fix(authz_mnesia): improve field names and changes
This commit is contained in:
firest
parent
3ae26c8a54
commit
1716852057
|
|
@ -478,11 +478,14 @@ users(post, #{body := Body}) when is_list(Body) ->
|
||||||
Body
|
Body
|
||||||
),
|
),
|
||||||
{204};
|
{204};
|
||||||
{error, rules_too_long} ->
|
{error, {Username, too_many_rules}} ->
|
||||||
{400, #{
|
{400, #{
|
||||||
code => <<"BAD_REQUEST">>,
|
code => <<"BAD_REQUEST">>,
|
||||||
message =>
|
message =>
|
||||||
<<"The length of rules exceeds the maximum limit.">>
|
binfmt(
|
||||||
|
<<"The rules length of User '~ts' exceeds the maximum limit.">>,
|
||||||
|
[Username]
|
||||||
|
)
|
||||||
}};
|
}};
|
||||||
{error, {already_exists, Exists}} ->
|
{error, {already_exists, Exists}} ->
|
||||||
{409, #{
|
{409, #{
|
||||||
|
|
@ -522,11 +525,14 @@ clients(post, #{body := Body}) when is_list(Body) ->
|
||||||
Body
|
Body
|
||||||
),
|
),
|
||||||
{204};
|
{204};
|
||||||
{error, rules_too_long} ->
|
{error, {ClientId, too_many_rules}} ->
|
||||||
{400, #{
|
{400, #{
|
||||||
code => <<"BAD_REQUEST">>,
|
code => <<"BAD_REQUEST">>,
|
||||||
message =>
|
message =>
|
||||||
<<"The length of rules exceeds the maximum limit.">>
|
binfmt(
|
||||||
|
<<"The rules length of Client '~ts' exceeds the maximum limit.">>,
|
||||||
|
[ClientId]
|
||||||
|
)
|
||||||
}};
|
}};
|
||||||
{error, {already_exists, Exists}} ->
|
{error, {already_exists, Exists}} ->
|
||||||
{409, #{
|
{409, #{
|
||||||
|
|
@ -724,7 +730,7 @@ rules_example({ExampleName, ExampleType}) ->
|
||||||
ensure_rules_len(Rules) ->
|
ensure_rules_len(Rules) ->
|
||||||
emqx_authz_api_sources:with_source(
|
emqx_authz_api_sources:with_source(
|
||||||
?AUTHZ_TYPE_BIN,
|
?AUTHZ_TYPE_BIN,
|
||||||
fun(#{<<"max_rules_len">> := MaxLen}) ->
|
fun(#{<<"max_rules">> := MaxLen}) ->
|
||||||
ensure_rules_len(Rules, MaxLen)
|
ensure_rules_len(Rules, MaxLen)
|
||||||
end
|
end
|
||||||
).
|
).
|
||||||
|
|
@ -734,13 +740,13 @@ ensure_rules_len(Rules, MaxLen) ->
|
||||||
true ->
|
true ->
|
||||||
ok;
|
ok;
|
||||||
_ ->
|
_ ->
|
||||||
{error, rules_too_long}
|
{error, too_many_rules}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
ensure_rules_is_valid(Key, Type, Cfgs) ->
|
ensure_rules_is_valid(Key, Type, Cfgs) ->
|
||||||
MaxLen = emqx_authz_api_sources:with_source(
|
MaxLen = emqx_authz_api_sources:with_source(
|
||||||
?AUTHZ_TYPE_BIN,
|
?AUTHZ_TYPE_BIN,
|
||||||
fun(#{<<"max_rules_len">> := MaxLen}) ->
|
fun(#{<<"max_rules">> := MaxLen}) ->
|
||||||
MaxLen
|
MaxLen
|
||||||
end
|
end
|
||||||
),
|
),
|
||||||
|
|
@ -753,8 +759,8 @@ ensure_rules_is_valid(Key, Type, MaxLen, [Cfg | Cfgs]) ->
|
||||||
case ensure_rules_len(Rules, MaxLen) of
|
case ensure_rules_len(Rules, MaxLen) of
|
||||||
ok ->
|
ok ->
|
||||||
ensure_rules_is_valid(Key, Type, MaxLen, Cfgs);
|
ensure_rules_is_valid(Key, Type, MaxLen, Cfgs);
|
||||||
Error ->
|
{error, Reason} ->
|
||||||
Error
|
{error, {Id, Reason}}
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
{error, {already_exists, Id}}
|
{error, {already_exists, Id}}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
namespace/0
|
namespace/0
|
||||||
]).
|
]).
|
||||||
|
|
||||||
-define(MAX_RULES_LEN, 100).
|
-define(MAX_RULES, 100).
|
||||||
|
|
||||||
namespace() -> "authz".
|
namespace() -> "authz".
|
||||||
|
|
||||||
|
|
@ -39,12 +39,12 @@ type() -> ?AUTHZ_TYPE.
|
||||||
fields(builtin_db) ->
|
fields(builtin_db) ->
|
||||||
emqx_authz_schema:authz_common_fields(?AUTHZ_TYPE) ++
|
emqx_authz_schema:authz_common_fields(?AUTHZ_TYPE) ++
|
||||||
[
|
[
|
||||||
{max_rules_len,
|
{max_rules,
|
||||||
?HOCON(
|
?HOCON(
|
||||||
pos_integer(),
|
pos_integer(),
|
||||||
#{
|
#{
|
||||||
default => ?MAX_RULES_LEN,
|
default => ?MAX_RULES,
|
||||||
desc => ?DESC(max_rules_len)
|
desc => ?DESC(max_rules)
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
].
|
].
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ init_per_suite(Config) ->
|
||||||
{emqx_conf,
|
{emqx_conf,
|
||||||
"authorization.cache { enable = false },"
|
"authorization.cache { enable = false },"
|
||||||
"authorization.no_match = deny,"
|
"authorization.no_match = deny,"
|
||||||
"authorization.sources = [{type = built_in_database, max_rules_len = 5}]"},
|
"authorization.sources = [{type = built_in_database, max_rules = 5}]"},
|
||||||
emqx,
|
emqx,
|
||||||
emqx_auth,
|
emqx_auth,
|
||||||
emqx_auth_mnesia,
|
emqx_auth_mnesia,
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
In the built-in database of authorization, added a limit for the length of rules per client/user, and the default values is 100.
|
In the built-in database of authorization, added a limit for the number of rules per client/user, and the default values is 100.
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ builtin_db.desc:
|
||||||
builtin_db.label:
|
builtin_db.label:
|
||||||
"""Builtin Database"""
|
"""Builtin Database"""
|
||||||
|
|
||||||
max_rules_len.desc:
|
max_rules.desc:
|
||||||
"""Maximum rule length per client/user. Note that performance may decrease as rule length increases."""
|
"""Maximum number of rules per client/user. Note that performance may decrease as number of rules increases."""
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue