Merge pull request #11762 from savonarola/1013-fix-mnesia-authz-destroy

fix(mnesia authz): destroy authz records on mnesia authz destroy

apps/emqx_auth_mnesia/src/emqx_authz_mnesia.erl

@@ -95,7 +95,9 @@ create(Source) -> Source.
 
 update(Source) -> Source.
 
-destroy(_Source) -> ok.
+destroy(_Source) ->
+    {atomic, ok} = mria:clear_table(?ACL_TABLE),
+    ok.
 
 authorize(
     #{

apps/emqx_auth_mnesia/test/emqx_authz_mnesia_SUITE.erl

@@ -221,6 +221,35 @@ t_normalize_rules(_Config) ->
         )
     ).
 
+t_destroy(_Config) ->
+    ClientInfo = emqx_authz_test_lib:base_client_info(),
+
+    ok = emqx_authz_mnesia:store_rules(
+        {username, <<"username">>},
+        [#{<<"permission">> => <<"allow">>, <<"action">> => <<"publish">>, <<"topic">> => <<"t">>}]
+    ),
+
+    ?assertEqual(
+        allow,
+        emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>)
+    ),
+
+    ok = emqx_authz_test_lib:reset_authorizers(),
+
+    ?assertEqual(
+        deny,
+        emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>)
+    ),
+
+    ok = setup_config(),
+
+    %% After destroy, the rules should be empty
+
+    ?assertEqual(
+        deny,
+        emqx_access_control:authorize(ClientInfo, ?AUTHZ_PUBLISH, <<"t">>)
+    ).
+
 %%------------------------------------------------------------------------------
 %% Helpers
 %%------------------------------------------------------------------------------

changes/ce/fix-11762.en.md

@@ -0,0 +1 @@
+Fixed destruction of built_in_database authorization source. Now all the ACL records are removed when the authorization source is destroyed. Previosly, old records were left in the database, which could cause problems when creating authorization source back.