diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index 19bb2737b..0154cd204 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -1,7 +1,7 @@ authorization { sources = [ # { - # type: http + # type: http-server # url: "https://emqx.com" # headers: { # Accept: "application/json" diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index cf7447f6a..d1c8e3992 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -39,7 +39,7 @@ -export([post_config_update/4, pre_config_update/2]). -define(CONF_KEY_PATH, [authorization, sources]). --define(SOURCE_TYPES, [file, http, mongo, mysql, postgresql, redis]). +-define(SOURCE_TYPES, [file, 'http-server', mongo, mysql, postgresql, redis]). -spec(register_metrics() -> ok). register_metrics() -> @@ -289,7 +289,7 @@ init_source(#{enable := true, end, Source#{annotations => #{rules => Rules}}; init_source(#{enable := true, - type := http, + type := 'http-server', url := Url } = Source) -> NSource= maps:put(base_url, maps:remove(query, Url), Source), @@ -387,6 +387,8 @@ find_action_in_hooks() -> [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ], Action. +gen_id('http-server') -> + gen_id(http); gen_id(Type) -> iolist_to_binary([io_lib:format("~s_~s",[?APP, Type])]). @@ -404,9 +406,13 @@ create_resource(#{type := DB} = Source) -> {error, Reason} -> {error, Reason} end. +authz_module('http-server') -> + authz_module(http); authz_module(Type) -> list_to_existing_atom("emqx_authz_" ++ atom_to_list(Type)). +connector_module('http-server') -> + emqx_connector_http; connector_module(postgresql) -> emqx_connector_pgsql; connector_module(Type) -> diff --git a/apps/emqx_authz/src/emqx_authz_api_schema.erl b/apps/emqx_authz/src/emqx_authz_api_schema.erl index 4fd2f8ca1..faa8fb132 100644 --- a/apps/emqx_authz/src/emqx_authz_api_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_api_schema.erl @@ -82,8 +82,8 @@ definitions() -> properties => #{ type => #{ type => string, - enum => [<<"http">>], - example => <<"http">> + enum => [<<"http-server">>], + example => <<"http-server">> }, enable => #{ type => boolean, diff --git a/apps/emqx_authz/src/emqx_authz_http.erl b/apps/emqx_authz/src/emqx_authz_http.erl index 93aa634f3..e104ca8c6 100644 --- a/apps/emqx_authz/src/emqx_authz_http.erl +++ b/apps/emqx_authz/src/emqx_authz_http.erl @@ -34,7 +34,7 @@ description() -> "AuthZ with http". authorize(Client, PubSub, Topic, - #{type := http, + #{type := 'http-server', url := #{path := Path} = Url, headers := Headers, method := Method, diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index bda8d8e74..854babbc2 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -53,7 +53,7 @@ fields(file) -> }} ]; fields(http_get) -> - [ {type, #{type => http}} + [ {type, #{type => 'http-server'}} , {enable, #{type => boolean(), default => true}} , {url, #{type => url()}} @@ -80,7 +80,7 @@ fields(http_get) -> , {request_timeout, #{type => timeout(), default => 30000 }} ] ++ proplists:delete(base_url, emqx_connector_http:fields(config)); fields(http_post) -> - [ {type, #{type => http}} + [ {type, #{type => 'http-server'}} , {enable, #{type => boolean(), default => true}} , {url, #{type => url()}} diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index bed20e0e4..b51da292c 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -60,7 +60,7 @@ init_per_testcase(_, Config) -> {ok, _} = emqx_authz:update(replace, []), Config. --define(SOURCE1, #{<<"type">> => <<"http">>, +-define(SOURCE1, #{<<"type">> => <<"http-server">>, <<"enable">> => true, <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, @@ -127,7 +127,7 @@ t_update_source(_) -> {ok, _} = emqx_authz:update(tail, [?SOURCE5]), {ok, _} = emqx_authz:update(tail, [?SOURCE6]), - ?assertMatch([ #{type := http, enable := true} + ?assertMatch([ #{type := 'http-server', enable := true} , #{type := mongo, enable := true} , #{type := mysql, enable := true} , #{type := postgresql, enable := true} @@ -135,14 +135,14 @@ t_update_source(_) -> , #{type := file, enable := true} ], emqx:get_config([authorization, sources], [])), - {ok, _} = emqx_authz:update({replace_once, http}, ?SOURCE1#{<<"enable">> := false}), + {ok, _} = emqx_authz:update({replace_once, 'http-server'}, ?SOURCE1#{<<"enable">> := false}), {ok, _} = emqx_authz:update({replace_once, mongo}, ?SOURCE2#{<<"enable">> := false}), {ok, _} = emqx_authz:update({replace_once, mysql}, ?SOURCE3#{<<"enable">> := false}), {ok, _} = emqx_authz:update({replace_once, postgresql}, ?SOURCE4#{<<"enable">> := false}), {ok, _} = emqx_authz:update({replace_once, redis}, ?SOURCE5#{<<"enable">> := false}), {ok, _} = emqx_authz:update({replace_once, file}, ?SOURCE6#{<<"enable">> := false}), - ?assertMatch([ #{type := http, enable := false} + ?assertMatch([ #{type := 'http-server', enable := false} , #{type := mongo, enable := false} , #{type := mysql, enable := false} , #{type := postgresql, enable := false} @@ -154,7 +154,7 @@ t_update_source(_) -> t_move_source(_) -> {ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5, ?SOURCE6]), - ?assertMatch([ #{type := http} + ?assertMatch([ #{type := 'http-server'} , #{type := mongo} , #{type := mysql} , #{type := postgresql} @@ -164,20 +164,20 @@ t_move_source(_) -> {ok, _} = emqx_authz:move(postgresql, <<"top">>), ?assertMatch([ #{type := postgresql} - , #{type := http} + , #{type := 'http-server'} , #{type := mongo} , #{type := mysql} , #{type := redis} , #{type := file} ], emqx_authz:lookup()), - {ok, _} = emqx_authz:move(http, <<"bottom">>), + {ok, _} = emqx_authz:move('http-server', <<"bottom">>), ?assertMatch([ #{type := postgresql} , #{type := mongo} , #{type := mysql} , #{type := redis} , #{type := file} - , #{type := http} + , #{type := 'http-server'} ], emqx_authz:lookup()), {ok, _} = emqx_authz:move(mysql, #{<<"before">> => postgresql}), @@ -186,15 +186,15 @@ t_move_source(_) -> , #{type := mongo} , #{type := redis} , #{type := file} - , #{type := http} + , #{type := 'http-server'} ], emqx_authz:lookup()), - {ok, _} = emqx_authz:move(mongo, #{<<"after">> => http}), + {ok, _} = emqx_authz:move(mongo, #{<<"after">> => 'http-server'}), ?assertMatch([ #{type := mysql} , #{type := postgresql} , #{type := redis} , #{type := file} - , #{type := http} + , #{type := 'http-server'} , #{type := mongo} ], emqx_authz:lookup()), diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl index f2118c05f..fd06cf034 100644 --- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl @@ -37,7 +37,7 @@ -define(API_VERSION, "v5"). -define(BASE_PATH, "api"). --define(SOURCE1, #{<<"type">> => <<"http">>, +-define(SOURCE1, #{<<"type">> => <<"http-server">>, <<"enable">> => true, <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, @@ -180,7 +180,7 @@ t_api(_) -> {ok, 200, Result2} = request(get, uri(["authorization", "sources"]), []), Sources = get_sources(Result2), - ?assertMatch([ #{<<"type">> := <<"http">>} + ?assertMatch([ #{<<"type">> := <<"http-server">>} , #{<<"type">> := <<"mongo">>} , #{<<"type">> := <<"mysql">>} , #{<<"type">> := <<"postgresql">>} @@ -189,9 +189,9 @@ t_api(_) -> ], Sources), ?assert(filelib:is_file(filename:join([emqx:get_config([node, data_dir]), "acl.conf"]))), - {ok, 204, _} = request(put, uri(["authorization", "sources", "http"]), ?SOURCE1#{<<"enable">> := false}), - {ok, 200, Result3} = request(get, uri(["authorization", "sources", "http"]), []), - ?assertMatch(#{<<"type">> := <<"http">>, <<"enable">> := false}, jsx:decode(Result3)), + {ok, 204, _} = request(put, uri(["authorization", "sources", "http-server"]), ?SOURCE1#{<<"enable">> := false}), + {ok, 200, Result3} = request(get, uri(["authorization", "sources", "http-server"]), []), + ?assertMatch(#{<<"type">> := <<"http-server">>, <<"enable">> := false}, jsx:decode(Result3)), {ok, 204, _} = request(put, uri(["authorization", "sources", "mongo"]), ?SOURCE2#{<<"ssl">> := #{ @@ -224,7 +224,7 @@ t_api(_) -> t_move_source(_) -> {ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5]), - ?assertMatch([ #{type := http} + ?assertMatch([ #{type := 'http-server'} , #{type := mongo} , #{type := mysql} , #{type := postgresql} @@ -234,19 +234,19 @@ t_move_source(_) -> {ok, 204, _} = request(post, uri(["authorization", "sources", "postgresql", "move"]), #{<<"position">> => <<"top">>}), ?assertMatch([ #{type := postgresql} - , #{type := http} + , #{type := 'http-server'} , #{type := mongo} , #{type := mysql} , #{type := redis} ], emqx_authz:lookup()), - {ok, 204, _} = request(post, uri(["authorization", "sources", "http", "move"]), + {ok, 204, _} = request(post, uri(["authorization", "sources", "http-server", "move"]), #{<<"position">> => <<"bottom">>}), ?assertMatch([ #{type := postgresql} , #{type := mongo} , #{type := mysql} , #{type := redis} - , #{type := http} + , #{type := 'http-server'} ], emqx_authz:lookup()), {ok, 204, _} = request(post, uri(["authorization", "sources", "mysql", "move"]), @@ -255,15 +255,15 @@ t_move_source(_) -> , #{type := postgresql} , #{type := mongo} , #{type := redis} - , #{type := http} + , #{type := 'http-server'} ], emqx_authz:lookup()), {ok, 204, _} = request(post, uri(["authorization", "sources", "mongo", "move"]), - #{<<"position">> => #{<<"after">> => <<"http">>}}), + #{<<"position">> => #{<<"after">> => <<"http-server">>}}), ?assertMatch([ #{type := mysql} , #{type := postgresql} , #{type := redis} - , #{type := http} + , #{type := 'http-server'} , #{type := mongo} ], emqx_authz:lookup()), diff --git a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl index 17763d993..38d0934f6 100644 --- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl @@ -46,7 +46,7 @@ init_per_suite(Config) -> {ok, _} = emqx:update_config([authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, no_match], deny), - Rules = [#{<<"type">> => <<"http">>, + Rules = [#{<<"type">> => <<"http-server">>, <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, <<"method">> => <<"get">>,