Merge pull request #10421 from zmstone/0417-refine-authn-schema-namespace
0417 refine authn schema namespace
This commit is contained in:
Zaiming (Stone) Shi
GitHub
commit
d0a7e7c406
|
|
@ -164,7 +164,7 @@ roots(high) ->
|
|||
}
|
||||
)},
|
||||
{?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, authentication(global)},
|
||||
%% NOTE: authorization schema here is only to keep emqx app prue
|
||||
%% NOTE: authorization schema here is only to keep emqx app pure
|
||||
%% the full schema for EMQX node is injected in emqx_conf_schema.
|
||||
{?EMQX_AUTHORIZATION_CONFIG_ROOT_NAME,
|
||||
sc(
|
||||
|
|
@ -2762,10 +2762,16 @@ str(S) when is_list(S) ->
|
|||
S.
|
||||
|
||||
authentication(Which) ->
|
||||
Desc =
|
||||
{Importance, Desc} =
|
||||
case Which of
|
||||
global -> ?DESC(global_authentication);
|
||||
listener -> ?DESC(listener_authentication)
|
||||
global ->
|
||||
%% For root level authentication, it is recommended to configure
|
||||
%% from the dashboard or API.
|
||||
%% Hence it's considered a low-importance when it comes to
|
||||
%% configuration importance.
|
||||
{?IMPORTANCE_LOW, ?DESC(global_authentication)};
|
||||
listener ->
|
||||
{?IMPORTANCE_HIDDEN, ?DESC(listener_authentication)}
|
||||
end,
|
||||
%% poor man's dependency injection
|
||||
%% this is due to the fact that authn is implemented outside of 'emqx' app.
|
||||
|
|
@ -2781,7 +2787,7 @@ authentication(Which) ->
|
|||
hoconsc:mk(Type, #{
|
||||
desc => Desc,
|
||||
converter => fun ensure_array/2,
|
||||
importance => ?IMPORTANCE_HIDDEN
|
||||
importance => Importance
|
||||
}).
|
||||
|
||||
%% the older version schema allows individual element (instead of a chain) in config
|
||||
|
|
|
|||
|
|
@ -105,14 +105,16 @@ mnesia(boot) ->
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-scram-builtin_db".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
roots() -> [?CONF_NS].
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, scram))}].
|
||||
|
||||
fields(?CONF_NS) ->
|
||||
fields(scram) ->
|
||||
[
|
||||
{mechanism, emqx_authn_schema:mechanism(scram)},
|
||||
{backend, emqx_authn_schema:backend(built_in_database)},
|
||||
|
|
@ -120,7 +122,7 @@ fields(?CONF_NS) ->
|
|||
{iteration_count, fun iteration_count/1}
|
||||
] ++ emqx_authn_schema:common_fields().
|
||||
|
||||
desc(?CONF_NS) ->
|
||||
desc(scram) ->
|
||||
"Settings for Salted Challenge Response Authentication Mechanism\n"
|
||||
"(SCRAM) authentication.";
|
||||
desc(_) ->
|
||||
|
|
@ -141,7 +143,7 @@ iteration_count(_) -> undefined.
|
|||
%%------------------------------------------------------------------------------
|
||||
|
||||
refs() ->
|
||||
[hoconsc:ref(?MODULE, ?CONF_NS)].
|
||||
[hoconsc:ref(?MODULE, scram)].
|
||||
|
||||
create(
|
||||
AuthenticatorID,
|
||||
|
|
|
|||
|
|
@ -51,34 +51,35 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-http".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[
|
||||
{?CONF_NS,
|
||||
hoconsc:mk(
|
||||
hoconsc:union(fun union_member_selector/1),
|
||||
hoconsc:union(fun ?MODULE:union_member_selector/1),
|
||||
#{}
|
||||
)}
|
||||
].
|
||||
|
||||
fields(get) ->
|
||||
fields(http_get) ->
|
||||
[
|
||||
{method, #{type => get, required => true, desc => ?DESC(method)}},
|
||||
{headers, fun headers_no_content_type/1}
|
||||
] ++ common_fields();
|
||||
fields(post) ->
|
||||
fields(http_post) ->
|
||||
[
|
||||
{method, #{type => post, required => true, desc => ?DESC(method)}},
|
||||
{headers, fun headers/1}
|
||||
] ++ common_fields().
|
||||
|
||||
desc(get) ->
|
||||
desc(http_get) ->
|
||||
?DESC(get);
|
||||
desc(post) ->
|
||||
desc(http_post) ->
|
||||
?DESC(post);
|
||||
desc(_) ->
|
||||
undefined.
|
||||
|
|
@ -156,8 +157,8 @@ request_timeout(_) -> undefined.
|
|||
|
||||
refs() ->
|
||||
[
|
||||
hoconsc:ref(?MODULE, get),
|
||||
hoconsc:ref(?MODULE, post)
|
||||
hoconsc:ref(?MODULE, http_get),
|
||||
hoconsc:ref(?MODULE, http_post)
|
||||
].
|
||||
|
||||
union_member_selector(all_union_members) ->
|
||||
|
|
@ -166,9 +167,9 @@ union_member_selector({value, Value}) ->
|
|||
refs(Value).
|
||||
|
||||
refs(#{<<"method">> := <<"get">>}) ->
|
||||
[hoconsc:ref(?MODULE, get)];
|
||||
[hoconsc:ref(?MODULE, http_get)];
|
||||
refs(#{<<"method">> := <<"post">>}) ->
|
||||
[hoconsc:ref(?MODULE, post)];
|
||||
[hoconsc:ref(?MODULE, http_post)];
|
||||
refs(_) ->
|
||||
throw(#{
|
||||
field_name => method,
|
||||
|
|
|
|||
|
|
@ -43,36 +43,57 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-jwt".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[
|
||||
{?CONF_NS,
|
||||
hoconsc:mk(
|
||||
hoconsc:union(fun union_member_selector/1),
|
||||
hoconsc:union(fun ?MODULE:union_member_selector/1),
|
||||
#{}
|
||||
)}
|
||||
].
|
||||
|
||||
fields('hmac-based') ->
|
||||
fields(jwt_hmac) ->
|
||||
[
|
||||
{use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
|
||||
%% for hmac, it's the 'algorithm' field which selects this type
|
||||
%% use_jwks field can be ignored (kept for backward compatibility)
|
||||
{use_jwks,
|
||||
sc(
|
||||
hoconsc:enum([false]),
|
||||
#{
|
||||
required => false,
|
||||
desc => ?DESC(use_jwks),
|
||||
importance => ?IMPORTANCE_HIDDEN
|
||||
}
|
||||
)},
|
||||
{algorithm,
|
||||
sc(hoconsc:enum(['hmac-based']), #{required => true, desc => ?DESC(algorithm)})},
|
||||
{secret, fun secret/1},
|
||||
{secret_base64_encoded, fun secret_base64_encoded/1}
|
||||
] ++ common_fields();
|
||||
fields('public-key') ->
|
||||
fields(jwt_public_key) ->
|
||||
[
|
||||
{use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
|
||||
%% for public-key, it's the 'algorithm' field which selects this type
|
||||
%% use_jwks field can be ignored (kept for backward compatibility)
|
||||
{use_jwks,
|
||||
sc(
|
||||
hoconsc:enum([false]),
|
||||
#{
|
||||
required => false,
|
||||
desc => ?DESC(use_jwks),
|
||||
importance => ?IMPORTANCE_HIDDEN
|
||||
}
|
||||
)},
|
||||
{algorithm,
|
||||
sc(hoconsc:enum(['public-key']), #{required => true, desc => ?DESC(algorithm)})},
|
||||
{public_key, fun public_key/1}
|
||||
] ++ common_fields();
|
||||
fields('jwks') ->
|
||||
fields(jwt_jwks) ->
|
||||
[
|
||||
{use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ?DESC(use_jwks)})},
|
||||
{endpoint, fun endpoint/1},
|
||||
|
|
@ -85,12 +106,12 @@ fields('jwks') ->
|
|||
}}
|
||||
] ++ common_fields().
|
||||
|
||||
desc('hmac-based') ->
|
||||
?DESC('hmac-based');
|
||||
desc('public-key') ->
|
||||
?DESC('public-key');
|
||||
desc('jwks') ->
|
||||
?DESC('jwks');
|
||||
desc(jwt_hmac) ->
|
||||
?DESC(jwt_hmac);
|
||||
desc(jwt_public_key) ->
|
||||
?DESC(jwt_public_key);
|
||||
desc(jwt_jwks) ->
|
||||
?DESC(jwt_jwks);
|
||||
desc(undefined) ->
|
||||
undefined.
|
||||
|
||||
|
|
@ -160,9 +181,9 @@ from(_) -> undefined.
|
|||
|
||||
refs() ->
|
||||
[
|
||||
hoconsc:ref(?MODULE, 'hmac-based'),
|
||||
hoconsc:ref(?MODULE, 'public-key'),
|
||||
hoconsc:ref(?MODULE, 'jwks')
|
||||
hoconsc:ref(?MODULE, jwt_hmac),
|
||||
hoconsc:ref(?MODULE, jwt_public_key),
|
||||
hoconsc:ref(?MODULE, jwt_jwks)
|
||||
].
|
||||
|
||||
union_member_selector(all_union_members) ->
|
||||
|
|
@ -179,11 +200,11 @@ boolean(<<"false">>) -> false;
|
|||
boolean(Other) -> Other.
|
||||
|
||||
select_ref(true, _) ->
|
||||
[hoconsc:ref(?MODULE, 'jwks')];
|
||||
[hoconsc:ref(?MODULE, 'jwt_jwks')];
|
||||
select_ref(false, #{<<"public_key">> := _}) ->
|
||||
[hoconsc:ref(?MODULE, 'public-key')];
|
||||
[hoconsc:ref(?MODULE, jwt_public_key)];
|
||||
select_ref(false, _) ->
|
||||
[hoconsc:ref(?MODULE, 'hmac-based')];
|
||||
[hoconsc:ref(?MODULE, jwt_hmac)];
|
||||
select_ref(_, _) ->
|
||||
throw(#{
|
||||
field_name => use_jwks,
|
||||
|
|
|
|||
|
|
@ -107,14 +107,16 @@ mnesia(boot) ->
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-builtin_db".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
roots() -> [?CONF_NS].
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, builtin_db))}].
|
||||
|
||||
fields(?CONF_NS) ->
|
||||
fields(builtin_db) ->
|
||||
[
|
||||
{mechanism, emqx_authn_schema:mechanism(password_based)},
|
||||
{backend, emqx_authn_schema:backend(built_in_database)},
|
||||
|
|
@ -122,8 +124,8 @@ fields(?CONF_NS) ->
|
|||
{password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
|
||||
] ++ emqx_authn_schema:common_fields().
|
||||
|
||||
desc(?CONF_NS) ->
|
||||
?DESC(?CONF_NS);
|
||||
desc(builtin_db) ->
|
||||
?DESC(builtin_db);
|
||||
desc(_) ->
|
||||
undefined.
|
||||
|
||||
|
|
@ -138,7 +140,7 @@ user_id_type(_) -> undefined.
|
|||
%%------------------------------------------------------------------------------
|
||||
|
||||
refs() ->
|
||||
[hoconsc:ref(?MODULE, ?CONF_NS)].
|
||||
[hoconsc:ref(?MODULE, builtin_db)].
|
||||
|
||||
create(_AuthenticatorID, Config) ->
|
||||
create(Config).
|
||||
|
|
|
|||
|
|
@ -44,32 +44,33 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-mongodb".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[
|
||||
{?CONF_NS,
|
||||
hoconsc:mk(
|
||||
hoconsc:union(fun union_member_selector/1),
|
||||
hoconsc:union(fun ?MODULE:union_member_selector/1),
|
||||
#{}
|
||||
)}
|
||||
].
|
||||
|
||||
fields(standalone) ->
|
||||
fields(mongo_single) ->
|
||||
common_fields() ++ emqx_connector_mongo:fields(single);
|
||||
fields('replica-set') ->
|
||||
fields(mongo_rs) ->
|
||||
common_fields() ++ emqx_connector_mongo:fields(rs);
|
||||
fields('sharded-cluster') ->
|
||||
fields(mongo_sharded) ->
|
||||
common_fields() ++ emqx_connector_mongo:fields(sharded).
|
||||
|
||||
desc(standalone) ->
|
||||
?DESC(standalone);
|
||||
desc('replica-set') ->
|
||||
desc(mongo_single) ->
|
||||
?DESC(single);
|
||||
desc(mongo_rs) ->
|
||||
?DESC('replica-set');
|
||||
desc('sharded-cluster') ->
|
||||
desc(mongo_sharded) ->
|
||||
?DESC('sharded-cluster');
|
||||
desc(_) ->
|
||||
undefined.
|
||||
|
|
@ -126,9 +127,9 @@ is_superuser_field(_) -> undefined.
|
|||
|
||||
refs() ->
|
||||
[
|
||||
hoconsc:ref(?MODULE, standalone),
|
||||
hoconsc:ref(?MODULE, 'replica-set'),
|
||||
hoconsc:ref(?MODULE, 'sharded-cluster')
|
||||
hoconsc:ref(?MODULE, mongo_single),
|
||||
hoconsc:ref(?MODULE, mongo_rs),
|
||||
hoconsc:ref(?MODULE, mongo_sharded)
|
||||
].
|
||||
|
||||
create(_AuthenticatorID, Config) ->
|
||||
|
|
@ -254,11 +255,11 @@ union_member_selector({value, Value}) ->
|
|||
refs(Value).
|
||||
|
||||
refs(#{<<"mongo_type">> := <<"single">>}) ->
|
||||
[hoconsc:ref(?MODULE, standalone)];
|
||||
[hoconsc:ref(?MODULE, mongo_single)];
|
||||
refs(#{<<"mongo_type">> := <<"rs">>}) ->
|
||||
[hoconsc:ref(?MODULE, 'replica-set')];
|
||||
[hoconsc:ref(?MODULE, mongo_rs)];
|
||||
refs(#{<<"mongo_type">> := <<"sharded">>}) ->
|
||||
[hoconsc:ref(?MODULE, 'sharded-cluster')];
|
||||
[hoconsc:ref(?MODULE, mongo_sharded)];
|
||||
refs(_) ->
|
||||
throw(#{
|
||||
field_name => mongo_type,
|
||||
|
|
|
|||
|
|
@ -45,14 +45,16 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-mysql".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
roots() -> [?CONF_NS].
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, mysql))}].
|
||||
|
||||
fields(?CONF_NS) ->
|
||||
fields(mysql) ->
|
||||
[
|
||||
{mechanism, emqx_authn_schema:mechanism(password_based)},
|
||||
{backend, emqx_authn_schema:backend(mysql)},
|
||||
|
|
@ -62,8 +64,8 @@ fields(?CONF_NS) ->
|
|||
] ++ emqx_authn_schema:common_fields() ++
|
||||
proplists:delete(prepare_statement, emqx_connector_mysql:fields(config)).
|
||||
|
||||
desc(?CONF_NS) ->
|
||||
?DESC(?CONF_NS);
|
||||
desc(mysql) ->
|
||||
?DESC(mysql);
|
||||
desc(_) ->
|
||||
undefined.
|
||||
|
||||
|
|
@ -82,7 +84,7 @@ query_timeout(_) -> undefined.
|
|||
%%------------------------------------------------------------------------------
|
||||
|
||||
refs() ->
|
||||
[hoconsc:ref(?MODULE, ?CONF_NS)].
|
||||
[hoconsc:ref(?MODULE, mysql)].
|
||||
|
||||
create(_AuthenticatorID, Config) ->
|
||||
create(Config).
|
||||
|
|
|
|||
|
|
@ -49,14 +49,16 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-postgresql".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
roots() -> [?CONF_NS].
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[{?CONF_NS, hoconsc:mk(hoconsc:ref(?MODULE, postgresql))}].
|
||||
|
||||
fields(?CONF_NS) ->
|
||||
fields(postgresql) ->
|
||||
[
|
||||
{mechanism, emqx_authn_schema:mechanism(password_based)},
|
||||
{backend, emqx_authn_schema:backend(postgresql)},
|
||||
|
|
@ -66,8 +68,8 @@ fields(?CONF_NS) ->
|
|||
emqx_authn_schema:common_fields() ++
|
||||
proplists:delete(prepare_statement, emqx_connector_pgsql:fields(config)).
|
||||
|
||||
desc(?CONF_NS) ->
|
||||
?DESC(?CONF_NS);
|
||||
desc(postgresql) ->
|
||||
?DESC(postgresql);
|
||||
desc(_) ->
|
||||
undefined.
|
||||
|
||||
|
|
@ -81,7 +83,7 @@ query(_) -> undefined.
|
|||
%%------------------------------------------------------------------------------
|
||||
|
||||
refs() ->
|
||||
[hoconsc:ref(?MODULE, ?CONF_NS)].
|
||||
[hoconsc:ref(?MODULE, postgresql)].
|
||||
|
||||
create(_AuthenticatorID, Config) ->
|
||||
create(Config).
|
||||
|
|
|
|||
|
|
@ -44,32 +44,33 @@
|
|||
%% Hocon Schema
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
namespace() -> "authn-redis".
|
||||
namespace() -> "authn".
|
||||
|
||||
tags() ->
|
||||
[<<"Authentication">>].
|
||||
|
||||
%% used for config check when the schema module is resolved
|
||||
roots() ->
|
||||
[
|
||||
{?CONF_NS,
|
||||
hoconsc:mk(
|
||||
hoconsc:union(fun union_member_selector/1),
|
||||
hoconsc:union(fun ?MODULE:union_member_selector/1),
|
||||
#{}
|
||||
)}
|
||||
].
|
||||
|
||||
fields(standalone) ->
|
||||
fields(redis_single) ->
|
||||
common_fields() ++ emqx_connector_redis:fields(single);
|
||||
fields(cluster) ->
|
||||
fields(redis_cluster) ->
|
||||
common_fields() ++ emqx_connector_redis:fields(cluster);
|
||||
fields(sentinel) ->
|
||||
fields(redis_sentinel) ->
|
||||
common_fields() ++ emqx_connector_redis:fields(sentinel).
|
||||
|
||||
desc(standalone) ->
|
||||
?DESC(standalone);
|
||||
desc(cluster) ->
|
||||
desc(redis_single) ->
|
||||
?DESC(single);
|
||||
desc(redis_cluster) ->
|
||||
?DESC(cluster);
|
||||
desc(sentinel) ->
|
||||
desc(redis_sentinel) ->
|
||||
?DESC(sentinel);
|
||||
desc(_) ->
|
||||
"".
|
||||
|
|
@ -93,9 +94,9 @@ cmd(_) -> undefined.
|
|||
|
||||
refs() ->
|
||||
[
|
||||
hoconsc:ref(?MODULE, standalone),
|
||||
hoconsc:ref(?MODULE, cluster),
|
||||
hoconsc:ref(?MODULE, sentinel)
|
||||
hoconsc:ref(?MODULE, redis_single),
|
||||
hoconsc:ref(?MODULE, redis_cluster),
|
||||
hoconsc:ref(?MODULE, redis_sentinel)
|
||||
].
|
||||
|
||||
union_member_selector(all_union_members) ->
|
||||
|
|
@ -104,11 +105,11 @@ union_member_selector({value, Value}) ->
|
|||
refs(Value).
|
||||
|
||||
refs(#{<<"redis_type">> := <<"single">>}) ->
|
||||
[hoconsc:ref(?MODULE, standalone)];
|
||||
[hoconsc:ref(?MODULE, redis_single)];
|
||||
refs(#{<<"redis_type">> := <<"cluster">>}) ->
|
||||
[hoconsc:ref(?MODULE, cluster)];
|
||||
[hoconsc:ref(?MODULE, redis_cluster)];
|
||||
refs(#{<<"redis_type">> := <<"sentinel">>}) ->
|
||||
[hoconsc:ref(?MODULE, sentinel)];
|
||||
[hoconsc:ref(?MODULE, redis_sentinel)];
|
||||
refs(_) ->
|
||||
throw(#{
|
||||
field_name => redis_type,
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ t_update_with_invalid_config(_Config) ->
|
|||
?assertMatch(
|
||||
{error, #{
|
||||
kind := validation_error,
|
||||
matched_type := "authn-postgresql:authentication",
|
||||
matched_type := "authn:postgresql",
|
||||
path := "authentication.1.server",
|
||||
reason := required_field
|
||||
}},
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ t_create_invalid_config(_Config) ->
|
|||
?assertMatch(
|
||||
{error, #{
|
||||
kind := validation_error,
|
||||
matched_type := "authn-redis:standalone",
|
||||
matched_type := "authn:redis_single",
|
||||
path := "authentication.1.server",
|
||||
reason := required_field
|
||||
}},
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ t_check_schema(_Config) ->
|
|||
?assertThrow(
|
||||
#{
|
||||
path := "authentication.1.password_hash_algorithm.name",
|
||||
matched_type := "authn-builtin_db:authentication/authn-hash:simple",
|
||||
matched_type := "authn:builtin_db/authn-hash:simple",
|
||||
reason := unable_to_convert_to_enum_symbol
|
||||
},
|
||||
Check(ConfigNotOk)
|
||||
|
|
@ -72,7 +72,7 @@ t_check_schema(_Config) ->
|
|||
#{
|
||||
path := "authentication.1.password_hash_algorithm",
|
||||
reason := "algorithm_name_missing",
|
||||
matched_type := "authn-builtin_db:authentication"
|
||||
matched_type := "authn:builtin_db"
|
||||
},
|
||||
Check(ConfigMissingAlgoName)
|
||||
).
|
||||
|
|
|
|||
|
|
@ -32,19 +32,19 @@ union_member_selector_mongo_test_() ->
|
|||
end},
|
||||
{"single", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-mongodb:standalone"}),
|
||||
?ERR(#{matched_type := "authn:mongo_single"}),
|
||||
Check("{mongo_type: single}")
|
||||
)
|
||||
end},
|
||||
{"replica-set", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-mongodb:replica-set"}),
|
||||
?ERR(#{matched_type := "authn:mongo_rs"}),
|
||||
Check("{mongo_type: rs}")
|
||||
)
|
||||
end},
|
||||
{"sharded", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-mongodb:sharded-cluster"}),
|
||||
?ERR(#{matched_type := "authn:mongo_sharded"}),
|
||||
Check("{mongo_type: sharded}")
|
||||
)
|
||||
end}
|
||||
|
|
@ -61,19 +61,19 @@ union_member_selector_jwt_test_() ->
|
|||
end},
|
||||
{"jwks", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-jwt:jwks"}),
|
||||
?ERR(#{matched_type := "authn:jwt_jwks"}),
|
||||
Check("{use_jwks = true}")
|
||||
)
|
||||
end},
|
||||
{"publick-key", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-jwt:public-key"}),
|
||||
?ERR(#{matched_type := "authn:jwt_public_key"}),
|
||||
Check("{use_jwks = false, public_key = 1}")
|
||||
)
|
||||
end},
|
||||
{"hmac-based", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-jwt:hmac-based"}),
|
||||
?ERR(#{matched_type := "authn:jwt_hmac"}),
|
||||
Check("{use_jwks = false}")
|
||||
)
|
||||
end}
|
||||
|
|
@ -90,19 +90,19 @@ union_member_selector_redis_test_() ->
|
|||
end},
|
||||
{"single", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-redis:standalone"}),
|
||||
?ERR(#{matched_type := "authn:redis_single"}),
|
||||
Check("{redis_type = single}")
|
||||
)
|
||||
end},
|
||||
{"cluster", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-redis:cluster"}),
|
||||
?ERR(#{matched_type := "authn:redis_cluster"}),
|
||||
Check("{redis_type = cluster}")
|
||||
)
|
||||
end},
|
||||
{"sentinel", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-redis:sentinel"}),
|
||||
?ERR(#{matched_type := "authn:redis_sentinel"}),
|
||||
Check("{redis_type = sentinel}")
|
||||
)
|
||||
end}
|
||||
|
|
@ -119,13 +119,13 @@ union_member_selector_http_test_() ->
|
|||
end},
|
||||
{"get", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-http:get"}),
|
||||
?ERR(#{matched_type := "authn:http_get"}),
|
||||
Check("{method = get}")
|
||||
)
|
||||
end},
|
||||
{"post", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "authn-http:post"}),
|
||||
?ERR(#{matched_type := "authn:http_post"}),
|
||||
Check("{method = post}")
|
||||
)
|
||||
end}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ type_names() ->
|
|||
file,
|
||||
http_get,
|
||||
http_post,
|
||||
mnesia,
|
||||
builtin_db,
|
||||
mongo_single,
|
||||
mongo_rs,
|
||||
mongo_sharded,
|
||||
|
|
@ -93,7 +93,7 @@ fields(http_post) ->
|
|||
{method, method(post)},
|
||||
{headers, fun headers/1}
|
||||
];
|
||||
fields(mnesia) ->
|
||||
fields(builtin_db) ->
|
||||
authz_common_fields(built_in_database);
|
||||
fields(mongo_single) ->
|
||||
authz_common_fields(mongodb) ++
|
||||
|
|
@ -191,8 +191,8 @@ desc(http_get) ->
|
|||
?DESC(http_get);
|
||||
desc(http_post) ->
|
||||
?DESC(http_post);
|
||||
desc(mnesia) ->
|
||||
?DESC(mnesia);
|
||||
desc(builtin_db) ->
|
||||
?DESC(builtin_db);
|
||||
desc(mongo_single) ->
|
||||
?DESC(mongo_single);
|
||||
desc(mongo_rs) ->
|
||||
|
|
@ -459,7 +459,7 @@ select_union_member(#{<<"type">> := <<"http">>} = Value) ->
|
|||
})
|
||||
end;
|
||||
select_union_member(#{<<"type">> := <<"built_in_database">>}) ->
|
||||
?R_REF(mnesia);
|
||||
?R_REF(builtin_db);
|
||||
select_union_member(#{<<"type">> := Type}) ->
|
||||
select_union_member_loop(Type, type_names());
|
||||
select_union_member(_) ->
|
||||
|
|
@ -494,7 +494,10 @@ authz_fields() ->
|
|||
default => [],
|
||||
desc => ?DESC(sources),
|
||||
%% doc_lift is force a root level reference instead of nesting sub-structs
|
||||
extra => #{doc_lift => true}
|
||||
extra => #{doc_lift => true},
|
||||
%% it is recommended to configure authz sources from dashboard
|
||||
%% hance the importance level for config is low
|
||||
importance => ?IMPORTANCE_LOW
|
||||
}
|
||||
)}
|
||||
].
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ roots() ->
|
|||
?R_REF("rpc"),
|
||||
#{
|
||||
translate_to => ["gen_rpc"],
|
||||
importance => ?IMPORTANCE_HIDDEN
|
||||
importance => ?IMPORTANCE_LOW
|
||||
}
|
||||
)}
|
||||
] ++
|
||||
|
|
@ -1288,7 +1288,7 @@ emqx_schema_high_prio_roots() ->
|
|||
?R_REF("authorization"),
|
||||
#{
|
||||
desc => ?DESC(authorization),
|
||||
importance => ?IMPORTANCE_HIDDEN
|
||||
importance => ?IMPORTANCE_HIGH
|
||||
}
|
||||
)},
|
||||
lists:keyreplace("authorization", 1, Roots, Authz).
|
||||
|
|
|
|||
|
|
@ -5,8 +5,6 @@
|
|||
|
||||
-include_lib("eunit/include/eunit.hrl").
|
||||
|
||||
-import(emqx_ee_bridge_influxdb, [to_influx_lines/1]).
|
||||
|
||||
-define(INVALID_LINES, [
|
||||
" ",
|
||||
" \n",
|
||||
|
|
@ -326,3 +324,13 @@ test_pairs(PairsList) ->
|
|||
|
||||
join(Sep, LinesList) ->
|
||||
lists:flatten(lists:join(Sep, LinesList)).
|
||||
|
||||
to_influx_lines(RawLines) ->
|
||||
OldLevel = emqx_logger:get_primary_log_level(),
|
||||
try
|
||||
%% mute error logs from this call
|
||||
emqx_logger:set_primary_log_level(none),
|
||||
emqx_ee_bridge_influxdb:to_influx_lines(RawLines)
|
||||
after
|
||||
emqx_logger:set_primary_log_level(OldLevel)
|
||||
end.
|
||||
|
|
|
|||
|
|
@ -42,10 +42,10 @@ from.desc:
|
|||
from.label:
|
||||
"""From Field"""
|
||||
|
||||
hmac-based.desc:
|
||||
jwt_hmac.desc:
|
||||
"""Configuration when the JWT for authentication is issued using the HMAC algorithm."""
|
||||
|
||||
jwks.desc:
|
||||
jwt_jwks.desc:
|
||||
"""Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."""
|
||||
|
||||
keyfile.desc:
|
||||
|
|
@ -54,7 +54,7 @@ keyfile.desc:
|
|||
keyfile.label:
|
||||
"""Key File"""
|
||||
|
||||
public-key.desc:
|
||||
jwt_public_key.desc:
|
||||
"""Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."""
|
||||
|
||||
public_key.desc:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_mnesia {
|
||||
|
||||
authentication.desc:
|
||||
builtin_db.desc:
|
||||
"""Configuration of authenticator using built-in database as data source."""
|
||||
|
||||
user_id_type.desc:
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ salt_field.label:
|
|||
sharded-cluster.desc:
|
||||
"""Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source."""
|
||||
|
||||
standalone.desc:
|
||||
single.desc:
|
||||
"""Configuration of authenticator using MongoDB (Standalone) as authentication data source."""
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_mysql {
|
||||
|
||||
authentication.desc:
|
||||
mysql.desc:
|
||||
"""Configuration of authenticator using MySQL as authentication data source."""
|
||||
|
||||
query.desc:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_pgsql {
|
||||
|
||||
authentication.desc:
|
||||
postgresql.desc:
|
||||
"""Configuration of authenticator using PostgreSQL as authentication data source."""
|
||||
|
||||
query.desc:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ cmd.label:
|
|||
sentinel.desc:
|
||||
"""Configuration of authenticator using Redis (Sentinel) as authentication data source."""
|
||||
|
||||
standalone.desc:
|
||||
single.desc:
|
||||
"""Configuration of authenticator using Redis (Standalone) as authentication data source."""
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,11 +120,11 @@ node_error.desc:
|
|||
node_error.label:
|
||||
"""Error in Node"""
|
||||
|
||||
mnesia.desc:
|
||||
builtin_db.desc:
|
||||
"""Authorization using a built-in database (mnesia)."""
|
||||
|
||||
mnesia.label:
|
||||
"""mnesia"""
|
||||
builtin_db.label:
|
||||
"""Builtin Database"""
|
||||
|
||||
enable.desc:
|
||||
"""Set to <code>true</code> or <code>false</code> to disable this ACL provider"""
|
||||
|
|
|
|||
|
|
@ -42,10 +42,10 @@ from.desc:
|
|||
from.label:
|
||||
"""源字段"""
|
||||
|
||||
hmac-based.desc:
|
||||
jwt_hmac.desc:
|
||||
"""用于认证的 JWT 使用 HMAC 算法签发时的配置。"""
|
||||
|
||||
jwks.desc:
|
||||
jwt_jwks.desc:
|
||||
"""用于认证的 JWTs 需要从 JWKS 端点获取时的配置。"""
|
||||
|
||||
keyfile.desc:
|
||||
|
|
@ -54,7 +54,7 @@ keyfile.desc:
|
|||
keyfile.label:
|
||||
"""私钥文件"""
|
||||
|
||||
public-key.desc:
|
||||
jwt_public_key.desc:
|
||||
"""用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。"""
|
||||
|
||||
public_key.desc:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_mnesia {
|
||||
|
||||
authentication.desc:
|
||||
builtin_db.desc:
|
||||
"""使用内置数据库作为认证数据源的认证器的配置项。"""
|
||||
|
||||
user_id_type.desc:
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ salt_field.label:
|
|||
sharded-cluster.desc:
|
||||
"""使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
standalone.desc:
|
||||
single.desc:
|
||||
"""使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_mysql {
|
||||
|
||||
authentication.desc:
|
||||
mysql.desc:
|
||||
"""使用 MySQL 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
query.desc:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
emqx_authn_pgsql {
|
||||
|
||||
authentication.desc:
|
||||
postgresql.desc:
|
||||
"""使用 PostgreSQL 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
query.desc:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ cmd.label:
|
|||
sentinel.desc:
|
||||
"""使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
standalone.desc:
|
||||
single.desc:
|
||||
"""使用 Redis (Standalone) 作为认证数据源的认证器的配置项。"""
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -120,11 +120,11 @@ node_error.desc:
|
|||
node_error.label:
|
||||
"""节点产生的错误"""
|
||||
|
||||
mnesia.desc:
|
||||
builtin_db.desc:
|
||||
"""使用内部数据库授权(mnesia)。"""
|
||||
|
||||
mnesia.label:
|
||||
"""mnesia"""
|
||||
builtin_db.label:
|
||||
"""Buitin Database"""
|
||||
|
||||
enable.desc:
|
||||
"""设为 <code>true</code> 或 <code>false</code> 以启用或禁用此访问控制数据源"""
|
||||
|
|
|
|||
Loading…
Reference in New Issue