From 216fba5a03f89109207f02c9428e13b422f52533 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 18 Apr 2022 11:46:58 +0800 Subject: [PATCH 1/3] chore: update dashboard version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 50e8f0ed6..17437e5f9 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.0-10:1.13.3-24.2.1-1-a export EMQX_DEFAULT_RUNNER = alpine:3.15.1 export OTP_VSN ?= $(shell $(CURDIR)/scripts/get-otp-vsn.sh) export ELIXIR_VSN ?= $(shell $(CURDIR)/scripts/get-elixir-vsn.sh) -export EMQX_DASHBOARD_VERSION ?= v0.28.0 +export EMQX_DASHBOARD_VERSION ?= v0.29.0 export DOCKERFILE := deploy/docker/Dockerfile export EMQX_REL_FORM ?= tgz ifeq ($(OS),Windows_NT) From 6da1302acd502e010279f707943da96cee80eb50 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 18 Apr 2022 11:48:35 +0800 Subject: [PATCH 2/3] feat: clean up all authz cache api --- apps/emqx_authz/src/emqx_authz_api_cache.erl | 74 +++++++++++++++++++ .../src/emqx_mgmt_api_clients.erl | 8 +- 2 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 apps/emqx_authz/src/emqx_authz_api_cache.erl diff --git a/apps/emqx_authz/src/emqx_authz_api_cache.erl b/apps/emqx_authz/src/emqx_authz_api_cache.erl new file mode 100644 index 000000000..e6d3b941c --- /dev/null +++ b/apps/emqx_authz/src/emqx_authz_api_cache.erl @@ -0,0 +1,74 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authz_api_cache). + +-behaviour(minirest_api). + +-export([ + api_spec/0, + paths/0, + schema/1 +]). + +-export([ + clean_cache/2 +]). + +-define(BAD_REQUEST, 'BAD_REQUEST'). + +api_spec() -> + emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}). + +paths() -> + [ + "/authorization/cache" + ]. + +%%-------------------------------------------------------------------- +%% Schema for each URI +%%-------------------------------------------------------------------- + +schema("/authorization/cache") -> + #{ + 'operationId' => clean_cache, + delete => + #{ + description => <<"Clean all authorization cache in the cluster.">>, + responses => + #{ + 204 => <<"No Content">>, + 400 => emqx_dashboard_swagger:error_codes([?BAD_REQUEST], <<"Bad Request">>) + } + } + }. + +clean_cache(delete, _) -> + case emqx_mgmt:clean_authz_cache_all() of + ok -> + {204}; + {error, Reason} -> + {400, #{ + code => <<"BAD_REQUEST">>, + message => bin(Reason) + }} + end. + +%%-------------------------------------------------------------------- +%% Internal functions +%%-------------------------------------------------------------------- + +bin(Term) -> erlang:iolist_to_binary(io_lib:format("~p", [Term])). diff --git a/apps/emqx_management/src/emqx_mgmt_api_clients.erl b/apps/emqx_management/src/emqx_mgmt_api_clients.erl index d8c71e80c..36baf041f 100644 --- a/apps/emqx_management/src/emqx_mgmt_api_clients.erl +++ b/apps/emqx_management/src/emqx_mgmt_api_clients.erl @@ -78,7 +78,7 @@ api_spec() -> paths() -> [ "/clients" , "/clients/:clientid" - , "/clients/:clientid/authz_cache" + , "/clients/:clientid/authorization/cache" , "/clients/:clientid/subscriptions" , "/clients/:clientid/subscribe" , "/clients/:clientid/unsubscribe" @@ -190,11 +190,11 @@ schema("/clients/:clientid") -> } }; -schema("/clients/:clientid/authz_cache") -> +schema("/clients/:clientid/authorization/cache") -> #{ 'operationId' => authz_cache, get => #{ - description => <<"Get client authz cache">>, + description => <<"Get client authz cache in the cluster.">>, parameters => [{clientid, hoconsc:mk(binary(), #{in => path})}], responses => #{ 200 => hoconsc:mk(hoconsc:ref(?MODULE, authz_cache), #{}), @@ -203,7 +203,7 @@ schema("/clients/:clientid/authz_cache") -> } }, delete => #{ - description => <<"Clean client authz cache">>, + description => <<"Clean client authz cache in the cluster.">>, parameters => [{clientid, hoconsc:mk(binary(), #{in => path})}], responses => #{ 204 => <<"Kick out client successfully">>, From c89c00aed0d970aab0ab6e0041acb873fb610e66 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 18 Apr 2022 15:22:18 +0800 Subject: [PATCH 3/3] test: clean cache api for all clients or specific client --- .../test/emqx_authz_api_cache_SUITE.erl | 79 +++++++++++++++++++ .../test/emqx_mgmt_api_clients_SUITE.erl | 4 +- 2 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 apps/emqx_authz/test/emqx_authz_api_cache_SUITE.erl diff --git a/apps/emqx_authz/test/emqx_authz_api_cache_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_cache_SUITE.erl new file mode 100644 index 000000000..306fe3f13 --- /dev/null +++ b/apps/emqx_authz/test/emqx_authz_api_cache_SUITE.erl @@ -0,0 +1,79 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authz_api_cache_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-import(emqx_dashboard_api_test_helpers, [request/2, uri/1]). + +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_suite(Config) -> + ok = emqx_common_test_helpers:start_apps( + [emqx_conf, emqx_authz, emqx_dashboard, emqx_management], + fun set_special_configs/1 + ), + Config. + +end_per_suite(_Config) -> + {ok, _} = emqx:update_config( + [authorization], + #{ + <<"no_match">> => <<"allow">>, + <<"cache">> => #{<<"enable">> => <<"true">>}, + <<"sources">> => [] + } + ), + ok = stop_apps([emqx_resource, emqx_connector]), + emqx_common_test_helpers:stop_apps([emqx_dashboard, emqx_authz, emqx_conf, emqx_management]), + ok. + +set_special_configs(emqx_dashboard) -> + emqx_dashboard_api_test_helpers:set_default_config(); +set_special_configs(emqx_authz) -> + {ok, _} = emqx:update_config([authorization, cache, enable], true), + {ok, _} = emqx:update_config([authorization, no_match], deny), + {ok, _} = emqx:update_config([authorization, sources], []), + ok; +set_special_configs(_App) -> + ok. + +t_clean_cahce(_) -> + {ok, C} = emqtt:start_link([{clientid, <<"emqx0">>}, {username, <<"emqx0">>}]), + {ok, _} = emqtt:connect(C), + {ok, _, _} = emqtt:subscribe(C, <<"a/b/c">>, 0), + ok = emqtt:publish(C, <<"a/b/c">>, <<"{\"x\":1,\"y\":1}">>, 0), + + {ok, 200, Result3} = request(get, uri(["clients", "emqx0", "authorization", "cache"])), + ?assertEqual(2, length(jsx:decode(Result3))), + + request(delete, uri(["authorization", "cache"])), + + {ok, 200, Result4} = request(get, uri(["clients", "emqx0", "authorization", "cache"])), + ?assertEqual(0, length(jsx:decode(Result4))), + + ok. + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). diff --git a/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl index 80f236fed..295bb0e9e 100644 --- a/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl +++ b/apps/emqx_management/test/emqx_mgmt_api_clients_SUITE.erl @@ -76,9 +76,9 @@ t_clients(_) -> AfterKickoutResponse2 = emqx_mgmt_api_test_util:request_api(get, Client2Path), ?assertEqual({error, {"HTTP/1.1", 404, "Not Found"}}, AfterKickoutResponse2), - %% get /clients/:clientid/authz_cache should has no authz cache + %% get /clients/:clientid/authorization/cache should has no authz cache Client1AuthzCachePath = emqx_mgmt_api_test_util:api_path(["clients", - binary_to_list(ClientId1), "authz_cache"]), + binary_to_list(ClientId1), "authorization", "cache"]), {ok, Client1AuthzCache} = emqx_mgmt_api_test_util:request_api(get, Client1AuthzCachePath), ?assertEqual("[]", Client1AuthzCache),