From 9b4def885a85e933d27a7ea7edfa07ee7ca15223 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 12 Oct 2023 16:37:32 +0800 Subject: [PATCH 1/3] chore: change the LDAP integration to opensource --- apps/emqx_auth_ldap/src/emqx_authn_ldap.erl | 12 +++ .../src/emqx_authn_ldap_bind.erl | 12 +++ apps/emqx_auth_ldap/src/emqx_authz_ldap.erl | 14 ++- .../test/emqx_authn_ldap_SUITE.erl | 12 +++ .../test/emqx_authn_ldap_bind_SUITE.erl | 12 +++ .../test/emqx_authz_ldap_SUITE.erl | 12 +++ apps/emqx_authn/src/emqx_authn_enterprise.erl | 26 +++++ apps/emqx_authz/src/emqx_authz.app.src | 23 +++++ apps/emqx_authz/src/emqx_authz_enterprise.erl | 60 ++++++++++++ apps/emqx_ldap/BSL.txt | 94 ------------------- apps/emqx_ldap/src/emqx_ldap.erl | 12 +++ apps/emqx_ldap/src/emqx_ldap_bind_worker.erl | 12 +++ apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl | 12 +++ .../emqx_ldap/src/emqx_ldap_filter_parser.yrl | 12 +++ apps/emqx_ldap/test/emqx_ldap_SUITE.erl | 12 +++ .../emqx_ldap/test/emqx_ldap_filter_SUITE.erl | 12 +++ apps/emqx_machine/priv/reboot_lists.eterm | 2 - mix.exs | 2 - rebar.config.erl | 2 - 19 files changed, 254 insertions(+), 101 deletions(-) create mode 100644 apps/emqx_authn/src/emqx_authn_enterprise.erl create mode 100644 apps/emqx_authz/src/emqx_authz.app.src create mode 100644 apps/emqx_authz/src/emqx_authz_enterprise.erl delete mode 100644 apps/emqx_ldap/BSL.txt diff --git a/apps/emqx_auth_ldap/src/emqx_authn_ldap.erl b/apps/emqx_auth_ldap/src/emqx_authn_ldap.erl index 8685faecd..975a7f828 100644 --- a/apps/emqx_auth_ldap/src/emqx_authn_ldap.erl +++ b/apps/emqx_auth_ldap/src/emqx_authn_ldap.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authn_ldap). diff --git a/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl b/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl index 82f8b9443..000d545b9 100644 --- a/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl +++ b/apps/emqx_auth_ldap/src/emqx_authn_ldap_bind.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authn_ldap_bind). diff --git a/apps/emqx_auth_ldap/src/emqx_authz_ldap.erl b/apps/emqx_auth_ldap/src/emqx_authz_ldap.erl index eb12fdd37..84f9d7ed6 100644 --- a/apps/emqx_auth_ldap/src/emqx_authz_ldap.erl +++ b/apps/emqx_auth_ldap/src/emqx_authz_ldap.erl @@ -1,5 +1,5 @@ %%-------------------------------------------------------------------- -%% Copyright (c) 2020-2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -13,6 +13,18 @@ %% See the License for the specific language governing permissions and %% limitations under the License. %%-------------------------------------------------------------------- +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- -module(emqx_authz_ldap). diff --git a/apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl index e75a9a617..63bceee85 100644 --- a/apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl +++ b/apps/emqx_auth_ldap/test/emqx_authn_ldap_SUITE.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authn_ldap_SUITE). diff --git a/apps/emqx_auth_ldap/test/emqx_authn_ldap_bind_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_authn_ldap_bind_SUITE.erl index a796b8e01..1f390264b 100644 --- a/apps/emqx_auth_ldap/test/emqx_authn_ldap_bind_SUITE.erl +++ b/apps/emqx_auth_ldap/test/emqx_authn_ldap_bind_SUITE.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authn_ldap_bind_SUITE). diff --git a/apps/emqx_auth_ldap/test/emqx_authz_ldap_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_authz_ldap_SUITE.erl index 569c0e887..210bb1bc9 100644 --- a/apps/emqx_auth_ldap/test/emqx_authz_ldap_SUITE.erl +++ b/apps/emqx_auth_ldap/test/emqx_authz_ldap_SUITE.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_authz_ldap_SUITE). diff --git a/apps/emqx_authn/src/emqx_authn_enterprise.erl b/apps/emqx_authn/src/emqx_authn_enterprise.erl new file mode 100644 index 000000000..733c7ca00 --- /dev/null +++ b/apps/emqx_authn/src/emqx_authn_enterprise.erl @@ -0,0 +1,26 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%%-------------------------------------------------------------------- + +-module(emqx_authn_enterprise). + +-export([providers/0, resource_provider/0]). + +-if(?EMQX_RELEASE_EDITION == ee). + +providers() -> + [ + {gcp_device, emqx_gcp_device_authn} + ]. + +resource_provider() -> + []. + +-else. + +providers() -> + []. + +resource_provider() -> + []. +-endif. diff --git a/apps/emqx_authz/src/emqx_authz.app.src b/apps/emqx_authz/src/emqx_authz.app.src new file mode 100644 index 000000000..67c0e54f1 --- /dev/null +++ b/apps/emqx_authz/src/emqx_authz.app.src @@ -0,0 +1,23 @@ +%% -*- mode: erlang -*- +{application, emqx_authz, [ + {description, "emqx authorization application"}, + {vsn, "0.1.3"}, + {registered, []}, + {mod, {emqx_authz_app, []}}, + {applications, [ + kernel, + stdlib, + crypto, + emqx_resource, + emqx_connector, + emqx_mongodb, + emqx_redis, + emqx_mysql, + emqx_bridge_http + ]}, + {env, []}, + {modules, []}, + + {licenses, ["Apache 2.0"]}, + {links, []} +]}. diff --git a/apps/emqx_authz/src/emqx_authz_enterprise.erl b/apps/emqx_authz/src/emqx_authz_enterprise.erl new file mode 100644 index 000000000..6f1451108 --- /dev/null +++ b/apps/emqx_authz/src/emqx_authz_enterprise.erl @@ -0,0 +1,60 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%%-------------------------------------------------------------------- +-module(emqx_authz_enterprise). + +-export([ + type_names/0, + fields/1, + is_enterprise_module/1, + authz_sources_types/0, + type/1, + desc/1 +]). + +-dialyzer({nowarn_function, [fields/1, type/1, desc/1]}). + +-if(?EMQX_RELEASE_EDITION == ee). + +%% type name set +type_names() -> + []. + +%% type -> type schema +fields(Any) -> + error({invalid_field, Any}). + +%% type -> type module +is_enterprise_module(_) -> + false. + +%% api sources set +authz_sources_types() -> + []. + +%% atom-able name -> type +type(Unknown) -> throw({unknown_authz_source_type, Unknown}). + +desc(_) -> + undefined. + +-else. + +type_names() -> + []. + +fields(Any) -> + error({invalid_field, Any}). + +is_enterprise_module(_) -> + false. + +authz_sources_types() -> + []. + +%% should never happen if the input is type-checked by hocon schema +type(Unknown) -> throw({unknown_authz_source_type, Unknown}). + +desc(_) -> + undefined. +-endif. diff --git a/apps/emqx_ldap/BSL.txt b/apps/emqx_ldap/BSL.txt deleted file mode 100644 index 0acc0e696..000000000 --- a/apps/emqx_ldap/BSL.txt +++ /dev/null @@ -1,94 +0,0 @@ -Business Source License 1.1 - -Licensor: Hangzhou EMQ Technologies Co., Ltd. -Licensed Work: EMQX Enterprise Edition - The Licensed Work is (c) 2023 - Hangzhou EMQ Technologies Co., Ltd. -Additional Use Grant: Students and educators are granted right to copy, - modify, and create derivative work for research - or education. -Change Date: 2027-02-01 -Change License: Apache License, Version 2.0 - -For information about alternative licensing arrangements for the Software, -please contact Licensor: https://www.emqx.com/en/contact - -Notice - -The Business Source License (this document, or the “License”) is not an Open -Source license. However, the Licensed Work will eventually be made available -under an Open Source License, as stated in this License. - -License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. -“Business Source License” is a trademark of MariaDB Corporation Ab. - ------------------------------------------------------------------------------ - -Business Source License 1.1 - -Terms - -The Licensor hereby grants you the right to copy, modify, create derivative -works, redistribute, and make non-production use of the Licensed Work. The -Licensor may make an Additional Use Grant, above, permitting limited -production use. - -Effective on the Change Date, or the fourth anniversary of the first publicly -available distribution of a specific version of the Licensed Work under this -License, whichever comes first, the Licensor hereby grants you rights under -the terms of the Change License, and the rights granted in the paragraph -above terminate. - -If your use of the Licensed Work does not comply with the requirements -currently in effect as described in this License, you must purchase a -commercial license from the Licensor, its affiliated entities, or authorized -resellers, or you must refrain from using the Licensed Work. - -All copies of the original and modified Licensed Work, and derivative works -of the Licensed Work, are subject to this License. This License applies -separately for each version of the Licensed Work and the Change Date may vary -for each version of the Licensed Work released by Licensor. - -You must conspicuously display this License on each original or modified copy -of the Licensed Work. If you receive the Licensed Work in original or -modified form from a third party, the terms and conditions set forth in this -License apply to your use of that work. - -Any use of the Licensed Work in violation of this License will automatically -terminate your rights under this License for the current and all other -versions of the Licensed Work. - -This License does not grant you any right in any trademark or logo of -Licensor or its affiliates (provided that you may use a trademark or logo of -Licensor as expressly required by this License). - -TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON -AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, -EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND -TITLE. - -MariaDB hereby grants you permission to use this License’s text to license -your works, and to refer to it using the trademark “Business Source License”, -as long as you comply with the Covenants of Licensor below. - -Covenants of Licensor - -In consideration of the right to use this License’s text and the “Business -Source License” name and trademark, Licensor covenants to MariaDB, and to all -other recipients of the licensed work to be provided by Licensor: - -1. To specify as the Change License the GPL Version 2.0 or any later version, - or a license that is compatible with GPL Version 2.0 or a later version, - where “compatible” means that software provided under the Change License can - be included in a program with software provided under GPL Version 2.0 or a - later version. Licensor may specify additional Change Licenses without - limitation. - -2. To either: (a) specify an additional grant of rights to use that does not - impose any additional restriction on the right granted in this License, as - the Additional Use Grant; or (b) insert the text “None”. - -3. To specify a Change Date. - -4. Not to modify this License in any other way. diff --git a/apps/emqx_ldap/src/emqx_ldap.erl b/apps/emqx_ldap/src/emqx_ldap.erl index 94b8992e0..a77a8ecf0 100644 --- a/apps/emqx_ldap/src/emqx_ldap.erl +++ b/apps/emqx_ldap/src/emqx_ldap.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_ldap). diff --git a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl index 1b1bd3ce9..722e79006 100644 --- a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl +++ b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_ldap_bind_worker). diff --git a/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl b/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl index 3b4851fc4..9e5c772ab 100644 --- a/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl +++ b/apps/emqx_ldap/src/emqx_ldap_filter_lexer.xrl @@ -29,6 +29,18 @@ Erlang code. %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- %% eldap does not support neither the '\28value\29' nor '\(value\)' %% so after the tokenization we should remove all escape character diff --git a/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl b/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl index a400132f8..b12ba846e 100644 --- a/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl +++ b/apps/emqx_ldap/src/emqx_ldap_filter_parser.yrl @@ -1,5 +1,17 @@ Header "%%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the \"License\"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an \"AS IS\" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%--------------------------------------------------------------------". Nonterminals diff --git a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl index 79c549c22..e14e0feab 100644 --- a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_ldap_SUITE). diff --git a/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl index e1aacef88..8c08b518c 100644 --- a/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_filter_SUITE.erl @@ -1,5 +1,17 @@ %%-------------------------------------------------------------------- %% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %%-------------------------------------------------------------------- -module(emqx_ldap_filter_SUITE). diff --git a/apps/emqx_machine/priv/reboot_lists.eterm b/apps/emqx_machine/priv/reboot_lists.eterm index 9be3e2f0c..43420d3cf 100644 --- a/apps/emqx_machine/priv/reboot_lists.eterm +++ b/apps/emqx_machine/priv/reboot_lists.eterm @@ -119,8 +119,6 @@ emqx_eviction_agent, emqx_node_rebalance, emqx_ft, - emqx_ldap, - emqx_auth_ldap, emqx_gcp_device, emqx_dashboard_rbac, emqx_dashboard_sso diff --git a/mix.exs b/mix.exs index 07f6b0209..9dfe0e160 100644 --- a/mix.exs +++ b/mix.exs @@ -225,8 +225,6 @@ defmodule EMQXUmbrella.MixProject do :emqx_enterprise, :emqx_bridge_kinesis, :emqx_bridge_azure_event_hub, - :emqx_ldap, - :emqx_auth_ldap, :emqx_gcp_device, :emqx_dashboard_rbac, :emqx_dashboard_sso diff --git a/rebar.config.erl b/rebar.config.erl index 5dad62af6..1c2ba4465 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -107,8 +107,6 @@ is_community_umbrella_app("apps/emqx_schema_registry") -> false; is_community_umbrella_app("apps/emqx_enterprise") -> false; is_community_umbrella_app("apps/emqx_bridge_kinesis") -> false; is_community_umbrella_app("apps/emqx_bridge_azure_event_hub") -> false; -is_community_umbrella_app("apps/emqx_ldap") -> false; -is_community_umbrella_app("apps/emqx_auth_ldap") -> false; is_community_umbrella_app("apps/emqx_gcp_device") -> false; is_community_umbrella_app("apps/emqx_dashboard_rbac") -> false; is_community_umbrella_app("apps/emqx_dashboard_sso") -> false; From 3e658b3da91f4e0bc2f6db4d02805deae0cde27a Mon Sep 17 00:00:00 2001 From: firest Date: Sat, 7 Oct 2023 15:15:46 +0800 Subject: [PATCH 2/3] chore: update changes --- apps/emqx_authn/src/emqx_authn_enterprise.erl | 26 -------- apps/emqx_authz/src/emqx_authz.app.src | 23 ------- apps/emqx_authz/src/emqx_authz_enterprise.erl | 60 ------------------- apps/emqx_machine/priv/reboot_lists.eterm | 2 + changes/ce/feat-11725.en.md | 1 + 5 files changed, 3 insertions(+), 109 deletions(-) delete mode 100644 apps/emqx_authn/src/emqx_authn_enterprise.erl delete mode 100644 apps/emqx_authz/src/emqx_authz.app.src delete mode 100644 apps/emqx_authz/src/emqx_authz_enterprise.erl create mode 100644 changes/ce/feat-11725.en.md diff --git a/apps/emqx_authn/src/emqx_authn_enterprise.erl b/apps/emqx_authn/src/emqx_authn_enterprise.erl deleted file mode 100644 index 733c7ca00..000000000 --- a/apps/emqx_authn/src/emqx_authn_enterprise.erl +++ /dev/null @@ -1,26 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. -%%-------------------------------------------------------------------- - --module(emqx_authn_enterprise). - --export([providers/0, resource_provider/0]). - --if(?EMQX_RELEASE_EDITION == ee). - -providers() -> - [ - {gcp_device, emqx_gcp_device_authn} - ]. - -resource_provider() -> - []. - --else. - -providers() -> - []. - -resource_provider() -> - []. --endif. diff --git a/apps/emqx_authz/src/emqx_authz.app.src b/apps/emqx_authz/src/emqx_authz.app.src deleted file mode 100644 index 67c0e54f1..000000000 --- a/apps/emqx_authz/src/emqx_authz.app.src +++ /dev/null @@ -1,23 +0,0 @@ -%% -*- mode: erlang -*- -{application, emqx_authz, [ - {description, "emqx authorization application"}, - {vsn, "0.1.3"}, - {registered, []}, - {mod, {emqx_authz_app, []}}, - {applications, [ - kernel, - stdlib, - crypto, - emqx_resource, - emqx_connector, - emqx_mongodb, - emqx_redis, - emqx_mysql, - emqx_bridge_http - ]}, - {env, []}, - {modules, []}, - - {licenses, ["Apache 2.0"]}, - {links, []} -]}. diff --git a/apps/emqx_authz/src/emqx_authz_enterprise.erl b/apps/emqx_authz/src/emqx_authz_enterprise.erl deleted file mode 100644 index 6f1451108..000000000 --- a/apps/emqx_authz/src/emqx_authz_enterprise.erl +++ /dev/null @@ -1,60 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved. -%%-------------------------------------------------------------------- --module(emqx_authz_enterprise). - --export([ - type_names/0, - fields/1, - is_enterprise_module/1, - authz_sources_types/0, - type/1, - desc/1 -]). - --dialyzer({nowarn_function, [fields/1, type/1, desc/1]}). - --if(?EMQX_RELEASE_EDITION == ee). - -%% type name set -type_names() -> - []. - -%% type -> type schema -fields(Any) -> - error({invalid_field, Any}). - -%% type -> type module -is_enterprise_module(_) -> - false. - -%% api sources set -authz_sources_types() -> - []. - -%% atom-able name -> type -type(Unknown) -> throw({unknown_authz_source_type, Unknown}). - -desc(_) -> - undefined. - --else. - -type_names() -> - []. - -fields(Any) -> - error({invalid_field, Any}). - -is_enterprise_module(_) -> - false. - -authz_sources_types() -> - []. - -%% should never happen if the input is type-checked by hocon schema -type(Unknown) -> throw({unknown_authz_source_type, Unknown}). - -desc(_) -> - undefined. --endif. diff --git a/apps/emqx_machine/priv/reboot_lists.eterm b/apps/emqx_machine/priv/reboot_lists.eterm index 43420d3cf..768424db6 100644 --- a/apps/emqx_machine/priv/reboot_lists.eterm +++ b/apps/emqx_machine/priv/reboot_lists.eterm @@ -56,6 +56,8 @@ emqx_auth_mysql, emqx_auth_postgresql, emqx_auth_redis, + emqx_ldap, + emqx_auth_ldap, emqx_auto_subscribe, emqx_gateway, emqx_gateway_stomp, diff --git a/changes/ce/feat-11725.en.md b/changes/ce/feat-11725.en.md new file mode 100644 index 000000000..ce5b08169 --- /dev/null +++ b/changes/ce/feat-11725.en.md @@ -0,0 +1 @@ +Introduced the LDAP as a new authentication and authorization backend. From 33ff5d5588bfe535428f1567bd488d4a95e7e76f Mon Sep 17 00:00:00 2001 From: firest Date: Fri, 13 Oct 2023 09:33:56 +0800 Subject: [PATCH 3/3] chore: update auth header file --- apps/emqx_conf/include/emqx_conf.hrl | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/apps/emqx_conf/include/emqx_conf.hrl b/apps/emqx_conf/include/emqx_conf.hrl index 4ae2b1df9..a758681ff 100644 --- a/apps/emqx_conf/include/emqx_conf.hrl +++ b/apps/emqx_conf/include/emqx_conf.hrl @@ -43,13 +43,12 @@ emqx_authz_redis_schema, emqx_authz_mysql_schema, emqx_authz_postgresql_schema, - emqx_authz_mongodb_schema -]). - --define(EE_AUTHZ_SOURCE_SCHEMA_MODS, [ + emqx_authz_mongodb_schema, emqx_authz_ldap_schema ]). +-define(EE_AUTHZ_SOURCE_SCHEMA_MODS, []). + -define(CE_AUTHN_PROVIDER_SCHEMA_MODS, [ emqx_authn_mnesia_schema, emqx_authn_mysql_schema, @@ -58,12 +57,12 @@ emqx_authn_redis_schema, emqx_authn_http_schema, emqx_authn_jwt_schema, - emqx_authn_scram_mnesia_schema + emqx_authn_scram_mnesia_schema, + emqx_authn_ldap_schema, + emqx_authn_ldap_bind_schema ]). -define(EE_AUTHN_PROVIDER_SCHEMA_MODS, [ - emqx_authn_ldap_schema, - emqx_authn_ldap_bind_schema, emqx_gcp_device_authn_schema ]).