fix(connector): fix ssl clear

2022-11-30 14:02:27 +01:00 · 2022-11-30 14:02:27 +01:00 · 983e904858
parent cc9e5b1a56
commit 983e904858
3 changed files with 38 additions and 104 deletions
--- a/apps/emqx/src/emqx_map_lib.erl
+++ b/apps/emqx/src/emqx_map_lib.erl
@ -133,7 +133,7 @@ deep_merge(BaseMap, NewMap) ->
    ),
    maps:merge(MergedBase, maps:with(NewKeys, NewMap)).

-spec deep_convert(map(), convert_fun(), Args :: list()) -> map().
+-spec deep_convert(any(), convert_fun(), Args :: list()) -> any().
 deep_convert(Map, ConvFun, Args) when is_map(Map) ->
    maps:fold(
        fun(K, V, Acc) ->
--- a/apps/emqx_bridge/test/emqx_bridge_SUITE.erl
+++ b/apps/emqx_bridge/test/emqx_bridge_SUITE.erl
@ -44,6 +44,9 @@ init_per_testcase(t_get_basic_usage_info_1, Config) ->
    {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
    setup_fake_telemetry_data(),
    Config;
+init_per_testcase(t_update_ssl_conf, Config) ->
+    Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
+    [{config_path, Path} | Config];
 init_per_testcase(_TestCase, Config) ->
    {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
    Config.
@ -63,6 +66,9 @@ end_per_testcase(t_get_basic_usage_info_1, _Config) ->
    ok = emqx_config:put([bridges], #{}),
    ok = emqx_config:put_raw([bridges], #{}),
    ok;
+end_per_testcase(t_update_ssl_conf, Config) ->
+    Path = proplists:get_value(config_path, Config),
+    emqx:remove_config(Path);
 end_per_testcase(_TestCase, _Config) ->
    ok.

@ -149,11 +155,9 @@ setup_fake_telemetry_data() ->
    ok = snabbkaffe:stop(),
    ok.

-t_update_ssl_conf(_) ->
-    Path = [bridges, <<"mqtt">>, <<"ssl_update_test">>],
+t_update_ssl_conf(Config) ->
+    Path = proplists:get_value(config_path, Config),
    EnableSSLConf = #{
-        <<"connector">> =>
-            #{
        <<"bridge_mode">> => false,
        <<"clean_start">> => true,
        <<"keepalive">> => <<"60s">>,
@ -169,62 +173,12 @@ t_update_ssl_conf(_) ->
                <<"verify">> => <<"verify_peer">>
            }
    },
-        <<"direction">> => <<"ingress">>,
-        <<"local_qos">> => 1,
-        <<"payload">> => <<"${payload}">>,
-        <<"remote_qos">> => 1,
-        <<"remote_topic">> => <<"t/#">>,
-        <<"retain">> => false
-    },
-
-    emqx:update_config(Path, EnableSSLConf),
-    ?assertMatch({ok, [_, _, _]}, list_pem_dir(Path)),
-    NoSSLConf = #{
-        <<"connector">> =>
-            #{
-                <<"bridge_mode">> => false,
-                <<"clean_start">> => true,
-                <<"keepalive">> => <<"60s">>,
-                <<"max_inflight">> => 32,
-                <<"mode">> => <<"cluster_shareload">>,
-                <<"password">> => <<>>,
-                <<"proto_ver">> => <<"v4">>,
-                <<"reconnect_interval">> => <<"15s">>,
-                <<"replayq">> =>
-                    #{<<"offload">> => false, <<"seg_bytes">> => <<"100MB">>},
-                <<"retry_interval">> => <<"15s">>,
-                <<"server">> => <<"127.0.0.1:1883">>,
-                <<"ssl">> =>
-                    #{
-                        <<"ciphers">> => <<>>,
-                        <<"depth">> => 10,
-                        <<"enable">> => false,
-                        <<"reuse_sessions">> => true,
-                        <<"secure_renegotiate">> => true,
-                        <<"user_lookup_fun">> => <<"emqx_tls_psk:lookup">>,
-                        <<"verify">> => <<"verify_peer">>,
-                        <<"versions">> =>
-                            [
-                                <<"tlsv1.3">>,
-                                <<"tlsv1.2">>,
-                                <<"tlsv1.1">>,
-                                <<"tlsv1">>
-                            ]
-                    },
-                <<"username">> => <<>>
-            },
-        <<"direction">> => <<"ingress">>,
-        <<"enable">> => true,
-        <<"local_qos">> => 1,
-        <<"payload">> => <<"${payload}">>,
-        <<"remote_qos">> => 1,
-        <<"remote_topic">> => <<"t/#">>,
-        <<"retain">> => false
-    },
-
-    emqx:update_config(Path, NoSSLConf),
+    {ok, _} = emqx:update_config(Path, EnableSSLConf),
+    {ok, Certs} = list_pem_dir(Path),
+    ?assertMatch([_, _, _], Certs),
+    NoSSLConf = EnableSSLConf#{<<"ssl">> := #{<<"enable">> => false}},
+    {ok, _} = emqx:update_config(Path, NoSSLConf),
    ?assertMatch({error, not_dir}, list_pem_dir(Path)),
-    emqx:remove_config(Path),
    ok.

 list_pem_dir(Path) ->
--- a/apps/emqx_connector/src/emqx_connector_ssl.erl
+++ b/apps/emqx_connector/src/emqx_connector_ssl.erl
@ -24,20 +24,6 @@
    try_clear_certs/3
 ]).

-%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`.
-%% The `connector` config layer will be removed.
-%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
-convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when
-    is_map(Connector)
->
-    SSL = maps:get(<<"ssl">>, Connector, undefined),
-    new_ssl_config(RltvDir, Config, SSL);
-convert_certs(RltvDir, #{connector := Connector} = Config) when
-    is_map(Connector)
->
-    SSL = maps:get(ssl, Connector, undefined),
-    new_ssl_config(RltvDir, Config, SSL);
-%% for bridges without `connector` field. i.e. webhook
 convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
    new_ssl_config(RltvDir, Config, SSL);
 convert_certs(RltvDir, #{ssl := SSL} = Config) ->
@ -49,14 +35,6 @@ convert_certs(_RltvDir, Config) ->
 clear_certs(RltvDir, Config) ->
    clear_certs2(RltvDir, normalize_key_to_bin(Config)).

-clear_certs2(RltvDir, #{<<"connector">> := Connector} = _Config) when
-    is_map(Connector)
->
-    %% TODO remove the 'connector' clause after dev/ee5.0 is merged back to master
-    %% The `connector` config layer will be removed.
-    %% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
-    OldSSL = maps:get(<<"ssl">>, Connector, undefined),
-    ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
 clear_certs2(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
    ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
 clear_certs2(_RltvDir, _) ->
@ -69,15 +47,10 @@ try_clear_certs(RltvDir, NewConf, OldConf) ->
        normalize_key_to_bin(OldConf)
    ).

-try_clear_certs2(RltvDir, #{<<"connector">> := NewConnector}, #{<<"connector">> := OldConnector}) ->
-    NewSSL = maps:get(<<"ssl">>, NewConnector, undefined),
-    OldSSL = maps:get(<<"ssl">>, OldConnector, undefined),
-    try_clear_certs2(RltvDir, NewSSL, OldSSL);
-try_clear_certs2(RltvDir, NewSSL, OldSSL) when is_map(NewSSL) andalso is_map(OldSSL) ->
-    ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL);
 try_clear_certs2(RltvDir, NewConf, OldConf) ->
-    ?SLOG(debug, #{msg => "unexpected_conf", path => RltvDir, new => NewConf, OldConf => OldConf}),
-    ok.
+    NewSSL = try_map_get(<<"ssl">>, NewConf, undefined),
+    OldSSL = try_map_get(<<"ssl">>, OldConf, undefined),
+    ok = emqx_tls_lib:delete_ssl_files(RltvDir, NewSSL, OldSSL).

 new_ssl_config(RltvDir, Config, SSL) ->
    case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
@ -98,5 +71,12 @@ new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) ->
 new_ssl_config(Config, _NewSSL) ->
    Config.

-normalize_key_to_bin(Map) ->
+normalize_key_to_bin(undefined) ->
+    undefined;
+normalize_key_to_bin(Map) when is_map(Map) ->
    emqx_map_lib:binary_key_map(Map).
+
+try_map_get(_Key, undefined, Default) ->
+    Default;
+try_map_get(Key, Map, Default) when is_map(Map) ->
+    maps:get(Key, Map, Default).