From bde8800f2e6cc2d9f6c38683638443677f13596f Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Fri, 13 Oct 2023 18:12:46 +0300 Subject: [PATCH] fix(mnesia authz): destroy authz records on mnesia authz destroy --- .../src/emqx_authz_mnesia.erl | 4 ++- .../test/emqx_authz_mnesia_SUITE.erl | 29 +++++++++++++++++++ changes/ce/fix-11762.en.md | 1 + 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 changes/ce/fix-11762.en.md diff --git a/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl index 401d5a494..7e8e463b3 100644 --- a/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl +++ b/apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl @@ -95,7 +95,9 @@ create(Source) -> Source. update(Source) -> Source. -destroy(_Source) -> ok. +destroy(_Source) -> + {atomic, ok} = mria:clear_table(?ACL_TABLE), + ok. authorize( #{ diff --git a/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl index 8f4f92ea2..7d77116e0 100644 --- a/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl +++ b/apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl @@ -221,6 +221,35 @@ t_normalize_rules(_Config) -> ) ). +t_destroy(_Config) -> + ClientInfo = emqx_authz_test_lib:base_client_info(), + + ok = emqx_authz_mnesia:store_rules( + {username, <<"username">>}, + [#{<<"permission">> => <<"allow">>, <<"action">> => <<"publish">>, <<"topic">> => <<"t">>}] + ), + + ?assertEqual( + allow, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ), + + ok = emqx_authz_test_lib:reset_authorizers(), + + ?assertEqual( + deny, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ), + + ok = setup_config(), + + %% After destroy, the rules should be empty + + ?assertEqual( + deny, + emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>) + ). + %%------------------------------------------------------------------------------ %% Helpers %%------------------------------------------------------------------------------ diff --git a/changes/ce/fix-11762.en.md b/changes/ce/fix-11762.en.md new file mode 100644 index 000000000..b2276d08c --- /dev/null +++ b/changes/ce/fix-11762.en.md @@ -0,0 +1 @@ +Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.