diff --git a/deps/rabbit/priv/schema/rabbit.schema b/deps/rabbit/priv/schema/rabbit.schema index c893ac560eed..e82dcd455596 100644 --- a/deps/rabbit/priv/schema/rabbit.schema +++ b/deps/rabbit/priv/schema/rabbit.schema @@ -2661,218 +2661,6 @@ fun(Conf) -> list_to_binary(cuttlefish:conf_get("amqp1_0.default_vhost", Conf)) end}. -%% ---------------------------------------------------------------------------- -%% AMQP client 1.0 TLS options -%% ---------------------------------------------------------------------------- - -{mapping, "amqp10_client.ssl_options", "amqp10_client.ssl_options", [ - {datatype, {enum, [none]}} -]}. - -{translation, "amqp10_client.ssl_options", -fun(Conf) -> - case cuttlefish:conf_get("amqp10_client.ssl_options", Conf, undefined) of - none -> []; - _ -> cuttlefish:invalid("Invalid amqp10_client.ssl_options") - end -end}. - -{mapping, "amqp10_client.ssl_options.verify", "amqp10_client.ssl_options.verify", [ - {datatype, {enum, [verify_peer, verify_none]}}]}. - -{mapping, "amqp10_client.ssl_options.cacertfile", "amqp10_client.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp10_client.ssl_options.certfile", "amqp10_client.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp10_client.ssl_options.cacerts.$name", "amqp10_client.ssl_options.cacerts", - [{datatype, string}]}. - -{translation, "amqp10_client.ssl_options.cacerts", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.cacerts", Conf), - [ list_to_binary(V) || {_, V} <- Settings ] -end}. - -{mapping, "amqp10_client.ssl_options.cert", "amqp10_client.ssl_options.cert", - [{datatype, string}]}. - -{translation, "amqp10_client.ssl_options.cert", -fun(Conf) -> - list_to_binary(cuttlefish:conf_get("amqp10_client.ssl_options.cert", Conf)) -end}. - -{mapping, "amqp10_client.ssl_options.crl_check", "amqp10_client.ssl_options.crl_check", - [{datatype, [{enum, [true, false, peer, best_effort]}]}]}. - -{mapping, "amqp10_client.ssl_options.depth", "amqp10_client.ssl_options.depth", - [{datatype, integer}, {validators, ["byte"]}]}. - -{mapping, "amqp10_client.ssl_options.key.RSAPrivateKey", "amqp10_client.ssl_options.key", - [{datatype, string}]}. - -{mapping, "amqp10_client.ssl_options.key.DSAPrivateKey", "amqp10_client.ssl_options.key", - [{datatype, string}]}. - -{mapping, "amqp10_client.ssl_options.key.PrivateKeyInfo", "amqp10_client.ssl_options.key", - [{datatype, string}]}. - -{translation, "amqp10_client.ssl_options.key", -fun(Conf) -> - case cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.key", Conf) of - [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)}; - _ -> undefined - end -end}. - -{mapping, "amqp10_client.ssl_options.keyfile", "amqp10_client.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp10_client.ssl_options.log_alert", "amqp10_client.ssl_options.log_alert", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp10_client.ssl_options.password", "amqp10_client.ssl_options.password", - [{datatype, string}]}. - -{mapping, "amqp10_client.ssl_options.psk_identity", "amqp10_client.ssl_options.psk_identity", - [{datatype, string}]}. - -{mapping, "amqp10_client.ssl_options.reuse_sessions", "amqp10_client.ssl_options.reuse_sessions", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp10_client.ssl_options.secure_renegotiate", "amqp10_client.ssl_options.secure_renegotiate", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp10_client.ssl_options.versions.$version", "amqp10_client.ssl_options.versions", - [{datatype, atom}]}. - -{translation, "amqp10_client.ssl_options.versions", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.versions", Conf), - [ V || {_, V} <- Settings ] -end}. - -{mapping, "amqp10_client.ssl_options.sni", "amqp10_client.ssl_options.server_name_indication", - [{datatype, [{enum, [none]}, string]}]}. - -{translation, "amqp10_client.ssl_options.server_name_indication", -fun(Conf) -> - case cuttlefish:conf_get("amqp10_client.ssl_options.sni", Conf, undefined) of - undefined -> cuttlefish:unset(); - none -> cuttlefish:unset(); - Hostname -> Hostname - end -end}. - - -% =============================== -% AMQP 0.9.1 -% =============================== - -%% ---------------------------------------------------------------------------- -%% AMQP client 0.9.1 TLS options -%% ---------------------------------------------------------------------------- - -{mapping, "amqp_client.ssl_options", "amqp_client.ssl_options", [ - {datatype, {enum, [none]}} -]}. - -{translation, "amqp_client.ssl_options", -fun(Conf) -> - case cuttlefish:conf_get("amqp_client.ssl_options", Conf, undefined) of - none -> []; - _ -> cuttlefish:invalid("Invalid amqp_client.ssl_options") - end -end}. - -{mapping, "amqp_client.ssl_options.verify", "amqp_client.ssl_options.verify", [ - {datatype, {enum, [verify_peer, verify_none]}}]}. - -{mapping, "amqp_client.ssl_options.cacertfile", "amqp_client.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp_client.ssl_options.certfile", "amqp_client.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp_client.ssl_options.cacerts.$name", "amqp_client.ssl_options.cacerts", - [{datatype, string}]}. - -{translation, "amqp_client.ssl_options.cacerts", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.cacerts", Conf), - [ list_to_binary(V) || {_, V} <- Settings ] -end}. - -{mapping, "amqp_client.ssl_options.cert", "amqp_client.ssl_options.cert", - [{datatype, string}]}. - -{translation, "amqp_client.ssl_options.cert", -fun(Conf) -> - list_to_binary(cuttlefish:conf_get("amqp_client.ssl_options.cert", Conf)) -end}. - -{mapping, "amqp_client.ssl_options.crl_check", "amqp_client.ssl_options.crl_check", - [{datatype, [{enum, [true, false, peer, best_effort]}]}]}. - -{mapping, "amqp_client.ssl_options.depth", "amqp_client.ssl_options.depth", - [{datatype, integer}, {validators, ["byte"]}]}. - -{mapping, "amqp_client.ssl_options.key.RSAPrivateKey", "amqp_client.ssl_options.key", - [{datatype, string}]}. - -{mapping, "amqp_client.ssl_options.key.DSAPrivateKey", "amqp_client.ssl_options.key", - [{datatype, string}]}. - -{mapping, "amqp_client.ssl_options.key.PrivateKeyInfo", "amqp_client.ssl_options.key", - [{datatype, string}]}. - -{translation, "amqp_client.ssl_options.key", -fun(Conf) -> - case cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.key", Conf) of - [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)}; - _ -> undefined - end -end}. - -{mapping, "amqp_client.ssl_options.keyfile", "amqp_client.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "amqp_client.ssl_options.log_alert", "amqp_client.ssl_options.log_alert", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp_client.ssl_options.password", "amqp_client.ssl_options.password", - [{datatype, string}]}. - -{mapping, "amqp_client.ssl_options.psk_identity", "amqp_client.ssl_options.psk_identity", - [{datatype, string}]}. - -{mapping, "amqp_client.ssl_options.reuse_sessions", "amqp_client.ssl_options.reuse_sessions", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp_client.ssl_options.secure_renegotiate", "amqp_client.ssl_options.secure_renegotiate", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "amqp_client.ssl_options.versions.$version", "amqp_client.ssl_options.versions", - [{datatype, atom}]}. - -{translation, "amqp_client.ssl_options.versions", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.versions", Conf), - [ V || {_, V} <- Settings ] -end}. - -{mapping, "amqp_client.ssl_options.sni", "amqp_client.ssl_options.server_name_indication", - [{datatype, [{enum, [none]}, string]}]}. - -{translation, "amqp_client.ssl_options.server_name_indication", -fun(Conf) -> - case cuttlefish:conf_get("amqp_client.ssl_options.sni", Conf, undefined) of - undefined -> cuttlefish:unset(); - none -> cuttlefish:unset(); - Hostname -> Hostname - end -end}. % =============================== % Validators diff --git a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets index 945a354555f7..424bdaf97d44 100644 --- a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets +++ b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets @@ -251,7 +251,7 @@ cluster_formation.classic_config.nodes.peer2 = rabbit@hostname2", [{peer_discovery_backend,rabbit_peer_discovery_classic_config}]}, {cluster_nodes,{[rabbit@hostname2,rabbit@hostname1],disc}}]}], []}, - + {cluster_formation_module_dns_alias, "cluster_formation.peer_discovery_backend = dns cluster_formation.dns.hostname = discovery.eng.example.local", @@ -264,7 +264,7 @@ cluster_formation.dns.hostname = discovery.eng.example.local", ]}]} ]}], []}, - + {cluster_formation_disk, "cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config cluster_formation.classic_config.nodes.peer1 = rabbit@hostname1 @@ -698,17 +698,17 @@ tcp_listen_options.exit_on_close = false", {fail_if_no_peer_cert, false}, {honor_ecc_order, true}]}]}], []}, - + {ssl_cert_login_from_cn, "ssl_cert_login_from = common_name", [{rabbit,[{ssl_cert_login_from, common_name}]}], []}, - + {ssl_cert_login_from_dn, "ssl_cert_login_from = distinguished_name", [{rabbit,[{ssl_cert_login_from, distinguished_name}]}], []}, - + {ssl_cert_login_from_san_dns, "ssl_cert_login_from = subject_alternative_name ssl_cert_login_san_type = dns @@ -719,7 +719,7 @@ tcp_listen_options.exit_on_close = false", {ssl_cert_login_san_index, 0} ]}], []}, - + {ssl_options_bypass_pem_cache, "ssl_options.bypass_pem_cache = true", @@ -1057,220 +1057,6 @@ credential_validator.regexp = ^abc\\d+", {incoming_message_interceptors, [{set_header_routing_node, false}, {set_header_timestamp, false}]} ]}], - []}, - - %% - %% AMQP TLS options - %% - - {amqp_client_ssl_options, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.verify = verify_peer", - [{amqp_client, - [ - {ssl_options, - [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile, "test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile, "test/config_schema_SUITE_data/certs/key.pem"}, - {verify, verify_peer}]} - ]}], - [amqp_client]}, - {amqp_client_ssl_options_verify_peer, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.verify = verify_peer", - [{amqp_client, - [ - {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {verify,verify_peer}]}]}], - []}, - {amqp_client_ssl_options_password, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.password = t0p$3kRe7", - [{amqp_client, - [ - {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {password,"t0p$3kRe7"}]}]}], - []}, - {amqp_client_ssl_options_tls_versions, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp_client.ssl_options.versions.tls1_1 = tlsv1.1", - [], - [{amqp_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}]} - ]}], - []}, - {amqp_client_ssl_options_depth, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.depth = 2 - amqp_client.ssl_options.verify = verify_peer", - [{amqp_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {depth,2}, - {verify,verify_peer}]}]}], - []}, - {amqp_client_ssl_options_sni_disabled, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp_client.ssl_options.versions.tls1_1 = tlsv1.1 - amqp_client.ssl_options.sni = none", - [], - [{amqp_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}] - }] - }], - []}, - {amqp_client_ssl_options_sni_hostname, - "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp_client.ssl_options.versions.tls1_1 = tlsv1.1 - amqp_client.ssl_options.sni = hostname.dev", - [], - [{amqp_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}, - {server_name_indication, "hostname.dev"} - ]} - ]}], - []}, - - {amqp10_client_ssl_options, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.verify = verify_peer", - [{amqp10_client, - [ - {ssl_options, - [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile, "test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile, "test/config_schema_SUITE_data/certs/key.pem"}, - {verify, verify_peer}]} - ]}], - [amqp10_client]}, - {amqp10_client_ssl_options_verify_peer, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.verify = verify_peer", - [{amqp10_client, - [ - {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {verify,verify_peer}]}]}], - []}, - {amqp10_client_ssl_options_password, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.password = t0p$3kRe7", - [{amqp10_client, - [ - {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {password,"t0p$3kRe7"}]}]}], - []}, - {amqp10_client_ssl_options_tls_versions, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1", - [], - [{amqp10_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}]} - ]}], - []}, - {amqp10_client_ssl_options_depth, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.depth = 2 - amqp10_client.ssl_options.verify = verify_peer", - [{amqp10_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {depth,2}, - {verify,verify_peer}]}]}], - []}, - {amqp10_client_ssl_options_sni_disabled, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1 - amqp10_client.ssl_options.sni = none", - [], - [{amqp10_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}] - }] - }], - []}, - {amqp10_client_ssl_options_sni_hostname, - "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem - amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2 - amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1 - amqp10_client.ssl_options.sni = hostname.dev", - [], - [{amqp10_client, - [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {versions,['tlsv1.2','tlsv1.1']}, - {server_name_indication, "hostname.dev"} - ]} - ]}], - []} + []} ].