yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(authz): prepend and append only allow one source

This commit is contained in:
JimMoen 2022-03-21 19:41:27 +08:00
parent 843e12ad16
commit c2e1c38fdf
3 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apps/emqx_authz/src/emqx_authz.erl
View File

@ -142,12 +142,12 @@ do_pre_config_update({?CMD_MOVE, Type, ?CMD_MOVE_AFTER(After)}, Sources) ->
{S1, Front1, Rear1} = take(Type, Sources), {S1, Front1, Rear1} = take(Type, Sources),
{S2, Front2, Rear2} = take(After, Front1 ++ Rear1), {S2, Front2, Rear2} = take(After, Front1 ++ Rear1),
Front2 ++ [S2, S1] ++ Rear2; Front2 ++ [S2, S1] ++ Rear2;
do_pre_config_update({?CMD_PREPEND, NewSources}, Sources) -> do_pre_config_update({?CMD_PREPEND, NewSource}, Sources) ->
NSources = NewSources ++ Sources, NSources = [NewSource] ++ Sources,
ok = check_dup_types(NSources), ok = check_dup_types(NSources),
NSources; NSources;
do_pre_config_update({?CMD_APPEND, NewSources}, Sources) -> do_pre_config_update({?CMD_APPEND, NewSource}, Sources) ->
NSources = Sources ++ NewSources, NSources = Sources ++ [NewSource],
ok = check_dup_types(NSources), ok = check_dup_types(NSources),
NSources; NSources;
do_pre_config_update({{?CMD_REPLACE, Type}, #{<<"enable">> := Enable} = Source}, Sources) do_pre_config_update({{?CMD_REPLACE, Type}, #{<<"enable">> := Enable} = Source}, Sources)
@ -186,12 +186,12 @@ do_post_config_update({?CMD_MOVE, _Type, _Where} = Cmd, _NewSources) ->
MovedSources = do_pre_config_update(Cmd, InitedSources), MovedSources = do_pre_config_update(Cmd, InitedSources),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [MovedSources]}, -1), ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [MovedSources]}, -1),
ok = emqx_authz_cache:drain_cache(); ok = emqx_authz_cache:drain_cache();
do_post_config_update({?CMD_PREPEND, Sources}, _NewSources) -> do_post_config_update({?CMD_PREPEND, Source}, _NewSources) ->
InitedSources = init_sources(check_sources(Sources)), InitedSources = init_sources(check_sources([Source])),
ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources ++ lookup()]}, -1), ok = emqx_hooks:put('client.authorize', {?MODULE, authorize, [InitedSources ++ lookup()]}, -1),
ok = emqx_authz_cache:drain_cache(); ok = emqx_authz_cache:drain_cache();
do_post_config_update({?CMD_APPEND, Sources}, _NewSources) -> do_post_config_update({?CMD_APPEND, Source}, _NewSources) ->
InitedSources = init_sources(check_sources(Sources)), InitedSources = init_sources(check_sources([Source])),
emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedSources]}, -1), emqx_hooks:put('client.authorize', {?MODULE, authorize, [lookup() ++ InitedSources]}, -1),
ok = emqx_authz_cache:drain_cache(); ok = emqx_authz_cache:drain_cache();
do_post_config_update({{?CMD_REPLACE, Type}, Source}, _NewSources) when is_map(Source) -> do_post_config_update({{?CMD_REPLACE, Type}, Source}, _NewSources) when is_map(Source) ->

6
apps/emqx_authz/src/emqx_authz_api_sources.erl
View File

@ -170,12 +170,12 @@ sources(get, _) ->
{200, #{sources => Sources}}; {200, #{sources => Sources}};
sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules}}) -> sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules}}) ->
{ok, Filename} = write_file(acl_conf_file(), Rules), {ok, Filename} = write_file(acl_conf_file(), Rules),
update_config(?CMD_PREPEND, [#{<<"type">> => <<"file">>, update_config(?CMD_PREPEND, #{<<"type">> => <<"file">>,
<<"enable">> => true, <<"path">> => Filename}]); <<"enable">> => true, <<"path">> => Filename});
sources(post, #{body := Body}) when is_map(Body) -> sources(post, #{body := Body}) when is_map(Body) ->
case maybe_write_certs(Body) of case maybe_write_certs(Body) of
Config when is_map(Config) -> Config when is_map(Config) ->
update_config(?CMD_PREPEND, [Config]); update_config(?CMD_PREPEND, Config);
{error, Reason} -> {error, Reason} ->
{400, #{code => <<"BAD_REQUEST">>, {400, #{code => <<"BAD_REQUEST">>,
message => bin(Reason)}} message => bin(Reason)}}

11
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -125,12 +125,13 @@ set_special_configs(_App) ->
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
t_update_source(_) -> t_update_source(_) ->
%% replace all
{ok, _} = emqx_authz:update(?CMD_REPLACE, [?SOURCE3]), {ok, _} = emqx_authz:update(?CMD_REPLACE, [?SOURCE3]),
{ok, _} = emqx_authz:update(?CMD_PREPEND, [?SOURCE2]), {ok, _} = emqx_authz:update(?CMD_PREPEND, ?SOURCE2),
{ok, _} = emqx_authz:update(?CMD_PREPEND, [?SOURCE1]), {ok, _} = emqx_authz:update(?CMD_PREPEND, ?SOURCE1),
{ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE4]), {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE4),
{ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE5]), {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE5),
{ok, _} = emqx_authz:update(?CMD_APPEND, [?SOURCE6]), {ok, _} = emqx_authz:update(?CMD_APPEND, ?SOURCE6),
?assertMatch([ #{type := http, enable := true} ?assertMatch([ #{type := http, enable := true}
, #{type := mongodb, enable := true} , #{type := mongodb, enable := true}