From 19aff7bfddfda5859e77438abcb222c363f3abca Mon Sep 17 00:00:00 2001 From: Zaiming Shi Date: Fri, 3 Sep 2021 11:44:43 +0200 Subject: [PATCH] fix(authz): schema fields used directly. --- apps/emqx/src/emqx_schema.erl | 9 +++++---- apps/emqx_authz/src/emqx_authz.erl | 6 +++--- apps/emqx_authz/src/emqx_authz_schema.erl | 2 ++ apps/emqx_connector/src/emqx_connector_mongo.erl | 3 ++- apps/emqx_machine/src/emqx_machine_schema.erl | 8 +++++++- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index fe4439aaa..0189a468b 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -93,7 +93,8 @@ roots() -> "plugins", "stats", "sysmon", - "alarm" + "alarm", + "authorization" ]. fields("stats") -> @@ -113,13 +114,13 @@ fields("authorization") -> #{ default => ignore })} , {"cache", - sc(ref("authorization_cache"), + sc(ref(?MODULE, "cache"), #{ }) } ]; -fields("authorization_cache") -> +fields("cache") -> [ {"enable", sc(boolean(), #{ default => true @@ -276,7 +277,7 @@ fields("zones") -> )}]; fields("zone_settings") -> - Fields = ["mqtt", "stats", "authorization", "flapping_detect", "force_shutdown", + Fields = ["mqtt", "stats", "flapping_detect", "force_shutdown", "conn_congestion", "rate_limit", "quota", "force_gc"], [{F, ref(emqx_zone_schema, F)} || F <- Fields]; diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index 7fcd80269..af77390d5 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -350,9 +350,9 @@ do_authorize(Client, PubSub, Topic, %%-------------------------------------------------------------------- check_sources(RawSources) -> - {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}), - CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), - #{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf), + Schema = #{roots => emqx_authz_schema:fields("authorization"), fields => #{}}, + Conf = #{<<"sources">> => RawSources}, + #{sources := Sources} = hocon_schema:check_plain(Schema, Conf, #{atom_key => true}), Sources. find_source_by_type(Type) -> find_source_by_type(Type, lookup()). diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index 0645990a8..b90d522e8 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -20,6 +20,8 @@ namespace() -> authz. +%% @doc authorization schema is not exported +%% but directly used by emqx_schema roots() -> []. fields("authorization") -> diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl index c95679f32..0b769748a 100644 --- a/apps/emqx_connector/src/emqx_connector_mongo.erl +++ b/apps/emqx_connector/src/emqx_connector_mongo.erl @@ -82,7 +82,8 @@ mongo_fields() -> , {auth_source, #{type => binary(), nullable => true}} , {database, fun emqx_connector_schema_lib:database/1} - , {topology, #{type => hoconsc:ref(?MODULE, topology)}} + , {topology, #{type => hoconsc:ref(?MODULE, topology), + nullable => true}} ] ++ emqx_connector_schema_lib:ssl_fields(). diff --git a/apps/emqx_machine/src/emqx_machine_schema.erl b/apps/emqx_machine/src/emqx_machine_schema.erl index a3e7e9388..657594ae8 100644 --- a/apps/emqx_machine/src/emqx_machine_schema.erl +++ b/apps/emqx_machine/src/emqx_machine_schema.erl @@ -61,7 +61,13 @@ namespace() -> undefined. roots() -> - ["cluster", "node", "rpc", "log"] ++ lists:flatmap(fun roots/1, ?MERGED_CONFIGS). + %% This is a temp workaround to define part of authorization config + %% in emqx_schema and part of it in emqx_authz_schema but then + %% merged here in this module + %% The proper fix should be to make connection (channel, session) state + %% extendable by e.g. allow hooks be stateful. + ["cluster", "node", "rpc", "log", "authorization"] ++ + lists:keydelete("authorization", 1, lists:flatmap(fun roots/1, ?MERGED_CONFIGS)). fields("cluster") -> [ {"name",