yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: move to /authorization/sources/built_in_database/rules

This commit is contained in:
Stefan Strigler 2022-12-16 14:46:13 +01:00
parent c85a988a43
commit f27f573109
7 changed files with 101 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/run_jmeter_tests.yaml vendored
View File

@ -92,7 +92,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: emqx/emqx-fvt repository: emqx/emqx-fvt
ref: broker-autotest-v2 ref: broker-autotest-v3
path: scripts path: scripts
- uses: actions/setup-java@v3 - uses: actions/setup-java@v3
with: with:
@ -191,7 +191,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: emqx/emqx-fvt repository: emqx/emqx-fvt
ref: broker-autotest-v2 ref: broker-autotest-v3
path: scripts path: scripts
- uses: actions/setup-java@v3 - uses: actions/setup-java@v3
with: with:
@ -297,7 +297,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: emqx/emqx-fvt repository: emqx/emqx-fvt
ref: broker-autotest-v2 ref: broker-autotest-v3
path: scripts path: scripts
- uses: actions/setup-java@v3 - uses: actions/setup-java@v3
with: with:
@ -396,7 +396,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: emqx/emqx-fvt repository: emqx/emqx-fvt
ref: broker-autotest-v2 ref: broker-autotest-v3
path: scripts path: scripts
- name: run jwks_server - name: run jwks_server
timeout-minutes: 10 timeout-minutes: 10
@ -496,7 +496,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
repository: emqx/emqx-fvt repository: emqx/emqx-fvt
ref: broker-autotest-v2 ref: broker-autotest-v3
path: scripts path: scripts
- uses: actions/setup-java@v3 - uses: actions/setup-java@v3
with: with:

50
apps/emqx_authz/i18n/emqx_authz_api_mnesia_i18n.conf
View File

@ -1,28 +1,28 @@
emqx_authz_api_mnesia { emqx_authz_api_mnesia {
users_username_get { users_username_get {
desc { desc {
en: """Show the list of record for username""" en: """Show the list of rules for users"""
zh: """获取内置数据库中所有用户名类型的规则记录""" zh: """获取内置数据库中所有用户名类型的规则记录"""
} }
} }
users_username_post { users_username_post {
desc { desc {
en: """Add new records for username""" en: """Add new rule for 'username'"""
zh: """添加内置数据库中用户名类型的规则记录""" zh: """添加内置数据库中用户名类型的规则记录"""
} }
} }
users_clientid_get { users_clientid_get {
desc { desc {
en: """Show the list of record for clientid""" en: """Show the list of rules for clients"""
zh: """获取内置数据库中所有客户端标识符类型的规则记录""" zh: """获取内置数据库中所有客户端标识符类型的规则记录"""
} }
} }
users_clientid_post { users_clientid_post {
desc { desc {
en: """Add new records for clientid""" en: """Add new rule for 'clientid'"""
zh: """添加内置数据库中客户端标识符类型的规则记录""" zh: """添加内置数据库中客户端标识符类型的规则记录"""
} }
} }
@ -30,71 +30,71 @@ emqx_authz_api_mnesia {
user_username_get { user_username_get {
desc { desc {
en: """Get record info for username""" en: """Get rule for 'username'"""
zh: """获取内置数据库中指定用户名类型的规则记录""" zh: """获取内置数据库中指定用户名类型的规则记录"""
} }
} }
user_username_put { user_username_put {
desc { desc {
en: """Set record for username""" en: """Set rule for 'username'"""
zh: """更新内置数据库中指定用户名类型的规则记录""" zh: """更新内置数据库中指定用户名类型的规则记录"""
} }
} }
user_username_delete { user_username_delete {
desc { desc {
en: """Delete one record for username""" en: """Delete rule for 'username'"""
zh: """删除内置数据库中指定用户名类型的规则记录""" zh: """删除内置数据库中指定用户名类型的规则记录"""
} }
} }
user_clientid_get { user_clientid_get {
desc { desc {
en: """Get record info for clientid""" en: """Get rule for 'clientid'"""
zh: """获取内置数据库中指定客户端标识符类型的规则记录""" zh: """获取内置数据库中指定客户端标识符类型的规则记录"""
} }
} }
user_clientid_put { user_clientid_put {
desc { desc {
en: """Set record for clientid""" en: """Set rule for 'clientid'"""
zh: """更新内置数据库中指定客户端标识符类型的规则记录""" zh: """更新内置数据库中指定客户端标识符类型的规则记录"""
} }
} }
user_clientid_delete { user_clientid_delete {
desc { desc {
en: """Delete one record for clientid""" en: """Delete rule for 'clientid'"""
zh: """删除内置数据库中指定客户端标识符类型的规则记录""" zh: """删除内置数据库中指定客户端标识符类型的规则记录"""
} }
} }
rules_all_get {
rules_for_all_get {
desc { desc {
en: """Show the list of rules for all""" en: """Show the list of rules for 'all'"""
zh: """列出为所有客户端启用的规则列表""" zh: """列出为所有客户端启用的规则列表"""
} }
} }
rules_for_all_post { rules_all_post {
desc { desc {
en: """ en: """Create/Update the list of rules for 'all'."""
Create/Update the list of rules for all. zh: """创建/更新 为所有客户端启用的规则列表。"""
Set a empty list to clean up rules
"""
zh: """
创建/更新 为所有客户端启用的规则列表。
设为空列表以清楚所有规则
"""
} }
} }
purge_all_delete { rules_all_delete {
desc { desc {
en: """Purge all records for username/clientid/all""" en: """Delete rules for 'all'"""
zh: """清除所有内置数据库中的规则, 用户名/客户端标识符/所有""" zh: """删除 `all` 规则"""
}
}
rules_delete {
desc {
en: """Delete all rules for all 'users', 'clients' and 'all'"""
zh: """清除内置数据库中的所有类型('users' 、'clients' 、'all')的所有规则"""
} }
} }

2
apps/emqx_authz/src/emqx_authz.app.src
View File

@ -1,7 +1,7 @@
%% -*- mode: erlang -*- %% -*- mode: erlang -*-
{application, emqx_authz, [ {application, emqx_authz, [
{description, "An OTP application"}, {description, "An OTP application"},
{vsn, "0.1.10"}, {vsn, "0.1.11"},
{registered, []}, {registered, []},
{mod, {emqx_authz_app, []}}, {mod, {emqx_authz_app, []}},
{applications, [ {applications, [

54
apps/emqx_authz/src/emqx_authz_api_mnesia.erl
View File

@ -44,7 +44,7 @@
user/2, user/2,
client/2, client/2,
all/2, all/2,
purge/2 rules/2
]). ]).
%% query funs %% query funs
@ -70,19 +70,19 @@ api_spec() ->
paths() -> paths() ->
[ [
"/authorization/sources/built_in_database/username", "/authorization/sources/built_in_database/rules/users",
"/authorization/sources/built_in_database/clientid", "/authorization/sources/built_in_database/rules/clients",
"/authorization/sources/built_in_database/username/:username", "/authorization/sources/built_in_database/rules/users/:username",
"/authorization/sources/built_in_database/clientid/:clientid", "/authorization/sources/built_in_database/rules/clients/:clientid",
"/authorization/sources/built_in_database/all", "/authorization/sources/built_in_database/rules/all",
"/authorization/sources/built_in_database/purge-all" "/authorization/sources/built_in_database/rules"
]. ].
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Schema for each URI %% Schema for each URI
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
schema("/authorization/sources/built_in_database/username") -> schema("/authorization/sources/built_in_database/rules/users") ->
#{ #{
'operationId' => users, 'operationId' => users,
get => get =>
@ -128,7 +128,7 @@ schema("/authorization/sources/built_in_database/username") ->
} }
} }
}; };
schema("/authorization/sources/built_in_database/clientid") -> schema("/authorization/sources/built_in_database/rules/clients") ->
#{ #{
'operationId' => clients, 'operationId' => clients,
get => get =>
@ -174,7 +174,7 @@ schema("/authorization/sources/built_in_database/clientid") ->
} }
} }
}; };
schema("/authorization/sources/built_in_database/username/:username") -> schema("/authorization/sources/built_in_database/rules/users/:username") ->
#{ #{
'operationId' => user, 'operationId' => user,
get => get =>
@ -227,7 +227,7 @@ schema("/authorization/sources/built_in_database/username/:username") ->
} }
} }
}; };
schema("/authorization/sources/built_in_database/clientid/:clientid") -> schema("/authorization/sources/built_in_database/rules/clients/:clientid") ->
#{ #{
'operationId' => client, 'operationId' => client,
get => get =>
@ -280,20 +280,20 @@ schema("/authorization/sources/built_in_database/clientid/:clientid") ->
} }
} }
}; };
schema("/authorization/sources/built_in_database/all") -> schema("/authorization/sources/built_in_database/rules/all") ->
#{ #{
'operationId' => all, 'operationId' => all,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
description => ?DESC(rules_for_all_get), description => ?DESC(rules_all_get),
responses => responses =>
#{200 => swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE})} #{200 => swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE})}
}, },
post => post =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
description => ?DESC(rules_for_all_post), description => ?DESC(rules_all_post),
'requestBody' => 'requestBody' =>
swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE}), swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE}),
responses => responses =>
@ -303,15 +303,24 @@ schema("/authorization/sources/built_in_database/all") ->
[?BAD_REQUEST], <<"Bad rule schema">> [?BAD_REQUEST], <<"Bad rule schema">>
) )
} }
} },
};
schema("/authorization/sources/built_in_database/purge-all") ->
#{
'operationId' => purge,
delete => delete =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
description => ?DESC(purge_all_delete), description => ?DESC(rules_all_delete),
responses =>
#{
204 => <<"Deleted">>
}
}
};
schema("/authorization/sources/built_in_database/rules") ->
#{
'operationId' => rules,
delete =>
#{
tags => [<<"authorization">>],
description => ?DESC(rules_delete),
responses => responses =>
#{ #{
204 => <<"Deleted">>, 204 => <<"Deleted">>,
@ -555,9 +564,12 @@ all(get, _) ->
end; end;
all(post, #{body := #{<<"rules">> := Rules}}) -> all(post, #{body := #{<<"rules">> := Rules}}) ->
emqx_authz_mnesia:store_rules(all, format_rules(Rules)), emqx_authz_mnesia:store_rules(all, format_rules(Rules)),
{204};
all(delete, _) ->
emqx_authz_mnesia:store_rules(all, []),
{204}. {204}.
purge(delete, _) -> rules(delete, _) ->
case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of
[#{<<"enable">> := false}] -> [#{<<"enable">> := false}] ->
ok = emqx_authz_mnesia:purge_rules(), ok = emqx_authz_mnesia:purge_rules(),

64
apps/emqx_authz/test/emqx_authz_api_mnesia_SUITE.erl
View File

@ -70,21 +70,21 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "username"]), uri(["authorization", "sources", "built_in_database", "rules", "users"]),
[?USERNAME_RULES_EXAMPLE] [?USERNAME_RULES_EXAMPLE]
), ),
{ok, 409, _} = {ok, 409, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "username"]), uri(["authorization", "sources", "built_in_database", "rules", "users"]),
[?USERNAME_RULES_EXAMPLE] [?USERNAME_RULES_EXAMPLE]
), ),
{ok, 200, Request1} = {ok, 200, Request1} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "username"]), uri(["authorization", "sources", "built_in_database", "rules", "users"]),
[] []
), ),
#{ #{
@ -104,7 +104,8 @@ t_api(_) ->
"authorization", "authorization",
"sources", "sources",
"built_in_database", "built_in_database",
"username?page=1&limit=20&like_username=noexist" "rules",
"users?page=1&limit=20&like_username=noexist"
]), ]),
[] []
), ),
@ -120,7 +121,7 @@ t_api(_) ->
{ok, 200, Request2} = {ok, 200, Request2} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
[] []
), ),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2), #{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2),
@ -128,13 +129,13 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
put, put,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
?USERNAME_RULES_EXAMPLE#{rules => []} ?USERNAME_RULES_EXAMPLE#{rules => []}
), ),
{ok, 200, Request3} = {ok, 200, Request3} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
[] []
), ),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3), #{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3),
@ -143,46 +144,46 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
[] []
), ),
{ok, 404, _} = {ok, 404, _} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
[] []
), ),
{ok, 404, _} = {ok, 404, _} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "username", "user1"]), uri(["authorization", "sources", "built_in_database", "rules", "users", "user1"]),
[] []
), ),
{ok, 204, _} = {ok, 204, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "clientid"]), uri(["authorization", "sources", "built_in_database", "rules", "clients"]),
[?CLIENTID_RULES_EXAMPLE] [?CLIENTID_RULES_EXAMPLE]
), ),
{ok, 409, _} = {ok, 409, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "clientid"]), uri(["authorization", "sources", "built_in_database", "rules", "clients"]),
[?CLIENTID_RULES_EXAMPLE] [?CLIENTID_RULES_EXAMPLE]
), ),
{ok, 200, Request4} = {ok, 200, Request4} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "clientid"]), uri(["authorization", "sources", "built_in_database", "rules", "clients"]),
[] []
), ),
{ok, 200, Request5} = {ok, 200, Request5} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
[] []
), ),
#{ #{
@ -196,13 +197,13 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
put, put,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
?CLIENTID_RULES_EXAMPLE#{rules => []} ?CLIENTID_RULES_EXAMPLE#{rules => []}
), ),
{ok, 200, Request6} = {ok, 200, Request6} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
[] []
), ),
#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6), #{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6),
@ -211,32 +212,32 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
[] []
), ),
{ok, 404, _} = {ok, 404, _} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
[] []
), ),
{ok, 404, _} = {ok, 404, _} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "clientid", "client1"]), uri(["authorization", "sources", "built_in_database", "rules", "clients", "client1"]),
[] []
), ),
{ok, 204, _} = {ok, 204, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "all"]), uri(["authorization", "sources", "built_in_database", "rules", "all"]),
?ALL_RULES_EXAMPLE ?ALL_RULES_EXAMPLE
), ),
{ok, 200, Request7} = {ok, 200, Request7} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "all"]), uri(["authorization", "sources", "built_in_database", "rules", "all"]),
[] []
), ),
#{<<"rules">> := Rules5} = jsx:decode(Request7), #{<<"rules">> := Rules5} = jsx:decode(Request7),
@ -244,15 +245,14 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
post, delete,
uri(["authorization", "sources", "built_in_database", "all"]), uri(["authorization", "sources", "built_in_database", "rules", "all"]),
[]
?ALL_RULES_EXAMPLE#{rules => []}
), ),
{ok, 200, Request8} = {ok, 200, Request8} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "all"]), uri(["authorization", "sources", "built_in_database", "rules", "all"]),
[] []
), ),
#{<<"rules">> := Rules6} = jsx:decode(Request8), #{<<"rules">> := Rules6} = jsx:decode(Request8),
@ -261,7 +261,7 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "username"]), uri(["authorization", "sources", "built_in_database", "rules", "users"]),
[ [
#{username => erlang:integer_to_binary(N), rules => []} #{username => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) || N <- lists:seq(1, 20)
@ -270,7 +270,7 @@ t_api(_) ->
{ok, 200, Request9} = {ok, 200, Request9} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "username?page=2&limit=5"]), uri(["authorization", "sources", "built_in_database", "rules", "users?page=2&limit=5"]),
[] []
), ),
#{<<"data">> := Data1} = jsx:decode(Request9), #{<<"data">> := Data1} = jsx:decode(Request9),
@ -279,7 +279,7 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
post, post,
uri(["authorization", "sources", "built_in_database", "clientid"]), uri(["authorization", "sources", "built_in_database", "rules", "clients"]),
[ [
#{clientid => erlang:integer_to_binary(N), rules => []} #{clientid => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) || N <- lists:seq(1, 20)
@ -288,7 +288,7 @@ t_api(_) ->
{ok, 200, Request10} = {ok, 200, Request10} =
request( request(
get, get,
uri(["authorization", "sources", "built_in_database", "clientid?limit=5"]), uri(["authorization", "sources", "built_in_database", "rules", "clients?limit=5"]),
[] []
), ),
#{<<"data">> := Data2} = jsx:decode(Request10), #{<<"data">> := Data2} = jsx:decode(Request10),
@ -297,7 +297,7 @@ t_api(_) ->
{ok, 400, Msg1} = {ok, 400, Msg1} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "purge-all"]), uri(["authorization", "sources", "built_in_database", "rules"]),
[] []
), ),
?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")), ?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")),
@ -323,7 +323,7 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( request(
delete, delete,
uri(["authorization", "sources", "built_in_database", "purge-all"]), uri(["authorization", "sources", "built_in_database", "rules"]),
[] []
), ),
?assertEqual(0, emqx_authz_mnesia:record_count()), ?assertEqual(0, emqx_authz_mnesia:record_count()),

2
changes/v5.0.13-en.md
View File

@ -20,6 +20,8 @@
- `/bridges_probe` API endpoint to test params for creating a new data bridge [#9585](https://github.com/emqx/emqx/pull/9585). - `/bridges_probe` API endpoint to test params for creating a new data bridge [#9585](https://github.com/emqx/emqx/pull/9585).
- Refactor `/authorization/sources/built_in_database/` by adding `rules/` to the path [#9569](https://github.com/emqx/emqx/pull/9569).
## Bug fixes ## Bug fixes
- Trigger `message.dropped` hook when QoS2 message is resend by client with a same packet id, or 'awaiting_rel' queue is full [#9487](https://github.com/emqx/emqx/pull/9487). - Trigger `message.dropped` hook when QoS2 message is resend by client with a same packet id, or 'awaiting_rel' queue is full [#9487](https://github.com/emqx/emqx/pull/9487).

4
changes/v5.0.13-zh.md
View File

@ -18,7 +18,9 @@
- 确保黑名单的默认超期时间足够长 [#9599](https://github.com/emqx/emqx/pull/9599/)。 - 确保黑名单的默认超期时间足够长 [#9599](https://github.com/emqx/emqx/pull/9599/)。
- [FIXME] `/bridges_probe` API 端点用于测试创建新数据桥的参数 [#9585](https://github.com/emqx/emqx/pull/9585)。 - 添加新 API 接口 `/bridges_probe` 用于测试创建桥接的参数是否可用 [#9585](https://github.com/emqx/emqx/pull/9585)。
- 重构 `/authorization/sources/built_in_database/` 接口,将 `rules/` 添加到了其路径中 [#9569](https://github.com/emqx/emqx/pull/9569)。
## 修复 ## 修复