Add new arbitrary SSL configuration option (#134)

Co-authored-by: Andrew Bruce <andrew.bruce@maersk.com>
Co-authored-by: Sergey Fedorov <oni.strech@gmail.com>

Author: 3 people

lib/avrora/client.ex

@@ -106,6 +106,7 @@ defmodule Avrora.Client do
           def registry_url, do: get(@opts, :registry_url, nil)
           def registry_auth, do: get(@opts, :registry_auth, nil)
           def registry_user_agent, do: get(@opts, :registry_user_agent, "Avrora/#{version()} Elixir")
+          def registry_ssl_opts, do: get(@opts, :registry_ssl_opts, nil)
           def registry_ssl_cacerts, do: get(@opts, :registry_ssl_cacerts, nil)
           def registry_schemas_autoreg, do: get(@opts, :registry_schemas_autoreg, true)
           def convert_null_values, do: get(@opts, :convert_null_values, true)

lib/avrora/config.ex

@@ -9,6 +9,7 @@ defmodule Avrora.Config do
       * `registry_url` URL for Schema Registry, default `nil`
       * `registry_auth` authentication settings for Schema Registry, default `nil`
       * `registry_user_agent` HTTP `User-Agent` header for Schema Registry requests, default `Avrora/<version> Elixir`
+      * `registry_ssl_opts` Erlang SSL client options for connecting to the Schema Registry (takes precedence over other SSL options) (see https://www.erlang.org/docs/26/man/ssl#type-client_option), default `nil`
       * `registry_ssl_cacerts` DER-encoded trusted certificate (not combined) (see https://www.erlang.org/docs/26/man/ssl#type-client_cacerts), default `nil`
       * `registry_ssl_cacert_path` path to a file containing PEM-encoded CA certificates, default `nil`
       * `registry_schemas_autoreg` automatically register schemas in Schema Registry, default `true`
@@ -30,6 +31,7 @@ defmodule Avrora.Config do
   @callback registry_url :: String.t() | nil
   @callback registry_auth :: tuple() | nil
   @callback registry_user_agent :: String.t() | nil
+  @callback registry_ssl_opts :: [:ssl.tls_option()] | nil
   @callback registry_ssl_cacerts :: binary() | nil
   @callback registry_ssl_cacert_path :: String.t() | nil
   @callback registry_schemas_autoreg :: boolean()

lib/avrora/storage/registry.ex

@@ -135,6 +135,7 @@ defmodule Avrora.Storage.Registry do
   defp options do
     ssl_options =
       cond do
+        !is_nil(registry_ssl_opts()) -> registry_ssl_opts()
         !is_nil(registry_ssl_cacerts()) -> [verify: :verify_peer, cacerts: [registry_ssl_cacerts()]]
         !is_nil(registry_ssl_cacert_path()) -> [verify: :verify_peer, cacertfile: registry_ssl_cacert_path()]
         true -> [verify: :verify_none]
@@ -183,6 +184,7 @@ defmodule Avrora.Storage.Registry do
   defp registry_url, do: Config.self().registry_url()
   defp registry_auth, do: Config.self().registry_auth()
   defp registry_user_agent, do: Config.self().registry_user_agent()
+  defp registry_ssl_opts, do: Config.self().registry_ssl_opts()
   defp registry_ssl_cacerts, do: Config.self().registry_ssl_cacerts()
   defp registry_ssl_cacert_path, do: Config.self().registry_ssl_cacert_path()
 end

test/avrora/storage/registry_test.exs

@@ -273,6 +273,21 @@ defmodule Avrora.Storage.RegistryTest do
       assert :ok == Registry.get(1) |> elem(0)
     end
 
+    test "when request should perform SSL verification based on given arbitrary SSL options" do
+      stub(Avrora.ConfigMock, :registry_ssl_cacert_path, fn -> "path/to/other/file" end)
+      stub(Avrora.ConfigMock, :registry_ssl_opts, fn -> [verify: :verify_peer, cacertfile: "path/to/file"] end)
+
+      Avrora.HTTPClientMock
+      |> expect(:get, fn url, options ->
+        assert url == "http://reg.loc/schemas/ids/1"
+        assert Keyword.fetch!(options, :ssl_options) == [verify: :verify_peer, cacertfile: "path/to/file"]
+
+        {:ok, %{"schema" => json_schema()}}
+      end)
+
+      assert :ok == Registry.get(1) |> elem(0)
+    end
+
     test "when registry url is unconfigured" do
       stub(Avrora.ConfigMock, :registry_url, fn -> nil end)
 

test/support/config.ex

@@ -42,6 +42,8 @@ defmodule Support.Config do
   @impl true
   def registry_user_agent, do: nil
   @impl true
+  def registry_ssl_opts, do: nil
+  @impl true
   def registry_ssl_cacerts, do: nil
   @impl true
   def registry_ssl_cacert_path, do: nil