yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(emqx_authz): rename config item 

rename sql to query for mysql and pgsql
rename find to selector for mongo

Signed-off-by: zhanghongtong <rory-z@outlook.com>
This commit is contained in:
zhanghongtong 2021-09-09 17:59:17 +08:00 committed by Rory Z
parent c8a6098f9c
commit ef0f94025a
12 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/emqx_authz/etc/emqx_authz.conf
View File

@ -22,7 +22,7 @@ authorization {
# certfile: "{{ platform_etc_dir }}/certs/client-cert.pem" # certfile: "{{ platform_etc_dir }}/certs/client-cert.pem"
# keyfile: "{{ platform_etc_dir }}/certs/client-key.pem" # keyfile: "{{ platform_etc_dir }}/certs/client-key.pem"
# } # }
# sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or clientid = '%c'" # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or clientid = '%c'"
# }, # },
# { # {
# type: pgsql # type: pgsql
@ -33,7 +33,7 @@ authorization {
# password: public # password: public
# auto_reconnect: true # auto_reconnect: true
# ssl: {enable: false} # ssl: {enable: false}
# sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
# }, # },
# { # {
# type: redis # type: redis
@ -53,7 +53,7 @@ authorization {
# database: mqtt # database: mqtt
# ssl: {enable: false} # ssl: {enable: false}
# collection: mqtt_authz # collection: mqtt_authz
# find: { "$or": [ { "username": "%u" }, { "clientid": "%c" } ] } # selector: { "$or": [ { "username": "%u" }, { "clientid": "%c" } ] }
# }, # },
{ {
type: file type: file

4
apps/emqx_authz/src/emqx_authz.erl
View File

@ -290,7 +290,7 @@ init_source(#{enable := true,
end; end;
init_source(#{enable := true, init_source(#{enable := true,
type := DB, type := DB,
sql := SQL query := SQL
} = Source) when DB =:= mysql; } = Source) when DB =:= mysql;
DB =:= pgsql -> DB =:= pgsql ->
Mod = authz_module(DB), Mod = authz_module(DB),
@ -298,7 +298,7 @@ init_source(#{enable := true,
{error, Reason} -> error({load_config_error, Reason}); {error, Reason} -> error({load_config_error, Reason});
Id -> Source#{annotations => Id -> Source#{annotations =>
#{id => Id, #{id => Id,
sql => Mod:parse_query(SQL) query => Mod:parse_query(SQL)
} }
} }
end; end;

20
apps/emqx_authz/src/emqx_authz_api_schema.erl
View File

@ -118,7 +118,7 @@ definitions() ->
required => [ type required => [ type
, enable , enable
, collection , collection
, find , selector
, mongo_type , mongo_type
, server , server
, pool_size , pool_size
@ -140,7 +140,7 @@ definitions() ->
example => true example => true
}, },
collection => #{type => string}, collection => #{type => string},
find => #{type => object}, selector => #{type => object},
mongo_type => #{type => string, mongo_type => #{type => string,
enum => [<<"single">>], enum => [<<"single">>],
example => <<"single">>}, example => <<"single">>},
@ -173,7 +173,7 @@ definitions() ->
required => [ type required => [ type
, enable , enable
, collection , collection
, find , selector
, mongo_type , mongo_type
, servers , servers
, replica_set_name , replica_set_name
@ -196,7 +196,7 @@ definitions() ->
example => true example => true
}, },
collection => #{type => string}, collection => #{type => string},
find => #{type => object}, selector => #{type => object},
mongo_type => #{type => string, mongo_type => #{type => string,
enum => [<<"rs">>], enum => [<<"rs">>],
example => <<"rs">>}, example => <<"rs">>},
@ -231,7 +231,7 @@ definitions() ->
required => [ type required => [ type
, enable , enable
, collection , collection
, find , selector
, mongo_type , mongo_type
, servers , servers
, pool_size , pool_size
@ -253,7 +253,7 @@ definitions() ->
example => true example => true
}, },
collection => #{type => string}, collection => #{type => string},
find => #{type => object}, selector => #{type => object},
mongo_type => #{type => string, mongo_type => #{type => string,
enum => [<<"sharded">>], enum => [<<"sharded">>],
example => <<"sharded">>}, example => <<"sharded">>},
@ -286,7 +286,7 @@ definitions() ->
type => object, type => object,
required => [ type required => [ type
, enable , enable
, sql , query
, server , server
, database , database
, pool_size , pool_size
@ -305,7 +305,7 @@ definitions() ->
type => boolean, type => boolean,
example => true example => true
}, },
sql => #{type => string}, query => #{type => string},
server => #{type => string, server => #{type => string,
example => <<"127.0.0.1:3306">> example => <<"127.0.0.1:3306">>
}, },
@ -323,7 +323,7 @@ definitions() ->
type => object, type => object,
required => [ type required => [ type
, enable , enable
, sql , query
, server , server
, database , database
, pool_size , pool_size
@ -342,7 +342,7 @@ definitions() ->
type => boolean, type => boolean,
example => true example => true
}, },
sql => #{type => string}, query => #{type => string},
server => #{type => string, server => #{type => string,
example => <<"127.0.0.1:5432">> example => <<"127.0.0.1:5432">>
}, },

8
apps/emqx_authz/src/emqx_authz_mongo.erl
View File

@ -35,10 +35,10 @@ description() ->
authorize(Client, PubSub, Topic, authorize(Client, PubSub, Topic,
#{collection := Collection, #{collection := Collection,
find := Find, selector := Selector,
annotations := #{id := ResourceID} annotations := #{id := ResourceID}
}) -> }) ->
case emqx_resource:query(ResourceID, {find, Collection, replvar(Find, Client), #{}}) of case emqx_resource:query(ResourceID, {find, Collection, replvar(Selector, Client), #{}}) of
{error, Reason} -> {error, Reason} ->
?LOG(error, "[AuthZ] Query mongo error: ~p", [Reason]), ?LOG(error, "[AuthZ] Query mongo error: ~p", [Reason]),
nomatch; nomatch;
@ -57,7 +57,7 @@ do_authorize(Client, PubSub, Topic, [Rule | Tail]) ->
nomatch -> do_authorize(Client, PubSub, Topic, Tail) nomatch -> do_authorize(Client, PubSub, Topic, Tail)
end. end.
replvar(Find, #{clientid := Clientid, replvar(Selector, #{clientid := Clientid,
username := Username, username := Username,
peerhost := IpAddress peerhost := IpAddress
}) -> }) ->
@ -76,7 +76,7 @@ replvar(Find, #{clientid := Clientid,
maps:put(K, V3, AccIn); maps:put(K, V3, AccIn);
_Fun(K, V, AccIn) -> maps:put(K, V, AccIn) _Fun(K, V, AccIn) -> maps:put(K, V, AccIn)
end, end,
maps:fold(Fun, #{}, Find). maps:fold(Fun, #{}, Selector).
bin(A) when is_atom(A) -> atom_to_binary(A, utf8); bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
bin(B) when is_binary(B) -> B; bin(B) when is_binary(B) -> B;

4
apps/emqx_authz/src/emqx_authz_mysql.erl
View File

@ -47,10 +47,10 @@ parse_query(Sql) ->
authorize(Client, PubSub, Topic, authorize(Client, PubSub, Topic,
#{annotations := #{id := ResourceID, #{annotations := #{id := ResourceID,
sql := {SQL, Params} query := {Query, Params}
} }
}) -> }) ->
case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of
{ok, _Columns, []} -> nomatch; {ok, _Columns, []} -> nomatch;
{ok, Columns, Rows} -> {ok, Columns, Rows} ->
do_authorize(Client, PubSub, Topic, Columns, Rows); do_authorize(Client, PubSub, Topic, Columns, Rows);

4
apps/emqx_authz/src/emqx_authz_pgsql.erl
View File

@ -51,10 +51,10 @@ parse_query(Sql) ->
authorize(Client, PubSub, Topic, authorize(Client, PubSub, Topic,
#{annotations := #{id := ResourceID, #{annotations := #{id := ResourceID,
sql := {SQL, Params} query := {Query, Params}
} }
}) -> }) ->
case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of
{ok, _Columns, []} -> nomatch; {ok, _Columns, []} -> nomatch;
{ok, Columns, Rows} -> {ok, Columns, Rows} ->
do_authorize(Client, PubSub, Topic, Columns, Rows); do_authorize(Client, PubSub, Topic, Columns, Rows);

10
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -116,24 +116,24 @@ fields(http_post) ->
fields(mongo_single) -> fields(mongo_single) ->
connector_fields(mongo, single) ++ connector_fields(mongo, single) ++
[ {collection, #{type => atom()}} [ {collection, #{type => atom()}}
, {find, #{type => map()}} , {selector, #{type => map()}}
]; ];
fields(mongo_rs) -> fields(mongo_rs) ->
connector_fields(mongo, rs) ++ connector_fields(mongo, rs) ++
[ {collection, #{type => atom()}} [ {collection, #{type => atom()}}
, {find, #{type => map()}} , {selector, #{type => map()}}
]; ];
fields(mongo_sharded) -> fields(mongo_sharded) ->
connector_fields(mongo, sharded) ++ connector_fields(mongo, sharded) ++
[ {collection, #{type => atom()}} [ {collection, #{type => atom()}}
, {find, #{type => map()}} , {selector, #{type => map()}}
]; ];
fields(mysql) -> fields(mysql) ->
connector_fields(mysql) ++ connector_fields(mysql) ++
[ {sql, query()} ]; [ {query, query()} ];
fields(pgsql) -> fields(pgsql) ->
connector_fields(pgsql) ++ connector_fields(pgsql) ++
[ {sql, query()} ]; [ {query, query()} ];
fields(redis_single) -> fields(redis_single) ->
connector_fields(redis, single) ++ connector_fields(redis, single) ++
[ {cmd, query()} ]; [ {cmd, query()} ];

6
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -75,7 +75,7 @@ init_per_testcase(_, Config) ->
<<"database">> => <<"mqtt">>, <<"database">> => <<"mqtt">>,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"collection">> => <<"fake">>, <<"collection">> => <<"fake">>,
<<"find">> => #{<<"a">> => <<"b">>} <<"selector">> => #{<<"a">> => <<"b">>}
}). }).
-define(SOURCE3, #{<<"type">> => <<"mysql">>, -define(SOURCE3, #{<<"type">> => <<"mysql">>,
<<"enable">> => true, <<"enable">> => true,
@ -86,7 +86,7 @@ init_per_testcase(_, Config) ->
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}). }).
-define(SOURCE4, #{<<"type">> => <<"pgsql">>, -define(SOURCE4, #{<<"type">> => <<"pgsql">>,
<<"enable">> => true, <<"enable">> => true,
@ -97,7 +97,7 @@ init_per_testcase(_, Config) ->
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}). }).
-define(SOURCE5, #{<<"type">> => <<"redis">>, -define(SOURCE5, #{<<"type">> => <<"redis">>,
<<"enable">> => true, <<"enable">> => true,

6
apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
View File

@ -54,7 +54,7 @@
<<"database">> => <<"mqtt">>, <<"database">> => <<"mqtt">>,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"collection">> => <<"fake">>, <<"collection">> => <<"fake">>,
<<"find">> => #{<<"a">> => <<"b">>} <<"selector">> => #{<<"a">> => <<"b">>}
}). }).
-define(SOURCE3, #{<<"type">> => <<"mysql">>, -define(SOURCE3, #{<<"type">> => <<"mysql">>,
<<"enable">> => true, <<"enable">> => true,
@ -65,7 +65,7 @@
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}). }).
-define(SOURCE4, #{<<"type">> => <<"pgsql">>, -define(SOURCE4, #{<<"type">> => <<"pgsql">>,
<<"enable">> => true, <<"enable">> => true,
@ -76,7 +76,7 @@
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}). }).
-define(SOURCE5, #{<<"type">> => <<"redis">>, -define(SOURCE5, #{<<"type">> => <<"redis">>,
<<"enable">> => true, <<"enable">> => true,

2
apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
View File

@ -53,7 +53,7 @@ init_per_suite(Config) ->
<<"database">> => <<"mqtt">>, <<"database">> => <<"mqtt">>,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"collection">> => <<"fake">>, <<"collection">> => <<"fake">>,
<<"find">> => #{<<"a">> => <<"b">>} <<"selector">> => #{<<"a">> => <<"b">>}
}], }],
{ok, _} = emqx_authz:update(replace, Rules), {ok, _} = emqx_authz:update(replace, Rules),
Config. Config.

2
apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
View File

@ -55,7 +55,7 @@ init_per_suite(Config) ->
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}], }],
{ok, _} = emqx_authz:update(replace, Rules), {ok, _} = emqx_authz:update(replace, Rules),
Config. Config.

2
apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
View File

@ -55,7 +55,7 @@ init_per_suite(Config) ->
<<"password">> => <<"ee">>, <<"password">> => <<"ee">>,
<<"auto_reconnect">> => true, <<"auto_reconnect">> => true,
<<"ssl">> => #{<<"enable">> => false}, <<"ssl">> => #{<<"enable">> => false},
<<"sql">> => <<"abcb">> <<"query">> => <<"abcb">>
}], }],
{ok, _} = emqx_authz:update(replace, Rules), {ok, _} = emqx_authz:update(replace, Rules),
Config. Config.