From 4b50bfb4c2052353a40982d4ed7023d5e06a6647 Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Fri, 23 Jul 2021 17:10:39 +0800 Subject: [PATCH] chore(config): rename acl to authorize in emqx.conf Signed-off-by: zhanghongtong --- apps/emqx/etc/emqx.conf | 22 +++++++++---------- apps/emqx/src/emqx_acl_cache.erl | 6 ++--- apps/emqx/src/emqx_channel.erl | 6 ++--- apps/emqx/src/emqx_schema.erl | 10 ++++----- apps/emqx/test/emqx_acl_cache_SUITE.erl | 2 +- apps/emqx/test/emqx_channel_SUITE.erl | 6 ++--- .../emqx/test/emqx_mqtt_protocol_v5_SUITE.erl | 6 ++--- apps/emqx_authz/test/emqx_authz_SUITE.erl | 4 ++-- .../emqx_authz/test/emqx_authz_http_SUITE.erl | 4 ++-- .../test/emqx_authz_mongo_SUITE.erl | 4 ++-- .../test/emqx_authz_mysql_SUITE.erl | 4 ++-- .../test/emqx_authz_pgsql_SUITE.erl | 4 ++-- .../test/emqx_authz_redis_SUITE.erl | 4 ++-- .../src/exproto/emqx_exproto_channel.erl | 2 +- 14 files changed, 41 insertions(+), 43 deletions(-) diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf index cbd41a2a8..4dfeabbe2 100644 --- a/apps/emqx/etc/emqx.conf +++ b/apps/emqx/etc/emqx.conf @@ -813,7 +813,7 @@ broker { ## - `auth.*` ## - `stats.*` ## - `mqtt.*` -## - `acl.*` +## - `authorization.*` ## - `flapping_detect.*` ## - `force_shutdown.*` ## - `conn_congestion.*` @@ -1095,18 +1095,18 @@ zones.default { } - acl { + authorization { ## Enable ACL check. ## - ## @doc zones..acl.enable + ## @doc zones..authorization.enable ## ValueType: Boolean - ## Default: false - enable: false + ## Default: true + enable: true - ## The action when acl check reject current operation + ## The action when authorization check reject current operation ## - ## @doc zones..acl.deny_action + ## @doc zones..authorization.deny_action ## ValueType: ignore | disconnect ## Default: ignore deny_action: ignore @@ -1115,14 +1115,14 @@ zones.default { ## ## If enabled, ACLs roles for each client will be cached in the memory ## - ## @doc zones..acl.cache.enable + ## @doc zones..authorization.cache.enable ## ValueType: Boolean ## Default: true cache.enable: true ## The maximum count of ACL entries can be cached for a client. ## - ## @doc zones..acl.cache.max_size + ## @doc zones..authorization.cache.max_size ## ValueType: Integer ## Range: [0, 1048576] ## Default: 32 @@ -1130,7 +1130,7 @@ zones.default { ## The time after which an ACL cache entry will be deleted ## - ## @doc zones..acl.cache.ttl + ## @doc zones..authorization.cache.ttl ## ValueType: Duration ## Default: 1m cache.ttl: 1m @@ -1857,7 +1857,7 @@ zones.default { #This is an example zone which has less "strict" settings. #It's useful to clients connecting the broker from trusted networks. zones.internal { - acl.enable: false + authorization.enable: true auth.enable: false listeners.mqtt_internal: { type: tcp diff --git a/apps/emqx/src/emqx_acl_cache.erl b/apps/emqx/src/emqx_acl_cache.erl index 189faca2f..0232eadaa 100644 --- a/apps/emqx/src/emqx_acl_cache.erl +++ b/apps/emqx/src/emqx_acl_cache.erl @@ -52,15 +52,15 @@ drain_k() -> {?MODULE, drain_timestamp}. -spec(is_enabled(atom()) -> boolean()). is_enabled(Zone) -> - emqx_config:get_zone_conf(Zone, [acl, cache, enable]). + emqx_config:get_zone_conf(Zone, [authorization, cache, enable]). -spec(get_cache_max_size(atom()) -> integer()). get_cache_max_size(Zone) -> - emqx_config:get_zone_conf(Zone, [acl, cache, max_size]). + emqx_config:get_zone_conf(Zone, [authorization, cache, max_size]). -spec(get_cache_ttl(atom()) -> integer()). get_cache_ttl(Zone) -> - emqx_config:get_zone_conf(Zone, [acl, cache, ttl]). + emqx_config:get_zone_conf(Zone, [authorization, cache, ttl]). -spec(list_acl_cache(atom()) -> [acl_cache_entry()]). list_acl_cache(Zone) -> diff --git a/apps/emqx/src/emqx_channel.erl b/apps/emqx/src/emqx_channel.erl index bcea463a8..c023a166a 100644 --- a/apps/emqx/src/emqx_channel.erl +++ b/apps/emqx/src/emqx_channel.erl @@ -435,7 +435,7 @@ handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters), HasAclDeny = lists:any(fun({_TopicFilter, ReasonCode}) -> ReasonCode =:= ?RC_NOT_AUTHORIZED end, TupleTopicFilters0), - DenyAction = emqx_config:get_zone_conf(Zone, [acl, deny_action]), + DenyAction = emqx_config:get_zone_conf(Zone, [authorization, deny_action]), case DenyAction =:= disconnect andalso HasAclDeny of true -> handle_out(disconnect, ?RC_NOT_AUTHORIZED, Channel); false -> @@ -551,7 +551,7 @@ process_publish(Packet = ?PUBLISH_PACKET(QoS, Topic, PacketId), {error, Rc = ?RC_NOT_AUTHORIZED, NChannel} -> ?LOG(warning, "Cannot publish message to ~s due to ~s.", [Topic, emqx_reason_codes:text(Rc)]), - case emqx_config:get_zone_conf(Zone, [acl_deny_action]) of + case emqx_config:get_zone_conf(Zone, [authorization, deny_action]) of ignore -> case QoS of ?QOS_0 -> {ok, NChannel}; @@ -1622,7 +1622,7 @@ maybe_shutdown(Reason, Channel = #channel{conninfo = ConnInfo}) -> %%-------------------------------------------------------------------- %% Is ACL enabled? is_acl_enabled(#{zone := Zone, is_superuser := IsSuperuser}) -> - (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [acl, enable]). + (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [authorization, enable]). %%-------------------------------------------------------------------- %% Parse Topic Filters diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index 7bc3c09e7..cfaffc6c7 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -257,13 +257,13 @@ fields("auth") -> [ {"enable", t(boolean(), undefined, false)} ]; -fields("acl") -> - [ {"enable", t(boolean(), undefined, false)} - , {"cache", ref("acl_cache")} +fields("authorization") -> + [ {"enable", t(boolean(), undefined, true)} + , {"cache", ref("authorization_cache")} , {"deny_action", t(union(ignore, disconnect), undefined, ignore)} ]; -fields("acl_cache") -> +fields("authorization_cache") -> [ {"enable", t(boolean(), undefined, true)} , {"max_size", t(range(1, 1048576), undefined, 32)} , {"ttl", t(duration(), undefined, "1m")} @@ -306,7 +306,7 @@ fields("zones") -> fields("zone_settings") -> [ {"mqtt", ref("mqtt")} - , {"acl", ref("acl")} + , {"authorization", ref("authorization")} , {"auth", ref("auth")} , {"stats", ref("stats")} , {"flapping_detect", ref("flapping_detect")} diff --git a/apps/emqx/test/emqx_acl_cache_SUITE.erl b/apps/emqx/test/emqx_acl_cache_SUITE.erl index 3708d0524..ebbf974af 100644 --- a/apps/emqx/test/emqx_acl_cache_SUITE.erl +++ b/apps/emqx/test/emqx_acl_cache_SUITE.erl @@ -80,4 +80,4 @@ t_drain_acl_cache(_) -> emqtt:stop(Client). toggle_acl(Bool) when is_boolean(Bool) -> - emqx_config:put_zone_conf(default, [acl, enable], Bool). + emqx_config:put_zone_conf(default, [authorization, enable], Bool). diff --git a/apps/emqx/test/emqx_channel_SUITE.erl b/apps/emqx/test/emqx_channel_SUITE.erl index 7b2161882..0b2039f30 100644 --- a/apps/emqx/test/emqx_channel_SUITE.erl +++ b/apps/emqx/test/emqx_channel_SUITE.erl @@ -140,7 +140,7 @@ listener_mqtt_ws_conf() -> default_zone_conf() -> #{zones => #{default => - #{ acl => #{ + #{ authorization => #{ cache => #{enable => true,max_size => 32, ttl => 60000}, deny_action => ignore, enable => false @@ -863,7 +863,7 @@ t_packing_alias(_) -> channel())). t_check_pub_acl(_) -> - emqx_config:put_zone_conf(default, [acl, enable], true), + emqx_config:put_zone_conf(default, [authorization, enable], true), Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>), ok = emqx_channel:check_pub_acl(Publish, channel()). @@ -873,7 +873,7 @@ t_check_pub_alias(_) -> ok = emqx_channel:check_pub_alias(#mqtt_packet{variable = Publish}, Channel). t_check_sub_acls(_) -> - emqx_config:put_zone_conf(default, [acl, enable], true), + emqx_config:put_zone_conf(default, [authorization, enable], true), TopicFilter = {<<"t">>, ?DEFAULT_SUBOPTS}, [{TopicFilter, 0}] = emqx_channel:check_sub_acls([TopicFilter], channel()). diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl index ff04055e6..8f82d83bb 100644 --- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl +++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl @@ -217,14 +217,12 @@ t_connect_will_message(Config) -> ok = emqtt:disconnect(Client4). t_batch_subscribe(init, Config) -> - emqx_config:put_zone_conf(default, [acl, enable], true), - emqx_config:put_zone_conf(default, [acl, enable], true), + emqx_config:put_zone_conf(default, [authorization, enable], true), ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]), meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end), Config; t_batch_subscribe('end', _Config) -> - emqx_config:put_zone_conf(default, [acl, enable], false), - emqx_config:put_zone_conf(default, [acl, enable], false), + emqx_config:put_zone_conf(default, [authorization, enable], false), meck:unload(emqx_access_control). t_batch_subscribe(Config) -> diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 98d2c343c..770adad6e 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -30,8 +30,8 @@ groups() -> init_per_suite(Config) -> ok = emqx_ct_helpers:start_apps([emqx_authz]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), emqx_authz:update(replace, []), Config. diff --git a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl index 8d698ff21..d785acca2 100644 --- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl @@ -36,8 +36,8 @@ init_per_suite(Config) -> meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]), meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ), ok = emqx_ct_helpers:start_apps([emqx_authz]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), Rules = [#{ <<"config">> => #{ <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, diff --git a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl index a7a1ffbda..ecf47021d 100644 --- a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl @@ -38,8 +38,8 @@ init_per_suite(Config) -> ok = emqx_ct_helpers:start_apps([emqx_authz]), ct:pal("---- emqx_hooks: ~p", [ets:tab2list(emqx_hooks)]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), Rules = [#{ <<"config">> => #{ <<"mongo_type">> => <<"single">>, <<"server">> => <<"127.0.0.1:27017">>, diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index abda72618..386b5a1ad 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -36,8 +36,8 @@ init_per_suite(Config) -> meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]), meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ), ok = emqx_ct_helpers:start_apps([emqx_authz]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index ee1d789f7..78c29b176 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -36,8 +36,8 @@ init_per_suite(Config) -> meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]), meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ), ok = emqx_ct_helpers:start_apps([emqx_authz]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl index aa932e5e1..4cc9ed48e 100644 --- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl @@ -36,8 +36,8 @@ init_per_suite(Config) -> meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]), meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ), ok = emqx_ct_helpers:start_apps([emqx_authz]), - ok = emqx_config:update_config([zones, default, acl, cache, enable], false), - ok = emqx_config:update_config([zones, default, acl, enable], true), + ok = emqx_config:update_config([zones, default, authorization, cache, enable], false), + ok = emqx_config:update_config([zones, default, authorization, enable], true), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, diff --git a/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl b/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl index c9c26a766..5978e83b7 100644 --- a/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl +++ b/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl @@ -456,7 +456,7 @@ parse_topic_filters(TopicFilters) -> lists:map(fun emqx_topic:parse/1, TopicFilters). is_acl_enabled(#{zone := Zone, listener := Listener, is_superuser := IsSuperuser}) -> - (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [acl, enable]). + (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [authorization, enable]). %%-------------------------------------------------------------------- %% Ensure & Hooks