yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authz): schema fields used directly.

This commit is contained in:
Zaiming Shi 2021-09-03 11:44:43 +02:00
parent ec13463f4a
commit 19aff7bfdd
5 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/emqx/src/emqx_schema.erl
View File

@ -93,7 +93,8 @@ roots() ->
"plugins", "plugins",
"stats", "stats",
"sysmon", "sysmon",
"alarm" "alarm",
"authorization"
]. ].
fields("stats") -> fields("stats") ->
@ -113,13 +114,13 @@ fields("authorization") ->
#{ default => ignore #{ default => ignore
})} })}
, {"cache", , {"cache",
sc(ref("authorization_cache"), sc(ref(?MODULE, "cache"),
#{ #{
}) })
} }
]; ];
fields("authorization_cache") -> fields("cache") ->
[ {"enable", [ {"enable",
sc(boolean(), sc(boolean(),
#{ default => true #{ default => true
@ -276,7 +277,7 @@ fields("zones") ->
)}]; )}];
fields("zone_settings") -> fields("zone_settings") ->
Fields = ["mqtt", "stats", "authorization", "flapping_detect", "force_shutdown", Fields = ["mqtt", "stats", "flapping_detect", "force_shutdown",
"conn_congestion", "rate_limit", "quota", "force_gc"], "conn_congestion", "rate_limit", "quota", "force_gc"],
[{F, ref(emqx_zone_schema, F)} || F <- Fields]; [{F, ref(emqx_zone_schema, F)} || F <- Fields];

6
apps/emqx_authz/src/emqx_authz.erl
View File

@ -350,9 +350,9 @@ do_authorize(Client, PubSub, Topic,
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
check_sources(RawSources) -> check_sources(RawSources) ->
{ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}), Schema = #{roots => emqx_authz_schema:fields("authorization"), fields => #{}},
CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), Conf = #{<<"sources">> => RawSources},
#{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf), #{sources := Sources} = hocon_schema:check_plain(Schema, Conf, #{atom_key => true}),
Sources. Sources.
find_source_by_type(Type) -> find_source_by_type(Type, lookup()). find_source_by_type(Type) -> find_source_by_type(Type, lookup()).

2
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -20,6 +20,8 @@
namespace() -> authz. namespace() -> authz.
%% @doc authorization schema is not exported
%% but directly used by emqx_schema
roots() -> []. roots() -> [].
fields("authorization") -> fields("authorization") ->

3
apps/emqx_connector/src/emqx_connector_mongo.erl
View File

@ -82,7 +82,8 @@ mongo_fields() ->
, {auth_source, #{type => binary(), , {auth_source, #{type => binary(),
nullable => true}} nullable => true}}
, {database, fun emqx_connector_schema_lib:database/1} , {database, fun emqx_connector_schema_lib:database/1}
, {topology, #{type => hoconsc:ref(?MODULE, topology)}} , {topology, #{type => hoconsc:ref(?MODULE, topology),
nullable => true}}
] ++ ] ++
emqx_connector_schema_lib:ssl_fields(). emqx_connector_schema_lib:ssl_fields().

8
apps/emqx_machine/src/emqx_machine_schema.erl
View File

@ -61,7 +61,13 @@
namespace() -> undefined. namespace() -> undefined.
roots() -> roots() ->
["cluster", "node", "rpc", "log"] ++ lists:flatmap(fun roots/1, ?MERGED_CONFIGS). %% This is a temp workaround to define part of authorization config
%% in emqx_schema and part of it in emqx_authz_schema but then
%% merged here in this module
%% The proper fix should be to make connection (channel, session) state
%% extendable by e.g. allow hooks be stateful.
["cluster", "node", "rpc", "log", "authorization"] ++
lists:keydelete("authorization", 1, lists:flatmap(fun roots/1, ?MERGED_CONFIGS)).
fields("cluster") -> fields("cluster") ->
[ {"name", [ {"name",