fix(sso): Correctly handle wrapped passwords when updating

apps/emqx/rebar.config

@@ -30,7 +30,7 @@
     {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.9.9"}}},
     {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.17.0"}}},
     {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "3.3.0"}}},
-    {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.2"}}},
+    {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.3"}}},
     {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.5.3"}}},
     {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {tag, "2.0.4"}}},
     {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}},

apps/emqx/src/emqx_config.erl

@@ -135,7 +135,8 @@
     %%   save the updated config to the emqx_override.conf file
     %%   defaults to `true`
     persistent => boolean(),
-    override_to => local | cluster
+    override_to => local | cluster,
+    lazy_evaluator => fun((function()) -> term())
 }.
 -type update_args() :: {update_cmd(), Opts :: update_opts()}.
 -type update_stage() :: pre_config_update | post_config_update.
@@ -616,14 +617,14 @@ save_to_override_conf(true, RawConf, Opts) ->
         undefined ->
             ok;
         FileName ->
-            backup_and_write(FileName, hocon_pp:do(RawConf, #{}))
+            backup_and_write(FileName, hocon_pp:do(RawConf, Opts))
     end;
-save_to_override_conf(false, RawConf, _Opts) ->
+save_to_override_conf(false, RawConf, Opts) ->
     case cluster_hocon_file() of
         undefined ->
             ok;
         FileName ->
-            backup_and_write(FileName, hocon_pp:do(RawConf, #{}))
+            backup_and_write(FileName, hocon_pp:do(RawConf, Opts))
     end.
 
 %% @private This is the same human-readable timestamp format as

apps/emqx/src/emqx_schema_secret.erl

@@ -23,7 +23,7 @@
 -export([mk/1]).
 
 %% HOCON Schema API
--export([convert_secret/2]).
+-export([convert_secret/2, source/1]).
 
 %% @doc Secret value.
 -type t() :: binary().

apps/emqx_dashboard_sso/src/emqx_dashboard_sso_manager.erl

@@ -208,7 +208,13 @@ start_backend_services() ->
 update_config(Backend, UpdateReq) ->
     %% we always make sure the valid configuration will update successfully,
     %% ignore the runtime error during its update
-    case emqx_conf:update(?MOD_KEY_PATH(Backend), UpdateReq, #{override_to => cluster}) of
+    case
+        emqx_conf:update(
+            ?MOD_KEY_PATH(Backend),
+            UpdateReq,
+            #{override_to => cluster, lazy_evaluator => fun emqx_schema_secret:source/1}
+        )
+    of
         {ok, _UpdateResult} ->
             case lookup(Backend) of
                 undefined ->

mix.exs

@@ -72,7 +72,7 @@ defmodule EMQXUmbrella.MixProject do
       # in conflict by emqtt and hocon
       {:getopt, "1.0.2", override: true},
       {:snabbkaffe, github: "kafka4beam/snabbkaffe", tag: "1.0.8", override: true},
-      {:hocon, github: "emqx/hocon", tag: "0.40.2", override: true},
+      {:hocon, github: "emqx/hocon", tag: "0.40.3", override: true},
       {:emqx_http_lib, github: "emqx/emqx_http_lib", tag: "0.5.3", override: true},
       {:esasl, github: "emqx/esasl", tag: "0.2.0"},
       {:jose, github: "potatosalad/erlang-jose", tag: "1.11.2"},

rebar.config

@@ -84,7 +84,7 @@
     , {system_monitor, {git, "https://github.com/ieQu1/system_monitor", {tag, "3.0.3"}}}
     , {getopt, "1.0.2"}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "1.0.8"}}}
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.2"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.3"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.5.3"}}}
     , {esasl, {git, "https://github.com/emqx/esasl", {tag, "0.2.0"}}}
     , {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.2"}}}