feat(authz): add id for every rule

apps/emqx_authz/src/emqx_authz.erl

@@ -83,19 +83,22 @@ find_action_in_hooks() ->
     [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
     Action.
 
+gen_id(Type) ->
+    iolist_to_binary([io_lib:format("~s_~s",[?APP, Type]), "_", integer_to_list(erlang:system_time())]).
+
 create_resource(#{type := DB,
                   config := Config
                  } = Rule) ->
-    ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
+    ResourceID = gen_id(DB),
     case emqx_resource:create(
             ResourceID,
             list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])),
             Config)
     of
         {ok, _} ->
-            Rule#{resource_id => ResourceID};
+            Rule#{id => ResourceID};
         {error, already_created} ->
-            Rule#{resource_id => ResourceID};
+            Rule#{id => ResourceID};
         {error, Reason} ->
             error({load_config_error, Reason})
     end.
@@ -108,7 +111,8 @@ init_rule(#{topics := Topics,
          } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) ->
     NTopics = [compile_topic(Topic) || Topic <- Topics],
     Rule#{principal => compile_principal(Principal),
-          topics => NTopics
+          topics => NTopics,
+          id => gen_id(simple)
          };
 
 init_rule(#{principal := Principal,
@@ -199,7 +203,8 @@ authorize(#{username := Username,
 
 do_authorize(Client, PubSub, Topic,
                [Connector = #{principal := Principal,
-                              type := DB} | Tail] ) ->
+                              type := DB,
+                              enable := true} | Tail] ) ->
     case match_principal(Client, Principal) of
         true ->
             Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])),

apps/emqx_authz/src/emqx_authz_http.erl

@@ -34,7 +34,7 @@ description() ->
     "AuthZ with http".
 
 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
               type := http,
               config := #{url := #{path := Path} = Url,
                           headers := Headers,

apps/emqx_authz/src/emqx_authz_mongo.erl

@@ -34,7 +34,7 @@ description() ->
     "AuthZ with Mongo".
 
 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
               collection := Collection,
               find := Find
              }) ->

apps/emqx_authz/src/emqx_authz_mysql.erl

@@ -46,7 +46,7 @@ parse_query(Sql) ->
     end.
 
 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
               sql := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of

apps/emqx_authz/src/emqx_authz_pgsql.erl

@@ -50,7 +50,7 @@ parse_query(Sql) ->
     end.
 
 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
               sql := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of

apps/emqx_authz/src/emqx_authz_redis.erl

@@ -34,7 +34,7 @@ description() ->
     "AuthZ with redis".
 
 authorize(Client, PubSub, Topic,
-            #{resource_id := ResourceID,
+            #{id := ResourceID,
               cmd := CMD
              }) ->
     NCMD = string:tokens(replvar(CMD, Client), " "),

apps/emqx_authz/test/emqx_authz_SUITE.erl

@@ -74,17 +74,19 @@ end_per_suite(_Config) ->
 %% Testcases
 %%------------------------------------------------------------------------------
 t_init_rule(_) ->
-    ?assertEqual(#{permission => deny,
+    ?assertMatch(#{permission := deny,
-                   action => all,
+                   action := all,
-                   principal => all,
+                   principal := all,
-                   topics => [['#']]
+                   topics := [['#']],
+                   id := _ID
                   }, emqx_authz:init_rule(?RULE1)),
-    ?assertEqual(#{permission => allow,
+    ?assertMatch(#{permission := allow,
-                   action => all,
+                   action := all,
-                   principal =>
+                   principal :=
-                        #{ipaddress => {{127,0,0,1},{127,0,0,1},32}},
+                        #{ipaddress := {{127,0,0,1},{127,0,0,1},32}},
-                   topics => [#{eq => ['#']},
+                   topics := [#{eq := ['#']},
-                              #{eq => ['+']}]
+                              #{eq := ['+']}],
+                   id := _ID
                   }, emqx_authz:init_rule(?RULE2)),
     ?assertMatch(
        #{permission := allow,
@@ -94,7 +96,8 @@ t_init_rule(_) ->
                             #{clientid := {re_pattern, _, _, _, _}}
                            ]
                  },
-         topics := [[<<"test">>]]
+         topics := [[<<"test">>]],
+         id := _ID
         }, emqx_authz:init_rule(?RULE3)),
     ?assertMatch(
        #{permission := deny,
@@ -106,7 +109,8 @@ t_init_rule(_) ->
                  },
          topics := [#{pattern := [<<"%u">>]},
                     #{pattern := [<<"%c">>]}
-                   ]
+                   ],
+         id := _ID
         }, emqx_authz:init_rule(?RULE4)),
     ok.