yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: bad listeners default ssl_options

This commit is contained in:
Zhongwen Deng 2023-05-11 16:24:01 +08:00
parent d3a7d6d9d8
commit d9f9e951ec
2 changed files with 90 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/emqx/src/emqx_schema.erl
View File

@ -2200,7 +2200,7 @@ common_ssl_opts_schema(Defaults) ->
sc(
binary(),
#{
default => D("cacertfile"),
default => cert_file("cacert.pem"),
required => false,
desc => ?DESC(common_ssl_opts_schema_cacertfile)
}
@ -2209,7 +2209,7 @@ common_ssl_opts_schema(Defaults) ->
sc(
binary(),
#{
default => D("certfile"),
default => cert_file("cert.pem"),
required => false,
desc => ?DESC(common_ssl_opts_schema_certfile)
}
@ -2218,7 +2218,7 @@ common_ssl_opts_schema(Defaults) ->
sc(
binary(),
#{
default => D("keyfile"),
default => cert_file("key.pem"),
required => false,
desc => ?DESC(common_ssl_opts_schema_keyfile)
}
@ -3251,13 +3251,10 @@ default_listener(ws) ->
};
default_listener(SSLListener) ->
%% The env variable is resolved in emqx_tls_lib by calling naive_env_interpolate
CertFile = fun(Name) ->
iolist_to_binary("${EMQX_ETC_DIR}/" ++ filename:join(["certs", Name]))
end,
SslOptions = #{
<<"cacertfile">> => CertFile(<<"cacert.pem">>),
<<"certfile">> => CertFile(<<"cert.pem">>),
<<"keyfile">> => CertFile(<<"key.pem">>)
<<"cacertfile">> => cert_file(<<"cacert.pem">>),
<<"certfile">> => cert_file(<<"cert.pem">>),
<<"keyfile">> => cert_file(<<"key.pem">>)
},
case SSLListener of
ssl ->
@ -3374,3 +3371,6 @@ ensure_default_listener(#{<<"default">> := _} = Map, _ListenerType) ->
ensure_default_listener(Map, ListenerType) ->
NewMap = Map#{<<"default">> => default_listener(ListenerType)},
keep_default_tombstone(NewMap, #{}).
cert_file(File) ->
iolist_to_binary(filename:join(["${EMQX_ETC_DIR}", "certs", File])).

81
apps/emqx_conf/test/emqx_conf_schema_tests.erl
View File

@ -116,6 +116,87 @@ authn_validations_test() ->
),
ok.
%% erlfmt-ignore
-define(LISTENERS,
"""
listeners.ssl.default.bind = 9999
listeners.wss.default.bind = 9998
listeners.wss.default.ssl_options.cacertfile = \"mytest/certs/cacert.pem\"
listeners.wss.new.bind = 9997
listeners.wss.new.websocket.mqtt_path = \"/my-mqtt\"
"""
).
listeners_test() ->
BaseConf = to_bin(?BASE_CONF, ["emqx1@127.0.0.1", "emqx1@127.0.0.1"]),
Conf = <<BaseConf/binary, ?LISTENERS>>,
{ok, ConfMap0} = hocon:binary(Conf, #{format => richmap}),
{_, ConfMap} = hocon_tconf:map_translate(emqx_conf_schema, ConfMap0, #{format => richmap}),
#{<<"listeners">> := Listeners} = hocon_util:richmap_to_map(ConfMap),
#{
<<"tcp">> := #{<<"default">> := Tcp},
<<"ws">> := #{<<"default">> := Ws},
<<"wss">> := #{<<"default">> := DefaultWss, <<"new">> := NewWss},
<<"ssl">> := #{<<"default">> := Ssl}
} = Listeners,
DefaultCacertFile = <<"${EMQX_ETC_DIR}/certs/cacert.pem">>,
DefaultCertFile = <<"${EMQX_ETC_DIR}/certs/cert.pem">>,
DefaultKeyFile = <<"${EMQX_ETC_DIR}/certs/key.pem">>,
?assertMatch(
#{
<<"bind">> := {{0, 0, 0, 0}, 1883},
<<"enabled">> := true
},
Tcp
),
?assertMatch(
#{
<<"bind">> := {{0, 0, 0, 0}, 8083},
<<"enabled">> := true,
<<"websocket">> := #{<<"mqtt_path">> := "/mqtt"}
},
Ws
),
?assertMatch(
#{
<<"bind">> := 9999,
<<"ssl_options">> := #{
<<"cacertfile">> := DefaultCacertFile,
<<"certfile">> := DefaultCertFile,
<<"keyfile">> := DefaultKeyFile
}
},
Ssl
),
?assertMatch(
#{
<<"bind">> := 9998,
<<"websocket">> := #{<<"mqtt_path">> := "/mqtt"},
<<"ssl_options">> :=
#{
<<"cacertfile">> := <<"mytest/certs/cacert.pem">>,
<<"certfile">> := DefaultCertFile,
<<"keyfile">> := DefaultKeyFile
}
},
DefaultWss
),
?assertMatch(
#{
<<"bind">> := 9997,
<<"websocket">> := #{<<"mqtt_path">> := "/my-mqtt"},
<<"ssl_options">> :=
#{
<<"cacertfile">> := DefaultCacertFile,
<<"certfile">> := DefaultCertFile,
<<"keyfile">> := DefaultKeyFile
}
},
NewWss
),
ok.
doc_gen_test() ->
%% the json file too large to encode.
{