fix(connector): fix ssl clear
This commit is contained in:
parent
cc9e5b1a56
commit
983e904858
|
@ -133,7 +133,7 @@ deep_merge(BaseMap, NewMap) ->
|
|||
),
|
||||
maps:merge(MergedBase, maps:with(NewKeys, NewMap)).
|
||||
|
||||
-spec deep_convert(map(), convert_fun(), Args :: list()) -> map().
|
||||
-spec deep_convert(any(), convert_fun(), Args :: list()) -> any().
|
||||
deep_convert(Map, ConvFun, Args) when is_map(Map) ->
|
||||
maps:fold(
|
||||
fun(K, V, Acc) ->
|
||||
|
|
|
@ -44,6 +44,9 @@ init_per_testcase(t_get_basic_usage_info_1, Config) ->
|
|||
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
||||
setup_fake_telemetry_data(),
|
||||
Config;
|
||||
init_per_testcase(t_update_ssl_conf, Config) ->
|
||||
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
|
||||
[{config_path, Path} | Config];
|
||||
init_per_testcase(_TestCase, Config) ->
|
||||
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
||||
Config.
|
||||
|
@ -63,6 +66,9 @@ end_per_testcase(t_get_basic_usage_info_1, _Config) ->
|
|||
ok = emqx_config:put([bridges], #{}),
|
||||
ok = emqx_config:put_raw([bridges], #{}),
|
||||
ok;
|
||||
end_per_testcase(t_update_ssl_conf, Config) ->
|
||||
Path = proplists:get_value(config_path, Config),
|
||||
emqx:remove_config(Path);
|
||||
end_per_testcase(_TestCase, _Config) ->
|
||||
ok.
|
||||
|
||||
|
@ -149,11 +155,9 @@ setup_fake_telemetry_data() ->
|
|||
ok = snabbkaffe:stop(),
|
||||
ok.
|
||||
|
||||
t_update_ssl_conf(_) ->
|
||||
Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
|
||||
t_update_ssl_conf(Config) ->
|
||||
Path = proplists:get_value(config_path, Config),
|
||||
EnableSSLConf = #{
|
||||
<<"connector">> =>
|
||||
#{
|
||||
<<"bridge_mode">> => false,
|
||||
<<"clean_start">> => true,
|
||||
<<"keepalive">> => <<"60s">>,
|
||||
|
@ -169,62 +173,12 @@ t_update_ssl_conf(_) ->
|
|||
<<"verify">> => <<"verify_peer">>
|
||||
}
|
||||
},
|
||||
<<"direction">> => <<"ingress">>,
|
||||
<<"local_qos">> => 1,
|
||||
<<"payload">> => <<"${payload}">>,
|
||||
<<"remote_qos">> => 1,
|
||||
<<"remote_topic">> => <<"t/#">>,
|
||||
<<"retain">> => false
|
||||
},
|
||||
|
||||
emqx:update_config(Path, EnableSSLConf),
|
||||
?assertMatch({ok, [_, _, _]}, list_pem_dir(Path)),
|
||||
NoSSLConf = #{
|
||||
<<"connector">> =>
|
||||
#{
|
||||
<<"bridge_mode">> => false,
|
||||
<<"clean_start">> => true,
|
||||
<<"keepalive">> => <<"60s">>,
|
||||
<<"max_inflight">> => 32,
|
||||
<<"mode">> => <<"cluster_shareload">>,
|
||||
<<"password">> => <<>>,
|
||||
<<"proto_ver">> => <<"v4">>,
|
||||
<<"reconnect_interval">> => <<"15s">>,
|
||||
<<"replayq">> =>
|
||||
#{<<"offload">> => false, <<"seg_bytes">> => <<"100MB">>},
|
||||
<<"retry_interval">> => <<"15s">>,
|
||||
<<"server">> => <<"127.0.0.1:1883">>,
|
||||
<<"ssl">> =>
|
||||
#{
|
||||
<<"ciphers">> => <<>>,
|
||||
<<"depth">> => 10,
|
||||
<<"enable">> => false,
|
||||
<<"reuse_sessions">> => true,
|
||||
<<"secure_renegotiate">> => true,
|
||||
<<"user_lookup_fun">> => <<"emqx_tls_psk:lookup">>,
|
||||
<<"verify">> => <<"verify_peer">>,
|
||||
<<"versions">> =>
|
||||
[
|
||||
<<"tlsv1.3">>,
|
||||
<<"tlsv1.2">>,
|
||||
<<"tlsv1.1">>,
|
||||
<<"tlsv1">>
|
||||
]
|
||||
},
|
||||
<<"username">> => <<>>
|
||||
},
|
||||
<<"direction">> => <<"ingress">>,
|
||||
<<"enable">> => true,
|
||||
<<"local_qos">> => 1,
|
||||
<<"payload">> => <<"${payload}">>,
|
||||
<<"remote_qos">> => 1,
|
||||
<<"remote_topic">> => <<"t/#">>,
|
||||
<<"retain">> => false
|
||||
},
|
||||
|
||||
emqx:update_config(Path, NoSSLConf),
|
||||
{ok, _} = emqx:update_config(Path, EnableSSLConf),
|
||||
{ok, Certs} = list_pem_dir(Path),
|
||||
?assertMatch([_, _, _], Certs),
|
||||
NoSSLConf = EnableSSLConf#{<<"ssl">> := #{<<"enable">> => false}},
|
||||
{ok, _} = emqx:update_config(Path, NoSSLConf),
|
||||
?assertMatch({error, not_dir}, list_pem_dir(Path)),
|
||||
emqx:remove_config(Path),
|
||||
ok.
|
||||
|
||||
list_pem_dir(Path) ->
|
||||
|
|
|
@ -24,20 +24,6 @@
|
|||
try_clear_certs/3
|
||||
]).
|
||||
|
||||
%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`.
|
||||
%% The `connector` config layer will be removed.
|
||||
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
|
||||
convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when
|
||||
is_map(Connector)
|
||||
->
|
||||
SSL = maps:get(<<"ssl">>, Connector, undefined),
|
||||
new_ssl_config(RltvDir, Config, SSL);
|
||||
convert_certs(RltvDir, #{connector := Connector} = Config) when
|
||||
is_map(Connector)
|
||||
->
|
||||
SSL = maps:get(ssl, Connector, undefined),
|
||||
new_ssl_config(RltvDir, Config, SSL);
|
||||
%% for bridges without `connector` field. i.e. webhook
|
||||
convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
|
||||
new_ssl_config(RltvDir, Config, SSL);
|
||||
convert_certs(RltvDir, #{ssl := SSL} = Config) ->
|
||||
|
@ -49,14 +35,6 @@ convert_certs(_RltvDir, Config) ->
|
|||
clear_certs(RltvDir, Config) ->
|
||||
clear_certs2(RltvDir, normalize_key_to_bin(Config)).
|
||||
|
||||
clear_certs2(RltvDir, #{<<"connector">> := Connector} = _Config) when
|
||||
is_map(Connector)
|
||||
->
|
||||
%% TODO remove the 'connector' clause after dev/ee5.0 is merged back to master
|
||||
%% The `connector` config layer will be removed.
|
||||
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
|
||||
OldSSL = maps:get(<<"ssl">>, Connector, undefined),
|
||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
||||
clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
|
||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
||||
clear_certs2(_RltvDir, _) ->
|
||||
|
@ -69,15 +47,10 @@ try_clear_certs(RltvDir, NewConf, OldConf) ->
|
|||
normalize_key_to_bin(OldConf)
|
||||
).
|
||||
|
||||
try_clear_certs2(RltvDir, #{<<"connector">> := NewConnector}, #{<<"connector">> := OldConnector}) ->
|
||||
NewSSL = maps:get(<<"ssl">>, NewConnector, undefined),
|
||||
OldSSL = maps:get(<<"ssl">>, OldConnector, undefined),
|
||||
try_clear_certs2(RltvDir, NewSSL, OldSSL);
|
||||
try_clear_certs2(RltvDir, NewSSL, OldSSL) when is_map(NewSSL) andalso is_map(OldSSL) ->
|
||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL);
|
||||
try_clear_certs2(RltvDir, NewConf, OldConf) ->
|
||||
?SLOG(debug, #{msg => "unexpected_conf", path => RltvDir, new => NewConf, OldConf => OldConf}),
|
||||
ok.
|
||||
NewSSL = try_map_get(<<"ssl">>, NewConf, undefined),
|
||||
OldSSL = try_map_get(<<"ssl">>, OldConf, undefined),
|
||||
ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL).
|
||||
|
||||
new_ssl_config(RltvDir, Config, SSL) ->
|
||||
case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
|
||||
|
@ -98,5 +71,12 @@ new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) ->
|
|||
new_ssl_config(Config, _NewSSL) ->
|
||||
Config.
|
||||
|
||||
normalize_key_to_bin(Map) ->
|
||||
normalize_key_to_bin(undefined) ->
|
||||
undefined;
|
||||
normalize_key_to_bin(Map) when is_map(Map) ->
|
||||
emqx_map_lib:binary_key_map(Map).
|
||||
|
||||
try_map_get(_Key, undefined, Default) ->
|
||||
Default;
|
||||
try_map_get(Key, Map, Default) when is_map(Map) ->
|
||||
maps:get(Key, Map, Default).
|
||||
|
|
Loading…
Reference in New Issue