yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(emqx_authz): rename authorization to authorization_rules in emqx_authz.conf

This commit is contained in:
zhanghongtong 2021-08-19 11:29:49 +08:00 committed by Rory Z
parent 5652917af6
commit bfb363bc61
10 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_authz/etc/emqx_authz.conf
View File

@ -1,4 +1,4 @@
authorization { authorization_rules {
rules = [ rules = [
# { # {
# type: http # type: http

6
apps/emqx_authz/src/emqx_authz.erl
View File

@ -38,7 +38,7 @@
-export([post_config_update/3, pre_config_update/2]). -export([post_config_update/3, pre_config_update/2]).
-define(CONF_KEY_PATH, [authorization, rules]). -define(CONF_KEY_PATH, [authorization_rules, rules]).
-spec(register_metrics() -> ok). -spec(register_metrics() -> ok).
register_metrics() -> register_metrics() ->
@ -187,9 +187,9 @@ post_config_update(_, NewRules, _OldConf) ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
check_rules(RawRules) -> check_rules(RawRules) ->
{ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization">> => #{<<"rules">> => RawRules}}), #{format => richmap}), {ok, Conf} = hocon:binary(jsx:encode(#{<<"authorization_rules">> => #{<<"rules">> => RawRules}}), #{format => richmap}),
CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}), CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}),
#{authorization := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf), #{authorization_rules := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf),
Rules. Rules.
find_rule_by_id(Id) -> find_rule_by_id(Id, lookup()). find_rule_by_id(Id) -> find_rule_by_id(Id, lookup()).

4
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -17,9 +17,9 @@
, fields/1 , fields/1
]). ]).
structs() -> ["authorization"]. structs() -> ["authorization_rules"].
fields("authorization") -> fields("authorization_rules") ->
[ {rules, rules()} [ {rules, rules()}
]; ];
fields(http) -> fields(http) ->

10
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -33,8 +33,8 @@ groups() ->
init_per_suite(Config) -> init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Config. Config.
end_per_suite(_Config) -> end_per_suite(_Config) ->
@ -87,7 +87,7 @@ t_update_rule(_) ->
{ok, _} = emqx_authz:update(tail, [?RULE3]), {ok, _} = emqx_authz:update(tail, [?RULE3]),
Lists1 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE3]), Lists1 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE3]),
?assertMatch(Lists1, emqx:get_config([authorization, rules], [])), ?assertMatch(Lists1, emqx:get_config([authorization_rules, rules], [])),
[#{annotations := #{id := Id1, [#{annotations := #{id := Id1,
principal := all, principal := all,
@ -109,7 +109,7 @@ t_update_rule(_) ->
{ok, _} = emqx_authz:update({replace_once, Id3}, ?RULE4), {ok, _} = emqx_authz:update({replace_once, Id3}, ?RULE4),
Lists2 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE4]), Lists2 = emqx_authz:check_rules([?RULE1, ?RULE2, ?RULE4]),
?assertMatch(Lists2, emqx:get_config([authorization, rules], [])), ?assertMatch(Lists2, emqx:get_config([authorization_rules, rules], [])),
[#{annotations := #{id := Id1, [#{annotations := #{id := Id1,
principal := all, principal := all,

9
apps/emqx_authz/test/emqx_authz_api_SUITE.erl
View File

@ -22,6 +22,8 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
-import(emqx_ct_http, [ request_api/3 -import(emqx_ct_http, [ request_api/3
, request_api/5 , request_api/5
, get_http_data/1 , get_http_data/1
@ -77,10 +79,11 @@ groups() ->
init_per_suite(Config) -> init_per_suite(Config) ->
ekka_mnesia:start(), ekka_mnesia:start(),
emqx_mgmt_auth:mnesia(boot), emqx_mgmt_auth:mnesia(boot),
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_management, emqx_authz], fun set_special_configs/1), ok = emqx_ct_helpers:start_apps([emqx_management, emqx_authz], fun set_special_configs/1),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Config. Config.
@ -94,7 +97,7 @@ set_special_configs(emqx_management) ->
applications =>[#{id => "admin", secret => "public"}]}), applications =>[#{id => "admin", secret => "public"}]}),
ok; ok;
set_special_configs(emqx_authz) -> set_special_configs(emqx_authz) ->
emqx_config:put([authorization], #{rules => []}), emqx_config:put([authorization_rules], #{rules => []}),
ok; ok;
set_special_configs(_App) -> set_special_configs(_App) ->
ok. ok.

6
apps/emqx_authz/test/emqx_authz_http_SUITE.erl
View File

@ -23,6 +23,8 @@
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -37,8 +39,8 @@ init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Rules = [#{ <<"config">> => #{ Rules = [#{ <<"config">> => #{
<<"url">> => <<"https://fake.com:443/">>, <<"url">> => <<"https://fake.com:443/">>,
<<"headers">> => #{}, <<"headers">> => #{},

6
apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -37,8 +37,8 @@ init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Rules = [#{ <<"config">> => #{ Rules = [#{ <<"config">> => #{
<<"mongo_type">> => <<"single">>, <<"mongo_type">> => <<"single">>,
<<"server">> => <<"127.0.0.1:27017">>, <<"server">> => <<"127.0.0.1:27017">>,

6
apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -38,8 +38,8 @@ init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Rules = [#{ <<"config">> => #{ Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>, <<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1, <<"pool_size">> => 1,

6
apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
View File

@ -22,7 +22,7 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -38,8 +38,8 @@ init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Rules = [#{ <<"config">> => #{ Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>, <<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1, <<"pool_size">> => 1,

6
apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
View File

@ -23,6 +23,8 @@
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(CONF_DEFAULT, <<"authorization: {rules: []}">>). -define(CONF_DEFAULT, <<"authorization: {rules: []}">>).
-define(CONF_DEFAULT, <<"authorization_rules: {rules: []}">>).
all() -> all() ->
emqx_ct:all(?MODULE). emqx_ct:all(?MODULE).
@ -37,8 +39,8 @@ init_per_suite(Config) ->
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT), ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
ok = emqx_ct_helpers:start_apps([emqx_authz]), ok = emqx_ct_helpers:start_apps([emqx_authz]),
{ok, _} = emqx:update_config([zones, default, authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([zones, default, authorization, enable], true), {ok, _} = emqx:update_config([authorization, no_match], deny),
Rules = [#{ <<"config">> => #{ Rules = [#{ <<"config">> => #{
<<"server">> => <<"127.0.0.1:27017">>, <<"server">> => <<"127.0.0.1:27017">>,
<<"pool_size">> => 1, <<"pool_size">> => 1,