Commit Graph

73 Commits

Author SHA1 Message Date
zhongwencool 52031441cf chore: add authz tag to match_rule_error log 2024-07-17 12:21:32 +08:00
Thales Macedo Garitezi b333babb4c
Merge pull request #13401 from thalesmg/20240703-r57-authz-ignore-api-metrics
fix(authz api): add new `ignore` metric to status response
2024-07-04 17:07:08 -03:00
zmstone 7ee5b90084
Merge pull request #13400 from zmstone/0605-ACL-rules-in-http-authentication-response
feat(auth): support HTTP authn return ACL rules
2024-07-03 21:51:07 +02:00
zmstone 9194756963 feat(auth): support HTTP authn return ACL rules 2024-07-03 15:37:11 +02:00
Thales Macedo Garitezi c3579f338b fix(authz api): add new `ignore` metric to status response
Fixes https://emqx.atlassian.net/browse/EMQX-12411
2024-07-03 10:16:18 -03:00
zhongwencool 5f321702e7
Merge pull request #13398 from zhongwencool/authz-db-clear-table
fix: don't destory when authz'source unchanged
2024-07-03 15:29:39 +08:00
zhongwencool 112433da87 fix: don't destory when authz'source unchanged 2024-07-03 13:13:23 +08:00
zhongwencool e1c3b7587d feat: do not fail on other nodes when the RPC succeeds on the first node 2024-07-03 09:49:13 +08:00
Thales Macedo Garitezi b74828d7ea perf: "mixify" project to improve release speed
Fixes https://emqx.atlassian.net/browse/EMQX-12527
2024-07-02 09:39:48 -03:00
firest 686f79c036 fix: fix two minor issues of bulti-in authn/authz
1. the `Derived Key Length` for `pbkdf2` should be a positive integer.
2. fix topics in the authorization rules might be parsed incorrectly
2024-07-02 19:35:48 +08:00
Thales Macedo Garitezi ff8c2bc1d8 feat(authz): add `ignore` metric for each source type
Fixes https://emqx.atlassian.net/browse/EMQX-12411
2024-06-27 09:22:45 -03:00
zmstone 5d1608f34b chore: minimize oss/platform diff 2024-06-24 15:30:03 +02:00
Ilya Averyanov f7ac829f28 fix(auth,http): improve URI handling 2024-06-17 14:42:29 +03:00
Thales Macedo Garitezi 2c264d9a4b fix(http authz): handle unknown content types in responses
Fixes https://emqx.atlassian.net/browse/EMQX-12530
2024-06-12 14:31:12 -03:00
zmstone 751f7a24e9 feat(authn): support ${cert_pem} placeholder 2024-06-11 19:54:24 +02:00
zmstone 78a6100346 chore: fix app vsn bumps
only bug fixes so far
2024-05-29 21:56:22 +02:00
ieQu1 8fbeca4321
chore: Version bumps 2024-05-28 00:14:01 +02:00
zmstone 2771a10d39 test: fix a flaky one 2024-05-27 20:59:50 +02:00
zmstone 93232d4253 fix(authn/http): log meaningful error message if http header is missing 2024-05-14 10:22:07 +02:00
Ilya Averyanov e4154dd472 feat(authn): use correct time resolution for setting channel expire in JWT authn 2024-04-30 19:01:16 +03:00
Ilya Averyanov 80d724c504 feat(authn): add connection expire based on authn data 2024-04-30 17:04:55 +03:00
zmstone 01923147a2 fix(variform and authz): do not initialize empty client_attrs field
when client_attrs_init expression renders to empty string,
do not initialize the attribute.

also fixed an ACL error: a template render failure for a topic
would stop the ACL checks for the following topics if more
than one topic is configured.
2024-04-25 17:32:07 +02:00
zmstone ab763fe665 test: fix test case flakyness 2024-04-18 09:32:05 +02:00
Ivan Dyachkov db9efb9317 chore: bump apps versions 2024-03-28 10:19:09 +01:00
zmstone 22838f027a fix: mountpoint template render should not replace unknown as undefined
For backward compatibility, the unknown vars used in mountpoint
is kept unchanged.
e.g. '${unknown}/foo/bar' should be rendered as '${unknown}/foo/bar'
but not 'undefined/foo/bar'
2024-03-23 10:16:05 +01:00
zmstone 3136ec5958 feat: allow mountpoint to use client_attrs 2024-03-23 10:16:05 +01:00
zmstone 5e9814d171 fix: add debug level logging for invalid client attributes 2024-03-23 10:16:05 +01:00
zmstone 0cf61932b6 feat: allow using client_attrs in authentication templates 2024-03-23 10:16:05 +01:00
zmstone c75840306b fix: restrict client_attr key and value string format
The keys and values are used to render templates for
authz rules, such as topic names, and SQL statements etc.
2024-03-23 10:16:02 +01:00
zmstone 9ec99fef4a feat: allow client_attr used in authz rules 2024-03-23 10:16:02 +01:00
zmstone e5816f5a13 refactor: rename attr to client_attr
client_attr is unique enough for all contexts
so the name can be unified from external responses
to internal template rendering, and rule-engine template rendering
2024-03-23 10:16:02 +01:00
Zaiming (Stone) Shi 5af01c041b
Merge pull request #12559 from zmstone/0221-refactor-use-atom-fileds
refactor: use atoms for root config fields
2024-02-23 14:38:19 +01:00
Zaiming (Stone) Shi 46877e979b chore: update copyright-year 2024-02-23 08:21:06 +01:00
Zaiming (Stone) Shi 88b1d9ba88 refactor: use atoms for root config fields and types 2024-02-22 16:51:40 +01:00
Thales Macedo Garitezi d469f4158e chore: bump app vsns 2024-02-20 16:53:57 -03:00
JimMoen ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration' 2024-02-18 02:32:25 +08:00
Zaiming (Stone) Shi f57f617ba3 refactor(schema): ensure roots/0 and namespace/0 for all schema modules 2024-02-16 11:35:32 +01:00
Serge Tupchii 7272ef25d4 feat(emqx_auth): implement API to re-order all authenticators/authz sources
Fixes: EMQX-11770
2024-02-14 14:35:46 +02:00
JianBo He 9aad7997ca chore: compatible the contet-type sytanx 2024-02-02 08:48:56 +01:00
JianBo He aedfc8e8c0 fix(user_import): ensure the last record overwrites previous one 2024-01-30 14:14:20 +08:00
JianBo He 829887630d test: refine existed test cases 2024-01-29 10:49:07 +08:00
JianBo He e65cfb836c feat(import_users): support user's password in plain text 2024-01-29 10:49:07 +08:00
Zaiming (Stone) Shi 23ded313ec chore: update app versions 2023-12-22 15:29:22 +01:00
Zaiming (Stone) Shi 322b7bb7d2 chore: bump app vsn 2023-12-22 13:00:37 +01:00
Zaiming (Stone) Shi 2be898ca4d refactor(auth/jwt): support raw rules from jwt acl claim 2023-12-19 08:10:38 +01:00
Zaiming (Stone) Shi a9963e043b refactor(authz): improve logging
Move authz result logging to common place.

Prior to this change, the final result is not logged when
fallback to the default authorization.no_match config value.

Aso, if the result is provided by a hook callback,
it's also not logged.

After this change, only the final result is logged.
The authz chain resutls can be traced (or logged at debug level).
2023-12-17 22:32:26 +01:00
zhongwencool c73b371a7a feat: don't merge default headers if user already setting one 2023-12-13 08:47:55 +08:00
Zaiming (Stone) Shi ddbb8560fa fix(dialyzer): batch 2 2023-12-08 17:59:55 +01:00
Zaiming (Stone) Shi 33a7282cdd fix(dialyzer): only include eunit when TEST is defined 2023-12-06 20:39:26 +01:00
Stefan Strigler 8ba116d378 fix(emqx_auth): check authenticator exists in /authenticator/:id/users 2023-11-23 16:15:03 +01:00