yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(emqx_authz): rename rules to sources in emqx_authz

This commit is contained in:
zhanghongtong 2021-08-27 17:15:58 +08:00 committed by Rory Z
parent 9d9eb2095b
commit 46fb99d44e
13 changed files with 192 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/emqx/src/emqx_schema.erl
View File

@ -80,7 +80,6 @@ fields("stats") ->
fields("authorization") ->
[ {"no_match", t(union(allow, deny), undefined, allow)}
, {"enable", t(boolean(), undefined, true)}
, {"deny_action", t(union(ignore, disconnect), undefined, ignore)}
, {"cache", ref("authorization_cache")}
];

2
apps/emqx_authz/etc/emqx_authz.conf
View File

@ -1,5 +1,5 @@
authorization {
rules = [
sources = [
# {
# type: http
# config: {

2
apps/emqx_authz/include/emqx_authz.hrl
View File

@ -17,6 +17,8 @@
-type(rule() :: {permission(), who(), action(), list(emqx_topic:topic())}).
-type(rules() :: [rule()]).
-type(sources() :: [map()]).
-define(APP, emqx_authz).
-define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= <<"allow">>) orelse

202
apps/emqx_authz/src/emqx_authz.erl
View File

@ -36,7 +36,7 @@
-export([post_config_update/4, pre_config_update/2]).
-define(CONF_KEY_PATH, [authorization, rules]).
-define(CONF_KEY_PATH, [authorization, sources]).
-spec(register_metrics() -> ok).
register_metrics() ->
@ -45,15 +45,15 @@ register_metrics() ->
init() ->
ok = register_metrics(),
emqx_config_handler:add_handler(?CONF_KEY_PATH, ?MODULE),
NRules = [init_provider(Rule) || Rule <- emqx:get_config(?CONF_KEY_PATH, [])],
ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]}, -1).
NSources = [init_source(Source) || Source <- emqx:get_config(?CONF_KEY_PATH, [])],
ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NSources]}, -1).
lookup() ->
{_M, _F, [A]}= find_action_in_hooks(),
A.
lookup(Id) ->
try find_rule_by_id(Id, lookup()) of
{_, Rule} -> Rule
try find_source_by_id(Id, lookup()) of
{_, Source} -> Source
catch
error:Reason -> {error, Reason}
end.
@ -61,23 +61,23 @@ lookup(Id) ->
move(Id, Position) ->
emqx:update_config(?CONF_KEY_PATH, {move, Id, Position}).
update(Cmd, Rules) ->
emqx:update_config(?CONF_KEY_PATH, {Cmd, Rules}).
update(Cmd, Sources) ->
emqx:update_config(?CONF_KEY_PATH, {Cmd, Sources}).
pre_config_update({move, Id, <<"top">>}, Conf) when is_list(Conf) ->
{Index, _} = find_rule_by_id(Id),
{Index, _} = find_source_by_id(Id),
{List1, List2} = lists:split(Index, Conf),
{ok, [lists:nth(Index, Conf)] ++ lists:droplast(List1) ++ List2};
pre_config_update({move, Id, <<"bottom">>}, Conf) when is_list(Conf) ->
{Index, _} = find_rule_by_id(Id),
{Index, _} = find_source_by_id(Id),
{List1, List2} = lists:split(Index, Conf),
{ok, lists:droplast(List1) ++ List2 ++ [lists:nth(Index, Conf)]};
pre_config_update({move, Id, #{<<"before">> := BeforeId}}, Conf) when is_list(Conf) ->
{Index1, _} = find_rule_by_id(Id),
{Index1, _} = find_source_by_id(Id),
Conf1 = lists:nth(Index1, Conf),
{Index2, _} = find_rule_by_id(BeforeId),
{Index2, _} = find_source_by_id(BeforeId),
Conf2 = lists:nth(Index2, Conf),
{List1, List2} = lists:split(Index2, Conf),
@ -86,117 +86,117 @@ pre_config_update({move, Id, #{<<"before">> := BeforeId}}, Conf) when is_list(Co
++ lists:delete(Conf1, List2)};
pre_config_update({move, Id, #{<<"after">> := AfterId}}, Conf) when is_list(Conf) ->
{Index1, _} = find_rule_by_id(Id),
{Index1, _} = find_source_by_id(Id),
Conf1 = lists:nth(Index1, Conf),
{Index2, _} = find_rule_by_id(AfterId),
{Index2, _} = find_source_by_id(AfterId),
{List1, List2} = lists:split(Index2, Conf),
{ok, lists:delete(Conf1, List1)
++ [Conf1]
++ lists:delete(Conf1, List2)};
pre_config_update({head, Rules}, Conf) when is_list(Rules), is_list(Conf) ->
{ok, Rules ++ Conf};
pre_config_update({tail, Rules}, Conf) when is_list(Rules), is_list(Conf) ->
{ok, Conf ++ Rules};
pre_config_update({{replace_once, Id}, Rule}, Conf) when is_map(Rule), is_list(Conf) ->
{Index, _} = find_rule_by_id(Id),
pre_config_update({head, Sources}, Conf) when is_list(Sources), is_list(Conf) ->
{ok, Sources ++ Conf};
pre_config_update({tail, Sources}, Conf) when is_list(Sources), is_list(Conf) ->
{ok, Conf ++ Sources};
pre_config_update({{replace_once, Id}, Source}, Conf) when is_map(Source), is_list(Conf) ->
{Index, _} = find_source_by_id(Id),
{List1, List2} = lists:split(Index, Conf),
{ok, lists:droplast(List1) ++ [Rule] ++ List2};
pre_config_update({_, Rules}, _Conf) when is_list(Rules)->
{ok, lists:droplast(List1) ++ [Source] ++ List2};
pre_config_update({_, Sources}, _Conf) when is_list(Sources)->
%% overwrite the entire config!
{ok, Rules}.
{ok, Sources}.
post_config_update(_, undefined, _Conf, _AppEnvs) ->
ok;
post_config_update({move, Id, <<"top">>}, _NewRules, _OldRules, _AppEnvs) ->
InitedRules = lookup(),
{Index, Rule} = find_rule_by_id(Id, InitedRules),
{Rules1, Rules2 } = lists:split(Index, InitedRules),
Rules3 = [Rule] ++ lists:droplast(Rules1) ++ Rules2,
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1),
post_config_update({move, Id, <<"top">>}, _NewSources, _OldSources, _AppEnvs) ->
InitedSources = lookup(),
{Index, Source} = find_source_by_id(Id, InitedSources),
{Sources1, Sources2 } = lists:split(Index, InitedSources),
Sources3 = [Source] ++ lists:droplast(Sources1) ++ Sources2,
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({move, Id, <<"bottom">>}, _NewRules, _OldRules, _AppEnvs) ->
InitedRules = lookup(),
{Index, Rule} = find_rule_by_id(Id, InitedRules),
{Rules1, Rules2 } = lists:split(Index, InitedRules),
Rules3 = lists:droplast(Rules1) ++ Rules2 ++ [Rule],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1),
post_config_update({move, Id, <<"bottom">>}, _NewSources, _OldSources, _AppEnvs) ->
InitedSources = lookup(),
{Index, Source} = find_source_by_id(Id, InitedSources),
{Sources1, Sources2 } = lists:split(Index, InitedSources),
Sources3 = lists:droplast(Sources1) ++ Sources2 ++ [Source],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({move, Id, #{<<"before">> := BeforeId}}, _NewRules, _OldRules, _AppEnvs) ->
InitedRules = lookup(),
{_, Rule0} = find_rule_by_id(Id, InitedRules),
{Index, Rule1} = find_rule_by_id(BeforeId, InitedRules),
{Rules1, Rules2} = lists:split(Index, InitedRules),
Rules3 = lists:delete(Rule0, lists:droplast(Rules1))
++ [Rule0] ++ [Rule1]
++ lists:delete(Rule0, Rules2),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1),
post_config_update({move, Id, #{<<"before">> := BeforeId}}, _NewSources, _OldSources, _AppEnvs) ->
InitedSources = lookup(),
{_, Source0} = find_source_by_id(Id, InitedSources),
{Index, Source1} = find_source_by_id(BeforeId, InitedSources),
{Sources1, Sources2} = lists:split(Index, InitedSources),
Sources3 = lists:delete(Source0, lists:droplast(Sources1))
++ [Source0] ++ [Source1]
++ lists:delete(Source0, Sources2),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({move, Id, #{<<"after">> := AfterId}}, _NewRules, _OldRules, _AppEnvs) ->
InitedRules = lookup(),
{_, Rule} = find_rule_by_id(Id, InitedRules),
{Index, _} = find_rule_by_id(AfterId, InitedRules),
{Rules1, Rules2} = lists:split(Index, InitedRules),
Rules3 = lists:delete(Rule, Rules1)
++ [Rule]
++ lists:delete(Rule, Rules2),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1),
post_config_update({move, Id, #{<<"after">> := AfterId}}, _NewSources, _OldSources, _AppEnvs) ->
InitedSources = lookup(),
{_, Source} = find_source_by_id(Id, InitedSources),
{Index, _} = find_source_by_id(AfterId, InitedSources),
{Sources1, Sources2} = lists:split(Index, InitedSources),
Sources3 = lists:delete(Source, Sources1)
++ [Source]
++ lists:delete(Source, Sources2),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({head, Rules}, _NewRules, _OldConf, _AppEnvs) ->
InitedRules = [init_provider(R) || R <- check_rules(Rules)],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedRules ++ lookup()]}, -1),
post_config_update({head, Sources}, _NewSources, _OldConf, _AppEnvs) ->
InitedSources = [init_source(R) || R <- check_sources(Sources)],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources ++ lookup()]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({tail, Rules}, _NewRules, _OldConf, _AppEnvs) ->
InitedRules = [init_provider(R) || R <- check_rules(Rules)],
emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedRules]}, -1),
post_config_update({tail, Sources}, _NewSources, _OldConf, _AppEnvs) ->
InitedSources = [init_source(R) || R <- check_sources(Sources)],
emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedSources]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update({{replace_once, Id}, Rule}, _NewRules, _OldConf, _AppEnvs) when is_map(Rule) ->
OldInitedRules = lookup(),
{Index, OldRule} = find_rule_by_id(Id, OldInitedRules),
case maps:get(type, OldRule, undefined) of
post_config_update({{replace_once, Id}, Source}, _NewSources, _OldConf, _AppEnvs) when is_map(Source) ->
OldInitedSources = lookup(),
{Index, OldSource} = find_source_by_id(Id, OldInitedSources),
case maps:get(type, OldSource, undefined) of
undefined -> ok;
_ ->
#{annotations := #{id := Id}} = OldRule,
#{annotations := #{id := Id}} = OldSource,
ok = emqx_resource:remove(Id)
end,
{OldRules1, OldRules2 } = lists:split(Index, OldInitedRules),
InitedRules = [init_provider(R#{annotations => #{id => Id}}) || R <- check_rules([Rule])],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [lists:droplast(OldRules1) ++ InitedRules ++ OldRules2]}, -1),
{OldSources1, OldSources2 } = lists:split(Index, OldInitedSources),
InitedSources = [init_source(R#{annotations => #{id => Id}}) || R <- check_sources([Source])],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [lists:droplast(OldSources1) ++ InitedSources ++ OldSources2]}, -1),
ok = emqx_authz_cache:drain_cache();
post_config_update(_, NewRules, _OldConf, _AppEnvs) ->
post_config_update(_, NewSources, _OldConf, _AppEnvs) ->
%% overwrite the entire config!
OldInitedRules = lookup(),
InitedRules = [init_provider(Rule) || Rule <- NewRules],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedRules]}, -1),
OldInitedSources = lookup(),
InitedSources = [init_source(Source) || Source <- NewSources],
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources]}, -1),
lists:foreach(fun (#{type := _Type, enable := true, annotations := #{id := Id}}) ->
ok = emqx_resource:remove(Id);
(_) -> ok
end, OldInitedRules),
end, OldInitedSources),
ok = emqx_authz_cache:drain_cache().
%%--------------------------------------------------------------------
%% Internal functions
%%--------------------------------------------------------------------
check_rules(RawRules) ->
{ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"rules">> => RawRules}}), #{format => richmap}),
check_sources(RawSources) ->
{ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}),
CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}),
#{authorization:= #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf),
Rules.
#{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf),
Sources.
find_rule_by_id(Id) -> find_rule_by_id(Id, lookup()).
find_rule_by_id(Id, Rules) -> find_rule_by_id(Id, Rules, 1).
find_rule_by_id(_RuleId, [], _N) -> error(not_found_rule);
find_rule_by_id(RuleId, [ Rule = #{annotations := #{id := Id}} | Tail], N) ->
case RuleId =:= Id of
true -> {N, Rule};
false -> find_rule_by_id(RuleId, Tail, N + 1)
find_source_by_id(Id) -> find_source_by_id(Id, lookup()).
find_source_by_id(Id, Sources) -> find_source_by_id(Id, Sources, 1).
find_source_by_id(_SourceId, [], _N) -> error(not_found_rule);
find_source_by_id(SourceId, [ Source = #{annotations := #{id := Id}} | Tail], N) ->
case SourceId =:= Id of
true -> {N, Source};
false -> find_source_by_id(SourceId, Tail, N + 1)
end.
find_action_in_hooks() ->
@ -232,10 +232,10 @@ create_resource(#{type := DB,
{error, Reason} -> {error, Reason}
end.
init_provider(#{enable := true,
init_source(#{enable := true,
type := file,
path := Path
} = Rule) ->
} = Source) ->
Rules = case file:consult(Path) of
{ok, Terms} ->
[emqx_authz_rule:compile(Term) || Term <- Terms];
@ -249,58 +249,58 @@ init_provider(#{enable := true,
?LOG(alert, "Failed to read ~s: ~p", [Path, Reason]),
error(Reason)
end,
Rule#{annotations =>
Source#{annotations =>
#{id => gen_id(file),
rules => Rules
}};
init_provider(#{enable := true,
init_source(#{enable := true,
type := http,
config := #{url := Url} = Config
} = Rule) ->
} = Source) ->
NConfig = maps:merge(Config, #{base_url => maps:remove(query, Url)}),
case create_resource(Rule#{config := NConfig}) of
case create_resource(Source#{config := NConfig}) of
{error, Reason} -> error({load_config_error, Reason});
Id -> Rule#{annotations =>
Id -> Source#{annotations =>
#{id => Id}
}
end;
init_provider(#{enable := true,
init_source(#{enable := true,
type := DB
} = Rule) when DB =:= redis;
} = Source) when DB =:= redis;
DB =:= mongo ->
case create_resource(Rule) of
case create_resource(Source) of
{error, Reason} -> error({load_config_error, Reason});
Id -> Rule#{annotations =>
Id -> Source#{annotations =>
#{id => Id}
}
end;
init_provider(#{enable := true,
init_source(#{enable := true,
type := DB,
sql := SQL
} = Rule) when DB =:= mysql;
} = Source) when DB =:= mysql;
DB =:= pgsql ->
Mod = list_to_existing_atom(io_lib:format("~s_~s",[?APP, DB])),
case create_resource(Rule) of
case create_resource(Source) of
{error, Reason} -> error({load_config_error, Reason});
Id -> Rule#{annotations =>
Id -> Source#{annotations =>
#{id => Id,
sql => Mod:parse_query(SQL)
}
}
end;
init_provider(#{enable := false} = Rule) ->Rule.
init_source(#{enable := false} = Source) ->Source.
%%--------------------------------------------------------------------
%% AuthZ callbacks
%%--------------------------------------------------------------------
%% @doc Check AuthZ
-spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), allow | deny, rules())
-spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), allow | deny, sources())
-> {stop, allow} | {ok, deny}).
authorize(#{username := Username,
peerhost := IpAddress
} = Client, PubSub, Topic, DefaultResult, Rules) ->
case do_authorize(Client, PubSub, Topic, Rules) of
} = Client, PubSub, Topic, DefaultResult, Sources) ->
case do_authorize(Client, PubSub, Topic, Sources) of
{matched, allow} ->
?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
emqx_metrics:inc(?AUTHZ_METRICS(allow)),

4
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -20,7 +20,7 @@
structs() -> ["authorization"].
fields("authorization") ->
[ {rules, rules()}
[ {sources, sources()}
];
fields(file) ->
[ {type, #{type => file}}
@ -146,7 +146,7 @@ fields(eq_topic) ->
union_array(Item) when is_list(Item) ->
hoconsc:array(hoconsc:union(Item)).
rules() ->
sources() ->
#{type => union_array(
[ hoconsc:ref(?MODULE, file)
, hoconsc:ref(?MODULE, http)

32
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).
@ -60,14 +60,14 @@ init_per_testcase(_, Config) ->
{ok, _} = emqx_authz:update(replace, []),
Config.
-define(RULE1, #{<<"type">> => <<"http">>,
-define(SOURCE1, #{<<"type">> => <<"http">>,
<<"config">> => #{
<<"url">> => <<"https://fake.com:443/">>,
<<"headers">> => #{},
<<"method">> => <<"get">>,
<<"request_timeout">> => 5000}
}).
-define(RULE2, #{<<"type">> => <<"mongo">>,
-define(SOURCE2, #{<<"type">> => <<"mongo">>,
<<"config">> => #{
<<"mongo_type">> => <<"single">>,
<<"server">> => <<"127.0.0.1:27017">>,
@ -77,7 +77,7 @@ init_per_testcase(_, Config) ->
<<"collection">> => <<"fake">>,
<<"find">> => #{<<"a">> => <<"b">>}
}).
-define(RULE3, #{<<"type">> => <<"mysql">>,
-define(SOURCE3, #{<<"type">> => <<"mysql">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -88,7 +88,7 @@ init_per_testcase(_, Config) ->
<<"ssl">> => #{<<"enable">> => false}},
<<"sql">> => <<"abcb">>
}).
-define(RULE4, #{<<"type">> => <<"pgsql">>,
-define(SOURCE4, #{<<"type">> => <<"pgsql">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -99,7 +99,7 @@ init_per_testcase(_, Config) ->
<<"ssl">> => #{<<"enable">> => false}},
<<"sql">> => <<"abcb">>
}).
-define(RULE5, #{<<"type">> => <<"redis">>,
-define(SOURCE5, #{<<"type">> => <<"redis">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -114,21 +114,21 @@ init_per_testcase(_, Config) ->
%% Testcases
%%------------------------------------------------------------------------------
t_update_rule(_) ->
{ok, _} = emqx_authz:update(replace, [?RULE2]),
{ok, _} = emqx_authz:update(head, [?RULE1]),
{ok, _} = emqx_authz:update(tail, [?RULE3]),
t_update_source(_) ->
{ok, _} = emqx_authz:update(replace, [?SOURCE2]),
{ok, _} = emqx_authz:update(head, [?SOURCE1]),
{ok, _} = emqx_authz:update(tail, [?SOURCE3]),
?assertMatch([#{type := http}, #{type := mongo}, #{type := mysql}], emqx:get_config([authorization, rules], [])),
?assertMatch([#{type := http}, #{type := mongo}, #{type := mysql}], emqx:get_config([authorization, sources], [])),
[#{annotations := #{id := Id1}, type := http},
#{annotations := #{id := Id2}, type := mongo},
#{annotations := #{id := Id3}, type := mysql}
] = emqx_authz:lookup(),
{ok, _} = emqx_authz:update({replace_once, Id1}, ?RULE5),
{ok, _} = emqx_authz:update({replace_once, Id3}, ?RULE4),
?assertMatch([#{type := redis}, #{type := mongo}, #{type := pgsql}], emqx:get_config([authorization, rules], [])),
{ok, _} = emqx_authz:update({replace_once, Id1}, ?SOURCE5),
{ok, _} = emqx_authz:update({replace_once, Id3}, ?SOURCE4),
?assertMatch([#{type := redis}, #{type := mongo}, #{type := pgsql}], emqx:get_config([authorization, sources], [])),
[#{annotations := #{id := Id1}, type := redis},
#{annotations := #{id := Id2}, type := mongo},
@ -137,8 +137,8 @@ t_update_rule(_) ->
{ok, _} = emqx_authz:update(replace, []).
t_move_rule(_) ->
{ok, _} = emqx_authz:update(replace, [?RULE1, ?RULE2, ?RULE3, ?RULE4, ?RULE5]),
t_move_source(_) ->
{ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5]),
[#{annotations := #{id := Id1}},
#{annotations := #{id := Id2}},
#{annotations := #{id := Id3}},

20
apps/emqx_authz/test/emqx_authz_api_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
-import(emqx_ct_http, [ request_api/3
, request_api/5
@ -37,14 +37,14 @@
-define(API_VERSION, "v5").
-define(BASE_PATH, "api").
-define(RULE1, #{<<"type">> => <<"http">>,
-define(SOURCE1, #{<<"type">> => <<"http">>,
<<"config">> => #{
<<"url">> => <<"https://fake.com:443/">>,
<<"headers">> => #{},
<<"method">> => <<"get">>,
<<"request_timeout">> => 5000}
}).
-define(RULE2, #{<<"type">> => <<"mongo">>,
-define(SOURCE2, #{<<"type">> => <<"mongo">>,
<<"config">> => #{
<<"mongo_type">> => <<"single">>,
<<"server">> => <<"127.0.0.1:27017">>,
@ -54,7 +54,7 @@
<<"collection">> => <<"fake">>,
<<"find">> => #{<<"a">> => <<"b">>}
}).
-define(RULE3, #{<<"type">> => <<"mysql">>,
-define(SOURCE3, #{<<"type">> => <<"mysql">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -65,7 +65,7 @@
<<"ssl">> => #{<<"enable">> => false}},
<<"sql">> => <<"abcb">>
}).
-define(RULE4, #{<<"type">> => <<"pgsql">>,
-define(SOURCE4, #{<<"type">> => <<"pgsql">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -76,7 +76,7 @@
<<"ssl">> => #{<<"enable">> => false}},
<<"sql">> => <<"abcb">>
}).
-define(RULE5, #{<<"type">> => <<"redis">>,
-define(SOURCE5, #{<<"type">> => <<"redis">>,
<<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,
@ -148,7 +148,7 @@ t_api(_) ->
?assertEqual([], get_rules(Result1)),
lists:foreach(fun(_) ->
{ok, 204, _} = request(post, uri(["authorization"]), ?RULE1)
{ok, 204, _} = request(post, uri(["authorization"]), ?SOURCE1)
end, lists:seq(1, 20)),
{ok, 200, Result2} = request(get, uri(["authorization"]), []),
?assertEqual(20, length(get_rules(Result2))),
@ -160,7 +160,7 @@ t_api(_) ->
?assertEqual(10, length(get_rules(Result)))
end, lists:seq(1, 2)),
{ok, 204, _} = request(put, uri(["authorization"]), [?RULE1, ?RULE2, ?RULE3, ?RULE4]),
{ok, 204, _} = request(put, uri(["authorization"]), [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4]),
{ok, 200, Result3} = request(get, uri(["authorization"]), []),
Rules = get_rules(Result3),
@ -173,7 +173,7 @@ t_api(_) ->
#{<<"annotations">> := #{<<"id">> := Id}} = lists:nth(2, Rules),
{ok, 204, _} = request(put, uri(["authorization", binary_to_list(Id)]), ?RULE5),
{ok, 204, _} = request(put, uri(["authorization", binary_to_list(Id)]), ?SOURCE5),
{ok, 200, Result4} = request(get, uri(["authorization", binary_to_list(Id)]), []),
?assertMatch(#{<<"type">> := <<"redis">>}, jsx:decode(Result4)),
@ -186,7 +186,7 @@ t_api(_) ->
ok.
t_move_rule(_) ->
{ok, _} = emqx_authz:update(replace, [?RULE1, ?RULE2, ?RULE3, ?RULE4, ?RULE5]),
{ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5]),
[#{annotations := #{id := Id1}},
#{annotations := #{id := Id2}},
#{annotations := #{id := Id3}},

2
apps/emqx_authz/test/emqx_authz_http_SUITE.erl
View File

@ -21,7 +21,7 @@
-include("emqx_authz.hrl").
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).

16
apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).
@ -66,16 +66,16 @@ end_per_suite(_Config) ->
meck:unload(emqx_schema),
ok.
-define(RULE1,[#{<<"topics">> => [<<"#">>],
-define(SOURCE1,[#{<<"topics">> => [<<"#">>],
<<"permission">> => <<"deny">>,
<<"action">> => <<"all">>}]).
-define(RULE2,[#{<<"topics">> => [<<"eq #">>],
-define(SOURCE2,[#{<<"topics">> => [<<"eq #">>],
<<"permission">> => <<"allow">>,
<<"action">> => <<"all">>}]).
-define(RULE3,[#{<<"topics">> => [<<"test/%c">>],
-define(SOURCE3,[#{<<"topics">> => [<<"test/%c">>],
<<"permission">> => <<"allow">>,
<<"action">> => <<"subscribe">>}]).
-define(RULE4,[#{<<"topics">> => [<<"test/%u">>],
-define(SOURCE4,[#{<<"topics">> => [<<"test/%u">>],
<<"permission">> => <<"allow">>,
<<"action">> => <<"publish">>}]).
@ -107,15 +107,15 @@ t_authz(_) ->
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
meck:expect(emqx_resource, query, fun(_, _) -> ?RULE1 ++ ?RULE2 end),
meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE1 ++ ?SOURCE2 end),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> ?RULE2 ++ ?RULE1 end),
meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE2 ++ ?SOURCE1 end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> ?RULE3 ++ ?RULE4 end),
meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE3 ++ ?SOURCE4 end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),

16
apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).
@ -72,10 +72,10 @@ end_per_suite(_Config) ->
, <<"permission">>
, <<"topic">>
]).
-define(RULE1, [[<<"all">>, <<"deny">>, <<"#">>]]).
-define(RULE2, [[<<"all">>, <<"allow">>, <<"eq #">>]]).
-define(RULE3, [[<<"subscribe">>, <<"allow">>, <<"test/%c">>]]).
-define(RULE4, [[<<"publish">>, <<"allow">>, <<"test/%u">>]]).
-define(SOURCE1, [[<<"all">>, <<"deny">>, <<"#">>]]).
-define(SOURCE2, [[<<"all">>, <<"allow">>, <<"eq #">>]]).
-define(SOURCE3, [[<<"subscribe">>, <<"allow">>, <<"test/%c">>]]).
-define(SOURCE4, [[<<"publish">>, <<"allow">>, <<"test/%u">>]]).
%%------------------------------------------------------------------------------
%% Testcases
@ -105,15 +105,15 @@ t_authz(_) ->
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE1 ++ ?SOURCE2} end),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE2 ++ ?SOURCE1} end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE3 ++ ?SOURCE4} end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),

16
apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).
@ -72,10 +72,10 @@ end_per_suite(_Config) ->
, {column, <<"permission">>, meck, meck, meck, meck, meck, meck, meck}
, {column, <<"topic">>, meck, meck, meck, meck, meck, meck, meck}
]).
-define(RULE1, [{<<"all">>, <<"deny">>, <<"#">>}]).
-define(RULE2, [{<<"all">>, <<"allow">>, <<"eq #">>}]).
-define(RULE3, [{<<"subscribe">>, <<"allow">>, <<"test/%c">>}]).
-define(RULE4, [{<<"publish">>, <<"allow">>, <<"test/%u">>}]).
-define(SOURCE1, [{<<"all">>, <<"deny">>, <<"#">>}]).
-define(SOURCE2, [{<<"all">>, <<"allow">>, <<"eq #">>}]).
-define(SOURCE3, [{<<"subscribe">>, <<"allow">>, <<"test/%c">>}]).
-define(SOURCE4, [{<<"publish">>, <<"allow">>, <<"test/%u">>}]).
%%------------------------------------------------------------------------------
%% Testcases
@ -105,15 +105,15 @@ t_authz(_) ->
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE1 ++ ?SOURCE2} end),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE2 ++ ?SOURCE1} end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"+">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE3 ++ ?SOURCE4} end),
?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)),
?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),

12
apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
View File

@ -21,7 +21,7 @@
-include("emqx_authz.hrl").
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization: {sources: []}">>).
all() ->
emqx_ct:all(?MODULE).
@ -66,9 +66,9 @@ end_per_suite(_Config) ->
meck:unload(emqx_schema),
ok.
-define(RULE1, [<<"test/%u">>, <<"publish">>]).
-define(RULE2, [<<"test/%c">>, <<"publish">>]).
-define(RULE3, [<<"#">>, <<"subscribe">>]).
-define(SOURCE1, [<<"test/%u">>, <<"publish">>]).
-define(SOURCE2, [<<"test/%c">>, <<"publish">>]).
-define(SOURCE3, [<<"#">>, <<"subscribe">>]).
%%------------------------------------------------------------------------------
%% Testcases
@ -90,7 +90,7 @@ t_authz(_) ->
emqx_access_control:authorize(ClientInfo, publish, <<"#">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?SOURCE1 ++ ?SOURCE2} end),
% nomatch
?assertEqual(deny,
emqx_access_control:authorize(ClientInfo, subscribe, <<"+">>)),
@ -103,7 +103,7 @@ t_authz(_) ->
?assertEqual(allow,
emqx_access_control:authorize(ClientInfo, publish, <<"test/clientid">>)),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end),
meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?SOURCE3} end),
?assertEqual(allow,
emqx_access_control:authorize(ClientInfo, subscribe, <<"#">>)),

58
apps/emqx_authz/test/emqx_authz_rule_SUITE.erl
View File

@ -22,11 +22,11 @@
-include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl").
-define(RULE1, {deny, all, all, ["#"]}).
-define(RULE2, {allow, {ipaddr, "127.0.0.1"}, all, [{eq, "#"}, {eq, "+"}]}).
-define(RULE3, {allow, {ipaddrs, ["127.0.0.1", "192.168.1.0/24"]}, subscribe, ["%c"]}).
-define(RULE4, {allow, {'and', [{clientid, "^test?"}, {username, "^test?"}]}, publish, ["topic/test"]}).
-define(RULE5, {allow, {'or', [{username, "^test"}, {clientid, "test?"}]}, publish, ["%u", "%c"]}).
-define(SOURCE1, {deny, all, all, ["#"]}).
-define(SOURCE2, {allow, {ipaddr, "127.0.0.1"}, all, [{eq, "#"}, {eq, "+"}]}).
-define(SOURCE3, {allow, {ipaddrs, ["127.0.0.1", "192.168.1.0/24"]}, subscribe, ["%c"]}).
-define(SOURCE4, {allow, {'and', [{clientid, "^test?"}, {username, "^test?"}]}, publish, ["topic/test"]}).
-define(SOURCE5, {allow, {'or', [{username, "^test"}, {clientid, "test?"}]}, publish, ["%u", "%c"]}).
all() ->
emqx_ct:all(?MODULE).
@ -40,28 +40,28 @@ end_per_suite(_Config) ->
ok.
t_compile(_) ->
?assertEqual({deny, all, all, [['#']]}, emqx_authz_rule:compile(?RULE1)),
?assertEqual({deny, all, all, [['#']]}, emqx_authz_rule:compile(?SOURCE1)),
?assertEqual({allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, all, [{eq, ['#']}, {eq, ['+']}]}, emqx_authz_rule:compile(?RULE2)),
?assertEqual({allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, all, [{eq, ['#']}, {eq, ['+']}]}, emqx_authz_rule:compile(?SOURCE2)),
?assertEqual({allow,
{ipaddrs,[{{127,0,0,1},{127,0,0,1},32},
{{192,168,1,0},{192,168,1,255},24}]},
subscribe,
[{pattern,[<<"%c">>]}]
}, emqx_authz_rule:compile(?RULE3)),
}, emqx_authz_rule:compile(?SOURCE3)),
?assertMatch({allow,
{'and', [{clientid, {re_pattern, _, _, _, _}}, {username, {re_pattern, _, _, _, _}}]},
publish,
[[<<"topic">>, <<"test">>]]
}, emqx_authz_rule:compile(?RULE4)),
}, emqx_authz_rule:compile(?SOURCE4)),
?assertMatch({allow,
{'or', [{username, {re_pattern, _, _, _, _}}, {clientid, {re_pattern, _, _, _, _}}]},
publish,
[{pattern, [<<"%u">>]}, {pattern, [<<"%c">>]}]
}, emqx_authz_rule:compile(?RULE5)),
}, emqx_authz_rule:compile(?SOURCE5)),
ok.
@ -92,47 +92,47 @@ t_match(_) ->
},
?assertEqual({matched, deny},
emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE1))),
emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE1))),
?assertEqual({matched, deny},
emqx_authz_rule:match(ClientInfo2, subscribe, <<"+">>, emqx_authz_rule:compile(?RULE1))),
emqx_authz_rule:match(ClientInfo2, subscribe, <<"+">>, emqx_authz_rule:compile(?SOURCE1))),
?assertEqual({matched, deny},
emqx_authz_rule:match(ClientInfo3, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE1))),
emqx_authz_rule:match(ClientInfo3, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE1))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE2))),
emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE2))),
?assertEqual(nomatch,
emqx_authz_rule:match(ClientInfo1, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE2))),
emqx_authz_rule:match(ClientInfo1, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE2))),
?assertEqual(nomatch,
emqx_authz_rule:match(ClientInfo2, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE2))),
emqx_authz_rule:match(ClientInfo2, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE2))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo1, subscribe, <<"test">>, emqx_authz_rule:compile(?RULE3))),
emqx_authz_rule:match(ClientInfo1, subscribe, <<"test">>, emqx_authz_rule:compile(?SOURCE3))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo2, subscribe, <<"test">>, emqx_authz_rule:compile(?RULE3))),
emqx_authz_rule:match(ClientInfo2, subscribe, <<"test">>, emqx_authz_rule:compile(?SOURCE3))),
?assertEqual(nomatch,
emqx_authz_rule:match(ClientInfo2, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE3))),
emqx_authz_rule:match(ClientInfo2, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE3))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo1, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))),
emqx_authz_rule:match(ClientInfo1, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo2, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))),
emqx_authz_rule:match(ClientInfo2, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))),
?assertEqual(nomatch,
emqx_authz_rule:match(ClientInfo3, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))),
emqx_authz_rule:match(ClientInfo3, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))),
?assertEqual(nomatch,
emqx_authz_rule:match(ClientInfo4, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))),
emqx_authz_rule:match(ClientInfo4, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo1, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo1, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo2, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo2, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo3, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo3, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo3, publish, <<"fake">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo3, publish, <<"fake">>, emqx_authz_rule:compile(?SOURCE5))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo4, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo4, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))),
?assertEqual({matched, allow},
emqx_authz_rule:match(ClientInfo4, publish, <<"fake">>, emqx_authz_rule:compile(?RULE5))),
emqx_authz_rule:match(ClientInfo4, publish, <<"fake">>, emqx_authz_rule:compile(?SOURCE5))),
ok.