yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(config): rename acl to authorize in emqx.conf 

Signed-off-by: zhanghongtong <rory-z@outlook.com>
This commit is contained in:
zhanghongtong 2021-07-23 17:10:39 +08:00 committed by turtleDeng
parent f278d170a7
commit 4b50bfb4c2
14 changed files with 41 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apps/emqx/etc/emqx.conf
View File

@ -813,7 +813,7 @@ broker {
## - `auth.*`
## - `stats.*`
## - `mqtt.*`
## - `acl.*`
## - `authorization.*`
## - `flapping_detect.*`
## - `force_shutdown.*`
## - `conn_congestion.*`
@ -1095,18 +1095,18 @@ zones.default {
}
acl {
authorization {
## Enable ACL check.
##
## @doc zones.<name>.acl.enable
## @doc zones.<name>.authorization.enable
## ValueType: Boolean
## Default: false
enable: false
## Default: true
enable: true
## The action when acl check reject current operation
## The action when authorization check reject current operation
##
## @doc zones.<name>.acl.deny_action
## @doc zones.<name>.authorization.deny_action
## ValueType: ignore | disconnect
## Default: ignore
deny_action: ignore
@ -1115,14 +1115,14 @@ zones.default {
##
## If enabled, ACLs roles for each client will be cached in the memory
##
## @doc zones.<name>.acl.cache.enable
## @doc zones.<name>.authorization.cache.enable
## ValueType: Boolean
## Default: true
cache.enable: true
## The maximum count of ACL entries can be cached for a client.
##
## @doc zones.<name>.acl.cache.max_size
## @doc zones.<name>.authorization.cache.max_size
## ValueType: Integer
## Range: [0, 1048576]
## Default: 32
@ -1130,7 +1130,7 @@ zones.default {
## The time after which an ACL cache entry will be deleted
##
## @doc zones.<name>.acl.cache.ttl
## @doc zones.<name>.authorization.cache.ttl
## ValueType: Duration
## Default: 1m
cache.ttl: 1m
@ -1857,7 +1857,7 @@ zones.default {
#This is an example zone which has less "strict" settings.
#It's useful to clients connecting the broker from trusted networks.
zones.internal {
acl.enable: false
authorization.enable: true
auth.enable: false
listeners.mqtt_internal: {
type: tcp

6
apps/emqx/src/emqx_acl_cache.erl
View File

@ -52,15 +52,15 @@ drain_k() -> {?MODULE, drain_timestamp}.
-spec(is_enabled(atom()) -> boolean()).
is_enabled(Zone) ->
emqx_config:get_zone_conf(Zone, [acl, cache, enable]).
emqx_config:get_zone_conf(Zone, [authorization, cache, enable]).
-spec(get_cache_max_size(atom()) -> integer()).
get_cache_max_size(Zone) ->
emqx_config:get_zone_conf(Zone, [acl, cache, max_size]).
emqx_config:get_zone_conf(Zone, [authorization, cache, max_size]).
-spec(get_cache_ttl(atom()) -> integer()).
get_cache_ttl(Zone) ->
emqx_config:get_zone_conf(Zone, [acl, cache, ttl]).
emqx_config:get_zone_conf(Zone, [authorization, cache, ttl]).
-spec(list_acl_cache(atom()) -> [acl_cache_entry()]).
list_acl_cache(Zone) ->

6
apps/emqx/src/emqx_channel.erl
View File

@ -435,7 +435,7 @@ handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters),
HasAclDeny = lists:any(fun({_TopicFilter, ReasonCode}) ->
ReasonCode =:= ?RC_NOT_AUTHORIZED
end, TupleTopicFilters0),
DenyAction = emqx_config:get_zone_conf(Zone, [acl, deny_action]),
DenyAction = emqx_config:get_zone_conf(Zone, [authorization, deny_action]),
case DenyAction =:= disconnect andalso HasAclDeny of
true -> handle_out(disconnect, ?RC_NOT_AUTHORIZED, Channel);
false ->
@ -551,7 +551,7 @@ process_publish(Packet = ?PUBLISH_PACKET(QoS, Topic, PacketId),
{error, Rc = ?RC_NOT_AUTHORIZED, NChannel} ->
?LOG(warning, "Cannot publish message to ~s due to ~s.",
[Topic, emqx_reason_codes:text(Rc)]),
case emqx_config:get_zone_conf(Zone, [acl_deny_action]) of
case emqx_config:get_zone_conf(Zone, [authorization, deny_action]) of
ignore ->
case QoS of
?QOS_0 -> {ok, NChannel};
@ -1622,7 +1622,7 @@ maybe_shutdown(Reason, Channel = #channel{conninfo = ConnInfo}) ->
%%--------------------------------------------------------------------
%% Is ACL enabled?
is_acl_enabled(#{zone := Zone, is_superuser := IsSuperuser}) ->
(not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [acl, enable]).
(not IsSuperuser) andalso emqx_config:get_zone_conf(Zone, [authorization, enable]).
%%--------------------------------------------------------------------
%% Parse Topic Filters

10
apps/emqx/src/emqx_schema.erl
View File

@ -257,13 +257,13 @@ fields("auth") ->
[ {"enable", t(boolean(), undefined, false)}
];
fields("acl") ->
[ {"enable", t(boolean(), undefined, false)}
, {"cache", ref("acl_cache")}
fields("authorization") ->
[ {"enable", t(boolean(), undefined, true)}
, {"cache", ref("authorization_cache")}
, {"deny_action", t(union(ignore, disconnect), undefined, ignore)}
];
fields("acl_cache") ->
fields("authorization_cache") ->
[ {"enable", t(boolean(), undefined, true)}
, {"max_size", t(range(1, 1048576), undefined, 32)}
, {"ttl", t(duration(), undefined, "1m")}
@ -306,7 +306,7 @@ fields("zones") ->
fields("zone_settings") ->
[ {"mqtt", ref("mqtt")}
, {"acl", ref("acl")}
, {"authorization", ref("authorization")}
, {"auth", ref("auth")}
, {"stats", ref("stats")}
, {"flapping_detect", ref("flapping_detect")}

2
apps/emqx/test/emqx_acl_cache_SUITE.erl
View File

@ -80,4 +80,4 @@ t_drain_acl_cache(_) ->
emqtt:stop(Client).
toggle_acl(Bool) when is_boolean(Bool) ->
emqx_config:put_zone_conf(default, [acl, enable], Bool).
emqx_config:put_zone_conf(default, [authorization, enable], Bool).

6
apps/emqx/test/emqx_channel_SUITE.erl
View File

@ -140,7 +140,7 @@ listener_mqtt_ws_conf() ->
default_zone_conf() ->
#{zones =>
#{default =>
#{ acl => #{
#{ authorization => #{
cache => #{enable => true,max_size => 32, ttl => 60000},
deny_action => ignore,
enable => false
@ -863,7 +863,7 @@ t_packing_alias(_) ->
channel())).
t_check_pub_acl(_) ->
emqx_config:put_zone_conf(default, [acl, enable], true),
emqx_config:put_zone_conf(default, [authorization, enable], true),
Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
ok = emqx_channel:check_pub_acl(Publish, channel()).
@ -873,7 +873,7 @@ t_check_pub_alias(_) ->
ok = emqx_channel:check_pub_alias(#mqtt_packet{variable = Publish}, Channel).
t_check_sub_acls(_) ->
emqx_config:put_zone_conf(default, [acl, enable], true),
emqx_config:put_zone_conf(default, [authorization, enable], true),
TopicFilter = {<<"t">>, ?DEFAULT_SUBOPTS},
[{TopicFilter, 0}] = emqx_channel:check_sub_acls([TopicFilter], channel()).

6
apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
View File

@ -217,14 +217,12 @@ t_connect_will_message(Config) ->
ok = emqtt:disconnect(Client4).
t_batch_subscribe(init, Config) ->
emqx_config:put_zone_conf(default, [acl, enable], true),
emqx_config:put_zone_conf(default, [acl, enable], true),
emqx_config:put_zone_conf(default, [authorization, enable], true),
ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
Config;
t_batch_subscribe('end', _Config) ->
emqx_config:put_zone_conf(default, [acl, enable], false),
emqx_config:put_zone_conf(default, [acl, enable], false),
emqx_config:put_zone_conf(default, [authorization, enable], false),
meck:unload(emqx_access_control).
t_batch_subscribe(Config) ->

4
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -30,8 +30,8 @@ groups() ->
init_per_suite(Config) ->
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
emqx_authz:update(replace, []),
Config.

4
apps/emqx_authz/test/emqx_authz_http_SUITE.erl
View File

@ -36,8 +36,8 @@ init_per_suite(Config) ->
meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
Rules = [#{ <<"config">> => #{
<<"url">> => <<"https://fake.com:443/">>,
<<"headers">> => #{},

4
apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
View File

@ -38,8 +38,8 @@ init_per_suite(Config) ->
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ct:pal("---- emqx_hooks: ~p", [ets:tab2list(emqx_hooks)]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
Rules = [#{ <<"config">> => #{
<<"mongo_type">> => <<"single">>,
<<"server">> => <<"127.0.0.1:27017">>,

4
apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
View File

@ -36,8 +36,8 @@ init_per_suite(Config) ->
meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,

4
apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
View File

@ -36,8 +36,8 @@ init_per_suite(Config) ->
meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,

4
apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
View File

@ -36,8 +36,8 @@ init_per_suite(Config) ->
meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
meck:expect(emqx_resource, create, fun(_, _, _) -> {ok, meck_data} end ),
ok = emqx_ct_helpers:start_apps([emqx_authz]),
ok = emqx_config:update_config([zones, default, acl, cache, enable], false),
ok = emqx_config:update_config([zones, default, acl, enable], true),
ok = emqx_config:update_config([zones, default, authorization, cache, enable], false),
ok = emqx_config:update_config([zones, default, authorization, enable], true),
Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1,

2
apps/emqx_gateway/src/exproto/emqx_exproto_channel.erl
View File

@ -456,7 +456,7 @@ parse_topic_filters(TopicFilters) ->
lists:map(fun emqx_topic:parse/1, TopicFilters).
is_acl_enabled(#{zone := Zone, listener := Listener, is_superuser := IsSuperuser}) ->
(not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [acl, enable]).
(not IsSuperuser) andalso emqx_config:get_listener_conf(Zone, Listener, [authorization, enable]).
%%--------------------------------------------------------------------
%% Ensure & Hooks