Add schema duplicate for amqp 1.0

SimonUnge · michaelklishin · commit 24fb0334acaf · 2024-06-21T21:43:07.000-04:00
diff --git a/deps/rabbit/priv/schema/rabbit.schema b/deps/rabbit/priv/schema/rabbit.schema
@@ -2661,9 +2661,117 @@ fun(Conf) ->
     list_to_binary(cuttlefish:conf_get("amqp1_0.default_vhost", Conf))
 end}.
 
+%% ----------------------------------------------------------------------------
+%%  AMQP client 1.0 TLS options
+%% ----------------------------------------------------------------------------
+
+{mapping, "amqp10_client.ssl_options", "amqp10_client.ssl_options", [
+    {datatype, {enum, [none]}}
+]}.
+
+{translation, "amqp10_client.ssl_options",
+fun(Conf) ->
+    case cuttlefish:conf_get("amqp10_client.ssl_options", Conf, undefined) of
+        none -> [];
+        _    -> cuttlefish:invalid("Invalid amqp10_client.ssl_options")
+    end
+end}.
+
+{mapping, "amqp10_client.ssl_options.verify", "amqp10_client.ssl_options.verify", [
+    {datatype, {enum, [verify_peer, verify_none]}}]}.
+
+{mapping, "amqp10_client.ssl_options.cacertfile", "amqp10_client.ssl_options.cacertfile",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "amqp10_client.ssl_options.certfile", "amqp10_client.ssl_options.certfile",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "amqp10_client.ssl_options.cacerts.$name", "amqp10_client.ssl_options.cacerts",
+    [{datatype, string}]}.
+
+{translation, "amqp10_client.ssl_options.cacerts",
+fun(Conf) ->
+    Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.cacerts", Conf),
+    [ list_to_binary(V) || {_, V} <- Settings ]
+end}.
+
+{mapping, "amqp10_client.ssl_options.cert", "amqp10_client.ssl_options.cert",
+    [{datatype, string}]}.
+
+{translation, "amqp10_client.ssl_options.cert",
+fun(Conf) ->
+    list_to_binary(cuttlefish:conf_get("amqp10_client.ssl_options.cert", Conf))
+end}.
+
+{mapping, "amqp10_client.ssl_options.crl_check", "amqp10_client.ssl_options.crl_check",
+    [{datatype, [{enum, [true, false, peer, best_effort]}]}]}.
+
+{mapping, "amqp10_client.ssl_options.depth", "amqp10_client.ssl_options.depth",
+    [{datatype, integer}, {validators, ["byte"]}]}.
+
+{mapping, "amqp10_client.ssl_options.key.RSAPrivateKey", "amqp10_client.ssl_options.key",
+    [{datatype, string}]}.
+
+{mapping, "amqp10_client.ssl_options.key.DSAPrivateKey", "amqp10_client.ssl_options.key",
+    [{datatype, string}]}.
+
+{mapping, "amqp10_client.ssl_options.key.PrivateKeyInfo", "amqp10_client.ssl_options.key",
+    [{datatype, string}]}.
+
+{translation, "amqp10_client.ssl_options.key",
+fun(Conf) ->
+    case cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.key", Conf) of
+        [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)};
+        _ -> undefined
+    end
+end}.
+
+{mapping, "amqp10_client.ssl_options.keyfile", "amqp10_client.ssl_options.keyfile",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "amqp10_client.ssl_options.log_alert", "amqp10_client.ssl_options.log_alert",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "amqp10_client.ssl_options.password", "amqp10_client.ssl_options.password",
+    [{datatype, string}]}.
+
+{mapping, "amqp10_client.ssl_options.psk_identity", "amqp10_client.ssl_options.psk_identity",
+    [{datatype, string}]}.
+
+{mapping, "amqp10_client.ssl_options.reuse_sessions", "amqp10_client.ssl_options.reuse_sessions",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "amqp10_client.ssl_options.secure_renegotiate", "amqp10_client.ssl_options.secure_renegotiate",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "amqp10_client.ssl_options.versions.$version", "amqp10_client.ssl_options.versions",
+    [{datatype, atom}]}.
+
+{translation, "amqp10_client.ssl_options.versions",
+fun(Conf) ->
+    Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.versions", Conf),
+    [ V || {_, V} <- Settings ]
+end}.
+
+{mapping, "amqp10_client.ssl_options.sni", "amqp10_client.ssl_options.server_name_indication",
+    [{datatype, [{enum, [none]}, string]}]}.
+
+{translation, "amqp10_client.ssl_options.server_name_indication",
+fun(Conf) ->
+    case cuttlefish:conf_get("amqp10_client.ssl_options.sni", Conf, undefined) of
+        undefined -> cuttlefish:unset();
+        none      -> cuttlefish:unset();
+        Hostname  -> Hostname
+    end
+end}.
+
+
+% ===============================
+% AMQP 0.9.1
+% ===============================
 
 %% ----------------------------------------------------------------------------
-%%  amqp_client TLS options
+%%  AMQP client 0.9.1 TLS options
 %% ----------------------------------------------------------------------------
 
 {mapping, "amqp_client.ssl_options", "amqp_client.ssl_options", [
diff --git a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets
@@ -251,7 +251,7 @@ cluster_formation.classic_config.nodes.peer2 = rabbit@hostname2",
             [{peer_discovery_backend,rabbit_peer_discovery_classic_config}]},
         {cluster_nodes,{[rabbit@hostname2,rabbit@hostname1],disc}}]}],
   []},
- 
+
   {cluster_formation_module_dns_alias,
   "cluster_formation.peer_discovery_backend = dns
 cluster_formation.dns.hostname = discovery.eng.example.local",
@@ -264,7 +264,7 @@ cluster_formation.dns.hostname = discovery.eng.example.local",
              ]}]}
         ]}],
   []},
- 
+
  {cluster_formation_disk,
   "cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config
    cluster_formation.classic_config.nodes.peer1 = rabbit@hostname1
@@ -698,17 +698,17 @@ tcp_listen_options.exit_on_close = false",
              {fail_if_no_peer_cert, false},
              {honor_ecc_order, true}]}]}],
   []},
-  
+
  {ssl_cert_login_from_cn,
   "ssl_cert_login_from = common_name",
   [{rabbit,[{ssl_cert_login_from, common_name}]}],
   []},
-  
+
  {ssl_cert_login_from_dn,
   "ssl_cert_login_from = distinguished_name",
   [{rabbit,[{ssl_cert_login_from, distinguished_name}]}],
   []},
- 
+
  {ssl_cert_login_from_san_dns,
   "ssl_cert_login_from      = subject_alternative_name
    ssl_cert_login_san_type  = dns
@@ -719,7 +719,7 @@ tcp_listen_options.exit_on_close = false",
       {ssl_cert_login_san_index, 0}
   ]}],
   []},
-  
+
 
   {ssl_options_bypass_pem_cache,
    "ssl_options.bypass_pem_cache = true",
@@ -1063,20 +1063,21 @@ credential_validator.regexp = ^abc\\d+",
   %% AMQP TLS options
   %%
 
- {ssl_options,
+ {amqp_client_ssl_options,
   "amqp_client.ssl_options.cacertfile           = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile             = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile              = test/config_schema_SUITE_data/certs/key.pem
    amqp_client.ssl_options.verify               = verify_peer",
-  [{amqp_client, [
-                                 {ssl_options,
-                                  [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"},
-                                   {certfile,   "test/config_schema_SUITE_data/certs/cert.pem"},
-                                   {keyfile,    "test/config_schema_SUITE_data/certs/key.pem"},
-                                   {verify,               verify_peer}]}
-                                ]}],
+  [{amqp_client,
+    [
+     {ssl_options,
+      [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,   "test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,    "test/config_schema_SUITE_data/certs/key.pem"},
+       {verify, verify_peer}]}
+      ]}],
   [amqp_client]},
- {ssl_options_verify_peer,
+ {amqp_client_ssl_options_verify_peer,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem
@@ -1089,7 +1090,7 @@ credential_validator.regexp = ^abc\\d+",
        {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
        {verify,verify_peer}]}]}],
   []},
- {ssl_options_password,
+ {amqp_client_ssl_options_password,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
@@ -1102,7 +1103,7 @@ credential_validator.regexp = ^abc\\d+",
        {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
        {password,"t0p$3kRe7"}]}]}],
   []},
- {ssl_options_tls_versions,
+ {amqp_client_ssl_options_tls_versions,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
@@ -1117,7 +1118,7 @@ credential_validator.regexp = ^abc\\d+",
        {versions,['tlsv1.2','tlsv1.1']}]}
     ]}],
   []},
- {ssl_options_depth,
+ {amqp_client_ssl_options_depth,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
@@ -1131,7 +1132,7 @@ credential_validator.regexp = ^abc\\d+",
        {depth,2},
        {verify,verify_peer}]}]}],
   []},
- {ssl_options_sni_disabled,
+ {amqp_client_ssl_options_sni_disabled,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
@@ -1148,7 +1149,7 @@ credential_validator.regexp = ^abc\\d+",
      }]
    }],
   []},
- {ssl_options_sni_hostname,
+ {amqp_client_ssl_options_sni_hostname,
   "amqp_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
    amqp_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
    amqp_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
@@ -1165,6 +1166,111 @@ credential_validator.regexp = ^abc\\d+",
        {server_name_indication, "hostname.dev"}
       ]}
     ]}],
+  []},
+
+ {amqp10_client_ssl_options,
+  "amqp10_client.ssl_options.cacertfile           = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile             = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile              = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.verify               = verify_peer",
+  [{amqp10_client,
+    [
+     {ssl_options,
+      [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,   "test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,    "test/config_schema_SUITE_data/certs/key.pem"},
+       {verify, verify_peer}]}
+      ]}],
+  [amqp10_client]},
+ {amqp10_client_ssl_options_verify_peer,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.verify = verify_peer",
+  [{amqp10_client,
+    [
+     {ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {verify,verify_peer}]}]}],
+  []},
+ {amqp10_client_ssl_options_password,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.password   = t0p$3kRe7",
+  [{amqp10_client,
+    [
+     {ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {password,"t0p$3kRe7"}]}]}],
+  []},
+ {amqp10_client_ssl_options_tls_versions,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2
+   amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1",
+  [],
+  [{amqp10_client,
+    [{ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {versions,['tlsv1.2','tlsv1.1']}]}
+    ]}],
+  []},
+ {amqp10_client_ssl_options_depth,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.depth      = 2
+   amqp10_client.ssl_options.verify     = verify_peer",
+  [{amqp10_client,
+    [{ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {depth,2},
+       {verify,verify_peer}]}]}],
+  []},
+ {amqp10_client_ssl_options_sni_disabled,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2
+   amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1
+   amqp10_client.ssl_options.sni = none",
+  [],
+  [{amqp10_client,
+    [{ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {versions,['tlsv1.2','tlsv1.1']}]
+     }]
+   }],
+  []},
+ {amqp10_client_ssl_options_sni_hostname,
+  "amqp10_client.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   amqp10_client.ssl_options.certfile   = test/config_schema_SUITE_data/certs/cert.pem
+   amqp10_client.ssl_options.keyfile    = test/config_schema_SUITE_data/certs/key.pem
+   amqp10_client.ssl_options.versions.tls1_2 = tlsv1.2
+   amqp10_client.ssl_options.versions.tls1_1 = tlsv1.1
+   amqp10_client.ssl_options.sni = hostname.dev",
+  [],
+  [{amqp10_client,
+    [{ssl_options,
+      [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+       {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+       {keyfile,"test/config_schema_SUITE_data/certs/key.pem"},
+       {versions,['tlsv1.2','tlsv1.1']},
+       {server_name_indication, "hostname.dev"}
+      ]}
+    ]}],
   []}
 
 ].
