chore(acl): delete acl nomatch config item

2021-06-28 15:08:33 +08:00 · 2021-06-28 15:08:33 +08:00 · 64ce0d0e4f
parent faad90c9d4
commit 64ce0d0e4f
6 changed files with 13 additions and 21 deletions
--- a/apps/emqx/src/emqx_access_control.erl
+++ b/apps/emqx/src/emqx_access_control.erl
@ -59,9 +59,8 @@ check_acl_cache(ClientInfo, PubSub, Topic) ->
        AclResult -> AclResult
    end.

-do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) ->
-    Default = emqx_zone:get_env(Zone, acl_nomatch, deny),
-    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of
+do_check_acl(ClientInfo, PubSub, Topic) ->
+    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], allow) of
        allow  -> allow;
        _Other -> deny
    end.
--- a/apps/emqx/test/emqx_access_control_SUITE.erl
+++ b/apps/emqx/test/emqx_access_control_SUITE.erl
@ -39,13 +39,6 @@ t_authenticate(_) ->
    ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).

 t_check_acl(_) ->
-    emqx_zone:set_env(zone, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
-    ?assertEqual(deny, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)),
-
-    emqx_zone:set_env(zone, acl_nomatch, allow),
-    application:set_env(emqx, enable_acl_cache, true),
    Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
    ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).

--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@ -197,8 +197,8 @@ t_connect_will_message(_) ->
 t_batch_subscribe(_) ->
    {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
    {ok, _} = emqtt:connect(Client),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
+    ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end),
    {ok, _, [?RC_NOT_AUTHORIZED,
             ?RC_NOT_AUTHORIZED,
             ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
@ -209,7 +209,7 @@ t_batch_subscribe(_) ->
             ?RC_NO_SUBSCRIPTION_EXISTED]} = emqtt:unsubscribe(Client, [<<"t1">>,
                                                                        <<"t2">>,
                                                                        <<"t3">>]),
-    application:set_env(emqx, acl_nomatch, allow),
+    meck:unload(emqx_access_control),
    emqtt:disconnect(Client).

 t_connect_will_retain(_) ->
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@ -150,22 +150,22 @@ b2l(B) when is_binary(B) -> binary_to_list(B).

 %% @doc Check ACL
 -spec(check_authz(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
-      -> {ok, allow} | {ok, deny} | deny).
+      -> {stop, allow} | {ok, deny}).
 check_authz(#{username := Username,
              peerhost := IpAddress
-             } = Client, PubSub, Topic, DefaultResult, Rules) ->
+             } = Client, PubSub, Topic, _DefaultResult, Rules) ->
    case do_check_authz(Client, PubSub, Topic, Rules) of
        {matched, allow} ->
-            ?LOG(info, "Client succeeded authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
            emqx_metrics:inc(?ACL_METRICS(allow)),
            {stop, allow};
        {matched, deny} ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
            emqx_metrics:inc(?ACL_METRICS(deny)),
            {stop, deny};
        nomatch ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
-            DefaultResult
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
+            {stop, deny}
    end.

 do_check_authz(Client, PubSub, Topic,
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@ -39,7 +39,6 @@ end_per_suite(_Config) ->
 set_special_configs(emqx) ->
    application:set_env(emqx, allow_anonymous, true),
    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
    ok;
 set_special_configs(emqx_authz) ->
    application:set_env(emqx, plugins_etc_dir,
@ -145,7 +144,7 @@ t_authz(_) ->
    Rules3 = [emqx_authz:compile(Rule) || Rule <- [?RULE3, ?RULE4]],
    Rules4 = [emqx_authz:compile(Rule) || Rule <- [?RULE4, ?RULE1]],

-    ?assertEqual(deny,
+    ?assertEqual({stop, deny},
        emqx_authz:check_authz(ClientInfo1, subscribe, <<"#">>, deny, [])),
    ?assertEqual({stop, deny},
        emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@ -289,6 +289,7 @@ t_acl(Config) ->
        ok
    end,

+    ok = emqx_hooks:del('client.check_acl', {emqx_authz, check_authz}),
    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
    application:set_env(emqx, plugins_etc_dir, OldPath),
    application:stop(emqx_authz).