Commit Graph

9255 Commits

Author SHA1 Message Date
firest 66d2107007 fix(sso): refactor update logic 2023-09-28 00:09:09 +08:00
Zaiming (Stone) Shi bd3277c51b
Merge pull request #11683 from zmstone/0925-test-refactor-emqx-rpc-test
test: refactor emqx_rpc unit tests
2023-09-27 15:46:27 +02:00
firest 08ad09a68f fix(sso): refactor backen update logic
1. valid config always can update successfully
2. the `running` endpoint only return successfully created backend
3. enhancement of the `/sso` endpoint, and will check is the resource online
2023-09-27 20:53:10 +08:00
Zaiming (Stone) Shi ea8d54fd8b test: ensure atom exists in test module 2023-09-27 12:58:06 +02:00
Zaiming (Stone) Shi 6e8c73258f test: refactor emqx_rpc unit tests 2023-09-27 12:58:06 +02:00
JimMoen c9194cd6b2
fix(saml_sso): donot load IDP metadata when disabling saml 2023-09-27 18:46:24 +08:00
JimMoen af9e87c025
fix: saml callback should check saml state 2023-09-27 18:34:48 +08:00
firest b2699c687b fix(sso): support for SSL update && ensure update is atomic
1. support update SSL key and cert files
2. increase connection timeout
3. ensure the update is atomicity, everything will be consistent
2023-09-27 15:48:11 +08:00
Andrew Mayorov 1d0e789e4d
Merge pull request #11679 from keynslug/ft/EMQX-10942/custom-session-timers
feat(session): add custom session timers mechanism
2023-09-26 19:09:53 +03:00
firest 0c33df3912 fix(ldap): improve the LDAP `parse_config` function 2023-09-26 23:28:37 +08:00
JimMoen 3fa18d6935
fix: lower sso saml redirect http header 2023-09-26 23:25:59 +08:00
JianBo He 6a9bb7c3ae
Merge pull request #11681 from zhongwencool/audit-log-fix-2
fix: don't need to change audit log's level
2023-09-26 23:12:28 +08:00
lafirest ac5eb5bc29
Merge pull request #11687 from lafirest/fix/sso_timeout
fix(sso): Handle backend update timeout and fix create errors
2023-09-26 22:43:38 +08:00
JianBo He 1a96a5990b
chore: Update apps/emqx_enterprise/src/emqx_enterprise_schema.erl
Co-authored-by: Thales Macedo Garitezi <thalesmg@gmail.com>
2023-09-26 21:44:40 +08:00
firest 403714d44e fix(sso): Handle backend update timeout and fix create errors
1. correctly handle the timeout when call update on a backend
2. fix that config update always returns success
3. do not ignore start failures and ensure start is atomic
2023-09-26 21:43:30 +08:00
Thales Macedo Garitezi aae59f1efd
Merge pull request #11682 from thalesmg/fix-file-logger-type-r53-20230925
fix(file_logger): change file logger type depending on rotation size
2023-09-26 10:22:36 -03:00
Andrew Mayorov bce2142df8
test(session): add custom session timers testcase 2023-09-26 16:22:06 +03:00
Zaiming (Stone) Shi 4e15edb5e4
Merge pull request #11661 from zmstone/0922-fix-json-log-formatter
0922 fix json log formatter
2023-09-26 14:13:41 +02:00
Thales Macedo Garitezi fdcd73e20c fix(file_logger): change file logger type depending on rotation size
Fixes https://emqx.atlassian.net/browse/EMQX-11036

From `logger_disk_log_h:open_disk_log`:

```erlang
open_disk_log(Name,File,Type,MaxNoBytes,MaxNoFiles) ->
    case filelib:ensure_dir(File) of
        ok ->
            Size =
                if Type==halt -> MaxNoBytes;
                   Type==wrap -> {MaxNoBytes,MaxNoFiles} %% <-------
                end,
            Opts = [{name,   Name},
                    {file,   File},
                    {size,   Size},
                    {type,   Type},
                    {linkto, self()},
                    {repair, false},
                    {format, external},
                    {notify, true},
                    {quiet,  true},
                    {mode,   read_write}],
            case disk_log:open(Opts) of
```

Affects all file loggers (audit included):

```
% emqx_config_logger:update_log_handler/1 -> ok
iex(emqx@127.0.0.1)14> Config override: log.file.emqx_audit is updated, but failed to add handler: {handler_not_added,
                                                                             {badarg,
                                                                              [{size,
                                                                                {infinity,
                                                                                 10}},
                                                                               {type,
                                                                                wrap},
                                                                               {linkto,
                                                                                <0.1952.0>},
                                                                               {repair,
                                                                                false},
                                                                               {format,
                                                                                external},
                                                                               {notify,
                                                                                true},
                                                                               {quiet,
                                                                                true},
                                                                               {mode,
                                                                                read_write}]}}
```
2023-09-26 09:04:44 -03:00
Ilya Averyanov 14983ec14a chore(hooks): validate hookpoints and document hook callbacks
Co-authored-by: Thales Macedo Garitezi <thalesmg@gmail.com>
2023-09-26 14:27:42 +03:00
JianBo He 5e6397b843 chore: remove result field for CLI audit logs 2023-09-26 19:24:35 +08:00
JianBo He a73c3b8e1e Merge remote-tracking branch 'ce/release-53' into audit-log-fix-2 2023-09-26 19:05:47 +08:00
JianBo He e9785a6863
Merge pull request #11680 from thalesmg/audit-not-on-ce-r53-20230925
fix(audit): only support audit log on enterprise edition
2023-09-26 18:57:22 +08:00
Zaiming (Stone) Shi 7d810c2107 test: fix test case match pattern 2023-09-26 11:40:30 +02:00
Zaiming (Stone) Shi d31bfc70fb
Merge pull request #11659 from zhongwencool/fix-listener-ssl-create-500
fix: create ssl listener return 500 crash
2023-09-26 11:38:07 +02:00
lafirest 8cc626d33f
Merge pull request #11686 from lafirest/fix/sso_user_backend
fix: fix update SSO user && improve SSO user deletion commnad
2023-09-26 16:04:51 +08:00
firest 56917fee5f fix(sso): Improved SSO user deletion command 2023-09-26 14:15:41 +08:00
firest d1af81c86e fix(sso): fix the failure to update SSO users 2023-09-26 12:14:45 +08:00
firest 8135e27586 fix: redact sensitive data in SSO and LDAP 2023-09-26 11:06:47 +08:00
Thales Macedo Garitezi 17206f8c75
Merge pull request #11662 from thalesmg/port-scan-check-proto-dist-m-20230922
chore: check ekka proto dist module type when resolving node address
2023-09-25 17:01:43 -03:00
Thales Macedo Garitezi 5d212e1086 fix(audit): only support audit log on enterprise edition
Fixes https://emqx.atlassian.net/browse/EMQX-11039
2023-09-25 15:59:35 -03:00
Thales Macedo Garitezi 0498e59c45 test: fix flaky test 2023-09-25 13:35:17 -03:00
zhongwencool 95060302fd fix: don't need to change audit log's level 2023-09-26 00:28:47 +08:00
Thales Macedo Garitezi ff7f37ccf5 test(cth): allow defining schema to load for app 2023-09-25 13:22:41 -03:00
Andrew Mayorov b1f144ab8b
feat(session): add custom session timers mechanism
That are managed exclusively by the session implementation, unlike
common session timers that are managed by the channel itself.
2023-09-25 18:19:26 +03:00
lafirest 1df8326fb8
Merge pull request #11677 from lafirest/fix/sso_cfg
adjust the config path for the SSO feature and improve the update logic
2023-09-25 23:00:46 +08:00
Zaiming (Stone) Shi 5e6996dc05 refactor: log formatter format mfa+line as m:f/a(line)
also improve json formatter when a field is iolist
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi 6a557980e4 refactor(logger): ensure JSON log field order
Ensure that the log fileds in JSON format are ordered as
time, level, msg, mfal, ...
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi 5f45ba50ff refactor: delete log formatter config for audit log handler
It is using 'json' formatter, the template is useless
2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi 1fed38c248 fix(logger): write 'json' format logs as JSON 2023-09-25 16:55:22 +02:00
Zaiming (Stone) Shi aea1e80290 feat: add 'format' as alias for log 'formatter' 2023-09-25 16:55:22 +02:00
William Yang 9106eb92d2
Merge pull request #11675 from qzhuyan/fix/william/quic-respect-param-verify 2023-09-25 15:48:01 +02:00
Thales Macedo Garitezi 806017ef90 chore: check ekka proto dist module type when resolving node address
Follow up to https://github.com/emqx/emqx/pull/11637#discussion_r1334462917

Fixes https://emqx.atlassian.net/browse/EMQX-10944
2023-09-25 10:31:50 -03:00
firest cfdb25b213 fix(sso): updates the SSO backend when the `[dashboard]` has updated 2023-09-25 20:30:47 +08:00
Ivan Dyachkov f1bc3b68b6
Merge pull request #11674 from id/0925-e5.3.0-alpha.2
e5.3.0 alpha.2
2023-09-25 14:21:46 +02:00
JianBo He 6f29bbf997
Merge pull request #11673 from HJianBo/redact_audit_log_from_cli
Redact audit log from CLI
2023-09-25 20:03:45 +08:00
Andrew Mayorov 81cf619f07
fix(ftconf): also mark `secret_access_key` key as sensitive 2023-09-25 14:52:57 +03:00
William Yang 36d3a3a524 fix: bump to quicer 0.0.201
do not load cacertfile if verify_none
2023-09-25 13:02:01 +02:00
William Yang 22193d273a fix(quic): ignore undefined cacertfile 2023-09-25 12:57:55 +02:00
Ivan Dyachkov 8c93c79b44 chore: e5.3.0-alpha.2 2023-09-25 12:52:45 +02:00
JimMoen 7d58f6c61e
Merge pull request #11668 from JimMoen/saml-login-redirect
fix: saml login acs redirect to dashboard overview
2023-09-25 18:11:03 +08:00
JianBo He b970a34ee0 chore: redact some audit logs from CLI 2023-09-25 18:06:39 +08:00
JianBo He 89e15e9134
Merge pull request #11665 from HJianBo/typo-fixes
Typo fixes
2023-09-25 17:23:40 +08:00
lafirest 1cd9df6461
Merge pull request #11669 from lafirest/fix/dashboard_cli
fix(sso): refactor the `admins` CLI
2023-09-25 16:57:18 +08:00
firest e63d484632 fix(sso): move the config path of the SSO feature to `dashboard.sso` 2023-09-25 15:23:52 +08:00
Ivan Dyachkov e1f1c64ecd Merge branch 'release-53' into 0925-sync-r53-to-master 2023-09-25 08:12:45 +02:00
firest e94192d1fa fix(sso): refactor the `admins` CLI
1. revert the opensource version
2. allow delete the SSO user via CLI
2023-09-25 13:53:01 +08:00
firest 4f4868a46c fix(sso): Disable access to `logout` endpoint by the `API key` 2023-09-25 10:31:38 +08:00
JianBo He 30862a94c6 chore: typo fixes 2023-09-24 20:19:05 +08:00
JimMoen ad4fadc2fa
fix: saml login acs redirect to dashboard overview 2023-09-23 17:29:02 +08:00
JianBo He f8d06614c0 chore: fix dialyzer warnings 2023-09-23 07:34:04 +08:00
JimMoen 1dddccb448
fix(saml): cert files cleanup when destroy 2023-09-22 22:49:08 +08:00
JimMoen 80a6c1150d
fix(saml): saml login reply role `viewer` as default 2023-09-22 22:39:02 +08:00
JimMoen cc3e4e4dc5
fix(saml): drop cert and key content and return path 2023-09-22 22:37:04 +08:00
JimMoen 6349cd3910
fix(saml): sp sign request 2023-09-22 21:57:50 +08:00
JimMoen 2a8f3f9eaa
fix: saml xml metedata format 2023-09-22 21:50:43 +08:00
JimMoen a318ad486a
refactor: behavior login/2 use all http request 2023-09-22 21:50:43 +08:00
JianBo He 9181ec844f
chore: split out sso_saml_api module 2023-09-22 21:50:43 +08:00
JianBo He df94426ee3
chore: make static_check happy 2023-09-22 21:50:42 +08:00
JianBo He ec0894ca0b
chore: update esaml vsn 2023-09-22 21:50:42 +08:00
JianBo He 4a26f63bd6
chore: fix bugs 2023-09-22 21:50:41 +08:00
JianBo He 47badc3181
chore: make dialyzer happy 2023-09-22 21:49:12 +08:00
JianBo He 1c78c6bf6d
chore: fix 500 crashes when backend not existed 2023-09-22 21:49:12 +08:00
JimMoen b4fb5196cb
fix(sso): SSO management API 500 2023-09-22 21:49:12 +08:00
JimMoen bba5cc44a8
fix: keep same API path style 2023-09-22 21:49:12 +08:00
JimMoen 8300cd42d4
fix: acl url ignore auth check 2023-09-22 21:49:12 +08:00
JimMoen 44836ef5ee
chore: bump esaml vsn to v1.1.1 2023-09-22 21:49:12 +08:00
JimMoen 13666fa9f9
refactor: avoid dynamic call 2023-09-22 21:49:12 +08:00
JimMoen c9e0d4fc30
feat: saml integration for dashboard sso 2023-09-22 21:49:10 +08:00
JimMoen d9466eef63
chore: fix Dashboard RBAC license and rebar.config 2023-09-22 21:19:45 +08:00
Zaiming (Stone) Shi fd932c9bf7
Merge pull request #11660 from zmstone/0922-fix-audit-eval-command
fix(audit): make emqx eval command auditable
2023-09-22 14:02:47 +02:00
Zaiming (Stone) Shi a34ab19d93 fix(audit): make emqx eval command auditable 2023-09-22 12:05:45 +02:00
zhongwencool 0eed01abee fix: create ssl listener return 500 crash 2023-09-22 17:34:19 +08:00
lafirest 13b5e4dbc9
Merge pull request #11658 from lafirest/fix/sso_misc
Fix/sso misc
2023-09-22 14:44:39 +08:00
firest 7286d15ca6 chore(sso): adjust the schema of the SSO LDAP backend 2023-09-22 13:48:20 +08:00
firest 9e55ae240a feat(sso): add `role` into the result of login endpoints 2023-09-22 13:48:07 +08:00
firest 681e57dee6 fix(RBAC): allow read-only users to logout 2023-09-22 11:06:24 +08:00
Thales Macedo Garitezi d6935b6a67 feat: add port scan diagnostics to mria waiting for tables checks
Fixes https://emqx.atlassian.net/browse/EMQX-10944

Also updates ekka -> 0.15.15, mria -> 0.6.4

How to test
===========

1. Start 2 or more EMQX nodes and merge them in a cluster.
2. Stop them in order.
3. Start only the first node that was stopped in the previous step.
4. Wait until the log is printed.

Or, more easily:

1. Start 2 or more EMQX nodes and merge them in a cluster.
2. Stop all but one.
3. Run `mria_mnesia:diagnosis([]).` on that node.

Example output
==============

```
   Check check_open_ports should get ok but got #{msg =>
                                                     "some ports are unreachable",
                                                 results =>
                                                     #{'emqx@172.100.239.4' =>
                                                           #{open_ports =>
                                                                 #{4370 => false,
                                                                   5370 =>
                                                                       false},
                                                             ports_to_check =>
                                                                 [4370,5370],
                                                             resolved_ips =>
                                                                 [{172,100,239,
                                                                   4}],
                                                             status =>
                                                                 bad_ports},
                                                       'emqx@172.100.239.5' =>
                                                           #{open_ports =>
                                                                 #{4370 => false,
                                                                   5370 =>
                                                                       false},
                                                             ports_to_check =>
                                                                 [4370,5370],
                                                             resolved_ips =>
                                                                 [{172,100,239,
                                                                   5}],
                                                             status =>
                                                                 bad_ports}}}
```

After one node is back:

```
   Check check_open_ports should get ok but got #{msg =>
                                                     "some ports are unreachable",
                                                 results =>
                                                     #{'emqx@172.100.239.4' =>
                                                           #{ports_to_check =>
                                                                 [4370,5370],
                                                             resolved_ips =>
                                                                 [{172,100,239,
                                                                   4}],
                                                             status => ok},
                                                       'emqx@172.100.239.5' =>
                                                           #{open_ports =>
                                                                 #{4370 => false,
                                                                   5370 =>
                                                                       false},
                                                             ports_to_check =>
                                                                 [4370,5370],
                                                             resolved_ips =>
                                                                 [{172,100,239,
                                                                   5}],
                                                             status =>
                                                                 bad_ports}}}
```
2023-09-21 14:29:01 -03:00
Ivan Dyachkov 7cf60c5a91 chore: e5.3.0-alpha.1 2023-09-21 19:29:00 +02:00
Andrew Mayorov acf4227fc6
test(session): fix quic testgroup in persistent session suite
Which broker after quicer 0.0.200 upgrade.
2023-09-21 20:52:04 +04:00
Thales Macedo Garitezi 76f614e9c5
Merge pull request #11653 from thalesmg/fix-dash-rbac-dialyzer-error-m-20230921
chore: fix dialyzer errors on ce version
2023-09-21 13:06:09 -03:00
Thales Macedo Garitezi 85a8c174d9 chore: fix dialyzer errors on ce version
```
apps/emqx_dashboard/src/emqx_dashboard.erl
Line 225 Column 17: The pattern {'error', 'unauthorized_role'} can never match the type {'error','not_found' | 'token_timeout'} | {'ok',binary()}
```
2023-09-21 11:07:31 -03:00
Andrew Mayorov b563e30615
Merge pull request #11650 from keynslug/fix/simplify-takeover-suite
test(session): make testsuite trigger takeover logic consistently
2023-09-21 18:02:38 +04:00
zhongwencool beea1be9f0
Merge pull request #11599 from zhongwencool/audit-log 2023-09-21 18:39:23 +08:00
Ivan Dyachkov 0a61d08a0f
Merge pull request #11651 from id/0921-sync-r52-to-master
sync r52 to master
2023-09-21 12:31:24 +02:00
William Yang 3a5227198e
Merge pull request #11642 from qzhuyan/dev/william/quicer-0.0.200
quicer 0.0.200
2023-09-21 12:20:14 +02:00
Ivan Dyachkov dafd7c6085 chore: bump apps versions 2023-09-21 10:58:42 +02:00
zhongwencool 21bb209fb1 feat: added support for auditing API and CLI activity in logs 2023-09-21 16:35:46 +08:00
Ivan Dyachkov 105bebc250 chore: merge release-52 into master 2023-09-21 10:22:47 +02:00
Andrew Mayorov a8f4b5bf86
test(session): make testsuite trigger takeover logic consistently 2023-09-21 11:53:40 +04:00