yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(api): unified api name style

This commit is contained in:
JimMoen 2022-03-10 15:57:25 +08:00
parent bde7e51d8e
commit f5caf66253
40 changed files with 201 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/emqx/src/emqx_authentication.erl
View File

@ -59,7 +59,7 @@
, move_authenticator/3
]).
%% APIs for observer built-in-database
%% APIs for observer built_in_database
-export([ import_users/3
, add_user/3
, delete_user/3
@ -266,7 +266,7 @@ stop() ->
%% @doc Register authentication providers.
%% A provider is a tuple of `AuthNType' the module which implements
%% the authenticator callbacks.
%% For example, ``[{{'password-based', redis}, emqx_authn_redis}]''
%% For example, ``[{{'password_based', redis}, emqx_authn_redis}]''
%% NOTE: Later registered provider may override earlier registered if they
%% happen to clash the same `AuthNType'.
-spec register_providers([{authn_type(), module()}]) -> ok.

4
apps/emqx/src/emqx_schema.erl
View File

@ -124,7 +124,7 @@ EMQX can be configured with:
<br>
<ul>
<li><code>[]</code>: The default value, it allows *ALL* logins</li>
<li>one: For example <code>{enable:true,backend:\"built-in-database\",mechanism=\"password-based\"}
<li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
</code></li>
<li>chain: An array of structs.</li>
</ul>
@ -255,7 +255,7 @@ fields("authorization") ->
, desc => """
Default access control action if the user or client matches no ACL rules,
or if no such user or client is found by the configurable authorization
sources such as built-in-database, an HTTP API, or a query against PostgreSQL.
sources such as built_in_database, an HTTP API, or a query against PostgreSQL.
Find more details in 'authorization.sources' config.
"""
})}

42
apps/emqx/test/emqx_authentication_SUITE.erl
View File

@ -40,13 +40,13 @@ roots() -> [{config, #{type => hoconsc:union([
hoconsc:ref(?MODULE, type2)])}}].
fields(type1) ->
[ {mechanism, {enum, ['password-based']}}
, {backend, {enum, ['built-in-database']}}
[ {mechanism, {enum, ['password_based']}}
, {backend, {enum, ['built_in_database']}}
, {enable, fun enable/1}
];
fields(type2) ->
[ {mechanism, {enum, ['password-based']}}
[ {mechanism, {enum, ['password_based']}}
, {backend, {enum, ['mysql']}}
, {enable, fun enable/1}
].
@ -117,13 +117,13 @@ t_chain(Config) when is_list(Config) ->
t_authenticator({'init', Config}) ->
[{"auth1", {'password-based', 'built-in-database'}},
{"auth2", {'password-based', mysql}} | Config];
[{"auth1", {'password_based', 'built_in_database'}},
{"auth2", {'password_based', mysql}} | Config];
t_authenticator(Config) when is_list(Config) ->
ChainName = 'test',
AuthenticatorConfig1 = #{mechanism => 'password-based',
backend => 'built-in-database',
AuthenticatorConfig1 = #{mechanism => 'password_based',
backend => 'built_in_database',
enable => true},
% Create an authenticator when the authentication chain does not exist
@ -140,7 +140,7 @@ t_authenticator(Config) when is_list(Config) ->
AuthNType1 = ?config("auth1"),
register_provider(AuthNType1, ?MODULE),
ID1 = <<"password-based:built-in-database">>,
ID1 = <<"password_based:built_in_database">>,
% CRUD of authencaticator
?assertMatch(
@ -169,8 +169,8 @@ t_authenticator(Config) when is_list(Config) ->
% Multiple authenticators exist at the same time
AuthNType2 = ?config("auth2"),
register_provider(AuthNType2, ?MODULE),
ID2 = <<"password-based:mysql">>,
AuthenticatorConfig2 = #{mechanism => 'password-based',
ID2 = <<"password_based:mysql">>,
AuthenticatorConfig2 = #{mechanism => 'password_based',
backend => mysql,
enable => true},
@ -202,7 +202,7 @@ t_authenticator({'end', Config}) ->
t_authenticate({init, Config}) ->
[{listener_id, 'tcp:default'},
{authn_type, {'password-based', 'built-in-database'}} | Config];
{authn_type, {'password_based', 'built_in_database'}} | Config];
t_authenticate(Config) when is_list(Config) ->
ListenerID = ?config(listener_id),
@ -216,8 +216,8 @@ t_authenticate(Config) when is_list(Config) ->
register_provider(AuthNType, ?MODULE),
AuthenticatorConfig = #{mechanism => 'password-based',
backend => 'built-in-database',
AuthenticatorConfig = #{mechanism => 'password_based',
backend => 'built_in_database',
enable => true},
?AUTHN:create_chain(ListenerID),
?assertMatch({ok, _}, ?AUTHN:create_authenticator(ListenerID, AuthenticatorConfig)),
@ -238,8 +238,8 @@ t_authenticate({'end', Config}) ->
t_update_config({init, Config}) ->
Global = 'mqtt:global',
AuthNType1 = {'password-based', 'built-in-database'},
AuthNType2 = {'password-based', mysql},
AuthNType1 = {'password_based', 'built_in_database'},
AuthNType2 = {'password_based', mysql},
[{global, Global},
{"auth1", AuthNType1},
{"auth2", AuthNType2} | Config];
@ -249,14 +249,14 @@ t_update_config(Config) when is_list(Config) ->
ok = register_provider(?config("auth1"), ?MODULE),
ok = register_provider(?config("auth2"), ?MODULE),
Global = ?config(global),
AuthenticatorConfig1 = #{<<"mechanism">> => <<"password-based">>,
<<"backend">> => <<"built-in-database">>,
AuthenticatorConfig1 = #{<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built_in_database">>,
<<"enable">> => true},
AuthenticatorConfig2 = #{<<"mechanism">> => <<"password-based">>,
AuthenticatorConfig2 = #{<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"mysql">>,
<<"enable">> => true},
ID1 = <<"password-based:built-in-database">>,
ID2 = <<"password-based:mysql">>,
ID1 = <<"password_based:built_in_database">>,
ID2 = <<"password_based:mysql">>,
?assertMatch({ok, []}, ?AUTHN:list_chains()),
@ -391,7 +391,7 @@ t_convert_certs(Config) when is_list(Config) ->
, {<<"cacertfile">>, "cacert.pem"}
]),
CertsDir = certs_dir(Config, [Global, <<"password-based:built-in-database">>]),
CertsDir = certs_dir(Config, [Global, <<"password_based:built_in_database">>]),
#{<<"ssl">> := NCerts} = convert_certs(CertsDir, #{<<"ssl">> => Certs}),
Certs2 = certs([ {<<"keyfile">>, "key.pem"}

14
apps/emqx_authn/src/emqx_authn.erl
View File

@ -25,14 +25,14 @@
-include("emqx_authn.hrl").
providers() ->
[ {{'password-based', 'built-in-database'}, emqx_authn_mnesia}
, {{'password-based', mysql}, emqx_authn_mysql}
, {{'password-based', postgresql}, emqx_authn_pgsql}
, {{'password-based', mongodb}, emqx_authn_mongodb}
, {{'password-based', redis}, emqx_authn_redis}
, {{'password-based', 'http'}, emqx_authn_http}
[ {{'password_based', 'built_in_database'}, emqx_authn_mnesia}
, {{'password_based', mysql}, emqx_authn_mysql}
, {{'password_based', postgresql}, emqx_authn_pgsql}
, {{'password_based', mongodb}, emqx_authn_mongodb}
, {{'password_based', redis}, emqx_authn_redis}
, {{'password_based', 'http'}, emqx_authn_http}
, {jwt, emqx_authn_jwt}
, {{scram, 'built-in-database'}, emqx_enhanced_authn_scram_mnesia}
, {{scram, 'built_in_database'}, emqx_enhanced_authn_scram_mnesia}
].
check_configs(C) when is_map(C) ->

30
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -964,21 +964,21 @@ authenticator_array_example() ->
authenticator_examples() ->
#{
'password-based:built-in-database' => #{
summary => <<"Built-in password-based authentication">>,
'password_based:built_in_database' => #{
summary => <<"Built-in password_based authentication">>,
value => #{
mechanism => <<"password-based">>,
backend => <<"built-in-database">>,
mechanism => <<"password_based">>,
backend => <<"built_in_database">>,
user_id_type => <<"username">>,
password_hash_algorithm => #{
name => <<"sha256">>
}
}
},
'password-based:http' => #{
summary => <<"Password-based authentication through external HTTP API">>,
'password_based:http' => #{
summary => <<"password_based authentication through external HTTP API">>,
value => #{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
backend => <<"http">>,
method => <<"post">>,
url => <<"http://127.0.0.1:18083">>,
@ -1009,10 +1009,10 @@ authenticator_examples() ->
}
}
},
'password-based:mongodb' => #{
summary => <<"Password-based authentication with MongoDB backend">>,
'password_based:mongodb' => #{
summary => <<"password_based authentication with MongoDB backend">>,
value => #{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
backend => <<"mongodb">>,
server => <<"127.0.0.1:27017">>,
database => example,
@ -1027,10 +1027,10 @@ authenticator_examples() ->
salt_position => <<"prefix">>
}
},
'password-based:redis' => #{
summary => <<"Password-based authentication with Redis backend">>,
'password_based:redis' => #{
summary => <<"password_based authentication with Redis backend">>,
value => #{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
backend => <<"redis">>,
server => <<"127.0.0.1:6379">>,
database => 0,
@ -1091,10 +1091,10 @@ request_move_examples() ->
position => <<"bottom">>
}
},
'move_before_password-based:built-in-database' => #{
'move_before_password_based:built_in_database' => #{
summary => <<"Move authenticator to the position preceding some other authenticator">>,
value => #{
position => <<"before:password-based:built-in-database">>
position => <<"before:password_based:built_in_database">>
}
}
}.

2
apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
View File

@ -87,7 +87,7 @@ roots() -> [?CONF_NS].
fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('scram')}
, {backend, emqx_authn_schema:backend('built-in-database')}
, {backend, emqx_authn_schema:backend('built_in_database')}
, {algorithm, fun algorithm/1}
, {iteration_count, fun iteration_count/1}
] ++ emqx_authn_schema:common_fields().

2
apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
View File

@ -60,7 +60,7 @@ fields(post) ->
] ++ common_fields().
common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(http)}
, {url, fun url/1}
, {body, map([{fuzzy, term(), binary()}])}

4
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -93,8 +93,8 @@ namespace() -> "authn-builtin_db".
roots() -> [?CONF_NS].
fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
, {backend, emqx_authn_schema:backend('built-in-database')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend('built_in_database')}
, {user_id_type, fun user_id_type/1}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
] ++ emqx_authn_schema:common_fields().

2
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
View File

@ -56,7 +56,7 @@ fields('sharded-cluster') ->
common_fields() ++ emqx_connector_mongo:fields(sharded).
common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(mongodb)}
, {collection, fun collection/1}
, {selector, fun selector/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
View File

@ -44,7 +44,7 @@ namespace() -> "authn-mysql".
roots() -> [?CONF_NS].
fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(mysql)}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
, {query, fun query/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
View File

@ -50,7 +50,7 @@ namespace() -> "authn-postgresql".
roots() -> [?CONF_NS].
fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(postgresql)}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
, {query, fun query/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -56,7 +56,7 @@ fields(sentinel) ->
common_fields() ++ emqx_connector_redis:fields(sentinel).
common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')}
[ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(redis)}
, {cmd, fun cmd/1}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}

46
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -155,7 +155,7 @@ test_authenticators(PathPrefix) ->
InvalidConfig1),
?assertAuthenticatorsMatch(
[#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}],
[#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>}],
PathPrefix ++ [?CONF_NS]).
test_authenticator(PathPrefix) ->
@ -166,49 +166,49 @@ test_authenticator(PathPrefix) ->
ValidConfig0),
{ok, 200, _} = request(
get,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"])),
uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
{ok, 404, _} = request(
get,
uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])),
uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
{ok, 404, _} = request(
put,
uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database"]),
uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database"]),
emqx_authn_test_lib:built_in_database_example()),
InvalidConfig0 = ValidConfig0#{method => <<"delete">>},
{ok, 400, _} = request(
put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
InvalidConfig0),
InvalidConfig1 = ValidConfig0#{method => <<"get">>,
headers => #{<<"content-type">> => <<"application/json">>}},
{ok, 400, _} = request(
put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
InvalidConfig1),
ValidConfig1 = ValidConfig0#{pool_size => 9},
{ok, 200, _} = request(
put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]),
uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
ValidConfig1),
{ok, 404, _} = request(
delete,
uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])),
uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
{ok, 204, _} = request(
delete,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"])),
uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
?assertAuthenticatorsMatch([], PathPrefix ++ [?CONF_NS]).
test_authenticator_users(PathPrefix) ->
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]),
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
{ok, 200, _} = request(
post,
@ -263,7 +263,7 @@ test_authenticator_users(PathPrefix) ->
lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])).
test_authenticator_user(PathPrefix) ->
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]),
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
{ok, 200, _} = request(
post,
@ -318,9 +318,9 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
],
PathPrefix ++ [?CONF_NS]),
@ -344,12 +344,12 @@ test_authenticator_move(PathPrefix) ->
{ok, 404, _} = request(
post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
#{position => <<"before:password_based:redis">>}),
{ok, 404, _} = request(
post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
#{position => <<"before:password_based:redis">>}),
% Valid moves
@ -361,8 +361,8 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
],
PathPrefix ++ [?CONF_NS]),
@ -373,8 +373,8 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>},
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>},
#{<<"mechanism">> := <<"jwt">>}
],
PathPrefix ++ [?CONF_NS]),
@ -382,20 +382,20 @@ test_authenticator_move(PathPrefix) ->
{ok, 204, _} = request(
post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:built-in-database">>}),
#{position => <<"before:password_based:built_in_database">>}),
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
],
PathPrefix ++ [?CONF_NS]).
test_authenticator_import_users(PathPrefix) ->
ImportUri = uri(
PathPrefix ++
[?CONF_NS, "password-based:built-in-database", "import_users"]),
[?CONF_NS, "password_based:built_in_database", "import_users"]),
{ok, 200, _} = request(

4
apps/emqx_authn/test/emqx_authn_http_SUITE.erl
View File

@ -179,7 +179,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:http">>, CorrectConfig}),
{update_authenticator, ?GLOBAL, <<"password_based:http">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(?CREDENTIALS).
@ -240,7 +240,7 @@ test_is_superuser({Kind, Value, ExpectedValue}) ->
raw_http_auth_config() ->
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
enable => <<"true">>,
backend => <<"http">>,

2
apps/emqx_authn/test/emqx_authn_https_SUITE.erl
View File

@ -124,7 +124,7 @@ raw_https_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}),
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
enable => <<"true">>,
backend => <<"http">>,

8
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
View File

@ -53,8 +53,8 @@ end_per_testcase(_Case, Config) ->
t_check_schema(_Config) ->
ConfigOk = #{
<<"mechanism">> => <<"password-based">>,
<<"backend">> => <<"built-in-database">>,
<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"bcrypt">>,
@ -65,8 +65,8 @@ t_check_schema(_Config) ->
hocon_tconf:check_plain(emqx_authn_mnesia, ?CONF(ConfigOk)),
ConfigNotOk = #{
<<"mechanism">> => <<"password-based">>,
<<"backend">> => <<"built-in-database">>,
<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"md6">>

16
apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl
View File

@ -177,7 +177,7 @@ t_update(_Config) ->
% We update with config with correct selector, provider should update and work properly
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:mongodb">>, CorrectConfig}),
{update_authenticator, ?GLOBAL, <<"password_based:mongodb">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>,
@ -238,7 +238,7 @@ test_is_superuser({Value, ExpectedValue}) ->
raw_mongo_auth_config() ->
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,
@ -309,7 +309,8 @@ user_seeds() ->
#{data => #{
username => <<"bcrypt">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => 0
},
@ -325,7 +326,8 @@ user_seeds() ->
#{data => #{
username => <<"bcrypt0">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">>
},
@ -343,7 +345,8 @@ user_seeds() ->
#{data => #{
username => <<"bcrypt1">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">>
},
@ -360,7 +363,8 @@ user_seeds() ->
#{data => #{
username => <<"bcrypt2">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">>
},

2
apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl
View File

@ -151,7 +151,7 @@ raw_mongo_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}),
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

6
apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl
View File

@ -28,7 +28,7 @@
-define(MYSQL_RESOURCE, <<"emqx_authn_mysql_SUITE">>).
-define(PATH, [authentication]).
-define(ResourceID, <<"password-based:mysql">>).
-define(ResourceID, <<"password_based:mysql">>).
all() ->
[{group, require_seeds}, t_create, t_create_invalid].
@ -190,7 +190,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:mysql">>, CorrectConfig}),
{update_authenticator, ?GLOBAL, <<"password_based:mysql">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>,
@ -205,7 +205,7 @@ t_update(_Config) ->
raw_mysql_auth_config() ->
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(MYSQL_HOST, "mysql-tls").
-define(PATH, [authentication]).
-define(ResourceID, <<"password-based:mysql">>).
-define(ResourceID, <<"password_based:mysql">>).
all() ->
emqx_common_test_helpers:all(?MODULE).
@ -116,7 +116,7 @@ raw_mysql_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}),
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

8
apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(PGSQL_HOST, "pgsql").
-define(PGSQL_RESOURCE, <<"emqx_authn_pgsql_SUITE">>).
-define(ResourceID, <<"password-based:postgresql">>).
-define(ResourceID, <<"password_based:postgresql">>).
-define(PATH, [authentication]).
@ -191,7 +191,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, CorrectConfig}),
{update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>,
@ -243,7 +243,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
Config = maps:put(query, Query, raw_pgsql_auth_config()),
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, Config}),
{update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, Config}),
Credentials = #{
listener => 'tcp:default',
@ -262,7 +262,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
raw_pgsql_auth_config() ->
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(PGSQL_HOST, "pgsql-tls").
-define(PATH, [authentication]).
-define(ResourceID, <<"password-based:postgresql">>).
-define(ResourceID, <<"password_based:postgresql">>).
all() ->
emqx_common_test_helpers:all(?MODULE).
@ -116,7 +116,7 @@ raw_pgsql_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}),
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

6
apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
View File

@ -28,7 +28,7 @@
-define(REDIS_RESOURCE, <<"emqx_authn_redis_SUITE">>).
-define(PATH, [authentication]).
-define(ResourceID, <<"password-based:redis">>).
-define(ResourceID, <<"password_based:redis">>).
all() ->
[{group, require_seeds}, t_create, t_create_invalid].
@ -207,7 +207,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:redis">>, CorrectConfig}),
{update_authenticator, ?GLOBAL, <<"password_based:redis">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>,
@ -222,7 +222,7 @@ t_update(_Config) ->
raw_redis_auth_config() ->
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

2
apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl
View File

@ -114,7 +114,7 @@ raw_redis_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}),
#{
mechanism => <<"password-based">>,
mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>},
enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_test_lib.erl
View File

@ -26,10 +26,10 @@ authenticator_example(Id) ->
Example.
http_example() ->
authenticator_example('password-based:http').
authenticator_example('password_based:http').
built_in_database_example() ->
authenticator_example('password-based:built-in-database').
authenticator_example('password_based:built_in_database').
jwt_example() ->
authenticator_example(jwt).

8
apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl
View File

@ -58,7 +58,7 @@ end_per_testcase(_Case, Config) ->
t_create(_Config) ->
ValidConfig = #{
<<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>,
<<"backend">> => <<"built_in_database">>,
<<"algorithm">> => <<"sha512">>,
<<"iteration_count">> => <<"4096">>
},
@ -73,7 +73,7 @@ t_create(_Config) ->
t_create_invalid(_Config) ->
InvalidConfig = #{
<<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>,
<<"backend">> => <<"built_in_database">>,
<<"algorithm">> => <<"sha271828">>,
<<"iteration_count">> => <<"4096">>
},
@ -339,7 +339,7 @@ test_is_superuser(UserInfo, ExpectedIsSuperuser) ->
config() ->
#{
mechanism => <<"scram">>,
backend => <<"built-in-database">>,
backend => <<"built_in_database">>,
algorithm => sha512,
iteration_count => 4096
}.
@ -347,7 +347,7 @@ config() ->
raw_config(Algorithm) ->
#{
<<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>,
<<"backend">> => <<"built_in_database">>,
<<"algorithm">> => atom_to_binary(Algorithm),
<<"iteration_count">> => <<"4096">>
}.

2
apps/emqx_authz/etc/emqx_authz.conf
View File

@ -56,7 +56,7 @@ authorization {
# selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] }
# },
{
type: built-in-database
type: built_in_database
},
{
type: file

15
apps/emqx_authz/src/emqx_authz.erl
View File

@ -111,11 +111,14 @@ lookup(Type) ->
Source.
move(Type, #{<<"before">> := Before}) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))});
emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))});
move(Type, #{<<"after">> := After}) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))});
emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))});
move(Type, Position) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}).
emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}).
update({?CMD_REPLACE, Type}, Sources) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {{?CMD_REPLACE, type(Type)}, Sources});
@ -341,7 +344,7 @@ find_action_in_hooks() ->
[Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
Action.
authz_module('built-in-database') ->
authz_module('built_in_database') ->
emqx_authz_mnesia;
authz_module(Type) ->
list_to_existing_atom("emqx_authz_" ++ atom_to_list(Type)).
@ -360,8 +363,8 @@ type(redis) -> redis;
type(<<"redis">>) -> redis;
type(postgresql) -> postgresql;
type(<<"postgresql">>) -> postgresql;
type('built-in-database') -> 'built-in-database';
type(<<"built-in-database">>) -> 'built-in-database';
type('built_in_database') -> 'built_in_database';
type(<<"built_in_database">>) -> 'built_in_database';
%% should never happen if the input is type-checked by hocon schema
type(Unknown) -> error({unknown_authz_source_type, Unknown}).

32
apps/emqx_authz/src/emqx_authz_api_mnesia.erl
View File

@ -65,18 +65,18 @@ api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}).
paths() ->
[ "/authorization/sources/built-in-database/username"
, "/authorization/sources/built-in-database/clientid"
, "/authorization/sources/built-in-database/username/:username"
, "/authorization/sources/built-in-database/clientid/:clientid"
, "/authorization/sources/built-in-database/all"
, "/authorization/sources/built-in-database/purge-all"].
[ "/authorization/sources/built_in_database/username"
, "/authorization/sources/built_in_database/clientid"
, "/authorization/sources/built_in_database/username/:username"
, "/authorization/sources/built_in_database/clientid/:clientid"
, "/authorization/sources/built_in_database/all"
, "/authorization/sources/built_in_database/purge-all"].
%%--------------------------------------------------------------------
%% Schema for each URI
%%--------------------------------------------------------------------
schema("/authorization/sources/built-in-database/username") ->
schema("/authorization/sources/built_in_database/username") ->
#{ 'operationId' => users
, get =>
#{ tags => [<<"authorization">>]
@ -106,7 +106,7 @@ schema("/authorization/sources/built-in-database/username") ->
}
}
};
schema("/authorization/sources/built-in-database/clientid") ->
schema("/authorization/sources/built_in_database/clientid") ->
#{ 'operationId' => clients
, get =>
#{ tags => [<<"authorization">>]
@ -138,7 +138,7 @@ schema("/authorization/sources/built-in-database/clientid") ->
}
}
};
schema("/authorization/sources/built-in-database/username/:username") ->
schema("/authorization/sources/built_in_database/username/:username") ->
#{ 'operationId' => user
, get =>
#{ tags => [<<"authorization">>]
@ -176,7 +176,7 @@ schema("/authorization/sources/built-in-database/username/:username") ->
}
}
};
schema("/authorization/sources/built-in-database/clientid/:clientid") ->
schema("/authorization/sources/built_in_database/clientid/:clientid") ->
#{ 'operationId' => client
, get =>
#{ tags => [<<"authorization">>]
@ -214,7 +214,7 @@ schema("/authorization/sources/built-in-database/clientid/:clientid") ->
}
}
};
schema("/authorization/sources/built-in-database/all") ->
schema("/authorization/sources/built_in_database/all") ->
#{ 'operationId' => all
, get =>
#{ tags => [<<"authorization">>]
@ -235,7 +235,7 @@ schema("/authorization/sources/built-in-database/all") ->
}
}
};
schema("/authorization/sources/built-in-database/purge-all") ->
schema("/authorization/sources/built_in_database/purge-all") ->
#{ 'operationId' => purge
, delete =>
#{ tags => [<<"authorization">>]
@ -389,17 +389,17 @@ all(post, #{body := #{<<"rules">> := Rules}}) ->
{204}.
purge(delete, _) ->
case emqx_authz_api_sources:get_raw_source(<<"built-in-database">>) of
case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of
[#{<<"enable">> := false}] ->
ok = emqx_authz_mnesia:purge_rules(),
{204};
[#{<<"enable">> := true}] ->
{400, #{code => <<"BAD_REQUEST">>,
message =>
<<"'built-in-database' type source must be disabled before purge.">>}};
<<"'built_in_database' type source must be disabled before purge.">>}};
[] ->
{404, #{code => <<"BAD_REQUEST">>,
message => <<"'built-in-database' type source is not found.">>
message => <<"'built_in_database' type source is not found.">>
}}
end.
@ -513,7 +513,7 @@ rules_example({ExampleName, ExampleType}) ->
[Example]
end,
#{
'password-based:built-in-database' => #{
'password_based:built_in_database' => #{
summary => Summary,
value => Value
}

6
apps/emqx_authz/src/emqx_authz_api_schema.erl
View File

@ -35,8 +35,8 @@ fields(http) ->
++ maps:to_list(maps:without([ base_url
, pool_type],
maps:from_list(emqx_connector_http:fields(config))));
fields('built-in-database') ->
authz_common_fields('built-in-database');
fields('built_in_database') ->
authz_common_fields('built_in_database');
fields(mongo_single) ->
authz_mongo_common_fields()
++ emqx_connector_mongo:fields(single);
@ -170,7 +170,7 @@ authz_sources_types(Type) ->
end
++
[ http
, 'built-in-database'
, 'built_in_database'
, mysql
, postgresql
, file].

2
apps/emqx_authz/src/emqx_authz_mnesia.erl
View File

@ -94,7 +94,7 @@ dry_run(_Source) -> ok.
authorize(#{username := Username,
clientid := Clientid
} = Client, PubSub, Topic, #{type := 'built-in-database'}) ->
} = Client, PubSub, Topic, #{type := 'built_in_database'}) ->
Rules = case mnesia:dirty_read(?ACL_TABLE, {?ACL_TABLE_CLIENTID, Clientid}) of
[] -> [];

2
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -113,7 +113,7 @@ fields(http_post) ->
, {headers, fun headers/1}
] ++ http_common_fields();
fields(mnesia) ->
[ {type, #{type => 'built-in-database'}}
[ {type, #{type => 'built_in_database'}}
, {enable, #{type => boolean(),
default => true}}
];

62
apps/emqx_authz/test/emqx_authz_api_mnesia_SUITE.erl
View File

@ -62,7 +62,7 @@ set_special_configs(emqx_authz) ->
{ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([authorization, no_match], deny),
{ok, _} = emqx:update_config([authorization, sources],
[#{<<"type">> => <<"built-in-database">>}]),
[#{<<"type">> => <<"built_in_database">>}]),
ok;
set_special_configs(_App) ->
ok.
@ -74,12 +74,12 @@ set_special_configs(_App) ->
t_api(_) ->
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "username"])
, uri(["authorization", "sources", "built_in_database", "username"])
, [?USERNAME_RULES_EXAMPLE]),
{ok, 200, Request1} =
request( get
, uri(["authorization", "sources", "built-in-database", "username"])
, uri(["authorization", "sources", "built_in_database", "username"])
, []),
#{<<"data">> := [#{<<"username">> := <<"user1">>, <<"rules">> := Rules1}],
<<"meta">> := #{<<"count">> := 1,
@ -91,7 +91,7 @@ t_api(_) ->
request( get
, uri([ "authorization"
, "sources"
, "built-in-database"
, "built_in_database"
, "username?page=1&limit=20&like_username=noexist"])
, []),
#{<<"data">> := [],
@ -102,47 +102,47 @@ t_api(_) ->
{ok, 200, Request2} =
request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2),
{ok, 204, _} =
request( put
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, ?USERNAME_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request3} =
request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3),
?assertEqual(0, length(Rules2)),
{ok, 204, _} =
request( delete
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
{ok, 404, _} =
request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
{ok, 404, _} =
request( delete
, uri(["authorization", "sources", "built-in-database", "username", "user1"])
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "clientid"])
, uri(["authorization", "sources", "built_in_database", "clientid"])
, [?CLIENTID_RULES_EXAMPLE]),
{ok, 200, Request4} =
request( get
, uri(["authorization", "sources", "built-in-database", "clientid"])
, uri(["authorization", "sources", "built_in_database", "clientid"])
, []),
{ok, 200, Request5} =
request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
#{<<"data">> := [#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules3}],
<<"meta">> := #{<<"count">> := 1, <<"limit">> := 100, <<"page">> := 1}}
@ -152,97 +152,97 @@ t_api(_) ->
{ok, 204, _} =
request( put
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, ?CLIENTID_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request6} =
request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6),
?assertEqual(0, length(Rules4)),
{ok, 204, _} =
request( delete
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
{ok, 404, _} =
request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
{ok, 404, _} =
request( delete
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"])
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "all"])
, uri(["authorization", "sources", "built_in_database", "all"])
, ?ALL_RULES_EXAMPLE),
{ok, 200, Request7} =
request( get
, uri(["authorization", "sources", "built-in-database", "all"])
, uri(["authorization", "sources", "built_in_database", "all"])
, []),
#{<<"rules">> := Rules5} = jsx:decode(Request7),
?assertEqual(3, length(Rules5)),
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "all"])
, uri(["authorization", "sources", "built_in_database", "all"])
, ?ALL_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request8} =
request( get
, uri(["authorization", "sources", "built-in-database", "all"])
, uri(["authorization", "sources", "built_in_database", "all"])
, []),
#{<<"rules">> := Rules6} = jsx:decode(Request8),
?assertEqual(0, length(Rules6)),
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "username"])
, uri(["authorization", "sources", "built_in_database", "username"])
, [ #{username => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) ]),
{ok, 200, Request9} =
request( get
, uri(["authorization", "sources", "built-in-database", "username?page=2&limit=5"])
, uri(["authorization", "sources", "built_in_database", "username?page=2&limit=5"])
, []),
#{<<"data">> := Data1} = jsx:decode(Request9),
?assertEqual(5, length(Data1)),
{ok, 204, _} =
request( post
, uri(["authorization", "sources", "built-in-database", "clientid"])
, uri(["authorization", "sources", "built_in_database", "clientid"])
, [ #{clientid => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) ]),
{ok, 200, Request10} =
request( get
, uri(["authorization", "sources", "built-in-database", "clientid?limit=5"])
, uri(["authorization", "sources", "built_in_database", "clientid?limit=5"])
, []),
#{<<"data">> := Data2} = jsx:decode(Request10),
?assertEqual(5, length(Data2)),
{ok, 400, Msg1} =
request( delete
, uri(["authorization", "sources", "built-in-database", "purge-all"])
, uri(["authorization", "sources", "built_in_database", "purge-all"])
, []),
?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")),
{ok, 204, _} =
request( put
, uri(["authorization", "sources", "built-in-database"])
, uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => true}),
%% test idempotence
{ok, 204, _} =
request( put
, uri(["authorization", "sources", "built-in-database"])
, uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => true}),
{ok, 204, _} =
request( put
, uri(["authorization", "sources", "built-in-database"])
, uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => false}),
{ok, 204, _} =
request( delete
, uri(["authorization", "sources", "built-in-database", "purge-all"])
, uri(["authorization", "sources", "built_in_database", "purge-all"])
, []),
?assertEqual(0, emqx_authz_mnesia:record_count()),
ok.

2
apps/emqx_authz/test/emqx_authz_mnesia_SUITE.erl
View File

@ -125,7 +125,7 @@ t_normalize_rules(_Config) ->
raw_mnesia_authz_config() ->
#{
<<"enable">> => <<"true">>,
<<"type">> => <<"built-in-database">>
<<"type">> => <<"built_in_database">>
}.
setup_client_samples(ClientInfo, Samples, Key) ->

4
apps/emqx_conf/etc/emqx_conf.md
View File

@ -196,7 +196,7 @@ e.g. `authentication.1={...}` is parsed as `authentication={"1": {...}}`
Indexed-map arrays can be used to override list arrays:
```
authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}]
authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
# we can disable this authentication provider with:
authentication.1.enable=false
```
@ -204,7 +204,7 @@ However, list arrays do not get recursively merged into indexed-map arrays.
e.g.
```
authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}]
authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
## below value will replace the whole array, but not to override just one field.
authentication=[{enable=true}]
```

2
apps/emqx_conf/src/emqx_conf_schema.erl
View File

@ -959,7 +959,7 @@ In EMQX, MQTT client access control is extremely flexible.<br>
An out-of-the-box set of authorization data sources are supported.
For example,<br>
'file' source is to support concise and yet generic ACL rules in a file;<br>
'built-in-database' source can be used to store per-client customizable rule sets,
'built_in_database' source can be used to store per-client customizable rule sets,
natively in the EMQX node;<br>
'http' source to make EMQX call an external HTTP API to make the decision;<br>
'PostgreSQL' etc. to look up clients or rules from external databases;<br>

8
apps/emqx_gateway/etc/emqx_gateway.conf.example
View File

@ -27,8 +27,8 @@ gateway.stomp {
}
authentication: {
mechanism = password-based
backend = built-in-database
mechanism = password_based
backend = built_in_database
user_id_type = clientid
}
@ -43,8 +43,8 @@ gateway.stomp {
]
authentication: {
mechanism = password-based
backend = built-in-database
mechanism = password_based
backend = built_in_database
user_id_type = username
}

4
apps/emqx_gateway/src/emqx_gateway_api_listeners.erl
View File

@ -709,8 +709,8 @@ examples_listener() ->
, max_connections => 1024000
, max_conn_rate => 1000
, authentication =>
#{ backend => <<"built-in-database">>
, mechanism => <<"password-based">>
#{ backend => <<"built_in_database">>
, mechanism => <<"password_based">>
, password_hash_algorithm =>
#{ name => <<"sha256">>
}

16
apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
View File

@ -190,8 +190,8 @@ t_authn(_) ->
{201, _} = request(post, "/gateway", GwConf),
{204, _} = request(get, "/gateway/stomp/authentication"),
AuthConf = #{mechanism => <<"password-based">>,
backend => <<"built-in-database">>,
AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built_in_database">>,
user_id_type => <<"clientid">>
},
{201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@ -213,8 +213,8 @@ t_authn_data_mgmt(_) ->
{201, _} = request(post, "/gateway", GwConf),
{204, _} = request(get, "/gateway/stomp/authentication"),
AuthConf = #{mechanism => <<"password-based">>,
backend => <<"built-in-database">>,
AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built_in_database">>,
user_id_type => <<"clientid">>
},
{201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@ -291,8 +291,8 @@ t_listeners_authn(_) ->
{200, ConfResp} = request(get, "/gateway/stomp"),
assert_confs(GwConf, ConfResp),
AuthConf = #{mechanism => <<"password-based">>,
backend => <<"built-in-database">>,
AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built_in_database">>,
user_id_type => <<"clientid">>
},
Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",
@ -322,8 +322,8 @@ t_listeners_authn_data_mgmt(_) ->
{200, ConfResp} = request(get, "/gateway/stomp"),
assert_confs(GwConf, ConfResp),
AuthConf = #{mechanism => <<"password-based">>,
backend => <<"built-in-database">>,
AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built_in_database">>,
user_id_type => <<"clientid">>
},
Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",

8
apps/emqx_gateway/test/emqx_gateway_conf_SUITE.erl
View File

@ -226,13 +226,13 @@ asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
}
}).
-define(CONF_STOMP_AUTHN_1,
#{ <<"mechanism">> => <<"password-based">>,
<<"backend">> => <<"built-in-database">>,
#{ <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"clientid">>
}).
-define(CONF_STOMP_AUTHN_2,
#{ <<"mechanism">> => <<"password-based">>,
<<"backend">> => <<"built-in-database">>,
#{ <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">>
}).