firest
66d2107007
fix(sso): refactor update logic
2023-09-28 00:09:09 +08:00
Zaiming (Stone) Shi
bd3277c51b
Merge pull request #11683 from zmstone/0925-test-refactor-emqx-rpc-test
...
test: refactor emqx_rpc unit tests
2023-09-27 15:46:27 +02:00
firest
08ad09a68f
fix(sso): refactor backen update logic
...
1. valid config always can update successfully
2. the `running` endpoint only return successfully created backend
3. enhancement of the `/sso` endpoint, and will check is the resource online
2023-09-27 20:53:10 +08:00
Zaiming (Stone) Shi
ea8d54fd8b
test: ensure atom exists in test module
2023-09-27 12:58:06 +02:00
Zaiming (Stone) Shi
6e8c73258f
test: refactor emqx_rpc unit tests
2023-09-27 12:58:06 +02:00
JimMoen
c9194cd6b2
fix(saml_sso): donot load IDP metadata when disabling saml
2023-09-27 18:46:24 +08:00
JimMoen
af9e87c025
fix: saml callback should check saml state
2023-09-27 18:34:48 +08:00
firest
b2699c687b
fix(sso): support for SSL update && ensure update is atomic
...
1. support update SSL key and cert files
2. increase connection timeout
3. ensure the update is atomicity, everything will be consistent
2023-09-27 15:48:11 +08:00
Andrew Mayorov
1d0e789e4d
Merge pull request #11679 from keynslug/ft/EMQX-10942/custom-session-timers
...
feat(session): add custom session timers mechanism
2023-09-26 19:09:53 +03:00
firest
0c33df3912
fix(ldap): improve the LDAP `parse_config` function
2023-09-26 23:28:37 +08:00
JimMoen
3fa18d6935
fix: lower sso saml redirect http header
2023-09-26 23:25:59 +08:00
JianBo He
6a9bb7c3ae
Merge pull request #11681 from zhongwencool/audit-log-fix-2
...
fix: don't need to change audit log's level
2023-09-26 23:12:28 +08:00
lafirest
ac5eb5bc29
Merge pull request #11687 from lafirest/fix/sso_timeout
...
fix(sso): Handle backend update timeout and fix create errors
2023-09-26 22:43:38 +08:00
JianBo He
1a96a5990b
chore: Update apps/emqx_enterprise/src/emqx_enterprise_schema.erl
...
Co-authored-by: Thales Macedo Garitezi <thalesmg@gmail.com>
2023-09-26 21:44:40 +08:00
firest
403714d44e
fix(sso): Handle backend update timeout and fix create errors
...
1. correctly handle the timeout when call update on a backend
2. fix that config update always returns success
3. do not ignore start failures and ensure start is atomic
2023-09-26 21:43:30 +08:00
Thales Macedo Garitezi
aae59f1efd
Merge pull request #11682 from thalesmg/fix-file-logger-type-r53-20230925
...
fix(file_logger): change file logger type depending on rotation size
2023-09-26 10:22:36 -03:00
Andrew Mayorov
bce2142df8
test(session): add custom session timers testcase
2023-09-26 16:22:06 +03:00
Zaiming (Stone) Shi
4e15edb5e4
Merge pull request #11661 from zmstone/0922-fix-json-log-formatter
...
0922 fix json log formatter
2023-09-26 14:13:41 +02:00
Thales Macedo Garitezi
fdcd73e20c
fix(file_logger): change file logger type depending on rotation size
...
Fixes https://emqx.atlassian.net/browse/EMQX-11036
From `logger_disk_log_h:open_disk_log`:
```erlang
open_disk_log(Name,File,Type,MaxNoBytes,MaxNoFiles) ->
case filelib:ensure_dir(File) of
ok ->
Size =
if Type==halt -> MaxNoBytes;
Type==wrap -> {MaxNoBytes,MaxNoFiles} %% <-------
end,
Opts = [{name, Name},
{file, File},
{size, Size},
{type, Type},
{linkto, self()},
{repair, false},
{format, external},
{notify, true},
{quiet, true},
{mode, read_write}],
case disk_log:open(Opts) of
```
Affects all file loggers (audit included):
```
% emqx_config_logger:update_log_handler/1 -> ok
iex(emqx@127.0.0.1)14> Config override: log.file.emqx_audit is updated, but failed to add handler: {handler_not_added,
{badarg,
[{size,
{infinity,
10}},
{type,
wrap},
{linkto,
<0.1952.0>},
{repair,
false},
{format,
external},
{notify,
true},
{quiet,
true},
{mode,
read_write}]}}
```
2023-09-26 09:04:44 -03:00
Ilya Averyanov
14983ec14a
chore(hooks): validate hookpoints and document hook callbacks
...
Co-authored-by: Thales Macedo Garitezi <thalesmg@gmail.com>
2023-09-26 14:27:42 +03:00
JianBo He
5e6397b843
chore: remove result field for CLI audit logs
2023-09-26 19:24:35 +08:00
JianBo He
a73c3b8e1e
Merge remote-tracking branch 'ce/release-53' into audit-log-fix-2
2023-09-26 19:05:47 +08:00
JianBo He
e9785a6863
Merge pull request #11680 from thalesmg/audit-not-on-ce-r53-20230925
...
fix(audit): only support audit log on enterprise edition
2023-09-26 18:57:22 +08:00
Zaiming (Stone) Shi
7d810c2107
test: fix test case match pattern
2023-09-26 11:40:30 +02:00
Zaiming (Stone) Shi
d31bfc70fb
Merge pull request #11659 from zhongwencool/fix-listener-ssl-create-500
...
fix: create ssl listener return 500 crash
2023-09-26 11:38:07 +02:00
lafirest
8cc626d33f
Merge pull request #11686 from lafirest/fix/sso_user_backend
...
fix: fix update SSO user && improve SSO user deletion commnad
2023-09-26 16:04:51 +08:00
firest
56917fee5f
fix(sso): Improved SSO user deletion command
2023-09-26 14:15:41 +08:00
firest
d1af81c86e
fix(sso): fix the failure to update SSO users
2023-09-26 12:14:45 +08:00
firest
8135e27586
fix: redact sensitive data in SSO and LDAP
2023-09-26 11:06:47 +08:00
Thales Macedo Garitezi
17206f8c75
Merge pull request #11662 from thalesmg/port-scan-check-proto-dist-m-20230922
...
chore: check ekka proto dist module type when resolving node address
2023-09-25 17:01:43 -03:00
Thales Macedo Garitezi
5d212e1086
fix(audit): only support audit log on enterprise edition
...
Fixes https://emqx.atlassian.net/browse/EMQX-11039
2023-09-25 15:59:35 -03:00
Thales Macedo Garitezi
0498e59c45
test: fix flaky test
2023-09-25 13:35:17 -03:00
zhongwencool
95060302fd
fix: don't need to change audit log's level
2023-09-26 00:28:47 +08:00
Thales Macedo Garitezi
ff7f37ccf5
test(cth): allow defining schema to load for app
2023-09-25 13:22:41 -03:00
Andrew Mayorov
b1f144ab8b
feat(session): add custom session timers mechanism
...
That are managed exclusively by the session implementation, unlike
common session timers that are managed by the channel itself.
2023-09-25 18:19:26 +03:00
lafirest
1df8326fb8
Merge pull request #11677 from lafirest/fix/sso_cfg
...
adjust the config path for the SSO feature and improve the update logic
2023-09-25 23:00:46 +08:00
Zaiming (Stone) Shi
5e6996dc05
refactor: log formatter format mfa+line as m:f/a(line)
...
also improve json formatter when a field is iolist
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi
6a557980e4
refactor(logger): ensure JSON log field order
...
Ensure that the log fileds in JSON format are ordered as
time, level, msg, mfal, ...
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi
5f45ba50ff
refactor: delete log formatter config for audit log handler
...
It is using 'json' formatter, the template is useless
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi
1fed38c248
fix(logger): write 'json' format logs as JSON
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi
aea1e80290
feat: add 'format' as alias for log 'formatter'
2023-09-25 16:55:22 +02:00
William Yang
9106eb92d2
Merge pull request #11675 from qzhuyan/fix/william/quic-respect-param-verify
2023-09-25 15:48:01 +02:00
Thales Macedo Garitezi
806017ef90
chore: check ekka proto dist module type when resolving node address
...
Follow up to https://github.com/emqx/emqx/pull/11637#discussion_r1334462917
Fixes https://emqx.atlassian.net/browse/EMQX-10944
2023-09-25 10:31:50 -03:00
firest
cfdb25b213
fix(sso): updates the SSO backend when the `[dashboard]` has updated
2023-09-25 20:30:47 +08:00
Ivan Dyachkov
f1bc3b68b6
Merge pull request #11674 from id/0925-e5.3.0-alpha.2
...
e5.3.0 alpha.2
2023-09-25 14:21:46 +02:00
JianBo He
6f29bbf997
Merge pull request #11673 from HJianBo/redact_audit_log_from_cli
...
Redact audit log from CLI
2023-09-25 20:03:45 +08:00
Andrew Mayorov
81cf619f07
fix(ftconf): also mark `secret_access_key` key as sensitive
2023-09-25 14:52:57 +03:00
William Yang
36d3a3a524
fix: bump to quicer 0.0.201
...
do not load cacertfile if verify_none
2023-09-25 13:02:01 +02:00
William Yang
22193d273a
fix(quic): ignore undefined cacertfile
2023-09-25 12:57:55 +02:00
Ivan Dyachkov
8c93c79b44
chore: e5.3.0-alpha.2
2023-09-25 12:52:45 +02:00
JimMoen
7d58f6c61e
Merge pull request #11668 from JimMoen/saml-login-redirect
...
fix: saml login acs redirect to dashboard overview
2023-09-25 18:11:03 +08:00
JianBo He
b970a34ee0
chore: redact some audit logs from CLI
2023-09-25 18:06:39 +08:00
JianBo He
89e15e9134
Merge pull request #11665 from HJianBo/typo-fixes
...
Typo fixes
2023-09-25 17:23:40 +08:00
lafirest
1cd9df6461
Merge pull request #11669 from lafirest/fix/dashboard_cli
...
fix(sso): refactor the `admins` CLI
2023-09-25 16:57:18 +08:00
firest
e63d484632
fix(sso): move the config path of the SSO feature to `dashboard.sso`
2023-09-25 15:23:52 +08:00
Ivan Dyachkov
e1f1c64ecd
Merge branch 'release-53' into 0925-sync-r53-to-master
2023-09-25 08:12:45 +02:00
firest
e94192d1fa
fix(sso): refactor the `admins` CLI
...
1. revert the opensource version
2. allow delete the SSO user via CLI
2023-09-25 13:53:01 +08:00
firest
4f4868a46c
fix(sso): Disable access to `logout` endpoint by the `API key`
2023-09-25 10:31:38 +08:00
JianBo He
30862a94c6
chore: typo fixes
2023-09-24 20:19:05 +08:00
JimMoen
ad4fadc2fa
fix: saml login acs redirect to dashboard overview
2023-09-23 17:29:02 +08:00
JianBo He
f8d06614c0
chore: fix dialyzer warnings
2023-09-23 07:34:04 +08:00
JimMoen
1dddccb448
fix(saml): cert files cleanup when destroy
2023-09-22 22:49:08 +08:00
JimMoen
80a6c1150d
fix(saml): saml login reply role `viewer` as default
2023-09-22 22:39:02 +08:00
JimMoen
cc3e4e4dc5
fix(saml): drop cert and key content and return path
2023-09-22 22:37:04 +08:00
JimMoen
6349cd3910
fix(saml): sp sign request
2023-09-22 21:57:50 +08:00
JimMoen
2a8f3f9eaa
fix: saml xml metedata format
2023-09-22 21:50:43 +08:00
JimMoen
a318ad486a
refactor: behavior login/2 use all http request
2023-09-22 21:50:43 +08:00
JianBo He
9181ec844f
chore: split out sso_saml_api module
2023-09-22 21:50:43 +08:00
JianBo He
df94426ee3
chore: make static_check happy
2023-09-22 21:50:42 +08:00
JianBo He
ec0894ca0b
chore: update esaml vsn
2023-09-22 21:50:42 +08:00
JianBo He
4a26f63bd6
chore: fix bugs
2023-09-22 21:50:41 +08:00
JianBo He
47badc3181
chore: make dialyzer happy
2023-09-22 21:49:12 +08:00
JianBo He
1c78c6bf6d
chore: fix 500 crashes when backend not existed
2023-09-22 21:49:12 +08:00
JimMoen
b4fb5196cb
fix(sso): SSO management API 500
2023-09-22 21:49:12 +08:00
JimMoen
bba5cc44a8
fix: keep same API path style
2023-09-22 21:49:12 +08:00
JimMoen
8300cd42d4
fix: acl url ignore auth check
2023-09-22 21:49:12 +08:00
JimMoen
44836ef5ee
chore: bump esaml vsn to v1.1.1
2023-09-22 21:49:12 +08:00
JimMoen
13666fa9f9
refactor: avoid dynamic call
2023-09-22 21:49:12 +08:00
JimMoen
c9e0d4fc30
feat: saml integration for dashboard sso
2023-09-22 21:49:10 +08:00
JimMoen
d9466eef63
chore: fix Dashboard RBAC license and rebar.config
2023-09-22 21:19:45 +08:00
Zaiming (Stone) Shi
fd932c9bf7
Merge pull request #11660 from zmstone/0922-fix-audit-eval-command
...
fix(audit): make emqx eval command auditable
2023-09-22 14:02:47 +02:00
Zaiming (Stone) Shi
a34ab19d93
fix(audit): make emqx eval command auditable
2023-09-22 12:05:45 +02:00
zhongwencool
0eed01abee
fix: create ssl listener return 500 crash
2023-09-22 17:34:19 +08:00
lafirest
13b5e4dbc9
Merge pull request #11658 from lafirest/fix/sso_misc
...
Fix/sso misc
2023-09-22 14:44:39 +08:00
firest
7286d15ca6
chore(sso): adjust the schema of the SSO LDAP backend
2023-09-22 13:48:20 +08:00
firest
9e55ae240a
feat(sso): add `role` into the result of login endpoints
2023-09-22 13:48:07 +08:00
firest
681e57dee6
fix(RBAC): allow read-only users to logout
2023-09-22 11:06:24 +08:00
Thales Macedo Garitezi
d6935b6a67
feat: add port scan diagnostics to mria waiting for tables checks
...
Fixes https://emqx.atlassian.net/browse/EMQX-10944
Also updates ekka -> 0.15.15, mria -> 0.6.4
How to test
===========
1. Start 2 or more EMQX nodes and merge them in a cluster.
2. Stop them in order.
3. Start only the first node that was stopped in the previous step.
4. Wait until the log is printed.
Or, more easily:
1. Start 2 or more EMQX nodes and merge them in a cluster.
2. Stop all but one.
3. Run `mria_mnesia:diagnosis([]).` on that node.
Example output
==============
```
Check check_open_ports should get ok but got #{msg =>
"some ports are unreachable",
results =>
#{'emqx@172.100.239.4' =>
#{open_ports =>
#{4370 => false,
5370 =>
false},
ports_to_check =>
[4370,5370],
resolved_ips =>
[{172,100,239,
4}],
status =>
bad_ports},
'emqx@172.100.239.5' =>
#{open_ports =>
#{4370 => false,
5370 =>
false},
ports_to_check =>
[4370,5370],
resolved_ips =>
[{172,100,239,
5}],
status =>
bad_ports}}}
```
After one node is back:
```
Check check_open_ports should get ok but got #{msg =>
"some ports are unreachable",
results =>
#{'emqx@172.100.239.4' =>
#{ports_to_check =>
[4370,5370],
resolved_ips =>
[{172,100,239,
4}],
status => ok},
'emqx@172.100.239.5' =>
#{open_ports =>
#{4370 => false,
5370 =>
false},
ports_to_check =>
[4370,5370],
resolved_ips =>
[{172,100,239,
5}],
status =>
bad_ports}}}
```
2023-09-21 14:29:01 -03:00
Ivan Dyachkov
7cf60c5a91
chore: e5.3.0-alpha.1
2023-09-21 19:29:00 +02:00
Andrew Mayorov
acf4227fc6
test(session): fix quic testgroup in persistent session suite
...
Which broker after quicer 0.0.200 upgrade.
2023-09-21 20:52:04 +04:00
Thales Macedo Garitezi
76f614e9c5
Merge pull request #11653 from thalesmg/fix-dash-rbac-dialyzer-error-m-20230921
...
chore: fix dialyzer errors on ce version
2023-09-21 13:06:09 -03:00
Thales Macedo Garitezi
85a8c174d9
chore: fix dialyzer errors on ce version
...
```
apps/emqx_dashboard/src/emqx_dashboard.erl
Line 225 Column 17: The pattern {'error', 'unauthorized_role'} can never match the type {'error','not_found' | 'token_timeout'} | {'ok',binary()}
```
2023-09-21 11:07:31 -03:00
Andrew Mayorov
b563e30615
Merge pull request #11650 from keynslug/fix/simplify-takeover-suite
...
test(session): make testsuite trigger takeover logic consistently
2023-09-21 18:02:38 +04:00
zhongwencool
beea1be9f0
Merge pull request #11599 from zhongwencool/audit-log
2023-09-21 18:39:23 +08:00
Ivan Dyachkov
0a61d08a0f
Merge pull request #11651 from id/0921-sync-r52-to-master
...
sync r52 to master
2023-09-21 12:31:24 +02:00
William Yang
3a5227198e
Merge pull request #11642 from qzhuyan/dev/william/quicer-0.0.200
...
quicer 0.0.200
2023-09-21 12:20:14 +02:00
Ivan Dyachkov
dafd7c6085
chore: bump apps versions
2023-09-21 10:58:42 +02:00
zhongwencool
21bb209fb1
feat: added support for auditing API and CLI activity in logs
2023-09-21 16:35:46 +08:00
Ivan Dyachkov
105bebc250
chore: merge release-52 into master
2023-09-21 10:22:47 +02:00
Andrew Mayorov
a8f4b5bf86
test(session): make testsuite trigger takeover logic consistently
2023-09-21 11:53:40 +04:00