yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(schema): add password converter to ensure its binary() type

This commit is contained in:
Zaiming (Stone) Shi 2023-01-15 11:09:33 +01:00
parent 74ae7c4264
commit 4a7e74f5d6
8 changed files with 44 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/emqx/src/emqx_schema.erl
View File

@ -114,6 +114,7 @@
-export([namespace/0, roots/0, roots/1, fields/1, desc/1, tags/0]). -export([namespace/0, roots/0, roots/1, fields/1, desc/1, tags/0]).
-export([conf_get/2, conf_get/3, keys/2, filter/1]). -export([conf_get/2, conf_get/3, keys/2, filter/1]).
-export([server_ssl_opts_schema/2, client_ssl_opts_schema/1, ciphers_schema/1]). -export([server_ssl_opts_schema/2, client_ssl_opts_schema/1, ciphers_schema/1]).
-export([password_converter/2]).
-export([authz_fields/0]). -export([authz_fields/0]).
-export([sc/2, map/2]). -export([sc/2, map/2]).
@ -1510,7 +1511,9 @@ fields("sysmon_top") ->
#{ #{
mapping => "system_monitor.db_password", mapping => "system_monitor.db_password",
default => "system_monitor_password", default => "system_monitor_password",
desc => ?DESC(sysmon_top_db_password) desc => ?DESC(sysmon_top_db_password),
converter => fun password_converter/2,
sensitive => true
} }
)}, )},
{"db_name", {"db_name",
@ -1900,7 +1903,8 @@ common_ssl_opts_schema(Defaults) ->
required => false, required => false,
example => <<"">>, example => <<"">>,
format => <<"password">>, format => <<"password">>,
desc => ?DESC(common_ssl_opts_schema_password) desc => ?DESC(common_ssl_opts_schema_password),
converter => fun password_converter/2
} }
)}, )},
{"versions", {"versions",
@ -2068,6 +2072,18 @@ do_default_ciphers(_) ->
%% otherwise resolve default ciphers list at runtime %% otherwise resolve default ciphers list at runtime
[]. [].
password_converter(undefined, _) ->
undefined;
password_converter(I, _) when is_integer(I) ->
integer_to_binary(I);
password_converter(X, _) ->
try
iolist_to_binary(X)
catch
_:_ ->
throw("must_quote")
end.
authz_fields() -> authz_fields() ->
[ [
{"no_match", {"no_match",

3
apps/emqx_conf/src/emqx_conf_schema.erl
View File

@ -408,7 +408,8 @@ fields("node") ->
required => true, required => true,
'readOnly' => true, 'readOnly' => true,
sensitive => true, sensitive => true,
desc => ?DESC(node_cookie) desc => ?DESC(node_cookie),
converter => fun emqx_schema:password_converter/2
} }
)}, )},
{"process_limit", {"process_limit",

1
apps/emqx_connector/src/emqx_connector_schema_lib.erl
View File

@ -101,6 +101,7 @@ password(desc) -> ?DESC("password");
password(required) -> false; password(required) -> false;
password(format) -> <<"password">>; password(format) -> <<"password">>;
password(sensitive) -> true; password(sensitive) -> true;
password(converter) -> fun emqx_schema:password_converter/2;
password(_) -> undefined. password(_) -> undefined.
auto_reconnect(type) -> boolean(); auto_reconnect(type) -> boolean();

3
apps/emqx_connector/src/mqtt/emqx_connector_mqtt_schema.erl
View File

@ -107,7 +107,8 @@ fields("server_configs") ->
#{ #{
format => <<"password">>, format => <<"password">>,
sensitive => true, sensitive => true,
desc => ?DESC("password") desc => ?DESC("password"),
converter => fun emqx_schema:password_converter/2
} }
)}, )},
{clean_start, {clean_start,

1
apps/emqx_dashboard/src/emqx_dashboard_schema.erl
View File

@ -209,6 +209,7 @@ default_password(default) -> "public";
default_password(required) -> true; default_password(required) -> true;
default_password('readOnly') -> true; default_password('readOnly') -> true;
default_password(sensitive) -> true; default_password(sensitive) -> true;
default_password(converter) -> fun emqx_schema:password_converter/2;
default_password(desc) -> ?DESC(default_password); default_password(desc) -> ?DESC(default_password);
default_password(_) -> undefined. default_password(_) -> undefined.

8
apps/emqx_gateway/src/emqx_gateway_schema.erl
View File

@ -380,7 +380,13 @@ fields(ssl_server_opts) ->
fields(clientinfo_override) -> fields(clientinfo_override) ->
[ [
{username, sc(binary(), #{desc => ?DESC(gateway_common_clientinfo_override_username)})}, {username, sc(binary(), #{desc => ?DESC(gateway_common_clientinfo_override_username)})},
{password, sc(binary(), #{desc => ?DESC(gateway_common_clientinfo_override_password)})}, {password,
sc(binary(), #{
desc => ?DESC(gateway_common_clientinfo_override_password),
sensitive => true,
format => <<"password">>,
converter => fun emqx_schema:password_converter/2
})},
{clientid, sc(binary(), #{desc => ?DESC(gateway_common_clientinfo_override_clientid)})} {clientid, sc(binary(), #{desc => ?DESC(gateway_common_clientinfo_override_clientid)})}
]; ];
fields(lwm2m_translators) -> fields(lwm2m_translators) ->

7
lib-ee/emqx_ee_bridge/src/emqx_ee_bridge_kafka.erl
View File

@ -116,7 +116,12 @@ fields(auth_username_password) ->
})}, })},
{username, mk(binary(), #{required => true, desc => ?DESC(auth_sasl_username)})}, {username, mk(binary(), #{required => true, desc => ?DESC(auth_sasl_username)})},
{password, {password,
mk(binary(), #{required => true, sensitive => true, desc => ?DESC(auth_sasl_password)})} mk(binary(), #{
required => true,
sensitive => true,
desc => ?DESC(auth_sasl_password),
converter => fun emqx_schema:password_converter/2
})}
]; ];
fields(auth_gssapi_kerberos) -> fields(auth_gssapi_kerberos) ->
[ [

8
lib-ee/emqx_ee_connector/src/emqx_ee_connector_influxdb.erl
View File

@ -157,7 +157,13 @@ fields(influxdb_api_v1) ->
[ [
{database, mk(binary(), #{required => true, desc => ?DESC("database")})}, {database, mk(binary(), #{required => true, desc => ?DESC("database")})},
{username, mk(binary(), #{desc => ?DESC("username")})}, {username, mk(binary(), #{desc => ?DESC("username")})},
{password, mk(binary(), #{desc => ?DESC("password"), format => <<"password">>})} {password,
mk(binary(), #{
desc => ?DESC("password"),
format => <<"password">>,
sensitive => true,
converter => fun emqx_schema:password_converter/2
})}
] ++ emqx_connector_schema_lib:ssl_fields(); ] ++ emqx_connector_schema_lib:ssl_fields();
fields(influxdb_api_v2) -> fields(influxdb_api_v2) ->
fields(common) ++ fields(common) ++