yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7268 from JimMoen/fix-mgmt-api 

refactor(api): unified api name style
fix(authz): `POST` method for creating or updating rules for all
fix(authz): `DELETE` method return codes
This commit is contained in:
JimMoen 2022-03-11 14:03:40 +08:00 committed by GitHub
parent 09404c555f f5caf66253
commit f94face260
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 247 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/emqx/src/emqx_authentication.erl
View File

@ -59,7 +59,7 @@
, move_authenticator/3 , move_authenticator/3
]). ]).
%% APIs for observer built-in-database %% APIs for observer built_in_database
-export([ import_users/3 -export([ import_users/3
, add_user/3 , add_user/3
, delete_user/3 , delete_user/3
@ -266,7 +266,7 @@ stop() ->
%% @doc Register authentication providers. %% @doc Register authentication providers.
%% A provider is a tuple of `AuthNType' the module which implements %% A provider is a tuple of `AuthNType' the module which implements
%% the authenticator callbacks. %% the authenticator callbacks.
%% For example, ``[{{'password-based', redis}, emqx_authn_redis}]'' %% For example, ``[{{'password_based', redis}, emqx_authn_redis}]''
%% NOTE: Later registered provider may override earlier registered if they %% NOTE: Later registered provider may override earlier registered if they
%% happen to clash the same `AuthNType'. %% happen to clash the same `AuthNType'.
-spec register_providers([{authn_type(), module()}]) -> ok. -spec register_providers([{authn_type(), module()}]) -> ok.

4
apps/emqx/src/emqx_schema.erl
View File

@ -124,7 +124,7 @@ EMQX can be configured with:
<br> <br>
<ul> <ul>
<li><code>[]</code>: The default value, it allows *ALL* logins</li> <li><code>[]</code>: The default value, it allows *ALL* logins</li>
<li>one: For example <code>{enable:true,backend:\"built-in-database\",mechanism=\"password-based\"} <li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
</code></li> </code></li>
<li>chain: An array of structs.</li> <li>chain: An array of structs.</li>
</ul> </ul>
@ -255,7 +255,7 @@ fields("authorization") ->
, desc => """ , desc => """
Default access control action if the user or client matches no ACL rules, Default access control action if the user or client matches no ACL rules,
or if no such user or client is found by the configurable authorization or if no such user or client is found by the configurable authorization
sources such as built-in-database, an HTTP API, or a query against PostgreSQL. sources such as built_in_database, an HTTP API, or a query against PostgreSQL.
Find more details in 'authorization.sources' config. Find more details in 'authorization.sources' config.
""" """
})} })}

42
apps/emqx/test/emqx_authentication_SUITE.erl
View File

@ -40,13 +40,13 @@ roots() -> [{config, #{type => hoconsc:union([
hoconsc:ref(?MODULE, type2)])}}]. hoconsc:ref(?MODULE, type2)])}}].
fields(type1) -> fields(type1) ->
[ {mechanism, {enum, ['password-based']}} [ {mechanism, {enum, ['password_based']}}
, {backend, {enum, ['built-in-database']}} , {backend, {enum, ['built_in_database']}}
, {enable, fun enable/1} , {enable, fun enable/1}
]; ];
fields(type2) -> fields(type2) ->
[ {mechanism, {enum, ['password-based']}} [ {mechanism, {enum, ['password_based']}}
, {backend, {enum, ['mysql']}} , {backend, {enum, ['mysql']}}
, {enable, fun enable/1} , {enable, fun enable/1}
]. ].
@ -117,13 +117,13 @@ t_chain(Config) when is_list(Config) ->
t_authenticator({'init', Config}) -> t_authenticator({'init', Config}) ->
[{"auth1", {'password-based', 'built-in-database'}}, [{"auth1", {'password_based', 'built_in_database'}},
{"auth2", {'password-based', mysql}} | Config]; {"auth2", {'password_based', mysql}} | Config];
t_authenticator(Config) when is_list(Config) -> t_authenticator(Config) when is_list(Config) ->
ChainName = 'test', ChainName = 'test',
AuthenticatorConfig1 = #{mechanism => 'password-based', AuthenticatorConfig1 = #{mechanism => 'password_based',
backend => 'built-in-database', backend => 'built_in_database',
enable => true}, enable => true},
% Create an authenticator when the authentication chain does not exist % Create an authenticator when the authentication chain does not exist
@ -140,7 +140,7 @@ t_authenticator(Config) when is_list(Config) ->
AuthNType1 = ?config("auth1"), AuthNType1 = ?config("auth1"),
register_provider(AuthNType1, ?MODULE), register_provider(AuthNType1, ?MODULE),
ID1 = <<"password-based:built-in-database">>, ID1 = <<"password_based:built_in_database">>,
% CRUD of authencaticator % CRUD of authencaticator
?assertMatch( ?assertMatch(
@ -169,8 +169,8 @@ t_authenticator(Config) when is_list(Config) ->
% Multiple authenticators exist at the same time % Multiple authenticators exist at the same time
AuthNType2 = ?config("auth2"), AuthNType2 = ?config("auth2"),
register_provider(AuthNType2, ?MODULE), register_provider(AuthNType2, ?MODULE),
ID2 = <<"password-based:mysql">>, ID2 = <<"password_based:mysql">>,
AuthenticatorConfig2 = #{mechanism => 'password-based', AuthenticatorConfig2 = #{mechanism => 'password_based',
backend => mysql, backend => mysql,
enable => true}, enable => true},
@ -202,7 +202,7 @@ t_authenticator({'end', Config}) ->
t_authenticate({init, Config}) -> t_authenticate({init, Config}) ->
[{listener_id, 'tcp:default'}, [{listener_id, 'tcp:default'},
{authn_type, {'password-based', 'built-in-database'}} | Config]; {authn_type, {'password_based', 'built_in_database'}} | Config];
t_authenticate(Config) when is_list(Config) -> t_authenticate(Config) when is_list(Config) ->
ListenerID = ?config(listener_id), ListenerID = ?config(listener_id),
@ -216,8 +216,8 @@ t_authenticate(Config) when is_list(Config) ->
register_provider(AuthNType, ?MODULE), register_provider(AuthNType, ?MODULE),
AuthenticatorConfig = #{mechanism => 'password-based', AuthenticatorConfig = #{mechanism => 'password_based',
backend => 'built-in-database', backend => 'built_in_database',
enable => true}, enable => true},
?AUTHN:create_chain(ListenerID), ?AUTHN:create_chain(ListenerID),
?assertMatch({ok, _}, ?AUTHN:create_authenticator(ListenerID, AuthenticatorConfig)), ?assertMatch({ok, _}, ?AUTHN:create_authenticator(ListenerID, AuthenticatorConfig)),
@ -238,8 +238,8 @@ t_authenticate({'end', Config}) ->
t_update_config({init, Config}) -> t_update_config({init, Config}) ->
Global = 'mqtt:global', Global = 'mqtt:global',
AuthNType1 = {'password-based', 'built-in-database'}, AuthNType1 = {'password_based', 'built_in_database'},
AuthNType2 = {'password-based', mysql}, AuthNType2 = {'password_based', mysql},
[{global, Global}, [{global, Global},
{"auth1", AuthNType1}, {"auth1", AuthNType1},
{"auth2", AuthNType2} | Config]; {"auth2", AuthNType2} | Config];
@ -249,14 +249,14 @@ t_update_config(Config) when is_list(Config) ->
ok = register_provider(?config("auth1"), ?MODULE), ok = register_provider(?config("auth1"), ?MODULE),
ok = register_provider(?config("auth2"), ?MODULE), ok = register_provider(?config("auth2"), ?MODULE),
Global = ?config(global), Global = ?config(global),
AuthenticatorConfig1 = #{<<"mechanism">> => <<"password-based">>, AuthenticatorConfig1 = #{<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"enable">> => true}, <<"enable">> => true},
AuthenticatorConfig2 = #{<<"mechanism">> => <<"password-based">>, AuthenticatorConfig2 = #{<<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"mysql">>, <<"backend">> => <<"mysql">>,
<<"enable">> => true}, <<"enable">> => true},
ID1 = <<"password-based:built-in-database">>, ID1 = <<"password_based:built_in_database">>,
ID2 = <<"password-based:mysql">>, ID2 = <<"password_based:mysql">>,
?assertMatch({ok, []}, ?AUTHN:list_chains()), ?assertMatch({ok, []}, ?AUTHN:list_chains()),
@ -391,7 +391,7 @@ t_convert_certs(Config) when is_list(Config) ->
, {<<"cacertfile">>, "cacert.pem"} , {<<"cacertfile">>, "cacert.pem"}
]), ]),
CertsDir = certs_dir(Config, [Global, <<"password-based:built-in-database">>]), CertsDir = certs_dir(Config, [Global, <<"password_based:built_in_database">>]),
#{<<"ssl">> := NCerts} = convert_certs(CertsDir, #{<<"ssl">> => Certs}), #{<<"ssl">> := NCerts} = convert_certs(CertsDir, #{<<"ssl">> => Certs}),
Certs2 = certs([ {<<"keyfile">>, "key.pem"} Certs2 = certs([ {<<"keyfile">>, "key.pem"}

14
apps/emqx_authn/src/emqx_authn.erl
View File

@ -25,14 +25,14 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
providers() -> providers() ->
[ {{'password-based', 'built-in-database'}, emqx_authn_mnesia} [ {{'password_based', 'built_in_database'}, emqx_authn_mnesia}
, {{'password-based', mysql}, emqx_authn_mysql} , {{'password_based', mysql}, emqx_authn_mysql}
, {{'password-based', postgresql}, emqx_authn_pgsql} , {{'password_based', postgresql}, emqx_authn_pgsql}
, {{'password-based', mongodb}, emqx_authn_mongodb} , {{'password_based', mongodb}, emqx_authn_mongodb}
, {{'password-based', redis}, emqx_authn_redis} , {{'password_based', redis}, emqx_authn_redis}
, {{'password-based', 'http'}, emqx_authn_http} , {{'password_based', 'http'}, emqx_authn_http}
, {jwt, emqx_authn_jwt} , {jwt, emqx_authn_jwt}
, {{scram, 'built-in-database'}, emqx_enhanced_authn_scram_mnesia} , {{scram, 'built_in_database'}, emqx_enhanced_authn_scram_mnesia}
]. ].
check_configs(C) when is_map(C) -> check_configs(C) when is_map(C) ->

30
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -964,21 +964,21 @@ authenticator_array_example() ->
authenticator_examples() -> authenticator_examples() ->
#{ #{
'password-based:built-in-database' => #{ 'password_based:built_in_database' => #{
summary => <<"Built-in password-based authentication">>, summary => <<"Built-in password_based authentication">>,
value => #{ value => #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
user_id_type => <<"username">>, user_id_type => <<"username">>,
password_hash_algorithm => #{ password_hash_algorithm => #{
name => <<"sha256">> name => <<"sha256">>
} }
} }
}, },
'password-based:http' => #{ 'password_based:http' => #{
summary => <<"Password-based authentication through external HTTP API">>, summary => <<"password_based authentication through external HTTP API">>,
value => #{ value => #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
backend => <<"http">>, backend => <<"http">>,
method => <<"post">>, method => <<"post">>,
url => <<"http://127.0.0.1:18083">>, url => <<"http://127.0.0.1:18083">>,
@ -1009,10 +1009,10 @@ authenticator_examples() ->
} }
} }
}, },
'password-based:mongodb' => #{ 'password_based:mongodb' => #{
summary => <<"Password-based authentication with MongoDB backend">>, summary => <<"password_based authentication with MongoDB backend">>,
value => #{ value => #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
backend => <<"mongodb">>, backend => <<"mongodb">>,
server => <<"127.0.0.1:27017">>, server => <<"127.0.0.1:27017">>,
database => example, database => example,
@ -1027,10 +1027,10 @@ authenticator_examples() ->
salt_position => <<"prefix">> salt_position => <<"prefix">>
} }
}, },
'password-based:redis' => #{ 'password_based:redis' => #{
summary => <<"Password-based authentication with Redis backend">>, summary => <<"password_based authentication with Redis backend">>,
value => #{ value => #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
backend => <<"redis">>, backend => <<"redis">>,
server => <<"127.0.0.1:6379">>, server => <<"127.0.0.1:6379">>,
database => 0, database => 0,
@ -1091,10 +1091,10 @@ request_move_examples() ->
position => <<"bottom">> position => <<"bottom">>
} }
}, },
'move_before_password-based:built-in-database' => #{ 'move_before_password_based:built_in_database' => #{
summary => <<"Move authenticator to the position preceding some other authenticator">>, summary => <<"Move authenticator to the position preceding some other authenticator">>,
value => #{ value => #{
position => <<"before:password-based:built-in-database">> position => <<"before:password_based:built_in_database">>
} }
} }
}. }.

2
apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
View File

@ -87,7 +87,7 @@ roots() -> [?CONF_NS].
fields(?CONF_NS) -> fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('scram')} [ {mechanism, emqx_authn_schema:mechanism('scram')}
, {backend, emqx_authn_schema:backend('built-in-database')} , {backend, emqx_authn_schema:backend('built_in_database')}
, {algorithm, fun algorithm/1} , {algorithm, fun algorithm/1}
, {iteration_count, fun iteration_count/1} , {iteration_count, fun iteration_count/1}
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().

2
apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
View File

@ -60,7 +60,7 @@ fields(post) ->
] ++ common_fields(). ] ++ common_fields().
common_fields() -> common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(http)} , {backend, emqx_authn_schema:backend(http)}
, {url, fun url/1} , {url, fun url/1}
, {body, map([{fuzzy, term(), binary()}])} , {body, map([{fuzzy, term(), binary()}])}

4
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -93,8 +93,8 @@ namespace() -> "authn-builtin_db".
roots() -> [?CONF_NS]. roots() -> [?CONF_NS].
fields(?CONF_NS) -> fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend('built-in-database')} , {backend, emqx_authn_schema:backend('built_in_database')}
, {user_id_type, fun user_id_type/1} , {user_id_type, fun user_id_type/1}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1} , {password_hash_algorithm, fun emqx_authn_password_hashing:type_rw/1}
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().

2
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
View File

@ -56,7 +56,7 @@ fields('sharded-cluster') ->
common_fields() ++ emqx_connector_mongo:fields(sharded). common_fields() ++ emqx_connector_mongo:fields(sharded).
common_fields() -> common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(mongodb)} , {backend, emqx_authn_schema:backend(mongodb)}
, {collection, fun collection/1} , {collection, fun collection/1}
, {selector, fun selector/1} , {selector, fun selector/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
View File

@ -44,7 +44,7 @@ namespace() -> "authn-mysql".
roots() -> [?CONF_NS]. roots() -> [?CONF_NS].
fields(?CONF_NS) -> fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(mysql)} , {backend, emqx_authn_schema:backend(mysql)}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1} , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
, {query, fun query/1} , {query, fun query/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
View File

@ -50,7 +50,7 @@ namespace() -> "authn-postgresql".
roots() -> [?CONF_NS]. roots() -> [?CONF_NS].
fields(?CONF_NS) -> fields(?CONF_NS) ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(postgresql)} , {backend, emqx_authn_schema:backend(postgresql)}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1} , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
, {query, fun query/1} , {query, fun query/1}

2
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -56,7 +56,7 @@ fields(sentinel) ->
common_fields() ++ emqx_connector_redis:fields(sentinel). common_fields() ++ emqx_connector_redis:fields(sentinel).
common_fields() -> common_fields() ->
[ {mechanism, emqx_authn_schema:mechanism('password-based')} [ {mechanism, emqx_authn_schema:mechanism('password_based')}
, {backend, emqx_authn_schema:backend(redis)} , {backend, emqx_authn_schema:backend(redis)}
, {cmd, fun cmd/1} , {cmd, fun cmd/1}
, {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1} , {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}

46
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -155,7 +155,7 @@ test_authenticators(PathPrefix) ->
InvalidConfig1), InvalidConfig1),
?assertAuthenticatorsMatch( ?assertAuthenticatorsMatch(
[#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}], [#{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>}],
PathPrefix ++ [?CONF_NS]). PathPrefix ++ [?CONF_NS]).
test_authenticator(PathPrefix) -> test_authenticator(PathPrefix) ->
@ -166,49 +166,49 @@ test_authenticator(PathPrefix) ->
ValidConfig0), ValidConfig0),
{ok, 200, _} = request( {ok, 200, _} = request(
get, get,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"])), uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
{ok, 404, _} = request( {ok, 404, _} = request(
get, get,
uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])), uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
{ok, 404, _} = request( {ok, 404, _} = request(
put, put,
uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database"]), uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database"]),
emqx_authn_test_lib:built_in_database_example()), emqx_authn_test_lib:built_in_database_example()),
InvalidConfig0 = ValidConfig0#{method => <<"delete">>}, InvalidConfig0 = ValidConfig0#{method => <<"delete">>},
{ok, 400, _} = request( {ok, 400, _} = request(
put, put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]), uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
InvalidConfig0), InvalidConfig0),
InvalidConfig1 = ValidConfig0#{method => <<"get">>, InvalidConfig1 = ValidConfig0#{method => <<"get">>,
headers => #{<<"content-type">> => <<"application/json">>}}, headers => #{<<"content-type">> => <<"application/json">>}},
{ok, 400, _} = request( {ok, 400, _} = request(
put, put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]), uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
InvalidConfig1), InvalidConfig1),
ValidConfig1 = ValidConfig0#{pool_size => 9}, ValidConfig1 = ValidConfig0#{pool_size => 9},
{ok, 200, _} = request( {ok, 200, _} = request(
put, put,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"]), uri(PathPrefix ++ [?CONF_NS, "password_based:http"]),
ValidConfig1), ValidConfig1),
{ok, 404, _} = request( {ok, 404, _} = request(
delete, delete,
uri(PathPrefix ++ [?CONF_NS, "password-based:redis"])), uri(PathPrefix ++ [?CONF_NS, "password_based:redis"])),
{ok, 204, _} = request( {ok, 204, _} = request(
delete, delete,
uri(PathPrefix ++ [?CONF_NS, "password-based:http"])), uri(PathPrefix ++ [?CONF_NS, "password_based:http"])),
?assertAuthenticatorsMatch([], PathPrefix ++ [?CONF_NS]). ?assertAuthenticatorsMatch([], PathPrefix ++ [?CONF_NS]).
test_authenticator_users(PathPrefix) -> test_authenticator_users(PathPrefix) ->
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]), UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
{ok, 200, _} = request( {ok, 200, _} = request(
post, post,
@ -263,7 +263,7 @@ test_authenticator_users(PathPrefix) ->
lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])). lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])).
test_authenticator_user(PathPrefix) -> test_authenticator_user(PathPrefix) ->
UsersUri = uri(PathPrefix ++ [?CONF_NS, "password-based:built-in-database", "users"]), UsersUri = uri(PathPrefix ++ [?CONF_NS, "password_based:built_in_database", "users"]),
{ok, 200, _} = request( {ok, 200, _} = request(
post, post,
@ -318,9 +318,9 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch( ?assertAuthenticatorsMatch(
[ [
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}, #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>}, #{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>} #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
], ],
PathPrefix ++ [?CONF_NS]), PathPrefix ++ [?CONF_NS]),
@ -344,12 +344,12 @@ test_authenticator_move(PathPrefix) ->
{ok, 404, _} = request( {ok, 404, _} = request(
post, post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]), uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:redis">>}), #{position => <<"before:password_based:redis">>}),
{ok, 404, _} = request( {ok, 404, _} = request(
post, post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]), uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:redis">>}), #{position => <<"before:password_based:redis">>}),
% Valid moves % Valid moves
@ -361,8 +361,8 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch( ?assertAuthenticatorsMatch(
[ [
#{<<"mechanism">> := <<"jwt">>}, #{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}, #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>} #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
], ],
PathPrefix ++ [?CONF_NS]), PathPrefix ++ [?CONF_NS]),
@ -373,8 +373,8 @@ test_authenticator_move(PathPrefix) ->
?assertAuthenticatorsMatch( ?assertAuthenticatorsMatch(
[ [
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}, #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}, #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>},
#{<<"mechanism">> := <<"jwt">>} #{<<"mechanism">> := <<"jwt">>}
], ],
PathPrefix ++ [?CONF_NS]), PathPrefix ++ [?CONF_NS]),
@ -382,20 +382,20 @@ test_authenticator_move(PathPrefix) ->
{ok, 204, _} = request( {ok, 204, _} = request(
post, post,
uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]), uri(PathPrefix ++ [?CONF_NS, "jwt", "move"]),
#{position => <<"before:password-based:built-in-database">>}), #{position => <<"before:password_based:built_in_database">>}),
?assertAuthenticatorsMatch( ?assertAuthenticatorsMatch(
[ [
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}, #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>}, #{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>} #{<<"mechanism">> := <<"password_based">>, <<"backend">> := <<"built_in_database">>}
], ],
PathPrefix ++ [?CONF_NS]). PathPrefix ++ [?CONF_NS]).
test_authenticator_import_users(PathPrefix) -> test_authenticator_import_users(PathPrefix) ->
ImportUri = uri( ImportUri = uri(
PathPrefix ++ PathPrefix ++
[?CONF_NS, "password-based:built-in-database", "import_users"]), [?CONF_NS, "password_based:built_in_database", "import_users"]),
{ok, 200, _} = request( {ok, 200, _} = request(

4
apps/emqx_authn/test/emqx_authn_http_SUITE.erl
View File

@ -179,7 +179,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly % We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:http">>, CorrectConfig}), {update_authenticator, ?GLOBAL, <<"password_based:http">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate(?CREDENTIALS). {ok,_} = emqx_access_control:authenticate(?CREDENTIALS).
@ -240,7 +240,7 @@ test_is_superuser({Kind, Value, ExpectedValue}) ->
raw_http_auth_config() -> raw_http_auth_config() ->
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
enable => <<"true">>, enable => <<"true">>,
backend => <<"http">>, backend => <<"http">>,

2
apps/emqx_authn/test/emqx_authn_https_SUITE.erl
View File

@ -124,7 +124,7 @@ raw_https_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(), emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}), #{enable => <<"true">>}),
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
enable => <<"true">>, enable => <<"true">>,
backend => <<"http">>, backend => <<"http">>,

8
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
View File

@ -53,8 +53,8 @@ end_per_testcase(_Case, Config) ->
t_check_schema(_Config) -> t_check_schema(_Config) ->
ConfigOk = #{ ConfigOk = #{
<<"mechanism">> => <<"password-based">>, <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">>, <<"user_id_type">> => <<"username">>,
<<"password_hash_algorithm">> => #{ <<"password_hash_algorithm">> => #{
<<"name">> => <<"bcrypt">>, <<"name">> => <<"bcrypt">>,
@ -65,8 +65,8 @@ t_check_schema(_Config) ->
hocon_tconf:check_plain(emqx_authn_mnesia, ?CONF(ConfigOk)), hocon_tconf:check_plain(emqx_authn_mnesia, ?CONF(ConfigOk)),
ConfigNotOk = #{ ConfigNotOk = #{
<<"mechanism">> => <<"password-based">>, <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">>, <<"user_id_type">> => <<"username">>,
<<"password_hash_algorithm">> => #{ <<"password_hash_algorithm">> => #{
<<"name">> => <<"md6">> <<"name">> => <<"md6">>

16
apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl
View File

@ -177,7 +177,7 @@ t_update(_Config) ->
% We update with config with correct selector, provider should update and work properly % We update with config with correct selector, provider should update and work properly
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:mongodb">>, CorrectConfig}), {update_authenticator, ?GLOBAL, <<"password_based:mongodb">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate( {ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>, #{username => <<"plain">>,
@ -238,7 +238,7 @@ test_is_superuser({Value, ExpectedValue}) ->
raw_mongo_auth_config() -> raw_mongo_auth_config() ->
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,
@ -309,7 +309,8 @@ user_seeds() ->
#{data => #{ #{data => #{
username => <<"bcrypt">>, username => <<"bcrypt">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>, password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>, salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => 0 is_superuser => 0
}, },
@ -325,7 +326,8 @@ user_seeds() ->
#{data => #{ #{data => #{
username => <<"bcrypt0">>, username => <<"bcrypt0">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>, password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>, salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">> is_superuser => <<"0">>
}, },
@ -343,7 +345,8 @@ user_seeds() ->
#{data => #{ #{data => #{
username => <<"bcrypt1">>, username => <<"bcrypt1">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>, password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>, salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">> is_superuser => <<"0">>
}, },
@ -360,7 +363,8 @@ user_seeds() ->
#{data => #{ #{data => #{
username => <<"bcrypt2">>, username => <<"bcrypt2">>,
password_hash => <<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>, password_hash =>
<<"$2b$12$wtY3h20mUjjmeaClpqZVveDWGlHzCGsvuThMlneGHA7wVeFYyns2u">>,
salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>, salt => <<"$2b$12$wtY3h20mUjjmeaClpqZVve">>,
is_superuser => <<"0">> is_superuser => <<"0">>
}, },

2
apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl
View File

@ -151,7 +151,7 @@ raw_mongo_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(), emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}), #{enable => <<"true">>}),
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

6
apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl
View File

@ -28,7 +28,7 @@
-define(MYSQL_RESOURCE, <<"emqx_authn_mysql_SUITE">>). -define(MYSQL_RESOURCE, <<"emqx_authn_mysql_SUITE">>).
-define(PATH, [authentication]). -define(PATH, [authentication]).
-define(ResourceID, <<"password-based:mysql">>). -define(ResourceID, <<"password_based:mysql">>).
all() -> all() ->
[{group, require_seeds}, t_create, t_create_invalid]. [{group, require_seeds}, t_create, t_create_invalid].
@ -190,7 +190,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly % We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:mysql">>, CorrectConfig}), {update_authenticator, ?GLOBAL, <<"password_based:mysql">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate( {ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>, #{username => <<"plain">>,
@ -205,7 +205,7 @@ t_update(_Config) ->
raw_mysql_auth_config() -> raw_mysql_auth_config() ->
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(MYSQL_HOST, "mysql-tls"). -define(MYSQL_HOST, "mysql-tls").
-define(PATH, [authentication]). -define(PATH, [authentication]).
-define(ResourceID, <<"password-based:mysql">>). -define(ResourceID, <<"password_based:mysql">>).
all() -> all() ->
emqx_common_test_helpers:all(?MODULE). emqx_common_test_helpers:all(?MODULE).
@ -116,7 +116,7 @@ raw_mysql_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(), emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}), #{enable => <<"true">>}),
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

8
apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(PGSQL_HOST, "pgsql"). -define(PGSQL_HOST, "pgsql").
-define(PGSQL_RESOURCE, <<"emqx_authn_pgsql_SUITE">>). -define(PGSQL_RESOURCE, <<"emqx_authn_pgsql_SUITE">>).
-define(ResourceID, <<"password-based:postgresql">>). -define(ResourceID, <<"password_based:postgresql">>).
-define(PATH, [authentication]). -define(PATH, [authentication]).
@ -191,7 +191,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly % We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, CorrectConfig}), {update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate( {ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>, #{username => <<"plain">>,
@ -243,7 +243,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
Config = maps:put(query, Query, raw_pgsql_auth_config()), Config = maps:put(query, Query, raw_pgsql_auth_config()),
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:postgresql">>, Config}), {update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, Config}),
Credentials = #{ Credentials = #{
listener => 'tcp:default', listener => 'tcp:default',
@ -262,7 +262,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
raw_pgsql_auth_config() -> raw_pgsql_auth_config() ->
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl
View File

@ -27,7 +27,7 @@
-define(PGSQL_HOST, "pgsql-tls"). -define(PGSQL_HOST, "pgsql-tls").
-define(PATH, [authentication]). -define(PATH, [authentication]).
-define(ResourceID, <<"password-based:postgresql">>). -define(ResourceID, <<"password_based:postgresql">>).
all() -> all() ->
emqx_common_test_helpers:all(?MODULE). emqx_common_test_helpers:all(?MODULE).
@ -116,7 +116,7 @@ raw_pgsql_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(), emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}), #{enable => <<"true">>}),
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

6
apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
View File

@ -28,7 +28,7 @@
-define(REDIS_RESOURCE, <<"emqx_authn_redis_SUITE">>). -define(REDIS_RESOURCE, <<"emqx_authn_redis_SUITE">>).
-define(PATH, [authentication]). -define(PATH, [authentication]).
-define(ResourceID, <<"password-based:redis">>). -define(ResourceID, <<"password_based:redis">>).
all() -> all() ->
[{group, require_seeds}, t_create, t_create_invalid]. [{group, require_seeds}, t_create, t_create_invalid].
@ -207,7 +207,7 @@ t_update(_Config) ->
% We update with config with correct query, provider should update and work properly % We update with config with correct query, provider should update and work properly
{ok, _} = emqx:update_config( {ok, _} = emqx:update_config(
?PATH, ?PATH,
{update_authenticator, ?GLOBAL, <<"password-based:redis">>, CorrectConfig}), {update_authenticator, ?GLOBAL, <<"password_based:redis">>, CorrectConfig}),
{ok,_} = emqx_access_control:authenticate( {ok,_} = emqx_access_control:authenticate(
#{username => <<"plain">>, #{username => <<"plain">>,
@ -222,7 +222,7 @@ t_update(_Config) ->
raw_redis_auth_config() -> raw_redis_auth_config() ->
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

2
apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl
View File

@ -114,7 +114,7 @@ raw_redis_auth_config(SpecificSSLOpts) ->
emqx_authn_test_lib:client_ssl_cert_opts(), emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}), #{enable => <<"true">>}),
#{ #{
mechanism => <<"password-based">>, mechanism => <<"password_based">>,
password_hash_algorithm => #{name => <<"plain">>, password_hash_algorithm => #{name => <<"plain">>,
salt_position => <<"suffix">>}, salt_position => <<"suffix">>},
enable => <<"true">>, enable => <<"true">>,

4
apps/emqx_authn/test/emqx_authn_test_lib.erl
View File

@ -26,10 +26,10 @@ authenticator_example(Id) ->
Example. Example.
http_example() -> http_example() ->
authenticator_example('password-based:http'). authenticator_example('password_based:http').
built_in_database_example() -> built_in_database_example() ->
authenticator_example('password-based:built-in-database'). authenticator_example('password_based:built_in_database').
jwt_example() -> jwt_example() ->
authenticator_example(jwt). authenticator_example(jwt).

8
apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl
View File

@ -58,7 +58,7 @@ end_per_testcase(_Case, Config) ->
t_create(_Config) -> t_create(_Config) ->
ValidConfig = #{ ValidConfig = #{
<<"mechanism">> => <<"scram">>, <<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"algorithm">> => <<"sha512">>, <<"algorithm">> => <<"sha512">>,
<<"iteration_count">> => <<"4096">> <<"iteration_count">> => <<"4096">>
}, },
@ -73,7 +73,7 @@ t_create(_Config) ->
t_create_invalid(_Config) -> t_create_invalid(_Config) ->
InvalidConfig = #{ InvalidConfig = #{
<<"mechanism">> => <<"scram">>, <<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"algorithm">> => <<"sha271828">>, <<"algorithm">> => <<"sha271828">>,
<<"iteration_count">> => <<"4096">> <<"iteration_count">> => <<"4096">>
}, },
@ -339,7 +339,7 @@ test_is_superuser(UserInfo, ExpectedIsSuperuser) ->
config() -> config() ->
#{ #{
mechanism => <<"scram">>, mechanism => <<"scram">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
algorithm => sha512, algorithm => sha512,
iteration_count => 4096 iteration_count => 4096
}. }.
@ -347,7 +347,7 @@ config() ->
raw_config(Algorithm) -> raw_config(Algorithm) ->
#{ #{
<<"mechanism">> => <<"scram">>, <<"mechanism">> => <<"scram">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"algorithm">> => atom_to_binary(Algorithm), <<"algorithm">> => atom_to_binary(Algorithm),
<<"iteration_count">> => <<"4096">> <<"iteration_count">> => <<"4096">>
}. }.

2
apps/emqx_authz/etc/emqx_authz.conf
View File

@ -56,7 +56,7 @@ authorization {
# selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] } # selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] }
# }, # },
{ {
type: built-in-database type: built_in_database
}, },
{ {
type: file type: file

15
apps/emqx_authz/src/emqx_authz.erl
View File

@ -111,11 +111,14 @@ lookup(Type) ->
Source. Source.
move(Type, #{<<"before">> := Before}) -> move(Type, #{<<"before">> := Before}) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))}); emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_BEFORE(type(Before))});
move(Type, #{<<"after">> := After}) -> move(Type, #{<<"after">> := After}) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))}); emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), ?CMD_MOVE_AFTER(type(After))});
move(Type, Position) -> move(Type, Position) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}). emqx_authz_utils:update_config(
?CONF_KEY_PATH, {?CMD_MOVE, type(Type), Position}).
update({?CMD_REPLACE, Type}, Sources) -> update({?CMD_REPLACE, Type}, Sources) ->
emqx_authz_utils:update_config(?CONF_KEY_PATH, {{?CMD_REPLACE, type(Type)}, Sources}); emqx_authz_utils:update_config(?CONF_KEY_PATH, {{?CMD_REPLACE, type(Type)}, Sources});
@ -341,7 +344,7 @@ find_action_in_hooks() ->
[Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ], [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
Action. Action.
authz_module('built-in-database') -> authz_module('built_in_database') ->
emqx_authz_mnesia; emqx_authz_mnesia;
authz_module(Type) -> authz_module(Type) ->
list_to_existing_atom("emqx_authz_" ++ atom_to_list(Type)). list_to_existing_atom("emqx_authz_" ++ atom_to_list(Type)).
@ -360,8 +363,8 @@ type(redis) -> redis;
type(<<"redis">>) -> redis; type(<<"redis">>) -> redis;
type(postgresql) -> postgresql; type(postgresql) -> postgresql;
type(<<"postgresql">>) -> postgresql; type(<<"postgresql">>) -> postgresql;
type('built-in-database') -> 'built-in-database'; type('built_in_database') -> 'built_in_database';
type(<<"built-in-database">>) -> 'built-in-database'; type(<<"built_in_database">>) -> 'built_in_database';
%% should never happen if the input is type-checked by hocon schema %% should never happen if the input is type-checked by hocon schema
type(Unknown) -> error({unknown_authz_source_type, Unknown}). type(Unknown) -> error({unknown_authz_source_type, Unknown}).

87
apps/emqx_authz/src/emqx_authz_api_mnesia.erl
View File

@ -65,18 +65,18 @@ api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}). emqx_dashboard_swagger:spec(?MODULE, #{check_schema => true}).
paths() -> paths() ->
[ "/authorization/sources/built-in-database/username" [ "/authorization/sources/built_in_database/username"
, "/authorization/sources/built-in-database/clientid" , "/authorization/sources/built_in_database/clientid"
, "/authorization/sources/built-in-database/username/:username" , "/authorization/sources/built_in_database/username/:username"
, "/authorization/sources/built-in-database/clientid/:clientid" , "/authorization/sources/built_in_database/clientid/:clientid"
, "/authorization/sources/built-in-database/all" , "/authorization/sources/built_in_database/all"
, "/authorization/sources/built-in-database/purge-all"]. , "/authorization/sources/built_in_database/purge-all"].
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Schema for each URI %% Schema for each URI
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
schema("/authorization/sources/built-in-database/username") -> schema("/authorization/sources/built_in_database/username") ->
#{ 'operationId' => users #{ 'operationId' => users
, get => , get =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -106,7 +106,7 @@ schema("/authorization/sources/built-in-database/username") ->
} }
} }
}; };
schema("/authorization/sources/built-in-database/clientid") -> schema("/authorization/sources/built_in_database/clientid") ->
#{ 'operationId' => clients #{ 'operationId' => clients
, get => , get =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -138,7 +138,7 @@ schema("/authorization/sources/built-in-database/clientid") ->
} }
} }
}; };
schema("/authorization/sources/built-in-database/username/:username") -> schema("/authorization/sources/built_in_database/username/:username") ->
#{ 'operationId' => user #{ 'operationId' => user
, get => , get =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -171,10 +171,12 @@ schema("/authorization/sources/built-in-database/username/:username") ->
#{ 204 => <<"Deleted">> #{ 204 => <<"Deleted">>
, 400 => emqx_dashboard_swagger:error_codes( , 400 => emqx_dashboard_swagger:error_codes(
[?BAD_REQUEST], <<"Bad username">>) [?BAD_REQUEST], <<"Bad username">>)
, 404 => emqx_dashboard_swagger:error_codes(
[?NOT_FOUND], <<"Username Not Found">>)
} }
} }
}; };
schema("/authorization/sources/built-in-database/clientid/:clientid") -> schema("/authorization/sources/built_in_database/clientid/:clientid") ->
#{ 'operationId' => client #{ 'operationId' => client
, get => , get =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -207,10 +209,12 @@ schema("/authorization/sources/built-in-database/clientid/:clientid") ->
#{ 204 => <<"Deleted">> #{ 204 => <<"Deleted">>
, 400 => emqx_dashboard_swagger:error_codes( , 400 => emqx_dashboard_swagger:error_codes(
[?BAD_REQUEST], <<"Bad clientid">>) [?BAD_REQUEST], <<"Bad clientid">>)
, 404 => emqx_dashboard_swagger:error_codes(
[?NOT_FOUND], <<"ClientID Not Found">>)
} }
} }
}; };
schema("/authorization/sources/built-in-database/all") -> schema("/authorization/sources/built_in_database/all") ->
#{ 'operationId' => all #{ 'operationId' => all
, get => , get =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -218,19 +222,20 @@ schema("/authorization/sources/built-in-database/all") ->
, responses => , responses =>
#{200 => swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE})} #{200 => swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE})}
} }
, put => , post =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
, description => <<"Set the list of rules for all">> , description => <<"Create/Update the list of rules for all. "
"Set a empty list to clean up rules">>
, 'requestBody' => , 'requestBody' =>
swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE}) swagger_with_example({rules, ?TYPE_REF}, {all, ?PUT_MAP_EXAMPLE})
, responses => , responses =>
#{ 204 => <<"Created">> #{ 204 => <<"Updated">>
, 400 => emqx_dashboard_swagger:error_codes( , 400 => emqx_dashboard_swagger:error_codes(
[?BAD_REQUEST], <<"Bad rule schema">>) [?BAD_REQUEST], <<"Bad rule schema">>)
} }
} }
}; };
schema("/authorization/sources/built-in-database/purge-all") -> schema("/authorization/sources/built_in_database/purge-all") ->
#{ 'operationId' => purge #{ 'operationId' => purge
, delete => , delete =>
#{ tags => [<<"authorization">>] #{ tags => [<<"authorization">>]
@ -315,8 +320,8 @@ clients(get, #{query_string := QueryString}) ->
?ACL_TABLE, ?ACL_CLIENTID_QSCHEMA, ?QUERY_CLIENTID_FUN), ?ACL_TABLE, ?ACL_CLIENTID_QSCHEMA, ?QUERY_CLIENTID_FUN),
emqx_mgmt_util:generate_response(Response); emqx_mgmt_util:generate_response(Response);
clients(post, #{body := Body}) when is_list(Body) -> clients(post, #{body := Body}) when is_list(Body) ->
lists:foreach(fun(#{<<"clientid">> := Clientid, <<"rules">> := Rules}) -> lists:foreach(fun(#{<<"clientid">> := ClientID, <<"rules">> := Rules}) ->
emqx_authz_mnesia:store_rules({clientid, Clientid}, format_rules(Rules)) emqx_authz_mnesia:store_rules({clientid, ClientID}, format_rules(Rules))
end, Body), end, Body),
{204}. {204}.
@ -332,31 +337,41 @@ user(get, #{bindings := #{username := Username}}) ->
} }
end; end;
user(put, #{bindings := #{username := Username}, user(put, #{bindings := #{username := Username},
body := #{<<"username">> := Username, <<"rules">> := Rules}}) -> body := #{<<"username">> := Username, <<"rules">> := Rules}}) ->
emqx_authz_mnesia:store_rules({username, Username}, format_rules(Rules)), emqx_authz_mnesia:store_rules({username, Username}, format_rules(Rules)),
{204}; {204};
user(delete, #{bindings := #{username := Username}}) -> user(delete, #{bindings := #{username := Username}}) ->
emqx_authz_mnesia:delete_rules({username, Username}), case emqx_authz_mnesia:get_rules({username, Username}) of
{204}. not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"Username Not Found">>}};
{ok, _Rules} ->
emqx_authz_mnesia:delete_rules({username, Username}),
{204}
end.
client(get, #{bindings := #{clientid := Clientid}}) -> client(get, #{bindings := #{clientid := ClientID}}) ->
case emqx_authz_mnesia:get_rules({clientid, Clientid}) of case emqx_authz_mnesia:get_rules({clientid, ClientID}) of
not_found -> {404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}}; not_found -> {404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}};
{ok, Rules} -> {ok, Rules} ->
{200, #{clientid => Clientid, {200, #{clientid => ClientID,
rules => [ #{topic => Topic, rules => [ #{topic => Topic,
action => Action, action => Action,
permission => Permission permission => Permission
} || {Permission, Action, Topic} <- Rules]} } || {Permission, Action, Topic} <- Rules]}
} }
end; end;
client(put, #{bindings := #{clientid := Clientid}, client(put, #{bindings := #{clientid := ClientID},
body := #{<<"clientid">> := Clientid, <<"rules">> := Rules}}) -> body := #{<<"clientid">> := ClientID, <<"rules">> := Rules}}) ->
emqx_authz_mnesia:store_rules({clientid, Clientid}, format_rules(Rules)), emqx_authz_mnesia:store_rules({clientid, ClientID}, format_rules(Rules)),
{204}; {204};
client(delete, #{bindings := #{clientid := Clientid}}) -> client(delete, #{bindings := #{clientid := ClientID}}) ->
emqx_authz_mnesia:delete_rules({clientid, Clientid}), case emqx_authz_mnesia:get_rules({clientid, ClientID}) of
{204}. not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"ClientID Not Found">>}};
{ok, _Rules} ->
emqx_authz_mnesia:delete_rules({clientid, ClientID}),
{204}
end.
all(get, _) -> all(get, _) ->
case emqx_authz_mnesia:get_rules(all) of case emqx_authz_mnesia:get_rules(all) of
@ -369,22 +384,22 @@ all(get, _) ->
} || {Permission, Action, Topic} <- Rules]} } || {Permission, Action, Topic} <- Rules]}
} }
end; end;
all(put, #{body := #{<<"rules">> := Rules}}) -> all(post, #{body := #{<<"rules">> := Rules}}) ->
emqx_authz_mnesia:store_rules(all, format_rules(Rules)), emqx_authz_mnesia:store_rules(all, format_rules(Rules)),
{204}. {204}.
purge(delete, _) -> purge(delete, _) ->
case emqx_authz_api_sources:get_raw_source(<<"built-in-database">>) of case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of
[#{<<"enable">> := false}] -> [#{<<"enable">> := false}] ->
ok = emqx_authz_mnesia:purge_rules(), ok = emqx_authz_mnesia:purge_rules(),
{204}; {204};
[#{<<"enable">> := true}] -> [#{<<"enable">> := true}] ->
{400, #{code => <<"BAD_REQUEST">>, {400, #{code => <<"BAD_REQUEST">>,
message => message =>
<<"'built-in-database' type source must be disabled before purge.">>}}; <<"'built_in_database' type source must be disabled before purge.">>}};
[] -> [] ->
{404, #{code => <<"BAD_REQUEST">>, {404, #{code => <<"BAD_REQUEST">>,
message => <<"'built-in-database' type source is not found.">> message => <<"'built_in_database' type source is not found.">>
}} }}
end. end.
@ -453,8 +468,8 @@ format_result([{username, Username}, {rules, Rules}]) ->
permission => Permission permission => Permission
} || {Permission, Action, Topic} <- Rules] } || {Permission, Action, Topic} <- Rules]
}; };
format_result([{clientid, Clientid}, {rules, Rules}]) -> format_result([{clientid, ClientID}, {rules, Rules}]) ->
#{clientid => Clientid, #{clientid => ClientID,
rules => [ #{topic => Topic, rules => [ #{topic => Topic,
action => Action, action => Action,
permission => Permission permission => Permission
@ -498,7 +513,7 @@ rules_example({ExampleName, ExampleType}) ->
[Example] [Example]
end, end,
#{ #{
'password-based:built-in-database' => #{ 'password_based:built_in_database' => #{
summary => Summary, summary => Summary,
value => Value value => Value
} }

6
apps/emqx_authz/src/emqx_authz_api_schema.erl
View File

@ -35,8 +35,8 @@ fields(http) ->
++ maps:to_list(maps:without([ base_url ++ maps:to_list(maps:without([ base_url
, pool_type], , pool_type],
maps:from_list(emqx_connector_http:fields(config)))); maps:from_list(emqx_connector_http:fields(config))));
fields('built-in-database') -> fields('built_in_database') ->
authz_common_fields('built-in-database'); authz_common_fields('built_in_database');
fields(mongo_single) -> fields(mongo_single) ->
authz_mongo_common_fields() authz_mongo_common_fields()
++ emqx_connector_mongo:fields(single); ++ emqx_connector_mongo:fields(single);
@ -170,7 +170,7 @@ authz_sources_types(Type) ->
end end
++ ++
[ http [ http
, 'built-in-database' , 'built_in_database'
, mysql , mysql
, postgresql , postgresql
, file]. , file].

2
apps/emqx_authz/src/emqx_authz_mnesia.erl
View File

@ -94,7 +94,7 @@ dry_run(_Source) -> ok.
authorize(#{username := Username, authorize(#{username := Username,
clientid := Clientid clientid := Clientid
} = Client, PubSub, Topic, #{type := 'built-in-database'}) -> } = Client, PubSub, Topic, #{type := 'built_in_database'}) ->
Rules = case mnesia:dirty_read(?ACL_TABLE, {?ACL_TABLE_CLIENTID, Clientid}) of Rules = case mnesia:dirty_read(?ACL_TABLE, {?ACL_TABLE_CLIENTID, Clientid}) of
[] -> []; [] -> [];

2
apps/emqx_authz/src/emqx_authz_schema.erl
View File

@ -113,7 +113,7 @@ fields(http_post) ->
, {headers, fun headers/1} , {headers, fun headers/1}
] ++ http_common_fields(); ] ++ http_common_fields();
fields(mnesia) -> fields(mnesia) ->
[ {type, #{type => 'built-in-database'}} [ {type, #{type => 'built_in_database'}}
, {enable, #{type => boolean(), , {enable, #{type => boolean(),
default => true}} default => true}}
]; ];

73
apps/emqx_authz/test/emqx_authz_api_mnesia_SUITE.erl
View File

@ -62,7 +62,7 @@ set_special_configs(emqx_authz) ->
{ok, _} = emqx:update_config([authorization, cache, enable], false), {ok, _} = emqx:update_config([authorization, cache, enable], false),
{ok, _} = emqx:update_config([authorization, no_match], deny), {ok, _} = emqx:update_config([authorization, no_match], deny),
{ok, _} = emqx:update_config([authorization, sources], {ok, _} = emqx:update_config([authorization, sources],
[#{<<"type">> => <<"built-in-database">>}]), [#{<<"type">> => <<"built_in_database">>}]),
ok; ok;
set_special_configs(_App) -> set_special_configs(_App) ->
ok. ok.
@ -74,12 +74,12 @@ set_special_configs(_App) ->
t_api(_) -> t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( post request( post
, uri(["authorization", "sources", "built-in-database", "username"]) , uri(["authorization", "sources", "built_in_database", "username"])
, [?USERNAME_RULES_EXAMPLE]), , [?USERNAME_RULES_EXAMPLE]),
{ok, 200, Request1} = {ok, 200, Request1} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "username"]) , uri(["authorization", "sources", "built_in_database", "username"])
, []), , []),
#{<<"data">> := [#{<<"username">> := <<"user1">>, <<"rules">> := Rules1}], #{<<"data">> := [#{<<"username">> := <<"user1">>, <<"rules">> := Rules1}],
<<"meta">> := #{<<"count">> := 1, <<"meta">> := #{<<"count">> := 1,
@ -91,7 +91,7 @@ t_api(_) ->
request( get request( get
, uri([ "authorization" , uri([ "authorization"
, "sources" , "sources"
, "built-in-database" , "built_in_database"
, "username?page=1&limit=20&like_username=noexist"]) , "username?page=1&limit=20&like_username=noexist"])
, []), , []),
#{<<"data">> := [], #{<<"data">> := [],
@ -102,42 +102,47 @@ t_api(_) ->
{ok, 200, Request2} = {ok, 200, Request2} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"]) , uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []), , []),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2), #{<<"username">> := <<"user1">>, <<"rules">> := Rules1} = jsx:decode(Request2),
{ok, 204, _} = {ok, 204, _} =
request( put request( put
, uri(["authorization", "sources", "built-in-database", "username", "user1"]) , uri(["authorization", "sources", "built_in_database", "username", "user1"])
, ?USERNAME_RULES_EXAMPLE#{rules => []}), , ?USERNAME_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request3} = {ok, 200, Request3} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"]) , uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []), , []),
#{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3), #{<<"username">> := <<"user1">>, <<"rules">> := Rules2} = jsx:decode(Request3),
?assertEqual(0, length(Rules2)), ?assertEqual(0, length(Rules2)),
{ok, 204, _} = {ok, 204, _} =
request( delete request( delete
, uri(["authorization", "sources", "built-in-database", "username", "user1"]) , uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []), , []),
{ok, 404, _} = {ok, 404, _} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "username", "user1"]) , uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []), , []),
{ok, 404, _} =
request( delete
, uri(["authorization", "sources", "built_in_database", "username", "user1"])
, []),
{ok, 204, _} = {ok, 204, _} =
request( post request( post
, uri(["authorization", "sources", "built-in-database", "clientid"]) , uri(["authorization", "sources", "built_in_database", "clientid"])
, [?CLIENTID_RULES_EXAMPLE]), , [?CLIENTID_RULES_EXAMPLE]),
{ok, 200, Request4} = {ok, 200, Request4} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "clientid"]) , uri(["authorization", "sources", "built_in_database", "clientid"])
, []), , []),
{ok, 200, Request5} = {ok, 200, Request5} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"]) , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []), , []),
#{<<"data">> := [#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules3}], #{<<"data">> := [#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules3}],
<<"meta">> := #{<<"count">> := 1, <<"limit">> := 100, <<"page">> := 1}} <<"meta">> := #{<<"count">> := 1, <<"limit">> := 100, <<"page">> := 1}}
@ -147,91 +152,97 @@ t_api(_) ->
{ok, 204, _} = {ok, 204, _} =
request( put request( put
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"]) , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, ?CLIENTID_RULES_EXAMPLE#{rules => []}), , ?CLIENTID_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request6} = {ok, 200, Request6} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"]) , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []), , []),
#{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6), #{<<"clientid">> := <<"client1">>, <<"rules">> := Rules4} = jsx:decode(Request6),
?assertEqual(0, length(Rules4)), ?assertEqual(0, length(Rules4)),
{ok, 204, _} = {ok, 204, _} =
request( delete request( delete
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"]) , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []), , []),
{ok, 404, _} = {ok, 404, _} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "clientid", "client1"]) , uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []),
{ok, 404, _} =
request( delete
, uri(["authorization", "sources", "built_in_database", "clientid", "client1"])
, []), , []),
{ok, 204, _} = {ok, 204, _} =
request( put request( post
, uri(["authorization", "sources", "built-in-database", "all"]) , uri(["authorization", "sources", "built_in_database", "all"])
, ?ALL_RULES_EXAMPLE), , ?ALL_RULES_EXAMPLE),
{ok, 200, Request7} = {ok, 200, Request7} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "all"]) , uri(["authorization", "sources", "built_in_database", "all"])
, []), , []),
#{<<"rules">> := Rules5} = jsx:decode(Request7), #{<<"rules">> := Rules5} = jsx:decode(Request7),
?assertEqual(3, length(Rules5)), ?assertEqual(3, length(Rules5)),
{ok, 204, _} = {ok, 204, _} =
request( put request( post
, uri(["authorization", "sources", "built-in-database", "all"]) , uri(["authorization", "sources", "built_in_database", "all"])
, ?ALL_RULES_EXAMPLE#{rules => []}), , ?ALL_RULES_EXAMPLE#{rules => []}),
{ok, 200, Request8} = {ok, 200, Request8} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "all"]) , uri(["authorization", "sources", "built_in_database", "all"])
, []), , []),
#{<<"rules">> := Rules6} = jsx:decode(Request8), #{<<"rules">> := Rules6} = jsx:decode(Request8),
?assertEqual(0, length(Rules6)), ?assertEqual(0, length(Rules6)),
{ok, 204, _} = {ok, 204, _} =
request( post request( post
, uri(["authorization", "sources", "built-in-database", "username"]) , uri(["authorization", "sources", "built_in_database", "username"])
, [ #{username => erlang:integer_to_binary(N), rules => []} , [ #{username => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) ]), || N <- lists:seq(1, 20) ]),
{ok, 200, Request9} = {ok, 200, Request9} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "username?page=2&limit=5"]) , uri(["authorization", "sources", "built_in_database", "username?page=2&limit=5"])
, []), , []),
#{<<"data">> := Data1} = jsx:decode(Request9), #{<<"data">> := Data1} = jsx:decode(Request9),
?assertEqual(5, length(Data1)), ?assertEqual(5, length(Data1)),
{ok, 204, _} = {ok, 204, _} =
request( post request( post
, uri(["authorization", "sources", "built-in-database", "clientid"]) , uri(["authorization", "sources", "built_in_database", "clientid"])
, [ #{clientid => erlang:integer_to_binary(N), rules => []} , [ #{clientid => erlang:integer_to_binary(N), rules => []}
|| N <- lists:seq(1, 20) ]), || N <- lists:seq(1, 20) ]),
{ok, 200, Request10} = {ok, 200, Request10} =
request( get request( get
, uri(["authorization", "sources", "built-in-database", "clientid?limit=5"]) , uri(["authorization", "sources", "built_in_database", "clientid?limit=5"])
, []), , []),
#{<<"data">> := Data2} = jsx:decode(Request10), #{<<"data">> := Data2} = jsx:decode(Request10),
?assertEqual(5, length(Data2)), ?assertEqual(5, length(Data2)),
{ok, 400, Msg1} = {ok, 400, Msg1} =
request( delete request( delete
, uri(["authorization", "sources", "built-in-database", "purge-all"]) , uri(["authorization", "sources", "built_in_database", "purge-all"])
, []), , []),
?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")), ?assertMatch({match, _}, re:run(Msg1, "must\sbe\sdisabled\sbefore")),
{ok, 204, _} = {ok, 204, _} =
request( put request( put
, uri(["authorization", "sources", "built-in-database"]) , uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => true}), , #{<<"enable">> => true}),
%% test idempotence %% test idempotence
{ok, 204, _} = {ok, 204, _} =
request( put request( put
, uri(["authorization", "sources", "built-in-database"]) , uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => true}), , #{<<"enable">> => true}),
{ok, 204, _} = {ok, 204, _} =
request( put request( put
, uri(["authorization", "sources", "built-in-database"]) , uri(["authorization", "sources", "built_in_database"])
, #{<<"enable">> => false}), , #{<<"enable">> => false}),
{ok, 204, _} = {ok, 204, _} =
request( delete request( delete
, uri(["authorization", "sources", "built-in-database", "purge-all"]) , uri(["authorization", "sources", "built_in_database", "purge-all"])
, []), , []),
?assertEqual(0, emqx_authz_mnesia:record_count()), ?assertEqual(0, emqx_authz_mnesia:record_count()),
ok. ok.

2
apps/emqx_authz/test/emqx_authz_mnesia_SUITE.erl
View File

@ -125,7 +125,7 @@ t_normalize_rules(_Config) ->
raw_mnesia_authz_config() -> raw_mnesia_authz_config() ->
#{ #{
<<"enable">> => <<"true">>, <<"enable">> => <<"true">>,
<<"type">> => <<"built-in-database">> <<"type">> => <<"built_in_database">>
}. }.
setup_client_samples(ClientInfo, Samples, Key) -> setup_client_samples(ClientInfo, Samples, Key) ->

4
apps/emqx_conf/etc/emqx_conf.md
View File

@ -196,7 +196,7 @@ e.g. `authentication.1={...}` is parsed as `authentication={"1": {...}}`
Indexed-map arrays can be used to override list arrays: Indexed-map arrays can be used to override list arrays:
``` ```
authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}] authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
# we can disable this authentication provider with: # we can disable this authentication provider with:
authentication.1.enable=false authentication.1.enable=false
``` ```
@ -204,7 +204,7 @@ However, list arrays do not get recursively merged into indexed-map arrays.
e.g. e.g.
``` ```
authentication=[{enable=true, backend="built-in-database", mechanism="password-based"}] authentication=[{enable=true, backend="built_in_database", mechanism="password_based"}]
## below value will replace the whole array, but not to override just one field. ## below value will replace the whole array, but not to override just one field.
authentication=[{enable=true}] authentication=[{enable=true}]
``` ```

2
apps/emqx_conf/src/emqx_conf_schema.erl
View File

@ -959,7 +959,7 @@ In EMQX, MQTT client access control is extremely flexible.<br>
An out-of-the-box set of authorization data sources are supported. An out-of-the-box set of authorization data sources are supported.
For example,<br> For example,<br>
'file' source is to support concise and yet generic ACL rules in a file;<br> 'file' source is to support concise and yet generic ACL rules in a file;<br>
'built-in-database' source can be used to store per-client customizable rule sets, 'built_in_database' source can be used to store per-client customizable rule sets,
natively in the EMQX node;<br> natively in the EMQX node;<br>
'http' source to make EMQX call an external HTTP API to make the decision;<br> 'http' source to make EMQX call an external HTTP API to make the decision;<br>
'PostgreSQL' etc. to look up clients or rules from external databases;<br> 'PostgreSQL' etc. to look up clients or rules from external databases;<br>

8
apps/emqx_gateway/etc/emqx_gateway.conf.example
View File

@ -27,8 +27,8 @@ gateway.stomp {
} }
authentication: { authentication: {
mechanism = password-based mechanism = password_based
backend = built-in-database backend = built_in_database
user_id_type = clientid user_id_type = clientid
} }
@ -43,8 +43,8 @@ gateway.stomp {
] ]
authentication: { authentication: {
mechanism = password-based mechanism = password_based
backend = built-in-database backend = built_in_database
user_id_type = username user_id_type = username
} }

4
apps/emqx_gateway/src/emqx_gateway_api_listeners.erl
View File

@ -709,8 +709,8 @@ examples_listener() ->
, max_connections => 1024000 , max_connections => 1024000
, max_conn_rate => 1000 , max_conn_rate => 1000
, authentication => , authentication =>
#{ backend => <<"built-in-database">> #{ backend => <<"built_in_database">>
, mechanism => <<"password-based">> , mechanism => <<"password_based">>
, password_hash_algorithm => , password_hash_algorithm =>
#{ name => <<"sha256">> #{ name => <<"sha256">>
} }

16
apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
View File

@ -190,8 +190,8 @@ t_authn(_) ->
{201, _} = request(post, "/gateway", GwConf), {201, _} = request(post, "/gateway", GwConf),
{204, _} = request(get, "/gateway/stomp/authentication"), {204, _} = request(get, "/gateway/stomp/authentication"),
AuthConf = #{mechanism => <<"password-based">>, AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
user_id_type => <<"clientid">> user_id_type => <<"clientid">>
}, },
{201, _} = request(post, "/gateway/stomp/authentication", AuthConf), {201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@ -213,8 +213,8 @@ t_authn_data_mgmt(_) ->
{201, _} = request(post, "/gateway", GwConf), {201, _} = request(post, "/gateway", GwConf),
{204, _} = request(get, "/gateway/stomp/authentication"), {204, _} = request(get, "/gateway/stomp/authentication"),
AuthConf = #{mechanism => <<"password-based">>, AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
user_id_type => <<"clientid">> user_id_type => <<"clientid">>
}, },
{201, _} = request(post, "/gateway/stomp/authentication", AuthConf), {201, _} = request(post, "/gateway/stomp/authentication", AuthConf),
@ -291,8 +291,8 @@ t_listeners_authn(_) ->
{200, ConfResp} = request(get, "/gateway/stomp"), {200, ConfResp} = request(get, "/gateway/stomp"),
assert_confs(GwConf, ConfResp), assert_confs(GwConf, ConfResp),
AuthConf = #{mechanism => <<"password-based">>, AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
user_id_type => <<"clientid">> user_id_type => <<"clientid">>
}, },
Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication", Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",
@ -322,8 +322,8 @@ t_listeners_authn_data_mgmt(_) ->
{200, ConfResp} = request(get, "/gateway/stomp"), {200, ConfResp} = request(get, "/gateway/stomp"),
assert_confs(GwConf, ConfResp), assert_confs(GwConf, ConfResp),
AuthConf = #{mechanism => <<"password-based">>, AuthConf = #{mechanism => <<"password_based">>,
backend => <<"built-in-database">>, backend => <<"built_in_database">>,
user_id_type => <<"clientid">> user_id_type => <<"clientid">>
}, },
Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication", Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",

8
apps/emqx_gateway/test/emqx_gateway_conf_SUITE.erl
View File

@ -226,13 +226,13 @@ asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
} }
}). }).
-define(CONF_STOMP_AUTHN_1, -define(CONF_STOMP_AUTHN_1,
#{ <<"mechanism">> => <<"password-based">>, #{ <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"clientid">> <<"user_id_type">> => <<"clientid">>
}). }).
-define(CONF_STOMP_AUTHN_2, -define(CONF_STOMP_AUTHN_2,
#{ <<"mechanism">> => <<"password-based">>, #{ <<"mechanism">> => <<"password_based">>,
<<"backend">> => <<"built-in-database">>, <<"backend">> => <<"built_in_database">>,
<<"user_id_type">> => <<"username">> <<"user_id_type">> => <<"username">>
}). }).