yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(gw): throw authn creation errors

This commit is contained in:
JianBo He 2022-06-16 20:02:34 +08:00
parent df2c17ccc4
commit ae1346e3f0
2 changed files with 51 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/emqx_gateway/src/emqx_gateway_http.erl
View File

@ -556,6 +556,9 @@ with_gateway(GwName0, Fun) ->
return_http_error(404, "Resource not found. path: " ++ Path); return_http_error(404, "Resource not found. path: " ++ Path);
error:{badmatch, {error, einval}} -> error:{badmatch, {error, einval}} ->
return_http_error(400, "Invalid bind address"); return_http_error(400, "Invalid bind address");
error:{badauth, Reason} ->
Reason1 = emqx_gateway_utils:stringfy(Reason),
return_http_error(400, ["Bad authentication config: ", Reason1]);
Class:Reason:Stk -> Class:Reason:Stk ->
?SLOG(error, #{ ?SLOG(error, #{
msg => "uncaught_exception", msg => "uncaught_exception",

68
apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
View File

@ -141,12 +141,16 @@ handle_call(disable, _From, State = #state{status = Status}) ->
handle_call(enable, _From, State = #state{status = Status}) -> handle_call(enable, _From, State = #state{status = Status}) ->
case Status of case Status of
stopped -> stopped ->
ok = ensure_authn_running(State), case ensure_authn_running(State) of
case cb_gateway_load(State) of ok ->
case cb_gateway_load(State) of
{error, Reason} ->
{reply, {error, Reason}, State};
{ok, NState1} ->
{reply, ok, NState1}
end;
{error, Reason} -> {error, Reason} ->
{reply, {error, Reason}, State}; {reply, {error, Reason}, State}
{ok, NState1} ->
{reply, ok, NState1}
end; end;
_ -> _ ->
{reply, {error, already_started}, State} {reply, {error, already_started}, State}
@ -238,12 +242,22 @@ detailed_gateway_info(State) ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Authn resources managing funcs %% Authn resources managing funcs
pipeline(_, []) ->
ok;
pipeline(Fun, [Args | More]) ->
case Fun(Args) of
ok ->
pipeline(Fun, More);
{error, Reason} ->
{error, Reason}
end.
%% ensure authentication chain, authenticator created and keep its configured %% ensure authentication chain, authenticator created and keep its configured
%% status %% status
ensure_authn_running(#state{name = GwName, config = Config}) -> ensure_authn_running(#state{name = GwName, config = Config}) ->
lists:foreach( pipeline(
fun({ChainName, AuthConf}) -> fun({ChainName, AuthConf}) ->
ok = ensure_authenticator_created(ChainName, AuthConf) ensure_authenticator_created(ChainName, AuthConf)
end, end,
authns(GwName, Config) authns(GwName, Config)
). ).
@ -251,9 +265,9 @@ ensure_authn_running(#state{name = GwName, config = Config}) ->
%% ensure authentication chain, authenticator created and keep its status %% ensure authentication chain, authenticator created and keep its status
%% as given %% as given
ensure_authn_running(#state{name = GwName, config = Config}, Enable) -> ensure_authn_running(#state{name = GwName, config = Config}, Enable) ->
lists:foreach( pipeline(
fun({ChainName, AuthConf}) -> fun({ChainName, AuthConf}) ->
ok = ensure_authenticator_created(ChainName, AuthConf#{enable => Enable}) ensure_authenticator_created(ChainName, AuthConf#{enable => Enable})
end, end,
authns(GwName, Config) authns(GwName, Config)
). ).
@ -285,12 +299,14 @@ remove_all_authns(#state{name = GwName, config = Config}) ->
ensure_authenticator_created(ChainName, Confs) -> ensure_authenticator_created(ChainName, Confs) ->
case emqx_authentication:list_authenticators(ChainName) of case emqx_authentication:list_authenticators(ChainName) of
{ok, [#{id := AuthenticatorId}]} -> {ok, [#{id := AuthenticatorId}]} ->
{ok, _} = emqx_authentication:update_authenticator(ChainName, AuthenticatorId, Confs), case emqx_authentication:update_authenticator(ChainName, AuthenticatorId, Confs) of
ok; {ok, _} -> ok;
{error, Reason} -> {error, {badauth, Reason}}
end;
{ok, []} -> {ok, []} ->
ok = do_create_authenticator(ChainName, Confs); do_create_authenticator(ChainName, Confs);
{error, {not_found, {chain, _}}} -> {error, {not_found, {chain, _}}} ->
ok = do_create_authenticator(ChainName, Confs) do_create_authenticator(ChainName, Confs)
end. end.
authns(GwName, Config) -> authns(GwName, Config) ->
@ -328,7 +344,7 @@ do_create_authenticator(ChainName, AuthConf) ->
reason => Reason, reason => Reason,
config => AuthConf config => AuthConf
}), }),
throw({badauth, Reason}) {error, {badauth, Reason}}
end. end.
do_update_one_by_one( do_update_one_by_one(
@ -348,15 +364,27 @@ do_update_one_by_one(
case {Status, NEnable} of case {Status, NEnable} of
{stopped, true} -> {stopped, true} ->
ok = ensure_authn_running(State#state{config = NCfg}), case ensure_authn_running(State#state{config = NCfg}) of
cb_gateway_load(State#state{config = NCfg}); ok ->
cb_gateway_load(State#state{config = NCfg});
{error, Reason} ->
{error, Reason}
end;
{stopped, false} -> {stopped, false} ->
ok = disable_authns(State#state{config = NCfg}), case disable_authns(State#state{config = NCfg}) of
{ok, State#state{config = NCfg}}; ok ->
{ok, State#state{config = NCfg}};
{error, Reason} ->
{error, Reason}
end;
{running, true} -> {running, true} ->
%% FIXME: minimum impact update %% FIXME: minimum impact update
ok = ensure_authn_running(State#state{config = NCfg}), case ensure_authn_running(State#state{config = NCfg}) of
cb_gateway_update(NCfg, State); ok ->
cb_gateway_update(NCfg, State);
{error, Reason} ->
{error, Reason}
end;
{running, false} -> {running, false} ->
case cb_gateway_unload(State) of case cb_gateway_unload(State) of
{ok, NState} -> {ok, NState} ->