feat(authz): add id for every rule

2021-07-27 11:19:11 +08:00 · 2021-07-27 11:19:11 +08:00 · 8ba0890ce5
parent 4dea41f8a2
commit 8ba0890ce5
7 changed files with 31 additions and 22 deletions
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@ -83,19 +83,22 @@ find_action_in_hooks() ->
    [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
    Action.

+gen_id(Type) ->
+    iolist_to_binary([io_lib:format("~s_~s",[?APP, Type]), "_", integer_to_list(erlang:system_time())]).
+
 create_resource(#{type := DB,
                  config := Config
                 } = Rule) ->
-    ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
+    ResourceID = gen_id(DB),
    case emqx_resource:create(
            ResourceID,
            list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])),
            Config)
    of
        {ok, _} ->
-            Rule#{resource_id => ResourceID};
+            Rule#{id => ResourceID};
        {error, already_created} ->
-            Rule#{resource_id => ResourceID};
+            Rule#{id => ResourceID};
        {error, Reason} ->
            error({load_config_error, Reason})
    end.
@ -108,7 +111,8 @@ init_rule(#{topics := Topics,
         } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) ->
    NTopics = [compile_topic(Topic) || Topic <- Topics],
    Rule#{principal => compile_principal(Principal),
-          topics => NTopics
+          topics => NTopics,
+          id => gen_id(simple)
         };

 init_rule(#{principal := Principal,
@ -199,7 +203,8 @@ authorize(#{username := Username,

 do_authorize(Client, PubSub, Topic,
               [Connector = #{principal := Principal,
-                              type := DB} | Tail] ) ->
+                              type := DB,
+                              enable := true} | Tail] ) ->
    case match_principal(Client, Principal) of
        true ->
            Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])),
--- a/apps/emqx_authz/src/emqx_authz_http.erl
+++ b/apps/emqx_authz/src/emqx_authz_http.erl
@ -34,7 +34,7 @@ description() ->
    "AuthZ with http".

 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
              type := http,
              config := #{url := #{path := Path} = Url,
                          headers := Headers,
--- a/apps/emqx_authz/src/emqx_authz_mongo.erl
+++ b/apps/emqx_authz/src/emqx_authz_mongo.erl
@ -34,7 +34,7 @@ description() ->
    "AuthZ with Mongo".

 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
              collection := Collection,
              find := Find
             }) ->
--- a/apps/emqx_authz/src/emqx_authz_mysql.erl
+++ b/apps/emqx_authz/src/emqx_authz_mysql.erl
@ -46,7 +46,7 @@ parse_query(Sql) ->
    end.

 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
              sql := {SQL, Params}
             }) ->
    case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
--- a/apps/emqx_authz/src/emqx_authz_pgsql.erl
+++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl
@ -50,7 +50,7 @@ parse_query(Sql) ->
    end.

 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
              sql := {SQL, Params}
             }) ->
    case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
--- a/apps/emqx_authz/src/emqx_authz_redis.erl
+++ b/apps/emqx_authz/src/emqx_authz_redis.erl
@ -34,7 +34,7 @@ description() ->
    "AuthZ with redis".

 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
              cmd := CMD
             }) ->
    NCMD = string:tokens(replvar(CMD, Client), " "),
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@ -74,17 +74,19 @@ end_per_suite(_Config) ->
 %% Testcases
 %%------------------------------------------------------------------------------
 t_init_rule(_) ->
-    ?assertEqual(#{permission => deny,
-                   action => all,
-                   principal => all,
-                   topics => [['#']]
+    ?assertMatch(#{permission := deny,
+                   action := all,
+                   principal := all,
+                   topics := [['#']],
+                   id := _ID
                  }, emqx_authz:init_rule(?RULE1)),
-    ?assertEqual(#{permission => allow,
-                   action => all,
-                   principal =>
-                        #{ipaddress => {{127,0,0,1},{127,0,0,1},32}},
-                   topics => [#{eq => ['#']},
-                              #{eq => ['+']}]
+    ?assertMatch(#{permission := allow,
+                   action := all,
+                   principal :=
+                        #{ipaddress := {{127,0,0,1},{127,0,0,1},32}},
+                   topics := [#{eq := ['#']},
+                              #{eq := ['+']}],
+                   id := _ID
                  }, emqx_authz:init_rule(?RULE2)),
    ?assertMatch(
       #{permission := allow,
@ -94,7 +96,8 @@ t_init_rule(_) ->
                            #{clientid := {re_pattern, _, _, _, _}}
                           ]
                 },
-         topics := [[<<"test">>]]
+         topics := [[<<"test">>]],
+         id := _ID
        }, emqx_authz:init_rule(?RULE3)),
    ?assertMatch(
       #{permission := deny,
@ -106,7 +109,8 @@ t_init_rule(_) ->
                 },
         topics := [#{pattern := [<<"%u">>]},
                    #{pattern := [<<"%c">>]}
-                   ]
+                   ],
+         id := _ID
        }, emqx_authz:init_rule(?RULE4)),
    ok.