From 46fb99d44ebdfc4f4b3abbf491dcaf93a5cf309c Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Fri, 27 Aug 2021 17:15:58 +0800 Subject: [PATCH] chore(emqx_authz): rename rules to sources in emqx_authz --- apps/emqx/src/emqx_schema.erl | 1 - apps/emqx_authz/etc/emqx_authz.conf | 2 +- apps/emqx_authz/include/emqx_authz.hrl | 2 + apps/emqx_authz/src/emqx_authz.erl | 202 +++++++++--------- apps/emqx_authz/src/emqx_authz_schema.erl | 4 +- apps/emqx_authz/test/emqx_authz_SUITE.erl | 32 +-- apps/emqx_authz/test/emqx_authz_api_SUITE.erl | 20 +- .../emqx_authz/test/emqx_authz_http_SUITE.erl | 2 +- .../test/emqx_authz_mongo_SUITE.erl | 16 +- .../test/emqx_authz_mysql_SUITE.erl | 16 +- .../test/emqx_authz_pgsql_SUITE.erl | 16 +- .../test/emqx_authz_redis_SUITE.erl | 12 +- .../emqx_authz/test/emqx_authz_rule_SUITE.erl | 58 ++--- 13 files changed, 192 insertions(+), 191 deletions(-) diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index 3bbeb1d07..34a63534d 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -80,7 +80,6 @@ fields("stats") -> fields("authorization") -> [ {"no_match", t(union(allow, deny), undefined, allow)} - , {"enable", t(boolean(), undefined, true)} , {"deny_action", t(union(ignore, disconnect), undefined, ignore)} , {"cache", ref("authorization_cache")} ]; diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index 358831d28..8eadab38b 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -1,5 +1,5 @@ authorization { - rules = [ + sources = [ # { # type: http # config: { diff --git a/apps/emqx_authz/include/emqx_authz.hrl b/apps/emqx_authz/include/emqx_authz.hrl index a4f10c5f9..83d7601c6 100644 --- a/apps/emqx_authz/include/emqx_authz.hrl +++ b/apps/emqx_authz/include/emqx_authz.hrl @@ -17,6 +17,8 @@ -type(rule() :: {permission(), who(), action(), list(emqx_topic:topic())}). -type(rules() :: [rule()]). +-type(sources() :: [map()]). + -define(APP, emqx_authz). -define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= <<"allow">>) orelse diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index 5393b6b33..3e60cc32e 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -36,7 +36,7 @@ -export([post_config_update/4, pre_config_update/2]). --define(CONF_KEY_PATH, [authorization, rules]). +-define(CONF_KEY_PATH, [authorization, sources]). -spec(register_metrics() -> ok). register_metrics() -> @@ -45,15 +45,15 @@ register_metrics() -> init() -> ok = register_metrics(), emqx_config_handler:add_handler(?CONF_KEY_PATH, ?MODULE), - NRules = [init_provider(Rule) || Rule <- emqx:get_config(?CONF_KEY_PATH, [])], - ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]}, -1). + NSources = [init_source(Source) || Source <- emqx:get_config(?CONF_KEY_PATH, [])], + ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NSources]}, -1). lookup() -> {_M, _F, [A]}= find_action_in_hooks(), A. lookup(Id) -> - try find_rule_by_id(Id, lookup()) of - {_, Rule} -> Rule + try find_source_by_id(Id, lookup()) of + {_, Source} -> Source catch error:Reason -> {error, Reason} end. @@ -61,23 +61,23 @@ lookup(Id) -> move(Id, Position) -> emqx:update_config(?CONF_KEY_PATH, {move, Id, Position}). -update(Cmd, Rules) -> - emqx:update_config(?CONF_KEY_PATH, {Cmd, Rules}). +update(Cmd, Sources) -> + emqx:update_config(?CONF_KEY_PATH, {Cmd, Sources}). pre_config_update({move, Id, <<"top">>}, Conf) when is_list(Conf) -> - {Index, _} = find_rule_by_id(Id), + {Index, _} = find_source_by_id(Id), {List1, List2} = lists:split(Index, Conf), {ok, [lists:nth(Index, Conf)] ++ lists:droplast(List1) ++ List2}; pre_config_update({move, Id, <<"bottom">>}, Conf) when is_list(Conf) -> - {Index, _} = find_rule_by_id(Id), + {Index, _} = find_source_by_id(Id), {List1, List2} = lists:split(Index, Conf), {ok, lists:droplast(List1) ++ List2 ++ [lists:nth(Index, Conf)]}; pre_config_update({move, Id, #{<<"before">> := BeforeId}}, Conf) when is_list(Conf) -> - {Index1, _} = find_rule_by_id(Id), + {Index1, _} = find_source_by_id(Id), Conf1 = lists:nth(Index1, Conf), - {Index2, _} = find_rule_by_id(BeforeId), + {Index2, _} = find_source_by_id(BeforeId), Conf2 = lists:nth(Index2, Conf), {List1, List2} = lists:split(Index2, Conf), @@ -86,117 +86,117 @@ pre_config_update({move, Id, #{<<"before">> := BeforeId}}, Conf) when is_list(Co ++ lists:delete(Conf1, List2)}; pre_config_update({move, Id, #{<<"after">> := AfterId}}, Conf) when is_list(Conf) -> - {Index1, _} = find_rule_by_id(Id), + {Index1, _} = find_source_by_id(Id), Conf1 = lists:nth(Index1, Conf), - {Index2, _} = find_rule_by_id(AfterId), + {Index2, _} = find_source_by_id(AfterId), {List1, List2} = lists:split(Index2, Conf), {ok, lists:delete(Conf1, List1) ++ [Conf1] ++ lists:delete(Conf1, List2)}; -pre_config_update({head, Rules}, Conf) when is_list(Rules), is_list(Conf) -> - {ok, Rules ++ Conf}; -pre_config_update({tail, Rules}, Conf) when is_list(Rules), is_list(Conf) -> - {ok, Conf ++ Rules}; -pre_config_update({{replace_once, Id}, Rule}, Conf) when is_map(Rule), is_list(Conf) -> - {Index, _} = find_rule_by_id(Id), +pre_config_update({head, Sources}, Conf) when is_list(Sources), is_list(Conf) -> + {ok, Sources ++ Conf}; +pre_config_update({tail, Sources}, Conf) when is_list(Sources), is_list(Conf) -> + {ok, Conf ++ Sources}; +pre_config_update({{replace_once, Id}, Source}, Conf) when is_map(Source), is_list(Conf) -> + {Index, _} = find_source_by_id(Id), {List1, List2} = lists:split(Index, Conf), - {ok, lists:droplast(List1) ++ [Rule] ++ List2}; -pre_config_update({_, Rules}, _Conf) when is_list(Rules)-> + {ok, lists:droplast(List1) ++ [Source] ++ List2}; +pre_config_update({_, Sources}, _Conf) when is_list(Sources)-> %% overwrite the entire config! - {ok, Rules}. + {ok, Sources}. post_config_update(_, undefined, _Conf, _AppEnvs) -> ok; -post_config_update({move, Id, <<"top">>}, _NewRules, _OldRules, _AppEnvs) -> - InitedRules = lookup(), - {Index, Rule} = find_rule_by_id(Id, InitedRules), - {Rules1, Rules2 } = lists:split(Index, InitedRules), - Rules3 = [Rule] ++ lists:droplast(Rules1) ++ Rules2, - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1), +post_config_update({move, Id, <<"top">>}, _NewSources, _OldSources, _AppEnvs) -> + InitedSources = lookup(), + {Index, Source} = find_source_by_id(Id, InitedSources), + {Sources1, Sources2 } = lists:split(Index, InitedSources), + Sources3 = [Source] ++ lists:droplast(Sources1) ++ Sources2, + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({move, Id, <<"bottom">>}, _NewRules, _OldRules, _AppEnvs) -> - InitedRules = lookup(), - {Index, Rule} = find_rule_by_id(Id, InitedRules), - {Rules1, Rules2 } = lists:split(Index, InitedRules), - Rules3 = lists:droplast(Rules1) ++ Rules2 ++ [Rule], - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1), +post_config_update({move, Id, <<"bottom">>}, _NewSources, _OldSources, _AppEnvs) -> + InitedSources = lookup(), + {Index, Source} = find_source_by_id(Id, InitedSources), + {Sources1, Sources2 } = lists:split(Index, InitedSources), + Sources3 = lists:droplast(Sources1) ++ Sources2 ++ [Source], + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({move, Id, #{<<"before">> := BeforeId}}, _NewRules, _OldRules, _AppEnvs) -> - InitedRules = lookup(), - {_, Rule0} = find_rule_by_id(Id, InitedRules), - {Index, Rule1} = find_rule_by_id(BeforeId, InitedRules), - {Rules1, Rules2} = lists:split(Index, InitedRules), - Rules3 = lists:delete(Rule0, lists:droplast(Rules1)) - ++ [Rule0] ++ [Rule1] - ++ lists:delete(Rule0, Rules2), - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1), +post_config_update({move, Id, #{<<"before">> := BeforeId}}, _NewSources, _OldSources, _AppEnvs) -> + InitedSources = lookup(), + {_, Source0} = find_source_by_id(Id, InitedSources), + {Index, Source1} = find_source_by_id(BeforeId, InitedSources), + {Sources1, Sources2} = lists:split(Index, InitedSources), + Sources3 = lists:delete(Source0, lists:droplast(Sources1)) + ++ [Source0] ++ [Source1] + ++ lists:delete(Source0, Sources2), + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({move, Id, #{<<"after">> := AfterId}}, _NewRules, _OldRules, _AppEnvs) -> - InitedRules = lookup(), - {_, Rule} = find_rule_by_id(Id, InitedRules), - {Index, _} = find_rule_by_id(AfterId, InitedRules), - {Rules1, Rules2} = lists:split(Index, InitedRules), - Rules3 = lists:delete(Rule, Rules1) - ++ [Rule] - ++ lists:delete(Rule, Rules2), - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Rules3]}, -1), +post_config_update({move, Id, #{<<"after">> := AfterId}}, _NewSources, _OldSources, _AppEnvs) -> + InitedSources = lookup(), + {_, Source} = find_source_by_id(Id, InitedSources), + {Index, _} = find_source_by_id(AfterId, InitedSources), + {Sources1, Sources2} = lists:split(Index, InitedSources), + Sources3 = lists:delete(Source, Sources1) + ++ [Source] + ++ lists:delete(Source, Sources2), + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [Sources3]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({head, Rules}, _NewRules, _OldConf, _AppEnvs) -> - InitedRules = [init_provider(R) || R <- check_rules(Rules)], - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedRules ++ lookup()]}, -1), +post_config_update({head, Sources}, _NewSources, _OldConf, _AppEnvs) -> + InitedSources = [init_source(R) || R <- check_sources(Sources)], + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources ++ lookup()]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({tail, Rules}, _NewRules, _OldConf, _AppEnvs) -> - InitedRules = [init_provider(R) || R <- check_rules(Rules)], - emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedRules]}, -1), +post_config_update({tail, Sources}, _NewSources, _OldConf, _AppEnvs) -> + InitedSources = [init_source(R) || R <- check_sources(Sources)], + emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedSources]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update({{replace_once, Id}, Rule}, _NewRules, _OldConf, _AppEnvs) when is_map(Rule) -> - OldInitedRules = lookup(), - {Index, OldRule} = find_rule_by_id(Id, OldInitedRules), - case maps:get(type, OldRule, undefined) of +post_config_update({{replace_once, Id}, Source}, _NewSources, _OldConf, _AppEnvs) when is_map(Source) -> + OldInitedSources = lookup(), + {Index, OldSource} = find_source_by_id(Id, OldInitedSources), + case maps:get(type, OldSource, undefined) of undefined -> ok; _ -> - #{annotations := #{id := Id}} = OldRule, + #{annotations := #{id := Id}} = OldSource, ok = emqx_resource:remove(Id) end, - {OldRules1, OldRules2 } = lists:split(Index, OldInitedRules), - InitedRules = [init_provider(R#{annotations => #{id => Id}}) || R <- check_rules([Rule])], - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [lists:droplast(OldRules1) ++ InitedRules ++ OldRules2]}, -1), + {OldSources1, OldSources2 } = lists:split(Index, OldInitedSources), + InitedSources = [init_source(R#{annotations => #{id => Id}}) || R <- check_sources([Source])], + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [lists:droplast(OldSources1) ++ InitedSources ++ OldSources2]}, -1), ok = emqx_authz_cache:drain_cache(); -post_config_update(_, NewRules, _OldConf, _AppEnvs) -> +post_config_update(_, NewSources, _OldConf, _AppEnvs) -> %% overwrite the entire config! - OldInitedRules = lookup(), - InitedRules = [init_provider(Rule) || Rule <- NewRules], - ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedRules]}, -1), + OldInitedSources = lookup(), + InitedSources = [init_source(Source) || Source <- NewSources], + ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources]}, -1), lists:foreach(fun (#{type := _Type, enable := true, annotations := #{id := Id}}) -> ok = emqx_resource:remove(Id); (_) -> ok - end, OldInitedRules), + end, OldInitedSources), ok = emqx_authz_cache:drain_cache(). %%-------------------------------------------------------------------- %% Internal functions %%-------------------------------------------------------------------- -check_rules(RawRules) -> - {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"rules">> => RawRules}}), #{format => richmap}), +check_sources(RawSources) -> + {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"sources">> => RawSources}}), #{format => richmap}), CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), - #{authorization:= #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf), - Rules. + #{authorization:= #{sources := Sources}} = hocon_schema:richmap_to_map(CheckConf), + Sources. -find_rule_by_id(Id) -> find_rule_by_id(Id, lookup()). -find_rule_by_id(Id, Rules) -> find_rule_by_id(Id, Rules, 1). -find_rule_by_id(_RuleId, [], _N) -> error(not_found_rule); -find_rule_by_id(RuleId, [ Rule = #{annotations := #{id := Id}} | Tail], N) -> - case RuleId =:= Id of - true -> {N, Rule}; - false -> find_rule_by_id(RuleId, Tail, N + 1) +find_source_by_id(Id) -> find_source_by_id(Id, lookup()). +find_source_by_id(Id, Sources) -> find_source_by_id(Id, Sources, 1). +find_source_by_id(_SourceId, [], _N) -> error(not_found_rule); +find_source_by_id(SourceId, [ Source = #{annotations := #{id := Id}} | Tail], N) -> + case SourceId =:= Id of + true -> {N, Source}; + false -> find_source_by_id(SourceId, Tail, N + 1) end. find_action_in_hooks() -> @@ -232,10 +232,10 @@ create_resource(#{type := DB, {error, Reason} -> {error, Reason} end. -init_provider(#{enable := true, +init_source(#{enable := true, type := file, path := Path - } = Rule) -> + } = Source) -> Rules = case file:consult(Path) of {ok, Terms} -> [emqx_authz_rule:compile(Term) || Term <- Terms]; @@ -249,58 +249,58 @@ init_provider(#{enable := true, ?LOG(alert, "Failed to read ~s: ~p", [Path, Reason]), error(Reason) end, - Rule#{annotations => + Source#{annotations => #{id => gen_id(file), rules => Rules }}; -init_provider(#{enable := true, +init_source(#{enable := true, type := http, config := #{url := Url} = Config - } = Rule) -> + } = Source) -> NConfig = maps:merge(Config, #{base_url => maps:remove(query, Url)}), - case create_resource(Rule#{config := NConfig}) of + case create_resource(Source#{config := NConfig}) of {error, Reason} -> error({load_config_error, Reason}); - Id -> Rule#{annotations => + Id -> Source#{annotations => #{id => Id} } end; -init_provider(#{enable := true, +init_source(#{enable := true, type := DB - } = Rule) when DB =:= redis; + } = Source) when DB =:= redis; DB =:= mongo -> - case create_resource(Rule) of + case create_resource(Source) of {error, Reason} -> error({load_config_error, Reason}); - Id -> Rule#{annotations => + Id -> Source#{annotations => #{id => Id} } end; -init_provider(#{enable := true, +init_source(#{enable := true, type := DB, sql := SQL - } = Rule) when DB =:= mysql; + } = Source) when DB =:= mysql; DB =:= pgsql -> Mod = list_to_existing_atom(io_lib:format("~s_~s",[?APP, DB])), - case create_resource(Rule) of + case create_resource(Source) of {error, Reason} -> error({load_config_error, Reason}); - Id -> Rule#{annotations => + Id -> Source#{annotations => #{id => Id, sql => Mod:parse_query(SQL) } } end; -init_provider(#{enable := false} = Rule) ->Rule. +init_source(#{enable := false} = Source) ->Source. %%-------------------------------------------------------------------- %% AuthZ callbacks %%-------------------------------------------------------------------- %% @doc Check AuthZ --spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), allow | deny, rules()) +-spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), allow | deny, sources()) -> {stop, allow} | {ok, deny}). authorize(#{username := Username, peerhost := IpAddress - } = Client, PubSub, Topic, DefaultResult, Rules) -> - case do_authorize(Client, PubSub, Topic, Rules) of + } = Client, PubSub, Topic, DefaultResult, Sources) -> + case do_authorize(Client, PubSub, Topic, Sources) of {matched, allow} -> ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]), emqx_metrics:inc(?AUTHZ_METRICS(allow)), diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index ce437ab2b..64ef09601 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -20,7 +20,7 @@ structs() -> ["authorization"]. fields("authorization") -> - [ {rules, rules()} + [ {sources, sources()} ]; fields(file) -> [ {type, #{type => file}} @@ -146,7 +146,7 @@ fields(eq_topic) -> union_array(Item) when is_list(Item) -> hoconsc:array(hoconsc:union(Item)). -rules() -> +sources() -> #{type => union_array( [ hoconsc:ref(?MODULE, file) , hoconsc:ref(?MODULE, http) diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 36e706d13..ef7644a65 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). @@ -60,14 +60,14 @@ init_per_testcase(_, Config) -> {ok, _} = emqx_authz:update(replace, []), Config. --define(RULE1, #{<<"type">> => <<"http">>, +-define(SOURCE1, #{<<"type">> => <<"http">>, <<"config">> => #{ <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, <<"method">> => <<"get">>, <<"request_timeout">> => 5000} }). --define(RULE2, #{<<"type">> => <<"mongo">>, +-define(SOURCE2, #{<<"type">> => <<"mongo">>, <<"config">> => #{ <<"mongo_type">> => <<"single">>, <<"server">> => <<"127.0.0.1:27017">>, @@ -77,7 +77,7 @@ init_per_testcase(_, Config) -> <<"collection">> => <<"fake">>, <<"find">> => #{<<"a">> => <<"b">>} }). --define(RULE3, #{<<"type">> => <<"mysql">>, +-define(SOURCE3, #{<<"type">> => <<"mysql">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -88,7 +88,7 @@ init_per_testcase(_, Config) -> <<"ssl">> => #{<<"enable">> => false}}, <<"sql">> => <<"abcb">> }). --define(RULE4, #{<<"type">> => <<"pgsql">>, +-define(SOURCE4, #{<<"type">> => <<"pgsql">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -99,7 +99,7 @@ init_per_testcase(_, Config) -> <<"ssl">> => #{<<"enable">> => false}}, <<"sql">> => <<"abcb">> }). --define(RULE5, #{<<"type">> => <<"redis">>, +-define(SOURCE5, #{<<"type">> => <<"redis">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -114,21 +114,21 @@ init_per_testcase(_, Config) -> %% Testcases %%------------------------------------------------------------------------------ -t_update_rule(_) -> - {ok, _} = emqx_authz:update(replace, [?RULE2]), - {ok, _} = emqx_authz:update(head, [?RULE1]), - {ok, _} = emqx_authz:update(tail, [?RULE3]), +t_update_source(_) -> + {ok, _} = emqx_authz:update(replace, [?SOURCE2]), + {ok, _} = emqx_authz:update(head, [?SOURCE1]), + {ok, _} = emqx_authz:update(tail, [?SOURCE3]), - ?assertMatch([#{type := http}, #{type := mongo}, #{type := mysql}], emqx:get_config([authorization, rules], [])), + ?assertMatch([#{type := http}, #{type := mongo}, #{type := mysql}], emqx:get_config([authorization, sources], [])), [#{annotations := #{id := Id1}, type := http}, #{annotations := #{id := Id2}, type := mongo}, #{annotations := #{id := Id3}, type := mysql} ] = emqx_authz:lookup(), - {ok, _} = emqx_authz:update({replace_once, Id1}, ?RULE5), - {ok, _} = emqx_authz:update({replace_once, Id3}, ?RULE4), - ?assertMatch([#{type := redis}, #{type := mongo}, #{type := pgsql}], emqx:get_config([authorization, rules], [])), + {ok, _} = emqx_authz:update({replace_once, Id1}, ?SOURCE5), + {ok, _} = emqx_authz:update({replace_once, Id3}, ?SOURCE4), + ?assertMatch([#{type := redis}, #{type := mongo}, #{type := pgsql}], emqx:get_config([authorization, sources], [])), [#{annotations := #{id := Id1}, type := redis}, #{annotations := #{id := Id2}, type := mongo}, @@ -137,8 +137,8 @@ t_update_rule(_) -> {ok, _} = emqx_authz:update(replace, []). -t_move_rule(_) -> - {ok, _} = emqx_authz:update(replace, [?RULE1, ?RULE2, ?RULE3, ?RULE4, ?RULE5]), +t_move_source(_) -> + {ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5]), [#{annotations := #{id := Id1}}, #{annotations := #{id := Id2}}, #{annotations := #{id := Id3}}, diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl index dc321cf98..8d92413b3 100644 --- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). -import(emqx_ct_http, [ request_api/3 , request_api/5 @@ -37,14 +37,14 @@ -define(API_VERSION, "v5"). -define(BASE_PATH, "api"). --define(RULE1, #{<<"type">> => <<"http">>, +-define(SOURCE1, #{<<"type">> => <<"http">>, <<"config">> => #{ <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, <<"method">> => <<"get">>, <<"request_timeout">> => 5000} }). --define(RULE2, #{<<"type">> => <<"mongo">>, +-define(SOURCE2, #{<<"type">> => <<"mongo">>, <<"config">> => #{ <<"mongo_type">> => <<"single">>, <<"server">> => <<"127.0.0.1:27017">>, @@ -54,7 +54,7 @@ <<"collection">> => <<"fake">>, <<"find">> => #{<<"a">> => <<"b">>} }). --define(RULE3, #{<<"type">> => <<"mysql">>, +-define(SOURCE3, #{<<"type">> => <<"mysql">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -65,7 +65,7 @@ <<"ssl">> => #{<<"enable">> => false}}, <<"sql">> => <<"abcb">> }). --define(RULE4, #{<<"type">> => <<"pgsql">>, +-define(SOURCE4, #{<<"type">> => <<"pgsql">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -76,7 +76,7 @@ <<"ssl">> => #{<<"enable">> => false}}, <<"sql">> => <<"abcb">> }). --define(RULE5, #{<<"type">> => <<"redis">>, +-define(SOURCE5, #{<<"type">> => <<"redis">>, <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, @@ -148,7 +148,7 @@ t_api(_) -> ?assertEqual([], get_rules(Result1)), lists:foreach(fun(_) -> - {ok, 204, _} = request(post, uri(["authorization"]), ?RULE1) + {ok, 204, _} = request(post, uri(["authorization"]), ?SOURCE1) end, lists:seq(1, 20)), {ok, 200, Result2} = request(get, uri(["authorization"]), []), ?assertEqual(20, length(get_rules(Result2))), @@ -160,7 +160,7 @@ t_api(_) -> ?assertEqual(10, length(get_rules(Result))) end, lists:seq(1, 2)), - {ok, 204, _} = request(put, uri(["authorization"]), [?RULE1, ?RULE2, ?RULE3, ?RULE4]), + {ok, 204, _} = request(put, uri(["authorization"]), [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4]), {ok, 200, Result3} = request(get, uri(["authorization"]), []), Rules = get_rules(Result3), @@ -173,7 +173,7 @@ t_api(_) -> #{<<"annotations">> := #{<<"id">> := Id}} = lists:nth(2, Rules), - {ok, 204, _} = request(put, uri(["authorization", binary_to_list(Id)]), ?RULE5), + {ok, 204, _} = request(put, uri(["authorization", binary_to_list(Id)]), ?SOURCE5), {ok, 200, Result4} = request(get, uri(["authorization", binary_to_list(Id)]), []), ?assertMatch(#{<<"type">> := <<"redis">>}, jsx:decode(Result4)), @@ -186,7 +186,7 @@ t_api(_) -> ok. t_move_rule(_) -> - {ok, _} = emqx_authz:update(replace, [?RULE1, ?RULE2, ?RULE3, ?RULE4, ?RULE5]), + {ok, _} = emqx_authz:update(replace, [?SOURCE1, ?SOURCE2, ?SOURCE3, ?SOURCE4, ?SOURCE5]), [#{annotations := #{id := Id1}}, #{annotations := #{id := Id2}}, #{annotations := #{id := Id3}}, diff --git a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl index b0525bb24..fad5e9580 100644 --- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl @@ -21,7 +21,7 @@ -include("emqx_authz.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). diff --git a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl index 6e2f398a4..db111ce83 100644 --- a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). @@ -66,16 +66,16 @@ end_per_suite(_Config) -> meck:unload(emqx_schema), ok. --define(RULE1,[#{<<"topics">> => [<<"#">>], +-define(SOURCE1,[#{<<"topics">> => [<<"#">>], <<"permission">> => <<"deny">>, <<"action">> => <<"all">>}]). --define(RULE2,[#{<<"topics">> => [<<"eq #">>], +-define(SOURCE2,[#{<<"topics">> => [<<"eq #">>], <<"permission">> => <<"allow">>, <<"action">> => <<"all">>}]). --define(RULE3,[#{<<"topics">> => [<<"test/%c">>], +-define(SOURCE3,[#{<<"topics">> => [<<"test/%c">>], <<"permission">> => <<"allow">>, <<"action">> => <<"subscribe">>}]). --define(RULE4,[#{<<"topics">> => [<<"test/%u">>], +-define(SOURCE4,[#{<<"topics">> => [<<"test/%u">>], <<"permission">> => <<"allow">>, <<"action">> => <<"publish">>}]). @@ -107,15 +107,15 @@ t_authz(_) -> ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch - meck:expect(emqx_resource, query, fun(_, _) -> ?RULE1 ++ ?RULE2 end), + meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE1 ++ ?SOURCE2 end), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> ?RULE2 ++ ?RULE1 end), + meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE2 ++ ?SOURCE1 end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> ?RULE3 ++ ?RULE4 end), + meck:expect(emqx_resource, query, fun(_, _) -> ?SOURCE3 ++ ?SOURCE4 end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)), diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index dc8d99e59..0675e1caf 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). @@ -72,10 +72,10 @@ end_per_suite(_Config) -> , <<"permission">> , <<"topic">> ]). --define(RULE1, [[<<"all">>, <<"deny">>, <<"#">>]]). --define(RULE2, [[<<"all">>, <<"allow">>, <<"eq #">>]]). --define(RULE3, [[<<"subscribe">>, <<"allow">>, <<"test/%c">>]]). --define(RULE4, [[<<"publish">>, <<"allow">>, <<"test/%u">>]]). +-define(SOURCE1, [[<<"all">>, <<"deny">>, <<"#">>]]). +-define(SOURCE2, [[<<"all">>, <<"allow">>, <<"eq #">>]]). +-define(SOURCE3, [[<<"subscribe">>, <<"allow">>, <<"test/%c">>]]). +-define(SOURCE4, [[<<"publish">>, <<"allow">>, <<"test/%u">>]]). %%------------------------------------------------------------------------------ %% Testcases @@ -105,15 +105,15 @@ t_authz(_) -> ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE1 ++ ?SOURCE2} end), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE2 ++ ?SOURCE1} end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE3 ++ ?SOURCE4} end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)), diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index 53a91bd35..6880ab405 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). @@ -72,10 +72,10 @@ end_per_suite(_Config) -> , {column, <<"permission">>, meck, meck, meck, meck, meck, meck, meck} , {column, <<"topic">>, meck, meck, meck, meck, meck, meck, meck} ]). --define(RULE1, [{<<"all">>, <<"deny">>, <<"#">>}]). --define(RULE2, [{<<"all">>, <<"allow">>, <<"eq #">>}]). --define(RULE3, [{<<"subscribe">>, <<"allow">>, <<"test/%c">>}]). --define(RULE4, [{<<"publish">>, <<"allow">>, <<"test/%u">>}]). +-define(SOURCE1, [{<<"all">>, <<"deny">>, <<"#">>}]). +-define(SOURCE2, [{<<"all">>, <<"allow">>, <<"eq #">>}]). +-define(SOURCE3, [{<<"subscribe">>, <<"allow">>, <<"test/%c">>}]). +-define(SOURCE4, [{<<"publish">>, <<"allow">>, <<"test/%u">>}]). %%------------------------------------------------------------------------------ %% Testcases @@ -105,15 +105,15 @@ t_authz(_) -> ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE1 ++ ?SOURCE2} end), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE2 ++ ?SOURCE1} end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"+">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?SOURCE3 ++ ?SOURCE4} end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, publish, <<"test/test_clientid">>)), ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)), diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl index 2d1e9161e..09682761d 100644 --- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl @@ -21,7 +21,7 @@ -include("emqx_authz.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization: {sources: []}">>). all() -> emqx_ct:all(?MODULE). @@ -66,9 +66,9 @@ end_per_suite(_Config) -> meck:unload(emqx_schema), ok. --define(RULE1, [<<"test/%u">>, <<"publish">>]). --define(RULE2, [<<"test/%c">>, <<"publish">>]). --define(RULE3, [<<"#">>, <<"subscribe">>]). +-define(SOURCE1, [<<"test/%u">>, <<"publish">>]). +-define(SOURCE2, [<<"test/%c">>, <<"publish">>]). +-define(SOURCE3, [<<"#">>, <<"subscribe">>]). %%------------------------------------------------------------------------------ %% Testcases @@ -90,7 +90,7 @@ t_authz(_) -> emqx_access_control:authorize(ClientInfo, publish, <<"#">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?SOURCE1 ++ ?SOURCE2} end), % nomatch ?assertEqual(deny, emqx_access_control:authorize(ClientInfo, subscribe, <<"+">>)), @@ -103,7 +103,7 @@ t_authz(_) -> ?assertEqual(allow, emqx_access_control:authorize(ClientInfo, publish, <<"test/clientid">>)), - meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end), + meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?SOURCE3} end), ?assertEqual(allow, emqx_access_control:authorize(ClientInfo, subscribe, <<"#">>)), diff --git a/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl b/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl index ff215354a..c38d99cba 100644 --- a/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_rule_SUITE.erl @@ -22,11 +22,11 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(RULE1, {deny, all, all, ["#"]}). --define(RULE2, {allow, {ipaddr, "127.0.0.1"}, all, [{eq, "#"}, {eq, "+"}]}). --define(RULE3, {allow, {ipaddrs, ["127.0.0.1", "192.168.1.0/24"]}, subscribe, ["%c"]}). --define(RULE4, {allow, {'and', [{clientid, "^test?"}, {username, "^test?"}]}, publish, ["topic/test"]}). --define(RULE5, {allow, {'or', [{username, "^test"}, {clientid, "test?"}]}, publish, ["%u", "%c"]}). +-define(SOURCE1, {deny, all, all, ["#"]}). +-define(SOURCE2, {allow, {ipaddr, "127.0.0.1"}, all, [{eq, "#"}, {eq, "+"}]}). +-define(SOURCE3, {allow, {ipaddrs, ["127.0.0.1", "192.168.1.0/24"]}, subscribe, ["%c"]}). +-define(SOURCE4, {allow, {'and', [{clientid, "^test?"}, {username, "^test?"}]}, publish, ["topic/test"]}). +-define(SOURCE5, {allow, {'or', [{username, "^test"}, {clientid, "test?"}]}, publish, ["%u", "%c"]}). all() -> emqx_ct:all(?MODULE). @@ -40,28 +40,28 @@ end_per_suite(_Config) -> ok. t_compile(_) -> - ?assertEqual({deny, all, all, [['#']]}, emqx_authz_rule:compile(?RULE1)), + ?assertEqual({deny, all, all, [['#']]}, emqx_authz_rule:compile(?SOURCE1)), - ?assertEqual({allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, all, [{eq, ['#']}, {eq, ['+']}]}, emqx_authz_rule:compile(?RULE2)), + ?assertEqual({allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, all, [{eq, ['#']}, {eq, ['+']}]}, emqx_authz_rule:compile(?SOURCE2)), ?assertEqual({allow, {ipaddrs,[{{127,0,0,1},{127,0,0,1},32}, {{192,168,1,0},{192,168,1,255},24}]}, subscribe, [{pattern,[<<"%c">>]}] - }, emqx_authz_rule:compile(?RULE3)), + }, emqx_authz_rule:compile(?SOURCE3)), ?assertMatch({allow, {'and', [{clientid, {re_pattern, _, _, _, _}}, {username, {re_pattern, _, _, _, _}}]}, publish, [[<<"topic">>, <<"test">>]] - }, emqx_authz_rule:compile(?RULE4)), + }, emqx_authz_rule:compile(?SOURCE4)), ?assertMatch({allow, {'or', [{username, {re_pattern, _, _, _, _}}, {clientid, {re_pattern, _, _, _, _}}]}, publish, [{pattern, [<<"%u">>]}, {pattern, [<<"%c">>]}] - }, emqx_authz_rule:compile(?RULE5)), + }, emqx_authz_rule:compile(?SOURCE5)), ok. @@ -92,47 +92,47 @@ t_match(_) -> }, ?assertEqual({matched, deny}, - emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE1))), + emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE1))), ?assertEqual({matched, deny}, - emqx_authz_rule:match(ClientInfo2, subscribe, <<"+">>, emqx_authz_rule:compile(?RULE1))), + emqx_authz_rule:match(ClientInfo2, subscribe, <<"+">>, emqx_authz_rule:compile(?SOURCE1))), ?assertEqual({matched, deny}, - emqx_authz_rule:match(ClientInfo3, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE1))), + emqx_authz_rule:match(ClientInfo3, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE1))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE2))), + emqx_authz_rule:match(ClientInfo1, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE2))), ?assertEqual(nomatch, - emqx_authz_rule:match(ClientInfo1, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE2))), + emqx_authz_rule:match(ClientInfo1, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE2))), ?assertEqual(nomatch, - emqx_authz_rule:match(ClientInfo2, subscribe, <<"#">>, emqx_authz_rule:compile(?RULE2))), + emqx_authz_rule:match(ClientInfo2, subscribe, <<"#">>, emqx_authz_rule:compile(?SOURCE2))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo1, subscribe, <<"test">>, emqx_authz_rule:compile(?RULE3))), + emqx_authz_rule:match(ClientInfo1, subscribe, <<"test">>, emqx_authz_rule:compile(?SOURCE3))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo2, subscribe, <<"test">>, emqx_authz_rule:compile(?RULE3))), + emqx_authz_rule:match(ClientInfo2, subscribe, <<"test">>, emqx_authz_rule:compile(?SOURCE3))), ?assertEqual(nomatch, - emqx_authz_rule:match(ClientInfo2, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?RULE3))), + emqx_authz_rule:match(ClientInfo2, subscribe, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE3))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo1, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))), + emqx_authz_rule:match(ClientInfo1, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo2, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))), + emqx_authz_rule:match(ClientInfo2, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))), ?assertEqual(nomatch, - emqx_authz_rule:match(ClientInfo3, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))), + emqx_authz_rule:match(ClientInfo3, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))), ?assertEqual(nomatch, - emqx_authz_rule:match(ClientInfo4, publish, <<"topic/test">>, emqx_authz_rule:compile(?RULE4))), + emqx_authz_rule:match(ClientInfo4, publish, <<"topic/test">>, emqx_authz_rule:compile(?SOURCE4))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo1, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo1, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo2, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo2, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo3, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo3, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo3, publish, <<"fake">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo3, publish, <<"fake">>, emqx_authz_rule:compile(?SOURCE5))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo4, publish, <<"test">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo4, publish, <<"test">>, emqx_authz_rule:compile(?SOURCE5))), ?assertEqual({matched, allow}, - emqx_authz_rule:match(ClientInfo4, publish, <<"fake">>, emqx_authz_rule:compile(?RULE5))), + emqx_authz_rule:match(ClientInfo4, publish, <<"fake">>, emqx_authz_rule:compile(?SOURCE5))), ok.