Commit Graph

341 Commits

Author SHA1 Message Date
Zaiming (Stone) Shi 467010e3d3 chore: bump emqx_authz app vsn 2022-11-08 17:40:34 +01:00
Stefan Strigler 0678e05e84 style: fix message returned for 404
Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>
2022-11-08 17:40:34 +01:00
Stefan Strigler ba1e19f068 fix(emqx_authz_api_sources): make schema fit to what we send 2022-11-08 17:40:34 +01:00
Stefan Strigler e0ed0855ff fix(emqx_authz_api_sources): return 'code' in response body for 404 2022-11-08 17:40:34 +01:00
JimMoen 2984397e73 chore: apps vsn bump 2022-09-23 17:09:15 +08:00
JimMoen 85835256f1 Merge tag 'v5.0.8' into merge-release-v5.0.8-into-master 2022-09-23 16:06:44 +08:00
Ilya Averyanov c11afc357e fix(auth): use empty strings for absent placeholder values 2022-09-20 15:20:55 +03:00
firest 14b5977996 feat(authz): Support `cert_common_name` and `cert_subject` in Authz 2022-09-15 18:02:54 +08:00
Xinyu Liu d9c9a1dec3
Merge pull request #8958 from JimMoen/fix-ssl-drop-invalid-certs
fix(bridge/authz/exhook): no need to drop invalid certs
2022-09-15 09:01:08 +08:00
JianBo He a461375b30 chore: support strip double quote in authn/authz
more compatibility for https://github.com/emqx/emqx/pull/8827
2022-09-14 15:25:31 +08:00
JimMoen f018b8ab49 fix(bridge/authz/exhook): no need to drop invalid certs 2022-09-14 14:08:55 +08:00
firest 05bbadc8c5 chore: bump ahutz version && update CHANGES-5.0.md 2022-08-31 21:15:55 +08:00
firest 71aaf5c538 fix(authz): fix dialyzer && test case && proper error 2022-08-31 16:49:27 +08:00
JianBo He 168f44e45b fix: exhook client.authorize never be execauted
see: https://github.com/emqx/emqx/issues/8779
2022-08-31 14:34:02 +08:00
Ilya Averyanov 64aa30ec63 chore(authn/authz): better handling of placeholder interpolation errors 2022-08-10 18:22:37 +03:00
Zhongwen Deng dd59c850e0 chore: make sure swagger's tags always titlecase 2022-07-25 16:09:17 +08:00
Zhongwen Deng a12478225a fix: fix bad swagger format 2022-07-20 16:56:07 +08:00
Zaiming (Stone) Shi e49686a276 fix(authz): should apply no rule on superuser 2022-07-08 22:35:15 +02:00
JianBo He 4c17b38102 chore: treat 200/204 as acl nomatch 2022-07-01 20:42:22 +08:00
JianBo He 83f5da8f9d fix(authz-http): fix https://github.com/emqx/emqx/pull/8377#discussion_r911743360 2022-07-01 17:46:55 +08:00
JianBo He 52b77b570f refactor: authz-http return body to reject pub/sub 2022-07-01 17:46:55 +08:00
JianBo He f8c90452cc chore: auto retry disconnected authn/authz resources 2022-07-01 12:01:39 +08:00
ieQu1 a9ec193ef8 fix(prometheus): Disable authorization for metrics scraping endpoint 2022-06-23 00:31:53 +02:00
Shawn 51efe22e57 chore: update the appup files for authz/authn 2022-06-22 15:54:37 +08:00
Shawn defacb97df fix: disabled resources for authz/authn started after emqx reboot 2022-06-22 14:34:30 +08:00
Xinyu Liu 3b00b16abe
Merge pull request #8221 from terry-xiaoyu/fix_delayed_module_disbled_after_emqx_stop
feat: fix the hook priorities
2022-06-16 09:42:42 +08:00
Shawn 39b1b20506 feat: fix the hook priorities 2022-06-15 19:03:40 +08:00
JianBo He 03967a83de chore(authz): make `authorization.cache.enable` required 2022-06-15 13:46:17 +08:00
firest 45aa9d604b fix(metrics): remove the client. prefix for AuthN/AuthZ metrics 2022-06-14 14:08:25 +08:00
Shawn f18eab402a fix(CI): don't use any authz sources when testing 2022-06-10 14:21:20 +08:00
firest 86a3ac0bef fix(authz): prohibit overriding of existing client/user 2022-06-07 16:34:01 +08:00
Zhongwen Deng c7cc2e85b2 fix: add default&example for schema 2022-06-06 09:52:10 +08:00
Zaiming (Stone) Shi 2eb621ba57 fix: hint metrics merge errors 2022-05-13 21:38:51 +02:00
Ilya Averyanov 91da451803 feat(authz): add default authn-based authz source 2022-05-13 12:51:10 +03:00
Ilya Averyanov ca0c80965a
Merge pull request #7890 from savonarola/fix-jwt-acl-v5
fix(jwt auth): improve JWT handling
2022-05-12 19:48:37 +03:00
Ilya Averyanov e0fa07b679 fix(jwt auth): improve JWT handling 2022-05-12 12:10:47 +03:00
JimMoen 87af77ec35 refactor: do not destory resource when update authn/authz resource 2022-05-12 14:19:57 +08:00
firest 5220869dd8 fix(authz): add authz source type into the authorize logger 2022-05-11 17:54:42 +08:00
Chris Hicks 841acb7828
Merge pull request #7783 from emqx/EMQX-4199-introduce-a-new-emqx-resource-manager-module
feat: isolate resource manager processes
2022-05-09 18:33:01 +02:00
Chris 0b3e30e813 feat: isolate resource manager processes 2022-05-09 13:24:34 +02:00
EMQ-YangM 30b3060327 fix: improve authn, authz metrics 2022-05-05 18:53:31 +08:00
JianBo He d36d27c533
Merge pull request #7781 from HJianBo/rename-acl-metrics
feat(metrics): refactor authz metrics name
2022-04-29 16:52:43 +08:00
JianBo He 344a754674
Merge pull request #7817 from JimMoen/fix-auth-http 2022-04-29 16:36:10 +08:00
JianBo He 1632df9ebb
Merge pull request #7837 from EMQ-YangM/reduce_duplicate_field
fix: reduce duplicate field
2022-04-29 15:50:27 +08:00
JianBo He 7bbed713f4
Merge pull request #7835 from JimMoen/fix-mongo-require-fields
fix(auth): mongo field `filter` not required and have default value
2022-04-29 15:38:54 +08:00
JianBo He 1597ea50c1 feat(metrics): refactor authz metrics name
In the current implementation:
```
Authz checking times = client.authorize + client.authorization.cache_hit
                     = client.authorization.allow + client.authorization.deny

client.authorize means how many times the `client.authorize` hook has been executed.

client.authorize = client.authorization.matched.allow +
                   client.authorization.matched.deny +
                   client.authorization.nomatch
```
2022-04-29 15:20:05 +08:00
EMQ-YangM 110f0d0e94 fix: reduce duplicate field 2022-04-29 14:37:49 +08:00
JimMoen ad4b70c27e fix(auth): mongo field `filter` not required and have default value 2022-04-29 13:37:29 +08:00
JimMoen 15ef9892c5 fix(auth): authn & authz http support placeholder in HTTP path 2022-04-29 12:48:00 +08:00
JimMoen dae418ae4a fix(auth): authn & authz http not required `body` field 2022-04-29 12:47:56 +08:00