52031441cf
chore: add authz tag to match_rule_error log
2024-07-17 12:21:32 +08:00
b333babb4c
Merge pull request #13401 from thalesmg/20240703-r57-authz-ignore-api-metrics
...
fix(authz api): add new `ignore` metric to status response
2024-07-04 17:07:08 -03:00
7ee5b90084
Merge pull request #13400 from zmstone/0605-ACL-rules-in-http-authentication-response
...
feat(auth): support HTTP authn return ACL rules
2024-07-03 21:51:07 +02:00
9194756963
feat(auth): support HTTP authn return ACL rules
2024-07-03 15:37:11 +02:00
c3579f338b
fix(authz api): add new `ignore` metric to status response
...
Fixes https://emqx.atlassian.net/browse/EMQX-12411
2024-07-03 10:16:18 -03:00
5f321702e7
Merge pull request #13398 from zhongwencool/authz-db-clear-table
...
fix: don't destory when authz'source unchanged
2024-07-03 15:29:39 +08:00
112433da87
fix: don't destory when authz'source unchanged
2024-07-03 13:13:23 +08:00
e1c3b7587d
feat: do not fail on other nodes when the RPC succeeds on the first node
2024-07-03 09:49:13 +08:00
b74828d7ea
perf: "mixify" project to improve release speed
...
Fixes https://emqx.atlassian.net/browse/EMQX-12527
2024-07-02 09:39:48 -03:00
686f79c036
fix: fix two minor issues of bulti-in authn/authz
...
1. the `Derived Key Length` for `pbkdf2` should be a positive integer.
2. fix topics in the authorization rules might be parsed incorrectly
2024-07-02 19:35:48 +08:00
ff8c2bc1d8
feat(authz): add `ignore` metric for each source type
...
Fixes https://emqx.atlassian.net/browse/EMQX-12411
2024-06-27 09:22:45 -03:00
5d1608f34b
chore: minimize oss/platform diff
2024-06-24 15:30:03 +02:00
f7ac829f28
fix(auth,http): improve URI handling
2024-06-17 14:42:29 +03:00
2c264d9a4b
fix(http authz): handle unknown content types in responses
...
Fixes https://emqx.atlassian.net/browse/EMQX-12530
2024-06-12 14:31:12 -03:00
751f7a24e9
feat(authn): support ${cert_pem} placeholder
2024-06-11 19:54:24 +02:00
78a6100346
chore: fix app vsn bumps
...
only bug fixes so far
2024-05-29 21:56:22 +02:00
8fbeca4321
chore: Version bumps
2024-05-28 00:14:01 +02:00
2771a10d39
test: fix a flaky one
2024-05-27 20:59:50 +02:00
93232d4253
fix(authn/http): log meaningful error message if http header is missing
2024-05-14 10:22:07 +02:00
e4154dd472
feat(authn): use correct time resolution for setting channel expire in JWT authn
2024-04-30 19:01:16 +03:00
80d724c504
feat(authn): add connection expire based on authn data
2024-04-30 17:04:55 +03:00
01923147a2
fix(variform and authz): do not initialize empty client_attrs field
...
when client_attrs_init expression renders to empty string,
do not initialize the attribute.
also fixed an ACL error: a template render failure for a topic
would stop the ACL checks for the following topics if more
than one topic is configured.
2024-04-25 17:32:07 +02:00
ab763fe665
test: fix test case flakyness
2024-04-18 09:32:05 +02:00
db9efb9317
chore: bump apps versions
2024-03-28 10:19:09 +01:00
22838f027a
fix: mountpoint template render should not replace unknown as undefined
...
For backward compatibility, the unknown vars used in mountpoint
is kept unchanged.
e.g. '${unknown}/foo/bar' should be rendered as '${unknown}/foo/bar'
but not 'undefined/foo/bar'
2024-03-23 10:16:05 +01:00
3136ec5958
feat: allow mountpoint to use client_attrs
2024-03-23 10:16:05 +01:00
5e9814d171
fix: add debug level logging for invalid client attributes
2024-03-23 10:16:05 +01:00
0cf61932b6
feat: allow using client_attrs in authentication templates
2024-03-23 10:16:05 +01:00
c75840306b
fix: restrict client_attr key and value string format
...
The keys and values are used to render templates for
authz rules, such as topic names, and SQL statements etc.
2024-03-23 10:16:02 +01:00
9ec99fef4a
feat: allow client_attr used in authz rules
2024-03-23 10:16:02 +01:00
e5816f5a13
refactor: rename attr to client_attr
...
client_attr is unique enough for all contexts
so the name can be unified from external responses
to internal template rendering, and rule-engine template rendering
2024-03-23 10:16:02 +01:00
5af01c041b
Merge pull request #12559 from zmstone/0221-refactor-use-atom-fileds
...
refactor: use atoms for root config fields
2024-02-23 14:38:19 +01:00
46877e979b
chore: update copyright-year
2024-02-23 08:21:06 +01:00
88b1d9ba88
refactor: use atoms for root config fields and types
2024-02-22 16:51:40 +01:00
d469f4158e
chore: bump app vsns
2024-02-20 16:53:57 -03:00
ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration'
2024-02-18 02:32:25 +08:00
f57f617ba3
refactor(schema): ensure roots/0 and namespace/0 for all schema modules
2024-02-16 11:35:32 +01:00
7272ef25d4
feat(emqx_auth): implement API to re-order all authenticators/authz sources
...
Fixes: EMQX-11770
2024-02-14 14:35:46 +02:00
9aad7997ca
chore: compatible the contet-type sytanx
2024-02-02 08:48:56 +01:00
aedfc8e8c0
fix(user_import): ensure the last record overwrites previous one
2024-01-30 14:14:20 +08:00
829887630d
test: refine existed test cases
2024-01-29 10:49:07 +08:00
e65cfb836c
feat(import_users): support user's password in plain text
2024-01-29 10:49:07 +08:00
23ded313ec
chore: update app versions
2023-12-22 15:29:22 +01:00
322b7bb7d2
chore: bump app vsn
2023-12-22 13:00:37 +01:00
2be898ca4d
refactor(auth/jwt): support raw rules from jwt acl claim
2023-12-19 08:10:38 +01:00
a9963e043b
refactor(authz): improve logging
...
Move authz result logging to common place.
Prior to this change, the final result is not logged when
fallback to the default authorization.no_match config value.
Aso, if the result is provided by a hook callback,
it's also not logged.
After this change, only the final result is logged.
The authz chain resutls can be traced (or logged at debug level).
2023-12-17 22:32:26 +01:00
c73b371a7a
feat: don't merge default headers if user already setting one
2023-12-13 08:47:55 +08:00
ddbb8560fa
fix(dialyzer): batch 2
2023-12-08 17:59:55 +01:00
33a7282cdd
fix(dialyzer): only include eunit when TEST is defined
2023-12-06 20:39:26 +01:00
8ba116d378
fix(emqx_auth): check authenticator exists in /authenticator/:id/users
2023-11-23 16:15:03 +01:00
zhongwencool