fix(connector): fix ssl clear

This commit is contained in:
Zaiming (Stone) Shi 2022-11-30 14:02:27 +01:00
parent cc9e5b1a56
commit 983e904858
3 changed files with 38 additions and 104 deletions

View File

@ -133,7 +133,7 @@ deep_merge(BaseMap, NewMap) ->
),
maps:merge(MergedBase, maps:with(NewKeys, NewMap)).
-spec deep_convert(map(), convert_fun(), Args :: list()) -> map().
-spec deep_convert(any(), convert_fun(), Args :: list()) -> any().
deep_convert(Map, ConvFun, Args) when is_map(Map) ->
maps:fold(
fun(K, V, Acc) ->

View File

@ -44,6 +44,9 @@ init_per_testcase(t_get_basic_usage_info_1, Config) ->
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
setup_fake_telemetry_data(),
Config;
init_per_testcase(t_update_ssl_conf, Config) ->
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
[{config_path, Path} | Config];
init_per_testcase(_TestCase, Config) ->
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
Config.
@ -63,6 +66,9 @@ end_per_testcase(t_get_basic_usage_info_1, _Config) ->
ok = emqx_config:put([bridges], #{}),
ok = emqx_config:put_raw([bridges], #{}),
ok;
end_per_testcase(t_update_ssl_conf, Config) ->
Path = proplists:get_value(config_path, Config),
emqx:remove_config(Path);
end_per_testcase(_TestCase, _Config) ->
ok.
@ -149,11 +155,9 @@ setup_fake_telemetry_data() ->
ok = snabbkaffe:stop(),
ok.
t_update_ssl_conf(_) ->
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
t_update_ssl_conf(Config) ->
Path = proplists:get_value(config_path, Config),
EnableSSLConf = #{
<<"connector">> =>
#{
<<"bridge_mode">> => false,
<<"clean_start">> => true,
<<"keepalive">> => <<"60s">>,
@ -169,62 +173,12 @@ t_update_ssl_conf(_) ->
<<"verify">> => <<"verify_peer">>
}
},
<<"direction">> => <<"ingress">>,
<<"local_qos">> => 1,
<<"payload">> => <<"${payload}">>,
<<"remote_qos">> => 1,
<<"remote_topic">> => <<"t/#">>,
<<"retain">> => false
},
emqx:update_config(Path, EnableSSLConf),
?assertMatch({ok, [_, _, _]}, list_pem_dir(Path)),
NoSSLConf = #{
<<"connector">> =>
#{
<<"bridge_mode">> => false,
<<"clean_start">> => true,
<<"keepalive">> => <<"60s">>,
<<"max_inflight">> => 32,
<<"mode">> => <<"cluster_shareload">>,
<<"password">> => <<>>,
<<"proto_ver">> => <<"v4">>,
<<"reconnect_interval">> => <<"15s">>,
<<"replayq">> =>
#{<<"offload">> => false, <<"seg_bytes">> => <<"100MB">>},
<<"retry_interval">> => <<"15s">>,
<<"server">> => <<"127.0.0.1:1883">>,
<<"ssl">> =>
#{
<<"ciphers">> => <<>>,
<<"depth">> => 10,
<<"enable">> => false,
<<"reuse_sessions">> => true,
<<"secure_renegotiate">> => true,
<<"user_lookup_fun">> => <<"emqx_tls_psk:lookup">>,
<<"verify">> => <<"verify_peer">>,
<<"versions">> =>
[
<<"tlsv1.3">>,
<<"tlsv1.2">>,
<<"tlsv1.1">>,
<<"tlsv1">>
]
},
<<"username">> => <<>>
},
<<"direction">> => <<"ingress">>,
<<"enable">> => true,
<<"local_qos">> => 1,
<<"payload">> => <<"${payload}">>,
<<"remote_qos">> => 1,
<<"remote_topic">> => <<"t/#">>,
<<"retain">> => false
},
emqx:update_config(Path, NoSSLConf),
{ok, _} = emqx:update_config(Path, EnableSSLConf),
{ok, Certs} = list_pem_dir(Path),
?assertMatch([_, _, _], Certs),
NoSSLConf = EnableSSLConf#{<<"ssl">> := #{<<"enable">> => false}},
{ok, _} = emqx:update_config(Path, NoSSLConf),
?assertMatch({error, not_dir}, list_pem_dir(Path)),
emqx:remove_config(Path),
ok.
list_pem_dir(Path) ->

View File

@ -24,20 +24,6 @@
try_clear_certs/3
]).
%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`.
%% The `connector` config layer will be removed.
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when
is_map(Connector)
->
SSL = maps:get(<<"ssl">>, Connector, undefined),
new_ssl_config(RltvDir, Config, SSL);
convert_certs(RltvDir, #{connector := Connector} = Config) when
is_map(Connector)
->
SSL = maps:get(ssl, Connector, undefined),
new_ssl_config(RltvDir, Config, SSL);
%% for bridges without `connector` field. i.e. webhook
convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
new_ssl_config(RltvDir, Config, SSL);
convert_certs(RltvDir, #{ssl := SSL} = Config) ->
@ -49,14 +35,6 @@ convert_certs(_RltvDir, Config) ->
clear_certs(RltvDir, Config) ->
clear_certs2(RltvDir, normalize_key_to_bin(Config)).
clear_certs2(RltvDir, #{<<"connector">> := Connector} = _Config) when
is_map(Connector)
->
%% TODO remove the 'connector' clause after dev/ee5.0 is merged back to master
%% The `connector` config layer will be removed.
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
OldSSL = maps:get(<<"ssl">>, Connector, undefined),
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
clear_certs2(_RltvDir, _) ->
@ -69,15 +47,10 @@ try_clear_certs(RltvDir, NewConf, OldConf) ->
normalize_key_to_bin(OldConf)
).
try_clear_certs2(RltvDir, #{<<"connector">> := NewConnector}, #{<<"connector">> := OldConnector}) ->
NewSSL = maps:get(<<"ssl">>, NewConnector, undefined),
OldSSL = maps:get(<<"ssl">>, OldConnector, undefined),
try_clear_certs2(RltvDir, NewSSL, OldSSL);
try_clear_certs2(RltvDir, NewSSL, OldSSL) when is_map(NewSSL) andalso is_map(OldSSL) ->
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL);
try_clear_certs2(RltvDir, NewConf, OldConf) ->
?SLOG(debug, #{msg => "unexpected_conf", path => RltvDir, new => NewConf, OldConf => OldConf}),
ok.
NewSSL = try_map_get(<<"ssl">>, NewConf, undefined),
OldSSL = try_map_get(<<"ssl">>, OldConf, undefined),
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL).
new_ssl_config(RltvDir, Config, SSL) ->
case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
@ -98,5 +71,12 @@ new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) ->
new_ssl_config(Config, _NewSSL) ->
Config.
normalize_key_to_bin(Map) ->
normalize_key_to_bin(undefined) ->
undefined;
normalize_key_to_bin(Map) when is_map(Map) ->
emqx_map_lib:binary_key_map(Map).
try_map_get(_Key, undefined, Default) ->
Default;
try_map_get(Key, Map, Default) when is_map(Map) ->
maps:get(Key, Map, Default).