fdf9b2a383
chore: apply review suggestions
2023-04-21 12:19:38 +08:00
8c4b32580e
Merge pull request #10420 from savonarola/0417-authn-authz-fix-path-quoting
...
Fix path joining and quoting in authn/authz
2023-04-20 18:03:04 +03:00
4d67312bab
refactor: set authz config at 'high' importance level
...
and authorization.sources at 'low' level
prior to this commit, the root was set to 'hidden'
which is not ideal because some may still want to configure
the sources from files
2023-04-18 19:17:03 +02:00
dc78ecb41c
chore: merge upstream/master
2023-04-18 17:33:32 +02:00
6dd7befaab
refactor: unify authn authz type names
2023-04-18 09:48:28 +02:00
88ca94b417
fix(auth): fix uri path handling
...
Fix uri path handling `emqx_connector_http`,
HTTP authentication and authorization backends.
2023-04-17 23:57:56 +03:00
e9e0ae7f0a
chore: When matching authz's and/or rules, check the simple ones first to improve efficiency
2023-04-17 17:23:39 +08:00
9fc8a498f8
chore: bump apps versions
2023-04-17 09:09:08 +02:00
16c49b2cc1
fix: undo wrong thinking about returned types from decode
2023-04-14 17:21:38 +02:00
4f80690162
fix: byebye jsx
2023-04-14 13:41:34 +02:00
062ce5f819
refactor: rename emqx_map_lib to emqx_utils_maps
2023-04-14 13:41:34 +02:00
9c11bfce80
refactor: rename emqx_misc to emqx_utils
2023-04-14 13:41:27 +02:00
f8e9e54393
refactor: move emqx_json to emqx_utils_json
2023-04-14 13:31:27 +02:00
e70deae1c3
feat(resource): ask for metrics only when needed
2023-04-11 12:00:19 +03:00
e978d86c86
chore: add doc_lift for authorization.sources
...
doc_lift is to make the doc render application to lift
this field to the root level and force the field's doc
to refernec it instead of expanding the structs in a nested way
2023-04-03 16:49:35 +02:00
36000abf51
refactor: relocate i18n files for apps/emqx
2023-04-03 13:12:24 +02:00
b77aeb69cb
Merge pull request #10172 from HJianBo/fix-typos-acl-file
...
fix(acl): fix wrong default ACL rules
2023-03-27 09:51:02 +08:00
cb65cded88
fix(last_will_testament): don't publish LWT if client is banned when kicked
...
Fixes https://emqx.atlassian.net/browse/EMQX-9288
Related issue:
https://github.com/emqx/emqx/issues/10192#issuecomment-1478809900
2023-03-22 16:47:58 -03:00
b059bad08a
chore(acl): fully match `dashboard` username
...
Co-authored-by: Ilya Averyanov <av@rubybox.dev>
2023-03-21 09:06:46 +08:00
377127ce72
fix(acl): fix wrong default ACL rules
2023-03-20 13:53:57 +08:00
65fee34fe4
test: fix inter-suite test teardowns
2023-03-14 16:08:47 -03:00
baf39fe080
Merge pull request #10098 from kjellwinblad/kjell/fix/mongo_authz_crash
...
fix: mongodb authz crash
2023-03-13 10:46:49 +01:00
e3595f2e79
chore(mria): Bump version to 0.4.0
2023-03-11 00:37:25 +01:00
aa57ea9ee1
fix: mongodb authz crash
...
This fixes a crash with an error in the log file (see below) that
happened when the MongoDB authorization module queried the database. The
reason is that the collection name that was sent to the mongodb
connection was an atom. This is fixed by making sure it is not an atom.
2023-03-08T17:16:34.215523+01:00 [error] msg: query_mongo_error, mfa:
emqx_authz_mongodb:authorize/4, line: 95, peername: 127.0.0.1:53212,
clientid: client123, collection: mqtt_acl, filter: #{username =>
<<"emqx_u">>}, reason: {resource_error,#{msg => #{error =>
{error,{error_cannot_parse_response,{op_msg_response,#{<<"code">> =>
73,<<"codeName">> => <<"InvalidNamespace">>,<<"errmsg">> => <<"Failed to
parse namespace element">>,<<"ok">> => 0.0}}}},id =>
<<"emqx_authz_mongodb:3">>,name => call_query,request =>
{find,mqtt_acl,#{username => <<"emqx_u">>},#{}},stacktrace =>
[{mc_connection_man,reply,1,[{file,"mc_connection_man.erl"},{line,123}],
...]}, reason => exception}}, resource_id: <<"emqx_authz_mongodb:3">>
Fixes: https://github.com/emqx/emqx/issues/9783
2023-03-09 16:01:23 +01:00
fe27604010
Merge remote-tracking branch 'origin/release-50' into 0308-merge-release-50-back-to-master
2023-03-08 16:46:45 +01:00
b54f444263
fix(emqx_authz): return `404` for requests on non existent source
2023-03-07 13:51:06 +01:00
a7605fba94
test(emqx_authz): use snabbkaffe:retry instead of timer:sleep
...
also use emqx_json rather than jiffy or jsx directly
2023-03-07 13:49:46 +01:00
d0ea7f4647
fix(emqx_authz): check if type param matches type in body
2023-03-06 11:10:31 +01:00
9316690c29
fix(schema): binary string for default values
...
A lot of the string value fields had default value defined in
schema as list-string rather than binary-string.
This caused the generated schema dump (in JSON format)
to have raw_default field as an integer array.
2023-02-21 09:09:51 +01:00
157c919ba1
ci: add i18n style check script
2023-02-09 11:41:52 +01:00
94768c9f44
Merge remote-tracking branch 'origin/master' into 0202-merge-release-50-back-to-master
2023-02-02 20:21:26 +01:00
96a18e7105
chore: upgrade to hocon 0.35.3
2023-02-01 10:52:01 +01:00
9f4c36ecbc
chore: bump version && update changes
2023-01-31 23:30:22 +08:00
c034cbf6de
feat(authz): allow the placeholder to be anywhere in the topic for authz rules
2023-01-31 23:30:12 +08:00
f6b3b930b0
chore: improve a error log
2023-01-26 14:21:27 +01:00
fff6bf921f
refactor(authz): call emqx_resource:simple_sync_query
...
there is no need to route the request through the buffer workers
2023-01-17 20:01:45 +01:00
6fe09447ed
fix: stale test using old resource paths after merge
2023-01-13 17:23:25 +01:00
1690a6dcfc
Merge branch 'master' into dev/api-refactor
2023-01-13 15:34:13 +01:00
bb3dceb456
Merge pull request #9749 from keynslug/fix/count-respect-matchspec
...
fix(paging): respect matchspec even if qs is empty when counting
2023-01-13 14:29:03 +01:00
f15b29b1ef
chore: upgrade app version
2023-01-13 18:22:29 +08:00
b3e62bd8f8
fix(paging): respect matchspec even if qs is empty when counting
2023-01-13 12:56:29 +03:00
b40ce0fc2d
Merge pull request #9626 from id/fix-enable-authz-cache-by-default
...
fix: enable authorization cache by default
2023-01-13 07:39:38 +01:00
c5f557e315
fix: disable basic auth for HTTP API
2023-01-12 21:35:49 +08:00
f90c41f769
fix: set default value in schema
2023-01-12 13:49:52 +01:00
1f57e7b538
fix: enable authorization cache by default
2023-01-12 12:36:31 +01:00
9e9d97b4d8
Merge pull request #9726 from keynslug/fix/EMQX-8702/fuzzy-search-paging
...
fix(api): augment paged search responses with `hasnext` flag
2023-01-12 13:35:59 +04:00
c89b227687
fix(test): adapt affected testcases
2023-01-12 10:57:50 +03:00
bae811e8b4
Merge pull request #9725 from terry-xiaoyu/remove_the_auto_reconnect_field
...
refactor: remove the auto_reconnect field
2023-01-12 11:11:00 +08:00
3e9c4f444f
refactor: remove the auto_reconnect field
2023-01-11 21:47:06 +08:00
48e1ba4832
feat(docs): add tags to schemas
...
This'll allow us to split the generated `schema.json` file into
subsections for better documentation navigation.
2023-01-11 09:10:03 -03:00
f27f573109
refactor: move to /authorization/sources/built_in_database/rules
2023-01-10 11:00:22 +01:00
67f2159a27
Merge pull request #9653 from zmstone/0101-authz-schema-union-member-selection
...
0101 authz schema union member selection
2023-01-09 22:17:51 +01:00
e52f9d5920
refactor: use union member type selector for authz sources
2023-01-09 14:26:16 +01:00
c6b8e614df
fix(authz_http): handle `ignore` results (request failures)
...
Related issue: https://github.com/emqx/emqx/issues/9683
When the HTTP request for authz fails (e.g.: resource is down or
server is down), then the HTTP authorizer returns `ignore`, which was
not handled correctly by the authorization callback.
2023-01-05 11:34:23 -03:00
dbc10c2eed
chore: update copyright year 2023
2023-01-02 09:22:27 +01:00
0ce1ca89b7
refactor: use string type for server and servers
2022-12-30 14:20:23 +01:00
f93c22045d
fix: non-empty field should not be undefined
2022-12-24 11:41:45 +01:00
d3efb0c0ba
chore: bump app versions
2022-12-23 15:10:16 +01:00
350023e757
fix(config): option only_fill_defaults renamed to make_serializable
2022-12-23 14:27:04 +01:00
6692b0c895
feat(bridge): add Redis bridge
2022-12-06 23:15:42 +03:00
b398617614
chore: bump app versions
2022-11-28 21:12:43 +01:00
7ee53e5319
Merge tag 'v5.0.11' into dev/ee5.0
2022-11-28 21:02:21 +01:00
6ee475d9b1
fix(emqx_authz_api_mnesia): return the right matchers
2022-11-24 20:32:00 +01:00
9786a6c267
refactor(mgmt): convert fuzzy filter func to named func
2022-11-24 20:14:33 +01:00
9c7bf9d601
chore: update app.src
2022-11-24 20:14:33 +01:00
1fe9c105aa
refactor(mgmt): smplify the node_query/cluster_query implementation
2022-11-24 20:14:33 +01:00
08121e7df6
fix(mgmt): optimize the speed of query tail pages
...
In the previous, when you query the tail pages, all the front of rows
will be queried out and formatted. It greatly hurts the speed of query.
Currently, we only format the final result rows. i.e, the query for the
last page of data will be 10x faster.
2022-11-24 20:14:33 +01:00
c940b901f5
chore: fix app versions
2022-11-16 16:26:43 +01:00
09455edae8
Merge tag 'v5.0.10' into dev/ee5.0
2022-11-16 16:20:30 +01:00
c079760b0a
fix(JWT): make the `exp` to be optional claim
2022-11-15 15:41:01 +08:00
467010e3d3
chore: bump emqx_authz app vsn
2022-11-08 17:40:34 +01:00
0678e05e84
style: fix message returned for 404
...
Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>
2022-11-08 17:40:34 +01:00
ba1e19f068
fix(emqx_authz_api_sources): make schema fit to what we send
2022-11-08 17:40:34 +01:00
e0ed0855ff
fix(emqx_authz_api_sources): return 'code' in response body for 404
2022-11-08 17:40:34 +01:00
c157392452
docs: fix self-closing html tag, change </br> to <br/>
2022-10-27 13:57:18 +02:00
bb6c3ed4ae
docs: fix more zh translation desc
2022-10-27 08:39:58 +02:00
a314950be9
docs: fix zh punctuations
2022-10-26 16:19:38 +02:00
4135910b42
chore: merge master into dev/ee5.0
2022-09-26 09:52:33 +08:00
2984397e73
chore: apps vsn bump
2022-09-23 17:09:15 +08:00
85835256f1
Merge tag 'v5.0.8' into merge-release-v5.0.8-into-master
2022-09-23 16:06:44 +08:00
c11afc357e
fix(auth): use empty strings for absent placeholder values
2022-09-20 15:20:55 +03:00
c20ad3733a
fix: check for authorization on topic before publishing last will testament
...
fixes #8978
Without checking for authorization, a client can, on abnormal
termination, publish a message to any topic, including `$SYS` ones.
2022-09-16 17:31:22 -03:00
dca522d7d3
test: add tests for publishing lwt when deny_action is disconnect
2022-09-16 15:11:54 -03:00
14b5977996
feat(authz): Support `cert_common_name` and `cert_subject` in Authz
2022-09-15 18:02:54 +08:00
d9c9a1dec3
Merge pull request #8958 from JimMoen/fix-ssl-drop-invalid-certs
...
fix(bridge/authz/exhook): no need to drop invalid certs
2022-09-15 09:01:08 +08:00
a461375b30
chore: support strip double quote in authn/authz
...
more compatibility for https://github.com/emqx/emqx/pull/8827
2022-09-14 15:25:31 +08:00
f018b8ab49
fix(bridge/authz/exhook): no need to drop invalid certs
2022-09-14 14:08:55 +08:00
befc4acced
Merge remote-tracking branch 'origin/master' into merge-master-to-ee50-a
2022-09-06 20:31:38 +02:00
f785da075b
ci: only start required docker for integration tests
2022-09-06 19:25:53 +02:00
dac178cbaf
chore: ensure version bumps
2022-08-31 17:23:47 +02:00
05bbadc8c5
chore: bump ahutz version && update CHANGES-5.0.md
2022-08-31 21:15:55 +08:00
71aaf5c538
fix(authz): fix dialyzer && test case && proper error
2022-08-31 16:49:27 +08:00
168f44e45b
fix: exhook client.authorize never be execauted
...
see: https://github.com/emqx/emqx/issues/8779
2022-08-31 14:34:02 +08:00
1ff53ee8a9
fix(authz): don't stop emqx_resource app in test cases
2022-08-23 08:57:12 +08:00
45352206a3
fix(auth): remove emqx_connector from testcases of authz/authn
2022-08-22 20:20:45 +08:00
b3162fe5ff
fix: conflicts between master and ee5.0
2022-08-14 22:24:09 +08:00
0cdf4b47f1
feat: add more resource creation opts
2022-08-12 13:47:45 +08:00
64aa30ec63
chore(authn/authz): better handling of placeholder interpolation errors
2022-08-10 18:22:37 +03:00
35fe70b887
feat: support aysnc callback to connector modules
2022-08-10 00:34:35 +08:00
d3950b9534
fix(resource): make option 'queue_enabled' disabled by default
2022-08-10 00:34:35 +08:00
Zhongwen Deng