s2s config per host type #3523
s2s config per host type #3523
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3523 +/- ##
==========================================
+ Coverage 81.06% 81.09% +0.02%
==========================================
Files 419 419
Lines 32298 32296 -2
==========================================
+ Hits 26182 26190 +8
+ Misses 6116 6106 -10
Continue to review full report at Codecov.
|
chrzaszcz
force-pushed
the
s2s-config-host-only
branch
8 times, most recently
from
3a24ffd
to
77126ba
Compare
chrzaszcz
force-pushed
the
s2s-config-host-only
branch
from
c70b4d6
to
77126ba
Compare
- All options can be specified globally and per host type - Host-type s2s section completely overrides the global one - Options have defaults as specified in the docs - Certfile path is checked now - Nested maps are always included as they contain defaults
There is now a separate s2s shared secret for each host type
Main changes: - Server is always checked as host type is needed - Error handling is more consistent and covers more cases
Also: unify getting TLS options
- Test options per host type - Ensure that host-type options override global ones - Put existing files as certificates
Also: parallelize, remove repetition
- All options are allowed per host type - s2s section overrides the whole global section now
chrzaszcz
force-pushed
the
s2s-config-host-only
branch
from
77126ba
to
6babcd7
Compare
|
small_tests_23 / small_tests / 6babcd7 small_tests_24 / small_tests / 6babcd7 dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 6babcd7 ldap_mnesia_23 / ldap_mnesia / 6babcd7 dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / 6babcd7 dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 6babcd7 dynamic_domains_mysql_redis_24 / mysql_redis / 6babcd7 elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 6babcd7 ldap_mnesia_24 / ldap_mnesia / 6babcd7 riak_mnesia_24 / riak_mnesia / 6babcd7 mssql_mnesia_24 / odbc_mssql_mnesia / 6babcd7 pgsql_mnesia_23 / pgsql_mnesia / 6babcd7 mysql_redis_24 / mysql_redis / 6babcd7 internal_mnesia_24 / internal_mnesia / 6babcd7 |
| mnesia:write(#s2s_shared{host_type = HostType, secret = Secret}). | ||
|
|
||
| -spec lookup_certfile(mongooseim:host_type()) -> {ok, string()} | {error, not_found}. | ||
| lookup_certfile(HostType) -> |
There was a problem hiding this comment.
Why do we first look up the global domain_certfile then c2s certfile and not in the reverse order?
There was a problem hiding this comment.
I wouldn't say domain_certfile is global - it is per host type, but it is in the general section.
According to the docs for domain_certfile:
This option overrides the configured certificate file for specific local XMPP domains. This option applies to S2S and C2S connections.
It took precedence over s2s and c2s settings before and I didn't want to change that. The only difference is that you can set s2s.certfile per domain now, but usually you would set it globally, and there is no way to tell how it was set.
|
small_tests_24 / small_tests / db060ab small_tests_23 / small_tests / db060ab dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / db060ab dynamic_domains_mysql_redis_24 / mysql_redis / db060ab dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / db060ab dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / db060ab ldap_mnesia_24 / ldap_mnesia / db060ab ldap_mnesia_23 / ldap_mnesia / db060ab internal_mnesia_24 / internal_mnesia / db060ab elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / db060ab mysql_redis_24 / mysql_redis / db060ab pgsql_mnesia_24 / pgsql_mnesia / db060ab pgsql_mnesia_23 / pgsql_mnesia / db060ab riak_mnesia_24 / riak_mnesia / db060ab mssql_mnesia_24 / odbc_mssql_mnesia / db060ab pep_SUITE:pep_tests:delayed_receive{error,{{badmatch,[]},
[{pep_SUITE,'-delayed_receive/1-fun-0-',3,
[{file,"/home/circleci/project/big_tests/tests/pep_SUITE.erl"},
{line,276}]},
{escalus_story,story,4,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
{test_server,ts_tc,3,[{file,"test_server.erl"},{line,1783}]},
{test_server,run_test_case_eval1,6,
[{file,"test_server.erl"},{line,1292}]},
{test_server,run_test_case_eval,9,
[{file,"test_server.erl"},{line,1224}]}]}}pep_SUITE:pep_tests:h_ok_after_notify_test{error,{{assertion_failed,assert_many,false,[is_roster_set],[],[]},
[{escalus_new_assert,assert_true,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_new_assert.erl"},
{line,84}]},
{escalus_story,'-make_all_clients_friends/1-fun-0-',2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,108}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl,3,[{file,"lists.erl"},{line,1267}]},
{escalus_utils,'-each_with_index/3-fun-0-',3,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,87}]},
{lists,foldl,3,[{file,"lists.erl"},{line,1267}]},
{escalus_utils,distinct_pairs,2,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_utils.erl"},
{line,60}]},
{escalus_story,make_all_clients_friends,1,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,106}]}]}} |
The goal is to put all s2s options in a map and allow specifying them globally or per host type. The
host_config.s2ssection completely overrides the globals2ssection now, as this is more straightforward and allows resetting optional values.Main changes:
Smaller changes
s2s.addressdefault as it had no benefit.