From c63bdc355a444f637edeac874778f80a9896685f Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Mon, 28 Jun 2021 15:17:21 +0800 Subject: [PATCH] chore: rename check_acl to check_authz update emqx_coap vsn rename OnClientCheckAcl to OnClientCheckAuthz in exhook --- apps/emqx/src/emqx_access_control.erl | 18 +++++++------- apps/emqx/src/emqx_channel.erl | 4 ++-- apps/emqx/src/emqx_metrics.erl | 4 ++-- apps/emqx/test/emqx_access_control_SUITE.erl | 4 ++-- apps/emqx/test/emqx_acl_test_mod.erl | 4 ++-- apps/emqx/test/emqx_channel_SUITE.erl | 2 +- .../emqx/test/emqx_mqtt_protocol_v5_SUITE.erl | 2 +- apps/emqx/test/emqx_ws_connection_SUITE.erl | 2 +- apps/emqx_authz/src/emqx_authz.erl | 8 +++---- .../test/emqx_authz_mysql_SUITE.erl | 24 +++++++++---------- .../test/emqx_authz_pgsql_SUITE.erl | 24 +++++++++---------- .../test/emqx_authz_redis_SUITE.erl | 16 ++++++------- apps/emqx_coap/src/emqx_coap.app.src | 2 +- apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl | 4 ++-- apps/emqx_coap/test/emqx_coap_SUITE.erl | 6 ++--- apps/emqx_exhook/include/emqx_exhook.hrl | 2 +- apps/emqx_exhook/priv/protos/exhook.proto | 12 +++++----- apps/emqx_exhook/src/emqx_exhook_handler.erl | 6 ++--- apps/emqx_exhook/src/emqx_exhook_server.erl | 6 ++--- .../emqx_exhook/test/emqx_exhook_demo_svr.erl | 8 +++---- .../test/props/prop_exhook_hooks.erl | 6 ++--- .../emqx_exproto/src/emqx_exproto_channel.erl | 4 ++-- apps/emqx_exproto/test/emqx_exproto_SUITE.erl | 2 +- apps/emqx_prometheus/src/emqx_prometheus.erl | 6 ++--- 24 files changed, 88 insertions(+), 88 deletions(-) diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl index a679e6a5e..8ca9f3893 100644 --- a/apps/emqx/src/emqx_access_control.erl +++ b/apps/emqx/src/emqx_access_control.erl @@ -20,7 +20,7 @@ -export([authenticate/1]). --export([ check_acl/3 +-export([ check_authz/3 ]). -type(result() :: #{auth_result := emqx_types:auth_result(), @@ -42,25 +42,25 @@ authenticate(ClientInfo = #{zone := Zone}) -> end. %% @doc Check ACL --spec(check_acl(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic()) +-spec(check_authz(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic()) -> allow | deny). -check_acl(ClientInfo, PubSub, Topic) -> +check_authz(ClientInfo, PubSub, Topic) -> case emqx_acl_cache:is_enabled() of - true -> check_acl_cache(ClientInfo, PubSub, Topic); - false -> do_check_acl(ClientInfo, PubSub, Topic) + true -> check_authz_cache(ClientInfo, PubSub, Topic); + false -> do_check_authz(ClientInfo, PubSub, Topic) end. -check_acl_cache(ClientInfo, PubSub, Topic) -> +check_authz_cache(ClientInfo, PubSub, Topic) -> case emqx_acl_cache:get_acl_cache(PubSub, Topic) of not_found -> - AclResult = do_check_acl(ClientInfo, PubSub, Topic), + AclResult = do_check_authz(ClientInfo, PubSub, Topic), emqx_acl_cache:put_acl_cache(PubSub, Topic, AclResult), AclResult; AclResult -> AclResult end. -do_check_acl(ClientInfo, PubSub, Topic) -> - case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], allow) of +do_check_authz(ClientInfo, PubSub, Topic) -> + case run_hooks('client.check_authz', [ClientInfo, PubSub, Topic], allow) of allow -> allow; _Other -> deny end. diff --git a/apps/emqx/src/emqx_channel.erl b/apps/emqx/src/emqx_channel.erl index e3cbff692..2fcad5b21 100644 --- a/apps/emqx/src/emqx_channel.erl +++ b/apps/emqx/src/emqx_channel.erl @@ -1406,7 +1406,7 @@ check_pub_alias(_Packet, _Channel) -> ok. check_pub_acl(#mqtt_packet{variable = #mqtt_packet_publish{topic_name = Topic}}, #channel{clientinfo = ClientInfo}) -> case is_acl_enabled(ClientInfo) andalso - emqx_access_control:check_acl(ClientInfo, publish, Topic) of + emqx_access_control:check_authz(ClientInfo, publish, Topic) of false -> ok; allow -> ok; deny -> {error, ?RC_NOT_AUTHORIZED} @@ -1440,7 +1440,7 @@ check_sub_acls([], _Channel, Acc) -> check_sub_acl(TopicFilter, #channel{clientinfo = ClientInfo}) -> case is_acl_enabled(ClientInfo) andalso - emqx_access_control:check_acl(ClientInfo, subscribe, TopicFilter) of + emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of false -> allow; Result -> Result end. diff --git a/apps/emqx/src/emqx_metrics.erl b/apps/emqx/src/emqx_metrics.erl index c3ce14d83..c583276d8 100644 --- a/apps/emqx/src/emqx_metrics.erl +++ b/apps/emqx/src/emqx_metrics.erl @@ -172,7 +172,7 @@ {counter, 'client.connected'}, {counter, 'client.authenticate'}, {counter, 'client.auth.anonymous'}, - {counter, 'client.check_acl'}, + {counter, 'client.check_authz'}, {counter, 'client.subscribe'}, {counter, 'client.unsubscribe'}, {counter, 'client.disconnected'} @@ -563,7 +563,7 @@ reserved_idx('client.connected') -> 202; reserved_idx('client.authenticate') -> 203; reserved_idx('client.enhanced_authenticate') -> 204; reserved_idx('client.auth.anonymous') -> 205; -reserved_idx('client.check_acl') -> 206; +reserved_idx('client.check_authz') -> 206; reserved_idx('client.subscribe') -> 207; reserved_idx('client.unsubscribe') -> 208; reserved_idx('client.disconnected') -> 209; diff --git a/apps/emqx/test/emqx_access_control_SUITE.erl b/apps/emqx/test/emqx_access_control_SUITE.erl index ffe3f4fac..82a0c1669 100644 --- a/apps/emqx/test/emqx_access_control_SUITE.erl +++ b/apps/emqx/test/emqx_access_control_SUITE.erl @@ -38,9 +38,9 @@ t_authenticate(_) -> emqx_zone:set_env(zone, allow_anonymous, true), ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())). -t_check_acl(_) -> +t_check_authz(_) -> Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>), - ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)). + ?assertEqual(allow, emqx_access_control:check_authz(clientinfo(), Publish, <<"t">>)). t_bypass_auth_plugins(_) -> ClientInfo = clientinfo(), diff --git a/apps/emqx/test/emqx_acl_test_mod.erl b/apps/emqx/test/emqx_acl_test_mod.erl index da400f076..be461d584 100644 --- a/apps/emqx/test/emqx_acl_test_mod.erl +++ b/apps/emqx/test/emqx_acl_test_mod.erl @@ -18,14 +18,14 @@ %% ACL callbacks -export([ init/1 - , check_acl/2 + , check_authz/2 , description/0 ]). init(AclOpts) -> {ok, AclOpts}. -check_acl({_User, _PubSub, _Topic}, _State) -> +check_authz({_User, _PubSub, _Topic}, _State) -> allow. description() -> diff --git a/apps/emqx/test/emqx_channel_SUITE.erl b/apps/emqx/test/emqx_channel_SUITE.erl index 9558dfd28..cc77acb56 100644 --- a/apps/emqx/test/emqx_channel_SUITE.erl +++ b/apps/emqx/test/emqx_channel_SUITE.erl @@ -37,7 +37,7 @@ init_per_suite(Config) -> ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]), ok = meck:expect(emqx_access_control, authenticate, fun(_) -> {ok, #{auth_result => success}} end), - ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> allow end), + ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end), %% Broker Meck ok = meck:new(emqx_broker, [passthrough, no_history, no_link]), %% Hooks Meck diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl index 250a959eb..e60d52a86 100644 --- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl +++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl @@ -198,7 +198,7 @@ t_batch_subscribe(_) -> {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]), {ok, _} = emqtt:connect(Client), ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]), - meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end), + meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end), {ok, _, [?RC_NOT_AUTHORIZED, ?RC_NOT_AUTHORIZED, ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1}, diff --git a/apps/emqx/test/emqx_ws_connection_SUITE.erl b/apps/emqx/test/emqx_ws_connection_SUITE.erl index 6db831972..b5020439b 100644 --- a/apps/emqx/test/emqx_ws_connection_SUITE.erl +++ b/apps/emqx/test/emqx_ws_connection_SUITE.erl @@ -64,7 +64,7 @@ init_per_testcase(TestCase, Config) when end), %% Mock emqx_access_control ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]), - ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> allow end), + ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end), %% Mock emqx_hooks ok = meck:new(emqx_hooks, [passthrough, no_history, no_link]), ok = meck:expect(emqx_hooks, run, fun(_Hook, _Args) -> ok end), diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index fde1169de..b757c8908 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -41,7 +41,7 @@ init() -> #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf), ok = application:set_env(?APP, rules, Rules), NRules = [compile(Rule) || Rule <- Rules], - ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]}, -1). + ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]}, -1). lookup() -> application:get_env(?APP, rules, []). @@ -50,8 +50,8 @@ update(Rules) -> ok = application:set_env(?APP, rules, Rules), NRules = [compile(Rule) || Rule <- Rules], Action = find_action_in_hooks(), - ok = emqx_hooks:del('client.check_acl', Action), - ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]}, -1), + ok = emqx_hooks:del('client.check_authz', Action), + ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]}, -1), ok = emqx_acl_cache:empty_acl_cache(). %%-------------------------------------------------------------------- @@ -59,7 +59,7 @@ update(Rules) -> %%-------------------------------------------------------------------- find_action_in_hooks() -> - Callbacks = emqx_hooks:lookup('client.check_acl'), + Callbacks = emqx_hooks:lookup('client.check_authz'), [Action] = [Action || {callback,{?MODULE, check_authz, _} = Action, _, _} <- Callbacks ], Action. diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index 4f2148522..e4704c5f3 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -95,23 +95,23 @@ t_authz(_) -> }, meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)), + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, publish, <<"test/test_clientid">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish, <<"test/test_username">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo3, publish, <<"test">>)), % nomatch + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, publish, <<"test/test_clientid">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)), + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish, <<"test/test_username">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo3, publish, <<"test">>)), % nomatch ok. diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index dcc820a4c..d03cd3338 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -95,23 +95,23 @@ t_authz(_) -> }, meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"+">>)), + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"+">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, publish, <<"test/test_clientid">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)), - ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish, <<"test/test_username">>)), - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch - ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo3, publish, <<"test">>)), % nomatch + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, publish, <<"test/test_clientid">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)), + ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish, <<"test/test_username">>)), + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch + ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo3, publish, <<"test">>)), % nomatch ok. diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl index 3f8bea166..ab8465ffa 100644 --- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl @@ -84,30 +84,30 @@ t_authz(_) -> meck:expect(emqx_resource, query, fun(_, _) -> {ok, []} end), % nomatch ?assertEqual(deny, - emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)), + emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)), ?assertEqual(deny, - emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)), + emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end), % nomatch ?assertEqual(deny, - emqx_access_control:check_acl(ClientInfo, subscribe, <<"+">>)), + emqx_access_control:check_authz(ClientInfo, subscribe, <<"+">>)), % nomatch ?assertEqual(deny, - emqx_access_control:check_acl(ClientInfo, subscribe, <<"test/username">>)), + emqx_access_control:check_authz(ClientInfo, subscribe, <<"test/username">>)), ?assertEqual(allow, - emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)), + emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)), ?assertEqual(allow, - emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)), + emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)), meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end), ?assertEqual(allow, - emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)), + emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)), % nomatch ?assertEqual(deny, - emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)), + emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)), ok. diff --git a/apps/emqx_coap/src/emqx_coap.app.src b/apps/emqx_coap/src/emqx_coap.app.src index 2b5fcbb6a..bb6d0431f 100644 --- a/apps/emqx_coap/src/emqx_coap.app.src +++ b/apps/emqx_coap/src/emqx_coap.app.src @@ -1,6 +1,6 @@ {application, emqx_coap, [{description, "EMQ X CoAP Gateway"}, - {vsn, "4.3.0"}, % strict semver, bump manually! + {vsn, "5.0.0"}, % strict semver, bump manually! {modules, []}, {registered, []}, {applications, [kernel,stdlib,gen_coap]}, diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl index d465f9ca3..a1633a9be 100644 --- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl +++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl @@ -222,7 +222,7 @@ code_change(_OldVsn, State, _Extra) -> chann_subscribe(Topic, State = #state{clientid = ClientId}) -> ?LOG(debug, "subscribe Topic=~p", [Topic]), - case emqx_access_control:check_acl(clientinfo(State), subscribe, Topic) of + case emqx_access_control:check_authz(clientinfo(State), subscribe, Topic) of allow -> emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS), emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]), @@ -241,7 +241,7 @@ chann_unsubscribe(Topic, State) -> chann_publish(Topic, Payload, State = #state{clientid = ClientId}) -> ?LOG(debug, "publish Topic=~p, Payload=~p", [Topic, Payload]), - case emqx_access_control:check_acl(clientinfo(State), publish, Topic) of + case emqx_access_control:check_authz(clientinfo(State), publish, Topic) of allow -> _ = emqx_broker:publish( emqx_message:set_flag(retain, false, diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl index 416c99018..35975621b 100644 --- a/apps/emqx_coap/test/emqx_coap_SUITE.erl +++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl @@ -77,7 +77,7 @@ t_publish_acl_deny(_Config) -> emqx:subscribe(Topic), ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]), - ok = meck:expect(emqx_access_control, check_acl, 3, deny), + ok = meck:expect(emqx_access_control, check_authz, 3, deny), Reply = er_coap_client:request(put, URI, #coap_content{format = <<"application/octet-stream">>, payload = Payload}), ?assertEqual({error,forbidden}, Reply), ok = meck:unload(emqx_access_control), @@ -114,7 +114,7 @@ t_observe_acl_deny(_Config) -> Topic = <<"abc">>, TopicStr = binary_to_list(Topic), Uri = "coap://127.0.0.1/mqtt/"++TopicStr++"?c=client1&u=tom&p=secret", ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]), - ok = meck:expect(emqx_access_control, check_acl, 3, deny), + ok = meck:expect(emqx_access_control, check_authz, 3, deny), ?assertEqual({error,forbidden}, er_coap_observer:observe(Uri)), [] = emqx:subscribers(Topic), ok = meck:unload(emqx_access_control). @@ -289,7 +289,7 @@ t_acl(Config) -> ok end, - ok = emqx_hooks:del('client.check_acl', {emqx_authz, check_authz}), + ok = emqx_hooks:del('client.check_authz', {emqx_authz, check_authz}), file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')), application:set_env(emqx, plugins_etc_dir, OldPath), application:stop(emqx_authz). diff --git a/apps/emqx_exhook/include/emqx_exhook.hrl b/apps/emqx_exhook/include/emqx_exhook.hrl index 7301fdcbb..f640a5916 100644 --- a/apps/emqx_exhook/include/emqx_exhook.hrl +++ b/apps/emqx_exhook/include/emqx_exhook.hrl @@ -25,7 +25,7 @@ , {'client.connected', {emqx_exhook_handler, on_client_connected, []}} , {'client.disconnected', {emqx_exhook_handler, on_client_disconnected, []}} , {'client.authenticate', {emqx_exhook_handler, on_client_authenticate, []}} - , {'client.check_acl', {emqx_exhook_handler, on_client_check_acl, []}} + , {'client.check_authz', {emqx_exhook_handler, on_client_check_authz, []}} , {'client.subscribe', {emqx_exhook_handler, on_client_subscribe, []}} , {'client.unsubscribe', {emqx_exhook_handler, on_client_unsubscribe, []}} , {'session.created', {emqx_exhook_handler, on_session_created, []}} diff --git a/apps/emqx_exhook/priv/protos/exhook.proto b/apps/emqx_exhook/priv/protos/exhook.proto index 72ba26581..3b8fa8861 100644 --- a/apps/emqx_exhook/priv/protos/exhook.proto +++ b/apps/emqx_exhook/priv/protos/exhook.proto @@ -40,7 +40,7 @@ service HookProvider { rpc OnClientAuthenticate(ClientAuthenticateRequest) returns (ValuedResponse) {}; - rpc OnClientCheckAcl(ClientCheckAclRequest) returns (ValuedResponse) {}; + rpc OnClientCheckAuthz(ClientCheckAuthzRequest) returns (ValuedResponse) {}; rpc OnClientSubscribe(ClientSubscribeRequest) returns (EmptySuccess) {}; @@ -123,18 +123,18 @@ message ClientAuthenticateRequest { bool result = 2; } -message ClientCheckAclRequest { +message ClientCheckAuthzRequest { ClientInfo clientinfo = 1; - enum AclReqType { + enum AuthzReqType { PUBLISH = 0; SUBSCRIBE = 1; } - AclReqType type = 2; + AuthzReqType type = 2; string topic = 3; @@ -253,7 +253,7 @@ message ValuedResponse { oneof value { - // Boolean result, used on the 'client.authenticate', 'client.check_acl' hooks + // Boolean result, used on the 'client.authenticate', 'client.check_authz' hooks bool bool_result = 3; // Message result, used on the 'message.*' hooks @@ -279,7 +279,7 @@ message HookSpec { // Available value: // "client.connect", "client.connack" // "client.connected", "client.disconnected" - // "client.authenticate", "client.check_acl" + // "client.authenticate", "client.check_authz" // "client.subscribe", "client.unsubscribe" // // "session.created", "session.subscribed" diff --git a/apps/emqx_exhook/src/emqx_exhook_handler.erl b/apps/emqx_exhook/src/emqx_exhook_handler.erl index f3964dc42..695b1116b 100644 --- a/apps/emqx_exhook/src/emqx_exhook_handler.erl +++ b/apps/emqx_exhook/src/emqx_exhook_handler.erl @@ -27,7 +27,7 @@ , on_client_connected/2 , on_client_disconnected/3 , on_client_authenticate/2 - , on_client_check_acl/4 + , on_client_check_authz/4 , on_client_subscribe/3 , on_client_unsubscribe/3 ]). @@ -109,7 +109,7 @@ on_client_authenticate(ClientInfo, AuthResult) -> {ok, AuthResult} end. -on_client_check_acl(ClientInfo, PubSub, Topic, Result) -> +on_client_check_authz(ClientInfo, PubSub, Topic, Result) -> Bool = Result == allow, Type = case PubSub of publish -> 'PUBLISH'; @@ -120,7 +120,7 @@ on_client_check_acl(ClientInfo, PubSub, Topic, Result) -> topic => Topic, result => Bool }, - case call_fold('client.check_acl', Req, + case call_fold('client.check_authz', Req, fun merge_responsed_bool/2) of {StopOrOk, #{result := Result0}} when is_boolean(Result0) -> NResult = case Result0 of true -> allow; _ -> deny end, diff --git a/apps/emqx_exhook/src/emqx_exhook_server.erl b/apps/emqx_exhook/src/emqx_exhook_server.erl index f4965e4ca..5c5da4a85 100644 --- a/apps/emqx_exhook/src/emqx_exhook_server.erl +++ b/apps/emqx_exhook/src/emqx_exhook_server.erl @@ -58,7 +58,7 @@ | 'client.connected' | 'client.disconnected' | 'client.authenticate' - | 'client.check_acl' + | 'client.check_authz' | 'client.subscribe' | 'client.unsubscribe' | 'session.created' @@ -297,7 +297,7 @@ hk2func('client.connack') -> 'on_client_connack'; hk2func('client.connected') -> 'on_client_connected'; hk2func('client.disconnected') -> 'on_client_disconnected'; hk2func('client.authenticate') -> 'on_client_authenticate'; -hk2func('client.check_acl') -> 'on_client_check_acl'; +hk2func('client.check_authz') -> 'on_client_check_authz'; hk2func('client.subscribe') -> 'on_client_subscribe'; hk2func('client.unsubscribe') -> 'on_client_unsubscribe'; hk2func('session.created') -> 'on_session_created'; @@ -320,7 +320,7 @@ message_hooks() -> -compile({inline, [available_hooks/0]}). available_hooks() -> ['client.connect', 'client.connack', 'client.connected', - 'client.disconnected', 'client.authenticate', 'client.check_acl', + 'client.disconnected', 'client.authenticate', 'client.check_authz', 'client.subscribe', 'client.unsubscribe', 'session.created', 'session.subscribed', 'session.unsubscribed', 'session.resumed', 'session.discarded', 'session.takeovered', diff --git a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl index c2db04dd4..da32a9cf1 100644 --- a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl +++ b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl @@ -33,7 +33,7 @@ , on_client_connected/2 , on_client_disconnected/2 , on_client_authenticate/2 - , on_client_check_acl/2 + , on_client_check_authz/2 , on_client_subscribe/2 , on_client_unsubscribe/2 , on_session_created/2 @@ -122,7 +122,7 @@ on_provider_loaded(Req, Md) -> #{name => <<"client.connected">>}, #{name => <<"client.disconnected">>}, #{name => <<"client.authenticate">>}, - #{name => <<"client.check_acl">>}, + #{name => <<"client.check_authz">>}, #{name => <<"client.subscribe">>}, #{name => <<"client.unsubscribe">>}, #{name => <<"session.created">>}, @@ -197,10 +197,10 @@ on_client_authenticate(#{clientinfo := #{username := Username}} = Req, Md) -> {ok, #{type => 'IGNORE'}, Md} end. --spec on_client_check_acl(emqx_exhook_pb:client_check_acl_request(), grpc:metadata()) +-spec on_client_check_authz(emqx_exhook_pb:client_check_authz_request(), grpc:metadata()) -> {ok, emqx_exhook_pb:valued_response(), grpc:metadata()} | {error, grpc_cowboy_h:error_response()}. -on_client_check_acl(#{clientinfo := #{username := Username}} = Req, Md) -> +on_client_check_authz(#{clientinfo := #{username := Username}} = Req, Md) -> ?MODULE:in({?FUNCTION_NAME, Req}), %io:format("fun: ~p, req: ~0p~n", [?FUNCTION_NAME, Req]), %% some cases for testing diff --git a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl index 24f45c8b0..f276333dc 100644 --- a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl +++ b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl @@ -109,14 +109,14 @@ prop_client_authenticate() -> true end). -prop_client_check_acl() -> +prop_client_check_authz() -> ?ALL({ClientInfo0, PubSub, Topic, Result}, {clientinfo(), oneof([publish, subscribe]), topic(), oneof([allow, deny])}, begin ClientInfo = inject_magic_into(username, ClientInfo0), OutResult = emqx_hooks:run_fold( - 'client.check_acl', + 'client.check_authz', [ClientInfo, PubSub, Topic], Result), ExpectedOutResult = case maps:get(username, ClientInfo) of @@ -127,7 +127,7 @@ prop_client_check_acl() -> end, ?assertEqual(ExpectedOutResult, OutResult), - {'on_client_check_acl', Resp} = emqx_exhook_demo_svr:take(), + {'on_client_check_authz', Resp} = emqx_exhook_demo_svr:take(), Expected = #{result => aclresult_to_bool(Result), type => pubsub_to_enum(PubSub), diff --git a/apps/emqx_exproto/src/emqx_exproto_channel.erl b/apps/emqx_exproto/src/emqx_exproto_channel.erl index 229e6f930..c76617047 100644 --- a/apps/emqx_exproto/src/emqx_exproto_channel.erl +++ b/apps/emqx_exproto/src/emqx_exproto_channel.erl @@ -305,7 +305,7 @@ handle_call({subscribe, TopicFilter, Qos}, conn_state = connected, clientinfo = ClientInfo}) -> case is_acl_enabled(ClientInfo) andalso - emqx_access_control:check_acl(ClientInfo, subscribe, TopicFilter) of + emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of deny -> {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel}; _ -> @@ -325,7 +325,7 @@ handle_call({publish, Topic, Qos, Payload}, = #{clientid := From, mountpoint := Mountpoint}}) -> case is_acl_enabled(ClientInfo) andalso - emqx_access_control:check_acl(ClientInfo, publish, Topic) of + emqx_access_control:check_authz(ClientInfo, publish, Topic) of deny -> {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel}; _ -> diff --git a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl index db64c7438..fe6fbbb08 100644 --- a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl +++ b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl @@ -167,7 +167,7 @@ t_acl_deny(Cfg) -> Password = <<"123456">>, ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]), - ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end), + ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end), ConnBin = frame_connect(Client, Password), ConnAckBin = frame_connack(0), diff --git a/apps/emqx_prometheus/src/emqx_prometheus.erl b/apps/emqx_prometheus/src/emqx_prometheus.erl index c11c8f0d7..94f5baa4f 100644 --- a/apps/emqx_prometheus/src/emqx_prometheus.erl +++ b/apps/emqx_prometheus/src/emqx_prometheus.erl @@ -414,8 +414,8 @@ emqx_collect(emqx_client_authenticate, Stats) -> counter_metric(?C('client.authenticate', Stats)); emqx_collect(emqx_client_auth_anonymous, Stats) -> counter_metric(?C('client.auth.anonymous', Stats)); -emqx_collect(emqx_client_check_acl, Stats) -> - counter_metric(?C('client.check_acl', Stats)); +emqx_collect(emqx_client_check_authz, Stats) -> + counter_metric(?C('client.check_authz', Stats)); emqx_collect(emqx_client_subscribe, Stats) -> counter_metric(?C('client.subscribe', Stats)); emqx_collect(emqx_client_unsubscribe, Stats) -> @@ -567,7 +567,7 @@ emqx_metrics_client() -> [ emqx_client_connected , emqx_client_authenticate , emqx_client_auth_anonymous - , emqx_client_check_acl + , emqx_client_check_authz , emqx_client_subscribe , emqx_client_unsubscribe , emqx_client_disconnected