emqx_authz_schema {
sources {
desc {
en: """
Authorization data sources.
An array of authorization (ACL) data providers.
It is designed as an array, not a hash-map, so the sources can be
ordered to form a chain of access controls.
When authorizing a 'publish' or 'subscribe' action, the configured
sources are checked in order. When checking an ACL source,
in case the client (identified by username or client ID) is not found,
it moves on to the next source. And it stops immediately
once an 'allow' or 'deny' decision is returned.
If the client is not found in any of the sources,
the default action configured in 'authorization.no_match' is applied.
NOTE:
The source elements are identified by their 'type'.
It is NOT allowed to configure two or more sources of the same type.
"""
zh: """
鉴权数据源.
鉴权(ACL)数据源的列表.
它被设计为一个数组,而不是一个散列映射,
所以可以作为链式访问控制.
当授权一个 'publish' 或 'subscribe' 行为时,
该配置列表中的所有数据源将按顺序进行检查。
如果在某个客户端未找到时(使用 ClientID 或 Username),
将会移动到下一个数据源. 直至得到 'allow' 或 'deny' 的结果.
如果在任何数据源中都未找到对应的客户端信息,
配置的默认行为 ('authorization.no_match') 将生效.
注意:
数据源使用 'type' 进行标识.
使用同一类型的数据源多于一次不被允许.
"""
}
label {
en: """sources"""
zh: """数据源"""
}
}
authorization {
desc {
en: """Configuration related to the client authorization."""
zh: """客户端授权相关配置"""
}
label {
en: """authorization"""
zh: """授权"""
}
}
enable {
desc {
en: """Set to true or false to disable this ACL provider"""
zh: """设为 true 或 false 以启用或禁用此访问控制数据源"""
}
label {
en: """enable"""
zh: """enable"""
}
}
type {
desc {
en: """Backend type."""
zh: """数据后端类型"""
}
label {
en: """type"""
zh: """type"""
}
}
#==== authz_file
file {
desc {
en: """Authorization using a static file."""
zh: """使用静态文件鉴权"""
}
label {
en: """file"""
zh: """文件"""
}
}
path {
desc {
en: """
Path to the file which contains the ACL rules.
If the file provisioned before starting EMQX node,
it can be placed anywhere as long as EMQX has read access to it.
In case the rule-set is created from EMQX Dashboard or management API,
the file will be placed in `authz` subdirectory inside EMQX's `data_dir`,
and the new rules will override all rules from the old config file.
"""
zh: """
包含 ACL 规则的文件路径。
如果在启动 EMQX 节点前预先配置该路径,
那么可以将该文件置于任何 EMQX 可以访问到的位置。
如果从 EMQX Dashboard 或 management API 创建规则集,
那么文件将会自动生成在 `authz` 目录下,该目录位于 EMQX 的 `data_dir` 子目录下,
并且之后新的规则集将会覆写旧文件。"""
}
label {
en: """path"""
zh: """path"""
}
}
#==== authz_http
http_get {
desc {
en: """Authorization using an external HTTP server (via GET requests)."""
zh: """使用外部 HTTP 服务器鉴权(GET 请求)."""
}
label {
en: """http_get"""
zh: """http_get"""
}
}
http_post {
desc {
en: """Authorization using an external HTTP server (via POST requests)."""
zh: """使用外部 HTTP 服务器鉴权(POST 请求)."""
}
label {
en: """http_post"""
zh: """http_post"""
}
}
method {
desc {
en: """HTTP method."""
zh: """HTTP 请求方法"""
}
label {
en: """method"""
zh: """method"""
}
}
url {
desc {
en: """URL of the auth server."""
zh: """认证服务器 URL"""
}
label {
en: """url"""
zh: """url"""
}
}
headers {
desc {
en: """List of HTTP headers."""
zh: """"""
}
label {
en: """headers"""
zh: """请求头"""
}
}
headers_no_content_type {
desc {
en: """List of HTTP headers (without `content_type`)."""
zh: """"""
}
label {
en: """headers_no_content_type"""
zh: """请求头(无 content-type)"""
}
}
body {
desc {
en: """HTTP request body."""
zh: """HTTP 请求体"""
}
label {
en: """body"""
zh: """请求体"""
}
}
request_timeout {
desc {
en: """Request timeout."""
zh: """请求超时时间"""
}
label {
en: """request_timeout"""
zh: """请求超时"""
}
}
#==== authz_mnesia
mnesia {
desc {
en: """Authorization using a built-in database (mnesia)."""
zh: """使用内部数据库鉴权 (mnesia)."""
}
label {
en: """mnesia"""
zh: """mnesia"""
}
}
#==== authz_mongo
mongo_single {
desc {
en: """Authorization using a single MongoDB instance."""
zh: """使用 MongoDB 鉴权(单实例)"""
}
label {
en: """mongo_single"""
zh: """mongo_single"""
}
}
mongo_rs {
desc {
en: """Authorization using a MongoDB replica set."""
zh: """使用 MongoDB 鉴权(副本集模式)"""
}
label {
en: """mongo_rs"""
zh: """mongo_rs"""
}
}
mongo_sharded {
desc {
en: """Authorization using a sharded MongoDB cluster."""
zh: """使用 MongoDB 鉴权(分片集群模式)"""
}
label {
en: """mongo_sharded"""
zh: """mongo_sharded"""
}
}
collection {
desc {
en: """`MongoDB` collection containing the authorization data."""
zh: """`MongoDB` 鉴权数据集"""
}
label {
en: """collection"""
zh: """数据集"""
}
}
selector {
desc {
en: """
Statement that is executed during the authorize process.
Commands can support following wildcards:\n
- `${username}`: substituted with client's username\n
- `${clientid}`: substituted with the clientid
"""
zh: """
鉴权过程中所使用的查询命令。
查询命令支持如下占位符:
- `${username}`: 代替客户端的用户名
- `${clientid}`: 代替客户端的客户端标识符"""
}
label {
en: """selector"""
zh: """selector"""
}
}
#==== authz_mysql
mysql {
desc {
en: """Authorization using a MySQL database."""
zh: """使用 MySOL 数据库鉴权"""
}
label {
en: """mysql"""
zh: """mysql"""
}
}
#==== authz_pgsql
postgresql {
desc {
en: """Authorization using a PostgreSQL database."""
zh: """使用 PostgreSQL 数据库鉴权"""
}
label {
en: """postgresql"""
zh: """postgresql"""
}
}
#==== authz_redis
redis_single {
desc {
en: """Authorization using a single Redis instance."""
zh: """使用 Redis 鉴权(单实例)"""
}
label {
en: """redis_single"""
zh: """redis_single"""
}
}
redis_sentinel {
desc {
en: """Authorization using a Redis Sentinel."""
zh: """使用 Redis 鉴权(哨兵模式)"""
}
label {
en: """redis_sentinel"""
zh: """redis_sentinel"""
}
}
redis_cluster {
desc {
en: """Authorization using a Redis cluster."""
zh: """使用 Redis 鉴权(集群模式)"""
}
label {
en: """redis_cluster"""
zh: """redis_cluster"""
}
}
jwt {
desc {
en: """Authorization using ACL rules from authentication JWT."""
zh: """使用 JWT 登录认证中携带的 ACL 规则来进行发布和订阅的授权。"""
}
label {
en: """jwt"""
zh: """jwt"""
}
}
acl_claim_name {
desc {
en: """JWT claim name to use for getting ACL rules."""
zh: """JWT claim name to use for getting ACL rules."""
}
label {
en: """acl_claim_name"""
zh: """acl_claim_name"""
}
}
cmd {
desc {
en: """Database query used to retrieve authorization data."""
zh: """访问控制数据查查询命令"""
}
label {
en: """cmd"""
zh: """查询命令"""
}
}
#==== common field for DBs (except redis)
query {
desc {
en: """Database query used to retrieve authorization data."""
zh: """访问控制数据查询语句/查询命令"""
}
label {
en: """query"""
zh: """查询语句"""
}
}
}