From fd0a211629ea831b9837a8f8de068c105477e02a Mon Sep 17 00:00:00 2001 From: Rory Z Date: Mon, 5 Jul 2021 16:10:41 +0800 Subject: [PATCH] chore(authz): mongo connector support ssl --- .../docker-compose-mongo-tls.yaml | 15 ++++-- apps/emqx_authz/src/emqx_authz_schema.erl | 1 + .../src/emqx_connector_mongo.erl | 47 +++++++++---------- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/.ci/docker-compose-file/docker-compose-mongo-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-tls.yaml index a09bc803d..c4f162783 100644 --- a/.ci/docker-compose-file/docker-compose-mongo-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mongo-tls.yaml @@ -8,11 +8,16 @@ services: environment: MONGO_INITDB_DATABASE: mqtt volumes: - - ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem + - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem + - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem networks: - emqx_bridge + ports: + - "27017:27017" command: - --ipv6 - --bind_ip_all - --sslMode requireSSL - --sslPEMKeyFile /etc/certs/mongodb.pem + - /bin/bash + - -c + - | + cat /etc/certs/key.pem /etc/certs/cert.pem > /etc/certs/mongodb.pem + mongod --ipv6 --bind_ip_all --sslMode requireSSL --sslPEMKeyFile /etc/certs/mongodb.pem + diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index 5c82d460e..0b6a1d107 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -90,6 +90,7 @@ rules() -> [ hoconsc:ref(?MODULE, simple_rule) , hoconsc:ref(?MODULE, sql_connector) , hoconsc:ref(?MODULE, redis_connector) + , hoconsc:ref(?MODULE, mongo_connector) ]) }. diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl index dda192252..25d9f36df 100644 --- a/apps/emqx_connector/src/emqx_connector_mongo.erl +++ b/apps/emqx_connector/src/emqx_connector_mongo.erl @@ -36,10 +36,28 @@ structs() -> [""]. fields("") -> - mongodb_fields() ++ - mongodb_topology_fields() ++ + [ {mongo_type, fun mongo_type/1} + , {servers, fun servers/1} + , {pool_size, fun emqx_connector_schema_lib:pool_size/1} + , {login, fun emqx_connector_schema_lib:username/1} + , {password, fun emqx_connector_schema_lib:password/1} + , {auth_source, fun auth_source/1} + , {database, fun emqx_connector_schema_lib:database/1} + ] ++ % mongodb_rs_set_name_fields() ++ - emqx_connector_schema_lib:ssl_fields(). + emqx_connector_schema_lib:ssl_fields(); +fields(topology) -> + [ {max_overflow, fun emqx_connector_schema_lib:pool_size/1} + , {overflow_ttl, fun duration/1} + , {overflow_check_period, fun duration/1} + , {local_threshold_ms, fun duration/1} + , {connect_timeout_ms, fun duration/1} + , {socket_timeout_ms, fun duration/1} + , {server_selection_timeout_ms, fun duration/1} + , {wait_queue_timeout_ms, fun duration/1} + , {heartbeat_frequency_ms, fun duration/1} + , {min_heartbeat_frequency_ms, fun duration/1} + ]. on_jsonify(Config) -> Config. @@ -178,29 +196,6 @@ host_port(HostPort) -> [{host, Host1}] end. -mongodb_fields() -> - [ {mongo_type, fun mongo_type/1} - , {servers, fun servers/1} - , {pool_size, fun emqx_connector_schema_lib:pool_size/1} - , {login, fun emqx_connector_schema_lib:username/1} - , {password, fun emqx_connector_schema_lib:password/1} - , {auth_source, fun auth_source/1} - , {database, fun emqx_connector_schema_lib:database/1} - ]. - -mongodb_topology_fields() -> - [ {max_overflow, fun emqx_connector_schema_lib:pool_size/1} - , {overflow_ttl, fun duration/1} - , {overflow_check_period, fun duration/1} - , {local_threshold_ms, fun duration/1} - , {connect_timeout_ms, fun duration/1} - , {socket_timeout_ms, fun duration/1} - , {server_selection_timeout_ms, fun duration/1} - , {wait_queue_timeout_ms, fun duration/1} - , {heartbeat_frequency_ms, fun duration/1} - , {min_heartbeat_frequency_ms, fun duration/1} - ]. - % mongodb_rs_set_name_fields() -> % [ {rs_set_name, fun emqx_connector_schema_lib:database/1} % ].