refactor(authn): no need to check config at app boot
This commit is contained in:
Zaiming (Stone) Shi
parent
83e66da2aa
commit
dc8f0c5101
|
|
@ -119,8 +119,8 @@ compact_errors(SchemaModule, [Error0 | More], _Stacktrace) when is_map(Error0) -
|
||||||
end,
|
end,
|
||||||
{error, Error};
|
{error, Error};
|
||||||
compact_errors(SchemaModule, Error, Stacktrace) ->
|
compact_errors(SchemaModule, Error, Stacktrace) ->
|
||||||
%% unexpected, we need the stacktrace reported, hence error
|
%% unexpected, we need the stacktrace reported
|
||||||
%% if this happens i'ts a bug in hocon_tconf
|
%% if this happens it's a bug in hocon_tconf
|
||||||
{error, #{
|
{error, #{
|
||||||
schema_module => SchemaModule,
|
schema_module => SchemaModule,
|
||||||
exception => Error,
|
exception => Error,
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@
|
||||||
providers/0,
|
providers/0,
|
||||||
check_config/1,
|
check_config/1,
|
||||||
check_config/2,
|
check_config/2,
|
||||||
check_configs/1,
|
|
||||||
%% for telemetry information
|
%% for telemetry information
|
||||||
get_enabled_authns/0
|
get_enabled_authns/0
|
||||||
]).
|
]).
|
||||||
|
|
@ -39,16 +38,6 @@ providers() ->
|
||||||
{{scram, built_in_database}, emqx_enhanced_authn_scram_mnesia}
|
{{scram, built_in_database}, emqx_enhanced_authn_scram_mnesia}
|
||||||
].
|
].
|
||||||
|
|
||||||
check_configs(CM) when is_map(CM) ->
|
|
||||||
check_configs([CM]);
|
|
||||||
check_configs(CL) ->
|
|
||||||
check_configs(CL, 1).
|
|
||||||
|
|
||||||
check_configs([], _Nth) ->
|
|
||||||
[];
|
|
||||||
check_configs([Config | Configs], Nth) ->
|
|
||||||
[check_config(Config, #{id_for_log => Nth}) | check_configs(Configs, Nth + 1)].
|
|
||||||
|
|
||||||
check_config(Config) ->
|
check_config(Config) ->
|
||||||
check_config(Config, #{}).
|
check_config(Config, #{}).
|
||||||
|
|
||||||
|
|
@ -67,14 +56,20 @@ do_check_config(#{<<"mechanism">> := Mec0} = Config, Opts) ->
|
||||||
end,
|
end,
|
||||||
case lists:keyfind(Key, 1, providers()) of
|
case lists:keyfind(Key, 1, providers()) of
|
||||||
false ->
|
false ->
|
||||||
throw(#{error => unknown_authn_provider, which => Key});
|
Reason =
|
||||||
|
case Key of
|
||||||
|
{M, B} ->
|
||||||
|
#{mechanism => M, backend => B};
|
||||||
|
M ->
|
||||||
|
#{mechanism => M}
|
||||||
|
end,
|
||||||
|
throw(Reason#{error => unknown_authn_provider});
|
||||||
{_, ProviderModule} ->
|
{_, ProviderModule} ->
|
||||||
do_check_config_maybe_throw(ProviderModule, Config, Opts)
|
do_check_config_maybe_throw(ProviderModule, Config, Opts)
|
||||||
end;
|
end;
|
||||||
do_check_config(Config, Opts) when is_map(Config) ->
|
do_check_config(Config, _Opts) when is_map(Config) ->
|
||||||
throw(#{
|
throw(#{
|
||||||
error => invalid_config,
|
error => invalid_config,
|
||||||
which => maps:get(id_for_log, Opts, unknown),
|
|
||||||
reason => "mechanism_field_required"
|
reason => "mechanism_field_required"
|
||||||
}).
|
}).
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,8 +55,7 @@ stop(_State) ->
|
||||||
initialize() ->
|
initialize() ->
|
||||||
ok = ?AUTHN:register_providers(emqx_authn:providers()),
|
ok = ?AUTHN:register_providers(emqx_authn:providers()),
|
||||||
lists:foreach(
|
lists:foreach(
|
||||||
fun({ChainName, RawAuthConfigs}) ->
|
fun({ChainName, AuthConfig}) ->
|
||||||
AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
|
|
||||||
?AUTHN:initialize_authentication(
|
?AUTHN:initialize_authentication(
|
||||||
ChainName,
|
ChainName,
|
||||||
AuthConfig
|
AuthConfig
|
||||||
|
|
@ -73,12 +72,12 @@ chain_configs() ->
|
||||||
[global_chain_config() | listener_chain_configs()].
|
[global_chain_config() | listener_chain_configs()].
|
||||||
|
|
||||||
global_chain_config() ->
|
global_chain_config() ->
|
||||||
{?GLOBAL, emqx:get_raw_config([?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY], [])}.
|
{?GLOBAL, emqx:get_config([?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY], [])}.
|
||||||
|
|
||||||
listener_chain_configs() ->
|
listener_chain_configs() ->
|
||||||
lists:map(
|
lists:map(
|
||||||
fun({ListenerID, _}) ->
|
fun({ListenerID, _}) ->
|
||||||
{ListenerID, emqx:get_raw_config(auth_config_path(ListenerID), [])}
|
{ListenerID, emqx:get_config(auth_config_path(ListenerID), [])}
|
||||||
end,
|
end,
|
||||||
emqx_listeners:list()
|
emqx_listeners:list()
|
||||||
).
|
).
|
||||||
|
|
|
||||||
|
|
@ -168,6 +168,38 @@ t_password_undefined(Config) when is_list(Config) ->
|
||||||
end,
|
end,
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
|
t_union_selector_errors({init, Config}) ->
|
||||||
|
Config;
|
||||||
|
t_union_selector_errors({'end', _Config}) ->
|
||||||
|
ok;
|
||||||
|
t_union_selector_errors(Config) when is_list(Config) ->
|
||||||
|
Conf0 = #{
|
||||||
|
<<"mechanism">> => <<"password_based">>,
|
||||||
|
<<"backend">> => <<"mysql">>
|
||||||
|
},
|
||||||
|
Conf1 = Conf0#{<<"mechanism">> => <<"unknown-atom-xx">>},
|
||||||
|
?assertThrow(#{error := unknown_mechanism}, emqx_authn:check_config(Conf1)),
|
||||||
|
Conf2 = Conf0#{<<"backend">> => <<"unknown-atom-xx">>},
|
||||||
|
?assertThrow(#{error := unknown_backend}, emqx_authn:check_config(Conf2)),
|
||||||
|
Conf3 = Conf0#{<<"backend">> => <<"unknown">>, <<"mechanism">> => <<"unknown">>},
|
||||||
|
?assertThrow(
|
||||||
|
#{
|
||||||
|
error := unknown_authn_provider,
|
||||||
|
backend := unknown,
|
||||||
|
mechanism := unknown
|
||||||
|
},
|
||||||
|
emqx_authn:check_config(Conf3)
|
||||||
|
),
|
||||||
|
Res = catch (emqx_authn:check_config(#{<<"mechanism">> => <<"unknown">>})),
|
||||||
|
?assertEqual(
|
||||||
|
#{
|
||||||
|
error => unknown_authn_provider,
|
||||||
|
mechanism => unknown
|
||||||
|
},
|
||||||
|
Res
|
||||||
|
),
|
||||||
|
ok.
|
||||||
|
|
||||||
parse(Bytes) ->
|
parse(Bytes) ->
|
||||||
{ok, Frame, <<>>, {none, _}} = emqx_frame:parse(Bytes),
|
{ok, Frame, <<>>, {none, _}} = emqx_frame:parse(Bytes),
|
||||||
Frame.
|
Frame.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue