yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: add emqx_authz_file validate function

This commit is contained in:
Zhongwen Deng 2023-05-22 11:03:23 +08:00
parent 6cb9efd7d3
commit 96e7005de8
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/emqx_authz/src/emqx_authz.erl
View File

@ -539,8 +539,9 @@ update_authz_chain(Actions) ->
check_acl_file_rules(Path, Rules) -> check_acl_file_rules(Path, Rules) ->
TmpPath = Path ++ ".tmp", TmpPath = Path ++ ".tmp",
try try
ok = write_file(Path, Rules), ok = write_file(TmpPath, Rules),
emqx_authz_schema:validate_file_rules(Path) {ok, _} = emqx_authz_file:validate(TmpPath),
ok
catch catch
throw:Reason -> throw(Reason) throw:Reason -> throw(Reason)
after after

7
apps/emqx_authz/src/emqx_authz_file.erl
View File

@ -33,13 +33,14 @@
update/1, update/1,
destroy/1, destroy/1,
authorize/4, authorize/4,
validate/1,
read_file/1 read_file/1
]). ]).
description() -> description() ->
"AuthZ with static rules". "AuthZ with static rules".
create(#{path := Path0} = Source) -> validate(Path0) ->
Path = filename(Path0), Path = filename(Path0),
Rules = Rules =
case file:consult(Path) of case file:consult(Path) of
@ -56,6 +57,10 @@ create(#{path := Path0} = Source) ->
?SLOG(alert, #{msg => bad_acl_file_content, path => Path, reason => Reason}), ?SLOG(alert, #{msg => bad_acl_file_content, path => Path, reason => Reason}),
throw({bad_acl_file_content, Reason}) throw({bad_acl_file_content, Reason})
end, end,
{ok, Rules}.
create(#{path := Path} = Source) ->
{ok, Rules} = validate(Path),
Source#{annotations => #{rules => Rules}}. Source#{annotations => #{rules => Rules}}.
update(#{path := _Path} = Source) -> update(#{path := _Path} = Source) ->

12
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -42,8 +42,7 @@
-export([ -export([
headers_no_content_type/1, headers_no_content_type/1,
headers/1, headers/1
validate_file_rules/1
]). ]).
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
@ -85,7 +84,7 @@ fields(file) ->
string(), string(),
#{ #{
required => true, required => true,
validator => fun ?MODULE:validate_file_rules/1, validator => fun(Path) -> element(1, emqx_authz_file:validate(Path)) end,
desc => ?DESC(path) desc => ?DESC(path)
} }
)} )}
@ -518,10 +517,3 @@ default_authz() ->
<<"enable">> => true, <<"enable">> => true,
<<"path">> => <<"${EMQX_ETC_DIR}/acl.conf">> <<"path">> => <<"${EMQX_ETC_DIR}/acl.conf">>
}. }.
validate_file_rules(Path) ->
%% Don't need assert the create result here, all error is thrown
%% some test mock the create function
%% #{annotations := #{rules := _}}
_ = emqx_authz_file:create(#{path => Path}),
ok.

7
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -205,9 +205,14 @@ t_bad_file_source(_) ->
BadActionErr = {invalid_authorization_action, pubsub}, BadActionErr = {invalid_authorization_action, pubsub},
lists:foreach( lists:foreach(
fun({Source, Error}) -> fun({Source, Error}) ->
File = emqx_authz:acl_conf_file(),
{ok, Bin1} = file:read_file(File),
?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_REPLACE, [Source])), ?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_REPLACE, [Source])),
?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_PREPEND, Source)), ?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_PREPEND, Source)),
?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_APPEND, Source)) ?assertEqual(?UPDATE_ERROR(Error), emqx_authz:update(?CMD_APPEND, Source)),
%% Check file content not changed if update failed
{ok, Bin2} = file:read_file(File),
?assertEqual(Bin1, Bin2)
end, end,
[ [
{BadContent, BadContentErr}, {BadContent, BadContentErr},