yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7799 from HJianBo/exproto-save-ssl-files 

exproto save ssl files
This commit is contained in:
JianBo He 2022-04-29 10:34:41 +08:00 committed by GitHub
parent 635486bbaf ff31a5a6a4
commit 99452868ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 105 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/emqx_gateway/src/emqx_gateway_conf.erl
View File

@ -375,7 +375,8 @@ pre_config_update(_, {update_gateway, GwName, Conf}, RawConf) ->
undefined -> undefined ->
badres_gateway(not_found, GwName); badres_gateway(not_found, GwName);
_ -> _ ->
NConf = maps:without([<<"listeners">>, ?AUTHN_BIN], Conf), Conf1 = maps:without([<<"listeners">>, ?AUTHN_BIN], Conf),
NConf = tune_gw_certs(fun convert_certs/2, GwName, Conf1),
{ok, emqx_map_lib:deep_merge(RawConf, #{GwName => NConf})} {ok, emqx_map_lib:deep_merge(RawConf, #{GwName => NConf})}
end; end;
pre_config_update(_, {unload_gateway, GwName}, RawConf) -> pre_config_update(_, {unload_gateway, GwName}, RawConf) ->
@ -622,6 +623,13 @@ post_config_update(_, _Req, _NewConfig, _OldConfig, _AppEnvs) ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
tune_gw_certs(Fun, GwName, Conf) -> tune_gw_certs(Fun, GwName, Conf) ->
apply_to_gateway_basic_confs(
Fun,
GwName,
apply_to_listeners(Fun, GwName, Conf)
).
apply_to_listeners(Fun, GwName, Conf) ->
SubDir = certs_dir(GwName), SubDir = certs_dir(GwName),
case maps:get(<<"listeners">>, Conf, undefined) of case maps:get(<<"listeners">>, Conf, undefined) of
undefined -> undefined ->
@ -644,6 +652,15 @@ tune_gw_certs(Fun, GwName, Conf) ->
) )
end. end.
apply_to_gateway_basic_confs(Fun, <<"exproto">>, Conf) ->
SvrDir = filename:join(["exproto", "server"]),
HdrDir = filename:join(["exproto", "handler"]),
NServerConf = erlang:apply(Fun, [SvrDir, maps:get(<<"server">>, Conf, #{})]),
NHandlerConf = erlang:apply(Fun, [HdrDir, maps:get(<<"handler">>, Conf, #{})]),
maps:put(<<"handler">>, NHandlerConf, maps:put(<<"server">>, NServerConf, Conf));
apply_to_gateway_basic_confs(_Fun, _GwName, Conf) ->
Conf.
certs_dir(GwName) when is_binary(GwName) -> certs_dir(GwName) when is_binary(GwName) ->
GwName. GwName.

25
apps/emqx_gateway/src/emqx_gateway_schema.erl
View File

@ -103,6 +103,7 @@ fields(gateway) ->
fields(stomp) -> fields(stomp) ->
[ [
{frame, sc(ref(stomp_frame))}, {frame, sc(ref(stomp_frame))},
{mountpoint, mountpoint()},
{listeners, sc(ref(tcp_listeners), #{desc => ?DESC(tcp_listeners)})} {listeners, sc(ref(tcp_listeners), #{desc => ?DESC(tcp_listeners)})}
] ++ gateway_common_options(); ] ++ gateway_common_options();
fields(stomp_frame) -> fields(stomp_frame) ->
@ -177,6 +178,7 @@ fields(mqttsn) ->
desc => ?DESC(mqttsn_predefined) desc => ?DESC(mqttsn_predefined)
} }
)}, )},
{mountpoint, mountpoint()},
{listeners, sc(ref(udp_listeners), #{desc => ?DESC(udp_listeners)})} {listeners, sc(ref(udp_listeners), #{desc => ?DESC(udp_listeners)})}
] ++ gateway_common_options(); ] ++ gateway_common_options();
fields(mqttsn_predefined) -> fields(mqttsn_predefined) ->
@ -235,6 +237,7 @@ fields(coap) ->
desc => ?DESC(coap_publish_qos) desc => ?DESC(coap_publish_qos)
} }
)}, )},
{mountpoint, mountpoint()},
{listeners, {listeners,
sc( sc(
ref(udp_listeners), ref(udp_listeners),
@ -302,6 +305,7 @@ fields(lwm2m) ->
desc => ?DESC(lwm2m_translators) desc => ?DESC(lwm2m_translators)
} }
)}, )},
{mountpoint, mountpoint("lwm2m/${endpoint_name}/")},
{listeners, sc(ref(udp_listeners), #{desc => ?DESC(udp_listeners)})} {listeners, sc(ref(udp_listeners), #{desc => ?DESC(udp_listeners)})}
] ++ gateway_common_options(); ] ++ gateway_common_options();
fields(exproto) -> fields(exproto) ->
@ -322,6 +326,7 @@ fields(exproto) ->
desc => ?DESC(exproto_handler) desc => ?DESC(exproto_handler)
} }
)}, )},
{mountpoint, mountpoint()},
{listeners, sc(ref(tcp_udp_listeners), #{desc => ?DESC(tcp_udp_listeners)})} {listeners, sc(ref(tcp_udp_listeners), #{desc => ?DESC(tcp_udp_listeners)})}
] ++ gateway_common_options(); ] ++ gateway_common_options();
fields(exproto_grpc_server) -> fields(exproto_grpc_server) ->
@ -592,15 +597,6 @@ gateway_common_options() ->
desc => ?DESC(gateway_common_idle_timeout) desc => ?DESC(gateway_common_idle_timeout)
} }
)}, )},
{mountpoint,
sc(
binary(),
#{
default => <<>>,
%% TODO: variable support?
desc => ?DESC(gateway_common_mountpoint)
}
)},
{clientinfo_override, {clientinfo_override,
sc( sc(
ref(clientinfo_override), ref(clientinfo_override),
@ -609,6 +605,17 @@ gateway_common_options() ->
{?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_ATOM, authentication_schema()} {?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_ATOM, authentication_schema()}
]. ].
mountpoint() ->
mountpoint(<<>>).
mountpoint(Default) ->
sc(
binary(),
#{
default => Default,
desc => ?DESC(gateway_common_mountpoint)
}
).
common_listener_opts() -> common_listener_opts() ->
[ [
{enable, {enable,

2
apps/emqx_gateway/src/exproto/emqx_exproto_impl.erl
View File

@ -163,7 +163,7 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) ->
[ [
{ssl_options, {ssl_options,
maps:to_list( maps:to_list(
maps:without([enable], maps:get(ssl, Options, #{})) maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{}))
)} )}
] ]
end, end,

42
apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
View File

@ -25,7 +25,9 @@
assert_confs/2, assert_confs/2,
assert_feilds_apperence/2, assert_feilds_apperence/2,
request/2, request/2,
request/3 request/3,
ssl_server_opts/0,
ssl_client_opts/0
] ]
). ).
@ -198,6 +200,44 @@ t_gateway_exproto(_) ->
assert_confs(GwConf2, ConfResp2), assert_confs(GwConf2, ConfResp2),
{204, _} = request(delete, "/gateway/exproto"). {204, _} = request(delete, "/gateway/exproto").
t_gateway_exproto_with_ssl(_) ->
{200, Gw} = request(get, "/gateway/exproto"),
assert_gw_unloaded(Gw),
SslSvrOpts = ssl_server_opts(),
SslCliOpts = ssl_client_opts(),
%% post
GwConf = #{
name => <<"exproto">>,
server => #{
bind => <<"9100">>,
ssl => SslSvrOpts#{
enable => true
}
},
handler => #{
address => <<"http://127.0.0.1:9001">>,
ssl => SslCliOpts#{enable => true}
},
listeners => [
#{name => <<"def">>, type => <<"tcp">>, bind => <<"7993">>}
]
},
{201, _} = request(post, "/gateway", GwConf),
{200, ConfResp} = request(get, "/gateway/exproto"),
assert_confs(GwConf, ConfResp),
%% put
GwConf2 = emqx_map_lib:deep_merge(GwConf, #{
server => #{
bind => <<"9200">>,
ssl => SslCliOpts#{enable => true}
}
}),
{200, _} = request(put, "/gateway/exproto", maps:without([name, listeners], GwConf2)),
{200, ConfResp2} = request(get, "/gateway/exproto"),
assert_confs(GwConf2, ConfResp2),
{204, _} = request(delete, "/gateway/exproto").
t_authn(_) -> t_authn(_) ->
GwConf = #{name => <<"stomp">>}, GwConf = #{name => <<"stomp">>},
{201, _} = request(post, "/gateway", GwConf), {201, _} = request(post, "/gateway", GwConf),

29
apps/emqx_gateway/test/emqx_gateway_test_utils.erl
View File

@ -50,8 +50,11 @@ do_assert_confs(_Key, Expected, Effected) when
Ks1 Ks1
); );
do_assert_confs(Key, Expected, Effected) when do_assert_confs(Key, Expected, Effected) when
Key == cacertfile;
Key == <<"cacertfile">>; Key == <<"cacertfile">>;
Key == certfile;
Key == <<"certfile">>; Key == <<"certfile">>;
Key == keyfile;
Key == <<"keyfile">> Key == <<"keyfile">>
-> ->
case Expected == Effected of case Expected == Effected of
@ -118,6 +121,32 @@ request(put = Mth, Path, Body) ->
request(post = Mth, Path, Body) -> request(post = Mth, Path, Body) ->
do_request(Mth, req(Path, [], Body)). do_request(Mth, req(Path, [], Body)).
%%--------------------------------------------------------------------
%% default pems
ssl_server_opts() ->
#{
cacertfile => file_content(cert_path("cacert.pem")),
certfile => file_content(cert_path("cert.pem")),
keyfile => file_content(cert_path("key.pem"))
}.
ssl_client_opts() ->
#{
cacertfile => file_content(cert_path("cacert.pem")),
certfile => file_content(cert_path("client-cert.pem")),
keyfile => file_content(cert_path("client-key.pem"))
}.
cert_path(Name) ->
filename:join(["../../lib/emqx/etc/certs/", Name]).
file_content(Filename) ->
case file:read_file(Filename) of
{ok, Bin} -> Bin;
Err -> error(Err)
end.
do_request(Mth, Req) -> do_request(Mth, Req) ->
case httpc:request(Mth, Req, [], [{body_format, binary}]) of case httpc:request(Mth, Req, [], [{body_format, binary}]) of
{ok, {{_Vsn, Code, _Text}, _, Resp}} -> {ok, {{_Vsn, Code, _Text}, _, Resp}} ->

2
git-blame-ignore-revs
View File

@ -27,8 +27,6 @@ bf54f571fb8b27e76ada4ca75137d96ce4211d60
628f0bf57909f26208d45a02e33a7fbae8443249 628f0bf57909f26208d45a02e33a7fbae8443249
# reformat apps/emqx_slow_subs # reformat apps/emqx_slow_subs
83511f8a4c1570a2c89d9c6c5b6f462520199ed8 83511f8a4c1570a2c89d9c6c5b6f462520199ed8
# reformat apps/emqx_psk
b168102615e574df15ec6a91304747b4637a9171
# reformat apps/emqx_machine|emqx_plugin_libs|emqx_statsd # reformat apps/emqx_machine|emqx_plugin_libs|emqx_statsd
b4451823350ec46126c49ca915b4b169dd4cf49e b4451823350ec46126c49ca915b4b169dd4cf49e
# reformat apps/emqx_auto_subscribe and apps/emqx_conf # reformat apps/emqx_auto_subscribe and apps/emqx_conf