From e2a67760b1244ce909adaf5a937a5a55eec3abbc Mon Sep 17 00:00:00 2001
From: "Zaiming (Stone) Shi" <zmstone@gmail.com>
Date: Fri, 11 Feb 2022 17:14:03 +0100
Subject: [PATCH] fix(emqx_authz_file): throw exception for catch

---
 apps/emqx/src/emqx_misc.erl                   | 36 +++++++++++++++++++
 apps/emqx_authz/src/emqx_authz_file.erl       | 15 ++++----
 .../emqx_authz/test/emqx_authz_file_SUITE.erl |  4 +--
 3 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/apps/emqx/src/emqx_misc.erl b/apps/emqx/src/emqx_misc.erl
index 3c177b8cc..28f97d31e 100644
--- a/apps/emqx/src/emqx_misc.erl
+++ b/apps/emqx/src/emqx_misc.erl
@@ -48,6 +48,7 @@
         , ipv6_probe/1
         , gen_id/0
         , gen_id/1
+        , explain_posix/1
         ]).
 
 -export([ bin2hexstr_A_F/1
@@ -314,6 +315,41 @@ clamp(Val, Min, Max) ->
        true -> Val
     end.
 
+%% @doc https://www.erlang.org/doc/man/file.html#posix-error-codes
+explain_posix(eacces) -> "Permission denied";
+explain_posix(eagain) -> "Resource temporarily unavailable";
+explain_posix(ebadf) -> "Bad file number";
+explain_posix(ebusy) -> "File busy";
+explain_posix(edquot) -> "Disk quota exceeded";
+explain_posix(eexist) -> "File already exists";
+explain_posix(efault) -> "Bad address in system call argument";
+explain_posix(efbig) -> "File too large";
+explain_posix(eintr) -> "Interrupted system call";
+explain_posix(einval) -> "Invalid argument argument file/socket";
+explain_posix(eio) -> "I/O error";
+explain_posix(eisdir) -> "Illegal operation on a directory";
+explain_posix(eloop) -> "Too many levels of symbolic links";
+explain_posix(emfile) -> "Too many open files";
+explain_posix(emlink) -> "Too many links";
+explain_posix(enametoolong) -> "Filename too long";
+explain_posix(enfile) -> "File table overflow";
+explain_posix(enodev) -> "No such device";
+explain_posix(enoent) -> "No such file or directory";
+explain_posix(enomem) -> "Not enough memory";
+explain_posix(enospc) -> "No space left on device";
+explain_posix(enotblk) -> "Block device required";
+explain_posix(enotdir) -> "Not a directory";
+explain_posix(enotsup) -> "Operation not supported";
+explain_posix(enxio) -> "No such device or address";
+explain_posix(eperm) -> "Not owner";
+explain_posix(epipe) -> "Broken pipe";
+explain_posix(erofs) -> "Read-only file system";
+explain_posix(espipe) -> "Invalid seek";
+explain_posix(esrch) -> "No such process";
+explain_posix(estale) -> "Stale remote file handle";
+explain_posix(exdev) -> "Cross-domain link";
+explain_posix(NotPosix) -> NotPosix.
+
 %%------------------------------------------------------------------------------
 %% Internal Functions
 %%------------------------------------------------------------------------------
diff --git a/apps/emqx_authz/src/emqx_authz_file.erl b/apps/emqx_authz/src/emqx_authz_file.erl
index 691b10e9b..b9a4284e5 100644
--- a/apps/emqx_authz/src/emqx_authz_file.erl
+++ b/apps/emqx_authz/src/emqx_authz_file.erl
@@ -41,15 +41,14 @@ init(#{path := Path} = Source) ->
     Rules = case file:consult(Path) of
                 {ok, Terms} ->
                     [emqx_authz_rule:compile(Term) || Term <- Terms];
-                {error, eacces} ->
-                    ?SLOG(alert, #{msg => "insufficient_permissions_to_read_file", path => Path}),
-                    error(eaccess);
-                {error, enoent} ->
-                    ?SLOG(alert, #{msg => "file_does_not_exist", path => Path}),
-                    error(enoent);
+                {error, Reason} when is_atom(Reason) ->
+                    ?SLOG(alert, #{msg => failed_to_read_acl_file,
+                                   path => Path,
+                                   explain => emqx_misc:explain_posix(Reason)}),
+                    throw(failed_to_read_acl_file);
                 {error, Reason} ->
-                    ?SLOG(alert, #{msg => "failed_to_read_file", path => Path, reason => Reason}),
-                    error(Reason)
+                    ?SLOG(alert, #{msg => bad_acl_file_content, path => Path, reason => Reason}),
+                    throw(bad_acl_file_content)
             end,
     Source#{annotations => #{rules => Rules}}.
 
diff --git a/apps/emqx_authz/test/emqx_authz_file_SUITE.erl b/apps/emqx_authz/test/emqx_authz_file_SUITE.erl
index 46bbcf6d2..d2a6a8df8 100644
--- a/apps/emqx_authz/test/emqx_authz_file_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_file_SUITE.erl
@@ -75,12 +75,12 @@ t_invalid_file(_Config) ->
     ok = file:write_file(<<"acl.conf">>, <<"{{invalid term">>),
 
     ?assertMatch(
-       {error, {1, erl_parse, _}},
+       {error, bad_acl_file_content},
        emqx_authz:update(?CMD_REPLACE, [raw_file_authz_config()])).
 
 t_nonexistent_file(_Config) ->
     ?assertEqual(
-       {error, enoent},
+       {error, failed_to_read_acl_file},
        emqx_authz:update(?CMD_REPLACE,
                          [maps:merge(raw_file_authz_config(),
                                      #{<<"path">> => <<"nonexistent.conf">>})