From bf4c31b745aa3438d3e31c5c37aac08e825cf6f1 Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Thu, 1 Jul 2021 15:52:25 +0800 Subject: [PATCH] chore(authz): use atom key for hocon config --- apps/emqx_authz/etc/emqx_authz.conf | 2 +- apps/emqx_authz/include/emqx_authz.hrl | 2 +- apps/emqx_authz/src/emqx_authz.erl | 105 +++++++++--------- apps/emqx_authz/src/emqx_authz_api.erl | 7 +- apps/emqx_authz/src/emqx_authz_mysql.erl | 10 +- apps/emqx_authz/src/emqx_authz_pgsql.erl | 10 +- apps/emqx_authz/src/emqx_authz_redis.erl | 14 +-- apps/emqx_authz/src/emqx_authz_schema.erl | 34 +++--- apps/emqx_authz/test/emqx_authz_SUITE.erl | 103 ++++++++--------- apps/emqx_authz/test/emqx_authz_api_SUITE.erl | 5 +- .../test/emqx_authz_mysql_SUITE.erl | 8 +- .../test/emqx_authz_pgsql_SUITE.erl | 8 +- .../test/emqx_authz_redis_SUITE.erl | 8 +- 13 files changed, 167 insertions(+), 149 deletions(-) diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index b2575e6d6..89515592f 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -1,4 +1,4 @@ -authz:{ +emqx_authz:{ rules: [ # { # type: mysql diff --git a/apps/emqx_authz/include/emqx_authz.hrl b/apps/emqx_authz/include/emqx_authz.hrl index ca595525d..9caf3d979 100644 --- a/apps/emqx_authz/include/emqx_authz.hrl +++ b/apps/emqx_authz/include/emqx_authz.hrl @@ -1,4 +1,4 @@ --type(rule() :: #{binary() => any()}). +-type(rule() :: #{atom() => any()}). -type(rules() :: [rule()]). -define(APP, emqx_authz). diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index 337e3b043..9be9fdce8 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -38,16 +38,17 @@ init() -> ok = register_metrics(), Conf = filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), {ok, RawConf} = hocon:load(Conf), - #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf), - ok = application:set_env(?APP, rules, Rules), + #{emqx_authz := #{rules := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf, #{atom_key => true}), + emqx_config:put([emqx_authz], #{rules => Rules}), + % Rules = emqx_config:get([emqx_authz, rules], []), NRules = [compile(Rule) || Rule <- Rules], ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]}, -1). lookup() -> - application:get_env(?APP, rules, []). + emqx_config:get([emqx_authz, rules], []). update(Rules) -> - ok = application:set_env(?APP, rules, Rules), + emqx_config:put([emqx_authz], #{rules => Rules}), NRules = [compile(Rule) || Rule <- Rules], Action = find_action_in_hooks(), ok = emqx_hooks:del('client.authorize', Action), @@ -63,12 +64,12 @@ find_action_in_hooks() -> [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ], Action. -create_resource(#{<<"type">> := DB, - <<"config">> := Config +create_resource(#{type := DB, + config := Config } = Rule) -> ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]), NConfig = case DB of - redis -> #{<<"config">> => Config }; + redis -> #{config => Config }; _ -> Config end, case emqx_resource:check_and_create( @@ -77,63 +78,63 @@ create_resource(#{<<"type">> := DB, NConfig) of {ok, _} -> - Rule#{<<"resource_id">> => ResourceID}; + Rule#{resource_id => ResourceID}; {error, already_created} -> - Rule#{<<"resource_id">> => ResourceID}; + Rule#{resource_id => ResourceID}; {error, Reason} -> error({load_config_error, Reason}) end. -spec(compile(rule()) -> rule()). -compile(#{<<"topics">> := Topics, - <<"action">> := Action, - <<"permission">> := Permission, - <<"principal">> := Principal +compile(#{topics := Topics, + action := Action, + permission := Permission, + principal := Principal } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) -> NTopics = [compile_topic(Topic) || Topic <- Topics], - Rule#{<<"principal">> => compile_principal(Principal), - <<"topics">> => NTopics + Rule#{principal => compile_principal(Principal), + topics => NTopics }; -compile(#{<<"principal">> := Principal, - <<"type">> := redis +compile(#{principal := Principal, + type := redis } = Rule) -> NRule = create_resource(Rule), - NRule#{<<"principal">> => compile_principal(Principal)}; + NRule#{principal => compile_principal(Principal)}; -compile(#{<<"principal">> := Principal, - <<"type">> := DB, - <<"sql">> := SQL +compile(#{principal := Principal, + type := DB, + sql := SQL } = Rule) when DB =:= mysql; DB =:= pgsql -> Mod = list_to_existing_atom(io_lib:format("~s_~s",[?APP, DB])), NRule = create_resource(Rule), - NRule#{<<"principal">> => compile_principal(Principal), - <<"sql">> => Mod:parse_query(SQL) + NRule#{principal => compile_principal(Principal), + sql => Mod:parse_query(SQL) }. compile_principal(all) -> all; -compile_principal(#{<<"username">> := Username}) -> +compile_principal(#{username := Username}) -> {ok, MP} = re:compile(bin(Username)), - #{<<"username">> => MP}; -compile_principal(#{<<"clientid">> := Clientid}) -> + #{username => MP}; +compile_principal(#{clientid := Clientid}) -> {ok, MP} = re:compile(bin(Clientid)), - #{<<"clientid">> => MP}; -compile_principal(#{<<"ipaddress">> := IpAddress}) -> - #{<<"ipaddress">> => esockd_cidr:parse(b2l(IpAddress), true)}; -compile_principal(#{<<"and">> := Principals}) when is_list(Principals) -> - #{<<"and">> => [compile_principal(Principal) || Principal <- Principals]}; -compile_principal(#{<<"or">> := Principals}) when is_list(Principals) -> - #{<<"or">> => [compile_principal(Principal) || Principal <- Principals]}. + #{clientid => MP}; +compile_principal(#{ipaddress := IpAddress}) -> + #{ipaddress => esockd_cidr:parse(b2l(IpAddress), true)}; +compile_principal(#{'and' := Principals}) when is_list(Principals) -> + #{'and' => [compile_principal(Principal) || Principal <- Principals]}; +compile_principal(#{'or' := Principals}) when is_list(Principals) -> + #{'or' => [compile_principal(Principal) || Principal <- Principals]}. compile_topic(<<"eq ", Topic/binary>>) -> - compile_topic(#{<<"eq">> => Topic}); -compile_topic(#{<<"eq">> := Topic}) -> - #{<<"eq">> => emqx_topic:words(bin(Topic))}; + compile_topic(#{'eq' => Topic}); +compile_topic(#{'eq' := Topic}) -> + #{'eq' => emqx_topic:words(bin(Topic))}; compile_topic(Topic) when is_binary(Topic)-> Words = emqx_topic:words(bin(Topic)), case pattern(Words) of - true -> #{<<"pattern">> => Words}; + true -> #{pattern => Words}; false -> Words end. @@ -173,8 +174,8 @@ authorize(#{username := Username, end. do_authorize(Client, PubSub, Topic, - [Connector = #{<<"principal">> := Principal, - <<"type">> := DB} | Tail] ) -> + [Connector = #{principal := Principal, + type := DB} | Tail] ) -> case match_principal(Client, Principal) of true -> Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])), @@ -185,7 +186,7 @@ do_authorize(Client, PubSub, Topic, false -> do_authorize(Client, PubSub, Topic, Tail) end; do_authorize(Client, PubSub, Topic, - [#{<<"permission">> := Permission} = Rule | Tail]) -> + [#{permission := Permission} = Rule | Tail]) -> case match(Client, PubSub, Topic, Rule) of true -> {matched, Permission}; false -> do_authorize(Client, PubSub, Topic, Tail) @@ -193,9 +194,9 @@ do_authorize(Client, PubSub, Topic, do_authorize(_Client, _PubSub, _Topic, []) -> nomatch. match(Client, PubSub, Topic, - #{<<"principal">> := Principal, - <<"topics">> := TopicFilters, - <<"action">> := Action + #{principal := Principal, + topics := TopicFilters, + action := Action }) -> match_action(PubSub, Action) andalso match_principal(Client, Principal) andalso @@ -207,27 +208,27 @@ match_action(_, all) -> true; match_action(_, _) -> false. match_principal(_, all) -> true; -match_principal(#{username := undefined}, #{<<"username">> := _MP}) -> +match_principal(#{username := undefined}, #{username := _MP}) -> false; -match_principal(#{username := Username}, #{<<"username">> := MP}) -> +match_principal(#{username := Username}, #{username := MP}) -> case re:run(Username, MP) of {match, _} -> true; _ -> false end; -match_principal(#{clientid := Clientid}, #{<<"clientid">> := MP}) -> +match_principal(#{clientid := Clientid}, #{clientid := MP}) -> case re:run(Clientid, MP) of {match, _} -> true; _ -> false end; -match_principal(#{peerhost := undefined}, #{<<"ipaddress">> := _CIDR}) -> +match_principal(#{peerhost := undefined}, #{ipaddress := _CIDR}) -> false; -match_principal(#{peerhost := IpAddress}, #{<<"ipaddress">> := CIDR}) -> +match_principal(#{peerhost := IpAddress}, #{ipaddress := CIDR}) -> esockd_cidr:match(IpAddress, CIDR); -match_principal(ClientInfo, #{<<"and">> := Principals}) when is_list(Principals) -> +match_principal(ClientInfo, #{'and' := Principals}) when is_list(Principals) -> lists:foldl(fun(Principal, Permission) -> match_principal(ClientInfo, Principal) andalso Permission end, true, Principals); -match_principal(ClientInfo, #{<<"or">> := Principals}) when is_list(Principals) -> +match_principal(ClientInfo, #{'or' := Principals}) when is_list(Principals) -> lists:foldl(fun(Principal, Permission) -> match_principal(ClientInfo, Principal) orelse Permission end, false, Principals); @@ -235,7 +236,7 @@ match_principal(_, _) -> false. match_topics(_ClientInfo, _Topic, []) -> false; -match_topics(ClientInfo, Topic, [#{<<"pattern">> := PatternFilter}|Filters]) -> +match_topics(ClientInfo, Topic, [#{pattern := PatternFilter}|Filters]) -> TopicFilter = feed_var(ClientInfo, PatternFilter), match_topic(emqx_topic:words(Topic), TopicFilter) orelse match_topics(ClientInfo, Topic, Filters); @@ -243,7 +244,7 @@ match_topics(ClientInfo, Topic, [TopicFilter|Filters]) -> match_topic(emqx_topic:words(Topic), TopicFilter) orelse match_topics(ClientInfo, Topic, Filters). -match_topic(Topic, #{<<"eq">> := TopicFilter}) -> +match_topic(Topic, #{'eq' := TopicFilter}) -> Topic == TopicFilter; match_topic(Topic, TopicFilter) -> emqx_topic:match(Topic, TopicFilter). diff --git a/apps/emqx_authz/src/emqx_authz_api.erl b/apps/emqx_authz/src/emqx_authz_api.erl index 6b4ed6c74..08ff0a7d7 100644 --- a/apps/emqx_authz/src/emqx_authz_api.erl +++ b/apps/emqx_authz/src/emqx_authz_api.erl @@ -74,10 +74,9 @@ push_authz(_Bindings, Params) -> %%------------------------------------------------------------------------------ get_rules(Params) -> - % #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, #{<<"authz">> => Params}), - {ok, Conf} = hocon:binary(jsx:encode(#{<<"authz">> => Params}), #{format => richmap}), - CheckConf = hocon_schema:check(emqx_authz_schema, Conf), - #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:richmap_to_map(CheckConf), + {ok, Conf} = hocon:binary(jsx:encode(#{<<"emqx_authz">> => Params}), #{format => richmap}), + CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), + #{emqx_authz := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf), Rules. %%-------------------------------------------------------------------- diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl index 6acb154fb..672954841 100644 --- a/apps/emqx_authz/src/emqx_authz_mysql.erl +++ b/apps/emqx_authz/src/emqx_authz_mysql.erl @@ -46,8 +46,8 @@ parse_query(Sql) -> end. authorize(Client, PubSub, Topic, - #{<<"resource_id">> := ResourceID, - <<"sql">> := {SQL, Params} + #{resource_id := ResourceID, + sql := {SQL, Params} }) -> case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of {ok, _Columns, []} -> nomatch; @@ -87,12 +87,12 @@ match(Client, PubSub, Topic, <<"action">> => Action, <<"permission">> => Permission }, - #{<<"simple_rule">> := - #{<<"permission">> := NPermission} = NRule + #{simple_rule := + #{permission := NPermission} = NRule } = hocon_schema:check_plain( emqx_authz_schema, #{<<"simple_rule">> => Rule}, - #{}, + #{atom_key => true}, [simple_rule]), case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of true -> {matched, NPermission}; diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl index c7cebf1e2..fa24c5f5e 100644 --- a/apps/emqx_authz/src/emqx_authz_pgsql.erl +++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl @@ -50,8 +50,8 @@ parse_query(Sql) -> end. authorize(Client, PubSub, Topic, - #{<<"resource_id">> := ResourceID, - <<"sql">> := {SQL, Params} + #{resource_id := ResourceID, + sql := {SQL, Params} }) -> case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of {ok, _Columns, []} -> nomatch; @@ -91,12 +91,12 @@ match(Client, PubSub, Topic, <<"action">> => Action, <<"permission">> => Permission }, - #{<<"simple_rule">> := - #{<<"permission">> := NPermission} = NRule + #{simple_rule := + #{permission := NPermission} = NRule } = hocon_schema:check_plain( emqx_authz_schema, #{<<"simple_rule">> => Rule}, - #{}, + #{atom_key => true}, [simple_rule]), case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of true -> {matched, NPermission}; diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl index 1b99dc2ec..dc80d959c 100644 --- a/apps/emqx_authz/src/emqx_authz_redis.erl +++ b/apps/emqx_authz/src/emqx_authz_redis.erl @@ -34,8 +34,8 @@ description() -> "AuthZ with redis". authorize(Client, PubSub, Topic, - #{<<"resource_id">> := ResourceID, - <<"cmd">> := CMD + #{resource_id := ResourceID, + cmd := CMD }) -> NCMD = string:tokens(replvar(CMD, Client), " "), case emqx_resource:query(ResourceID, {cmd, NCMD}) of @@ -50,16 +50,16 @@ authorize(Client, PubSub, Topic, do_authorize(_Client, _PubSub, _Topic, []) -> nomatch; do_authorize(Client, PubSub, Topic, [TopicFilter, Action | Tail]) -> - case match(Client, PubSub, Topic, + case match(Client, PubSub, Topic, #{topics => TopicFilter, action => Action - }) + }) of {matched, Permission} -> {matched, Permission}; nomatch -> do_authorize(Client, PubSub, Topic, Tail) end. -match(Client, PubSub, Topic, +match(Client, PubSub, Topic, #{topics := TopicFilter, action := Action }) -> @@ -68,11 +68,11 @@ match(Client, PubSub, Topic, <<"action">> => Action, <<"permission">> => allow }, - #{<<"simple_rule">> := NRule + #{simple_rule := NRule } = hocon_schema:check_plain( emqx_authz_schema, #{<<"simple_rule">> => Rule}, - #{}, + #{atom_key => true}, [simple_rule]), case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of true -> {matched, allow}; diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index 04d1b2268..5836eb12b 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -11,9 +11,9 @@ -export([structs/0, fields/1]). -structs() -> [authz]. +structs() -> ["emqx_authz"]. -fields(authz) -> +fields("emqx_authz") -> [ {rules, rules()} ]; fields(redis_connector) -> @@ -39,7 +39,7 @@ fields(simple_rule) -> , {action, #{type => action()}} , {topics, #{type => union_array( [ binary() - , hoconsc:ref(eq_topic) + , hoconsc:ref(?MODULE, eq_topic) ] )}} , {principal, principal()} @@ -52,18 +52,18 @@ fields(ipaddress) -> [{ipaddress, #{type => string()}}]; fields(andlist) -> [{'and', #{type => union_array( - [ hoconsc:ref(username) - , hoconsc:ref(clientid) - , hoconsc:ref(ipaddress) + [ hoconsc:ref(?MODULE, username) + , hoconsc:ref(?MODULE, clientid) + , hoconsc:ref(?MODULE, ipaddress) ]) } } ]; fields(orlist) -> [{'or', #{type => union_array( - [ hoconsc:ref(username) - , hoconsc:ref(clientid) - , hoconsc:ref(ipaddress) + [ hoconsc:ref(?MODULE, username) + , hoconsc:ref(?MODULE, clientid) + , hoconsc:ref(?MODULE, ipaddress) ]) } } @@ -81,9 +81,9 @@ union_array(Item) when is_list(Item) -> rules() -> #{type => union_array( - [ hoconsc:ref(simple_rule) - , hoconsc:ref(sql_connector) - , hoconsc:ref(redis_connector) + [ hoconsc:ref(?MODULE, simple_rule) + , hoconsc:ref(?MODULE, sql_connector) + , hoconsc:ref(?MODULE, redis_connector) ]) }. @@ -91,11 +91,11 @@ principal() -> #{default => all, type => hoconsc:union( [ all - , hoconsc:ref(username) - , hoconsc:ref(clientid) - , hoconsc:ref(ipaddress) - , hoconsc:ref(andlist) - , hoconsc:ref(orlist) + , hoconsc:ref(?MODULE, username) + , hoconsc:ref(?MODULE, clientid) + , hoconsc:ref(?MODULE, ipaddress) + , hoconsc:ref(?MODULE, andlist) + , hoconsc:ref(?MODULE, orlist) ]) }. diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 93be27146..944053f4e 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -43,41 +43,42 @@ set_special_configs(emqx) -> set_special_configs(emqx_authz) -> application:set_env(emqx, plugins_etc_dir, emqx_ct_helpers:deps_path(emqx_authz, "test")), - Conf = #{<<"authz">> => #{<<"rules">> => []}}, + Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}}, ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)), + % emqx_config:put([emqx_authz], #{rules => []}), ok; set_special_configs(_App) -> ok. --define(RULE1, #{<<"principal">> => all, - <<"topics">> => [<<"#">>], - <<"action">> => all, - <<"permission">> => deny} +-define(RULE1, #{principal => all, + topics => [<<"#">>], + action => all, + permission => deny} ). --define(RULE2, #{<<"principal">> => - #{<<"ipaddress">> => <<"127.0.0.1">>}, - <<"topics">> => - [#{<<"eq">> => <<"#">>}, - #{<<"eq">> => <<"+">>} +-define(RULE2, #{principal => + #{ipaddress => <<"127.0.0.1">>}, + topics => + [#{eq => <<"#">>}, + #{eq => <<"+">>} ] , - <<"action">> => all, - <<"permission">> => allow} + action => all, + permission => allow} ). --define(RULE3,#{<<"principal">> => - #{<<"and">> => [#{<<"username">> => "^test?"}, - #{<<"clientid">> => "^test?"} +-define(RULE3,#{principal => + #{'and' => [#{username => "^test?"}, + #{clientid => "^test?"} ]}, - <<"topics">> => [<<"test">>], - <<"action">> => publish, - <<"permission">> => allow} + topics => [<<"test">>], + action => publish, + permission => allow} ). --define(RULE4,#{<<"principal">> => - #{<<"or">> => [#{<<"username">> => <<"^test">>}, - #{<<"clientid">> => <<"test?">>} - ]}, - <<"topics">> => [<<"%u">>,<<"%c">>], - <<"action">> => publish, - <<"permission">> => deny} +-define(RULE4,#{principal => + #{'or' => [#{username => <<"^test">>}, + #{clientid => <<"test?">>} + ]}, + topics => [<<"%u">>,<<"%c">>], + action => publish, + permission => deny} ). @@ -85,39 +86,39 @@ set_special_configs(_App) -> %% Testcases %%------------------------------------------------------------------------------ t_compile(_) -> - ?assertEqual(#{<<"permission">> => deny, - <<"action">> => all, - <<"principal">> => all, - <<"topics">> => [['#']] + ?assertEqual(#{permission => deny, + action => all, + principal => all, + topics => [['#']] },emqx_authz:compile(?RULE1)), - ?assertEqual(#{<<"permission">> => allow, - <<"action">> => all, - <<"principal">> => - #{<<"ipaddress">> => {{127,0,0,1},{127,0,0,1},32}}, - <<"topics">> => [#{<<"eq">> => ['#']}, - #{<<"eq">> => ['+']}] + ?assertEqual(#{permission => allow, + action => all, + principal => + #{ipaddress => {{127,0,0,1},{127,0,0,1},32}}, + topics => [#{eq => ['#']}, + #{eq => ['+']}] }, emqx_authz:compile(?RULE2)), ?assertMatch( - #{<<"permission">> := allow, - <<"action">> := publish, - <<"principal">> := - #{<<"and">> := [#{<<"username">> := {re_pattern, _, _, _, _}}, - #{<<"clientid">> := {re_pattern, _, _, _, _}} - ] + #{permission := allow, + action := publish, + principal := + #{'and' := [#{username := {re_pattern, _, _, _, _}}, + #{clientid := {re_pattern, _, _, _, _}} + ] }, - <<"topics">> := [[<<"test">>]] + topics := [[<<"test">>]] }, emqx_authz:compile(?RULE3)), ?assertMatch( - #{<<"permission">> := deny, - <<"action">> := publish, - <<"principal">> := - #{<<"or">> := [#{<<"username">> := {re_pattern, _, _, _, _}}, - #{<<"clientid">> := {re_pattern, _, _, _, _}} - ] + #{permission := deny, + action := publish, + principal := + #{'or' := [#{username := {re_pattern, _, _, _, _}}, + #{clientid := {re_pattern, _, _, _, _}} + ] }, - <<"topics">> := [#{<<"pattern">> := [<<"%u">>]}, - #{<<"pattern">> := [<<"%c">>]} - ] + topics := [#{pattern := [<<"%u">>]}, + #{pattern := [<<"%c">>]} + ] }, emqx_authz:compile(?RULE4)), ok. diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl index 4871e0d7f..59dac3d71 100644 --- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl @@ -57,11 +57,10 @@ set_special_configs(emqx) -> set_special_configs(emqx_authz) -> application:set_env(emqx, plugins_etc_dir, emqx_ct_helpers:deps_path(emqx_authz, "test")), - Conf = #{<<"authz">> => #{<<"rules">> => []}}, + Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}}, ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)), - + % emqx_config:put([emqx_authz], #{rules => []}), ok; - set_special_configs(_App) -> ok. diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index 6ee229ec7..039d50383 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -49,7 +49,7 @@ set_special_configs(emqx) -> set_special_configs(emqx_authz) -> application:set_env(emqx, plugins_etc_dir, emqx_ct_helpers:deps_path(emqx_authz, "test")), - Conf = #{<<"authz">> => + Conf = #{<<"emqx_authz">> => #{<<"rules">> => [#{<<"config">> =>#{<<"meck">> => <<"fake">>}, <<"principal">> => all, @@ -57,6 +57,12 @@ set_special_configs(emqx_authz) -> <<"type">> => mysql} ]}}, ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)), + % Rules = [#{config =>#{<<"meck">> => <<"fake">>}, + % principal => all, + % sql => <<"fake sql">>, + % type => mysql} + % ], + % emqx_config:put([emqx_authz], #{rules => Rules}), ok; set_special_configs(_App) -> ok. diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index 8fb9cd3e0..9dcdd7c18 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -49,7 +49,7 @@ set_special_configs(emqx) -> set_special_configs(emqx_authz) -> application:set_env(emqx, plugins_etc_dir, emqx_ct_helpers:deps_path(emqx_authz, "test")), - Conf = #{<<"authz">> => + Conf = #{<<"emqx_authz">> => #{<<"rules">> => [#{<<"config">> =>#{<<"meck">> => <<"fake">>}, <<"principal">> => all, @@ -57,6 +57,12 @@ set_special_configs(emqx_authz) -> <<"type">> => pgsql} ]}}, ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)), + % Rules = [#{config =>#{<<"meck">> => <<"fake">>}, + % principal => all, + % sql => <<"fake sql">>, + % type => pgsql} + % ], + % emqx_config:put([emqx_authz], #{rules => Rules}), ok; set_special_configs(_App) -> ok. diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl index a4045a9e4..8cb7a51b9 100644 --- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl @@ -49,7 +49,7 @@ set_special_configs(emqx) -> set_special_configs(emqx_authz) -> application:set_env(emqx, plugins_etc_dir, emqx_ct_helpers:deps_path(emqx_authz, "test")), - Conf = #{<<"authz">> => + Conf = #{<<"emqx_authz">> => #{<<"rules">> => [#{<<"config">> =>#{ <<"server">> => <<"127.0.0.1:6379">>, @@ -63,6 +63,12 @@ set_special_configs(emqx_authz) -> <<"type">> => redis} ]}}, ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)), + % Rules = [#{config =>#{<<"meck">> => <<"fake">>}, + % principal => all, + % cmd => <<"fake cmd">>, + % type => redis} + % ], + % emqx_config:put([emqx_authz], #{rules => Rules}), ok; set_special_configs(_App) -> ok.