diff --git a/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl index 401d5a494..7e8e463b3 100644 --- a/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl +++ b/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl @@ -95,7 +95,9 @@ create(Source) -> Source. update(Source) -> Source. -destroy(_Source) -> ok. +destroy(_Source) -> + {atomic, ok} = mria:clear_table(?ACL_TABLE), + ok. authorize( #{ diff --git a/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl index 8f4f92ea2..7d77116e0 100644 --- a/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl +++ b/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl @@ -221,6 +221,35 @@ t_normalize_rules(_Config) -> ) ). +t_destroy(_Config) -> + ClientInfo = emqx_authz_test_lib:base_client_info(), + + ok = emqx_authz_mnesia:store_rules( + {username, <<"username">>}, + [#{<<"permission">> => <<"allow">>, <<"action">> => <<"publish">>, <<"topic">> => <<"t">>}] + ), + + ?assertEqual( + allow, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ), + + ok = emqx_authz_test_lib:reset_authorizers(), + + ?assertEqual( + deny, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ), + + ok = setup_config(), + + %% After destroy, the rules should be empty + + ?assertEqual( + deny, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ). + %%------------------------------------------------------------------------------ %% Helpers %%------------------------------------------------------------------------------ diff --git a/changes/ce/fix-11762.en.md b/changes/ce/fix-11762.en.md new file mode 100644 index 000000000..b2276d08c --- /dev/null +++ b/changes/ce/fix-11762.en.md @@ -0,0 +1 @@ +Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.