chore(config): rename acl to authorize in emqx.conf

Signed-off-by: zhanghongtong <rory-z@outlook.com>
2021-07-23 17:10:39 +08:00 · 2021-07-23 17:10:39 +08:00 · 4b50bfb4c2
parent f278d170a7
commit 4b50bfb4c2
14 changed files with 41 additions and 43 deletions
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@ -813,7 +813,7 @@ broker {
 ##   - `auth.*`
 ##   - `stats.*`
 ##   - `mqtt.*`
-##   - `acl.*`
+##   - `authorization.*`
 ##   - `flapping_detect.*`
 ##   - `force_shutdown.*`
 ##   - `conn_congestion.*`
@ -1095,18 +1095,18 @@ zones.default {
  }
-  acl {
+  authorization {
    ## Enable ACL check.
    ##
-    ## @doc zones.<name>.acl.enable
+    ## @doc zones.<name>.authorization.enable
    ## ValueType: Boolean
-    ## Default: false
+    ## Default: true
-    enable: false
+    enable: true
-    ## The action when acl check reject current operation
+    ## The action when authorization check reject current operation
    ##
-    ## @doc zones.<name>.acl.deny_action
+    ## @doc zones.<name>.authorization.deny_action
    ## ValueType: ignore | disconnect
    ## Default: ignore
    deny_action: ignore
@ -1115,14 +1115,14 @@ zones.default {
    ##
    ## If enabled, ACLs roles for each client will be cached in the memory
    ##
-    ## @doc zones.<name>.acl.cache.enable
+    ## @doc zones.<name>.authorization.cache.enable
    ## ValueType: Boolean
    ## Default: true
    cache.enable: true
    ## The maximum count of ACL entries can be cached for a client.
    ##
-    ## @doc zones.<name>.acl.cache.max_size
+    ## @doc zones.<name>.authorization.cache.max_size
    ## ValueType: Integer
    ## Range: [0, 1048576]
    ## Default: 32
@ -1130,7 +1130,7 @@ zones.default {
    ## The time after which an ACL cache entry will be deleted
    ##
-    ## @doc zones.<name>.acl.cache.ttl
+    ## @doc zones.<name>.authorization.cache.ttl
    ## ValueType: Duration
    ## Default: 1m
    cache.ttl: 1m
@ -1857,7 +1857,7 @@ zones.default {
 #This is an example zone which has less "strict" settings.
 #It's useful to clients connecting the broker from trusted networks.
 zones.internal {
-  acl.enable: false
+  authorization.enable: true
  auth.enable: false
  listeners.mqtt_internal: {
    type: tcp
--- a/apps/emqx/src/emqx_acl_cache.erl
+++ b/apps/emqx/src/emqx_acl_cache.erl
@ -52,15 +52,15 @@ drain_k() -> {?MODULE, drain_timestamp}.
 -spec(is_enabled(atom()) -> boolean()).
 is_enabled(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, enable]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, enable]).
 -spec(get_cache_max_size(atom()) -> integer()).
 get_cache_max_size(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, max_size]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, max_size]).
 -spec(get_cache_ttl(atom()) -> integer()).
 get_cache_ttl(Zone) ->
-    emqx_config:get_zone_conf(Zone, [acl, cache, ttl]).
+    emqx_config:get_zone_conf(Zone, [authorization, cache, ttl]).
 -spec(list_acl_cache(atom()) -> [acl_cache_entry()]).
 list_acl_cache(Zone) ->
--- a/apps/emqx/src/emqx_channel.erl
+++ b/apps/emqx/src/emqx_channel.erl
@ -435,7 +435,7 @@ handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters),
            HasAclDeny = lists:any(fun({_TopicFilter, ReasonCode}) ->
                    ReasonCode =:= ?RC_NOT_AUTHORIZED
                end, TupleTopicFilters0),
-            DenyAction = emqx_config:get_zone_conf(Zone, [acl, deny_action]),
+            DenyAction = emqx_config:get_zone_conf(Zone, [authorization, deny_action]),
            case DenyAction =:= disconnect andalso HasAclDeny of
                true -> handle_out(disconnect, ?RC_NOT_AUTHORIZED, Channel);
                false ->
@ -551,7 +551,7 @@ process_publish(Packet = ?PUBLISH_PACKET(QoS, Topic, PacketId),
        {error, Rc = ?RC_NOT_AUTHORIZED, NChannel} ->
            ?LOG(warning, "Cannot publish message to ~s due to ~s.",
                 [Topic, emqx_reason_codes:text(Rc)]),
-            case emqx_config:get_zone_conf(Zone, [acl_deny_action]) of
+            case emqx_config:get_zone_conf(Zone, [authorization, deny_action]) of
                ignore ->
                    case QoS of
                       ?QOS_0 -> {ok, NChannel};
@ -1622,7 +1622,7 @@ maybe_shutdown(Reason, Channel = #channel{conninfo = ConnInfo}) ->
 %%--------------------------------------------------------------------
 %% Is ACL enabled?
 is_acl_enabled(#{zone := Zone, is_superuser := IsSuperuser}) ->
-    (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [acl, enable]).
+    (not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [authorization, enable]).
 %%--------------------------------------------------------------------
 %% Parse Topic Filters
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -257,13 +257,13 @@ fields("auth") ->
    [ {"enable", t(boolean(), undefined, false)}
    ];
-fields("acl") ->
+fields("authorization") ->
-    [ {"enable", t(boolean(), undefined, false)}
+    [ {"enable", t(boolean(), undefined, true)}
-    , {"cache", ref("acl_cache")}
+    , {"cache", ref("authorization_cache")}
    , {"deny_action", t(union(ignore, disconnect), undefined, ignore)}
    ];
-fields("acl_cache") ->
+fields("authorization_cache") ->
    [ {"enable", t(boolean(), undefined, true)}
    , {"max_size", t(range(1, 1048576), undefined, 32)}
    , {"ttl", t(duration(), undefined, "1m")}
@ -306,7 +306,7 @@ fields("zones") ->
 fields("zone_settings") ->
    [ {"mqtt", ref("mqtt")}
-    , {"acl", ref("acl")}
+    , {"authorization", ref("authorization")}
    , {"auth", ref("auth")}
    , {"stats", ref("stats")}
    , {"flapping_detect", ref("flapping_detect")}
--- a/apps/emqx/test/emqx_acl_cache_SUITE.erl
+++ b/apps/emqx/test/emqx_acl_cache_SUITE.erl
@ -80,4 +80,4 @@ t_drain_acl_cache(_) ->
    emqtt:stop(Client).
 toggle_acl(Bool) when is_boolean(Bool) ->
-    emqx_config:put_zone_conf(default, [acl, enable], Bool).
+    emqx_config:put_zone_conf(default, [authorization, enable], Bool).
--- a/apps/emqx/test/emqx_channel_SUITE.erl
+++ b/apps/emqx/test/emqx_channel_SUITE.erl
@ -140,7 +140,7 @@ listener_mqtt_ws_conf() ->
 default_zone_conf() ->
    #{zones =>
        #{default =>
-            #{  acl => #{
+            #{  authorization => #{
                    cache => #{enable => true,max_size => 32, ttl => 60000},
                    deny_action => ignore,
                    enable => false
@ -863,7 +863,7 @@ t_packing_alias(_) ->
                   channel())).
 t_check_pub_acl(_) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
    Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
    ok = emqx_channel:check_pub_acl(Publish, channel()).
@ -873,7 +873,7 @@ t_check_pub_alias(_) ->
    ok = emqx_channel:check_pub_alias(#mqtt_packet{variable = Publish}, Channel).
 t_check_sub_acls(_) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
    TopicFilter = {<<"t">>, ?DEFAULT_SUBOPTS},
    [{TopicFilter, 0}] = emqx_channel:check_sub_acls([TopicFilter], channel()).
--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@ -217,14 +217,12 @@ t_connect_will_message(Config) ->
    ok = emqtt:disconnect(Client4).
 t_batch_subscribe(init, Config) ->
-    emqx_config:put_zone_conf(default, [acl, enable], true),
+    emqx_config:put_zone_conf(default, [authorization, enable], true),
    emqx_config:put_zone_conf(default, [acl, enable], true),
    ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
    meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
    Config;
 t_batch_subscribe('end', _Config) ->
-    emqx_config:put_zone_conf(default, [acl, enable], false),
+    emqx_config:put_zone_conf(default, [authorization, enable], false),
    emqx_config:put_zone_conf(default, [acl, enable], false),
    meck:unload(emqx_access_control).
 t_batch_subscribe(Config) ->
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@ -30,8 +30,8 @@ groups() ->
 init_per_suite(Config) ->
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    emqx_authz:update(replace, []),
    Config.
--- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl
@ -36,8 +36,8 @@ init_per_suite(Config) ->
    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
    meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    Rules = [#{ <<"config">> => #{
                    <<"url">> => <<"https://fake.com:443/">>,
                    <<"headers">> => #{},
--- a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
@ -38,8 +38,8 @@ init_per_suite(Config) ->
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
    ct:pal("---- emqx_hooks: ~p", [ets:tab2list(emqx_hooks)]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    Rules = [#{ <<"config">> => #{
                        <<"mongo_type">> => <<"single">>,
                        <<"server">> => <<"127.0.0.1:27017">>,
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@ -36,8 +36,8 @@ init_per_suite(Config) ->
    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
    meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    Rules = [#{ <<"config">> => #{
                    <<"server">> => <<"127.0.0.1:27017">>,
                    <<"pool_size">> => 1,
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@ -36,8 +36,8 @@ init_per_suite(Config) ->
    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
    meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    Rules = [#{ <<"config">> => #{
                    <<"server">> => <<"127.0.0.1:27017">>,
                    <<"pool_size">> => 1,
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@ -36,8 +36,8 @@ init_per_suite(Config) ->
    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
    meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
    ok = emqx_ct_helpers:start_apps([emqx_authz]),
-    ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
+    ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
-    ok = emqx_config:update_config([zones, default, acl, enable], true),
+    ok = emqx_config:update_config([zones, default, authorization, enable], true),
    Rules = [#{ <<"config">> => #{
                    <<"server">> => <<"127.0.0.1:27017">>,
                    <<"pool_size">> => 1,
--- a/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
+++ b/apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
@ -456,7 +456,7 @@ parse_topic_filters(TopicFilters) ->
    lists:map(fun emqx_topic:parse/1, TopicFilters).
 is_acl_enabled(#{zone := Zone, listener := Listener, is_superuser := IsSuperuser}) ->
-    (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [acl, enable]).
+    (not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [authorization, enable]).
 %%--------------------------------------------------------------------
 %% Ensure & Hooks