parent 41be96a

author Arvindh <arvindh91@gmail.com> 1688570218 +0530
committer Arvindh <arvindh91@gmail.com> 1689754950 +0530

Rebase with master and squash commits

parent 1192325
author Arvindh <arvindh91@gmail.com> 1688570218 +0530
committer Arvindh <arvindh91@gmail.com> 1689174782 +0530

add: rootCA and clientCA in grpc server

Signed-off-by: Arvindh <arvindh91@gmail.com>

add: rootCA and client certificate in grpc client

Signed-off-by: Arvindh <arvindh91@gmail.com>

add: docker-compose for grpc-mtls and make target for mtls cert generation

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: typo in makefile

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: loadCertFile function in internal/clients/grpc/connect.go

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: env.parser test

Signed-off-by: Arvindh <arvindh91@gmail.com>

remove: commented lines

Signed-off-by: Arvindh <arvindh91@gmail.com>

add: make commands

Signed-off-by: Arvindh <arvindh91@gmail.com>

update: make commands and grpc clients

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: typo in makefile

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: loadCertFile function in internal/clients/grpc/connect.go

Signed-off-by: Arvindh <arvindh91@gmail.com>

remove: commented lines

Signed-off-by: Arvindh <arvindh91@gmail.com>

update: make commands and grpc clients

Signed-off-by: Arvindh <arvindh91@gmail.com>

update: make commands and docker-compose

Signed-off-by: Arvindh <arvindh91@gmail.com>

add: end of line

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: typos in makefile

Signed-off-by: Arvindh <arvindh91@gmail.com>

add: end of line

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: typos in makefile

Signed-off-by: Arvindh <arvindh91@gmail.com>

revert: grafana port in .env

Signed-off-by: Arvindh <arvindh91@gmail.com>

change: loadCertFile function

Signed-off-by: Arvindh <arvindh91@gmail.com>

change: certficate logic

Signed-off-by: Arvindh <arvindh91@gmail.com>

change: env name and update in compose file

Signed-off-by: Arvindh <arvindh91@gmail.com>

fix: makefile

Signed-off-by: Arvindh <arvindh91@gmail.com>

Makefile

@@ -13,7 +13,14 @@ GOARCH ?= amd64
 VERSION ?= $(shell git describe --abbrev=0 --tags)
 COMMIT ?= $(shell git rev-parse HEAD)
 TIME ?= $(shell date +%F_%T)
-
+USER_REPO ?= $(shell git remote get-url origin | sed -e 's/.*\/\([^/]*\)\/\([^/]*\).*/\1_\2/' )
+BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD  2>/dev/null || git describe --tags --abbrev=0  2>/dev/null )
+empty:=
+space:= $(empty) $(empty)
+DOCKER_PROJECT ?= $(subst $(space),,$(USER_REPO)_$(BRANCH))
+DOCKER_PROJECT := $(subst /,_,$(DOCKER_PROJECT))
+DOCKER_COMPOSE_COMMANDS_SUPPORTED := up down config
+DEFAULT_DOCKER_COMPOSE_COMMAND  := up
 ifneq ($(MF_BROKER_TYPE),)
     MF_BROKER_TYPE := $(MF_BROKER_TYPE)
 else
@@ -54,9 +61,30 @@ define make_docker_dev
 		-f docker/Dockerfile.dev ./build
 endef
 
+ADDON_SERVICES = bootstrap cassandra-reader cassandra-writer certs \
+					influxdb-reader influxdb-writer lora-adapter mongodb-reader mongodb-writer \
+					opcua-adapter postgres-reader postgres-writer provision smpp-notifier smtp-notifier \
+					timescale-reader timescale-writer twins
+
+EXTERNAL_SERVICES = vault prometheus
+
+ifneq ($(filter run%,$(firstword $(MAKECMDGOALS))),)
+  temp_args := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  DOCKER_COMPOSE_COMMAND := $(if $(filter $(DOCKER_COMPOSE_COMMANDS_SUPPORTED),$(temp_args)), $(filter $(DOCKER_COMPOSE_COMMANDS_SUPPORTED),$(temp_args)), $(DEFAULT_DOCKER_COMPOSE_COMMAND))
+  $(eval $(DOCKER_COMPOSE_COMMAND):;@)
+endif
+
+ifneq ($(filter run_addons%,$(firstword $(MAKECMDGOALS))),)
+  temp_args := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  RUN_ADDON_ARGS :=  $(if $(filter-out $(DOCKER_COMPOSE_COMMANDS_SUPPORTED),$(temp_args)), $(filter-out $(DOCKER_COMPOSE_COMMANDS_SUPPORTED),$(temp_args)),$(ADDON_SERVICES) $(EXTERNAL_SERVICES))
+  $(eval $(RUN_ADDON_ARGS):;@)
+endif
+
+FILTERED_SERVICES = $(filter-out $(RUN_ADDON_ARGS), $(SERVICES))
+
 all: $(SERVICES)
 
-.PHONY: all $(SERVICES) dockers dockers_dev latest release
+.PHONY: all $(SERVICES) dockers dockers_dev latest release gen_mtls_certs run run_grpc_mtls run_addons run_addons_grpc_mtls
 
 clean:
 	rm -rf ${BUILD_DIR}
@@ -81,7 +109,7 @@ proto:
 	protoc -I. --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative users/policies/*.proto
 	protoc -I. --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative things/policies/*.proto
 
-$(SERVICES):
+$(FILTERED_SERVICES):
 	$(call compile_service,$(@))
 
 $(DOCKERS):
@@ -117,7 +145,32 @@ release:
 rundev:
 	cd scripts && ./run.sh
 
+gen_mtls_certs:
+	make -C docker/ssl users_grpc_certs things_grpc_certs
+
 run:
 	sed -i "s,file: brokers/.*.yml,file: brokers/${MF_BROKER_TYPE}.yml," docker/docker-compose.yml
 	sed -i "s,MF_BROKER_URL=.*,MF_BROKER_URL=$$\{MF_$(shell echo ${MF_BROKER_TYPE} | tr 'a-z' 'A-Z')_URL\}," docker/.env
-	docker-compose -f docker/docker-compose.yml up
+	docker-compose -f docker/docker-compose.yml -p $(DOCKER_PROJECT) $(DOCKER_COMPOSE_COMMAND) $(args)
+
+run_grpc_mtls:
+	sed -i "s,file: brokers/.*.yml,file: brokers/${MF_BROKER_TYPE}.yml," docker/docker-compose.yml
+	sed -i "s,MF_BROKER_URL=.*,MF_BROKER_URL=$$\{MF_$(shell echo ${MF_BROKER_TYPE} | tr 'a-z' 'A-Z')_URL\}," docker/.env
+	docker-compose -f docker/docker-compose.yml -f docker/ssl/docker-compose.grpc-mtls.yaml -p $(DOCKER_PROJECT) $(DOCKER_COMPOSE_COMMAND) $(args)
+
+run_addons:
+	$(foreach SVC,$(RUN_ADDON_ARGS),$(if $(filter $(SVC),$(ADDON_SERVICES) $(EXTERNAL_SERVICES)),,$(error Invalid Service $(SVC))))
+	@for SVC in $(RUN_ADDON_ARGS); do \
+		docker-compose -f docker/addons/$$SVC/docker-compose.yml -p $(DOCKER_PROJECT) --env-file ./docker/.env $(DOCKER_COMPOSE_COMMAND) $(args) & \
+	done
+
+run_addons_grpc_mtls:
+	$(foreach SVC,$(RUN_ADDON_ARGS),$(if $(filter $(SVC),$(ADDON_SERVICES) $(EXTERNAL_SERVICES)),,$(error Invalid Service $(SVC))))
+	@for SVC in $(RUN_ADDON_ARGS); do \
+		if [ -f "docker/addons/$$SVC/docker-compose.grpc-mtls.yaml" ]; then \
+			COMPOSE_GRPC_MTLS=" -f docker/addons/$$SVC/docker-compose.grpc-mtls.yaml"; \
+		else \
+			COMPOSE_GRPC_MTLS="" ;\
+		fi;\
+		docker-compose -f docker/addons/$$SVC/docker-compose.yml $$COMPOSE_GRPC_MTLS -p $(DOCKER_PROJECT) --env-file ./docker/.env $(DOCKER_COMPOSE_COMMAND) $(args) & \
+	done

docker/.env

@@ -48,8 +48,9 @@ MF_USERS_DB_SSL_KEY=
 MF_USERS_DB_SSL_ROOT_CERT=
 MF_USERS_HTTP_PORT=9002
 MF_USERS_GRPC_PORT=7001
-MF_USERS_GRPC_URL=users:7001
-MF_USERS_GRPC_TIMEOUT=1s
+MF_USERS_GRPC_SERVER_CERT=./ssl/certs/users-grpc-server.crt
+MF_USERS_GRPC_SERVER_KEY=./ssl/certs/users-grpc-server.key
+MF_USERS_GRPC_SERVER_CA_CERTS=./ssl/certs/ca.crt
 MF_USERS_SERVER_CERT=
 MF_USERS_SERVER_KEY=
 MF_USERS_SECRET_KEY=HyE2D4RUt9nnKG6v8zKEqAp6g6ka8hhZsqUpzgKvnwpXrNVQSH
@@ -61,6 +62,15 @@ MF_USERS_RESET_PWD_TEMPLATE=users.tmpl
 MF_USERS_PASS_REGEX=^.{8,}$$
 MF_USERS_INSTANCE_ID=
 
+### Users gRPC Client
+MF_USERS_GRPC_URL=users:7001
+MF_USERS_GRPC_TIMEOUT=1s
+MF_USERS_GRPC_CLIENT_TLS=true
+MF_USERS_GRPC_CLIENT_MTLS=true
+MF_USERS_GRPC_CLIENT_CERT=./ssl/certs/users-grpc-client.crt
+MF_USERS_GRPC_CLIENT_KEY=./ssl/certs/users-grpc-client.key
+MF_USERS_GRPC_CLIENT_CA_CERTS=./ssl/certs/ca.crt
+
 ### Email utility
 MF_EMAIL_HOST=smtp.mailtrap.io
 MF_EMAIL_PORT=2525
@@ -79,8 +89,9 @@ MF_THINGS_LOG_LEVEL=debug
 MF_THINGS_HTTP_PORT=9000
 MF_THINGS_AUTH_HTTP_PORT=9001
 MF_THINGS_AUTH_GRPC_PORT=7000
-MF_THINGS_AUTH_GRPC_URL=things:7000
-MF_THINGS_AUTH_GRPC_TIMEOUT=1s
+MF_THINGS_AUTH_GRPC_SERVER_CERT=./ssl/certs/things-grpc-server.crt
+MF_THINGS_AUTH_GRPC_SERVER_KEY=./ssl/certs/things-grpc-server.key
+MF_THINGS_AUTH_GRPC_SERVER_CA_CERTS=./ssl/certs/ca.crt
 MF_THINGS_DB_HOST=things-db
 MF_THINGS_DB_PORT=5432
 MF_THINGS_DB_USER=mainflux
@@ -98,6 +109,15 @@ MF_THINGS_ES_PASS=
 MF_THINGS_ES_DB=
 MF_THINGS_INSTANCE_ID=
 
+### Things gRPC Client
+MF_THINGS_AUTH_GRPC_URL=things:7000
+MF_THINGS_AUTH_GRPC_TIMEOUT=1s
+MF_THINGS_AUTH_GRPC_CLIENT_TLS=true
+MF_THINGS_AUTH_GRPC_CLIENT_MTLS=true
+MF_THINGS_AUTH_GRPC_CLIENT_CERT=./ssl/certs/things-grpc-client.crt
+MF_THINGS_AUTH_GRPC_CLIENT_KEY=./ssl/certs/things-grpc-client.key
+MF_THINGS_AUTH_GRPC_CLIENT_CA_CERTS=./ssl/certs/ca.crt
+
 ### HTTP
 MF_HTTP_ADAPTER_PORT=8008
 MF_HTTP_ADAPTER_INSTANCE_ID=
@@ -207,7 +227,7 @@ MF_VAULT_CA_L=Belgrade
 
 ### LoRa
 MF_LORA_ADAPTER_LOG_LEVEL=debug
-MF_LORA_ADAPTER_MESSAGES_URL=tcp://lora.mqtt.mainflux.io:1883
+MF_LORA_ADAPTER_MESSAGES_URL=tcp://mainflux-mqtt:1883
 MF_LORA_ADAPTER_MESSAGES_TOPIC=application/+/device/+/event/up
 MF_LORA_ADAPTER_MESSAGES_USER=
 MF_LORA_ADAPTER_MESSAGES_PASS=
@@ -406,5 +426,9 @@ MF_GRAFANA_PORT=3000
 MF_GRAFANA_ADMIN_USER=mainflux
 MF_GRAFANA_ADMIN_PASSWORD=mainflux
 
+# Certificate paths are reative to current directory, In order locate from addons, a prefix path is added
+MF_ADDONS_CERTS_PATH_PREFIX=../.
+
 # Docker image tag
 MF_RELEASE_TAG=latest
+

docker/addons/bootstrap/docker-compose.grpc-mtls.yaml

@@ -0,0 +1,14 @@
+services:
+  bootstrap:
+    environment:
+      # Users gRPC client environmental varaibles
+      MF_AUTH_GRPC_CLIENT_MTLS: ${MF_USERS_GRPC_CLIENT_MTLS}
+      MF_AUTH_GRPC_CLIENT_TLS: ${MF_USERS_GRPC_CLIENT_TLS}
+      MF_AUTH_GRPC_CLIENT_CERT: /users-grpc-client.crt
+      MF_AUTH_GRPC_CLIENT_KEY: /users-grpc-client.key
+      MF_AUTH_GRPC_SERVER_CA_CERTS: /users-grpc-server-ca.crt
+    volumes:
+      # Users gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_CERT}:/users-grpc-client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_KEY}:/users-grpc-client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_SERVER_CA_CERTS}:/users-grpc-server-ca.crt

docker/addons/bootstrap/docker-compose.yml

@@ -9,8 +9,8 @@
 version: "3.7"
 
 networks:
-  docker_mainflux-base-net:
-    external: true
+  mainflux-base-net:
+
 
 volumes:
   mainflux-bootstrap-db-volume:
@@ -25,7 +25,7 @@ services:
       POSTGRES_PASSWORD: ${MF_BOOTSTRAP_DB_PASS}
       POSTGRES_DB: ${MF_BOOTSTRAP_DB}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     volumes:
       - mainflux-bootstrap-db-volume:/var/lib/postgresql/data
 
@@ -55,4 +55,4 @@ services:
       MF_SEND_TELEMETRY: ${MF_SEND_TELEMETRY}
       MF_BOOTSTRAP_INSTANCE_ID: ${MF_BOOTSTRAP_INSTANCE_ID}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net

docker/addons/cassandra-reader/docker-compose.grpc-mtls.yaml

@@ -0,0 +1,24 @@
+services:
+  cassandra-reader:
+    environment:
+      # Users gRPC client environmental varaibles
+      MF_AUTH_GRPC_CLIENT_MTLS: ${MF_USERS_GRPC_CLIENT_MTLS}
+      MF_AUTH_GRPC_CLIENT_TLS: ${MF_USERS_GRPC_CLIENT_TLS}
+      MF_AUTH_GRPC_CLIENT_CERT: /users-grpc-client.crt
+      MF_AUTH_GRPC_CLIENT_KEY: /users-grpc-client.key
+      MF_AUTH_GRPC_SERVER_CA_CERTS: /users-grpc-server-ca.crt
+      # Things gRPC client environmental varaibles
+      MF_THINGS_AUTH_GRPC_CLIENT_MTLS: ${MF_THINGS_AUTH_GRPC_CLIENT_MTLS}
+      MF_THINGS_AUTH_GRPC_CLIENT_TLS: ${MF_THINGS_AUTH_GRPC_CLIENT_TLS}
+      MF_THINGS_AUTH_GRPC_CLIENT_CERT: /client.crt
+      MF_THINGS_AUTH_GRPC_CLIENT_KEY: /client.key
+      MF_THINGS_AUTH_GRPC_SERVER_CA_CERTS: /server_ca.crt
+    volumes:
+      # Users gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_CERT}:/users-grpc-client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_KEY}:/users-grpc-client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_SERVER_CA_CERTS}:/users-grpc-server-ca.crt
+      # Things gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_CLIENT_CERT}:/client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_CLIENT_KEY}:/client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_SERVER_CA_CERTS}:/server_ca.crt

docker/addons/cassandra-reader/docker-compose.yml

@@ -9,8 +9,8 @@
 version: "3.7"
 
 networks:
-  docker_mainflux-base-net:
-    external: true
+  mainflux-base-net:
+
 
 services:
   cassandra-reader:
@@ -33,6 +33,6 @@ services:
     ports:
       - ${MF_CASSANDRA_READER_PORT}:${MF_CASSANDRA_READER_PORT}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     volumes:
       - ../../ssl/certs:/etc/ssl/certs

docker/addons/cassandra-writer/docker-compose.yml

@@ -9,8 +9,7 @@
 version: "3.7"
 
 networks:
-  docker_mainflux-base-net:
-    external: true
+  mainflux-base-net:
 
 volumes:
   mainflux-cassandra-volume:
@@ -21,12 +20,23 @@ services:
     container_name: mainflux-cassandra
     restart: on-failure
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     ports:
       - ${MF_CASSANDRA_WRITER_DB_PORT}:${MF_CASSANDRA_WRITER_DB_PORT}
     volumes:
       - mainflux-cassandra-volume:/var/lib/cassandra
 
+  cassandra-init-keyspace:
+    image: cassandra:3.11.10
+    depends_on:
+      - cassandra
+    restart: on-failure
+    volumes:
+      - ./init.sh:/init.sh
+    entrypoint: ["/init.sh"]
+    networks:
+      - mainflux-base-net
+
   cassandra-writer:
     image: mainflux/cassandra-writer:${MF_RELEASE_TAG}
     container_name: mainflux-cassandra-writer
@@ -46,6 +56,6 @@ services:
     ports:
       - ${MF_CASSANDRA_WRITER_PORT}:${MF_CASSANDRA_WRITER_PORT}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     volumes:
       - ./config.toml:/config.toml

docker/addons/cassandra-writer/init.sh

@@ -1,3 +1,8 @@
-docker-compose -f docker/addons/cassandra-writer/docker-compose.yml --env-file docker/.env up -d
-sleep 20
-docker exec mainflux-cassandra cqlsh -e "CREATE KEYSPACE IF NOT EXISTS mainflux WITH replication = {'class':'SimpleStrategy','replication_factor':'1'};"
+#!/usr/bin/env bash
+until printf "" 2>>/dev/null >>/dev/tcp/mainflux-cassandra/9042; do
+    sleep 5;
+    echo "Waiting for cassandra...";
+done
+
+echo "Creating keyspace and table..."
+cqlsh mainflux-cassandra  -e "CREATE KEYSPACE IF NOT EXISTS mainflux WITH replication = {'class':'SimpleStrategy','replication_factor':'1'};"

docker/addons/certs/docker-compose.grpc-mtls.yaml

@@ -0,0 +1,14 @@
+services:
+  certs:
+    environment:
+      # Users gRPC client environmental varaibles
+      MF_AUTH_GRPC_CLIENT_MTLS: ${MF_USERS_GRPC_CLIENT_MTLS}
+      MF_AUTH_GRPC_CLIENT_TLS: ${MF_USERS_GRPC_CLIENT_TLS}
+      MF_AUTH_GRPC_CLIENT_CERT: /users-grpc-client.crt
+      MF_AUTH_GRPC_CLIENT_KEY: /users-grpc-client.key
+      MF_AUTH_GRPC_SERVER_CA_CERTS: /users-grpc-server-ca.crt
+    volumes:
+      # Users gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_CERT}:/users-grpc-client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_KEY}:/users-grpc-client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_SERVER_CA_CERTS}:/users-grpc-server-ca.crt

docker/addons/certs/docker-compose.yml

@@ -9,8 +9,8 @@
 version: "3.7"
 
 networks:
-  docker_mainflux-base-net:
-    external: true
+  mainflux-base-net:
+
 
 
 volumes:
@@ -26,7 +26,7 @@ services:
       POSTGRES_PASSWORD: ${MF_CERTS_DB_PASS}
       POSTGRES_DB: ${MF_CERTS_DB}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     volumes:
       - mainflux-certs-db-volume:/var/lib/postgresql/data
 
@@ -37,7 +37,7 @@ services:
       - certs-db
     restart: on-failure
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     ports:
       - ${MF_CERTS_HTTP_PORT}:${MF_CERTS_HTTP_PORT}
     environment:

docker/addons/influxdb-reader/docker-compose.grpc-mtls.yaml

@@ -0,0 +1,24 @@
+services:
+  influxdb-reader:
+    environment:
+      # Users gRPC client environmental varaibles
+      MF_AUTH_GRPC_CLIENT_MTLS: ${MF_USERS_GRPC_CLIENT_MTLS}
+      MF_AUTH_GRPC_CLIENT_TLS: ${MF_USERS_GRPC_CLIENT_TLS}
+      MF_AUTH_GRPC_CLIENT_CERT: /users-grpc-client.crt
+      MF_AUTH_GRPC_CLIENT_KEY: /users-grpc-client.key
+      MF_AUTH_GRPC_SERVER_CA_CERTS: /users-grpc-server-ca.crt
+      # Things gRPC client environmental varaibles
+      MF_THINGS_AUTH_GRPC_CLIENT_MTLS: ${MF_THINGS_AUTH_GRPC_CLIENT_MTLS}
+      MF_THINGS_AUTH_GRPC_CLIENT_TLS: ${MF_THINGS_AUTH_GRPC_CLIENT_TLS}
+      MF_THINGS_AUTH_GRPC_CLIENT_CERT: /client.crt
+      MF_THINGS_AUTH_GRPC_CLIENT_KEY: /client.key
+      MF_THINGS_AUTH_GRPC_SERVER_CA_CERTS: /server_ca.crt
+    volumes:
+      # Users gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_CERT}:/users-grpc-client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_CLIENT_KEY}:/users-grpc-client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_USERS_GRPC_SERVER_CA_CERTS}:/users-grpc-server-ca.crt
+      # Things gRPC client certificates
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_CLIENT_CERT}:/client.crt
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_CLIENT_KEY}:/client.key
+      - ${MF_ADDONS_CERTS_PATH_PREFIX}${MF_THINGS_AUTH_GRPC_SERVER_CA_CERTS}:/server_ca.crt

docker/addons/influxdb-reader/docker-compose.yml

@@ -11,8 +11,8 @@
 version: "3.7"
 
 networks:
-  docker_mainflux-base-net:
-    external: true
+  mainflux-base-net:
+
 
 services:
   influxdb-reader:
@@ -41,6 +41,6 @@ services:
     ports:
       - ${MF_INFLUX_READER_PORT}:${MF_INFLUX_READER_PORT}
     networks:
-      - docker_mainflux-base-net
+      - mainflux-base-net
     volumes:
       - ../../ssl/certs:/etc/ssl/certs