diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index 57ca290d5..a100c5140 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -1,4 +1,4 @@ -authorization { +authorization_rules { rules = [ # { # type: http diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index e3e540de0..aceb967c2 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -38,7 +38,7 @@ -export([post_config_update/3, pre_config_update/2]). --define(CONF_KEY_PATH, [authorization, rules]). +-define(CONF_KEY_PATH, [authorization_rules, rules]). -spec(register_metrics() -> ok). register_metrics() -> @@ -187,9 +187,9 @@ post_config_update(_, NewRules, _OldConf) -> %%-------------------------------------------------------------------- check_rules(RawRules) -> - {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"rules">> => RawRules}}), #{format => richmap}), + {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization_rules">> => #{<<"rules">> => RawRules}}), #{format => richmap}), CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), - #{authorization := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf), + #{authorization_rules := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf), Rules. find_rule_by_id(Id) -> find_rule_by_id(Id, lookup()). diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index cc109534f..0c36ccd90 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -17,9 +17,9 @@ , fields/1 ]). -structs() -> ["authorization"]. +structs() -> ["authorization_rules"]. -fields("authorization") -> +fields("authorization_rules") -> [ {rules, rules()} ]; fields(http) -> diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 0452ff96c..bcc855a59 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). all() -> emqx_ct:all(?MODULE). @@ -33,8 +33,8 @@ groups() -> init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Config. end_per_suite(_Config) -> @@ -87,7 +87,7 @@ t_update_rule(_) -> {ok, _} = emqx_authz:update(tail, [?RULE3]), Lists1 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE3]), - ?assertMatch(Lists1, emqx:get_config([authorization, rules], [])), + ?assertMatch(Lists1, emqx:get_config([authorization_rules, rules], [])), [#{annotations := #{id := Id1, principal := all, @@ -109,7 +109,7 @@ t_update_rule(_) -> {ok, _} = emqx_authz:update({replace_once, Id3}, ?RULE4), Lists2 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE4]), - ?assertMatch(Lists2, emqx:get_config([authorization, rules], [])), + ?assertMatch(Lists2, emqx:get_config([authorization_rules, rules], [])), [#{annotations := #{id := Id1, principal := all, diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl index 0600125f9..9b6153465 100644 --- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl @@ -22,6 +22,8 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). + -import(emqx_ct_http, [ request_api/3 , request_api/5 , get_http_data/1 @@ -77,10 +79,11 @@ groups() -> init_per_suite(Config) -> ekka_mnesia:start(), emqx_mgmt_auth:mnesia(boot), + ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_management, emqx_authz], fun set_special_configs/1), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Config. @@ -94,7 +97,7 @@ set_special_configs(emqx_management) -> applications =>[#{id => "admin", secret => "public"}]}), ok; set_special_configs(emqx_authz) -> - emqx_config:put([authorization], #{rules => []}), + emqx_config:put([authorization_rules], #{rules => []}), ok; set_special_configs(_App) -> ok. diff --git a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl index b284744af..fb95c1b00 100644 --- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl @@ -23,6 +23,8 @@ -include_lib("common_test/include/ct.hrl"). -define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). + all() -> emqx_ct:all(?MODULE). @@ -37,8 +39,8 @@ init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Rules = [#{ <<"config">> => #{ <<"url">> => <<"https://fake.com:443/">>, <<"headers">> => #{}, diff --git a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl index b68ee2800..cffc0ad76 100644 --- a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). all() -> emqx_ct:all(?MODULE). @@ -37,8 +37,8 @@ init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Rules = [#{ <<"config">> => #{ <<"mongo_type">> => <<"single">>, <<"server">> => <<"127.0.0.1:27017">>, diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index e6164cacd..dcc0e47d7 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). all() -> emqx_ct:all(?MODULE). @@ -38,8 +38,8 @@ init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index c304f06a9..b4383e21e 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -22,7 +22,7 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). all() -> emqx_ct:all(?MODULE). @@ -38,8 +38,8 @@ init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1, diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl index a494159e3..d3eebeb2e 100644 --- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl @@ -23,6 +23,8 @@ -include_lib("common_test/include/ct.hrl"). -define(CONF_DEFAULT, <<"authorization: {rules: []}">>). +-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>). + all() -> emqx_ct:all(?MODULE). @@ -37,8 +39,8 @@ init_per_suite(Config) -> ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_ct_helpers:start_apps([emqx_authz]), - {ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), - {ok, _} = emqx:update_config([zones, default, authorization, enable], true), + {ok, _} = emqx:update_config([authorization, cache, enable], false), + {ok, _} = emqx:update_config([authorization, no_match], deny), Rules = [#{ <<"config">> => #{ <<"server">> => <<"127.0.0.1:27017">>, <<"pool_size">> => 1,