feat: add ssl support and test

Author: savonarola

docker-compose.yml

@@ -1,27 +1,30 @@
 services:
-  # emqx:
-  #   image: emqx/emqx-enterprise:5.8.4
-  #   container_name: emqx
-  #   environment:
-  #     EMQX_LOG__CONSOLE__LEVEL: debug
-  #     EMQX_API_KEY__BOOTSTRAP_FILE: "/opt/emqx-bootstrap/api-keys.txt"
-  #   ports:
-  #     - "1883:1883"
-  #     - "18083:18083"
-  #   networks:
-  #     - emqx_network
-  #   healthcheck:
-  #     test: ["CMD", "/opt/emqx/bin/emqx", "ctl", "status"]
-  #     interval: 5s
-  #     timeout: 25s
-  #     retries: 5
-  #   volumes:
-  #     - ./test/assets/api-keys.txt:/opt/emqx-bootstrap/api-keys.txt
-  #   depends_on:
-  #     mysql:
-  #       condition: service_healthy
-  #     redis:
-  #       condition: service_healthy
+  emqx:
+    image: emqx/emqx-enterprise:5.8.4
+    container_name: emqx
+    environment:
+      EMQX_LOG__CONSOLE__LEVEL: debug
+      EMQX_API_KEY__BOOTSTRAP_FILE: "/opt/emqx-bootstrap/api-keys.txt"
+    ports:
+      - "1883:1883"
+      - "18083:18083"
+    networks:
+      - emqx_network
+    healthcheck:
+      test: ["CMD", "/opt/emqx/bin/emqx", "ctl", "status"]
+      interval: 5s
+      timeout: 25s
+      retries: 5
+    volumes:
+      - ./test/assets/certs:/certs:ro
+      - ./test/assets/api-keys.txt:/opt/emqx-bootstrap/api-keys.txt:ro
+    depends_on:
+      mysql:
+        condition: service_healthy
+      mysql-ssl:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
 
   mysql:
     image: mysql:8.0

priv/config_i18n.json

@@ -111,6 +111,48 @@
         "en": "MySQL SSL Enable",
         "zh": "MySQL SSL 启用"
     },
+    "$mysql_ssl_server_name_indication_label": {
+        "en": "MySQL SSL Server Name Indication",
+        "zh": "MySQL SSL 服务器名称指示"
+    },
+    "$mysql_ssl_server_name_indication_desc": {
+        "en": "MySQL SSL Server Name Indication",
+        "zh": "MySQL SSL 服务器名称指示"
+    },
+    "$mysql_ssl_verify_label": {
+        "en": "MySQL SSL Verify",
+        "zh": "MySQL SSL 验证"
+    },
+    "$mysql_ssl_verify_desc": {
+        "en": "MySQL SSL Verify",
+        "zh": "MySQL SSL 验证"
+    },
+    "$mysql_ssl_cacertfile_label": {
+        "en": "MySQL SSL CA Cert File",
+        "zh": "MySQL SSL CA 证书文件"
+    },
+    "$mysql_ssl_cacertfile_desc": {
+        "en": "MySQL SSL CA Cert File",
+        "zh": "MySQL SSL CA 证书文件"
+    },
+    "$mysql_ssl_certfile_label": {
+        "en": "MySQL SSL Cert File",
+        "zh": "MySQL SSL 证书文件"
+    },
+    "$mysql_ssl_certfile_desc": {
+        "en": "MySQL SSL Cert File",
+        "zh": "MySQL SSL 证书文件"
+    },
+    "$mysql_ssl_keyfile_label": {
+        "en": "MySQL SSL Key File",
+        "zh": "MySQL SSL 密钥文件"
+    },
+    "$mysql_ssl_keyfile_desc": {
+        "en": "MySQL SSL Key File",
+        "zh": "MySQL SSL 密钥文件"
+    },
+
+
     "$enable_redis_label": {
         "en": "Enable Redis",
         "zh": "启用 Redis"

priv/config_schema.avsc

@@ -78,7 +78,6 @@
             "name": "server",
             "type": "string",
             "default": "127.0.0.1:3306",
-            "required": true,
             "$ui": {
               "component": "input",
               "required": true,
@@ -134,7 +133,6 @@
             "name": "batch_size",
             "type": "int",
             "default": 0,
-            "required": true,
             "$ui": {
               "component": "input-number",
               "required": true,
@@ -146,7 +144,6 @@
             "name": "batch_time",
             "type": "int",
             "default": 100,
-            "required": true,
             "$ui": {
               "component": "input-number",
               "required": true,
@@ -170,11 +167,75 @@
                     "label": "$mysql_ssl_enable_label",
                     "description": "$mysql_ssl_enable_desc"
                   }
+                },
+                {
+                  "name": "server_name_indication",
+                  "type": "string",
+                  "default": "disable",
+                  "$ui": {
+                    "component": "input",
+                    "required": false,
+                    "label": "$mysql_ssl_server_name_indication_label",
+                    "description": "$mysql_ssl_server_name_indication_desc"
+                  }
+                },
+                {
+                  "name": "cacertfile",
+                  "type": "string",
+                  "default": "",
+                  "$ui": {
+                    "component": "input",
+                    "required": false,
+                    "label": "$mysql_ssl_cacertfile_label",
+                    "description": "$mysql_ssl_cacertfile_desc"
+                  }
+                },
+                {
+                  "name": "certfile",
+                  "type": "string",
+                  "default": "",
+                  "$ui": {
+                    "component": "input",
+                    "required": false,
+                    "label": "$mysql_ssl_certfile_label",
+                    "description": "$mysql_ssl_certfile_desc"
+                  }
+                },
+                {
+                  "name": "keyfile",
+                  "type": "string",
+                  "default": "",
+                  "$ui": {
+                    "component": "input",
+                    "required": false,
+                    "label": "$mysql_ssl_keyfile_label",
+                    "description": "$mysql_ssl_keyfile_desc"
+                  }
+                },
+                {
+                  "name": "verify",
+                  "type": "string",
+                  "default": "verify_none",
+                  "$ui": {
+                    "component": "select",
+                    "required": false,
+                    "label": "$mysql_ssl_verify_label",
+                    "description": "$mysql_ssl_verify_desc",
+                    "options": [
+                      {
+                        "label": "verify_none",
+                        "value": "verify_none"
+                      },
+                      {
+                        "label": "verify_peer",
+                        "value": "verify_peer"
+                      }
+                    ]
+                  }
                 }
               ]
             }
           }
-
         ]
       }
     },

src/emqx_omp_mysql.erl

@@ -22,6 +22,7 @@
 
 -define(RESOURCE_ID, <<"omp_mysql">>).
 -define(RESOURCE_GROUP, <<"omp">>).
+-define(TIMEOUT, 1000).
 
 -type statement() :: emqx_template_sql:statement().
 -type param_template() :: emqx_template_sql:row_template().
@@ -89,7 +90,7 @@ on_client_connected(
     }),
     Params = render_row(ParamTemplate, #{clientid => ClientId}),
     _ =
-        case emqx_resource:simple_sync_query(?RESOURCE_ID, {sql, Sql, Params}) of
+        case sync_query(Sql, Params) of
             {ok, Columns, Rows} ->
                 Subscriptions = to_subscriptions(Columns, Rows),
                 ok = induce_subscriptions(Subscriptions),
@@ -117,24 +118,29 @@ on_session_subscribed(
     ok = insert_subscription(ClientId, Topic, SubOpts, Context),
     ok = fetch_and_deliver_messages(ClientId, Topic, Context).
 
-insert_subscription(ClientId, Topic, SubOpts, #{insert_subscription_sql := {Sql, ParamTemplate}} = _Context) ->
+insert_subscription(
+    ClientId, Topic, SubOpts, #{insert_subscription_sql := {Sql, ParamTemplate}} = _Context
+) ->
     Qos = maps:get(qos, SubOpts, 0),
     Params = render_row(ParamTemplate, #{clientid => ClientId, topic => Topic, qos => Qos}),
-    _ = case emqx_resource:simple_sync_query(?RESOURCE_ID, {sql, Sql, Params}) of
-        ok ->
-            ok;
-        {error, Reason} ->
-            ?SLOG(error, #{
-                msg => "omp_mysql_insert_subscription_error",
-                reason => Reason
-            })
+    _ =
+        case sync_query(Sql, Params) of
+            ok ->
+                ok;
+            {error, Reason} ->
+                ?SLOG(error, #{
+                    msg => "omp_mysql_insert_subscription_error",
+                    reason => Reason
+                })
         end,
     ok.
 
-fetch_and_deliver_messages(ClientId, Topic, #{select_message_sql := {Sql, ParamTemplate}} = _Context) ->
+fetch_and_deliver_messages(
+    ClientId, Topic, #{select_message_sql := {Sql, ParamTemplate}} = _Context
+) ->
     Params = render_row(ParamTemplate, #{clientid => ClientId, topic => Topic}),
     _ =
-        case emqx_resource:simple_sync_query(?RESOURCE_ID, {sql, Sql, Params}) of
+        case sync_query(Sql, Params) of
             {ok, Columns, Rows} ->
                 Messages = to_messages(Columns, Rows),
                 ok = deliver_messages(Topic, Messages),
@@ -280,8 +286,11 @@ message_to_map(Message) ->
 
 %% Subscription helpers
 
-induce_subscriptions([]) -> ok;
-induce_subscriptions(Subscriptions) -> erlang:send(self(), {subscribe, Subscriptions}).
+induce_subscriptions([]) ->
+    ok;
+induce_subscriptions(Subscriptions) ->
+    erlang:send(self(), {subscribe, Subscriptions}),
+    ok.
 
 to_subscriptions(Columns, Rows) ->
     lists:flatmap(fun(Row) -> record_to_subscription(lists:zip(Columns, Row)) end, Rows).
@@ -357,7 +366,7 @@ render_row(RowTemplate, Map) ->
     Row.
 
 make_mysql_resource_config(#{<<"insert_message_sql">> := InsertMessageStatement} = RawConfig0) ->
-    RawMysqlConfig = maps:with(
+    RawMysqlConfig0 = maps:with(
         [
             <<"server">>,
             <<"database">>,
@@ -368,6 +377,8 @@ make_mysql_resource_config(#{<<"insert_message_sql">> := InsertMessageStatement}
         ],
         RawConfig0
     ),
+    SslConfig = make_ssl_config(RawMysqlConfig0),
+    RawMysqlConfig = RawMysqlConfig0#{<<"ssl">> => SslConfig},
 
     MysqlConfig0 =
         case
@@ -397,6 +408,22 @@ make_mysql_resource_config(#{<<"insert_message_sql">> := InsertMessageStatement}
 
     {MysqlConfig, ResourceOpts}.
 
+make_ssl_config(#{<<"ssl">> := SslConfig}) ->
+    maps:filter(
+        fun
+            (_K, <<>>) ->
+                false;
+            (_K, _V) ->
+                true
+        end,
+        SslConfig
+    );
+make_ssl_config(_) ->
+    #{<<"enable">> => false}.
+
+sync_query(Sql, Params) ->
+    emqx_resource:simple_sync_query(?RESOURCE_ID, {sql, Sql, Params, ?TIMEOUT}).
+
 %% Hook helpers
 
 unhook() ->

test/emqx_omp_SUITE.erl

@@ -31,8 +31,10 @@ groups() ->
     [
         {mysql, [], [{group, buffered}, {group, unbuffered}]},
         {redis, [], [{group, buffered}, {group, unbuffered}]},
-        {buffered, [], All},
-        {unbuffered, [], All}
+        {buffered, [], [{group, tcp}, {group, ssl}]},
+        {unbuffered, [], [{group, tcp}, {group, ssl}]},
+        {tcp, [], All},
+        {ssl, [], All}
     ].
 
 init_per_suite(Config) ->
@@ -50,7 +52,7 @@ init_per_suite(Config) ->
     [{plugin_id, PluginId}, {plugin_filename, Filename}, {plugin_config, PluginConfig} | Config].
 
 end_per_suite(_Config) ->
-    % ok = emqx_omp_test_api_helpers:delete_all_plugins(),
+    ok = emqx_omp_test_api_helpers:delete_all_plugins(),
     ok = emqx_omp_test_helpers:stop(),
     ok.
 
@@ -65,7 +67,17 @@ init_per_group(buffered, Config) ->
 init_per_group(unbuffered, Config) ->
     PluginConfig0 = ?config(plugin_config, Config),
     PluginConfig = emqx_utils_maps:deep_put([mysql, batch_size], PluginConfig0, 0),
-    ?set_config(plugin_config, PluginConfig, Config).
+    ?set_config(plugin_config, PluginConfig, Config);
+init_per_group(tcp, Config) ->
+    PluginConfig0 = ?config(plugin_config, Config),
+    PluginConfig1 = emqx_utils_maps:deep_put([mysql, ssl, enable], PluginConfig0, false),
+    PluginConfig2 = emqx_utils_maps:deep_put([mysql, server], PluginConfig1, <<"mysql:3306">>),
+    ?set_config(plugin_config, PluginConfig2, Config);
+init_per_group(ssl, Config) ->
+    PluginConfig0 = ?config(plugin_config, Config),
+    PluginConfig1 = emqx_utils_maps:deep_put([mysql, ssl, enable], PluginConfig0, true),
+    PluginConfig2 = emqx_utils_maps:deep_put([mysql, server], PluginConfig1, <<"mysql-ssl:3306">>),
+    ?set_config(plugin_config, PluginConfig2, Config).
 
 end_per_group(_Group, _Config) ->
     ok.
@@ -185,13 +197,18 @@ plugin_config() ->
         },
         mysql => #{
             ssl => #{
-                enable => false
+                enable => false,
+                server_name_indication => <<"mysql-server">>,
+                verify => <<"verify_peer">>,
+                cacertfile => <<"/certs/ca.crt">>,
+                certfile => <<"/certs/mysql-client.crt">>,
+                keyfile => <<"/certs/mysql-client.key">>
             },
             password => <<"public">>,
             username => <<"emqx">>,
             pool_size => 8,
             database => <<"emqx">>,
-            server => <<"localhost:3306">>,
+            server => <<"invalid-host:3306">>,
             select_message_sql => <<"select * from mqtt_msg where topic = ${topic}">>,
             delete_message_sql => <<"delete from mqtt_msg where msgid = ${id}">>,
             insert_message_sql => <<