feat(gw-exproto): save ssl files for server&handler option

2022-04-27 16:13:51 +08:00 · 2022-04-27 16:13:51 +08:00 · ff31a5a6a4
parent 4c8016e76d
commit ff31a5a6a4
4 changed files with 89 additions and 3 deletions
--- a/apps/emqx_gateway/src/emqx_gateway_conf.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_conf.erl
@ -375,7 +375,8 @@ pre_config_update(_, {update_gateway, GwName, Conf}, RawConf) ->
        undefined ->
            badres_gateway(not_found, GwName);
        _ ->
-            NConf = maps:without([<<"listeners">>, ?AUTHN_BIN], Conf),
+            Conf1 = maps:without([<<"listeners">>, ?AUTHN_BIN], Conf),
+            NConf = tune_gw_certs(fun convert_certs/2, GwName, Conf1),
            {ok, emqx_map_lib:deep_merge(RawConf, #{GwName => NConf})}
    end;
 pre_config_update(_, {unload_gateway, GwName}, RawConf) ->
@ -622,6 +623,13 @@ post_config_update(_, _Req, _NewConfig, _OldConfig, _AppEnvs) ->
 %%--------------------------------------------------------------------

 tune_gw_certs(Fun, GwName, Conf) ->
+    apply_to_gateway_basic_confs(
+        Fun,
+        GwName,
+        apply_to_listeners(Fun, GwName, Conf)
+    ).
+
+apply_to_listeners(Fun, GwName, Conf) ->
    SubDir = certs_dir(GwName),
    case maps:get(<<"listeners">>, Conf, undefined) of
        undefined ->
@ -644,6 +652,15 @@ tune_gw_certs(Fun, GwName, Conf) ->
            )
    end.

+apply_to_gateway_basic_confs(Fun, <<"exproto">>, Conf) ->
+    SvrDir = filename:join(["exproto", "server"]),
+    HdrDir = filename:join(["exproto", "handler"]),
+    NServerConf = erlang:apply(Fun, [SvrDir, maps:get(<<"server">>, Conf, #{})]),
+    NHandlerConf = erlang:apply(Fun, [HdrDir, maps:get(<<"handler">>, Conf, #{})]),
+    maps:put(<<"handler">>, NHandlerConf, maps:put(<<"server">>, NServerConf, Conf));
+apply_to_gateway_basic_confs(_Fun, _GwName, Conf) ->
+    Conf.
+
 certs_dir(GwName) when is_binary(GwName) ->
    GwName.

--- a/apps/emqx_gateway/src/exproto/emqx_exproto_impl.erl
+++ b/apps/emqx_gateway/src/exproto/emqx_exproto_impl.erl
@ -163,7 +163,7 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) ->
                [
                    {ssl_options,
                        maps:to_list(
-                            maps:without([enable], maps:get(ssl, Options, #{}))
+                            maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{}))
                        )}
                ]
        end,
--- a/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
+++ b/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
@ -25,7 +25,9 @@
        assert_confs/2,
        assert_feilds_apperence/2,
        request/2,
-        request/3
+        request/3,
+        ssl_server_opts/0,
+        ssl_client_opts/0
    ]
 ).

@ -198,6 +200,44 @@ t_gateway_exproto(_) ->
    assert_confs(GwConf2, ConfResp2),
    {204, _} = request(delete, "/gateway/exproto").

+t_gateway_exproto_with_ssl(_) ->
+    {200, Gw} = request(get, "/gateway/exproto"),
+    assert_gw_unloaded(Gw),
+
+    SslSvrOpts = ssl_server_opts(),
+    SslCliOpts = ssl_client_opts(),
+    %% post
+    GwConf = #{
+        name => <<"exproto">>,
+        server => #{
+            bind => <<"9100">>,
+            ssl => SslSvrOpts#{
+                enable => true
+            }
+        },
+        handler => #{
+            address => <<"http://127.0.0.1:9001">>,
+            ssl => SslCliOpts#{enable => true}
+        },
+        listeners => [
+            #{name => <<"def">>, type => <<"tcp">>, bind => <<"7993">>}
+        ]
+    },
+    {201, _} = request(post, "/gateway", GwConf),
+    {200, ConfResp} = request(get, "/gateway/exproto"),
+    assert_confs(GwConf, ConfResp),
+    %% put
+    GwConf2 = emqx_map_lib:deep_merge(GwConf, #{
+        server => #{
+            bind => <<"9200">>,
+            ssl => SslCliOpts#{enable => true}
+        }
+    }),
+    {200, _} = request(put, "/gateway/exproto", maps:without([name, listeners], GwConf2)),
+    {200, ConfResp2} = request(get, "/gateway/exproto"),
+    assert_confs(GwConf2, ConfResp2),
+    {204, _} = request(delete, "/gateway/exproto").
+
 t_authn(_) ->
    GwConf = #{name => <<"stomp">>},
    {201, _} = request(post, "/gateway", GwConf),
--- a/apps/emqx_gateway/test/emqx_gateway_test_utils.erl
+++ b/apps/emqx_gateway/test/emqx_gateway_test_utils.erl
@ -50,8 +50,11 @@ do_assert_confs(_Key, Expected, Effected) when
        Ks1
    );
 do_assert_confs(Key, Expected, Effected) when
+    Key == cacertfile;
    Key == <<"cacertfile">>;
+    Key == certfile;
    Key == <<"certfile">>;
+    Key == keyfile;
    Key == <<"keyfile">>
 ->
    case Expected == Effected of
@ -118,6 +121,32 @@ request(put = Mth, Path, Body) ->
 request(post = Mth, Path, Body) ->
    do_request(Mth, req(Path, [], Body)).

+%%--------------------------------------------------------------------
+%% default pems
+
+ssl_server_opts() ->
+    #{
+        cacertfile => file_content(cert_path("cacert.pem")),
+        certfile => file_content(cert_path("cert.pem")),
+        keyfile => file_content(cert_path("key.pem"))
+    }.
+
+ssl_client_opts() ->
+    #{
+        cacertfile => file_content(cert_path("cacert.pem")),
+        certfile => file_content(cert_path("client-cert.pem")),
+        keyfile => file_content(cert_path("client-key.pem"))
+    }.
+
+cert_path(Name) ->
+    filename:join(["../../lib/emqx/etc/certs/", Name]).
+
+file_content(Filename) ->
+    case file:read_file(Filename) of
+        {ok, Bin} -> Bin;
+        Err -> error(Err)
+    end.
+
 do_request(Mth, Req) ->
    case httpc:request(Mth, Req, [], [{body_format, binary}]) of
        {ok, {{_Vsn, Code, _Text}, _, Resp}} ->