From c2e1c38fdf986d6229c5ef6f840cbd5b36e91d72 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 21 Mar 2022 19:41:27 +0800 Subject: [PATCH] refactor(authz): prepend and append only allow one source --- apps/emqx_authz/src/emqx_authz.erl | 16 ++++++++-------- apps/emqx_authz/src/emqx_authz_api_sources.erl | 8 ++++---- apps/emqx_authz/test/emqx_authz_SUITE.erl | 13 +++++++------ 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index 313e39b88..cea1c77a1 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -142,12 +142,12 @@ do_pre_config_update({?CMD_MOVE, Type, ?CMD_MOVE_AFTER(After)}, Sources) -> {S1, Front1, Rear1} = take(Type, Sources), {S2, Front2, Rear2} = take(After, Front1 ++ Rear1), Front2 ++ [S2, S1] ++ Rear2; -do_pre_config_update({?CMD_PREPEND, NewSources}, Sources) -> - NSources = NewSources ++ Sources, +do_pre_config_update({?CMD_PREPEND, NewSource}, Sources) -> + NSources = [NewSource] ++ Sources, ok = check_dup_types(NSources), NSources; -do_pre_config_update({?CMD_APPEND, NewSources}, Sources) -> - NSources = Sources ++ NewSources, +do_pre_config_update({?CMD_APPEND, NewSource}, Sources) -> + NSources = Sources ++ [NewSource], ok = check_dup_types(NSources), NSources; do_pre_config_update({{?CMD_REPLACE, Type}, #{<<"enable">> := Enable} = Source}, Sources) @@ -186,12 +186,12 @@ do_post_config_update({?CMD_MOVE, _Type, _Where} = Cmd, _NewSources) -> MovedSources = do_pre_config_update(Cmd, InitedSources), ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [MovedSources]}, -1), ok = emqx_authz_cache:drain_cache(); -do_post_config_update({?CMD_PREPEND, Sources}, _NewSources) -> - InitedSources = init_sources(check_sources(Sources)), +do_post_config_update({?CMD_PREPEND, Source}, _NewSources) -> + InitedSources = init_sources(check_sources([Source])), ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources ++ lookup()]}, -1), ok = emqx_authz_cache:drain_cache(); -do_post_config_update({?CMD_APPEND, Sources}, _NewSources) -> - InitedSources = init_sources(check_sources(Sources)), +do_post_config_update({?CMD_APPEND, Source}, _NewSources) -> + InitedSources = init_sources(check_sources([Source])), emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedSources]}, -1), ok = emqx_authz_cache:drain_cache(); do_post_config_update({{?CMD_REPLACE, Type}, Source}, _NewSources) when is_map(Source) -> diff --git a/apps/emqx_authz/src/emqx_authz_api_sources.erl b/apps/emqx_authz/src/emqx_authz_api_sources.erl index a9c0020c2..5f3e58cde 100644 --- a/apps/emqx_authz/src/emqx_authz_api_sources.erl +++ b/apps/emqx_authz/src/emqx_authz_api_sources.erl @@ -95,7 +95,7 @@ schema("/authorization/sources/:type") -> , put => #{ description => <<"Update source">> , parameters => parameters_field() - , 'requestBody' => mk( hoconsc:union(authz_sources_type_refs())) + , 'requestBody' => mk(hoconsc:union(authz_sources_type_refs())) , responses => #{ 204 => <<"Authorization source updated successfully">> , 400 => emqx_dashboard_swagger:error_codes([?BAD_REQUEST], <<"Bad Request">>) @@ -170,12 +170,12 @@ sources(get, _) -> {200, #{sources => Sources}}; sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules}}) -> {ok, Filename} = write_file(acl_conf_file(), Rules), - update_config(?CMD_PREPEND, [#{<<"type">> => <<"file">>, - <<"enable">> => true, <<"path">> => Filename}]); + update_config(?CMD_PREPEND, #{<<"type">> => <<"file">>, + <<"enable">> => true, <<"path">> => Filename}); sources(post, #{body := Body}) when is_map(Body) -> case maybe_write_certs(Body) of Config when is_map(Config) -> - update_config(?CMD_PREPEND, [Config]); + update_config(?CMD_PREPEND, Config); {error, Reason} -> {400, #{code => <<"BAD_REQUEST">>, message => bin(Reason)}} diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 0e73e44cf..b37aecb1a 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -125,12 +125,13 @@ set_special_configs(_App) -> %%------------------------------------------------------------------------------ t_update_source(_) -> + %% replace all {ok, _} = emqx_authz:update(?CMD_REPLACE, [?SOURCE3]), - {ok, _} = emqx_authz:update(?CMD_PREPEND, [?SOURCE2]), - {ok, _} = emqx_authz:update(?CMD_PREPEND, [?SOURCE1]), - {ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE4]), - {ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE5]), - {ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE6]), + {ok, _} = emqx_authz:update(?CMD_PREPEND, ?SOURCE2), + {ok, _} = emqx_authz:update(?CMD_PREPEND, ?SOURCE1), + {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE4), + {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE5), + {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE6), ?assertMatch([ #{type := http, enable := true} , #{type := mongodb, enable := true} @@ -170,7 +171,7 @@ t_delete_source(_) -> ?assertMatch([ #{type := http, enable := true} ], emqx_conf:get([authorization, sources], [])), - {ok, _} = emqx_authz:update({?CMD_DELETE, http}, #{}), + {ok, _} = emqx_authz:update({?CMD_DELETE, http}, #{}), ?assertMatch([], emqx_conf:get([authorization, sources], [])).