diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index ed4ad573c..c2856f0b5 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -22,7 +22,7 @@ authorization { # certfile: "{{ platform_etc_dir }}/certs/client-cert.pem" # keyfile: "{{ platform_etc_dir }}/certs/client-key.pem" # } - # sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or clientid = '%c'" + # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or clientid = '%c'" # }, # { # type: pgsql @@ -33,7 +33,7 @@ authorization { # password: public # auto_reconnect: true # ssl: {enable: false} - # sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" + # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" # }, # { # type: redis @@ -53,7 +53,7 @@ authorization { # database: mqtt # ssl: {enable: false} # collection: mqtt_authz - # find: { "$or": [ { "username": "%u" }, { "clientid": "%c" } ] } + # selector: { "$or": [ { "username": "%u" }, { "clientid": "%c" } ] } # }, { type: file diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index e0e584806..6fe2d7565 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -290,7 +290,7 @@ init_source(#{enable := true, end; init_source(#{enable := true, type := DB, - sql := SQL + query := SQL } = Source) when DB =:= mysql; DB =:= pgsql -> Mod = authz_module(DB), @@ -298,7 +298,7 @@ init_source(#{enable := true, {error, Reason} -> error({load_config_error, Reason}); Id -> Source#{annotations => #{id => Id, - sql => Mod:parse_query(SQL) + query => Mod:parse_query(SQL) } } end; diff --git a/apps/emqx_authz/src/emqx_authz_api_schema.erl b/apps/emqx_authz/src/emqx_authz_api_schema.erl index 27de5f693..689b167e1 100644 --- a/apps/emqx_authz/src/emqx_authz_api_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_api_schema.erl @@ -118,7 +118,7 @@ definitions() -> required => [ type , enable , collection - , find + , selector , mongo_type , server , pool_size @@ -140,7 +140,7 @@ definitions() -> example => true }, collection => #{type => string}, - find => #{type => object}, + selector => #{type => object}, mongo_type => #{type => string, enum => [<<"single">>], example => <<"single">>}, @@ -173,7 +173,7 @@ definitions() -> required => [ type , enable , collection - , find + , selector , mongo_type , servers , replica_set_name @@ -196,7 +196,7 @@ definitions() -> example => true }, collection => #{type => string}, - find => #{type => object}, + selector => #{type => object}, mongo_type => #{type => string, enum => [<<"rs">>], example => <<"rs">>}, @@ -231,7 +231,7 @@ definitions() -> required => [ type , enable , collection - , find + , selector , mongo_type , servers , pool_size @@ -253,7 +253,7 @@ definitions() -> example => true }, collection => #{type => string}, - find => #{type => object}, + selector => #{type => object}, mongo_type => #{type => string, enum => [<<"sharded">>], example => <<"sharded">>}, @@ -286,7 +286,7 @@ definitions() -> type => object, required => [ type , enable - , sql + , query , server , database , pool_size @@ -305,7 +305,7 @@ definitions() -> type => boolean, example => true }, - sql => #{type => string}, + query => #{type => string}, server => #{type => string, example => <<"127.0.0.1:3306">> }, @@ -323,7 +323,7 @@ definitions() -> type => object, required => [ type , enable - , sql + , query , server , database , pool_size @@ -342,7 +342,7 @@ definitions() -> type => boolean, example => true }, - sql => #{type => string}, + query => #{type => string}, server => #{type => string, example => <<"127.0.0.1:5432">> }, diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl index 25a787b8f..68808c20b 100644 --- a/apps/emqx_authz/src/emqx_authz_mongo.erl +++ b/apps/emqx_authz/src/emqx_authz_mongo.erl @@ -35,10 +35,10 @@ description() -> authorize(Client, PubSub, Topic, #{collection := Collection, - find := Find, + selector := Selector, annotations := #{id := ResourceID} }) -> - case emqx_resource:query(ResourceID, {find, Collection, replvar(Find, Client), #{}}) of + case emqx_resource:query(ResourceID, {find, Collection, replvar(Selector, Client), #{}}) of {error, Reason} -> ?LOG(error, "[AuthZ] Query mongo error: ~p", [Reason]), nomatch; @@ -57,7 +57,7 @@ do_authorize(Client, PubSub, Topic, [Rule | Tail]) -> nomatch -> do_authorize(Client, PubSub, Topic, Tail) end. -replvar(Find, #{clientid := Clientid, +replvar(Selector, #{clientid := Clientid, username := Username, peerhost := IpAddress }) -> @@ -76,7 +76,7 @@ replvar(Find, #{clientid := Clientid, maps:put(K, V3, AccIn); _Fun(K, V, AccIn) -> maps:put(K, V, AccIn) end, - maps:fold(Fun, #{}, Find). + maps:fold(Fun, #{}, Selector). bin(A) when is_atom(A) -> atom_to_binary(A, utf8); bin(B) when is_binary(B) -> B; diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl index d5550b2fb..ac8f04f32 100644 --- a/apps/emqx_authz/src/emqx_authz_mysql.erl +++ b/apps/emqx_authz/src/emqx_authz_mysql.erl @@ -47,10 +47,10 @@ parse_query(Sql) -> authorize(Client, PubSub, Topic, #{annotations := #{id := ResourceID, - sql := {SQL, Params} + query := {Query, Params} } }) -> - case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of + case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of {ok, _Columns, []} -> nomatch; {ok, Columns, Rows} -> do_authorize(Client, PubSub, Topic, Columns, Rows); diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl index d9555b85d..3e1f40fb2 100644 --- a/apps/emqx_authz/src/emqx_authz_pgsql.erl +++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl @@ -51,10 +51,10 @@ parse_query(Sql) -> authorize(Client, PubSub, Topic, #{annotations := #{id := ResourceID, - sql := {SQL, Params} + query := {Query, Params} } }) -> - case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of + case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of {ok, _Columns, []} -> nomatch; {ok, Columns, Rows} -> do_authorize(Client, PubSub, Topic, Columns, Rows); diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index b3915b7c0..15d251fc6 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -116,24 +116,24 @@ fields(http_post) -> fields(mongo_single) -> connector_fields(mongo, single) ++ [ {collection, #{type => atom()}} - , {find, #{type => map()}} + , {selector, #{type => map()}} ]; fields(mongo_rs) -> connector_fields(mongo, rs) ++ [ {collection, #{type => atom()}} - , {find, #{type => map()}} + , {selector, #{type => map()}} ]; fields(mongo_sharded) -> connector_fields(mongo, sharded) ++ [ {collection, #{type => atom()}} - , {find, #{type => map()}} + , {selector, #{type => map()}} ]; fields(mysql) -> connector_fields(mysql) ++ - [ {sql, query()} ]; + [ {query, query()} ]; fields(pgsql) -> connector_fields(pgsql) ++ - [ {sql, query()} ]; + [ {query, query()} ]; fields(redis_single) -> connector_fields(redis, single) ++ [ {cmd, query()} ]; diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index f2cb01d05..fe1f04bd2 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -75,7 +75,7 @@ init_per_testcase(_, Config) -> <<"database">> => <<"mqtt">>, <<"ssl">> => #{<<"enable">> => false}, <<"collection">> => <<"fake">>, - <<"find">> => #{<<"a">> => <<"b">>} + <<"selector">> => #{<<"a">> => <<"b">>} }). -define(SOURCE3, #{<<"type">> => <<"mysql">>, <<"enable">> => true, @@ -86,7 +86,7 @@ init_per_testcase(_, Config) -> <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }). -define(SOURCE4, #{<<"type">> => <<"pgsql">>, <<"enable">> => true, @@ -97,7 +97,7 @@ init_per_testcase(_, Config) -> <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }). -define(SOURCE5, #{<<"type">> => <<"redis">>, <<"enable">> => true, diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl index 104517b2a..c5d74d226 100644 --- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl @@ -54,7 +54,7 @@ <<"database">> => <<"mqtt">>, <<"ssl">> => #{<<"enable">> => false}, <<"collection">> => <<"fake">>, - <<"find">> => #{<<"a">> => <<"b">>} + <<"selector">> => #{<<"a">> => <<"b">>} }). -define(SOURCE3, #{<<"type">> => <<"mysql">>, <<"enable">> => true, @@ -65,7 +65,7 @@ <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }). -define(SOURCE4, #{<<"type">> => <<"pgsql">>, <<"enable">> => true, @@ -76,7 +76,7 @@ <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }). -define(SOURCE5, #{<<"type">> => <<"redis">>, <<"enable">> => true, diff --git a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl index 8f4a6f29f..ec4c4f384 100644 --- a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl @@ -53,7 +53,7 @@ init_per_suite(Config) -> <<"database">> => <<"mqtt">>, <<"ssl">> => #{<<"enable">> => false}, <<"collection">> => <<"fake">>, - <<"find">> => #{<<"a">> => <<"b">>} + <<"selector">> => #{<<"a">> => <<"b">>} }], {ok, _} = emqx_authz:update(replace, Rules), Config. diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl index 1173b0e3e..32e52e7c0 100644 --- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl @@ -55,7 +55,7 @@ init_per_suite(Config) -> <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }], {ok, _} = emqx_authz:update(replace, Rules), Config. diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl index 24c2e7b35..570ea0e77 100644 --- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl @@ -55,7 +55,7 @@ init_per_suite(Config) -> <<"password">> => <<"ee">>, <<"auto_reconnect">> => true, <<"ssl">> => #{<<"enable">> => false}, - <<"sql">> => <<"abcb">> + <<"query">> => <<"abcb">> }], {ok, _} = emqx_authz:update(replace, Rules), Config.