Skip to content

Commit

Permalink
Merge 368d267 into bd3779b
Browse files Browse the repository at this point in the history
  • Loading branch information
chrzaszcz authored Nov 17, 2020
2 parents bd3779b + 368d267 commit 0d73546
Show file tree
Hide file tree
Showing 76 changed files with 1,810 additions and 9,455 deletions.
8 changes: 2 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ clean:
-rm -rf asngen
-rm -rf _build
-rm rel/configure.vars.config
-rm rel/vars.config
-rm rel/vars-toml.config

# REBAR_CT_EXTRA_ARGS comes from a test runner
Expand All @@ -26,7 +25,7 @@ ct:
eunit:
@$(RUN) $(REBAR) eunit

rel: certs configure.out rel/vars.config rel/vars-toml.config
rel: certs configure.out rel/vars-toml.config
. ./configure.out && $(REBAR) as prod release

shell: certs etc/mongooseim.cfg
Expand All @@ -39,9 +38,6 @@ rock:
elif [ "$(BRANCH)" ]; then tools/rock_changed.sh $(BRANCH); \
else tools/rock_changed.sh; fi

rel/vars.config: rel/vars.config.in rel/configure.vars.config
cat $^ > $@

rel/vars-toml.config: rel/vars-toml.config.in rel/configure.vars.config
cat $^ > $@

Expand All @@ -58,7 +54,7 @@ devrel: $(DEVNODES)
print_devnodes:
@echo $(DEVNODES)

$(DEVNODES): certs configure.out rel/vars.config rel/vars-toml.config
$(DEVNODES): certs configure.out rel/vars-toml.config
@echo "building $@"
(. ./configure.out && \
DEVNODE=true $(RUN) $(REBAR) as $@ release)
Expand Down
134 changes: 0 additions & 134 deletions big_tests/test.config
Original file line number Diff line number Diff line change
Expand Up @@ -389,140 +389,6 @@
scope = \"global\""},
{mod_offline, "[modules.mod_offline]"}
]}
]},
{cfg, % preset vars for the 'cfg' format - used only by the config equivalence tests
[
{internal_mnesia,
%% dbs variable is used by ./tools/test_runner/presets_to_dbs.sh script
[{dbs, [redis, minio]},
{sm_backend, "{mnesia, []}"},
{auth_method, "internal"},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []}
]}."},
{mod_offline, "{mod_offline, []},"}]},
{pgsql_mnesia,
[{dbs, [redis, pgsql]},
{sm_backend, "{mnesia, []}"},
{auth_method, "rdbms"},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{rdbms, global, default, [{workers, 5}],
[{server, {pgsql, \"localhost\", \"ejabberd\", \"ejabberd\", \"mongooseim_secret\",
[{ssl, required}, {ssl_opts, [{verify, verify_peer},
{cacertfile, \"priv/ssl/cacert.pem\"}, {server_name_indication, disable}]}]}}]}
]}."},
{mod_last, "{mod_last, [{backend, rdbms}]},"},
{mod_privacy, "{mod_privacy, [{backend, rdbms}]},"},
{mod_private, "{mod_private, [{backend, rdbms}]},"},
{mod_offline, "{mod_offline, [{backend, rdbms}]},"},
{mod_vcard, "{mod_vcard, [{backend, rdbms}, {host, \"vjud.@HOST@\"}]},"},
{mod_roster, "{mod_roster, [{backend, rdbms}]},"}]},
{odbc_mssql_mnesia,
[{dbs, [redis, mssql]},
{sm_backend, "{mnesia, []}"},
{auth_method, "rdbms"},
{rdbms_server_type, "{rdbms_server_type, mssql}."},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{rdbms, global, default, [{workers, 5}],
[{server, \"DSN=mongoose-mssql;UID=sa;PWD=mongooseim_secret+ESL123\"}]}
]}."},
{mod_last, "{mod_last, [{backend, rdbms}]},"},
{mod_privacy, "{mod_privacy, [{backend, rdbms}]},"},
{mod_private, "{mod_private, [{backend, rdbms}]},"},
{mod_offline, "{mod_offline, [{backend, rdbms}]},"},
{mod_vcard, "{mod_vcard, [{backend, rdbms}, {host, \"vjud.@HOST@\"}]},"},
{mod_roster, "{mod_roster, [{backend, rdbms}]},"}]},
{mysql_redis,
[{dbs, [redis, mysql]},
{sm_backend, "{redis, []}"},
{auth_method, "rdbms"},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{redis, global, default, [{workers, 10}, {strategy, random_worker}], []},
{rdbms, global, default, [{workers, 5}],
[{server, {mysql, \"localhost\", \"ejabberd\", \"ejabberd\", \"mongooseim_secret\",
[{versions, ['tlsv1.2']}, {verify, verify_peer}, {cacertfile, \"priv/ssl/cacert.pem\"}]}}]}
]}."},
{mod_last, "{mod_last, [{backend, rdbms}]},"},
{mod_privacy, "{mod_privacy, [{backend, rdbms}]},"},
{mod_private, "{mod_private, [{backend, rdbms}]},"},
{mod_offline, "{mod_offline, [{backend, rdbms}]},"},
{mod_vcard, "{mod_vcard, [{backend, rdbms}, {host, \"vjud.@HOST@\"}]},"},
{mod_roster, "{mod_roster, [{backend, rdbms}]},"}]},
{ldap_mnesia,
[{dbs, [redis, ldap]},
{sm_backend, "{mnesia, []}"},
{auth_method, "ldap"},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{ldap, global, default, [{workers, 5}], [{port, 3636},
{rootdn, \"cn=admin,dc=esl,dc=com\"},
{password, \"mongooseim_secret\"},
{encrypt, tls},
{tls_options, [{versions, ['tlsv1.2']},
{verify, verify_peer},
{cacertfile, \"priv/ssl/cacert.pem\"},
{certfile, \"priv/ssl/fake_cert.pem\"},
{keyfile, \"priv/ssl/fake_key.pem\"}]}]},
{ldap, global, bind, [{workers, 5}], [{port, 3636},
{encrypt, tls},
{tls_options, [{versions, ['tlsv1.2']},
{verify, verify_peer},
{cacertfile, \"priv/ssl/cacert.pem\"},
{certfile, \"priv/ssl/fake_cert.pem\"},
{keyfile, \"priv/ssl/fake_key.pem\"}]}]}
]}."},
{mod_offline, "{mod_offline, []},"},
{password_format, "{password_format, scram}"},
{auth_ldap, ", {ldap_base, \"ou=Users,dc=esl,dc=com\"},
{ldap_filter, \"(objectClass=inetOrgPerson)\"}"
},
{mod_vcard,"{mod_vcard, [{backend, ldap}, {host, \"vjud.@HOST@\"},\n"
"{ldap_base, \"ou=Users,dc=esl,dc=com\"},\n"
"{ldap_filter,\"(objectClass=inetOrgPerson)\"}\n"
"]},"}
]},
{riak_mnesia,
[{dbs, [redis, riak]},
{sm_backend, "{mnesia, []}"},
{auth_method, "riak"},
%% Specify a list of ciphers to avoid
%% "no function clause matching tls_v1:enum_to_oid(28)" error
%% on Riak's side running with Erlang R16.
%% https://github.com/basho/riak-erlang-client/issues/232#issuecomment-178612129
%% We also set ciphers in tools/setup_riak on the server side.
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{riak, global, default, [{workers, 5},
{strategy, next_worker}],
[{address, \"127.0.0.1\"},{port, 8087},
{ssl_opts, [{ciphers, [\"AES256-SHA\", \"DHE-RSA-AES128-SHA256\"]},
{server_name_indication, disable}]},
{credentials, \"ejabberd\", \"mongooseim_secret\"},
{cacertfile, \"priv/ssl/cacert.pem\"}]}
]}."},
{mod_roster, "{mod_roster, [{backend, riak}]},"},
{mod_private, "{mod_private, [{backend, riak}]},"},
{mod_vcard, "{mod_vcard, [{backend, riak}, {host, \"vjud.@HOST@\"}]},"},
{mod_offline, "{mod_offline, [{backend, riak}]},"},
{mod_last, "{mod_last, [{backend, riak}]},"},
{mod_privacy, "{mod_privacy, [{backend, riak}]},"}
]},
{elasticsearch_and_cassandra_mnesia,
[{dbs, [redis, elasticsearch, cassandra]},
{sm_backend, "{mnesia, []}"},
{outgoing_pools, "{outgoing_pools, [
{redis, global, global_distrib, [{workers, 10}], []},
{cassandra, global, default, [{workers, 20}],
[{ssl,[{cacertfile, \"priv/ssl/cacert.pem\"},
{verify, verify_peer}] }]},
{elastic, global, default, [], []}
]}."},
{auth_method, "internal"},
{mod_offline, "{mod_offline, []},"}
]}
]}
]}.

Expand Down
155 changes: 0 additions & 155 deletions big_tests/tests/config_format_SUITE.erl

This file was deleted.

14 changes: 6 additions & 8 deletions big_tests/tests/ejabberd_node_utils.erl
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,7 @@ config_vars_path(File, Config) ->
ctl_path(Node, Config) ->
filename:join([cwd(Node, Config), "bin", "mongooseimctl"]).

config_file_name(toml) -> "mongooseim.toml";
config_file_name(cfg) -> "mongooseim.cfg".
config_file_name(toml) -> "mongooseim.toml".

-type ct_config() :: list({Key :: term(), Value :: term()}).

Expand Down Expand Up @@ -133,12 +132,12 @@ file_exists(Filename) ->
file_exists(Node, Filename) ->
call_fun(Node, filelib, is_file, [Filename]).

%% @doc Modifies default ejabberd config file: `etc/mongooseim.cfg'.
%% @doc Modifies default ejabberd config file: `etc/mongooseim.toml'.
%%
%% This function assumes that the config file was generated from template
%% file in `rel/files/mongooseim.cfg' using variables from `rel/vars.config'.
%% file in `rel/files/mongooseim.toml' using variables from `rel/vars-toml.config'.
%% The modification procedure overrides given variables provided in
%% `rel/vars.config'.
%% `rel/vars-toml.config'.
%%
%% For example to change `hosts' value in the configuration file one
%% has to call the function as follows:
Expand All @@ -150,7 +149,7 @@ file_exists(Node, Filename) ->
modify_config_file(CfgVarsToChange, Config) ->
modify_config_file(mim, CfgVarsToChange, Config, toml).

-spec modify_config_file(Host, [{ConfigVariable, Value}], ct_config(), toml | cfg) -> ok when
-spec modify_config_file(Host, [{ConfigVariable, Value}], ct_config(), toml) -> ok when
Host :: atom(),
ConfigVariable :: atom(),
Value :: string().
Expand Down Expand Up @@ -203,8 +202,7 @@ get_config_path(RPCSpec) ->
set_config_path(RPCSpec, Path) ->
ejabberd_node_utils:call_fun(RPCSpec, os, putenv, ["EJABBERD_CONFIG_PATH", Path]).

vars_file(toml) -> "vars-toml.config";
vars_file(cfg) -> "vars.config".
vars_file(toml) -> "vars-toml.config".

preset_vars(Config, Format) ->
case proplists:get_value(preset, Config) of
Expand Down
5 changes: 2 additions & 3 deletions doc/advanced-configuration/general.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ User access rules are configured mainly in the [`acl`](acl.md) and [`access`](ac
## `general.mongooseimctl_access_commands`
* **Scope:** local
* **Syntax:** TOML table, whose **keys** are the names of the access rules defined in the [`access`](access.md) config section and **values** specify allowed administration commands. Each value is a table with the following nested options:
* `commands`: mandatory, a list of strings representing the allowed commands, or the string `"all"`
* `argument_restrictions`: optional, a table whose keys are the argument names and the values are strings representing the allowed values
* `commands`: optional, a list of strings representing the allowed commands. When not specified, all commands are allowed.
* `argument_restrictions`: optional, a table whose keys are the argument names and the values are strings representing the allowed values. When not specified, there are no restrictions.
* **Default:** not set

By default all admin operations are permitted with the `mongooseimctl` command without authentication. You can change that by setting this option for a specific access rule. When the rule returns the value `"allow"`, the user is permitted to use the specified commands with the optional restrictions.
Expand All @@ -79,7 +79,6 @@ By default all admin operations are permitted with the `mongooseimctl` command w

```
[general.mongooseimctl_access_commands.admin]
commands = "all"
```

The `admin` rule needs to be defined in the `access` section.
Expand Down
Loading

0 comments on commit 0d73546

Please sign in to comment.