fix(schema): add namespace to authn schemas
This commit is contained in:
Zaiming (Stone) Shi
parent
86110824eb
commit
f1de0aa176
|
|
@ -38,7 +38,8 @@
|
|||
authenticator_type_without/1,
|
||||
authenticator_type_without/2,
|
||||
mechanism/1,
|
||||
backend/1
|
||||
backend/1,
|
||||
namespace/0
|
||||
]).
|
||||
|
||||
-export([
|
||||
|
|
@ -60,6 +61,7 @@
|
|||
api_write
|
||||
%% config: schema for config validation
|
||||
| config.
|
||||
-callback namespace() -> string().
|
||||
-callback refs() -> [schema_ref()].
|
||||
-callback refs(shema_kind()) -> [schema_ref()].
|
||||
-callback select_union_member(emqx_config:raw_config()) -> [schema_ref()] | undefined | no_return().
|
||||
|
|
@ -74,6 +76,8 @@
|
|||
refs/1
|
||||
]).
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
roots() -> [].
|
||||
|
||||
injected_fields(AuthnSchemaMods) ->
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
-define(ERR(Reason), {error, Reason}).
|
||||
|
||||
union_member_selector_mongo_test_() ->
|
||||
ok = ensure_schema_load(),
|
||||
[
|
||||
{"unknown", fun() ->
|
||||
?assertMatch(
|
||||
|
|
@ -31,25 +32,26 @@ union_member_selector_mongo_test_() ->
|
|||
end},
|
||||
{"single", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "mongo_single"}),
|
||||
?ERR(#{matched_type := "authn:mongo_single"}),
|
||||
check("{mechanism = password_based, backend = mongodb, mongo_type = single}")
|
||||
)
|
||||
end},
|
||||
{"replica-set", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "mongo_rs"}),
|
||||
?ERR(#{matched_type := "authn:mongo_rs"}),
|
||||
check("{mechanism = password_based, backend = mongodb, mongo_type = rs}")
|
||||
)
|
||||
end},
|
||||
{"sharded", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "mongo_sharded"}),
|
||||
?ERR(#{matched_type := "authn:mongo_sharded"}),
|
||||
check("{mechanism = password_based, backend = mongodb, mongo_type = sharded}")
|
||||
)
|
||||
end}
|
||||
].
|
||||
|
||||
union_member_selector_jwt_test_() ->
|
||||
ok = ensure_schema_load(),
|
||||
[
|
||||
{"unknown", fun() ->
|
||||
?assertMatch(
|
||||
|
|
@ -59,25 +61,26 @@ union_member_selector_jwt_test_() ->
|
|||
end},
|
||||
{"jwks", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "jwt_jwks"}),
|
||||
?ERR(#{matched_type := "authn:jwt_jwks"}),
|
||||
check("{mechanism = jwt, use_jwks = true}")
|
||||
)
|
||||
end},
|
||||
{"publick-key", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "jwt_public_key"}),
|
||||
?ERR(#{matched_type := "authn:jwt_public_key"}),
|
||||
check("{mechanism = jwt, use_jwks = false, public_key = 1}")
|
||||
)
|
||||
end},
|
||||
{"hmac-based", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "jwt_hmac"}),
|
||||
?ERR(#{matched_type := "authn:jwt_hmac"}),
|
||||
check("{mechanism = jwt, use_jwks = false}")
|
||||
)
|
||||
end}
|
||||
].
|
||||
|
||||
union_member_selector_redis_test_() ->
|
||||
ok = ensure_schema_load(),
|
||||
[
|
||||
{"unknown", fun() ->
|
||||
?assertMatch(
|
||||
|
|
@ -87,25 +90,26 @@ union_member_selector_redis_test_() ->
|
|||
end},
|
||||
{"single", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "redis_single"}),
|
||||
?ERR(#{matched_type := "authn:redis_single"}),
|
||||
check("{mechanism = password_based, backend = redis, redis_type = single}")
|
||||
)
|
||||
end},
|
||||
{"cluster", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "redis_cluster"}),
|
||||
?ERR(#{matched_type := "authn:redis_cluster"}),
|
||||
check("{mechanism = password_based, backend = redis, redis_type = cluster}")
|
||||
)
|
||||
end},
|
||||
{"sentinel", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "redis_sentinel"}),
|
||||
?ERR(#{matched_type := "authn:redis_sentinel"}),
|
||||
check("{mechanism = password_based, backend = redis, redis_type = sentinel}")
|
||||
)
|
||||
end}
|
||||
].
|
||||
|
||||
union_member_selector_http_test_() ->
|
||||
ok = ensure_schema_load(),
|
||||
[
|
||||
{"unknown", fun() ->
|
||||
?assertMatch(
|
||||
|
|
@ -115,13 +119,13 @@ union_member_selector_http_test_() ->
|
|||
end},
|
||||
{"get", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "http_get"}),
|
||||
?ERR(#{matched_type := "authn:http_get"}),
|
||||
check("{mechanism = password_based, backend = http, method = get}")
|
||||
)
|
||||
end},
|
||||
{"post", fun() ->
|
||||
?assertMatch(
|
||||
?ERR(#{matched_type := "http_post"}),
|
||||
?ERR(#{matched_type := "authn:http_post"}),
|
||||
check("{mechanism = password_based, backend = http, method = post}")
|
||||
)
|
||||
end}
|
||||
|
|
@ -132,3 +136,7 @@ check(HoconConf) ->
|
|||
#{roots => emqx_authn_schema:global_auth_fields()},
|
||||
["authentication= ", HoconConf]
|
||||
).
|
||||
|
||||
ensure_schema_load() ->
|
||||
_ = emqx_conf_schema:roots(),
|
||||
ok.
|
||||
|
|
|
|||
|
|
@ -16,10 +16,6 @@
|
|||
|
||||
-module(emqx_authn_http_schema).
|
||||
|
||||
-include("emqx_auth_http.hrl").
|
||||
-include_lib("emqx_auth/include/emqx_authn.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
|
|
@ -31,6 +27,10 @@
|
|||
namespace/0
|
||||
]).
|
||||
|
||||
-include("emqx_auth_http.hrl").
|
||||
-include_lib("emqx_auth/include/emqx_authn.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-define(NOT_EMPTY(MSG), emqx_resource_validator:not_empty(MSG)).
|
||||
-define(THROW_VALIDATION_ERROR(ERROR, MESSAGE),
|
||||
throw(#{
|
||||
|
|
|
|||
|
|
@ -16,18 +16,21 @@
|
|||
|
||||
-module(emqx_authn_jwt_schema).
|
||||
|
||||
-include("emqx_auth_jwt.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
namespace/0,
|
||||
fields/1,
|
||||
desc/1,
|
||||
refs/0,
|
||||
select_union_member/1
|
||||
]).
|
||||
|
||||
-include("emqx_auth_jwt.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
[
|
||||
?R_REF(jwt_hmac),
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@
|
|||
|
||||
-module(emqx_authn_ldap_bind_schema).
|
||||
|
||||
-include("emqx_auth_ldap.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
|
|
@ -29,6 +26,9 @@
|
|||
namespace/0
|
||||
]).
|
||||
|
||||
-include("emqx_auth_ldap.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
|
|
|
|||
|
|
@ -16,18 +16,21 @@
|
|||
|
||||
-module(emqx_authn_ldap_schema).
|
||||
|
||||
-include("emqx_auth_ldap.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
namespace/0,
|
||||
fields/1,
|
||||
desc/1,
|
||||
refs/0,
|
||||
select_union_member/1
|
||||
]).
|
||||
|
||||
-include("emqx_auth_ldap.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
[?R_REF(ldap)].
|
||||
|
||||
|
|
|
|||
|
|
@ -22,12 +22,15 @@
|
|||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
namespace/0,
|
||||
fields/1,
|
||||
desc/1,
|
||||
refs/0,
|
||||
select_union_member/1
|
||||
]).
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
[?R_REF(scram)].
|
||||
|
||||
|
|
|
|||
|
|
@ -16,19 +16,19 @@
|
|||
|
||||
-module(emqx_authn_mongodb_schema).
|
||||
|
||||
-include("emqx_auth_mongodb.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
namespace/0,
|
||||
fields/1,
|
||||
desc/1,
|
||||
refs/0,
|
||||
select_union_member/1,
|
||||
namespace/0
|
||||
select_union_member/1
|
||||
]).
|
||||
|
||||
-include("emqx_auth_mongodb.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@
|
|||
|
||||
-module(emqx_authz_mongodb_schema).
|
||||
|
||||
-include("emqx_auth_mongodb.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-export([
|
||||
type/0,
|
||||
fields/1,
|
||||
|
|
@ -28,6 +25,9 @@
|
|||
namespace/0
|
||||
]).
|
||||
|
||||
-include("emqx_auth_mongodb.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authz".
|
||||
|
||||
type() -> ?AUTHZ_TYPE.
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@
|
|||
|
||||
-module(emqx_authn_mysql_schema).
|
||||
|
||||
-include("emqx_auth_mysql.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
|
|
@ -29,6 +26,9 @@
|
|||
select_union_member/1
|
||||
]).
|
||||
|
||||
-include("emqx_auth_mysql.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() ->
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ t_update_with_invalid_config(_Config) ->
|
|||
?assertMatch(
|
||||
{error, #{
|
||||
kind := validation_error,
|
||||
matched_type := "postgresql",
|
||||
matched_type := "authn:postgresql",
|
||||
path := "authentication.1.server",
|
||||
reason := required_field
|
||||
}},
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ test_create_invalid_config(InvalidAuthConfig, Path) ->
|
|||
?assertMatch(
|
||||
{error, #{
|
||||
kind := validation_error,
|
||||
matched_type := "redis_single",
|
||||
matched_type := "authn:redis_single",
|
||||
path := Path
|
||||
}},
|
||||
emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, InvalidAuthConfig})
|
||||
|
|
|
|||
|
|
@ -16,18 +16,21 @@
|
|||
|
||||
-module(emqx_gcp_device_authn_schema).
|
||||
|
||||
-include("emqx_gcp_device.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
-behaviour(emqx_authn_schema).
|
||||
|
||||
-export([
|
||||
namespace/0,
|
||||
fields/1,
|
||||
desc/1,
|
||||
refs/0,
|
||||
select_union_member/1
|
||||
]).
|
||||
|
||||
-include("emqx_gcp_device.hrl").
|
||||
-include_lib("hocon/include/hoconsc.hrl").
|
||||
|
||||
namespace() -> "authn".
|
||||
|
||||
refs() -> [?R_REF(gcp_device)].
|
||||
|
||||
select_union_member(#{<<"mechanism">> := ?AUTHN_MECHANISM_BIN}) ->
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
-include_lib("snabbkaffe/include/snabbkaffe.hrl").
|
||||
|
||||
-behaviour(emqx_resource).
|
||||
-behaviour(hocon_schema).
|
||||
|
||||
%% callbacks of behaviour emqx_resource
|
||||
-export([
|
||||
|
|
@ -29,7 +30,8 @@
|
|||
on_start/2,
|
||||
on_stop/2,
|
||||
on_query/3,
|
||||
on_get_status/2
|
||||
on_get_status/2,
|
||||
namespace/0
|
||||
]).
|
||||
|
||||
%% ecpool callback
|
||||
|
|
@ -50,6 +52,9 @@
|
|||
}).
|
||||
|
||||
%%=====================================================================
|
||||
|
||||
namespace() -> "mongo".
|
||||
|
||||
roots() ->
|
||||
[
|
||||
{config, #{
|
||||
|
|
|
|||
Loading…
Reference in New Issue