yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authz): api required fields

This commit is contained in:
JimMoen 2022-04-11 18:20:45 +08:00
parent 88c98bb310
commit 14a97d777d
3 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/src/emqx_schema.erl
View File

@ -315,6 +315,7 @@ fields("authorization") ->
hoconsc:enum([allow, deny]), hoconsc:enum([allow, deny]),
#{ #{
default => allow, default => allow,
required => true,
%% TODO: make sources a reference link %% TODO: make sources a reference link
desc => desc =>
"Default access control action if the user or client matches no ACL rules,\n" "Default access control action if the user or client matches no ACL rules,\n"
@ -328,6 +329,7 @@ fields("authorization") ->
hoconsc:enum([ignore, disconnect]), hoconsc:enum([ignore, disconnect]),
#{ #{
default => ignore, default => ignore,
required => true,
desc => "The action when the authorization check rejects an operation." desc => "The action when the authorization check rejects an operation."
} }
)}, )},

38
apps/emqx_authz/src/emqx_authz_api_schema.erl
View File

@ -30,7 +30,8 @@ fields(http) ->
{url, fun url/1}, {url, fun url/1},
{method, #{ {method, #{
type => enum([get, post]), type => enum([get, post]),
default => get default => get,
required => true
}}, }},
{headers, fun headers/1}, {headers, fun headers/1},
{body, map([{fuzzy, term(), binary()}])}, {body, map([{fuzzy, term(), binary()}])},
@ -45,8 +46,8 @@ fields(http) ->
maps:from_list(emqx_connector_http:fields(config)) maps:from_list(emqx_connector_http:fields(config))
) )
); );
fields('built_in_database') -> fields(built_in_database) ->
authz_common_fields('built_in_database'); authz_common_fields(built_in_database);
fields(mongo_single) -> fields(mongo_single) ->
authz_mongo_common_fields() ++ authz_mongo_common_fields() ++
emqx_connector_mongo:fields(single); emqx_connector_mongo:fields(single);
@ -58,11 +59,11 @@ fields(mongo_sharded) ->
emqx_connector_mongo:fields(sharded); emqx_connector_mongo:fields(sharded);
fields(mysql) -> fields(mysql) ->
authz_common_fields(mysql) ++ authz_common_fields(mysql) ++
[{query, #{type => binary()}}] ++ [{query, mk(binary(), #{required => true})}] ++
emqx_connector_mysql:fields(config); emqx_connector_mysql:fields(config);
fields(postgresql) -> fields(postgresql) ->
authz_common_fields(postgresql) ++ authz_common_fields(postgresql) ++
[{query, #{type => binary()}}] ++ [{query, mk(binary(), #{required => true})}] ++
proplists:delete(named_queries, emqx_connector_pgsql:fields(config)); proplists:delete(named_queries, emqx_connector_pgsql:fields(config));
fields(redis_single) -> fields(redis_single) ->
authz_redis_common_fields() ++ authz_redis_common_fields() ++
@ -107,6 +108,8 @@ url(_) -> undefined.
headers(type) -> headers(type) ->
map(); map();
headers(desc) ->
"List of HTTP headers.";
headers(converter) -> headers(converter) ->
fun(Headers) -> fun(Headers) ->
maps:merge(default_headers(), transform_header_name(Headers)) maps:merge(default_headers(), transform_header_name(Headers))
@ -153,10 +156,19 @@ authz_mongo_common_fields() ->
]. ].
collection(type) -> binary(); collection(type) -> binary();
collection(desc) -> "Collection used to store authentication data.";
collection(required) -> true;
collection(_) -> undefined. collection(_) -> undefined.
selector(type) -> map(); selector(type) ->
selector(_) -> undefined. map();
selector(desc) ->
"Statement that is executed during the authentication process. "
"Commands can support following wildcards:\n"
" - `${username}`: substituted with client's username\n"
" - `${clientid}`: substituted with the clientid";
selector(_) ->
undefined.
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Redis type funcs %% Redis type funcs
@ -164,10 +176,11 @@ selector(_) -> undefined.
authz_redis_common_fields() -> authz_redis_common_fields() ->
authz_common_fields(redis) ++ authz_common_fields(redis) ++
[ [
{cmd, #{ {cmd,
type => binary(), mk(binary(), #{
example => <<"HGETALL mqtt_authz">> required => true,
}} example => <<"HGETALL mqtt_authz">>
})}
]. ].
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
@ -179,6 +192,7 @@ authz_common_fields(Type) when is_atom(Type) ->
{type, #{ {type, #{
type => enum([Type]), type => enum([Type]),
default => Type, default => Type,
required => true,
in => body in => body
}} }}
]. ].
@ -207,7 +221,7 @@ authz_sources_types(Type) ->
end ++ end ++
[ [
http, http,
'built_in_database', built_in_database,
mysql, mysql,
postgresql, postgresql,
file file

23
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -96,7 +96,7 @@ fields("authorization") ->
]; ];
fields(file) -> fields(file) ->
[ [
{type, #{type => file, desc => "Backend type."}}, {type, #{type => file, required => true, desc => "Backend type."}},
{enable, #{ {enable, #{
type => boolean(), type => boolean(),
default => true, default => true,
@ -118,17 +118,17 @@ fields(file) ->
]; ];
fields(http_get) -> fields(http_get) ->
[ [
{method, #{type => get, default => get, desc => "HTTP method."}}, {method, #{type => get, default => get, required => true, desc => "HTTP method."}},
{headers, fun headers_no_content_type/1} {headers, fun headers_no_content_type/1}
] ++ http_common_fields(); ] ++ http_common_fields();
fields(http_post) -> fields(http_post) ->
[ [
{method, #{type => post, default => post, desc => "HTTP method."}}, {method, #{type => post, default => post, required => true, desc => "HTTP method."}},
{headers, fun headers/1} {headers, fun headers/1}
] ++ http_common_fields(); ] ++ http_common_fields();
fields(mnesia) -> fields(mnesia) ->
[ [
{type, #{type => 'built_in_database', desc => "Backend type."}}, {type, #{type => 'built_in_database', required => true, desc => "Backend type."}},
{enable, #{ {enable, #{
type => boolean(), type => boolean(),
default => true, default => true,
@ -147,7 +147,7 @@ fields(mysql) ->
fields(postgresql) -> fields(postgresql) ->
[ [
{query, query()}, {query, query()},
{type, #{type => postgresql, desc => "Backend type."}}, {type, #{type => postgresql, required => true, desc => "Backend type."}},
{enable, #{ {enable, #{
type => boolean(), type => boolean(),
desc => "Enable this backend.", desc => "Enable this backend.",
@ -213,10 +213,16 @@ http_common_fields() ->
mongo_common_fields() -> mongo_common_fields() ->
[ [
{collection, #{ {collection, #{
type => atom(), desc => "`MongoDB` collection containing the authorization data." type => atom(),
required => true,
desc => "`MongoDB` collection containing the authorization data."
}}, }},
{selector, #{type => map(), desc => "MQL query used to select the authorization record."}}, {selector, #{
{type, #{type => mongodb, desc => "Database backend."}}, type => map(),
required => true,
desc => "MQL query used to select the authorization record."
}},
{type, #{type => mongodb, required => true, desc => "Database backend."}},
{enable, #{ {enable, #{
type => boolean(), type => boolean(),
default => true, default => true,
@ -335,6 +341,7 @@ query() ->
#{ #{
type => binary(), type => binary(),
desc => "Database query used to retrieve authorization data.", desc => "Database query used to retrieve authorization data.",
required => true,
validator => fun(S) -> validator => fun(S) ->
case size(S) > 0 of case size(S) > 0 of
true -> ok; true -> ok;