062ce5f819
refactor: rename emqx_map_lib to emqx_utils_maps
2023-04-14 13:41:34 +02:00
9c11bfce80
refactor: rename emqx_misc to emqx_utils
2023-04-14 13:41:27 +02:00
f8e9e54393
refactor: move emqx_json to emqx_utils_json
2023-04-14 13:31:27 +02:00
e70deae1c3
feat(resource): ask for metrics only when needed
2023-04-11 12:00:19 +03:00
e978d86c86
chore: add doc_lift for authorization.sources
...
doc_lift is to make the doc render application to lift
this field to the root level and force the field's doc
to refernec it instead of expanding the structs in a nested way
2023-04-03 16:49:35 +02:00
baf39fe080
Merge pull request #10098 from kjellwinblad/kjell/fix/mongo_authz_crash
...
fix: mongodb authz crash
2023-03-13 10:46:49 +01:00
e3595f2e79
chore(mria): Bump version to 0.4.0
2023-03-11 00:37:25 +01:00
aa57ea9ee1
fix: mongodb authz crash
...
This fixes a crash with an error in the log file (see below) that
happened when the MongoDB authorization module queried the database. The
reason is that the collection name that was sent to the mongodb
connection was an atom. This is fixed by making sure it is not an atom.
2023-03-08T17:16:34.215523+01:00 [error] msg: query_mongo_error, mfa:
emqx_authz_mongodb:authorize/4, line: 95, peername: 127.0.0.1:53212,
clientid: client123, collection: mqtt_acl, filter: #{username =>
<<"emqx_u">>}, reason: {resource_error,#{msg => #{error =>
{error,{error_cannot_parse_response,{op_msg_response,#{<<"code">> =>
73,<<"codeName">> => <<"InvalidNamespace">>,<<"errmsg">> => <<"Failed to
parse namespace element">>,<<"ok">> => 0.0}}}},id =>
<<"emqx_authz_mongodb:3">>,name => call_query,request =>
{find,mqtt_acl,#{username => <<"emqx_u">>},#{}},stacktrace =>
[{mc_connection_man,reply,1,[{file,"mc_connection_man.erl"},{line,123}],
...]}, reason => exception}}, resource_id: <<"emqx_authz_mongodb:3">>
Fixes: https://github.com/emqx/emqx/issues/9783
2023-03-09 16:01:23 +01:00
fe27604010
Merge remote-tracking branch 'origin/release-50' into 0308-merge-release-50-back-to-master
2023-03-08 16:46:45 +01:00
b54f444263
fix(emqx_authz): return `404` for requests on non existent source
2023-03-07 13:51:06 +01:00
d0ea7f4647
fix(emqx_authz): check if type param matches type in body
2023-03-06 11:10:31 +01:00
9316690c29
fix(schema): binary string for default values
...
A lot of the string value fields had default value defined in
schema as list-string rather than binary-string.
This caused the generated schema dump (in JSON format)
to have raw_default field as an integer array.
2023-02-21 09:09:51 +01:00
9f4c36ecbc
chore: bump version && update changes
2023-01-31 23:30:22 +08:00
c034cbf6de
feat(authz): allow the placeholder to be anywhere in the topic for authz rules
2023-01-31 23:30:12 +08:00
fff6bf921f
refactor(authz): call emqx_resource:simple_sync_query
...
there is no need to route the request through the buffer workers
2023-01-17 20:01:45 +01:00
1690a6dcfc
Merge branch 'master' into dev/api-refactor
2023-01-13 15:34:13 +01:00
f15b29b1ef
chore: upgrade app version
2023-01-13 18:22:29 +08:00
f90c41f769
fix: set default value in schema
2023-01-12 13:49:52 +01:00
48e1ba4832
feat(docs): add tags to schemas
...
This'll allow us to split the generated `schema.json` file into
subsections for better documentation navigation.
2023-01-11 09:10:03 -03:00
f27f573109
refactor: move to /authorization/sources/built_in_database/rules
2023-01-10 11:00:22 +01:00
67f2159a27
Merge pull request #9653 from zmstone/0101-authz-schema-union-member-selection
...
0101 authz schema union member selection
2023-01-09 22:17:51 +01:00
e52f9d5920
refactor: use union member type selector for authz sources
2023-01-09 14:26:16 +01:00
c6b8e614df
fix(authz_http): handle `ignore` results (request failures)
...
Related issue: https://github.com/emqx/emqx/issues/9683
When the HTTP request for authz fails (e.g.: resource is down or
server is down), then the HTTP authorizer returns `ignore`, which was
not handled correctly by the authorization callback.
2023-01-05 11:34:23 -03:00
dbc10c2eed
chore: update copyright year 2023
2023-01-02 09:22:27 +01:00
d3efb0c0ba
chore: bump app versions
2022-12-23 15:10:16 +01:00
350023e757
fix(config): option only_fill_defaults renamed to make_serializable
2022-12-23 14:27:04 +01:00
b398617614
chore: bump app versions
2022-11-28 21:12:43 +01:00
7ee53e5319
Merge tag 'v5.0.11' into dev/ee5.0
2022-11-28 21:02:21 +01:00
6ee475d9b1
fix(emqx_authz_api_mnesia): return the right matchers
2022-11-24 20:32:00 +01:00
9786a6c267
refactor(mgmt): convert fuzzy filter func to named func
2022-11-24 20:14:33 +01:00
9c7bf9d601
chore: update app.src
2022-11-24 20:14:33 +01:00
1fe9c105aa
refactor(mgmt): smplify the node_query/cluster_query implementation
2022-11-24 20:14:33 +01:00
08121e7df6
fix(mgmt): optimize the speed of query tail pages
...
In the previous, when you query the tail pages, all the front of rows
will be queried out and formatted. It greatly hurts the speed of query.
Currently, we only format the final result rows. i.e, the query for the
last page of data will be 10x faster.
2022-11-24 20:14:33 +01:00
c940b901f5
chore: fix app versions
2022-11-16 16:26:43 +01:00
09455edae8
Merge tag 'v5.0.10' into dev/ee5.0
2022-11-16 16:20:30 +01:00
467010e3d3
chore: bump emqx_authz app vsn
2022-11-08 17:40:34 +01:00
0678e05e84
style: fix message returned for 404
...
Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>
2022-11-08 17:40:34 +01:00
ba1e19f068
fix(emqx_authz_api_sources): make schema fit to what we send
2022-11-08 17:40:34 +01:00
e0ed0855ff
fix(emqx_authz_api_sources): return 'code' in response body for 404
2022-11-08 17:40:34 +01:00
4135910b42
chore: merge master into dev/ee5.0
2022-09-26 09:52:33 +08:00
2984397e73
chore: apps vsn bump
2022-09-23 17:09:15 +08:00
85835256f1
Merge tag 'v5.0.8' into merge-release-v5.0.8-into-master
2022-09-23 16:06:44 +08:00
c11afc357e
fix(auth): use empty strings for absent placeholder values
2022-09-20 15:20:55 +03:00
14b5977996
feat(authz): Support `cert_common_name` and `cert_subject` in Authz
2022-09-15 18:02:54 +08:00
d9c9a1dec3
Merge pull request #8958 from JimMoen/fix-ssl-drop-invalid-certs
...
fix(bridge/authz/exhook): no need to drop invalid certs
2022-09-15 09:01:08 +08:00
a461375b30
chore: support strip double quote in authn/authz
...
more compatibility for https://github.com/emqx/emqx/pull/8827
2022-09-14 15:25:31 +08:00
f018b8ab49
fix(bridge/authz/exhook): no need to drop invalid certs
2022-09-14 14:08:55 +08:00
befc4acced
Merge remote-tracking branch 'origin/master' into merge-master-to-ee50-a
2022-09-06 20:31:38 +02:00
dac178cbaf
chore: ensure version bumps
2022-08-31 17:23:47 +02:00
05bbadc8c5
chore: bump ahutz version && update CHANGES-5.0.md
2022-08-31 21:15:55 +08:00
71aaf5c538
fix(authz): fix dialyzer && test case && proper error
2022-08-31 16:49:27 +08:00
168f44e45b
fix: exhook client.authorize never be execauted
...
see: https://github.com/emqx/emqx/issues/8779
2022-08-31 14:34:02 +08:00
1ff53ee8a9
fix(authz): don't stop emqx_resource app in test cases
2022-08-23 08:57:12 +08:00
b3162fe5ff
fix: conflicts between master and ee5.0
2022-08-14 22:24:09 +08:00
0cdf4b47f1
feat: add more resource creation opts
2022-08-12 13:47:45 +08:00
64aa30ec63
chore(authn/authz): better handling of placeholder interpolation errors
2022-08-10 18:22:37 +03:00
d3950b9534
fix(resource): make option 'queue_enabled' disabled by default
2022-08-10 00:34:35 +08:00
0377d3cf61
fix: update existing testcases for new emqx_resource
2022-08-10 00:34:35 +08:00
dd59c850e0
chore: make sure swagger's tags always titlecase
2022-07-25 16:09:17 +08:00
a12478225a
fix: fix bad swagger format
2022-07-20 16:56:07 +08:00
e49686a276
fix(authz): should apply no rule on superuser
2022-07-08 22:35:15 +02:00
4c17b38102
chore: treat 200/204 as acl nomatch
2022-07-01 20:42:22 +08:00
83f5da8f9d
fix(authz-http): fix https://github.com/emqx/emqx/pull/8377#discussion_r911743360
2022-07-01 17:46:55 +08:00
52b77b570f
refactor: authz-http return body to reject pub/sub
2022-07-01 17:46:55 +08:00
f8c90452cc
chore: auto retry disconnected authn/authz resources
2022-07-01 12:01:39 +08:00
a9ec193ef8
fix(prometheus): Disable authorization for metrics scraping endpoint
2022-06-23 00:31:53 +02:00
51efe22e57
chore: update the appup files for authz/authn
2022-06-22 15:54:37 +08:00
defacb97df
fix: disabled resources for authz/authn started after emqx reboot
2022-06-22 14:34:30 +08:00
3b00b16abe
Merge pull request #8221 from terry-xiaoyu/fix_delayed_module_disbled_after_emqx_stop
...
feat: fix the hook priorities
2022-06-16 09:42:42 +08:00
39b1b20506
feat: fix the hook priorities
2022-06-15 19:03:40 +08:00
03967a83de
chore(authz): make `authorization.cache.enable` required
2022-06-15 13:46:17 +08:00
45aa9d604b
fix(metrics): remove the client. prefix for AuthN/AuthZ metrics
2022-06-14 14:08:25 +08:00
f18eab402a
fix(CI): don't use any authz sources when testing
2022-06-10 14:21:20 +08:00
86a3ac0bef
fix(authz): prohibit overriding of existing client/user
2022-06-07 16:34:01 +08:00
c7cc2e85b2
fix: add default&example for schema
2022-06-06 09:52:10 +08:00
2eb621ba57
fix: hint metrics merge errors
2022-05-13 21:38:51 +02:00
91da451803
feat(authz): add default authn-based authz source
2022-05-13 12:51:10 +03:00
ca0c80965a
Merge pull request #7890 from savonarola/fix-jwt-acl-v5
...
fix(jwt auth): improve JWT handling
2022-05-12 19:48:37 +03:00
e0fa07b679
fix(jwt auth): improve JWT handling
2022-05-12 12:10:47 +03:00
87af77ec35
refactor: do not destory resource when update authn/authz resource
2022-05-12 14:19:57 +08:00
5220869dd8
fix(authz): add authz source type into the authorize logger
2022-05-11 17:54:42 +08:00
841acb7828
Merge pull request #7783 from emqx/EMQX-4199-introduce-a-new-emqx-resource-manager-module
...
feat: isolate resource manager processes
2022-05-09 18:33:01 +02:00
0b3e30e813
feat: isolate resource manager processes
2022-05-09 13:24:34 +02:00
30b3060327
fix: improve authn, authz metrics
2022-05-05 18:53:31 +08:00
d36d27c533
Merge pull request #7781 from HJianBo/rename-acl-metrics
...
feat(metrics): refactor authz metrics name
2022-04-29 16:52:43 +08:00
344a754674
Merge pull request #7817 from JimMoen/fix-auth-http
2022-04-29 16:36:10 +08:00
1632df9ebb
Merge pull request #7837 from EMQ-YangM/reduce_duplicate_field
...
fix: reduce duplicate field
2022-04-29 15:50:27 +08:00
7bbed713f4
Merge pull request #7835 from JimMoen/fix-mongo-require-fields
...
fix(auth): mongo field `filter` not required and have default value
2022-04-29 15:38:54 +08:00
1597ea50c1
feat(metrics): refactor authz metrics name
...
In the current implementation:
```
Authz checking times = client.authorize + client.authorization.cache_hit
= client.authorization.allow + client.authorization.deny
client.authorize means how many times the `client.authorize` hook has been executed.
client.authorize = client.authorization.matched.allow +
client.authorization.matched.deny +
client.authorization.nomatch
```
2022-04-29 15:20:05 +08:00
110f0d0e94
fix: reduce duplicate field
2022-04-29 14:37:49 +08:00
ad4b70c27e
fix(auth): mongo field `filter` not required and have default value
2022-04-29 13:37:29 +08:00
15ef9892c5
fix(auth): authn & authz http support placeholder in HTTP path
2022-04-29 12:48:00 +08:00
dae418ae4a
fix(auth): authn & authz http not required `body` field
2022-04-29 12:47:56 +08:00
e4826400b8
fix(auth): authn & authz HTTP haeders without `content-type` via GET method
2022-04-29 12:47:52 +08:00
4a6dabbe57
fix: rename to emqx_metrics_worker
2022-04-29 12:41:36 +08:00
7061d94cf9
Merge pull request #7823 from EMQ-YangM/authz_add_metrics
...
feat: new authz metrics
2022-04-29 11:27:59 +08:00
3fa8447c85
fix: fix static check warning, add some fields schema
2022-04-29 10:32:52 +08:00
712cdb3152
fix: fix static check error
2022-04-29 09:11:06 +08:00
6879df9c5c
fix: respect atom name convention
2022-04-29 08:59:51 +08:00
3e314f6785
fix: rewrite status_metrics_example
2022-04-29 00:44:22 +08:00
Stefan Strigler