fix(authn): allow single authenticator instance from config

2021-10-20 15:06:08 +02:00 · 2021-10-20 15:06:08 +02:00 · efca545d3d
parent 1c22c0d596
commit efca545d3d
2 changed files with 15 additions and 6 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -103,12 +103,10 @@ The configs here work as default values which can be overriden
 in <code>zone</code> configs"""
          })}
    , {"authentication",
-      sc(hoconsc:lazy(hoconsc:array(map())),
-         #{ desc =>
+       authentication(
 """Default authentication configs for all MQTT listeners.<br>
 For per-listener overrides see <code>authentication</code>
-in listener configs"""
-          })}
+in listener configs""")}
    , {"authorization",
       sc(ref("authorization"),
          #{})}
@ -903,8 +901,7 @@ mqtt_listener() ->
          #{})
      }
    , {"authentication",
-       sc(hoconsc:lazy(hoconsc:array(map())),
-          #{})
+       authentication("Per-listener authentication override")
      }
    ].

@ -1356,3 +1353,13 @@ str(B) when is_binary(B) ->
    binary_to_list(B);
 str(S) when is_list(S) ->
    S.
+
+authentication(Desc) ->
+    #{ type => hoconsc:union([typerefl:map(), hoconsc:array(typerefl:map())])
+     , desc => [Desc, "<br>", """
+Authentication can be one single authenticator instance or a chain of authenticators as an array.
+The when authenticating a login (username, client ID, etc.) the authenticators are checked
+in the configured order.
+"""
+               ]
+     }.
--- a/apps/emqx_authn/src/emqx_authn.erl
+++ b/apps/emqx_authn/src/emqx_authn.erl
@ -33,6 +33,8 @@ providers() ->
    , {{scram, 'built-in-database'}, emqx_enhanced_authn_scram_mnesia}
    ].

+check_configs(C) when is_map(C) ->
+    check_configs([C]);
 check_configs([]) -> [];
 check_configs([Config | Configs]) ->
    [check_config(Config) | check_configs(Configs)].