feat(authz api): support read cert file for api
This commit is contained in:
zhanghongtong
Rory Z
parent
07dcd9e705
commit
b8ee977d9d
|
|
@ -325,7 +325,7 @@ sources(get, _) ->
|
|||
_ ->
|
||||
NSource1#{annotations => #{status => unhealthy}}
|
||||
end,
|
||||
lists:append(AccIn, [NSource2]);
|
||||
lists:append(AccIn, [read_cert(NSource2)]);
|
||||
(Source, AccIn) ->
|
||||
lists:append(AccIn, [Source#{annotations => #{status => healthy}}])
|
||||
end, [], emqx_authz:lookup()),
|
||||
|
|
@ -340,7 +340,7 @@ sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules, <<"ena
|
|||
messgae => atom_to_binary(Reason)}}
|
||||
end;
|
||||
sources(post, #{body := Body}) when is_map(Body) ->
|
||||
case emqx_authz:update(head, [save_cert(Body)]) of
|
||||
case emqx_authz:update(head, [write_cert(Body)]) of
|
||||
{ok, _} -> {204};
|
||||
{error, Reason} ->
|
||||
{400, #{code => <<"BAD_REQUEST">>,
|
||||
|
|
@ -353,7 +353,7 @@ sources(put, #{body := Body}) when is_list(Body) ->
|
|||
Filename = filename:join([emqx:get_config([node, data_dir]), "authorization_rules.conf"]),
|
||||
write_file(Filename, erlang:list_to_bitstring([<<Rule/binary, "\n">> || Rule <- Rules])),
|
||||
#{type => file, enable => Enable, path => Filename};
|
||||
_ -> save_cert(Source)
|
||||
_ -> write_cert(Source)
|
||||
end
|
||||
end || Source <- Body],
|
||||
case emqx_authz:update(replace, NBody) of
|
||||
|
|
@ -392,7 +392,7 @@ source(get, #{bindings := #{type := Type}}) ->
|
|||
_ ->
|
||||
NSource1#{annotations => #{status => unhealthy}}
|
||||
end,
|
||||
{200, NSource2}
|
||||
{200, read_cert(NSource2)}
|
||||
end;
|
||||
source(put, #{bindings := #{type := file}, body := #{<<"type">> := <<"file">>, <<"rules">> := Rules, <<"enable">> := Enable}}) ->
|
||||
#{path := Path} = emqx_authz:lookup(file),
|
||||
|
|
@ -404,7 +404,7 @@ source(put, #{bindings := #{type := file}, body := #{<<"type">> := <<"file">>, <
|
|||
messgae => atom_to_binary(Reason)}}
|
||||
end;
|
||||
source(put, #{bindings := #{type := Type}, body := Body}) when is_map(Body) ->
|
||||
case emqx_authz:update({replace_once, Type}, save_cert(Body)) of
|
||||
case emqx_authz:update({replace_once, Type}, write_cert(Body)) of
|
||||
{ok, _} -> {204};
|
||||
{error, not_found_source} ->
|
||||
{404, #{code => <<"NOT_FOUND">>,
|
||||
|
|
@ -431,7 +431,27 @@ move_source(post, #{bindings := #{type := Type}, body := #{<<"position">> := Pos
|
|||
messgae => atom_to_binary(Reason)}}
|
||||
end.
|
||||
|
||||
save_cert(#{<<"config">> := #{<<"ssl">> := #{<<"enable">> := true} = SSL} = Config} = Body) ->
|
||||
read_cert(#{config := #{ssl := #{enable := true} = SSL} = Config} = Source) ->
|
||||
CaCert = case file:read_file(maps:get(cacertfile, SSL, "")) of
|
||||
{ok, CaCert0} -> CaCert0;
|
||||
_ -> ""
|
||||
end,
|
||||
Cert = case file:read_file(maps:get(certfile, SSL, "")) of
|
||||
{ok, Cert0} -> Cert0;
|
||||
_ -> ""
|
||||
end,
|
||||
Key = case file:read_file(maps:get(keyfile, SSL, "")) of
|
||||
{ok, Key0} -> Key0;
|
||||
_ -> ""
|
||||
end,
|
||||
Source#{config => Config#{ssl => SSL#{cacertfile => CaCert,
|
||||
certfile => Cert,
|
||||
keyfile => Key
|
||||
}}
|
||||
};
|
||||
read_cert(Source) -> Source.
|
||||
|
||||
write_cert(#{<<"config">> := #{<<"ssl">> := #{<<"enable">> := true} = SSL} = Config} = Source) ->
|
||||
CertPath = filename:join([emqx:get_config([node, data_dir]), "certs"]),
|
||||
CaCert = case maps:is_key(<<"cacertfile">>, SSL) of
|
||||
true ->
|
||||
|
|
@ -451,12 +471,12 @@ save_cert(#{<<"config">> := #{<<"ssl">> := #{<<"enable">> := true} = SSL} = Conf
|
|||
maps:get(<<"keyfile">>, SSL));
|
||||
false -> ""
|
||||
end,
|
||||
Body#{<<"config">> := Config#{<<"ssl">> => SSL#{<<"cacertfile">> => CaCert,
|
||||
Source#{<<"config">> := Config#{<<"ssl">> => SSL#{<<"cacertfile">> => CaCert,
|
||||
<<"certfile">> => Cert,
|
||||
<<"keyfile">> => Key}
|
||||
}
|
||||
};
|
||||
save_cert(Body) -> Body.
|
||||
write_cert(Source) -> Source.
|
||||
|
||||
write_file(Filename, Bytes) ->
|
||||
ok = filelib:ensure_dir(Filename),
|
||||
|
|
|
|||
|
|
@ -208,6 +208,10 @@ t_api(_) ->
|
|||
?assertMatch(#{<<"type">> := <<"http">>, <<"enable">> := false}, jsx:decode(Result4)),
|
||||
|
||||
#{<<"config">> := Config} = ?SOURCE2,
|
||||
|
||||
dbg:tracer(),dbg:p(all,c),
|
||||
dbg:tpl(emqx_authz_api_sources, read_cert, cx),
|
||||
dbg:tpl(emqx_authz_api_sources, write_cert, cx),
|
||||
{ok, 204, _} = request(put, uri(["authorization", "sources", "mongo"]),
|
||||
?SOURCE2#{<<"config">> := Config#{<<"ssl">> := #{
|
||||
<<"enable">> => true,
|
||||
|
|
@ -218,7 +222,12 @@ t_api(_) ->
|
|||
}}}),
|
||||
{ok, 200, Result5} = request(get, uri(["authorization", "sources", "mongo"]), []),
|
||||
?assertMatch(#{<<"type">> := <<"mongo">>,
|
||||
<<"config">> := #{<<"ssl">> := #{<<"enable">> := true}}
|
||||
<<"config">> := #{<<"ssl">> := #{<<"enable">> := true,
|
||||
<<"cacertfile">> := <<"fake cacert file">>,
|
||||
<<"certfile">> := <<"fake cert file">>,
|
||||
<<"keyfile">> := <<"fake key file">>,
|
||||
<<"verify">> := false
|
||||
}}
|
||||
}, jsx:decode(Result5)),
|
||||
?assert(filelib:is_file(filename:join([emqx:get_config([node, data_dir]), "certs", "cacert-fake.pem"]))),
|
||||
?assert(filelib:is_file(filename:join([emqx:get_config([node, data_dir]), "certs", "cert-fake.pem"]))),
|
||||
|
|
|
|||
Loading…
Reference in New Issue