diff --git a/apps/emqx_authn/i18n/emqx_authn_mongodb_i18n.conf b/apps/emqx_authn/i18n/emqx_authn_mongodb_i18n.conf index 0bb4b6984..95e31be35 100644 --- a/apps/emqx_authn/i18n/emqx_authn_mongodb_i18n.conf +++ b/apps/emqx_authn/i18n/emqx_authn_mongodb_i18n.conf @@ -31,7 +31,7 @@ emqx_authn_mongodb { } } - selector { + filter { desc { en: """ Statement that is executed during the authentication process. @@ -47,8 +47,8 @@ Commands can support following wildcards: """ } label: { - en: """Selector""" - zh: """查询""" + en: """Filter""" + zh: """过滤器""" } } diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl index 0e7f03ce7..1817009d2 100644 --- a/apps/emqx_authn/src/emqx_authn_api.erl +++ b/apps/emqx_authn/src/emqx_authn_api.erl @@ -1401,7 +1401,7 @@ authenticator_examples() -> server => <<"127.0.0.1:27017">>, database => example, collection => users, - selector => #{ + filter => #{ username => ?PH_USERNAME }, password_hash_field => <<"password_hash">>, diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl index 2174406e0..1faabf75d 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl @@ -74,7 +74,7 @@ common_fields() -> {mechanism, emqx_authn_schema:mechanism(password_based)}, {backend, emqx_authn_schema:backend(mongodb)}, {collection, fun collection/1}, - {selector, fun selector/1}, + {filter, fun filter/1}, {password_hash_field, fun password_hash_field/1}, {salt_field, fun salt_field/1}, {is_superuser_field, fun is_superuser_field/1}, @@ -86,11 +86,11 @@ collection(desc) -> ?DESC(?FUNCTION_NAME); collection(required) -> true; collection(_) -> undefined. -selector(type) -> +filter(type) -> map(); -selector(desc) -> +filter(desc) -> ?DESC(?FUNCTION_NAME); -selector(_) -> +filter(_) -> undefined. password_hash_field(type) -> binary(); @@ -122,8 +122,8 @@ refs() -> create(_AuthenticatorID, Config) -> create(Config). -create(#{selector := Selector} = Config) -> - SelectorTemplate = emqx_authn_utils:parse_deep(Selector), +create(#{filter := Filter} = Config) -> + FilterTemplate = emqx_authn_utils:parse_deep(Filter), State = maps:with( [ collection, @@ -139,7 +139,7 @@ create(#{selector := Selector} = Config) -> ok = emqx_authn_password_hashing:init(Algorithm), ResourceId = emqx_authn_utils:make_resource_id(?MODULE), NState = State#{ - selector_template => SelectorTemplate, + filter_template => FilterTemplate, resource_id => ResourceId }, case @@ -174,12 +174,12 @@ authenticate( #{password := Password} = Credential, #{ collection := Collection, - selector_template := SelectorTemplate, + filter_template := FilterTemplate, resource_id := ResourceId } = State ) -> - Selector = emqx_authn_utils:render_deep(SelectorTemplate, Credential), - case emqx_resource:query(ResourceId, {find_one, Collection, Selector, #{}}) of + Filter = emqx_authn_utils:render_deep(FilterTemplate, Credential), + case emqx_resource:query(ResourceId, {find_one, Collection, Filter, #{}}) of undefined -> ignore; {error, Reason} -> @@ -187,7 +187,7 @@ authenticate( msg => "mongodb_query_failed", resource => ResourceId, collection => Collection, - selector => Selector, + filter => Filter, reason => Reason }), ignore; @@ -200,7 +200,7 @@ authenticate( msg => "cannot_find_password_hash_field", resource => ResourceId, collection => Collection, - selector => Selector, + filter => Filter, password_hash_field => PasswordHashField }), ignore; diff --git a/apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl index ffd3dfd39..f49d259ac 100644 --- a/apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl @@ -84,7 +84,7 @@ t_create_invalid(_Config) -> InvalidConfigs = [ AuthConfig#{mongo_type => <<"unknown">>}, - AuthConfig#{selector => <<"{ \"username\": \"${username}\" }">>}, + AuthConfig#{filter => <<"{ \"username\": \"${username}\" }">>}, AuthConfig#{w_mode => <<"unknown">>} ], @@ -177,7 +177,7 @@ t_update(_Config) -> ok = init_seeds(), CorrectConfig = raw_mongo_auth_config(), IncorrectConfig = - CorrectConfig#{selector => #{<<"wrongfield">> => <<"wrongvalue">>}}, + CorrectConfig#{filter => #{<<"wrongfield">> => <<"wrongvalue">>}}, {ok, _} = emqx:update_config( ?PATH, @@ -193,7 +193,7 @@ t_update(_Config) -> } ), - % We update with config with correct selector, provider should update and work properly + % We update with config with correct filter, provider should update and work properly {ok, _} = emqx:update_config( ?PATH, {update_authenticator, ?GLOBAL, <<"password_based:mongodb">>, CorrectConfig} @@ -276,7 +276,7 @@ raw_mongo_auth_config() -> server => mongo_server(), w_mode => <<"unsafe">>, - selector => #{<<"username">> => <<"${username}">>}, + filter => #{<<"username">> => <<"${username}">>}, password_hash_field => <<"password_hash">>, salt_field => <<"salt">>, is_superuser_field => <<"is_superuser">> @@ -332,7 +332,7 @@ user_seeds() -> password => <<"sha256">> }, config_params => #{ - selector => #{<<"username">> => <<"${clientid}">>}, + filter => #{<<"username">> => <<"${clientid}">>}, password_hash_algorithm => #{ name => <<"sha256">>, salt_position => <<"prefix">> @@ -373,7 +373,7 @@ user_seeds() -> }, config_params => #{ % clientid variable & username credentials - selector => #{<<"username">> => <<"${clientid}">>}, + filter => #{<<"username">> => <<"${clientid}">>}, password_hash_algorithm => #{name => <<"bcrypt">>} }, result => {error, not_authorized} @@ -392,7 +392,7 @@ user_seeds() -> password => <<"bcrypt">> }, config_params => #{ - selector => #{<<"userid">> => <<"${clientid}">>}, + filter => #{<<"userid">> => <<"${clientid}">>}, password_hash_algorithm => #{name => <<"bcrypt">>} }, result => {error, not_authorized} diff --git a/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl index 48cee7509..274c5b7a4 100644 --- a/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl @@ -189,7 +189,7 @@ raw_mongo_auth_config(SpecificSSLOpts) -> server => mongo_server(), w_mode => <<"unsafe">>, - selector => #{<<"username">> => <<"${username}">>}, + filter => #{<<"username">> => <<"${username}">>}, password_hash_field => <<"password_hash">>, salt_field => <<"salt">>, is_superuser_field => <<"is_superuser">>, diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf index 082f60ae0..f35cf7abe 100644 --- a/apps/emqx_authz/etc/emqx_authz.conf +++ b/apps/emqx_authz/etc/emqx_authz.conf @@ -53,7 +53,7 @@ authorization { # database: mqtt # ssl: {enable: false} # collection: mqtt_authz - # selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] } + # filter: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] } # }, { type: built_in_database diff --git a/apps/emqx_authz/i18n/emqx_authz_api_schema_i18n.conf b/apps/emqx_authz/i18n/emqx_authz_api_schema_i18n.conf index 28fae341d..45dc66cf6 100644 --- a/apps/emqx_authz/i18n/emqx_authz_api_schema_i18n.conf +++ b/apps/emqx_authz/i18n/emqx_authz_api_schema_i18n.conf @@ -119,7 +119,7 @@ emqx_authz_api_schema { } } - selector { + filter { desc { en: """ Statement that is executed during the authorize process. @@ -134,8 +134,8 @@ Commands can support following wildcards:\n - `${clientid}`: 代替客户端的客户端标识符""" } label { - en: """selector""" - zh: """selector""" + en: """filter""" + zh: """filter""" } } diff --git a/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf b/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf index ee7b15c6f..42777f00f 100644 --- a/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf +++ b/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf @@ -266,7 +266,7 @@ and the new rules will override all rules from the old config file. } } - selector { + filter { desc { en: """ Statement that is executed during the authorize process. @@ -281,8 +281,8 @@ Commands can support following wildcards:\n - `${clientid}`: 代替客户端的客户端标识符""" } label { - en: """selector""" - zh: """selector""" + en: """filter""" + zh: """filter""" } } diff --git a/apps/emqx_authz/src/emqx_authz_api_schema.erl b/apps/emqx_authz/src/emqx_authz_api_schema.erl index a398479bd..bed953dbb 100644 --- a/apps/emqx_authz/src/emqx_authz_api_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_api_schema.erl @@ -181,7 +181,7 @@ authz_mongo_common_fields() -> authz_common_fields(mongodb) ++ [ {collection, fun collection/1}, - {selector, fun selector/1} + {filter, fun filter/1} ]. collection(type) -> binary(); @@ -189,11 +189,11 @@ collection(desc) -> ?DESC(?FUNCTION_NAME); collection(required) -> true; collection(_) -> undefined. -selector(type) -> +filter(type) -> map(); -selector(desc) -> +filter(desc) -> ?DESC(?FUNCTION_NAME); -selector(_) -> +filter(_) -> undefined. %%------------------------------------------------------------------------------ diff --git a/apps/emqx_authz/src/emqx_authz_mongodb.erl b/apps/emqx_authz/src/emqx_authz_mongodb.erl index 2bac33003..620ca5b42 100644 --- a/apps/emqx_authz/src/emqx_authz_mongodb.erl +++ b/apps/emqx_authz/src/emqx_authz_mongodb.erl @@ -45,15 +45,15 @@ description() -> "AuthZ with MongoDB". -init(#{selector := Selector} = Source) -> +init(#{filter := Filter} = Source) -> case emqx_authz_utils:create_resource(emqx_connector_mongo, Source) of {error, Reason} -> error({load_config_error, Reason}); {ok, Id} -> Source#{ annotations => #{id => Id}, - selector_template => emqx_authz_utils:parse_deep( - Selector, + filter_template => emqx_authz_utils:parse_deep( + Filter, ?PLACEHOLDERS ) } @@ -68,14 +68,14 @@ authorize( Topic, #{ collection := Collection, - selector_template := SelectorTemplate, + filter_template := FilterTemplate, annotations := #{id := ResourceID} } ) -> - RenderedSelector = emqx_authz_utils:render_deep(SelectorTemplate, Client), + RenderedFilter = emqx_authz_utils:render_deep(FilterTemplate, Client), Result = try - emqx_resource:query(ResourceID, {find, Collection, RenderedSelector, #{}}) + emqx_resource:query(ResourceID, {find, Collection, RenderedFilter, #{}}) catch error:Error -> {error, Error} end, @@ -86,7 +86,7 @@ authorize( msg => "query_mongo_error", reason => Reason, collection => Collection, - selector => RenderedSelector, + filter => RenderedFilter, resource_id => ResourceID }), nomatch; diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index f61bd258d..3debb6a0f 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -199,10 +199,10 @@ mongo_common_fields() -> required => true, desc => ?DESC(collection) }}, - {selector, #{ + {filter, #{ type => map(), required => true, - desc => ?DESC(selector) + desc => ?DESC(filter) }} ]. diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index 052f8cdcf..14d5cb25f 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -91,7 +91,7 @@ set_special_configs(_App) -> <<"database">> => <<"mqtt">>, <<"ssl">> => #{<<"enable">> => false}, <<"collection">> => <<"authz">>, - <<"selector">> => #{<<"a">> => <<"b">>} + <<"filter">> => #{<<"a">> => <<"b">>} }). -define(SOURCE3, #{ <<"type">> => <<"mysql">>, diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl index 308e67d53..4a599a14f 100644 --- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl @@ -47,7 +47,7 @@ <<"database">> => <<"mqtt">>, <<"ssl">> => #{<<"enable">> => false}, <<"collection">> => <<"fake">>, - <<"selector">> => #{<<"a">> => <<"b">>} + <<"filter">> => #{<<"a">> => <<"b">>} }). -define(SOURCE3, #{ <<"type">> => <<"mysql">>, diff --git a/apps/emqx_authz/test/emqx_authz_mongodb_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongodb_SUITE.erl index e0220488f..5e5a6ca1e 100644 --- a/apps/emqx_authz/test/emqx_authz_mongodb_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_mongodb_SUITE.erl @@ -85,7 +85,7 @@ t_topic_rules(_Config) -> ok = emqx_authz_test_lib:test_deny_topic_rules(ClientInfo, fun setup_client_samples/2). -t_complex_selector(_) -> +t_complex_filter(_) -> %% atom and string values also supported ClientInfo = #{ clientid => clientid, @@ -111,7 +111,7 @@ t_complex_selector(_) -> ok = setup_samples(Samples), ok = setup_config( #{ - <<"selector">> => #{ + <<"filter">> => #{ <<"x">> => #{ <<"u">> => <<"${username}">>, <<"c">> => [#{<<"c">> => <<"${clientid}">>}], @@ -137,7 +137,7 @@ t_mongo_error(_Config) -> ok = setup_samples([]), ok = setup_config( - #{<<"selector">> => #{<<"$badoperator">> => <<"$badoperator">>}} + #{<<"filter">> => #{<<"$badoperator">> => <<"$badoperator">>}} ), ok = emqx_authz_test_lib:test_samples( @@ -165,7 +165,7 @@ t_lookups(_Config) -> ok = setup_samples([ByClientid]), ok = setup_config( - #{<<"selector">> => #{<<"clientid">> => <<"${clientid}">>}} + #{<<"filter">> => #{<<"clientid">> => <<"${clientid}">>}} ), ok = emqx_authz_test_lib:test_samples( @@ -185,7 +185,7 @@ t_lookups(_Config) -> ok = setup_samples([ByPeerhost]), ok = setup_config( - #{<<"selector">> => #{<<"peerhost">> => <<"${peerhost}">>}} + #{<<"filter">> => #{<<"peerhost">> => <<"${peerhost}">>}} ), ok = emqx_authz_test_lib:test_samples( @@ -196,7 +196,7 @@ t_lookups(_Config) -> ] ). -t_bad_selector(_Config) -> +t_bad_filter(_Config) -> ClientInfo = #{ clientid => <<"clientid">>, cn => <<"cn">>, @@ -208,7 +208,7 @@ t_bad_selector(_Config) -> }, ok = setup_config( - #{<<"selector">> => #{<<"$in">> => #{<<"a">> => 1}}} + #{<<"filter">> => #{<<"$in">> => #{<<"a">> => 1}}} ), ok = emqx_authz_test_lib:test_samples( @@ -251,7 +251,7 @@ setup_client_samples(ClientInfo, Samples) -> Samples ), setup_samples(Records), - setup_config(#{<<"selector">> => #{<<"username">> => <<"${username}">>}}). + setup_config(#{<<"filter">> => #{<<"username">> => <<"${username}">>}}). reset_samples() -> {true, _} = mc_worker_api:delete(?MONGO_CLIENT, <<"acl">>, #{}), @@ -273,7 +273,7 @@ raw_mongo_authz_config() -> <<"collection">> => <<"acl">>, <<"server">> => mongo_server(), - <<"selector">> => #{<<"username">> => <<"${username}">>} + <<"filter">> => #{<<"username">> => <<"${username}">>} }. mongo_server() -> diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl index d81aa04a4..cee07c865 100644 --- a/apps/emqx_connector/src/emqx_connector_mongo.erl +++ b/apps/emqx_connector/src/emqx_connector_mongo.erl @@ -155,14 +155,14 @@ on_stop(InstId, #{poolname := PoolName}) -> emqx_plugin_libs_pool:stop_pool(PoolName). on_query(InstId, - {Action, Collection, Selector, Projector}, + {Action, Collection, Filter, Projector}, AfterQuery, #{poolname := PoolName} = State) -> - Request = {Action, Collection, Selector, Projector}, + Request = {Action, Collection, Filter, Projector}, ?TRACE("QUERY", "mongodb_connector_received", #{request => Request, connector => InstId, state => State}), case ecpool:pick_and_do(PoolName, - {?MODULE, mongo_query, [Action, Collection, Selector, Projector]}, + {?MODULE, mongo_query, [Action, Collection, Filter, Projector]}, no_handover) of {error, Reason} -> ?SLOG(error, #{msg => "mongodb_connector_do_query_failed", @@ -242,14 +242,14 @@ connect(Opts) -> WorkerOptions = proplists:get_value(worker_options, Opts, []), mongo_api:connect(Type, Hosts, Options, WorkerOptions). -mongo_query(Conn, find, Collection, Selector, Projector) -> - mongo_api:find(Conn, Collection, Selector, Projector); +mongo_query(Conn, find, Collection, Filter, Projector) -> + mongo_api:find(Conn, Collection, Filter, Projector); -mongo_query(Conn, find_one, Collection, Selector, Projector) -> - mongo_api:find_one(Conn, Collection, Selector, Projector); +mongo_query(Conn, find_one, Collection, Filter, Projector) -> + mongo_api:find_one(Conn, Collection, Filter, Projector); %% Todo xxx -mongo_query(_Conn, _Action, _Collection, _Selector, _Projector) -> +mongo_query(_Conn, _Action, _Collection, _Filter, _Projector) -> ok. init_type(#{mongo_type := rs, replica_set_name := ReplicaSetName}) ->