_to_bin(Map) when is_map(Map) ->
|
||||||
emqx_map_lib:binary_key_map(Map).
|
emqx_map_lib:binary_key_map(Map).
|
||||||
|
|
||||||
|
try_map_get(_Key, undefined, Default) ->
|
||||||
|
Default;
|
||||||
|
try_map_get(Key, Map, Default) when is_map(Map) ->
|
||||||
|
maps:get(Key, Map, Default).
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue