diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index c24cc0533..889fd6a21 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -83,19 +83,22 @@ find_action_in_hooks() -> [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ], Action. +gen_id(Type) -> + iolist_to_binary([io_lib:format("~s_~s",[?APP, Type]), "_", integer_to_list(erlang:system_time())]). + create_resource(#{type := DB, config := Config } = Rule) -> - ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]), + ResourceID = gen_id(DB), case emqx_resource:create( ResourceID, list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])), Config) of {ok, _} -> - Rule#{resource_id => ResourceID}; + Rule#{id => ResourceID}; {error, already_created} -> - Rule#{resource_id => ResourceID}; + Rule#{id => ResourceID}; {error, Reason} -> error({load_config_error, Reason}) end. @@ -108,7 +111,8 @@ init_rule(#{topics := Topics, } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) -> NTopics = [compile_topic(Topic) || Topic <- Topics], Rule#{principal => compile_principal(Principal), - topics => NTopics + topics => NTopics, + id => gen_id(simple) }; init_rule(#{principal := Principal, @@ -199,7 +203,8 @@ authorize(#{username := Username, do_authorize(Client, PubSub, Topic, [Connector = #{principal := Principal, - type := DB} | Tail] ) -> + type := DB, + enable := true} | Tail] ) -> case match_principal(Client, Principal) of true -> Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])), diff --git a/apps/emqx_authz/src/emqx_authz_http.erl b/apps/emqx_authz/src/emqx_authz_http.erl index 7bb52d162..a058fda21 100644 --- a/apps/emqx_authz/src/emqx_authz_http.erl +++ b/apps/emqx_authz/src/emqx_authz_http.erl @@ -34,7 +34,7 @@ description() -> "AuthZ with http". authorize(Client, PubSub, Topic, - #{resource_id := ResourceID, + #{id := ResourceID, type := http, config := #{url := #{path := Path} = Url, headers := Headers, diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl index c615582d4..4407b9784 100644 --- a/apps/emqx_authz/src/emqx_authz_mongo.erl +++ b/apps/emqx_authz/src/emqx_authz_mongo.erl @@ -34,7 +34,7 @@ description() -> "AuthZ with Mongo". authorize(Client, PubSub, Topic, - #{resource_id := ResourceID, + #{id := ResourceID, collection := Collection, find := Find }) -> diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl index 980e9d5c6..9972ca2a4 100644 --- a/apps/emqx_authz/src/emqx_authz_mysql.erl +++ b/apps/emqx_authz/src/emqx_authz_mysql.erl @@ -46,7 +46,7 @@ parse_query(Sql) -> end. authorize(Client, PubSub, Topic, - #{resource_id := ResourceID, + #{id := ResourceID, sql := {SQL, Params} }) -> case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl index 607ba3afa..b55904f95 100644 --- a/apps/emqx_authz/src/emqx_authz_pgsql.erl +++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl @@ -50,7 +50,7 @@ parse_query(Sql) -> end. authorize(Client, PubSub, Topic, - #{resource_id := ResourceID, + #{id := ResourceID, sql := {SQL, Params} }) -> case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl index 43e06dd13..869ebb1eb 100644 --- a/apps/emqx_authz/src/emqx_authz_redis.erl +++ b/apps/emqx_authz/src/emqx_authz_redis.erl @@ -34,7 +34,7 @@ description() -> "AuthZ with redis". authorize(Client, PubSub, Topic, - #{resource_id := ResourceID, + #{id := ResourceID, cmd := CMD }) -> NCMD = string:tokens(replvar(CMD, Client), " "), diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 94a312c9e..5c10d22ee 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -74,17 +74,19 @@ end_per_suite(_Config) -> %% Testcases %%------------------------------------------------------------------------------ t_init_rule(_) -> - ?assertEqual(#{permission => deny, - action => all, - principal => all, - topics => [['#']] + ?assertMatch(#{permission := deny, + action := all, + principal := all, + topics := [['#']], + id := _ID }, emqx_authz:init_rule(?RULE1)), - ?assertEqual(#{permission => allow, - action => all, - principal => - #{ipaddress => {{127,0,0,1},{127,0,0,1},32}}, - topics => [#{eq => ['#']}, - #{eq => ['+']}] + ?assertMatch(#{permission := allow, + action := all, + principal := + #{ipaddress := {{127,0,0,1},{127,0,0,1},32}}, + topics := [#{eq := ['#']}, + #{eq := ['+']}], + id := _ID }, emqx_authz:init_rule(?RULE2)), ?assertMatch( #{permission := allow, @@ -94,7 +96,8 @@ t_init_rule(_) -> #{clientid := {re_pattern, _, _, _, _}} ] }, - topics := [[<<"test">>]] + topics := [[<<"test">>]], + id := _ID }, emqx_authz:init_rule(?RULE3)), ?assertMatch( #{permission := deny, @@ -106,7 +109,8 @@ t_init_rule(_) -> }, topics := [#{pattern := [<<"%u">>]}, #{pattern := [<<"%c">>]} - ] + ], + id := _ID }, emqx_authz:init_rule(?RULE4)), ok.