5af01c041b
Merge pull request #12559 from zmstone/0221-refactor-use-atom-fileds
...
refactor: use atoms for root config fields
2024-02-23 14:38:19 +01:00
46877e979b
chore: update copyright-year
2024-02-23 08:21:06 +01:00
88b1d9ba88
refactor: use atoms for root config fields and types
2024-02-22 16:51:40 +01:00
d469f4158e
chore: bump app vsns
2024-02-20 16:53:57 -03:00
ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration'
2024-02-18 02:32:25 +08:00
f57f617ba3
refactor(schema): ensure roots/0 and namespace/0 for all schema modules
2024-02-16 11:35:32 +01:00
7272ef25d4
feat(emqx_auth): implement API to re-order all authenticators/authz sources
...
Fixes: EMQX-11770
2024-02-14 14:35:46 +02:00
90fd2b26d3
feat(banned): allow ban by clientid/username regexps, peerhost cidrs
2024-02-10 17:59:22 +03:00
9aad7997ca
chore: compatible the contet-type sytanx
2024-02-02 08:48:56 +01:00
aedfc8e8c0
fix(user_import): ensure the last record overwrites previous one
2024-01-30 14:14:20 +08:00
8fc8106819
test: cover password_type and new data format
2024-01-29 10:49:07 +08:00
829887630d
test: refine existed test cases
2024-01-29 10:49:07 +08:00
e65cfb836c
feat(import_users): support user's password in plain text
2024-01-29 10:49:07 +08:00
9e8a67fd68
feat: support authz cache exclusion config
...
now one can configure a list of topic-filters to avoid
caching ACL check results
for example
authorization.cache.excludes = ["nocache/#"]
this means ACL check results for topics having 'nocache/' prefix
will not be cached
2024-01-10 13:52:00 +01:00
23ded313ec
chore: update app versions
2023-12-22 15:29:22 +01:00
322b7bb7d2
chore: bump app vsn
2023-12-22 13:00:37 +01:00
2be898ca4d
refactor(auth/jwt): support raw rules from jwt acl claim
2023-12-19 08:10:38 +01:00
a9963e043b
refactor(authz): improve logging
...
Move authz result logging to common place.
Prior to this change, the final result is not logged when
fallback to the default authorization.no_match config value.
Aso, if the result is provided by a hook callback,
it's also not logged.
After this change, only the final result is logged.
The authz chain resutls can be traced (or logged at debug level).
2023-12-17 22:32:26 +01:00
c73b371a7a
feat: don't merge default headers if user already setting one
2023-12-13 08:47:55 +08:00
ddbb8560fa
fix(dialyzer): batch 2
2023-12-08 17:59:55 +01:00
33a7282cdd
fix(dialyzer): only include eunit when TEST is defined
2023-12-06 20:39:26 +01:00
8ba116d378
fix(emqx_auth): check authenticator exists in /authenticator/:id/users
2023-11-23 16:15:03 +01:00
d9f964a44f
test: fix test cases after schema type namespace change
2023-11-22 16:58:05 +01:00
db33bc616a
feat(schema): Add v2 scheam JSON dump
2023-11-22 13:12:35 +01:00
1b2c052646
docs: add type namespaces
2023-11-22 13:12:35 +01:00
28a577ad09
chore: bump apps versions
2023-11-14 11:02:26 +01:00
f1de0aa176
fix(schema): add namespace to authn schemas
2023-11-10 13:41:51 +01:00
86110824eb
feat: upgrade hocon to 0.40.0 which supports union type display name
2023-11-10 13:41:51 +01:00
b24b66081a
refactor(authn/authz_http_schema): use typerefl alias
2023-11-10 13:41:51 +01:00
910e81bc41
Merge pull request #10442 from keynslug/ft/EMQX-9257/placeholder
...
feat(tpl): split `emqx_placeholder` into a couple of modules
2023-11-02 22:50:05 +07:00
8e4585d64f
chore: move template modules to `emqx_utils`
...
Even though most of the time these modules will be used by
connectors, there are exceptions (namely, `emqx_rule_engine`).
Besides, they are general enough to land there, more so given
that `emqx_placeholder` is already there.
2023-11-02 17:11:12 +07:00
343b679741
feat(tpl): make escaping mechanism more foolproof
...
Treat "${$}" as literal "$". This allows to template express
strings, for example, of the form "${some_var_value}" where
`some_var_value` is interpolated from bindings.
2023-11-02 17:11:11 +07:00
a9693eada7
fix(tpl): rename `trivial` -> `is_const`
...
This is clearer. Former naming was a bit misleading.
2023-11-02 17:11:11 +07:00
49fba40ee7
fix(tpl): ensure backward compat with authz / authn templates
...
This commit leans heavy into discouraging the former approach where
only part of placeholders were interpolated, depending on `placeholders`
option.
2023-11-02 17:11:10 +07:00
49f5325c67
feat(tpl): unify validations / errors var representations
2023-11-02 17:11:10 +07:00
0538a77700
feat(tpl): use `emqx_connector_template` in `emqx_authn`, `emqx_authz`
...
This slightly changes semantics: now the attempt to create authenticator
with illegal bindings in templates will fail, instead of treating them
as literals. The runtime behaviour on the other hand should be the same.
2023-11-02 17:11:10 +07:00
3f6c09b195
Merge pull request #11780 from savonarola/1017-fix-pbkdf2-validation
...
fix(authn): fix pbkdf2 option validation
2023-10-30 16:37:37 +02:00
4e0e755b28
fix: return 404 if built_in_database not configured as auth source
2023-10-23 16:26:41 +02:00
edde661da3
fix(authn): fix pbkdf2 option validation
2023-10-23 10:26:11 +03:00
8d82c30b00
Merge pull request #11771 from savonarola/1015-validate-bcrypt-schema-in-api
...
feat(authn): allow authn providers to define a separate schama for API
2023-10-19 15:34:34 +03:00
6354f3b04f
feat(authn): allow authn providers to define a separate schama for API
2023-10-17 13:19:11 +03:00
6eb3bb7cff
Merge remote-tracking branch 'origin/release-53' into 1114-sync-release-53
2023-10-14 10:16:38 +02:00
4ecd5e17a2
chore(authz): trace non-resultative authz calls to backend modules
2023-10-12 12:29:39 +03:00
03ae5bf3c8
chore(auth): cleanup code
2023-10-11 13:13:50 +03:00
5dff36474d
chore(auth): get rid of hardcoded schema modules in auth
2023-10-05 13:41:50 +03:00
c2c56ba481
chore(auth): update tests
2023-10-05 13:41:50 +03:00
1eb75b43c4
chore(auth): split emqx_authn and emqx_authz apps
2023-10-05 13:41:50 +03:00
Zaiming (Stone) Shi