-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5885 from savonarola/fix-acl-schema
fix(mnesia_acl): introduce optimized schema and migration process
- Loading branch information
Showing
20 changed files
with
1,105 additions
and
277 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
|
||
set -xe | ||
|
||
cd "$EMQX_PATH" | ||
|
||
rm -rf _build _upgrade_base | ||
|
||
mkdir _upgrade_base | ||
pushd _upgrade_base | ||
wget "https://s3-us-west-2.amazonaws.com/packages.emqx/emqx-ce/v${EMQX_BASE}/emqx-ubuntu20.04-${EMQX_BASE}-amd64.zip" | ||
popd | ||
|
||
make emqx-zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
set -xe | ||
|
||
mkdir -p "$TEST_PATH" | ||
cd "$TEST_PATH" | ||
|
||
cp ../"$EMQX_PATH"/_upgrade_base/*.zip ./ | ||
unzip ./*.zip | ||
|
||
cp ../"$EMQX_PATH"/_packages/emqx/*.zip ./emqx/releases/ | ||
|
||
git clone --depth 1 https://github.com/terry-xiaoyu/one_more_emqx.git | ||
|
||
./one_more_emqx/one_more_emqx.sh emqx2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/bash | ||
|
||
set -xe | ||
|
||
export EMQX_PATH="$1" | ||
export EMQX_BASE="$2" | ||
|
||
export TEST_PATH="emqx_test" | ||
|
||
./build.sh | ||
|
||
VERSION=$("$EMQX_PATH"/pkg-vsn.sh) | ||
export VERSION | ||
|
||
./prepare.sh | ||
|
||
./test.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
EMQX_ENDPOINT="http://localhost:8081/api/v4/acl" | ||
EMQX2_ENDPOINT="http://localhost:8917/api/v4/acl" | ||
|
||
function run() { | ||
emqx="$1" | ||
shift | ||
|
||
echo "[$emqx]" "$@" | ||
|
||
pushd "$TEST_PATH/$emqx" | ||
"$@" | ||
popd | ||
} | ||
|
||
function post_rule() { | ||
endpoint="$1" | ||
rule="$2" | ||
echo -n "->($endpoint) " | ||
curl -s -u admin:public -X POST "$endpoint" -d "$rule" | ||
echo | ||
} | ||
|
||
function verify_clientid_rule() { | ||
endpoint="$1" | ||
id="$2" | ||
echo -n "<-($endpoint) " | ||
curl -s -u admin:public "$endpoint/clientid/$id" | grep "$id" || (echo "verify rule for client $id failed" && return 1) | ||
} | ||
|
||
# Run nodes | ||
|
||
run emqx ./bin/emqx start | ||
run emqx2 ./bin/emqx start | ||
|
||
run emqx ./bin/emqx_ctl plugins load emqx_auth_mnesia | ||
run emqx2 ./bin/emqx_ctl plugins load emqx_auth_mnesia | ||
|
||
run emqx2 ./bin/emqx_ctl cluster join 'emqx@127.0.0.1' | ||
|
||
# Add ACL rule to unupgraded EMQX nodes | ||
|
||
post_rule "$EMQX_ENDPOINT" '{"clientid": "CLIENT1_A","topic": "t", "action": "pub", "access": "allow"}' | ||
post_rule "$EMQX2_ENDPOINT" '{"clientid": "CLIENT1_B","topic": "t", "action": "pub", "access": "allow"}' | ||
|
||
# Upgrade emqx2 node | ||
|
||
run emqx2 ./bin/emqx install "$VERSION" | ||
sleep 60 | ||
|
||
# Verify upgrade blocked | ||
|
||
run emqx2 ./bin/emqx eval 'emqx_acl_mnesia_migrator:is_old_table_migrated().' | grep false || (echo "emqx2 shouldn't have migrated" && exit 1) | ||
|
||
# Verify old rules on both nodes | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT1_A' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT1_A' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT1_B' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT1_B' | ||
|
||
# Add ACL on OLD and NEW node, verify on all nodes | ||
|
||
post_rule "$EMQX_ENDPOINT" '{"clientid": "CLIENT2_A","topic": "t", "action": "pub", "access": "allow"}' | ||
post_rule "$EMQX2_ENDPOINT" '{"clientid": "CLIENT2_B","topic": "t", "action": "pub", "access": "allow"}' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT2_A' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT2_A' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT2_B' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT2_B' | ||
|
||
# Upgrade emqx node | ||
|
||
run emqx ./bin/emqx install "$VERSION" | ||
|
||
# Wait for upgrade | ||
|
||
sleep 60 | ||
|
||
# Verify if upgrade occured | ||
|
||
run emqx ./bin/emqx eval 'emqx_acl_mnesia_migrator:is_old_table_migrated().' | grep true || (echo "emqx should have migrated" && exit 1) | ||
run emqx2 ./bin/emqx eval 'emqx_acl_mnesia_migrator:is_old_table_migrated().' | grep true || (echo "emqx2 should have migrated" && exit 1) | ||
|
||
# Verify rules are kept | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT1_A' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT1_A' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT1_B' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT1_B' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT2_A' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT2_A' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT2_B' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT2_B' | ||
|
||
# Add ACL on OLD and NEW node, verify on all nodes | ||
|
||
post_rule "$EMQX_ENDPOINT" '{"clientid": "CLIENT3_A","topic": "t", "action": "pub", "access": "allow"}' | ||
post_rule "$EMQX2_ENDPOINT" '{"clientid": "CLIENT3_B","topic": "t", "action": "pub", "access": "allow"}' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT3_A' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT3_A' | ||
|
||
verify_clientid_rule "$EMQX_ENDPOINT" 'CLIENT3_B' | ||
verify_clientid_rule "$EMQX2_ENDPOINT" 'CLIENT3_B' | ||
|
||
# Stop nodes | ||
|
||
run emqx ./bin/emqx stop | ||
run emqx2 ./bin/emqx stop | ||
|
||
echo "Success!" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
name: ACL fix & migration integration tests | ||
|
||
on: workflow_dispatch | ||
|
||
jobs: | ||
test: | ||
runs-on: ubuntu-20.04 | ||
container: emqx/build-env:erl23.2.7.2-emqx-2-ubuntu20.04 | ||
strategy: | ||
fail-fast: true | ||
env: | ||
BASE_VERSION: "4.3.0" | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: | ||
path: emqx | ||
- name: Prepare scripts | ||
run: | | ||
cp ./emqx/.ci/acl_migration_test/*.sh ./ | ||
- name: Run tests | ||
run: | | ||
./suite.sh emqx "$BASE_VERSION" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.