yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(rbac): supports setting role in API bootstrap file

This commit is contained in:
firest 2023-10-24 23:03:18 +08:00
parent e175c213a1
commit ec41479633
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apps/emqx_management/src/emqx_mgmt_auth.erl
View File

@ -297,7 +297,7 @@ init_bootstrap_file(<<>>) ->
init_bootstrap_file(File) -> init_bootstrap_file(File) ->
case file:open(File, [read, binary]) of case file:open(File, [read, binary]) of
{ok, Dev} -> {ok, Dev} ->
{ok, MP} = re:compile(<<"(\.+):(\.+$)">>, [ungreedy]), {ok, MP} = re:compile(<<"(\.+):(\.+)(?::(\.+))?$">>, [ungreedy]),
init_bootstrap_file(File, Dev, MP); init_bootstrap_file(File, Dev, MP);
{error, Reason0} -> {error, Reason0} ->
Reason = emqx_utils:explain_posix(Reason0), Reason = emqx_utils:explain_posix(Reason0),
@ -327,13 +327,13 @@ init_bootstrap_file(File, Dev, MP) ->
add_bootstrap_file(File, Dev, MP, Line) -> add_bootstrap_file(File, Dev, MP, Line) ->
case file:read_line(Dev) of case file:read_line(Dev) of
{ok, Bin} -> {ok, Bin} ->
case re:run(Bin, MP, [global, {capture, all_but_first, binary}]) of case parse_bootstrap_line(Bin, MP) of
{match, [[AppKey, ApiSecret]]} -> {ok, [AppKey, ApiSecret, Role]} ->
App = App =
#?APP{ #?APP{
enable = true, enable = true,
expired_at = infinity, expired_at = infinity,
extra = #{desc => ?BOOTSTRAP_TAG, role => ?ROLE_API_DEFAULT}, extra = #{desc => ?BOOTSTRAP_TAG, role => Role},
created_at = erlang:system_time(second), created_at = erlang:system_time(second),
api_secret_hash = emqx_dashboard_admin:hash(ApiSecret), api_secret_hash = emqx_dashboard_admin:hash(ApiSecret),
api_key = AppKey api_key = AppKey
@ -344,8 +344,7 @@ add_bootstrap_file(File, Dev, MP, Line) ->
{error, Reason} -> {error, Reason} ->
throw(#{file => File, line => Line, content => Bin, reason => Reason}) throw(#{file => File, line => Line, content => Bin, reason => Reason})
end; end;
_ -> {error, Reason} ->
Reason = "invalid_format",
?SLOG( ?SLOG(
error, error,
#{ #{
@ -364,6 +363,21 @@ add_bootstrap_file(File, Dev, MP, Line) ->
throw(#{file => File, line => Line, reason => Reason}) throw(#{file => File, line => Line, reason => Reason})
end. end.
parse_bootstrap_line(Bin, MP) ->
case re:run(Bin, MP, [global, {capture, all_but_first, binary}]) of
{match, [[_AppKey, _ApiSecret] = Args]} ->
{ok, Args ++ [?ROLE_API_DEFAULT]};
{match, [[_AppKey, _ApiSecret, Role] = Args]} ->
case valid_role(Role) of
ok ->
{ok, Args};
_Error ->
{error, {"invalid_role", Role}}
end;
_ ->
{error, "invalid_format"}
end.
get_role(#{role := Role}) -> get_role(#{role := Role}) ->
Role; Role;
%% Before v5.4.0, %% Before v5.4.0,