fix(authz): schema fields used directly.

2021-09-03 11:44:43 +02:00 · 2021-09-03 11:44:43 +02:00 · 19aff7bfdd
parent ec13463f4a
commit 19aff7bfdd
5 changed files with 19 additions and 9 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -93,7 +93,8 @@ roots() ->
     "plugins",
     "stats",
     "sysmon",
-     "alarm"
+     "alarm",
+     "authorization"
    ].

 fields("stats") ->
@ -113,13 +114,13 @@ fields("authorization") ->
          #{ default => ignore
           })}
    , {"cache",
-       sc(ref("authorization_cache"),
+       sc(ref(?MODULE, "cache"),
          #{
           })
       }
    ];

-fields("authorization_cache") ->
+fields("cache") ->
    [ {"enable",
       sc(boolean(),
          #{ default => true
@ -276,7 +277,7 @@ fields("zones") ->
         )}];

 fields("zone_settings") ->
-    Fields = ["mqtt", "stats", "authorization", "flapping_detect", "force_shutdown",
+    Fields = ["mqtt", "stats", "flapping_detect", "force_shutdown",
              "conn_congestion", "rate_limit", "quota", "force_gc"],
    [{F, ref(emqx_zone_schema, F)} || F <- Fields];

--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@ -350,9 +350,9 @@ do_authorize(Client, PubSub, Topic,
 %%--------------------------------------------------------------------

 check_sources(RawSources) ->
-    {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}),
-    CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}),
-    #{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf),
+    Schema = #{roots => emqx_authz_schema:fields("authorization"), fields => #{}},
+    Conf = #{<<"sources">> => RawSources},
+    #{sources := Sources} = hocon_schema:check_plain(Schema, Conf, #{atom_key => true}),
    Sources.

 find_source_by_type(Type) -> find_source_by_type(Type, lookup()).
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@ -20,6 +20,8 @@

 namespace() -> authz.

+%% @doc authorization schema is not exported
+%% but directly used by emqx_schema
 roots() -> [].

 fields("authorization") ->
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@ -82,7 +82,8 @@ mongo_fields() ->
    , {auth_source, #{type => binary(),
                      nullable => true}}
    , {database, fun emqx_connector_schema_lib:database/1}
-    , {topology, #{type => hoconsc:ref(?MODULE, topology)}}
+    , {topology, #{type => hoconsc:ref(?MODULE, topology),
+                   nullable => true}}
    ] ++
    emqx_connector_schema_lib:ssl_fields().

--- a/apps/emqx_machine/src/emqx_machine_schema.erl
+++ b/apps/emqx_machine/src/emqx_machine_schema.erl
@ -61,7 +61,13 @@
 namespace() -> undefined.

 roots() ->
-    ["cluster", "node", "rpc", "log"] ++ lists:flatmap(fun roots/1, ?MERGED_CONFIGS).
+    %% This is a temp workaround to define part of authorization config
+    %% in emqx_schema and part of it in emqx_authz_schema but then
+    %% merged here in this module
+    %% The proper fix should be to make connection (channel, session) state
+    %% extendable by e.g. allow hooks be stateful.
+    ["cluster", "node", "rpc", "log", "authorization"] ++
+    lists:keydelete("authorization", 1, lists:flatmap(fun roots/1, ?MERGED_CONFIGS)).

 fields("cluster") ->
    [ {"name",