feat(authz): Support `cert_common_name` and `cert_subject` in Authz
This commit is contained in:
parent
982abd96bf
commit
14b5977996
|
@ -45,7 +45,9 @@
|
|||
?PH_PROTONAME,
|
||||
?PH_MOUNTPOINT,
|
||||
?PH_TOPIC,
|
||||
?PH_ACTION
|
||||
?PH_ACTION,
|
||||
?PH_CERT_SUBJECT,
|
||||
?PH_CERT_CN_NAME
|
||||
]).
|
||||
|
||||
description() ->
|
||||
|
|
|
@ -40,7 +40,9 @@
|
|||
-define(PLACEHOLDERS, [
|
||||
?PH_USERNAME,
|
||||
?PH_CLIENTID,
|
||||
?PH_PEERHOST
|
||||
?PH_PEERHOST,
|
||||
?PH_CERT_CN_NAME,
|
||||
?PH_CERT_SUBJECT
|
||||
]).
|
||||
|
||||
description() ->
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
-include("emqx_authz.hrl").
|
||||
-include_lib("eunit/include/eunit.hrl").
|
||||
-include_lib("common_test/include/ct.hrl").
|
||||
-include_lib("emqx/include/emqx_placeholder.hrl").
|
||||
|
||||
-define(HTTP_PORT, 33333).
|
||||
-define(HTTP_PATH, "/authz/[...]").
|
||||
|
@ -303,7 +304,7 @@ t_json_body(_Config) ->
|
|||
emqx_access_control:authorize(ClientInfo, publish, <<"t">>)
|
||||
).
|
||||
|
||||
t_form_body(_Config) ->
|
||||
t_placeholder_and_body(_Config) ->
|
||||
ok = setup_handler_and_config(
|
||||
fun(Req0, State) ->
|
||||
?assertEqual(
|
||||
|
@ -321,7 +322,9 @@ t_form_body(_Config) ->
|
|||
<<"proto_name">> := <<"MQTT">>,
|
||||
<<"mountpoint">> := <<"MOUNTPOINT">>,
|
||||
<<"topic">> := <<"t">>,
|
||||
<<"action">> := <<"publish">>
|
||||
<<"action">> := <<"publish">>,
|
||||
<<"CN">> := ?PH_CERT_CN_NAME,
|
||||
<<"CS">> := ?PH_CERT_SUBJECT
|
||||
},
|
||||
jiffy:decode(PostVars, [return_maps])
|
||||
),
|
||||
|
@ -336,7 +339,9 @@ t_form_body(_Config) ->
|
|||
<<"proto_name">> => <<"${proto_name}">>,
|
||||
<<"mountpoint">> => <<"${mountpoint}">>,
|
||||
<<"topic">> => <<"${topic}">>,
|
||||
<<"action">> => <<"${action}">>
|
||||
<<"action">> => <<"${action}">>,
|
||||
<<"CN">> => ?PH_CERT_CN_NAME,
|
||||
<<"CS">> => ?PH_CERT_SUBJECT
|
||||
},
|
||||
<<"headers">> => #{<<"content-type">> => <<"application/x-www-form-urlencoded">>}
|
||||
}
|
||||
|
@ -349,7 +354,9 @@ t_form_body(_Config) ->
|
|||
protocol => <<"MQTT">>,
|
||||
mountpoint => <<"MOUNTPOINT">>,
|
||||
zone => default,
|
||||
listener => {tcp, default}
|
||||
listener => {tcp, default},
|
||||
cn => ?PH_CERT_CN_NAME,
|
||||
dn => ?PH_CERT_SUBJECT
|
||||
},
|
||||
|
||||
?assertEqual(
|
||||
|
|
|
@ -18,8 +18,8 @@
|
|||
-compile(nowarn_export_all).
|
||||
-compile(export_all).
|
||||
|
||||
-include("emqx_connector.hrl").
|
||||
-include("emqx_authz.hrl").
|
||||
-include_lib("emqx_connector/include/emqx_connector.hrl").
|
||||
-include_lib("eunit/include/eunit.hrl").
|
||||
-include_lib("common_test/include/ct.hrl").
|
||||
-include_lib("emqx/include/emqx_placeholder.hrl").
|
||||
|
@ -188,6 +188,46 @@ t_lookups(_Config) ->
|
|||
#{<<"filter">> => #{<<"peerhost">> => <<"${peerhost}">>}}
|
||||
),
|
||||
|
||||
ok = emqx_authz_test_lib:test_samples(
|
||||
ClientInfo,
|
||||
[
|
||||
{allow, subscribe, <<"a">>},
|
||||
{deny, subscribe, <<"b">>}
|
||||
]
|
||||
),
|
||||
|
||||
ByCN = #{
|
||||
<<"CN">> => <<"cn">>,
|
||||
<<"topics">> => [<<"a">>],
|
||||
<<"action">> => <<"all">>,
|
||||
<<"permission">> => <<"allow">>
|
||||
},
|
||||
|
||||
ok = setup_samples([ByCN]),
|
||||
ok = setup_config(
|
||||
#{<<"filter">> => #{<<"CN">> => ?PH_CERT_CN_NAME}}
|
||||
),
|
||||
|
||||
ok = emqx_authz_test_lib:test_samples(
|
||||
ClientInfo,
|
||||
[
|
||||
{allow, subscribe, <<"a">>},
|
||||
{deny, subscribe, <<"b">>}
|
||||
]
|
||||
),
|
||||
|
||||
ByDN = #{
|
||||
<<"DN">> => <<"dn">>,
|
||||
<<"topics">> => [<<"a">>],
|
||||
<<"action">> => <<"all">>,
|
||||
<<"permission">> => <<"allow">>
|
||||
},
|
||||
|
||||
ok = setup_samples([ByDN]),
|
||||
ok = setup_config(
|
||||
#{<<"filter">> => #{<<"DN">> => ?PH_CERT_SUBJECT}}
|
||||
),
|
||||
|
||||
ok = emqx_authz_test_lib:test_samples(
|
||||
ClientInfo,
|
||||
[
|
||||
|
|
Loading…
Reference in New Issue