chore(CI): add ssl user for mysql

.ci/docker-compose-file/docker-compose-ldap-tcp.yaml

@@ -13,6 +13,4 @@ services:
       - 389:389
     restart: always
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.10
-        ipv6_address: 2001:3200:3200::10
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-mongo-tcp.yaml

@@ -8,9 +8,7 @@ services:
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.11
-        ipv6_address: 2001:3200:3200::11
+      - emqx_bridge
     command:
       --ipv6
       --bind_ip_all

.ci/docker-compose-file/docker-compose-mongo-tls.yaml

@@ -10,9 +10,7 @@ services:
     volumes:
         - ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.11
-        ipv6_address: 2001:3200:3200::11
+      - emqx_bridge
     command:
       --ipv6
       --bind_ip_all

.ci/docker-compose-file/docker-compose-mysql-tcp.yaml

@@ -9,9 +9,7 @@ services:
       MYSQL_ROOT_PASSWORD: public
       MYSQL_DATABASE: mqtt
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.12
-        ipv6_address: 2001:3200:3200::12
+      - emqx_bridge
     command:
       --bind-address "::"
       --character-set-server=utf8mb4

.ci/docker-compose-file/docker-compose-mysql-tls.yaml

@@ -8,14 +8,14 @@ services:
     environment:
       MYSQL_ROOT_PASSWORD: public
       MYSQL_DATABASE: mqtt
+      MYSQL_USER: ssluser
+      MYSQL_PASSWORD: public
     volumes:
       - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem
       - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem
       - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.12
-        ipv6_address: 2001:3200:3200::12
+      - emqx_bridge
     command:
       --bind-address "::"
       --character-set-server=utf8mb4
@@ -27,3 +27,19 @@ services:
       --ssl-ca=/etc/certs/ca-cert.pem
       --ssl-cert=/etc/certs/server-cert.pem
       --ssl-key=/etc/certs/server-key.pem
+
+  mysql_client:
+    container_name: mysql_client
+    image: mysql:${MYSQL_TAG}
+    networks:
+      - emqx_bridge
+    depends_on:
+      - mysql_server
+    command:
+      - /bin/bash
+      - -c
+      - |
+        service mysql start
+        echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt
+        while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done
+        echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt

.ci/docker-compose-file/docker-compose-pgsql-tcp.yaml

@@ -12,6 +12,4 @@ services:
     ports:
       - "5432:5432"
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.13
-        ipv6_address: 2001:3200:3200::13
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-pgsql-tls.yaml

@@ -29,6 +29,4 @@ services:
       - -c
       - hba_file=/var/lib/postgresql/pg_hba.conf
     networks:
-      emqx_bridge:
-        ipv4_address: 172.100.239.13
-        ipv6_address: 2001:3200:3200::13
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-cluster-tcp.yaml

@@ -8,7 +8,4 @@ services:
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node cluster && tail -f /var/log/redis-server.log"
     networks:
-      emqx_bridge:
-        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
-        ipv4_address: 172.100.239.14
-        ipv6_address: 2001:3200:3200::14
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml

@@ -9,7 +9,4 @@ services:
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node cluster --tls-enabled && tail -f /var/log/redis-server.log"
     networks:
-      emqx_bridge:
-        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
-        ipv4_address: 172.100.239.14
-        ipv6_address: 2001:3200:3200::14
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-sentinel-tcp.yaml

@@ -8,7 +8,4 @@ services:
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel && tail -f /var/log/redis-server.log"
     networks:
-      emqx_bridge:
-        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
-        ipv4_address: 172.100.239.14
-        ipv6_address: 2001:3200:3200::14
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-single-tcp.yaml

@@ -9,7 +9,4 @@ services:
         - "--bind 0.0.0.0 ::"
     restart: always
     networks:
-      emqx_bridge:
-        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
-        ipv4_address: 172.100.239.14
-        ipv6_address: 2001:3200:3200::14
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-single-tls.yaml

@@ -15,7 +15,4 @@ services:
       - --tls-ca-cert-file /tls/ca.crt
     restart: always
     networks:
-      emqx_bridge:
-        # Assign a public address. Erlang container cannot find cluster nodes by network-scoped alias (redis_cluster).
-        ipv4_address: 172.100.239.14
-        ipv6_address: 2001:3200:3200::14
+      - emqx_bridge

.github/workflows/run_cts_tests.yaml

@@ -146,17 +146,25 @@ jobs:
     steps:
       - uses: actions/checkout@v1
       - name: docker-compose up
+        timeout-minutes: 5
         run: |
           docker-compose \
             -f .ci/docker-compose-file/docker-compose-mysql-${{ matrix.connect_type }}.yaml \
             -f .ci/docker-compose-file/docker-compose.yaml \
             up -d --build
+          while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
+                 != $(docker ps -a --filter name=client | wc -l) ]; do
+              sleep 5
+          done
       - name: setup
         env:
           MYSQL_TAG: ${{ matrix.mysql_tag }}
         if: matrix.connect_type == 'tls'
         run: |
           cat <<-EOF >> "$GITHUB_ENV"
+            EMQX_AUTH__MYSQL__USERNAME=ssluser
+            EMQX_AUTH__MYSQL__PASSWORD=public
+            EMQX_AUTH__MYSQL__DATABASE=mqtt
             EMQX_AUTH__MYSQL__SSL=on
             EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
             EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
@@ -169,7 +177,12 @@ jobs:
           MYSQL_TAG: ${{ matrix.mysql_tag }}
         if: matrix.connect_type == 'tcp'
         run: |
-          echo EMQX_AUTH__MYSQL__SSL=off >> "$GITHUB_ENV"
+          cat <<-EOF >> "$GITHUB_ENV"
+            EMQX_AUTH__MYSQL__USERNAME=root
+            EMQX_AUTH__MYSQL__PASSWORD=public
+            EMQX_AUTH__MYSQL__DATABASE=mqtt
+            EMQX_AUTH__MYSQL__SSL=off
+          EOF
       - name: setup
         if: matrix.network_type == 'ipv4'
         run: |
@@ -185,10 +198,7 @@ jobs:
           fi
       - name: run test cases
         run: |
-          export EMQX_AUTH__MYSQL__USERNAME=root \
-                 EMQX_AUTH__MYSQL__PASSWORD=public \
-                 EMQX_AUTH__MYSQL__DATABASE=mqtt \
-                 CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
+          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --dir apps/emqx_auth_mysql"