feat: support bootstrap_file on build-in-db authn
This commit is contained in:
zhongwencool
parent
d8963c836e
commit
5265c3cc1f
|
|
@ -1,7 +1,7 @@
|
|||
%% -*- mode: erlang -*-
|
||||
{application, emqx_auth_mnesia, [
|
||||
{description, "EMQX Buitl-in Database Authentication and Authorization"},
|
||||
{vsn, "0.1.5"},
|
||||
{vsn, "0.1.6"},
|
||||
{registered, []},
|
||||
{mod, {emqx_auth_mnesia_app, []}},
|
||||
{applications, [
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ create(
|
|||
user_id_type := Type,
|
||||
password_hash_algorithm := Algorithm,
|
||||
user_group := UserGroup
|
||||
}
|
||||
} = Config
|
||||
) ->
|
||||
ok = emqx_authn_password_hashing:init(Algorithm),
|
||||
State = #{
|
||||
|
|
@ -124,6 +124,7 @@ create(
|
|||
user_id_type => Type,
|
||||
password_hash_algorithm => Algorithm
|
||||
},
|
||||
ok = boostrap_user_from_file(Config, State),
|
||||
{ok, State}.
|
||||
|
||||
update(Config, _State) ->
|
||||
|
|
@ -537,3 +538,24 @@ find_password_hash(_, _, _) ->
|
|||
is_superuser(#{<<"is_superuser">> := <<"true">>}) -> true;
|
||||
is_superuser(#{<<"is_superuser">> := true}) -> true;
|
||||
is_superuser(_) -> false.
|
||||
|
||||
boostrap_user_from_file(Config, State) ->
|
||||
case maps:get(boostrap_file, Config, <<>>) of
|
||||
<<>> ->
|
||||
ok;
|
||||
FileName ->
|
||||
#{boostrap_type := Type} = Config,
|
||||
case file:read_file(FileName) of
|
||||
{ok, FileData} ->
|
||||
%% if there is a key conflict, override with the key which from the bootstrap file
|
||||
_ = import_users({Type, FileName, FileData}, State),
|
||||
ok;
|
||||
{error, Reason} ->
|
||||
?SLOG(warning, #{
|
||||
msg => "boostrap_authn(built_in_database)_failed",
|
||||
boostrap_file => FileName,
|
||||
boostrap_type => Type,
|
||||
reason => Reason
|
||||
})
|
||||
end
|
||||
end.
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ select_union_member(_Kind, _Value) ->
|
|||
fields(builtin_db) ->
|
||||
[
|
||||
{password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
|
||||
] ++ common_fields();
|
||||
] ++ common_fields() ++ bootstrap_fields();
|
||||
fields(builtin_db_api) ->
|
||||
[
|
||||
{password_hash_algorithm, fun emqx_authn_password_hashing:type_rw_api/1}
|
||||
|
|
@ -69,3 +69,24 @@ common_fields() ->
|
|||
{backend, emqx_authn_schema:backend(?AUTHN_BACKEND)},
|
||||
{user_id_type, fun user_id_type/1}
|
||||
] ++ emqx_authn_schema:common_fields().
|
||||
|
||||
bootstrap_fields() ->
|
||||
[
|
||||
{bootstrap_file,
|
||||
?HOCON(
|
||||
binary(),
|
||||
#{
|
||||
desc => ?DESC(bootstrap_file),
|
||||
required => false,
|
||||
default => <<>>
|
||||
}
|
||||
)},
|
||||
{bootstrap_type,
|
||||
?HOCON(
|
||||
?ENUM([hash, plain]), #{
|
||||
desc => ?DESC(bootstrap_type),
|
||||
required => false,
|
||||
default => <<"plain">>
|
||||
}
|
||||
)}
|
||||
].
|
||||
|
|
|
|||
|
|
@ -54,7 +54,74 @@ t_create(_) ->
|
|||
{ok, _} = emqx_authn_mnesia:create(?AUTHN_ID, Config0),
|
||||
|
||||
Config1 = Config0#{password_hash_algorithm => #{name => sha256}},
|
||||
{ok, _} = emqx_authn_mnesia:create(?AUTHN_ID, Config1).
|
||||
{ok, _} = emqx_authn_mnesia:create(?AUTHN_ID, Config1),
|
||||
ok.
|
||||
t_bootstrap_file(_) ->
|
||||
Config = config(),
|
||||
%% hash to hash
|
||||
HashConfig = Config#{password_hash_algorithm => #{name => sha256, salt_position => suffix}},
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser1">>}, _, _, true},
|
||||
{user_info, {_, <<"myuser2">>}, _, _, false}
|
||||
],
|
||||
test_bootstrap_file(HashConfig, hash, <<"user-credentials.json">>)
|
||||
),
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser3">>}, _, _, true},
|
||||
{user_info, {_, <<"myuser4">>}, _, _, false}
|
||||
],
|
||||
test_bootstrap_file(HashConfig, hash, <<"user-credentials.csv">>)
|
||||
),
|
||||
|
||||
%% plain to plain
|
||||
PlainConfig = Config#{
|
||||
password_hash_algorithm =>
|
||||
#{name => plain, salt_position => disable}
|
||||
},
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser1">>}, <<"password1">>, _, true},
|
||||
{user_info, {_, <<"myuser2">>}, <<"password2">>, _, false}
|
||||
],
|
||||
test_bootstrap_file(PlainConfig, plain, <<"user-credentials-plain.json">>)
|
||||
),
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser3">>}, <<"password3">>, _, true},
|
||||
{user_info, {_, <<"myuser4">>}, <<"password4">>, _, false}
|
||||
],
|
||||
test_bootstrap_file(PlainConfig, plain, <<"user-credentials-plain.csv">>)
|
||||
),
|
||||
%% plain to hash
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser1">>}, _, _, true},
|
||||
{user_info, {_, <<"myuser2">>}, _, _, false}
|
||||
],
|
||||
test_bootstrap_file(HashConfig, plain, <<"user-credentials-plain.json">>)
|
||||
),
|
||||
?assertMatch(
|
||||
[
|
||||
{user_info, {_, <<"myuser3">>}, _, _, true},
|
||||
{user_info, {_, <<"myuser4">>}, _, _, false}
|
||||
],
|
||||
test_bootstrap_file(HashConfig, plain, <<"user-credentials-plain.csv">>)
|
||||
),
|
||||
ok.
|
||||
|
||||
test_bootstrap_file(Config0, Type, File) ->
|
||||
{Type, Filename, _FileData} = sample_filename_and_data(Type, File),
|
||||
Config2 = Config0#{
|
||||
boostrap_file => Filename,
|
||||
boostrap_type => Type
|
||||
},
|
||||
{ok, State0} = emqx_authn_mnesia:create(?AUTHN_ID, Config2),
|
||||
Result = ets:tab2list(emqx_authn_mnesia),
|
||||
ok = emqx_authn_mnesia:destroy(State0),
|
||||
?assertMatch([], ets:tab2list(emqx_authn_mnesia)),
|
||||
Result.
|
||||
|
||||
t_update(_) ->
|
||||
Config0 = config(),
|
||||
|
|
|
|||
|
|
@ -9,4 +9,14 @@ user_id_type.desc:
|
|||
user_id_type.label:
|
||||
"""Authentication ID Type"""
|
||||
|
||||
bootstrap_file.desc:
|
||||
"""The bootstrap file imports users into the built-in database."""
|
||||
|
||||
bootstrap_file.label:
|
||||
"""Bootstrap File Path"""
|
||||
|
||||
bootstrap_type.desc:
|
||||
"""plain: bootstrap_file.cvs should be `user_id,password,is_superuser`.
|
||||
hash: bootstrap_file.cvs should be `user_id,password_hash,salt,is_superuser`"""
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue