feat(clickhouse): accept wrapped secrets as passwords

apps/emqx_bridge_clickhouse/src/emqx_bridge_clickhouse.app.src

@@ -1,6 +1,6 @@
 {application, emqx_bridge_clickhouse, [
     {description, "EMQX Enterprise ClickHouse Bridge"},
-    {vsn, "0.2.3"},
+    {vsn, "0.2.4"},
     {registered, []},
     {applications, [
         kernel,

apps/emqx_bridge_clickhouse/src/emqx_bridge_clickhouse_connector.erl

@@ -145,7 +145,7 @@ on_start(
     Options = [
         {url, URL},
         {user, maps:get(username, Config, "default")},
-        {key, emqx_secret:wrap(maps:get(password, Config, "public"))},
+        {key, maps:get(password, Config, emqx_secret:wrap("public"))},
         {database, DB},
         {auto_reconnect, ?AUTO_RECONNECT_INTERVAL},
         {pool_size, PoolSize},
@@ -243,6 +243,7 @@ connect(Options) ->
     URL = iolist_to_binary(emqx_http_lib:normalize(proplists:get_value(url, Options))),
     User = proplists:get_value(user, Options),
     Database = proplists:get_value(database, Options),
+    %% TODO: teach `clickhouse` to accept 0-arity closures as passwords.
     Key = emqx_secret:unwrap(proplists:get_value(key, Options)),
     Pool = proplists:get_value(pool, Options),
     PoolSize = proplists:get_value(pool_size, Options),

apps/emqx_bridge_clickhouse/test/emqx_bridge_clickhouse_connector_SUITE.erl

@@ -10,10 +10,12 @@
 -include("emqx_connector.hrl").
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("stdlib/include/assert.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 -define(APP, emqx_bridge_clickhouse).
 -define(CLICKHOUSE_HOST, "clickhouse").
 -define(CLICKHOUSE_RESOURCE_MOD, emqx_bridge_clickhouse_connector).
+-define(CLICKHOUSE_PASSWORD, "public").
 
 %% This test SUITE requires a running clickhouse instance. If you don't want to
 %% bring up the whole CI infrastuctucture with the `scripts/ct/run.sh` script
@@ -57,7 +59,7 @@ init_per_suite(Config) ->
                 clickhouse:start_link([
                     {url, clickhouse_url()},
                     {user, <<"default">>},
-                    {key, "public"},
+                    {key, ?CLICKHOUSE_PASSWORD},
                     {pool, tmp_pool}
                 ]),
             {ok, _, _} = clickhouse:query(Conn, <<"CREATE DATABASE IF NOT EXISTS mqtt">>, #{}),
@@ -92,6 +94,31 @@ t_lifecycle(_Config) ->
         clickhouse_config()
     ).
 
+t_start_passfile(Config) ->
+    ResourceID = atom_to_binary(?FUNCTION_NAME),
+    PasswordFilename = filename:join(?config(priv_dir, Config), "passfile"),
+    ok = file:write_file(PasswordFilename, <<?CLICKHOUSE_PASSWORD>>),
+    InitialConfig = clickhouse_config(#{
+        password => iolist_to_binary(["file://", PasswordFilename])
+    }),
+    {ok, #{config := ResourceConfig}} =
+        emqx_resource:check_config(?CLICKHOUSE_RESOURCE_MOD, InitialConfig),
+    ?assertMatch(
+        {ok, #{status := connected}},
+        emqx_resource:create_local(
+            ResourceID,
+            ?CONNECTOR_RESOURCE_GROUP,
+            ?CLICKHOUSE_RESOURCE_MOD,
+            ResourceConfig,
+            #{}
+        )
+    ),
+    ?assertEqual(
+        ok,
+        emqx_resource:remove_local(ResourceID)
+    ),
+    ok.
+
 show(X) ->
     erlang:display(X),
     X.
@@ -168,12 +195,15 @@ perform_lifecycle_check(ResourceID, InitialConfig) ->
 % %%------------------------------------------------------------------------------
 
 clickhouse_config() ->
+    clickhouse_config(#{}).
+
+clickhouse_config(Overrides) ->
     Config =
         #{
             auto_reconnect => true,
             database => <<"mqtt">>,
             username => <<"default">>,
-            password => <<"public">>,
+            password => <<?CLICKHOUSE_PASSWORD>>,
             pool_size => 8,
             url => iolist_to_binary(
                 io_lib:format(
@@ -186,7 +216,7 @@ clickhouse_config() ->
             ),
             connect_timeout => <<"10s">>
         },
-    #{<<"config">> => Config}.
+    #{<<"config">> => maps:merge(Config, Overrides)}.
 
 test_query_no_params() ->
     {query, <<"SELECT 1">>}.