yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: ignore authn, authz status and metrics

This commit is contained in:
EMQ-YangM 2022-03-16 11:14:21 +08:00
parent eb5570dd07
commit 37c4d68f40
4 changed files with 60 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -84,7 +84,7 @@
-elvis([{elvis_style, god_modules, disable}]). -elvis([{elvis_style, god_modules, disable}]).
api_spec() -> api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}). emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}).
paths() -> [ "/authentication" paths() -> [ "/authentication"
, "/authentication/:id" , "/authentication/:id"
@ -752,16 +752,11 @@ list_authenticators(ConfKeyPath) ->
|| AuthenticatorConfig <- AuthenticatorsConfig], || AuthenticatorConfig <- AuthenticatorsConfig],
{200, NAuthenticators}. {200, NAuthenticators}.
list_authenticator(ChainName, ConfKeyPath, AuthenticatorID) -> list_authenticator(_, ConfKeyPath, AuthenticatorID) ->
AuthenticatorsConfig = get_raw_config_with_defaults(ConfKeyPath), AuthenticatorsConfig = get_raw_config_with_defaults(ConfKeyPath),
case find_config(AuthenticatorID, AuthenticatorsConfig) of case find_config(AuthenticatorID, AuthenticatorsConfig) of
{ok, AuthenticatorConfig} -> {ok, AuthenticatorConfig} ->
case lookup_from_all_nodes(ChainName, AuthenticatorID) of {200, maps:put(id, AuthenticatorID, convert_certs(AuthenticatorConfig))};
{ok, StatusAndMetrics} ->
{200, maps:merge(convert_certs(AuthenticatorConfig),
maps:put(id, AuthenticatorID, StatusAndMetrics))};
{error, ErrorMsg} -> {500, ErrorMsg}
end;
{error, Reason} -> {error, Reason} ->
serialize_error(Reason) serialize_error(Reason)
end. end.
@ -882,17 +877,12 @@ is_ok(ResL) ->
ErrL -> {error, ErrL} ErrL -> {error, ErrL}
end. end.
filter_out_request_body(Conf) ->
ExtraConfs = [<<"status">>, <<"node_status">>,
<<"node_metrics">>, <<"metrics">>, <<"node">>],
maps:without(ExtraConfs, Conf).
update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) -> update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
case update_config(ConfKeyPath, case update_config(ConfKeyPath,
{update_authenticator, {update_authenticator,
ChainName, ChainName,
AuthenticatorID, AuthenticatorID,
filter_out_request_body(Config)}) of Config}) of
{ok, #{post_config_update := #{emqx_authentication := #{id := ID}}, {ok, #{post_config_update := #{emqx_authentication := #{id := ID}},
raw_config := AuthenticatorsConfig}} -> raw_config := AuthenticatorsConfig}} ->
{ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig), {ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig),

50
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -164,33 +164,33 @@ test_authenticator(PathPrefix) ->
post, post,
uri(PathPrefix ++ [?CONF_NS]), uri(PathPrefix ++ [?CONF_NS]),
ValidConfig0), ValidConfig0),
{ok, 200, Res} = request( {ok, 200, _} = request(
get, get,
uri(PathPrefix ++ [?CONF_NS, "password_based:http"])), uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
{ok, RList} = emqx_json:safe_decode(Res), %% {ok, RList} = emqx_json:safe_decode(Res),
Snd = fun ({_, Val}) -> Val end, %% Snd = fun ({_, Val}) -> Val end,
LookupVal = fun LookupV(List, RestJson) -> %% LookupVal = fun LookupV(List, RestJson) ->
case List of %% case List of
[Name] -> Snd(lists:keyfind(Name, 1, RestJson)); %% [Name] -> Snd(lists:keyfind(Name, 1, RestJson));
[Name | NS] -> LookupV(NS, Snd(lists:keyfind(Name, 1, RestJson))) %% [Name | NS] -> LookupV(NS, Snd(lists:keyfind(Name, 1, RestJson)))
end %% end
end, %% end,
LookFun = fun (List) -> LookupVal(List, RList) end, %% LookFun = fun (List) -> LookupVal(List, RList) end,
MetricsList = [{<<"failed">>, 0}, %% MetricsList = [{<<"failed">>, 0},
{<<"matched">>, 0}, %% {<<"matched">>, 0},
{<<"rate">>, 0.0}, %% {<<"rate">>, 0.0},
{<<"rate_last5m">>, 0.0}, %% {<<"rate_last5m">>, 0.0},
{<<"rate_max">>, 0.0}, %% {<<"rate_max">>, 0.0},
{<<"success">>, 0}], %% {<<"success">>, 0}],
EqualFun = fun ({M, V}) -> %% EqualFun = fun ({M, V}) ->
?assertEqual(V, LookFun([<<"metrics">>, %% ?assertEqual(V, LookFun([<<"metrics">>,
M] %% M]
) %% )
) end, %% ) end,
lists:map(EqualFun, MetricsList), %% lists:map(EqualFun, MetricsList),
?assertEqual(<<"connected">>, %% ?assertEqual(<<"connected">>,
LookFun([<<"status">> %% LookFun([<<"status">>
])), %% ])),
{ok, 404, _} = request( {ok, 404, _} = request(
get, get,
uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])), uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),

20
apps/emqx_authz/src/emqx_authz_api_sources.erl
View File

@ -69,7 +69,7 @@
]). ]).
api_spec() -> api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}). emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}).
paths() -> paths() ->
[ "/authorization/sources" [ "/authorization/sources"
@ -227,16 +227,7 @@ source(get, #{bindings := #{type := Type}}) ->
{400, #{code => <<"BAD_REQUEST">>, {400, #{code => <<"BAD_REQUEST">>,
message => bin(Reason)}} message => bin(Reason)}}
end; end;
[Source] -> [Source] -> {200, read_certs(Source)}
case emqx_authz:lookup(Type) of
#{annotations := #{id := ResourceId }} ->
case lookup_from_all_nodes(ResourceId) of
{ok, StatusAndMetrics} ->
{200, maps:merge(read_certs(Source), StatusAndMetrics)};
{error, ErrorMsg} -> {500, ErrorMsg}
end;
_ -> {200, read_certs(Source)}
end
end; end;
source(put, #{bindings := #{type := <<"file">>}, body := #{<<"type">> := <<"file">>, source(put, #{bindings := #{type := <<"file">>}, body := #{<<"type">> := <<"file">>,
<<"rules">> := Rules, <<"rules">> := Rules,
@ -255,15 +246,10 @@ source(put, #{bindings := #{type := <<"file">>}, body := #{<<"type">> := <<"file
end; end;
source(put, #{bindings := #{type := Type}, body := Body}) when is_map(Body) -> source(put, #{bindings := #{type := Type}, body := Body}) when is_map(Body) ->
update_config({?CMD_REPLACE, Type}, update_config({?CMD_REPLACE, Type},
maybe_write_certs(filter_out_request_body(Body#{<<"type">> => Type}))); maybe_write_certs(Body#{<<"type">> => Type}));
source(delete, #{bindings := #{type := Type}}) -> source(delete, #{bindings := #{type := Type}}) ->
update_config({?CMD_DELETE, Type}, #{}). update_config({?CMD_DELETE, Type}, #{}).
filter_out_request_body(Conf) ->
ExtraConfs = [<<"status">>, <<"node_status">>,
<<"node_metrics">>, <<"metrics">>, <<"node">>],
maps:without(ExtraConfs, Conf).
move_source(Method, #{bindings := #{type := Type} = Bindings } = Req) move_source(Method, #{bindings := #{type := Type} = Bindings } = Req)
when is_atom(Type) -> when is_atom(Type) ->
move_source(Method, Req#{bindings => Bindings#{type => atom_to_binary(Type, utf8)}}); move_source(Method, Req#{bindings => Bindings#{type => atom_to_binary(Type, utf8)}});

56
apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
View File

@ -176,32 +176,32 @@ t_api(_) ->
[?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5, ?SOURCE6]), [?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5, ?SOURCE6]),
{ok, 204, _} = request(post, uri(["authorization", "sources"]), ?SOURCE1), {ok, 204, _} = request(post, uri(["authorization", "sources"]), ?SOURCE1),
Snd = fun ({_, Val}) -> Val end, %% Snd = fun ({_, Val}) -> Val end,
LookupVal = fun LookupV(List, RestJson) -> %% LookupVal = fun LookupV(List, RestJson) ->
case List of %% case List of
[Name] -> Snd(lists:keyfind(Name, 1, RestJson)); %% [Name] -> Snd(lists:keyfind(Name, 1, RestJson));
[Name | NS] -> LookupV(NS, Snd(lists:keyfind(Name, 1, RestJson))) %% [Name | NS] -> LookupV(NS, Snd(lists:keyfind(Name, 1, RestJson)))
end %% end
end, %% end,
EqualFun = fun (RList) -> %% EqualFun = fun (RList) ->
fun ({M, V}) -> %% fun ({M, V}) ->
?assertEqual(V, %% ?assertEqual(V,
LookupVal([<<"metrics">>, M], %% LookupVal([<<"metrics">>, M],
RList) %% RList)
) %% )
end %% end
end, %% end,
AssertFun = %% AssertFun =
fun (ResultJson) -> %% fun (ResultJson) ->
{ok, RList} = emqx_json:safe_decode(ResultJson), %% {ok, RList} = emqx_json:safe_decode(ResultJson),
MetricsList = [{<<"failed">>, 0}, %% MetricsList = [{<<"failed">>, 0},
{<<"matched">>, 0}, %% {<<"matched">>, 0},
{<<"rate">>, 0.0}, %% {<<"rate">>, 0.0},
{<<"rate_last5m">>, 0.0}, %% {<<"rate_last5m">>, 0.0},
{<<"rate_max">>, 0.0}, %% {<<"rate_max">>, 0.0},
{<<"success">>, 0}], %% {<<"success">>, 0}],
lists:map(EqualFun(RList), MetricsList) %% lists:map(EqualFun(RList), MetricsList)
end, %% end,
{ok, 200, Result2} = request(get, uri(["authorization", "sources"]), []), {ok, 200, Result2} = request(get, uri(["authorization", "sources"]), []),
Sources = get_sources(Result2), Sources = get_sources(Result2),
@ -238,7 +238,7 @@ t_api(_) ->
<<"verify">> => <<"verify_none">> <<"verify">> => <<"verify_none">>
}}), }}),
{ok, 200, Result4} = request(get, uri(["authorization", "sources", "mongodb"]), []), {ok, 200, Result4} = request(get, uri(["authorization", "sources", "mongodb"]), []),
AssertFun(Result4), %% AssertFun(Result4),
?assertMatch(#{<<"type">> := <<"mongodb">>, ?assertMatch(#{<<"type">> := <<"mongodb">>,
<<"ssl">> := #{<<"enable">> := <<"true">>, <<"ssl">> := #{<<"enable">> := <<"true">>,
<<"cacertfile">> := ?MATCH_CERT, <<"cacertfile">> := ?MATCH_CERT,
@ -261,7 +261,7 @@ t_api(_) ->
<<"verify">> => <<"verify_none">> <<"verify">> => <<"verify_none">>
}}), }}),
{ok, 200, Result5} = request(get, uri(["authorization", "sources", "mongodb"]), []), {ok, 200, Result5} = request(get, uri(["authorization", "sources", "mongodb"]), []),
AssertFun(Result5), %% AssertFun(Result5),
?assertMatch(#{<<"type">> := <<"mongodb">>, ?assertMatch(#{<<"type">> := <<"mongodb">>,
<<"ssl">> := #{<<"enable">> := <<"true">>, <<"ssl">> := #{<<"enable">> := <<"true">>,
<<"cacertfile">> := ?MATCH_CERT, <<"cacertfile">> := ?MATCH_CERT,