yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authz): api required fields

This commit is contained in:
JimMoen 2022-04-11 18:20:45 +08:00
parent 88c98bb310
commit 14a97d777d
3 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/src/emqx_schema.erl
View File

@ -315,6 +315,7 @@ fields("authorization") ->
hoconsc:enum([allow, deny]),
#{
default => allow,
required => true,
%% TODO: make sources a reference link
desc =>
"Default access control action if the user or client matches no ACL rules,\n"
@ -328,6 +329,7 @@ fields("authorization") ->
hoconsc:enum([ignore, disconnect]),
#{
default => ignore,
required => true,
desc => "The action when the authorization check rejects an operation."
}
)},

38
apps/emqx_authz/src/emqx_authz_api_schema.erl
View File

@ -30,7 +30,8 @@ fields(http) ->
{url, fun url/1},
{method, #{
type => enum([get, post]),
default => get
default => get,
required => true
}},
{headers, fun headers/1},
{body, map([{fuzzy, term(), binary()}])},
@ -45,8 +46,8 @@ fields(http) ->
maps:from_list(emqx_connector_http:fields(config))
)
);
fields('built_in_database') ->
authz_common_fields('built_in_database');
fields(built_in_database) ->
authz_common_fields(built_in_database);
fields(mongo_single) ->
authz_mongo_common_fields() ++
emqx_connector_mongo:fields(single);
@ -58,11 +59,11 @@ fields(mongo_sharded) ->
emqx_connector_mongo:fields(sharded);
fields(mysql) ->
authz_common_fields(mysql) ++
[{query, #{type => binary()}}] ++
[{query, mk(binary(), #{required => true})}] ++
emqx_connector_mysql:fields(config);
fields(postgresql) ->
authz_common_fields(postgresql) ++
[{query, #{type => binary()}}] ++
[{query, mk(binary(), #{required => true})}] ++
proplists:delete(named_queries, emqx_connector_pgsql:fields(config));
fields(redis_single) ->
authz_redis_common_fields() ++
@ -107,6 +108,8 @@ url(_) -> undefined.
headers(type) ->
map();
headers(desc) ->
"List of HTTP headers.";
headers(converter) ->
fun(Headers) ->
maps:merge(default_headers(), transform_header_name(Headers))
@ -153,10 +156,19 @@ authz_mongo_common_fields() ->
].
collection(type) -> binary();
collection(desc) -> "Collection used to store authentication data.";
collection(required) -> true;
collection(_) -> undefined.
selector(type) -> map();
selector(_) -> undefined.
selector(type) ->
map();
selector(desc) ->
"Statement that is executed during the authentication process. "
"Commands can support following wildcards:\n"
" - `${username}`: substituted with client's username\n"
" - `${clientid}`: substituted with the clientid";
selector(_) ->
undefined.
%%------------------------------------------------------------------------------
%% Redis type funcs
@ -164,10 +176,11 @@ selector(_) -> undefined.
authz_redis_common_fields() ->
authz_common_fields(redis) ++
[
{cmd, #{
type => binary(),
example => <<"HGETALL mqtt_authz">>
}}
{cmd,
mk(binary(), #{
required => true,
example => <<"HGETALL mqtt_authz">>
})}
].
%%------------------------------------------------------------------------------
@ -179,6 +192,7 @@ authz_common_fields(Type) when is_atom(Type) ->
{type, #{
type => enum([Type]),
default => Type,
required => true,
in => body
}}
].
@ -207,7 +221,7 @@ authz_sources_types(Type) ->
end ++
[
http,
'built_in_database',
built_in_database,
mysql,
postgresql,
file

23
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -96,7 +96,7 @@ fields("authorization") ->
];
fields(file) ->
[
{type, #{type => file, desc => "Backend type."}},
{type, #{type => file, required => true, desc => "Backend type."}},
{enable, #{
type => boolean(),
default => true,
@ -118,17 +118,17 @@ fields(file) ->
];
fields(http_get) ->
[
{method, #{type => get, default => get, desc => "HTTP method."}},
{method, #{type => get, default => get, required => true, desc => "HTTP method."}},
{headers, fun headers_no_content_type/1}
] ++ http_common_fields();
fields(http_post) ->
[
{method, #{type => post, default => post, desc => "HTTP method."}},
{method, #{type => post, default => post, required => true, desc => "HTTP method."}},
{headers, fun headers/1}
] ++ http_common_fields();
fields(mnesia) ->
[
{type, #{type => 'built_in_database', desc => "Backend type."}},
{type, #{type => 'built_in_database', required => true, desc => "Backend type."}},
{enable, #{
type => boolean(),
default => true,
@ -147,7 +147,7 @@ fields(mysql) ->
fields(postgresql) ->
[
{query, query()},
{type, #{type => postgresql, desc => "Backend type."}},
{type, #{type => postgresql, required => true, desc => "Backend type."}},
{enable, #{
type => boolean(),
desc => "Enable this backend.",
@ -213,10 +213,16 @@ http_common_fields() ->
mongo_common_fields() ->
[
{collection, #{
type => atom(), desc => "`MongoDB` collection containing the authorization data."
type => atom(),
required => true,
desc => "`MongoDB` collection containing the authorization data."
}},
{selector, #{type => map(), desc => "MQL query used to select the authorization record."}},
{type, #{type => mongodb, desc => "Database backend."}},
{selector, #{
type => map(),
required => true,
desc => "MQL query used to select the authorization record."
}},
{type, #{type => mongodb, required => true, desc => "Database backend."}},
{enable, #{
type => boolean(),
default => true,
@ -335,6 +341,7 @@ query() ->
#{
type => binary(),
desc => "Database query used to retrieve authorization data.",
required => true,
validator => fun(S) ->
case size(S) > 0 of
true -> ok;